2003-11-03 09:22:45 +03:00
/*
Unix SMB / CIFS implementation .
test suite for lsa rpc operations
2003-11-04 12:10:31 +03:00
2003-11-03 09:22:45 +03:00
Copyright ( C ) Andrew Tridgell 2003
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation ; either version 2 of the License , or
( at your option ) any later version .
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; if not , write to the Free Software
Foundation , Inc . , 675 Mass Ave , Cambridge , MA 0213 9 , USA .
*/
# include "includes.h"
2004-11-01 13:30:34 +03:00
# include "librpc/gen_ndr/ndr_lsa.h"
2003-11-03 09:22:45 +03:00
2004-11-22 14:59:59 +03:00
static void init_lsa_String ( struct lsa_String * name , const char * s )
2003-11-19 06:20:32 +03:00
{
2004-11-22 14:59:59 +03:00
name - > string = s ;
2003-11-19 06:20:32 +03:00
}
2003-11-09 07:40:50 +03:00
static BOOL test_OpenPolicy ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx )
2003-11-03 09:22:45 +03:00
{
2003-11-04 12:10:31 +03:00
struct lsa_ObjectAttribute attr ;
struct policy_handle handle ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy r ;
2003-11-04 12:10:31 +03:00
NTSTATUS status ;
2004-05-25 21:24:24 +04:00
uint16_t system_name = ' \\ ' ;
2003-11-03 09:22:45 +03:00
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy \n " ) ;
2003-11-04 12:48:33 +03:00
2003-11-15 00:39:13 +03:00
qos . len = 0 ;
2003-11-04 12:10:31 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
2003-11-03 09:22:45 +03:00
2003-11-15 00:39:13 +03:00
attr . len = 0 ;
2003-11-04 12:10:31 +03:00
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-03 09:22:45 +03:00
2003-11-09 07:40:50 +03:00
r . in . system_name = & system_name ;
r . in . attr = & attr ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2003-11-09 07:40:50 +03:00
r . out . handle = & handle ;
status = dcerpc_lsa_OpenPolicy ( p , mem_ctx , & r ) ;
2003-11-04 12:10:31 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenPolicy failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
2003-11-03 09:22:45 +03:00
}
2003-11-04 12:10:31 +03:00
return True ;
2003-11-03 09:22:45 +03:00
}
2003-11-04 12:48:33 +03:00
2003-11-09 07:40:50 +03:00
static BOOL test_OpenPolicy2 ( struct dcerpc_pipe * p , TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
2003-11-04 12:48:33 +03:00
{
struct lsa_ObjectAttribute attr ;
struct lsa_QosInfo qos ;
2003-11-09 07:40:50 +03:00
struct lsa_OpenPolicy2 r ;
2003-11-04 12:48:33 +03:00
NTSTATUS status ;
2003-11-04 14:16:07 +03:00
printf ( " \n testing OpenPolicy2 \n " ) ;
2003-11-04 12:48:33 +03:00
2003-11-15 00:39:13 +03:00
qos . len = 0 ;
2003-11-04 12:48:33 +03:00
qos . impersonation_level = 2 ;
qos . context_mode = 1 ;
qos . effective_only = 0 ;
2003-11-15 00:39:13 +03:00
attr . len = 0 ;
2003-11-04 12:48:33 +03:00
attr . root_dir = NULL ;
attr . object_name = NULL ;
attr . attributes = 0 ;
attr . sec_desc = NULL ;
attr . sec_qos = & qos ;
2003-11-09 07:40:50 +03:00
r . in . system_name = " \\ " ;
r . in . attr = & attr ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2003-11-09 07:40:50 +03:00
r . out . handle = handle ;
status = dcerpc_lsa_OpenPolicy2 ( p , mem_ctx , & r ) ;
2003-11-04 12:48:33 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
return True ;
}
2003-11-09 05:21:24 +03:00
static BOOL test_LookupNames ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_TransNameArray * tnames )
{
struct lsa_LookupNames r ;
struct lsa_TransSidArray sids ;
2004-11-22 14:59:59 +03:00
struct lsa_String * names ;
2004-05-25 20:24:13 +04:00
uint32_t count = 0 ;
2003-11-09 05:21:24 +03:00
NTSTATUS status ;
int i ;
2004-08-03 16:30:17 +04:00
printf ( " \n Testing LookupNames with %d names \n " , tnames - > count ) ;
2003-11-09 05:21:24 +03:00
sids . count = 0 ;
sids . sids = NULL ;
names = talloc ( mem_ctx , tnames - > count * sizeof ( names [ 0 ] ) ) ;
for ( i = 0 ; i < tnames - > count ; i + + ) {
2004-11-22 14:59:59 +03:00
init_lsa_String ( & names [ i ] , tnames - > names [ i ] . name . string ) ;
2003-11-09 05:21:24 +03:00
}
r . in . handle = handle ;
r . in . num_names = tnames - > count ;
r . in . names = names ;
r . in . sids = & sids ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . sids = & sids ;
status = dcerpc_lsa_LookupNames ( p , mem_ctx , & r ) ;
2003-11-09 14:01:39 +03:00
if ( ! NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
2003-11-09 05:21:24 +03:00
printf ( " LookupNames failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
printf ( " \n " ) ;
return True ;
}
2003-11-04 14:16:07 +03:00
2003-11-09 03:58:40 +03:00
static BOOL test_LookupSids ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_SidArray * sids )
{
struct lsa_LookupSids r ;
struct lsa_TransNameArray names ;
2004-05-25 20:24:13 +04:00
uint32_t count = sids - > num_sids ;
2003-11-09 03:58:40 +03:00
NTSTATUS status ;
printf ( " \n Testing LookupSids \n " ) ;
names . count = 0 ;
names . names = NULL ;
r . in . handle = handle ;
r . in . sids = sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & count ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids ( p , mem_ctx , & r ) ;
2003-11-09 14:01:39 +03:00
if ( ! NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
2003-11-09 03:58:40 +03:00
printf ( " LookupSids failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
printf ( " \n " ) ;
2003-11-09 05:21:24 +03:00
if ( ! test_LookupNames ( p , mem_ctx , handle , & names ) ) {
return False ;
}
2003-11-09 03:58:40 +03:00
return True ;
}
2004-07-06 00:33:17 +04:00
static BOOL test_many_LookupSids ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_LookupSids r ;
struct lsa_TransNameArray names ;
uint32_t count ;
NTSTATUS status ;
struct lsa_SidArray sids ;
int i ;
printf ( " \n Testing LookupSids with lots of SIDs \n " ) ;
names . count = 0 ;
names . names = NULL ;
2004-08-03 16:30:17 +04:00
sids . num_sids = 1000 ;
2004-07-06 00:33:17 +04:00
sids . sids = talloc_array_p ( mem_ctx , struct lsa_SidPtr , sids . num_sids ) ;
for ( i = 0 ; i < sids . num_sids ; i + + ) {
const char * sidstr = " S-1-5-32-545 " ;
sids . sids [ i ] . sid = dom_sid_parse_talloc ( mem_ctx , sidstr ) ;
}
count = sids . num_sids ;
r . in . handle = handle ;
r . in . sids = & sids ;
r . in . names = & names ;
r . in . level = 1 ;
r . in . count = & names . count ;
r . out . count = & count ;
r . out . names = & names ;
status = dcerpc_lsa_LookupSids ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) & & ! NT_STATUS_EQUAL ( status , STATUS_SOME_UNMAPPED ) ) {
printf ( " LookupSids failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
printf ( " \n " ) ;
if ( ! test_LookupNames ( p , mem_ctx , handle , & names ) ) {
return False ;
}
return True ;
}
2003-11-10 15:42:45 +03:00
static BOOL test_LookupPrivName ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct lsa_LUID * luid )
{
NTSTATUS status ;
struct lsa_LookupPrivName r ;
r . in . handle = handle ;
2003-11-14 10:56:43 +03:00
r . in . luid = luid ;
2003-11-10 15:42:45 +03:00
status = dcerpc_lsa_LookupPrivName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " \n LookupPrivName failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
return True ;
}
2003-11-10 14:37:19 +03:00
static BOOL test_EnumPrivsAccount ( struct dcerpc_pipe * p ,
2003-11-10 15:42:45 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2003-11-10 14:37:19 +03:00
struct policy_handle * acct_handle )
{
NTSTATUS status ;
struct lsa_EnumPrivsAccount r ;
printf ( " Testing EnumPrivsAccount \n " ) ;
r . in . handle = acct_handle ;
status = dcerpc_lsa_EnumPrivsAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumPrivsAccount failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
if ( r . out . privs ) {
int i ;
2003-11-11 07:04:36 +03:00
for ( i = 0 ; i < r . out . privs - > count ; i + + ) {
2003-11-10 15:42:45 +03:00
test_LookupPrivName ( p , mem_ctx , handle ,
2003-11-11 07:04:36 +03:00
& r . out . privs - > set [ i ] . luid ) ;
2003-11-10 14:37:19 +03:00
}
}
return True ;
}
2004-03-31 16:52:21 +04:00
static BOOL test_Delete ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_Delete r ;
printf ( " \n testing Delete \n " ) ;
r . in . handle = handle ;
status = dcerpc_lsa_Delete ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " Delete failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
printf ( " \n " ) ;
return True ;
}
static BOOL test_CreateAccount ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_CreateAccount r ;
2004-04-07 11:20:53 +04:00
struct dom_sid2 * newsid ;
2004-03-31 16:52:21 +04:00
struct policy_handle acct_handle ;
2004-04-07 11:20:53 +04:00
newsid = dom_sid_parse_talloc ( mem_ctx , " S-1-5-12349876-4321-2854 " ) ;
2004-03-31 16:52:21 +04:00
printf ( " Testing CreateAccount \n " ) ;
r . in . handle = handle ;
r . in . sid = newsid ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-03-31 16:52:21 +04:00
r . out . acct_handle = & acct_handle ;
status = dcerpc_lsa_CreateAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " CreateAccount failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
if ( ! test_Delete ( p , mem_ctx , & acct_handle ) ) {
return False ;
}
return True ;
}
2004-04-03 20:44:39 +04:00
static BOOL test_CreateTrustedDomain ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_CreateTrustedDomain r ;
struct lsa_TrustInformation trustinfo ;
struct dom_sid * domsid ;
struct policy_handle dom_handle ;
printf ( " Testing CreateTrustedDomain \n " ) ;
2004-08-03 16:30:17 +04:00
domsid = dom_sid_parse_talloc ( mem_ctx , " S-1-5-21-97398-379795-12345 " ) ;
2004-04-03 20:44:39 +04:00
trustinfo . sid = domsid ;
2004-11-22 14:59:59 +03:00
init_lsa_String ( & trustinfo . name , " torturedomain " ) ;
2004-04-03 20:44:39 +04:00
r . in . handle = handle ;
r . in . info = & trustinfo ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-04-03 20:44:39 +04:00
r . out . dom_handle = & dom_handle ;
status = dcerpc_lsa_CreateTrustedDomain ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " CreateTrustedDomain failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
if ( ! test_Delete ( p , mem_ctx , & dom_handle ) ) {
return False ;
}
return True ;
}
2004-04-03 21:15:32 +04:00
static BOOL test_CreateSecret ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_CreateSecret r ;
2004-04-03 21:21:26 +04:00
struct lsa_OpenSecret r2 ;
2004-04-07 11:20:53 +04:00
struct lsa_SetSecret r3 ;
struct lsa_QuerySecret r4 ;
2004-04-03 21:21:26 +04:00
struct policy_handle sec_handle , sec_handle2 ;
struct lsa_Delete d ;
2004-04-07 11:20:53 +04:00
struct lsa_DATA_BUF buf1 ;
struct lsa_DATA_BUF_PTR bufp1 ;
DATA_BLOB enc_key ;
BOOL ret = True ;
2004-05-09 17:07:23 +04:00
DATA_BLOB session_key ;
2004-04-07 11:20:53 +04:00
NTTIME old_mtime , new_mtime ;
DATA_BLOB blob1 , blob2 ;
const char * secret1 = " abcdef12345699qwerty " ;
char * secret2 ;
char * secname ;
2004-04-03 21:15:32 +04:00
printf ( " Testing CreateSecret \n " ) ;
2004-06-01 14:12:52 +04:00
asprintf ( & secname , " torturesecret-%u " , ( uint_t ) random ( ) ) ;
2004-04-07 11:20:53 +04:00
2004-11-22 14:59:59 +03:00
init_lsa_String ( & r . in . name , secname ) ;
2004-04-03 21:15:32 +04:00
r . in . handle = handle ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-04-03 21:15:32 +04:00
r . out . sec_handle = & sec_handle ;
status = dcerpc_lsa_CreateSecret ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " CreateSecret failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-04-03 21:21:26 +04:00
r2 . in . handle = handle ;
2004-05-27 08:13:58 +04:00
r2 . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-04-07 11:20:53 +04:00
r2 . in . name = r . in . name ;
2004-04-03 21:21:26 +04:00
r2 . out . sec_handle = & sec_handle2 ;
printf ( " Testing OpenSecret \n " ) ;
status = dcerpc_lsa_OpenSecret ( p , mem_ctx , & r2 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenSecret failed - %s \n " , nt_errstr ( status ) ) ;
2004-04-07 11:20:53 +04:00
ret = False ;
}
2004-05-09 17:07:23 +04:00
status = dcerpc_fetch_session_key ( p , & session_key ) ;
2004-04-07 11:20:53 +04:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " dcerpc_fetch_session_key failed - %s \n " , nt_errstr ( status ) ) ;
ret = False ;
}
2004-05-09 17:07:23 +04:00
enc_key = sess_encrypt_string ( secret1 , & session_key ) ;
2004-04-07 11:20:53 +04:00
r3 . in . handle = & sec_handle ;
r3 . in . new_val = & buf1 ;
r3 . in . old_val = NULL ;
r3 . in . new_val - > data = enc_key . data ;
r3 . in . new_val - > length = enc_key . length ;
r3 . in . new_val - > size = enc_key . length ;
printf ( " Testing SetSecret \n " ) ;
status = dcerpc_lsa_SetSecret ( p , mem_ctx , & r3 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " SetSecret failed - %s \n " , nt_errstr ( status ) ) ;
ret = False ;
}
data_blob_free ( & enc_key ) ;
ZERO_STRUCT ( new_mtime ) ;
ZERO_STRUCT ( old_mtime ) ;
/* fetch the secret back again */
r4 . in . handle = & sec_handle ;
r4 . in . new_val = & bufp1 ;
r4 . in . new_mtime = & new_mtime ;
r4 . in . old_val = NULL ;
r4 . in . old_mtime = NULL ;
bufp1 . buf = NULL ;
status = dcerpc_lsa_QuerySecret ( p , mem_ctx , & r4 ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QuerySecret failed - %s \n " , nt_errstr ( status ) ) ;
ret = False ;
}
2004-08-25 04:04:47 +04:00
if ( r4 . out . new_val - > buf = = NULL ) {
printf ( " No secret buffer returned \n " ) ;
ret = False ;
} else {
blob1 . data = r4 . out . new_val - > buf - > data ;
blob1 . length = r4 . out . new_val - > buf - > length ;
2004-04-07 11:20:53 +04:00
2004-08-25 04:04:47 +04:00
blob2 = data_blob ( NULL , blob1 . length ) ;
2004-04-07 11:20:53 +04:00
2004-08-25 04:04:47 +04:00
secret2 = sess_decrypt_string ( & blob1 , & session_key ) ;
2004-04-07 11:20:53 +04:00
2004-08-25 04:04:47 +04:00
printf ( " returned secret '%s' \n " , secret2 ) ;
2004-04-07 11:20:53 +04:00
2004-08-25 04:04:47 +04:00
if ( strcmp ( secret1 , secret2 ) ! = 0 ) {
printf ( " Returned secret doesn't match \n " ) ;
ret = False ;
}
2004-04-03 21:21:26 +04:00
}
2004-04-03 21:15:32 +04:00
if ( ! test_Delete ( p , mem_ctx , & sec_handle ) ) {
2004-04-07 11:20:53 +04:00
ret = False ;
2004-04-03 21:15:32 +04:00
}
2004-04-03 21:21:26 +04:00
d . in . handle = & sec_handle2 ;
status = dcerpc_lsa_Delete ( p , mem_ctx , & d ) ;
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_HANDLE ) ) {
printf ( " Second delete expected INVALID_HANDLE - %s \n " , nt_errstr ( status ) ) ;
2004-04-07 11:20:53 +04:00
ret = False ;
2004-04-03 21:21:26 +04:00
}
2004-04-07 11:20:53 +04:00
return ret ;
2004-04-03 21:15:32 +04:00
}
2004-09-03 12:28:24 +04:00
2003-11-10 15:12:22 +03:00
static BOOL test_EnumAccountRights ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * acct_handle ,
struct dom_sid * sid )
{
NTSTATUS status ;
struct lsa_EnumAccountRights r ;
struct lsa_RightSet rights ;
printf ( " Testing EnumAccountRights \n " ) ;
r . in . handle = acct_handle ;
r . in . sid = sid ;
r . out . rights = & rights ;
status = dcerpc_lsa_EnumAccountRights ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumAccountRights failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
return True ;
}
2003-11-15 07:42:48 +03:00
2004-11-22 11:47:47 +03:00
static BOOL test_QuerySecurity ( struct dcerpc_pipe * p ,
2003-11-15 07:42:48 +03:00
TALLOC_CTX * mem_ctx ,
2003-11-15 09:00:21 +03:00
struct policy_handle * handle ,
struct policy_handle * acct_handle )
2003-11-15 07:42:48 +03:00
{
NTSTATUS status ;
2004-11-22 11:47:47 +03:00
struct lsa_QuerySecurity r ;
2003-11-15 07:42:48 +03:00
2004-11-22 11:47:47 +03:00
printf ( " Testing QuerySecuriy \n " ) ;
2003-11-15 07:42:48 +03:00
r . in . handle = acct_handle ;
r . in . sec_info = 7 ;
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_QuerySecurity ( p , mem_ctx , & r ) ;
2003-11-15 07:42:48 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-22 11:47:47 +03:00
printf ( " QuerySecurity failed - %s \n " , nt_errstr ( status ) ) ;
2003-11-15 07:42:48 +03:00
return False ;
}
return True ;
}
2003-11-09 14:01:39 +03:00
static BOOL test_OpenAccount ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
struct dom_sid * sid )
{
NTSTATUS status ;
struct lsa_OpenAccount r ;
struct policy_handle acct_handle ;
2003-11-15 09:00:21 +03:00
printf ( " Testing OpenAccount \n " ) ;
2003-11-09 14:01:39 +03:00
r . in . handle = handle ;
r . in . sid = sid ;
2004-05-27 08:13:58 +04:00
r . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2003-11-09 14:01:39 +03:00
r . out . acct_handle = & acct_handle ;
status = dcerpc_lsa_OpenAccount ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenAccount failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2003-11-10 15:42:45 +03:00
if ( ! test_EnumPrivsAccount ( p , mem_ctx , handle , & acct_handle ) ) {
2003-11-10 14:37:19 +03:00
return False ;
}
2004-11-22 11:47:47 +03:00
if ( ! test_QuerySecurity ( p , mem_ctx , handle , & acct_handle ) ) {
2003-11-15 07:42:48 +03:00
return False ;
}
2003-11-09 14:01:39 +03:00
return True ;
}
2003-11-09 11:30:29 +03:00
static BOOL test_EnumAccounts ( struct dcerpc_pipe * p ,
2003-11-04 14:16:07 +03:00
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
2003-11-09 11:30:29 +03:00
struct lsa_EnumAccounts r ;
2003-11-08 14:21:57 +03:00
struct lsa_SidArray sids1 , sids2 ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2003-11-04 14:16:07 +03:00
int i ;
2003-11-09 11:30:29 +03:00
printf ( " \n testing EnumAccounts \n " ) ;
2003-11-04 14:16:07 +03:00
2003-11-09 07:40:50 +03:00
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . num_entries = 100 ;
r . out . resume_handle = & resume_handle ;
r . out . sids = & sids1 ;
2003-11-08 14:21:57 +03:00
resume_handle = 0 ;
2003-11-09 11:30:29 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
2003-11-04 14:16:07 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 11:30:29 +03:00
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2003-11-04 14:16:07 +03:00
return False ;
}
2003-11-09 03:58:40 +03:00
if ( ! test_LookupSids ( p , mem_ctx , handle , & sids1 ) ) {
return False ;
}
2003-11-09 14:01:39 +03:00
printf ( " testing all accounts \n " ) ;
for ( i = 0 ; i < sids1 . num_sids ; i + + ) {
test_OpenAccount ( p , mem_ctx , handle , sids1 . sids [ i ] . sid ) ;
2003-11-10 15:12:22 +03:00
test_EnumAccountRights ( p , mem_ctx , handle , sids1 . sids [ i ] . sid ) ;
2003-11-09 14:01:39 +03:00
}
printf ( " \n " ) ;
2003-11-10 15:12:22 +03:00
2003-11-08 14:21:57 +03:00
if ( sids1 . num_sids < 3 ) {
return True ;
2003-11-04 14:16:07 +03:00
}
2003-11-09 11:30:29 +03:00
printf ( " trying EnumAccounts partial listing (asking for 1 at 2) \n " ) ;
2003-11-08 14:21:57 +03:00
resume_handle = 2 ;
2003-11-09 07:40:50 +03:00
r . in . num_entries = 1 ;
r . out . sids = & sids2 ;
2003-11-09 11:30:29 +03:00
status = dcerpc_lsa_EnumAccounts ( p , mem_ctx , & r ) ;
2003-11-08 14:21:57 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2003-11-09 11:30:29 +03:00
printf ( " EnumAccounts failed - %s \n " , nt_errstr ( status ) ) ;
2003-11-08 14:21:57 +03:00
return False ;
}
if ( sids2 . num_sids ! = 1 ) {
printf ( " Returned wrong number of entries (%d) \n " , sids2 . num_sids ) ;
return False ;
}
2003-11-04 14:16:07 +03:00
return True ;
}
2004-09-02 03:36:22 +04:00
static BOOL test_LookupPrivDisplayName ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2004-11-22 14:59:59 +03:00
struct lsa_String * priv_name )
2004-09-02 03:36:22 +04:00
{
struct lsa_LookupPrivDisplayName r ;
NTSTATUS status ;
2004-09-03 09:16:25 +04:00
/* produce a reasonable range of language output without screwing up
terminals */
uint16 language_id = ( random ( ) % 4 ) + 0x409 ;
2004-09-02 03:36:22 +04:00
2004-11-22 14:59:59 +03:00
printf ( " testing LookupPrivDisplayName(%s) \n " , priv_name - > string ) ;
2004-09-02 03:36:22 +04:00
r . in . handle = handle ;
r . in . name = priv_name ;
2004-09-03 09:16:25 +04:00
r . in . language_id = & language_id ;
r . out . language_id = & language_id ;
2004-09-02 03:36:22 +04:00
r . in . unknown = 0 ;
status = dcerpc_lsa_LookupPrivDisplayName ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " LookupPrivDisplayName failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-09-03 09:16:25 +04:00
printf ( " %s -> \" %s \" (language 0x%x/0x%x) \n " ,
2004-11-22 14:59:59 +03:00
priv_name - > string , r . out . disp_name - > string ,
2004-09-03 09:16:25 +04:00
* r . in . language_id , * r . out . language_id ) ;
2004-09-02 03:36:22 +04:00
return True ;
}
static BOOL test_EnumAccountsWithUserRight ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle ,
2004-11-22 14:59:59 +03:00
struct lsa_String * priv_name )
2004-09-02 03:36:22 +04:00
{
struct lsa_EnumAccountsWithUserRight r ;
struct lsa_SidArray sids ;
NTSTATUS status ;
ZERO_STRUCT ( sids ) ;
2004-11-22 14:59:59 +03:00
printf ( " testing EnumAccountsWithUserRight(%s) \n " , priv_name - > string ) ;
2004-09-02 03:36:22 +04:00
r . in . handle = handle ;
r . in . name = priv_name ;
r . out . sids = & sids ;
status = dcerpc_lsa_EnumAccountsWithUserRight ( p , mem_ctx , & r ) ;
/* NT_STATUS_NO_MORE_ENTRIES means noone has this privilege */
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_MORE_ENTRIES ) ) {
return True ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumAccountsWithUserRight failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
return True ;
}
2003-11-09 12:04:28 +03:00
2003-11-09 12:44:06 +03:00
static BOOL test_EnumPrivs ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_EnumPrivs r ;
struct lsa_PrivArray privs1 ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2004-09-02 03:36:22 +04:00
int i ;
BOOL ret = True ;
2003-11-09 12:44:06 +03:00
printf ( " \n testing EnumPrivs \n " ) ;
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . max_count = 1000 ;
r . out . resume_handle = & resume_handle ;
r . out . privs = & privs1 ;
resume_handle = 0 ;
status = dcerpc_lsa_EnumPrivs ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumPrivs failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-09-02 03:36:22 +04:00
for ( i = 0 ; i < privs1 . count ; i + + ) {
test_LookupPrivDisplayName ( p , mem_ctx , handle , & privs1 . privs [ i ] . name ) ;
if ( ! test_EnumAccountsWithUserRight ( p , mem_ctx , handle , & privs1 . privs [ i ] . name ) ) {
ret = False ;
}
}
return ret ;
2003-11-09 12:44:06 +03:00
}
2003-11-09 13:01:24 +03:00
static BOOL test_EnumTrustDom ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_EnumTrustDom r ;
NTSTATUS status ;
2004-05-25 20:24:13 +04:00
uint32_t resume_handle = 0 ;
2003-11-10 14:37:19 +03:00
struct lsa_DomainList domains ;
2004-11-22 14:59:59 +03:00
int i , j ;
2004-11-22 11:47:47 +03:00
BOOL ret = True ;
2003-11-09 13:01:24 +03:00
printf ( " \n Testing EnumTrustDom \n " ) ;
r . in . handle = handle ;
r . in . resume_handle = & resume_handle ;
r . in . num_entries = 1000 ;
2003-11-09 14:01:39 +03:00
r . out . domains = & domains ;
2003-11-09 13:01:24 +03:00
r . out . resume_handle = & resume_handle ;
status = dcerpc_lsa_EnumTrustDom ( p , mem_ctx , & r ) ;
2003-11-20 04:02:09 +03:00
/* NO_MORE_ENTRIES is allowed */
if ( NT_STATUS_EQUAL ( status , NT_STATUS_NO_MORE_ENTRIES ) ) {
return True ;
}
2003-11-09 13:01:24 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " EnumTrustDom failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-11-23 03:31:00 +03:00
printf ( " \n Testing OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain \n " ) ;
2004-11-22 11:47:47 +03:00
for ( i = 0 ; i < domains . count ; i + + ) {
struct lsa_OpenTrustedDomain trust ;
struct lsa_OpenTrustedDomainByName trust_by_name ;
2004-11-23 03:31:00 +03:00
struct policy_handle trustdom_handle ;
2004-11-22 11:47:47 +03:00
struct policy_handle handle2 ;
struct lsa_Close c ;
2004-11-22 14:59:59 +03:00
int levels [ ] = { 1 , 3 , 6 } ;
2004-11-22 11:47:47 +03:00
trust . in . handle = handle ;
trust . in . sid = domains . domains [ i ] . sid ;
trust . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-11-23 03:31:00 +03:00
trust . out . trustdom_handle = & trustdom_handle ;
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_OpenTrustedDomain ( p , mem_ctx , & trust ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenTrustedDomain failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-11-23 03:31:00 +03:00
c . in . handle = & trustdom_handle ;
2004-11-22 11:47:47 +03:00
c . out . handle = & handle2 ;
2004-11-23 03:31:00 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfo q ;
2004-11-22 14:59:59 +03:00
union lsa_TrustedDomainInfo info ;
2004-11-23 03:31:00 +03:00
q . in . trustdom_handle = & trustdom_handle ;
2004-11-22 14:59:59 +03:00
q . in . level = levels [ j ] ;
q . out . info = & info ;
2004-11-23 03:31:00 +03:00
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
2004-11-22 14:59:59 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-23 03:31:00 +03:00
printf ( " QueryTrustedDomainInfo level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
2004-11-22 14:59:59 +03:00
ret = False ;
}
}
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & c ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-23 03:31:00 +03:00
printf ( " Close of trusted domain failed - %s \n " , nt_errstr ( status ) ) ;
2004-11-22 11:47:47 +03:00
return False ;
}
trust_by_name . in . handle = handle ;
trust_by_name . in . name = domains . domains [ i ] . name ;
trust_by_name . in . access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED ;
2004-11-23 03:31:00 +03:00
trust_by_name . out . trustdom_handle = & trustdom_handle ;
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_OpenTrustedDomainByName ( p , mem_ctx , & trust_by_name ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " OpenTrustedDomainByName failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2004-11-23 03:31:00 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfo q ;
union lsa_TrustedDomainInfo info ;
q . in . trustdom_handle = & trustdom_handle ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfo ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryTrustedDomainInfo level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
ret = False ;
}
}
c . in . handle = & trustdom_handle ;
2004-11-22 11:47:47 +03:00
c . out . handle = & handle2 ;
2004-11-22 14:59:59 +03:00
2004-11-22 11:47:47 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & c ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
2004-11-23 03:31:00 +03:00
printf ( " Close of trusted domain failed - %s \n " , nt_errstr ( status ) ) ;
2004-11-22 11:47:47 +03:00
return False ;
}
2004-11-23 03:31:00 +03:00
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfoBySid q ;
union lsa_TrustedDomainInfo info ;
q . in . handle = handle ;
q . in . dom_sid = domains . domains [ i ] . sid ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfoBySid ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryTrustedDomainInfoBySid level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
ret = False ;
}
}
for ( j = 0 ; j < ARRAY_SIZE ( levels ) ; j + + ) {
struct lsa_QueryTrustedDomainInfoByName q ;
union lsa_TrustedDomainInfo info ;
q . in . handle = handle ;
q . in . trusted_domain = domains . domains [ i ] . name ;
q . in . level = levels [ j ] ;
q . out . info = & info ;
status = dcerpc_lsa_QueryTrustedDomainInfoByName ( p , mem_ctx , & q ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryTrustedDomainInfoByName level %d failed - %s \n " ,
levels [ j ] , nt_errstr ( status ) ) ;
ret = False ;
}
}
2004-11-22 11:47:47 +03:00
}
return ret ;
2003-11-09 13:01:24 +03:00
}
2003-11-11 05:02:29 +03:00
static BOOL test_QueryInfoPolicy ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_QueryInfoPolicy r ;
NTSTATUS status ;
2003-11-11 09:22:58 +03:00
int i ;
BOOL ret = True ;
2003-11-11 05:02:29 +03:00
printf ( " \n Testing QueryInfoPolicy \n " ) ;
2003-11-11 09:22:58 +03:00
for ( i = 1 ; i < 13 ; i + + ) {
r . in . handle = handle ;
r . in . level = i ;
2003-11-11 05:02:29 +03:00
2003-11-11 09:54:54 +03:00
printf ( " \n trying QueryInfoPolicy level %d \n " , i ) ;
2003-11-11 09:22:58 +03:00
status = dcerpc_lsa_QueryInfoPolicy ( p , mem_ctx , & r ) ;
2003-11-20 04:02:09 +03:00
2003-11-22 12:32:35 +03:00
if ( ( i = = 9 | | i = = 10 | | i = = 11 ) & &
2003-11-20 04:02:09 +03:00
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
2003-11-22 12:32:35 +03:00
printf ( " server failed level %u (OK) \n " , i ) ;
2003-11-20 04:02:09 +03:00
continue ;
}
2003-11-11 09:22:58 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy failed - %s \n " , nt_errstr ( status ) ) ;
ret = False ;
continue ;
}
}
2003-11-11 05:02:29 +03:00
2003-11-11 09:22:58 +03:00
return ret ;
2003-11-11 05:02:29 +03:00
}
2004-05-27 10:27:21 +04:00
static BOOL test_QueryInfoPolicy2 ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
struct lsa_QueryInfoPolicy2 r ;
NTSTATUS status ;
int i ;
BOOL ret = True ;
printf ( " \n Testing QueryInfoPolicy2 \n " ) ;
for ( i = 1 ; i < 13 ; i + + ) {
r . in . handle = handle ;
r . in . level = i ;
printf ( " \n trying QueryInfoPolicy2 level %d \n " , i ) ;
status = dcerpc_lsa_QueryInfoPolicy2 ( p , mem_ctx , & r ) ;
if ( ( i = = 9 | | i = = 10 | | i = = 11 ) & &
NT_STATUS_EQUAL ( status , NT_STATUS_INVALID_PARAMETER ) ) {
printf ( " server failed level %u (OK) \n " , i ) ;
continue ;
}
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " QueryInfoPolicy2 failed - %s \n " , nt_errstr ( status ) ) ;
ret = False ;
continue ;
}
}
return ret ;
}
2003-11-09 12:04:28 +03:00
static BOOL test_Close ( struct dcerpc_pipe * p ,
TALLOC_CTX * mem_ctx ,
struct policy_handle * handle )
{
NTSTATUS status ;
struct lsa_Close r ;
2003-11-09 14:01:39 +03:00
struct policy_handle handle2 ;
2003-11-09 12:04:28 +03:00
printf ( " \n testing Close \n " ) ;
r . in . handle = handle ;
2003-11-09 14:01:39 +03:00
r . out . handle = & handle2 ;
2003-11-09 12:04:28 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & r ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " Close failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2003-11-09 12:44:06 +03:00
status = dcerpc_lsa_Close ( p , mem_ctx , & r ) ;
/* its really a fault - we need a status code for rpc fault */
2003-11-15 09:00:21 +03:00
if ( ! NT_STATUS_EQUAL ( status , NT_STATUS_NET_WRITE_FAULT ) ) {
2003-11-09 12:44:06 +03:00
printf ( " Close failed - %s \n " , nt_errstr ( status ) ) ;
return False ;
}
2003-11-09 12:04:28 +03:00
printf ( " \n " ) ;
return True ;
}
2004-10-28 17:40:50 +04:00
BOOL torture_rpc_lsa ( void )
2003-11-03 09:22:45 +03:00
{
NTSTATUS status ;
struct dcerpc_pipe * p ;
TALLOC_CTX * mem_ctx ;
2003-11-04 12:48:33 +03:00
BOOL ret = True ;
2003-11-04 14:16:07 +03:00
struct policy_handle handle ;
2003-11-03 09:22:45 +03:00
mem_ctx = talloc_init ( " torture_rpc_lsa " ) ;
2003-11-18 08:01:10 +03:00
status = torture_rpc_connection ( & p ,
DCERPC_LSARPC_NAME ,
DCERPC_LSARPC_UUID ,
DCERPC_LSARPC_VERSION ) ;
2003-11-03 09:22:45 +03:00
if ( ! NT_STATUS_IS_OK ( status ) ) {
return False ;
}
2003-11-18 04:18:24 +03:00
2003-11-09 07:40:50 +03:00
if ( ! test_OpenPolicy ( p , mem_ctx ) ) {
2003-11-04 12:48:33 +03:00
ret = False ;
}
2003-11-09 07:40:50 +03:00
if ( ! test_OpenPolicy2 ( p , mem_ctx , & handle ) ) {
2003-11-04 12:48:33 +03:00
ret = False ;
}
2003-11-03 09:22:45 +03:00
2004-07-06 00:33:17 +04:00
if ( ! test_many_LookupSids ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2004-03-31 16:52:21 +04:00
if ( ! test_CreateAccount ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2004-04-03 21:15:32 +04:00
if ( ! test_CreateSecret ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2004-04-03 20:44:39 +04:00
if ( ! test_CreateTrustedDomain ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2003-11-09 11:30:29 +03:00
if ( ! test_EnumAccounts ( p , mem_ctx , & handle ) ) {
2003-11-04 14:16:07 +03:00
ret = False ;
}
2003-11-09 12:44:06 +03:00
if ( ! test_EnumPrivs ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2003-11-09 13:01:24 +03:00
if ( ! test_EnumTrustDom ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2003-11-11 05:02:29 +03:00
if ( ! test_QueryInfoPolicy ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2004-05-27 10:27:21 +04:00
if ( ! test_QueryInfoPolicy2 ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2003-11-04 14:16:07 +03:00
2003-11-09 12:44:06 +03:00
#if 0
if ( ! test_Delete ( p , mem_ctx , & handle ) ) {
2003-11-09 12:04:28 +03:00
ret = False ;
}
2003-11-09 12:44:06 +03:00
# endif
2003-11-09 12:04:28 +03:00
2003-11-09 12:44:06 +03:00
if ( ! test_Close ( p , mem_ctx , & handle ) ) {
ret = False ;
}
2003-11-22 11:11:32 +03:00
talloc_destroy ( mem_ctx ) ;
2003-11-03 09:22:45 +03:00
torture_rpc_close ( p ) ;
2003-11-04 12:48:33 +03:00
return ret ;
2003-11-03 09:22:45 +03:00
}