2007-10-06 01:22:07 +04:00
/*
2003-11-21 08:28:36 +03:00
Unix SMB / CIFS implementation .
test suite for winreg rpc operations
Copyright ( C ) Tim Potter 2003
2007-08-26 19:16:40 +04:00
Copyright ( C ) Jelmer Vernooij 2004 - 2007
2007-11-02 17:09:58 +03:00
Copyright ( C ) Günther Deschner 2007
2007-10-06 01:22:07 +04:00
2003-11-21 08:28:36 +03:00
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
2007-07-10 06:07:03 +04:00
the Free Software Foundation ; either version 3 of the License , or
2003-11-21 08:28:36 +03:00
( at your option ) any later version .
2007-10-06 01:22:07 +04:00
2003-11-21 08:28:36 +03:00
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
GNU General Public License for more details .
2007-10-06 01:22:07 +04:00
2003-11-21 08:28:36 +03:00
You should have received a copy of the GNU General Public License
2007-07-10 06:07:03 +04:00
along with this program . If not , see < http : //www.gnu.org/licenses/>.
2003-11-21 08:28:36 +03:00
*/
# include "includes.h"
2006-03-15 02:35:30 +03:00
# include "librpc/gen_ndr/ndr_winreg_c.h"
2006-03-16 03:23:11 +03:00
# include "librpc/gen_ndr/ndr_security.h"
2006-04-02 16:02:01 +04:00
# include "libcli/security/security.h"
2006-03-14 18:02:05 +03:00
# include "torture/rpc/rpc.h"
2003-11-21 08:28:36 +03:00
2005-08-24 15:01:10 +04:00
# define TEST_KEY_BASE "smbtorture test"
# define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
# define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
2007-07-11 01:35:20 +04:00
# define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
2007-11-02 16:27:58 +03:00
# define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
2007-07-11 01:35:20 +04:00
# define TEST_SUBKEY TEST_KEY3 "\\subkey"
2007-11-02 16:37:07 +03:00
# define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
# define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
2010-03-10 15:04:17 +03:00
# define TEST_VALUE "torture_value_name"
2007-11-02 16:37:07 +03:00
# define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
2005-08-24 15:01:10 +04:00
2008-02-19 13:57:32 +03:00
static void init_lsa_StringLarge ( struct lsa_StringLarge * name , const char * s )
2005-03-17 23:28:01 +03:00
{
2008-02-19 13:57:32 +03:00
name - > string = s ;
2005-03-17 23:28:01 +03:00
}
2003-11-21 09:14:14 +03:00
static void init_winreg_String ( struct winreg_String * name , const char * s )
{
name - > name = s ;
2003-11-23 09:31:10 +03:00
if ( s ) {
name - > name_len = 2 * ( strlen_m ( s ) + 1 ) ;
name - > name_size = name - > name_len ;
} else {
name - > name_len = 0 ;
name - > name_size = 0 ;
}
2003-11-21 09:14:14 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_GetVersion ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2003-11-21 08:28:36 +03:00
struct policy_handle * handle )
{
struct winreg_GetVersion r ;
2006-09-16 00:36:38 +04:00
uint32_t v ;
2003-11-21 08:28:36 +03:00
2006-09-16 00:36:38 +04:00
ZERO_STRUCT ( r ) ;
2003-11-21 08:28:36 +03:00
r . in . handle = handle ;
2006-09-16 00:36:38 +04:00
r . out . version = & v ;
2003-11-21 08:28:36 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_GetVersion ( p , tctx , & r ) ,
2007-10-06 01:22:07 +04:00
" GetVersion failed " ) ;
2003-11-21 08:28:36 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " GetVersion failed " ) ;
2004-10-29 03:06:12 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-21 08:28:36 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_NotifyChangeKeyValue ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
2004-12-13 05:04:34 +03:00
{
struct winreg_NotifyChangeKeyValue r ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2004-12-13 05:04:34 +03:00
r . in . handle = handle ;
2007-10-25 13:26:02 +04:00
r . in . watch_subtree = true ;
2004-12-13 05:04:34 +03:00
r . in . notify_filter = 0 ;
r . in . unknown = r . in . unknown2 = 0 ;
init_winreg_String ( & r . in . string1 , NULL ) ;
init_winreg_String ( & r . in . string2 , NULL ) ;
2010-03-05 13:06:18 +03:00
if ( torture_setting_bool ( tctx , " samba3 " , false ) ) {
torture_skip ( tctx , " skipping NotifyChangeKeyValue test against Samba 3 " ) ;
}
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx ,
dcerpc_winreg_NotifyChangeKeyValue ( p , tctx , & r ) ,
" NotifyChangeKeyValue failed " ) ;
2004-12-13 05:04:34 +03:00
if ( ! W_ERROR_IS_OK ( r . out . result ) ) {
2007-10-06 00:45:16 +04:00
torture_comment ( tctx ,
2007-10-25 13:26:02 +04:00
" NotifyChangeKeyValue failed - %s - not considering \n " ,
win_errstr ( r . out . result ) ) ;
2007-04-18 18:43:05 +04:00
return true ;
2004-12-13 05:04:34 +03:00
}
2007-04-18 18:43:05 +04:00
return true ;
2004-12-13 05:04:34 +03:00
}
2007-08-26 19:16:40 +04:00
static bool test_CreateKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2007-10-06 00:45:16 +04:00
struct policy_handle * handle , const char * name ,
2009-02-02 15:04:06 +03:00
const char * kclass )
2004-04-05 17:50:45 +04:00
{
struct winreg_CreateKey r ;
struct policy_handle newhandle ;
2006-04-30 17:54:03 +04:00
enum winreg_CreateAction action_taken = 0 ;
2004-04-05 17:50:45 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2004-04-05 17:50:45 +04:00
r . in . handle = handle ;
2005-08-24 12:31:39 +04:00
r . out . new_handle = & newhandle ;
2007-10-06 00:45:16 +04:00
init_winreg_String ( & r . in . name , name ) ;
2009-02-02 15:04:06 +03:00
init_winreg_String ( & r . in . keyclass , kclass ) ;
2004-12-13 04:37:18 +03:00
r . in . options = 0x0 ;
2005-10-22 12:00:09 +04:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2004-12-13 04:37:18 +03:00
r . in . action_taken = r . out . action_taken = & action_taken ;
2005-08-24 12:31:39 +04:00
r . in . secdesc = NULL ;
2004-04-05 17:50:45 +04:00
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_CreateKey ( p , tctx , & r ) ,
2007-10-06 01:22:07 +04:00
" CreateKey failed " ) ;
2004-04-05 17:50:45 +04:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " CreateKey failed " ) ;
2004-04-06 00:44:33 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2004-04-05 17:50:45 +04:00
}
2005-08-24 15:01:10 +04:00
/*
createkey testing with a SD
*/
2007-10-06 00:45:16 +04:00
static bool test_CreateKey_sd ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle , const char * name ,
2009-02-02 15:04:06 +03:00
const char * kclass ,
2007-10-10 15:23:06 +04:00
struct policy_handle * newhandle )
2005-08-24 15:01:10 +04:00
{
struct winreg_CreateKey r ;
2006-04-30 17:54:03 +04:00
enum winreg_CreateAction action_taken = 0 ;
2005-08-24 15:01:10 +04:00
struct security_descriptor * sd ;
DATA_BLOB sdblob ;
struct winreg_SecBuf secbuf ;
2007-11-02 14:54:19 +03:00
sd = security_descriptor_dacl_create ( tctx ,
2007-10-10 15:12:53 +04:00
0 ,
2005-08-24 15:01:10 +04:00
NULL , NULL ,
SID_NT_AUTHENTICATED_USERS ,
SEC_ACE_TYPE_ACCESS_ALLOWED ,
SEC_GENERIC_ALL ,
2007-11-02 16:27:58 +03:00
SEC_ACE_FLAG_OBJECT_INHERIT |
SEC_ACE_FLAG_CONTAINER_INHERIT ,
2005-08-24 15:01:10 +04:00
NULL ) ;
2007-11-09 21:24:51 +03:00
torture_assert_ndr_success ( tctx ,
2008-01-02 07:05:05 +03:00
ndr_push_struct_blob ( & sdblob , tctx , NULL , sd ,
2007-10-06 00:45:16 +04:00
( ndr_push_flags_fn_t ) ndr_push_security_descriptor ) ,
" Failed to push security_descriptor ?! \n " ) ;
2005-08-24 15:01:10 +04:00
secbuf . sd . data = sdblob . data ;
secbuf . sd . len = sdblob . length ;
secbuf . sd . size = sdblob . length ;
secbuf . length = sdblob . length - 10 ;
secbuf . inherit = 0 ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2005-08-24 15:01:10 +04:00
r . in . handle = handle ;
r . out . new_handle = newhandle ;
2007-10-06 00:45:16 +04:00
init_winreg_String ( & r . in . name , name ) ;
2009-02-02 15:04:06 +03:00
init_winreg_String ( & r . in . keyclass , kclass ) ;
2005-08-24 15:01:10 +04:00
r . in . options = 0x0 ;
2005-10-22 12:00:09 +04:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2005-08-24 15:01:10 +04:00
r . in . action_taken = r . out . action_taken = & action_taken ;
r . in . secdesc = & secbuf ;
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_CreateKey ( p , tctx , & r ) ,
2007-10-06 01:22:07 +04:00
" CreateKey with sd failed " ) ;
2005-08-24 15:01:10 +04:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " CreateKey with sd failed " ) ;
2005-08-24 15:01:10 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2005-08-24 15:01:10 +04:00
}
2007-11-02 16:27:58 +03:00
static bool _test_GetKeySecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t * sec_info_ptr ,
WERROR get_werr ,
struct security_descriptor * * sd_out )
2004-12-12 02:28:48 +03:00
{
struct winreg_GetKeySecurity r ;
2007-10-10 15:50:21 +04:00
struct security_descriptor * sd = NULL ;
2007-11-02 16:27:58 +03:00
uint32_t sec_info ;
2005-08-24 12:31:39 +04:00
DATA_BLOB sdblob ;
2004-12-12 02:28:48 +03:00
2007-11-02 16:27:58 +03:00
if ( sec_info_ptr ) {
sec_info = * sec_info_ptr ;
} else {
sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL ;
}
2004-12-12 02:28:48 +03:00
ZERO_STRUCT ( r ) ;
r . in . handle = handle ;
2007-11-02 16:27:58 +03:00
r . in . sec_info = sec_info ;
2007-08-26 19:16:40 +04:00
r . in . sd = r . out . sd = talloc_zero ( tctx , struct KeySecurityData ) ;
2005-08-24 15:01:10 +04:00
r . in . sd - > size = 0x1000 ;
2004-12-12 02:28:48 +03:00
2007-10-10 14:55:07 +04:00
torture_assert_ntstatus_ok ( tctx ,
dcerpc_winreg_GetKeySecurity ( p , tctx , & r ) ,
2007-10-06 01:22:07 +04:00
" GetKeySecurity failed " ) ;
2004-12-12 02:28:48 +03:00
2007-11-02 16:27:58 +03:00
torture_assert_werr_equal ( tctx , r . out . result , get_werr ,
" GetKeySecurity failed " ) ;
2004-12-12 02:28:48 +03:00
2005-08-24 12:31:39 +04:00
sdblob . data = r . out . sd - > data ;
sdblob . length = r . out . sd - > len ;
2007-10-10 15:50:21 +04:00
sd = talloc_zero ( tctx , struct security_descriptor ) ;
2007-11-09 21:24:51 +03:00
torture_assert_ndr_success ( tctx ,
2008-01-02 07:05:13 +03:00
ndr_pull_struct_blob ( & sdblob , tctx , NULL , sd ,
2007-10-06 00:45:16 +04:00
( ndr_pull_flags_fn_t ) ndr_pull_security_descriptor ) ,
" pull_security_descriptor failed " ) ;
2007-08-26 19:16:40 +04:00
2005-08-24 12:31:39 +04:00
if ( p - > conn - > flags & DCERPC_DEBUG_PRINT_OUT ) {
2007-10-10 14:55:07 +04:00
NDR_PRINT_DEBUG ( security_descriptor , sd ) ;
}
if ( sd_out ) {
* sd_out = sd ;
2007-10-10 15:50:21 +04:00
} else {
talloc_free ( sd ) ;
2005-08-24 12:31:39 +04:00
}
2007-04-18 18:43:05 +04:00
return true ;
2004-12-12 02:28:48 +03:00
}
2007-11-02 16:27:58 +03:00
static bool test_GetKeySecurity ( struct dcerpc_pipe * p ,
2007-10-10 15:56:47 +04:00
struct torture_context * tctx ,
struct policy_handle * handle ,
2007-11-02 16:27:58 +03:00
struct security_descriptor * * sd_out )
{
return _test_GetKeySecurity ( p , tctx , handle , NULL , WERR_OK , sd_out ) ;
}
static bool _test_SetKeySecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t * sec_info_ptr ,
struct security_descriptor * sd ,
WERROR werr )
2007-10-10 15:56:47 +04:00
{
struct winreg_SetKeySecurity r ;
struct KeySecurityData * sdata = NULL ;
DATA_BLOB sdblob ;
2007-10-25 13:12:02 +04:00
uint32_t sec_info ;
2007-10-10 15:56:47 +04:00
ZERO_STRUCT ( r ) ;
2007-11-02 16:27:58 +03:00
if ( sd & & ( p - > conn - > flags & DCERPC_DEBUG_PRINT_OUT ) ) {
2007-10-10 15:56:47 +04:00
NDR_PRINT_DEBUG ( security_descriptor , sd ) ;
}
2007-11-09 21:24:51 +03:00
torture_assert_ndr_success ( tctx ,
2008-01-02 07:05:05 +03:00
ndr_push_struct_blob ( & sdblob , tctx , NULL , sd ,
2007-10-10 15:56:47 +04:00
( ndr_push_flags_fn_t ) ndr_push_security_descriptor ) ,
" push_security_descriptor failed " ) ;
sdata = talloc_zero ( tctx , struct KeySecurityData ) ;
sdata - > data = sdblob . data ;
sdata - > size = sdblob . length ;
sdata - > len = sdblob . length ;
2007-11-02 16:27:58 +03:00
if ( sec_info_ptr ) {
sec_info = * sec_info_ptr ;
} else {
sec_info = SECINFO_UNPROTECTED_SACL |
SECINFO_UNPROTECTED_DACL ;
if ( sd - > owner_sid ) {
sec_info | = SECINFO_OWNER ;
}
if ( sd - > group_sid ) {
sec_info | = SECINFO_GROUP ;
}
if ( sd - > sacl ) {
sec_info | = SECINFO_SACL ;
}
if ( sd - > dacl ) {
sec_info | = SECINFO_DACL ;
}
2007-10-25 13:12:02 +04:00
}
2007-10-10 15:56:47 +04:00
r . in . handle = handle ;
2007-10-25 13:12:02 +04:00
r . in . sec_info = sec_info ;
2007-10-10 15:56:47 +04:00
r . in . sd = sdata ;
torture_assert_ntstatus_ok ( tctx ,
dcerpc_winreg_SetKeySecurity ( p , tctx , & r ) ,
" SetKeySecurity failed " ) ;
2007-11-02 16:27:58 +03:00
torture_assert_werr_equal ( tctx , r . out . result , werr ,
" SetKeySecurity failed " ) ;
2007-10-10 15:56:47 +04:00
return true ;
}
2007-11-02 16:37:07 +03:00
static bool test_SetKeySecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
struct security_descriptor * sd )
{
return _test_SetKeySecurity ( p , tctx , handle , NULL , sd , WERR_OK ) ;
}
2007-10-06 00:45:16 +04:00
static bool test_CloseKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-11-21 08:28:36 +03:00
struct policy_handle * handle )
{
struct winreg_CloseKey r ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2003-11-21 08:28:36 +03:00
r . in . handle = r . out . handle = handle ;
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_CloseKey ( p , tctx , & r ) ,
2007-10-06 01:22:07 +04:00
" CloseKey failed " ) ;
2003-11-21 08:28:36 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " CloseKey failed " ) ;
2004-10-29 03:06:12 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-21 08:28:36 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_FlushKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2003-11-21 09:14:14 +03:00
struct policy_handle * handle )
{
struct winreg_FlushKey r ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2003-11-21 09:14:14 +03:00
r . in . handle = handle ;
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_FlushKey ( p , tctx , & r ) ,
2007-10-06 00:45:16 +04:00
" FlushKey failed " ) ;
2003-11-21 09:14:14 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " FlushKey failed " ) ;
2004-10-29 01:24:29 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-21 09:14:14 +03:00
}
2007-11-02 16:50:27 +03:00
static bool _test_OpenKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * hive_handle ,
const char * keyname , uint32_t access_mask ,
struct policy_handle * key_handle ,
WERROR open_werr ,
bool * success )
2003-11-22 08:34:25 +03:00
{
struct winreg_OpenKey r ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2006-09-15 22:34:03 +04:00
r . in . parent_handle = hive_handle ;
2003-11-22 08:34:25 +03:00
init_winreg_String ( & r . in . keyname , keyname ) ;
r . in . unknown = 0x00000000 ;
2007-11-02 16:50:27 +03:00
r . in . access_mask = access_mask ;
2003-11-22 08:34:25 +03:00
r . out . handle = key_handle ;
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_OpenKey ( p , tctx , & r ) ,
2007-10-06 00:45:16 +04:00
" OpenKey failed " ) ;
2004-12-09 01:02:49 +03:00
2007-11-02 16:50:27 +03:00
torture_assert_werr_equal ( tctx , r . out . result , open_werr ,
" OpenKey failed " ) ;
if ( success & & W_ERROR_EQUAL ( r . out . result , WERR_OK ) ) {
* success = true ;
}
2003-11-22 08:34:25 +03:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-22 08:34:25 +03:00
}
2007-11-02 16:50:27 +03:00
static bool test_OpenKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * hive_handle ,
const char * keyname , struct policy_handle * key_handle )
{
return _test_OpenKey ( p , tctx , hive_handle , keyname ,
SEC_FLAG_MAXIMUM_ALLOWED , key_handle ,
WERR_OK , NULL ) ;
}
2007-08-26 19:16:40 +04:00
static bool test_Cleanup ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2005-08-24 15:01:10 +04:00
struct policy_handle * handle , const char * key )
{
struct winreg_DeleteKey r ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2005-08-24 15:01:10 +04:00
r . in . handle = handle ;
2005-08-24 15:12:16 +04:00
init_winreg_String ( & r . in . key , key ) ;
2007-08-26 19:16:40 +04:00
dcerpc_winreg_DeleteKey ( p , tctx , & r ) ;
2005-08-24 15:01:10 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2005-08-24 15:01:10 +04:00
}
2007-11-02 16:27:58 +03:00
static bool _test_GetSetSecurityDescriptor ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
WERROR get_werr ,
WERROR set_werr )
{
struct security_descriptor * sd = NULL ;
if ( ! _test_GetKeySecurity ( p , tctx , handle , NULL , get_werr , & sd ) ) {
return false ;
}
if ( ! _test_SetKeySecurity ( p , tctx , handle , NULL , sd , set_werr ) ) {
return false ;
}
return true ;
}
static bool test_SecurityDescriptor ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
struct policy_handle new_handle ;
bool ret = true ;
torture_comment ( tctx , " SecurityDescriptor get & set \n " ) ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
if ( ! _test_GetSetSecurityDescriptor ( p , tctx , & new_handle ,
WERR_OK , WERR_OK ) ) {
ret = false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
return false ;
}
return ret ;
}
2005-08-24 15:01:10 +04:00
2007-11-02 17:06:58 +03:00
static bool _test_SecurityDescriptor ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
uint32_t access_mask ,
const char * key ,
WERROR open_werr ,
WERROR get_werr ,
WERROR set_werr )
{
struct policy_handle new_handle ;
bool ret = true ;
bool got_key = false ;
if ( ! _test_OpenKey ( p , tctx , handle , key , access_mask , & new_handle ,
open_werr , & got_key ) ) {
return false ;
}
if ( ! got_key ) {
return true ;
}
if ( ! _test_GetSetSecurityDescriptor ( p , tctx , & new_handle ,
get_werr , set_werr ) ) {
ret = false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
return false ;
}
return ret ;
}
2007-11-02 16:43:11 +03:00
static bool test_dacl_trustee_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct dom_sid * sid )
{
struct security_descriptor * sd = NULL ;
int i ;
if ( ! test_GetKeySecurity ( p , tctx , handle , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > dacl ) {
return false ;
}
for ( i = 0 ; i < sd - > dacl - > num_aces ; i + + ) {
if ( dom_sid_equal ( & sd - > dacl - > aces [ i ] . trustee , sid ) ) {
return true ;
}
}
return false ;
}
2007-11-02 16:50:27 +03:00
static bool _test_dacl_trustee_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
const struct dom_sid * sid )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
ret = test_dacl_trustee_present ( p , tctx , & new_handle , sid ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return ret ;
}
static bool test_sacl_trustee_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct dom_sid * sid )
{
struct security_descriptor * sd = NULL ;
int i ;
uint32_t sec_info = SECINFO_SACL ;
if ( ! _test_GetKeySecurity ( p , tctx , handle , & sec_info , WERR_OK , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > sacl ) {
return false ;
}
for ( i = 0 ; i < sd - > sacl - > num_aces ; i + + ) {
if ( dom_sid_equal ( & sd - > sacl - > aces [ i ] . trustee , sid ) ) {
return true ;
}
}
return false ;
}
static bool _test_sacl_trustee_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
const struct dom_sid * sid )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! _test_OpenKey ( p , tctx , handle , key , SEC_FLAG_SYSTEM_SECURITY ,
& new_handle , WERR_OK , NULL ) ) {
return false ;
}
ret = test_sacl_trustee_present ( p , tctx , & new_handle , sid ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return ret ;
}
static bool test_owner_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct dom_sid * sid )
{
struct security_descriptor * sd = NULL ;
uint32_t sec_info = SECINFO_OWNER ;
if ( ! _test_GetKeySecurity ( p , tctx , handle , & sec_info , WERR_OK , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > owner_sid ) {
return false ;
}
return dom_sid_equal ( sd - > owner_sid , sid ) ;
}
static bool _test_owner_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
const struct dom_sid * sid )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
ret = test_owner_present ( p , tctx , & new_handle , sid ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return ret ;
}
static bool test_group_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct dom_sid * sid )
{
struct security_descriptor * sd = NULL ;
uint32_t sec_info = SECINFO_GROUP ;
if ( ! _test_GetKeySecurity ( p , tctx , handle , & sec_info , WERR_OK , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > group_sid ) {
return false ;
}
return dom_sid_equal ( sd - > group_sid , sid ) ;
}
static bool _test_group_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
const struct dom_sid * sid )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
ret = test_group_present ( p , tctx , & new_handle , sid ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return ret ;
}
2007-11-02 16:43:11 +03:00
static bool test_dacl_trustee_flags_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct dom_sid * sid ,
uint8_t flags )
{
struct security_descriptor * sd = NULL ;
int i ;
if ( ! test_GetKeySecurity ( p , tctx , handle , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > dacl ) {
return false ;
}
for ( i = 0 ; i < sd - > dacl - > num_aces ; i + + ) {
if ( ( dom_sid_equal ( & sd - > dacl - > aces [ i ] . trustee , sid ) ) & &
( sd - > dacl - > aces [ i ] . flags = = flags ) ) {
return true ;
}
}
return false ;
}
2007-11-02 16:37:07 +03:00
static bool test_dacl_ace_present ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const struct security_ace * ace )
2003-11-21 09:14:14 +03:00
{
2007-11-02 16:37:07 +03:00
struct security_descriptor * sd = NULL ;
int i ;
if ( ! test_GetKeySecurity ( p , tctx , handle , & sd ) ) {
return false ;
}
if ( ! sd | | ! sd - > dacl ) {
return false ;
}
for ( i = 0 ; i < sd - > dacl - > num_aces ; i + + ) {
if ( security_ace_equal ( & sd - > dacl - > aces [ i ] , ace ) ) {
return true ;
}
}
return false ;
}
static bool test_RestoreSecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
struct security_descriptor * sd )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
if ( ! test_SetKeySecurity ( p , tctx , & new_handle , sd ) ) {
ret = false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
ret = false ;
}
return ret ;
}
2007-11-02 16:50:27 +03:00
static bool test_BackupSecurity ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
struct security_descriptor * * sd )
{
struct policy_handle new_handle ;
bool ret = true ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
if ( ! test_GetKeySecurity ( p , tctx , & new_handle , sd ) ) {
ret = false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
ret = false ;
}
return ret ;
}
2007-11-02 16:37:07 +03:00
static bool test_SecurityDescriptorInheritance ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
/* get sd
add ace SEC_ACE_FLAG_CONTAINER_INHERIT
set sd
get sd
check ace
add subkey
get sd
check ace
add subsubkey
get sd
check ace
del subsubkey
del subkey
reset sd
*/
struct security_descriptor * sd = NULL ;
struct security_descriptor * sd_orig = NULL ;
struct security_ace * ace = NULL ;
struct policy_handle new_handle ;
2003-11-21 09:14:14 +03:00
NTSTATUS status ;
2007-11-02 16:37:07 +03:00
bool ret = true ;
2003-11-21 09:14:14 +03:00
2007-11-02 16:37:07 +03:00
torture_comment ( tctx , " SecurityDescriptor inheritance \n " ) ;
2003-11-21 09:14:14 +03:00
2007-11-02 16:37:07 +03:00
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
2003-11-21 09:14:14 +03:00
2007-11-02 16:37:07 +03:00
if ( ! _test_GetKeySecurity ( p , tctx , & new_handle , NULL , WERR_OK , & sd ) ) {
return false ;
}
sd_orig = security_descriptor_copy ( tctx , sd ) ;
if ( sd_orig = = NULL ) {
return false ;
}
ace = security_ace_create ( tctx ,
TEST_SID ,
SEC_ACE_TYPE_ACCESS_ALLOWED ,
SEC_STD_REQUIRED ,
SEC_ACE_FLAG_CONTAINER_INHERIT ) ;
status = security_descriptor_dacl_add ( sd , ace ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " failed to add ace: %s \n " , nt_errstr ( status ) ) ;
return false ;
}
/* FIXME: add further tests for these flags */
sd - > type | = SEC_DESC_DACL_AUTO_INHERIT_REQ |
SEC_DESC_SACL_AUTO_INHERITED ;
if ( ! test_SetKeySecurity ( p , tctx , & new_handle , sd ) ) {
return false ;
}
if ( ! test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " new ACE not present! \n " ) ;
return false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
return false ;
}
if ( ! test_CreateKey ( p , tctx , handle , TEST_SUBKEY_SD , NULL ) ) {
ret = false ;
goto out ;
}
if ( ! test_OpenKey ( p , tctx , handle , TEST_SUBKEY_SD , & new_handle ) ) {
ret = false ;
goto out ;
}
if ( ! test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " inherited ACE not present! \n " ) ;
ret = false ;
goto out ;
}
test_CloseKey ( p , tctx , & new_handle ) ;
if ( ! test_CreateKey ( p , tctx , handle , TEST_SUBSUBKEY_SD , NULL ) ) {
ret = false ;
goto out ;
}
if ( ! test_OpenKey ( p , tctx , handle , TEST_SUBSUBKEY_SD , & new_handle ) ) {
ret = false ;
goto out ;
}
if ( ! test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " inherited ACE not present! \n " ) ;
ret = false ;
goto out ;
}
out :
test_CloseKey ( p , tctx , & new_handle ) ;
test_Cleanup ( p , tctx , handle , TEST_SUBKEY_SD ) ;
test_RestoreSecurity ( p , tctx , handle , key , sd_orig ) ;
2004-04-06 00:44:33 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-21 09:14:14 +03:00
}
2007-11-02 16:43:11 +03:00
static bool test_SecurityDescriptorBlockInheritance ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
/* get sd
add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
set sd
add subkey / subkey
get sd
check ace
get sd from subkey
check ace
del subkey / subkey
del subkey
reset sd
*/
struct security_descriptor * sd = NULL ;
struct security_descriptor * sd_orig = NULL ;
struct security_ace * ace = NULL ;
struct policy_handle new_handle ;
struct dom_sid * sid = NULL ;
NTSTATUS status ;
bool ret = true ;
uint8_t ace_flags = 0x0 ;
torture_comment ( tctx , " SecurityDescriptor inheritance block \n " ) ;
if ( ! test_OpenKey ( p , tctx , handle , key , & new_handle ) ) {
return false ;
}
if ( ! _test_GetKeySecurity ( p , tctx , & new_handle , NULL , WERR_OK , & sd ) ) {
return false ;
}
sd_orig = security_descriptor_copy ( tctx , sd ) ;
if ( sd_orig = = NULL ) {
return false ;
}
ace = security_ace_create ( tctx ,
TEST_SID ,
SEC_ACE_TYPE_ACCESS_ALLOWED ,
SEC_STD_REQUIRED ,
SEC_ACE_FLAG_CONTAINER_INHERIT |
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT ) ;
status = security_descriptor_dacl_add ( sd , ace ) ;
if ( ! NT_STATUS_IS_OK ( status ) ) {
printf ( " failed to add ace: %s \n " , nt_errstr ( status ) ) ;
return false ;
}
if ( ! _test_SetKeySecurity ( p , tctx , & new_handle , NULL , sd , WERR_OK ) ) {
return false ;
}
if ( ! test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " new ACE not present! \n " ) ;
return false ;
}
if ( ! test_CloseKey ( p , tctx , & new_handle ) ) {
return false ;
}
if ( ! test_CreateKey ( p , tctx , handle , TEST_SUBSUBKEY_SD , NULL ) ) {
return false ;
}
if ( ! test_OpenKey ( p , tctx , handle , TEST_SUBSUBKEY_SD , & new_handle ) ) {
ret = false ;
goto out ;
}
if ( test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " inherited ACE present but should not! \n " ) ;
ret = false ;
goto out ;
}
sid = dom_sid_parse_talloc ( tctx , TEST_SID ) ;
if ( sid = = NULL ) {
return false ;
}
if ( test_dacl_trustee_present ( p , tctx , & new_handle , sid ) ) {
printf ( " inherited trustee SID present but should not! \n " ) ;
ret = false ;
goto out ;
}
test_CloseKey ( p , tctx , & new_handle ) ;
if ( ! test_OpenKey ( p , tctx , handle , TEST_SUBKEY_SD , & new_handle ) ) {
ret = false ;
goto out ;
}
if ( test_dacl_ace_present ( p , tctx , & new_handle , ace ) ) {
printf ( " inherited ACE present but should not! \n " ) ;
ret = false ;
goto out ;
}
if ( ! test_dacl_trustee_flags_present ( p , tctx , & new_handle , sid , ace_flags ) ) {
printf ( " inherited trustee SID with flags 0x%02x not present! \n " ,
ace_flags ) ;
ret = false ;
goto out ;
}
out :
test_CloseKey ( p , tctx , & new_handle ) ;
test_Cleanup ( p , tctx , handle , TEST_SUBKEY_SD ) ;
test_RestoreSecurity ( p , tctx , handle , key , sd_orig ) ;
return ret ;
}
2007-11-02 17:06:58 +03:00
static bool test_SecurityDescriptorsMasks ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
bool ret = true ;
int i ;
struct winreg_mask_result_table {
uint32_t access_mask ;
WERROR open_werr ;
WERROR get_werr ;
WERROR set_werr ;
} sd_mask_tests [ ] = {
{ 0 ,
WERR_ACCESS_DENIED , WERR_BADFILE , WERR_FOOBAR } ,
{ SEC_FLAG_MAXIMUM_ALLOWED ,
WERR_OK , WERR_OK , WERR_OK } ,
{ SEC_STD_WRITE_DAC ,
WERR_OK , WERR_ACCESS_DENIED , WERR_FOOBAR } ,
{ SEC_FLAG_SYSTEM_SECURITY ,
WERR_OK , WERR_ACCESS_DENIED , WERR_FOOBAR }
} ;
/* FIXME: before this test can ever run successfully we need a way to
* correctly read a NULL security_descritpor in ndr , get the required
* length , requery , etc .
*/
return true ;
for ( i = 0 ; i < ARRAY_SIZE ( sd_mask_tests ) ; i + + ) {
torture_comment ( tctx ,
" SecurityDescriptor get & set with access_mask: 0x%08x \n " ,
sd_mask_tests [ i ] . access_mask ) ;
torture_comment ( tctx ,
" expecting: open %s, get: %s, set: %s \n " ,
win_errstr ( sd_mask_tests [ i ] . open_werr ) ,
win_errstr ( sd_mask_tests [ i ] . get_werr ) ,
win_errstr ( sd_mask_tests [ i ] . set_werr ) ) ;
if ( _test_SecurityDescriptor ( p , tctx , handle ,
sd_mask_tests [ i ] . access_mask , key ,
sd_mask_tests [ i ] . open_werr ,
sd_mask_tests [ i ] . get_werr ,
sd_mask_tests [ i ] . set_werr ) ) {
ret = false ;
}
}
return ret ;
}
2007-11-02 16:51:49 +03:00
typedef bool ( * secinfo_verify_fn ) ( struct dcerpc_pipe * ,
struct torture_context * ,
struct policy_handle * ,
const char * ,
const struct dom_sid * ) ;
static bool test_SetSecurityDescriptor_SecInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key ,
const char * test ,
uint32_t access_mask ,
uint32_t sec_info ,
struct security_descriptor * sd ,
WERROR set_werr ,
bool expect_present ,
bool ( * fn ) ( struct dcerpc_pipe * ,
struct torture_context * ,
struct policy_handle * ,
const char * ,
const struct dom_sid * ) ,
const struct dom_sid * sid )
{
struct policy_handle new_handle ;
bool open_success = false ;
torture_comment ( tctx , " SecurityDescriptor (%s) sets for secinfo: "
" 0x%08x, access_mask: 0x%08x \n " ,
test , sec_info , access_mask ) ;
if ( ! _test_OpenKey ( p , tctx , handle , key ,
access_mask ,
& new_handle ,
WERR_OK ,
& open_success ) ) {
return false ;
}
if ( ! open_success ) {
printf ( " key did not open \n " ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return false ;
}
if ( ! _test_SetKeySecurity ( p , tctx , & new_handle , & sec_info ,
sd ,
set_werr ) ) {
torture_warning ( tctx ,
" SetKeySecurity with secinfo: 0x%08x has failed \n " ,
sec_info ) ;
smb_panic ( " " ) ;
test_CloseKey ( p , tctx , & new_handle ) ;
return false ;
}
test_CloseKey ( p , tctx , & new_handle ) ;
if ( W_ERROR_IS_OK ( set_werr ) ) {
bool present ;
present = fn ( p , tctx , handle , key , sid ) ;
if ( ( expect_present ) & & ( ! present ) ) {
torture_warning ( tctx ,
" %s sid is not present! \n " ,
test ) ;
return false ;
}
if ( ( ! expect_present ) & & ( present ) ) {
torture_warning ( tctx ,
" %s sid is present but not expected! \n " ,
test ) ;
return false ;
}
}
return true ;
}
static bool test_SecurityDescriptorsSecInfo ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
struct security_descriptor * sd_orig = NULL ;
struct dom_sid * sid = NULL ;
bool ret = true ;
int i , a ;
struct security_descriptor * sd_owner =
security_descriptor_dacl_create ( tctx ,
0 ,
TEST_SID , NULL , NULL ) ;
struct security_descriptor * sd_group =
security_descriptor_dacl_create ( tctx ,
0 ,
NULL , TEST_SID , NULL ) ;
struct security_descriptor * sd_dacl =
security_descriptor_dacl_create ( tctx ,
0 ,
NULL , NULL ,
TEST_SID ,
SEC_ACE_TYPE_ACCESS_ALLOWED ,
SEC_GENERIC_ALL ,
0 ,
SID_NT_AUTHENTICATED_USERS ,
SEC_ACE_TYPE_ACCESS_ALLOWED ,
SEC_GENERIC_ALL ,
0 ,
NULL ) ;
struct security_descriptor * sd_sacl =
security_descriptor_sacl_create ( tctx ,
0 ,
NULL , NULL ,
TEST_SID ,
SEC_ACE_TYPE_SYSTEM_AUDIT ,
SEC_GENERIC_ALL ,
SEC_ACE_FLAG_SUCCESSFUL_ACCESS ,
NULL ) ;
struct winreg_secinfo_table {
struct security_descriptor * sd ;
uint32_t sec_info ;
WERROR set_werr ;
bool sid_present ;
secinfo_verify_fn fn ;
} ;
struct winreg_secinfo_table sec_info_owner_tests [ ] = {
{ sd_owner , 0 , WERR_OK ,
false , ( secinfo_verify_fn ) _test_owner_present } ,
{ sd_owner , SECINFO_OWNER , WERR_OK ,
true , ( secinfo_verify_fn ) _test_owner_present } ,
{ sd_owner , SECINFO_GROUP , WERR_INVALID_PARAM } ,
{ sd_owner , SECINFO_DACL , WERR_OK ,
true , ( secinfo_verify_fn ) _test_owner_present } ,
{ sd_owner , SECINFO_SACL , WERR_ACCESS_DENIED } ,
} ;
uint32_t sd_owner_good_access_masks [ ] = {
SEC_FLAG_MAXIMUM_ALLOWED ,
/* SEC_STD_WRITE_OWNER, */
} ;
struct winreg_secinfo_table sec_info_group_tests [ ] = {
{ sd_group , 0 , WERR_OK ,
false , ( secinfo_verify_fn ) _test_group_present } ,
{ sd_group , SECINFO_OWNER , WERR_INVALID_PARAM } ,
{ sd_group , SECINFO_GROUP , WERR_OK ,
true , ( secinfo_verify_fn ) _test_group_present } ,
{ sd_group , SECINFO_DACL , WERR_OK ,
true , ( secinfo_verify_fn ) _test_group_present } ,
{ sd_group , SECINFO_SACL , WERR_ACCESS_DENIED } ,
} ;
uint32_t sd_group_good_access_masks [ ] = {
SEC_FLAG_MAXIMUM_ALLOWED ,
} ;
struct winreg_secinfo_table sec_info_dacl_tests [ ] = {
{ sd_dacl , 0 , WERR_OK ,
false , ( secinfo_verify_fn ) _test_dacl_trustee_present } ,
{ sd_dacl , SECINFO_OWNER , WERR_INVALID_PARAM } ,
{ sd_dacl , SECINFO_GROUP , WERR_INVALID_PARAM } ,
{ sd_dacl , SECINFO_DACL , WERR_OK ,
true , ( secinfo_verify_fn ) _test_dacl_trustee_present } ,
{ sd_dacl , SECINFO_SACL , WERR_ACCESS_DENIED } ,
} ;
uint32_t sd_dacl_good_access_masks [ ] = {
SEC_FLAG_MAXIMUM_ALLOWED ,
SEC_STD_WRITE_DAC ,
} ;
struct winreg_secinfo_table sec_info_sacl_tests [ ] = {
{ sd_sacl , 0 , WERR_OK ,
false , ( secinfo_verify_fn ) _test_sacl_trustee_present } ,
{ sd_sacl , SECINFO_OWNER , WERR_INVALID_PARAM } ,
{ sd_sacl , SECINFO_GROUP , WERR_INVALID_PARAM } ,
{ sd_sacl , SECINFO_DACL , WERR_OK ,
false , ( secinfo_verify_fn ) _test_sacl_trustee_present } ,
{ sd_sacl , SECINFO_SACL , WERR_OK ,
true , ( secinfo_verify_fn ) _test_sacl_trustee_present } ,
} ;
uint32_t sd_sacl_good_access_masks [ ] = {
SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY ,
/* SEC_FLAG_SYSTEM_SECURITY, */
} ;
sid = dom_sid_parse_talloc ( tctx , TEST_SID ) ;
if ( sid = = NULL ) {
return false ;
}
if ( ! test_BackupSecurity ( p , tctx , handle , key , & sd_orig ) ) {
return false ;
}
/* OWNER */
for ( i = 0 ; i < ARRAY_SIZE ( sec_info_owner_tests ) ; i + + ) {
for ( a = 0 ; a < ARRAY_SIZE ( sd_owner_good_access_masks ) ; a + + ) {
if ( ! test_SetSecurityDescriptor_SecInfo ( p , tctx , handle ,
key ,
" OWNER " ,
sd_owner_good_access_masks [ a ] ,
sec_info_owner_tests [ i ] . sec_info ,
sec_info_owner_tests [ i ] . sd ,
sec_info_owner_tests [ i ] . set_werr ,
sec_info_owner_tests [ i ] . sid_present ,
sec_info_owner_tests [ i ] . fn ,
sid ) )
{
printf ( " test_SetSecurityDescriptor_SecInfo failed for OWNER \n " ) ;
ret = false ;
goto out ;
}
}
}
/* GROUP */
for ( i = 0 ; i < ARRAY_SIZE ( sec_info_group_tests ) ; i + + ) {
for ( a = 0 ; a < ARRAY_SIZE ( sd_group_good_access_masks ) ; a + + ) {
if ( ! test_SetSecurityDescriptor_SecInfo ( p , tctx , handle ,
key ,
" GROUP " ,
sd_group_good_access_masks [ a ] ,
sec_info_group_tests [ i ] . sec_info ,
sec_info_group_tests [ i ] . sd ,
sec_info_group_tests [ i ] . set_werr ,
sec_info_group_tests [ i ] . sid_present ,
sec_info_group_tests [ i ] . fn ,
sid ) )
{
printf ( " test_SetSecurityDescriptor_SecInfo failed for GROUP \n " ) ;
ret = false ;
goto out ;
}
}
}
/* DACL */
for ( i = 0 ; i < ARRAY_SIZE ( sec_info_dacl_tests ) ; i + + ) {
for ( a = 0 ; a < ARRAY_SIZE ( sd_dacl_good_access_masks ) ; a + + ) {
if ( ! test_SetSecurityDescriptor_SecInfo ( p , tctx , handle ,
key ,
" DACL " ,
sd_dacl_good_access_masks [ a ] ,
sec_info_dacl_tests [ i ] . sec_info ,
sec_info_dacl_tests [ i ] . sd ,
sec_info_dacl_tests [ i ] . set_werr ,
sec_info_dacl_tests [ i ] . sid_present ,
sec_info_dacl_tests [ i ] . fn ,
sid ) )
{
printf ( " test_SetSecurityDescriptor_SecInfo failed for DACL \n " ) ;
ret = false ;
goto out ;
}
}
}
/* SACL */
for ( i = 0 ; i < ARRAY_SIZE ( sec_info_sacl_tests ) ; i + + ) {
for ( a = 0 ; a < ARRAY_SIZE ( sd_sacl_good_access_masks ) ; a + + ) {
if ( ! test_SetSecurityDescriptor_SecInfo ( p , tctx , handle ,
key ,
" SACL " ,
sd_sacl_good_access_masks [ a ] ,
sec_info_sacl_tests [ i ] . sec_info ,
sec_info_sacl_tests [ i ] . sd ,
sec_info_sacl_tests [ i ] . set_werr ,
sec_info_sacl_tests [ i ] . sid_present ,
sec_info_sacl_tests [ i ] . fn ,
sid ) )
{
printf ( " test_SetSecurityDescriptor_SecInfo failed for SACL \n " ) ;
ret = false ;
goto out ;
}
}
}
out :
test_RestoreSecurity ( p , tctx , handle , key , sd_orig ) ;
return ret ;
}
2007-11-02 16:27:58 +03:00
static bool test_SecurityDescriptors ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * key )
{
bool ret = true ;
if ( ! test_SecurityDescriptor ( p , tctx , handle , key ) ) {
printf ( " test_SecurityDescriptor failed \n " ) ;
ret = false ;
}
2007-11-02 16:37:07 +03:00
if ( ! test_SecurityDescriptorInheritance ( p , tctx , handle , key ) ) {
printf ( " test_SecurityDescriptorInheritance failed \n " ) ;
ret = false ;
}
2007-11-02 16:43:11 +03:00
if ( ! test_SecurityDescriptorBlockInheritance ( p , tctx , handle , key ) ) {
printf ( " test_SecurityDescriptorBlockInheritance failed \n " ) ;
ret = false ;
}
2007-11-02 16:51:49 +03:00
if ( ! test_SecurityDescriptorsSecInfo ( p , tctx , handle , key ) ) {
printf ( " test_SecurityDescriptorsSecInfo failed \n " ) ;
ret = false ;
}
2007-11-02 17:06:58 +03:00
if ( ! test_SecurityDescriptorsMasks ( p , tctx , handle , key ) ) {
printf ( " test_SecurityDescriptorsMasks failed \n " ) ;
ret = false ;
}
2007-11-02 16:27:58 +03:00
return ret ;
}
2007-11-02 16:37:07 +03:00
static bool test_DeleteKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
struct policy_handle * handle , const char * key )
{
NTSTATUS status ;
struct winreg_DeleteKey r ;
r . in . handle = handle ;
init_winreg_String ( & r . in . key , key ) ;
status = dcerpc_winreg_DeleteKey ( p , tctx , & r ) ;
torture_assert_ntstatus_ok ( tctx , status , " DeleteKey failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result , " DeleteKey failed " ) ;
return true ;
}
2007-10-06 00:45:16 +04:00
static bool test_QueryInfoKey ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
2009-02-02 15:04:06 +03:00
struct policy_handle * handle , char * kclass )
2003-11-22 08:34:25 +03:00
{
struct winreg_QueryInfoKey r ;
2008-10-20 17:53:24 +04:00
uint32_t num_subkeys , max_subkeylen , max_classlen ,
2006-09-16 00:36:38 +04:00
num_values , max_valnamelen , max_valbufsize ,
secdescsize ;
NTTIME last_changed_time ;
2003-11-22 08:34:25 +03:00
2006-09-16 00:36:38 +04:00
ZERO_STRUCT ( r ) ;
2003-11-22 08:34:25 +03:00
r . in . handle = handle ;
2006-09-16 00:36:38 +04:00
r . out . num_subkeys = & num_subkeys ;
r . out . max_subkeylen = & max_subkeylen ;
2008-10-20 17:53:24 +04:00
r . out . max_classlen = & max_classlen ;
2006-09-16 00:36:38 +04:00
r . out . num_values = & num_values ;
r . out . max_valnamelen = & max_valnamelen ;
r . out . max_valbufsize = & max_valbufsize ;
r . out . secdescsize = & secdescsize ;
r . out . last_changed_time = & last_changed_time ;
2007-04-18 18:43:05 +04:00
2007-08-26 19:16:40 +04:00
r . out . classname = talloc ( tctx , struct winreg_String ) ;
2007-10-06 00:45:16 +04:00
2007-08-26 19:16:40 +04:00
r . in . classname = talloc ( tctx , struct winreg_String ) ;
2009-02-02 15:04:06 +03:00
init_winreg_String ( r . in . classname , kclass ) ;
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx ,
2007-10-06 01:22:07 +04:00
dcerpc_winreg_QueryInfoKey ( p , tctx , & r ) ,
" QueryInfoKey failed " ) ;
2004-04-09 02:39:47 +04:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " QueryInfoKey failed " ) ;
2003-11-22 08:34:25 +03:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-22 08:34:25 +03:00
}
2010-03-10 02:06:52 +03:00
static bool test_SetValue ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * value_name ,
enum winreg_Type type ,
uint8_t * data ,
uint32_t size )
{
struct winreg_SetValue r ;
struct winreg_String name ;
torture_comment ( tctx , " Testing SetValue(%s) \n " , value_name ) ;
init_winreg_String ( & name , value_name ) ;
r . in . handle = handle ;
r . in . name = name ;
r . in . type = type ;
r . in . data = data ;
r . in . size = size ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_SetValue ( p , tctx , & r ) ,
" winreg_SetValue failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" winreg_SetValue failed " ) ;
return true ;
}
static bool test_DeleteValue ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * value_name )
{
struct winreg_DeleteValue r ;
struct winreg_String value ;
torture_comment ( tctx , " Testing DeleteValue(%s) \n " , value_name ) ;
init_winreg_String ( & value , value_name ) ;
r . in . handle = handle ;
r . in . value = value ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_DeleteValue ( p , tctx , & r ) ,
" winreg_DeleteValue failed " ) ;
torture_assert_werr_ok ( tctx , r . out . result ,
" winreg_DeleteValue failed " ) ;
return true ;
}
2007-08-26 19:16:40 +04:00
static bool test_key ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-02-19 18:18:10 +03:00
struct policy_handle * handle , int depth ,
bool test_security ) ;
2003-12-12 09:29:21 +03:00
2007-08-26 19:16:40 +04:00
static bool test_EnumKey ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-02-19 18:18:10 +03:00
struct policy_handle * handle , int depth ,
bool test_security )
2003-11-22 08:34:25 +03:00
{
2003-12-12 14:49:29 +03:00
struct winreg_EnumKey r ;
2009-02-02 15:04:06 +03:00
struct winreg_StringBuf kclass , name ;
2003-11-22 08:34:25 +03:00
NTSTATUS status ;
2005-08-17 05:25:58 +04:00
NTTIME t = 0 ;
2003-11-22 08:34:25 +03:00
2009-02-02 15:04:06 +03:00
kclass . name = " " ;
kclass . size = 1024 ;
2005-08-17 05:25:58 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2003-12-12 14:49:29 +03:00
r . in . handle = handle ;
r . in . enum_index = 0 ;
2005-08-17 05:25:58 +04:00
r . in . name = & name ;
2009-02-02 15:04:06 +03:00
r . in . keyclass = & kclass ;
2005-08-17 05:25:58 +04:00
r . out . name = & name ;
r . in . last_changed_time = & t ;
2003-11-22 08:34:25 +03:00
2003-12-12 14:49:29 +03:00
do {
2005-08-17 05:25:58 +04:00
name . name = NULL ;
2005-11-02 04:01:17 +03:00
name . size = 1024 ;
2005-08-17 05:25:58 +04:00
2007-08-26 19:16:40 +04:00
status = dcerpc_winreg_EnumKey ( p , tctx , & r ) ;
2003-11-22 08:34:25 +03:00
2003-12-12 14:49:29 +03:00
if ( NT_STATUS_IS_OK ( status ) & & W_ERROR_IS_OK ( r . out . result ) ) {
struct policy_handle key_handle ;
2003-11-22 08:34:25 +03:00
2007-10-10 15:23:06 +04:00
torture_comment ( tctx , " EnumKey: %d: %s \n " ,
r . in . enum_index ,
2007-10-06 01:22:07 +04:00
r . out . name - > name ) ;
2004-10-29 05:10:40 +04:00
2007-10-06 01:22:07 +04:00
if ( ! test_OpenKey ( p , tctx , handle , r . out . name - > name ,
& key_handle ) ) {
2004-10-29 05:10:40 +04:00
} else {
2008-02-19 18:18:10 +03:00
test_key ( p , tctx , & key_handle ,
depth + 1 , test_security ) ;
2003-12-12 14:49:29 +03:00
}
}
r . in . enum_index + + ;
2004-10-29 01:24:29 +04:00
} while ( NT_STATUS_IS_OK ( status ) & & W_ERROR_IS_OK ( r . out . result ) ) ;
2003-12-12 14:49:29 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_ntstatus_ok ( tctx , status , " EnumKey failed " ) ;
2004-10-29 05:10:40 +04:00
2007-10-06 00:45:16 +04:00
if ( ! W_ERROR_IS_OK ( r . out . result ) & &
2007-08-26 19:16:40 +04:00
! W_ERROR_EQUAL ( r . out . result , WERR_NO_MORE_ITEMS ) ) {
torture_fail ( tctx , " EnumKey failed " ) ;
2004-10-29 05:10:40 +04:00
}
2007-04-18 18:43:05 +04:00
return true ;
2003-12-12 14:49:29 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_QueryMultipleValues ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * valuename )
2004-12-12 03:22:30 +03:00
{
struct winreg_QueryMultipleValues r ;
NTSTATUS status ;
2005-08-24 15:42:46 +04:00
uint32_t bufsize = 0 ;
2004-12-12 03:22:30 +03:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2004-12-12 03:22:30 +03:00
r . in . key_handle = handle ;
2007-08-26 19:16:40 +04:00
r . in . values = r . out . values = talloc_array ( tctx , struct QueryMultipleValue , 1 ) ;
r . in . values [ 0 ] . name = talloc ( tctx , struct winreg_String ) ;
2004-12-12 03:22:30 +03:00
r . in . values [ 0 ] . name - > name = valuename ;
r . in . values [ 0 ] . offset = 0 ;
r . in . values [ 0 ] . length = 0 ;
r . in . values [ 0 ] . type = 0 ;
r . in . num_values = 1 ;
2007-08-26 19:16:40 +04:00
r . in . buffer_size = r . out . buffer_size = talloc ( tctx , uint32_t ) ;
2005-08-24 15:42:46 +04:00
* r . in . buffer_size = bufsize ;
2007-10-06 00:45:16 +04:00
do {
2005-08-24 15:42:46 +04:00
* r . in . buffer_size = bufsize ;
2007-10-06 00:45:16 +04:00
r . in . buffer = r . out . buffer = talloc_zero_array ( tctx , uint8_t ,
2005-08-24 15:01:10 +04:00
* r . in . buffer_size ) ;
2005-05-25 01:59:01 +04:00
2007-08-26 19:16:40 +04:00
status = dcerpc_winreg_QueryMultipleValues ( p , tctx , & r ) ;
2007-10-06 00:45:16 +04:00
2007-08-26 19:16:40 +04:00
if ( NT_STATUS_IS_ERR ( status ) )
torture_fail ( tctx , " QueryMultipleValues failed " ) ;
2005-08-24 15:42:46 +04:00
talloc_free ( r . in . buffer ) ;
bufsize + = 0x20 ;
2005-05-25 01:59:01 +04:00
} while ( W_ERROR_EQUAL ( r . out . result , WERR_MORE_DATA ) ) ;
2004-12-12 03:22:30 +03:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " QueryMultipleValues failed " ) ;
2004-12-12 03:22:30 +03:00
2007-04-18 18:43:05 +04:00
return true ;
2004-12-12 03:22:30 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_QueryValue ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * valuename )
2004-12-09 01:02:49 +03:00
{
struct winreg_QueryValue r ;
NTSTATUS status ;
2006-04-30 17:54:03 +04:00
enum winreg_Type zero_type = 0 ;
2005-02-10 08:09:35 +03:00
uint32_t offered = 0xfff ;
2006-04-30 17:54:03 +04:00
uint32_t zero = 0 ;
2004-12-09 01:02:49 +03:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2004-12-09 01:02:49 +03:00
r . in . handle = handle ;
2004-12-12 03:22:30 +03:00
r . in . data = NULL ;
2008-10-15 19:34:55 +04:00
r . in . value_name = talloc_zero ( tctx , struct winreg_String ) ;
r . in . value_name - > name = valuename ;
2006-04-30 17:54:03 +04:00
r . in . type = & zero_type ;
2008-10-15 19:38:51 +04:00
r . in . data_size = & offered ;
r . in . data_length = & zero ;
2004-12-09 01:02:49 +03:00
2007-08-26 19:16:40 +04:00
status = dcerpc_winreg_QueryValue ( p , tctx , & r ) ;
if ( NT_STATUS_IS_ERR ( status ) ) {
torture_fail ( tctx , " QueryValue failed " ) ;
2004-12-09 01:02:49 +03:00
}
2007-08-26 19:16:40 +04:00
torture_assert_werr_ok ( tctx , r . out . result , " QueryValue failed " ) ;
2004-12-09 01:02:49 +03:00
2007-04-18 18:43:05 +04:00
return true ;
2004-12-09 01:02:49 +03:00
}
2010-03-10 02:17:59 +03:00
static bool test_QueryValue_full ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle ,
const char * valuename ,
bool existing_value )
{
struct winreg_QueryValue r ;
struct winreg_String value_name ;
enum winreg_Type type = REG_NONE ;
uint32_t data_size = 0 ;
uint32_t real_data_size = 0 ;
uint32_t data_length = 0 ;
uint8_t * data = NULL ;
WERROR expected_error = WERR_BADFILE ;
if ( valuename = = NULL ) {
expected_error = WERR_INVALID_PARAM ;
}
ZERO_STRUCT ( r ) ;
init_winreg_String ( & value_name , NULL ) ;
torture_comment ( tctx , " Testing QueryValue(%s) \n " , valuename ) ;
r . in . handle = handle ;
r . in . value_name = & value_name ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) , " QueryValue failed " ) ;
torture_assert_werr_equal ( tctx , r . out . result , WERR_INVALID_PARAM ,
" expected WERR_INVALID_PARAM for NULL winreg_String.name " ) ;
init_winreg_String ( & value_name , valuename ) ;
r . in . value_name = & value_name ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
torture_assert_werr_equal ( tctx , r . out . result , WERR_INVALID_PARAM ,
" QueryValue failed " ) ;
r . in . type = & type ;
r . out . type = & type ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
torture_assert_werr_equal ( tctx , r . out . result , WERR_INVALID_PARAM ,
" QueryValue failed " ) ;
r . in . data_length = & data_length ;
r . out . data_length = & data_length ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
torture_assert_werr_equal ( tctx , r . out . result , WERR_INVALID_PARAM ,
" QueryValue failed " ) ;
r . in . data_size = & data_size ;
r . out . data_size = & data_size ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
if ( existing_value ) {
torture_assert_werr_ok ( tctx , r . out . result ,
" QueryValue failed " ) ;
} else {
torture_assert_werr_equal ( tctx , r . out . result , expected_error ,
" QueryValue failed " ) ;
}
real_data_size = * r . out . data_size ;
data = talloc_zero_array ( tctx , uint8_t , 0 ) ;
r . in . data = data ;
r . out . data = data ;
* r . in . data_size = 0 ;
* r . out . data_size = 0 ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
if ( existing_value ) {
torture_assert_werr_equal ( tctx , r . out . result , WERR_MORE_DATA ,
" QueryValue failed " ) ;
} else {
torture_assert_werr_equal ( tctx , r . out . result , expected_error ,
" QueryValue failed " ) ;
}
data = talloc_zero_array ( tctx , uint8_t , real_data_size ) ;
r . in . data = data ;
r . out . data = data ;
r . in . data_size = & real_data_size ;
r . out . data_size = & real_data_size ;
torture_assert_ntstatus_ok ( tctx , dcerpc_winreg_QueryValue ( p , tctx , & r ) ,
" QueryValue failed " ) ;
if ( existing_value ) {
torture_assert_werr_ok ( tctx , r . out . result ,
" QueryValue failed " ) ;
} else {
torture_assert_werr_equal ( tctx , r . out . result , expected_error ,
" QueryValue failed " ) ;
}
return true ;
}
2007-08-26 19:16:40 +04:00
static bool test_EnumValue ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2007-10-06 00:45:16 +04:00
struct policy_handle * handle , int max_valnamelen ,
int max_valbufsize )
2003-12-12 14:49:29 +03:00
{
struct winreg_EnumValue r ;
2006-04-30 17:54:03 +04:00
enum winreg_Type type = 0 ;
2005-02-10 08:09:35 +03:00
uint32_t size = max_valbufsize , zero = 0 ;
2007-04-18 18:43:05 +04:00
bool ret = true ;
2004-12-09 10:52:00 +03:00
uint8_t buf8 ;
2009-01-16 02:25:57 +03:00
struct winreg_ValNameBuf name ;
2003-11-22 08:34:25 +03:00
2005-08-17 05:25:58 +04:00
name . name = " " ;
2005-11-02 04:01:17 +03:00
name . size = 1024 ;
2005-08-17 05:25:58 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2004-10-11 03:03:12 +04:00
r . in . handle = handle ;
r . in . enum_index = 0 ;
2005-08-17 05:25:58 +04:00
r . in . name = & name ;
r . out . name = & name ;
2004-10-11 03:03:12 +04:00
r . in . type = & type ;
2004-12-09 10:52:00 +03:00
r . in . value = & buf8 ;
r . in . length = & zero ;
r . in . size = & size ;
2007-10-06 00:45:16 +04:00
2003-11-22 08:34:25 +03:00
do {
2007-10-10 15:23:06 +04:00
torture_assert_ntstatus_ok ( tctx ,
2007-10-06 01:22:07 +04:00
dcerpc_winreg_EnumValue ( p , tctx , & r ) ,
" EnumValue failed " ) ;
2004-10-11 03:03:12 +04:00
2004-12-09 01:02:49 +03:00
if ( W_ERROR_IS_OK ( r . out . result ) ) {
2007-10-10 15:23:06 +04:00
ret & = test_QueryValue ( p , tctx , handle ,
r . out . name - > name ) ;
ret & = test_QueryMultipleValues ( p , tctx , handle ,
r . out . name - > name ) ;
2004-12-09 01:02:49 +03:00
}
2003-12-12 14:49:29 +03:00
r . in . enum_index + + ;
2003-11-22 08:34:25 +03:00
} while ( W_ERROR_IS_OK ( r . out . result ) ) ;
2004-04-13 01:59:41 +04:00
2007-08-26 19:16:40 +04:00
torture_assert_werr_equal ( tctx , r . out . result , WERR_NO_MORE_ITEMS ,
2007-10-06 01:22:07 +04:00
" EnumValue failed " ) ;
2004-10-11 03:03:12 +04:00
2004-12-09 01:02:49 +03:00
return ret ;
2003-11-22 08:34:25 +03:00
}
2007-10-06 00:45:16 +04:00
static bool test_AbortSystemShutdown ( struct dcerpc_pipe * p ,
struct torture_context * tctx )
2004-04-09 02:39:47 +04:00
{
2007-08-26 19:16:40 +04:00
struct winreg_AbortSystemShutdown r ;
uint16_t server = 0x0 ;
2004-04-09 02:39:47 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2007-08-26 19:16:40 +04:00
r . in . server = & server ;
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx ,
dcerpc_winreg_AbortSystemShutdown ( p , tctx , & r ) ,
" AbortSystemShutdown failed " ) ;
2004-04-09 02:39:47 +04:00
2007-10-10 15:23:06 +04:00
torture_assert_werr_ok ( tctx , r . out . result ,
" AbortSystemShutdown failed " ) ;
2004-04-09 02:39:47 +04:00
2007-04-18 18:43:05 +04:00
return true ;
2004-04-09 02:39:47 +04:00
}
2007-10-06 00:45:16 +04:00
static bool test_InitiateSystemShutdown ( struct torture_context * tctx ,
2007-08-31 19:43:03 +04:00
struct dcerpc_pipe * p )
2004-12-13 14:00:24 +03:00
{
2007-08-26 19:16:40 +04:00
struct winreg_InitiateSystemShutdown r ;
2005-03-17 23:28:01 +03:00
uint16_t hostname = 0x0 ;
2007-08-26 19:16:40 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2005-03-17 23:28:01 +03:00
r . in . hostname = & hostname ;
2008-02-19 13:57:32 +03:00
r . in . message = talloc ( tctx , struct lsa_StringLarge ) ;
init_lsa_StringLarge ( r . in . message , " spottyfood " ) ;
2004-12-13 14:00:24 +03:00
r . in . force_apps = 1 ;
2007-08-26 19:16:40 +04:00
r . in . timeout = 30 ;
2008-10-15 18:25:06 +04:00
r . in . do_reboot = 1 ;
2004-12-13 14:00:24 +03:00
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx ,
dcerpc_winreg_InitiateSystemShutdown ( p , tctx , & r ) ,
" InitiateSystemShutdown failed " ) ;
2004-12-13 14:00:24 +03:00
2007-10-10 15:23:06 +04:00
torture_assert_werr_ok ( tctx , r . out . result ,
" InitiateSystemShutdown failed " ) ;
2004-12-13 14:00:24 +03:00
2007-08-26 19:16:40 +04:00
return test_AbortSystemShutdown ( p , tctx ) ;
2004-12-13 14:00:24 +03:00
}
2007-08-26 19:16:40 +04:00
static bool test_InitiateSystemShutdownEx ( struct torture_context * tctx ,
2007-10-06 00:45:16 +04:00
struct dcerpc_pipe * p )
2004-04-09 02:39:47 +04:00
{
2007-08-26 19:16:40 +04:00
struct winreg_InitiateSystemShutdownEx r ;
uint16_t hostname = 0x0 ;
2004-04-09 02:39:47 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2007-08-26 19:16:40 +04:00
r . in . hostname = & hostname ;
2008-02-19 13:57:32 +03:00
r . in . message = talloc ( tctx , struct lsa_StringLarge ) ;
init_lsa_StringLarge ( r . in . message , " spottyfood " ) ;
2007-08-26 19:16:40 +04:00
r . in . force_apps = 1 ;
r . in . timeout = 30 ;
2008-10-15 18:25:06 +04:00
r . in . do_reboot = 1 ;
2007-08-26 19:16:40 +04:00
r . in . reason = 0 ;
2004-04-09 02:39:47 +04:00
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx ,
2007-08-26 19:16:40 +04:00
dcerpc_winreg_InitiateSystemShutdownEx ( p , tctx , & r ) ,
" InitiateSystemShutdownEx failed " ) ;
2004-04-09 02:39:47 +04:00
2007-10-06 00:45:16 +04:00
torture_assert_werr_ok ( tctx , r . out . result ,
" InitiateSystemShutdownEx failed " ) ;
2004-04-09 02:39:47 +04:00
2007-08-26 19:16:40 +04:00
return test_AbortSystemShutdown ( p , tctx ) ;
2004-04-09 02:39:47 +04:00
}
2003-11-23 14:57:15 +03:00
# define MAX_DEPTH 2 /* Only go this far down the tree */
2003-11-23 09:31:10 +03:00
2007-10-06 00:45:16 +04:00
static bool test_key ( struct dcerpc_pipe * p , struct torture_context * tctx ,
2008-02-19 18:18:10 +03:00
struct policy_handle * handle , int depth ,
bool test_security )
2003-11-23 09:31:10 +03:00
{
2003-11-23 14:57:15 +03:00
if ( depth = = MAX_DEPTH )
2007-04-18 18:43:05 +04:00
return true ;
2003-11-23 09:38:37 +03:00
2007-08-26 19:16:40 +04:00
if ( ! test_QueryInfoKey ( p , tctx , handle , NULL ) ) {
2003-11-23 09:31:10 +03:00
}
2007-08-26 19:16:40 +04:00
if ( ! test_NotifyChangeKeyValue ( p , tctx , handle ) ) {
2004-12-13 05:04:34 +03:00
}
2007-10-06 00:45:16 +04:00
2008-02-19 18:18:10 +03:00
if ( test_security & & ! test_GetKeySecurity ( p , tctx , handle , NULL ) ) {
2004-12-12 02:28:48 +03:00
}
2008-02-19 18:18:10 +03:00
if ( ! test_EnumKey ( p , tctx , handle , depth , test_security ) ) {
2003-12-12 14:49:29 +03:00
}
2003-11-23 09:31:10 +03:00
2007-08-26 19:16:40 +04:00
if ( ! test_EnumValue ( p , tctx , handle , 0xFF , 0xFFFF ) ) {
2003-12-12 14:49:29 +03:00
}
2003-12-12 09:29:21 +03:00
2007-08-26 19:16:40 +04:00
test_CloseKey ( p , tctx , handle ) ;
2003-11-23 14:57:15 +03:00
2007-04-18 18:43:05 +04:00
return true ;
2003-11-23 14:57:15 +03:00
}
2010-03-10 15:04:17 +03:00
static bool test_key_value ( struct dcerpc_pipe * p ,
struct torture_context * tctx ,
struct policy_handle * handle )
{
const char * value_name = TEST_VALUE ;
enum winreg_Type type = REG_DWORD ;
uint32_t value = 0x12345678 ;
DATA_BLOB blob = data_blob_talloc_zero ( tctx , 4 ) ;
SIVAL ( blob . data , 0 , value ) ;
torture_assert ( tctx , test_SetValue ( p , tctx , handle , value_name , type , blob . data , blob . length ) ,
" test_SetValue failed " ) ;
torture_assert ( tctx , test_QueryValue_full ( p , tctx , handle , value_name , true ) ,
talloc_asprintf ( tctx , " test_QueryValue_full for %s value failed " , value_name ) ) ;
torture_assert ( tctx , test_DeleteValue ( p , tctx , handle , value_name ) ,
" test_DeleteValue failed " ) ;
return true ;
}
2005-08-24 15:01:10 +04:00
typedef NTSTATUS ( * winreg_open_fn ) ( struct dcerpc_pipe * , TALLOC_CTX * , void * ) ;
2003-11-23 14:57:15 +03:00
2008-02-19 18:18:10 +03:00
static bool test_Open_Security ( struct torture_context * tctx ,
struct dcerpc_pipe * p , void * userdata )
{
struct policy_handle handle , newhandle ;
bool ret = true , created2 = false ;
bool created4 = false ;
struct winreg_OpenHKLM r ;
winreg_open_fn open_fn = userdata ;
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2008-02-19 18:18:10 +03:00
r . in . system_name = 0 ;
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
r . out . handle = & handle ;
torture_assert_ntstatus_ok ( tctx , open_fn ( p , tctx , & r ) ,
" open " ) ;
test_Cleanup ( p , tctx , & handle , TEST_KEY_BASE ) ;
if ( ! test_CreateKey ( p , tctx , & handle , TEST_KEY_BASE , NULL ) ) {
torture_comment ( tctx ,
" CreateKey (TEST_KEY_BASE) failed \n " ) ;
}
if ( test_CreateKey_sd ( p , tctx , & handle , TEST_KEY2 ,
NULL , & newhandle ) ) {
created2 = true ;
}
if ( created2 & & ! test_CloseKey ( p , tctx , & newhandle ) ) {
printf ( " CloseKey failed \n " ) ;
ret = false ;
}
if ( test_CreateKey_sd ( p , tctx , & handle , TEST_KEY4 , NULL , & newhandle ) ) {
created4 = true ;
}
if ( created4 & & ! test_CloseKey ( p , tctx , & newhandle ) ) {
printf ( " CloseKey failed \n " ) ;
ret = false ;
}
if ( created4 & & ! test_SecurityDescriptors ( p , tctx , & handle , TEST_KEY4 ) ) {
ret = false ;
}
if ( created4 & & ! test_DeleteKey ( p , tctx , & handle , TEST_KEY4 ) ) {
printf ( " DeleteKey failed \n " ) ;
ret = false ;
}
if ( created2 & & ! test_DeleteKey ( p , tctx , & handle , TEST_KEY2 ) ) {
printf ( " DeleteKey failed \n " ) ;
ret = false ;
}
/* The HKCR hive has a very large fanout */
if ( open_fn = = ( void * ) dcerpc_winreg_OpenHKCR ) {
if ( ! test_key ( p , tctx , & handle , MAX_DEPTH - 1 , true ) ) {
ret = false ;
}
} else {
if ( ! test_key ( p , tctx , & handle , 0 , true ) ) {
ret = false ;
}
}
test_Cleanup ( p , tctx , & handle , TEST_KEY_BASE ) ;
return ret ;
}
2010-03-10 02:43:57 +03:00
# define KEY_CURRENT_VERSION "SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION"
# define VALUE_CURRENT_VERSION "CurrentVersion"
2007-10-06 00:45:16 +04:00
static bool test_Open ( struct torture_context * tctx , struct dcerpc_pipe * p ,
2007-08-26 19:16:40 +04:00
void * userdata )
2003-11-23 14:57:15 +03:00
{
2004-04-06 00:44:33 +04:00
struct policy_handle handle , newhandle ;
2008-02-19 18:18:10 +03:00
bool ret = true , created = false , deleted = false ;
2007-07-11 01:35:20 +04:00
bool created3 = false , created_subkey = false ;
2005-08-24 15:01:10 +04:00
struct winreg_OpenHKLM r ;
2003-11-23 14:57:15 +03:00
2007-08-26 19:16:40 +04:00
winreg_open_fn open_fn = userdata ;
2005-10-20 10:31:51 +04:00
2008-09-15 23:09:32 +04:00
ZERO_STRUCT ( r ) ;
2005-08-24 15:01:10 +04:00
r . in . system_name = 0 ;
2005-10-22 12:00:09 +04:00
r . in . access_mask = SEC_FLAG_MAXIMUM_ALLOWED ;
2005-08-24 15:01:10 +04:00
r . out . handle = & handle ;
2007-10-06 00:45:16 +04:00
torture_assert_ntstatus_ok ( tctx , open_fn ( p , tctx , & r ) ,
" open " ) ;
2010-03-11 00:04:02 +03:00
2010-03-10 02:43:57 +03:00
if ( open_fn = = ( void * ) dcerpc_winreg_OpenHKLM ) {
#if 0
torture_assert ( tctx , test_OpenKey ( p , tctx , & handle , KEY_CURRENT_VERSION , & newhandle ) ,
" failed to open current version key " ) ;
# else
torture_assert ( tctx , _test_OpenKey ( p , tctx , & handle , KEY_CURRENT_VERSION , KEY_QUERY_VALUE , & newhandle , WERR_OK , NULL ) ,
" failed to open current version key " ) ;
# endif
torture_assert ( tctx , test_QueryValue_full ( p , tctx , & newhandle , VALUE_CURRENT_VERSION , true ) ,
" failed to query current version " ) ;
2010-03-10 14:54:17 +03:00
torture_assert ( tctx , test_QueryValue_full ( p , tctx , & newhandle , " IDoNotExist " , false ) ,
" failed to query current version " ) ;
2010-03-10 02:43:57 +03:00
torture_assert ( tctx , test_CloseKey ( p , tctx , & newhandle ) ,
" failed to close current version key " ) ;
}
2010-03-11 00:04:02 +03:00
2007-08-26 19:16:40 +04:00
test_Cleanup ( p , tctx , & handle , TEST_KEY_BASE ) ;
2005-08-24 15:01:10 +04:00
2008-02-19 18:03:32 +03:00
if ( ! test_CreateKey ( p , tctx , & handle , TEST_KEY_BASE , NULL ) ) {
torture_comment ( tctx ,
" CreateKey (TEST_KEY_BASE) failed \n " ) ;
}
2007-08-26 19:16:40 +04:00
if ( ! test_CreateKey ( p , tctx , & handle , TEST_KEY1 , NULL ) ) {
2007-10-10 15:23:06 +04:00
torture_comment ( tctx ,
" CreateKey failed - not considering a failure \n " ) ;
2005-05-25 01:59:01 +04:00
} else {
2007-04-18 18:43:05 +04:00
created = true ;
2003-11-23 09:31:10 +03:00
}
2007-08-26 19:16:40 +04:00
if ( created & & ! test_FlushKey ( p , tctx , & handle ) ) {
torture_comment ( tctx , " FlushKey failed \n " ) ;
2007-04-18 18:43:05 +04:00
ret = false ;
2004-04-12 03:16:47 +04:00
}
2007-08-26 19:16:40 +04:00
if ( created & & ! test_OpenKey ( p , tctx , & handle , TEST_KEY1 , & newhandle ) )
2007-10-06 00:45:16 +04:00
torture_fail ( tctx ,
" CreateKey failed (OpenKey after Create didn't work) \n " ) ;
2004-04-06 00:44:33 +04:00
2010-03-10 15:04:17 +03:00
if ( created & & ! test_key_value ( p , tctx , & newhandle ) ) {
torture_fail ( tctx ,
" test_key_value failed \n " ) ;
}
2007-11-02 16:18:07 +03:00
if ( created & & ! test_CloseKey ( p , tctx , & newhandle ) )
torture_fail ( tctx ,
" CreateKey failed (CloseKey after Open didn't work) \n " ) ;
2007-08-26 19:16:40 +04:00
if ( created & & ! test_DeleteKey ( p , tctx , & handle , TEST_KEY1 ) ) {
torture_comment ( tctx , " DeleteKey failed \n " ) ;
2007-04-18 18:43:05 +04:00
ret = false ;
2005-05-25 01:59:01 +04:00
} else {
2007-04-18 18:43:05 +04:00
deleted = true ;
2003-11-23 14:57:15 +03:00
}
2007-08-26 19:16:40 +04:00
if ( created & & ! test_FlushKey ( p , tctx , & handle ) ) {
torture_comment ( tctx , " FlushKey failed \n " ) ;
2007-04-18 18:43:05 +04:00
ret = false ;
2004-04-12 03:16:47 +04:00
}
2007-10-06 00:45:16 +04:00
if ( created & & deleted & &
2008-02-19 18:03:32 +03:00
! _test_OpenKey ( p , tctx , & handle , TEST_KEY1 ,
SEC_FLAG_MAXIMUM_ALLOWED , & newhandle ,
WERR_BADFILE , NULL ) ) {
2007-10-06 00:45:16 +04:00
torture_comment ( tctx ,
2008-02-19 18:03:32 +03:00
" DeleteKey failed (OpenKey after Delete "
" did not return WERR_BADFILE) \n " ) ;
2007-04-18 18:43:05 +04:00
ret = false ;
2004-04-06 00:44:33 +04:00
}
2007-08-26 19:16:40 +04:00
if ( ! test_GetVersion ( p , tctx , & handle ) ) {
torture_comment ( tctx , " GetVersion failed \n " ) ;
2007-04-18 18:43:05 +04:00
ret = false ;
2004-04-09 02:39:47 +04:00
}
2007-08-26 19:16:40 +04:00
if ( created & & test_CreateKey ( p , tctx , & handle , TEST_KEY3 , NULL ) ) {
2007-07-11 01:35:20 +04:00
created3 = true ;
}
2007-10-06 00:45:16 +04:00
if ( created3 & &
2007-10-10 15:23:06 +04:00
test_CreateKey ( p , tctx , & handle , TEST_SUBKEY , NULL ) ) {
2007-07-11 01:35:20 +04:00
created_subkey = true ;
}
2007-10-06 00:45:16 +04:00
if ( created_subkey & &
2007-10-10 15:23:06 +04:00
! test_DeleteKey ( p , tctx , & handle , TEST_KEY3 ) ) {
2007-07-11 01:35:20 +04:00
printf ( " DeleteKey failed \n " ) ;
ret = false ;
}
2003-11-23 14:57:15 +03:00
/* The HKCR hive has a very large fanout */
2005-08-24 15:01:10 +04:00
if ( open_fn = = ( void * ) dcerpc_winreg_OpenHKCR ) {
2008-02-19 18:18:10 +03:00
if ( ! test_key ( p , tctx , & handle , MAX_DEPTH - 1 , false ) ) {
2007-04-18 18:43:05 +04:00
ret = false ;
2004-04-05 17:50:45 +04:00
}
2008-02-19 18:03:32 +03:00
} else {
2008-02-19 18:18:10 +03:00
if ( ! test_key ( p , tctx , & handle , 0 , false ) ) {
2008-02-19 18:03:32 +03:00
ret = false ;
}
2004-04-05 17:50:45 +04:00
}
2007-08-26 19:16:40 +04:00
test_Cleanup ( p , tctx , & handle , TEST_KEY_BASE ) ;
2005-08-24 15:12:16 +04:00
2004-04-05 17:50:45 +04:00
return ret ;
2003-11-23 09:31:10 +03:00
}
2003-11-22 08:34:25 +03:00
2007-08-26 19:16:40 +04:00
struct torture_suite * torture_rpc_winreg ( TALLOC_CTX * mem_ctx )
2003-11-21 08:28:36 +03:00
{
2007-08-28 20:24:18 +04:00
struct torture_rpc_tcase * tcase ;
2007-08-26 19:16:40 +04:00
struct torture_suite * suite = torture_suite_create ( mem_ctx , " WINREG " ) ;
2007-08-31 19:43:03 +04:00
struct torture_test * test ;
2003-11-21 08:28:36 +03:00
2007-10-06 00:45:16 +04:00
tcase = torture_suite_add_rpc_iface_tcase ( suite , " winreg " ,
2007-08-31 19:43:03 +04:00
& ndr_table_winreg ) ;
2003-11-23 09:31:10 +03:00
2007-10-06 00:45:16 +04:00
test = torture_rpc_tcase_add_test ( tcase , " InitiateSystemShutdown " ,
2007-08-31 19:43:03 +04:00
test_InitiateSystemShutdown ) ;
test - > dangerous = true ;
2003-11-21 08:28:36 +03:00
2007-10-06 00:45:16 +04:00
test = torture_rpc_tcase_add_test ( tcase , " InitiateSystemShutdownEx " ,
2007-08-31 19:43:03 +04:00
test_InitiateSystemShutdownEx ) ;
test - > dangerous = true ;
2004-04-11 20:04:06 +04:00
2008-02-19 18:18:10 +03:00
/* Basic tests without security descriptors */
torture_rpc_tcase_add_test_ex ( tcase , " HKLM-basic " ,
test_Open ,
( winreg_open_fn ) dcerpc_winreg_OpenHKLM ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKU-basic " ,
test_Open ,
( winreg_open_fn ) dcerpc_winreg_OpenHKU ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKCR-basic " ,
test_Open ,
( winreg_open_fn ) dcerpc_winreg_OpenHKCR ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKCU-basic " ,
test_Open ,
( winreg_open_fn ) dcerpc_winreg_OpenHKCU ) ;
/* Security descriptor tests */
torture_rpc_tcase_add_test_ex ( tcase , " HKLM-security " ,
test_Open_Security ,
( winreg_open_fn ) dcerpc_winreg_OpenHKLM ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKU-security " ,
test_Open_Security ,
( winreg_open_fn ) dcerpc_winreg_OpenHKU ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKCR-security " ,
test_Open_Security ,
( winreg_open_fn ) dcerpc_winreg_OpenHKCR ) ;
torture_rpc_tcase_add_test_ex ( tcase , " HKCU-security " ,
test_Open_Security ,
( winreg_open_fn ) dcerpc_winreg_OpenHKCU ) ;
2003-11-21 08:28:36 +03:00
2007-08-26 19:16:40 +04:00
return suite ;
2003-11-21 08:28:36 +03:00
}