r24726: Add tests for getting/setting security descriptors (still failing at the moment)

source/lib/registry/interface.c

@@ -275,3 +275,28 @@ _PUBLIC_ WERROR reg_key_flush(struct registry_key *key)
 
 	return key->context->ops->flush_key(key);
 }
+
+_PUBLIC_ WERROR reg_get_security(TALLOC_CTX *mem_ctx, 
+								 const struct registry_key *key, 
+								 struct security_descriptor **security)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAM;
+	
+	if (key->context->ops->get_security == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->get_security(mem_ctx, key, security);
+}
+
+_PUBLIC_ WERROR reg_set_security(struct registry_key *key, 
+								 struct security_descriptor *security)
+{
+	if (key == NULL)
+		return WERR_INVALID_PARAM;
+	
+	if (key->context->ops->set_security == NULL)
+		return WERR_NOT_SUPPORTED;
+
+	return key->context->ops->set_security(key, security);
+}

source/lib/registry/registry.h

@@ -269,6 +269,12 @@ struct registry_key *reg_import_hive_key(struct registry_context *ctx,
 									     struct hive_key *hive, 
 									     uint32_t predef_key,
 										 const char **elements);
+WERROR reg_get_security(TALLOC_CTX *mem_ctx, 
+								 const struct registry_key *key, 
+								 struct security_descriptor **security);
+
+WERROR reg_set_security(struct registry_key *key, 
+								 struct security_descriptor *security);
 
 
 #endif /* _REGISTRY_H */

source/lib/registry/tests/registry.c

@@ -25,6 +25,7 @@
 #include "lib/cmdline/popt_common.h"
 #include "torture/torture.h"
 #include "librpc/gen_ndr/winreg.h"
+#include "libcli/security/security.h"
 #include "system/filesys.h"
 
 NTSTATUS torture_temp_dir(struct torture_context *tctx, const char *prefix, 
@@ -365,6 +366,40 @@ static bool test_set_value(struct torture_context *tctx, const void *_data)
 	return true;
 }
 
+/**
+ * Test getting/setting security descriptors
+ */
+static bool test_security(struct torture_context *tctx, const void *_data)
+{
+	const struct registry_context *rctx = _data;
+	struct registry_key *subkey = NULL, *root;
+	WERROR error;
+	uint32_t data = 42;
+	struct security_descriptor *osd, *nsd;
+
+	if (!create_test_key(tctx, rctx, "Düsseldorf", &root, &subkey))
+		return false;
+
+	osd = security_descriptor_create(tctx,
+					NULL, NULL,
+					SID_NT_AUTHENTICATED_USERS,
+					SEC_ACE_TYPE_ACCESS_ALLOWED,
+					SEC_GENERIC_ALL,
+					SEC_ACE_FLAG_OBJECT_INHERIT,
+					NULL);
+
+	error = reg_set_security(subkey, osd);
+	torture_assert_werr_ok(tctx, error, "setting security");
+
+	error = reg_get_security(tctx, subkey, &nsd);
+	torture_assert_werr_ok (tctx, error, "setting security");
+
+	torture_assert(tctx, security_descriptor_equal(osd, nsd), 
+				   "security descriptor changed!");
+
+	return true;
+}
+
 /**
  * Test getting a value
  */
@@ -524,6 +559,8 @@ static void tcase_add_tests(struct torture_tcase *tcase)
 	torture_tcase_add_simple_test(tcase, "query_key_nums", test_query_key_nums);
 	torture_tcase_add_simple_test(tcase, "test_predef_key_by_name", 
 								  test_predef_key_by_name);
+	torture_tcase_add_simple_test(tcase, "security", 
+								  test_security);
 	torture_tcase_add_simple_test(tcase, "test_predef_key_by_name_invalid", 
 								  test_predef_key_by_name_invalid);
 }

source/rpc_server/winreg/rpc_winreg.c

@@ -490,13 +490,9 @@ static WERROR dcesrv_winreg_SetValue(struct dcesrv_call_state *dce_call,
 	data.length = r->in.size;
 	result = reg_val_set(key, r->in.name.name, r->in.type, data);
 
-	if (!W_ERROR_IS_OK(result)) { 
 	return result;
 }
 
-	return WERR_OK;
-}
-
 
 /* 
   winreg_UnLoadKey 

source/samba4-knownfail

@@ -5,5 +5,6 @@ BASE-DELETE/deltest20a
 BASE-DELETE/deltest20b
 RAW-OPLOCK/OPLOCK
 RPC-WINREG
+LOCAL-REGISTRY/security # Not implemented yet
 RPC-WKSSVC.*NetWkstaGetInfo
 RPC-WKSSVC.*NetWkstaTransportEnum