2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
7 Copyright (C) Günther Deschner 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "torture/torture.h"
25 #include "librpc/gen_ndr/ndr_winreg_c.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "libcli/security/security.h"
28 #include "torture/rpc/rpc.h"
30 #define TEST_KEY_BASE "smbtorture test"
31 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
32 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
33 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
34 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
35 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
36 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
37 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
39 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
41 static void init_initshutdown_String(TALLOC_CTX *mem_ctx,
42 struct initshutdown_String *name,
45 name->name = talloc(mem_ctx, struct initshutdown_String_sub);
49 static void init_winreg_String(struct winreg_String *name, const char *s)
53 name->name_len = 2 * (strlen_m(s) + 1);
54 name->name_size = name->name_len;
61 static bool test_GetVersion(struct dcerpc_pipe *p,
62 struct torture_context *tctx,
63 struct policy_handle *handle)
65 struct winreg_GetVersion r;
72 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion(p, tctx, &r),
75 torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed");
80 static bool test_NotifyChangeKeyValue(struct dcerpc_pipe *p,
81 struct torture_context *tctx,
82 struct policy_handle *handle)
84 struct winreg_NotifyChangeKeyValue r;
87 r.in.watch_subtree = true;
88 r.in.notify_filter = 0;
89 r.in.unknown = r.in.unknown2 = 0;
90 init_winreg_String(&r.in.string1, NULL);
91 init_winreg_String(&r.in.string2, NULL);
93 torture_assert_ntstatus_ok(tctx,
94 dcerpc_winreg_NotifyChangeKeyValue(p, tctx, &r),
95 "NotifyChangeKeyValue failed");
97 if (!W_ERROR_IS_OK(r.out.result)) {
99 "NotifyChangeKeyValue failed - %s - not considering\n",
100 win_errstr(r.out.result));
107 static bool test_CreateKey(struct dcerpc_pipe *p, struct torture_context *tctx,
108 struct policy_handle *handle, const char *name,
111 struct winreg_CreateKey r;
112 struct policy_handle newhandle;
113 enum winreg_CreateAction action_taken = 0;
115 r.in.handle = handle;
116 r.out.new_handle = &newhandle;
117 init_winreg_String(&r.in.name, name);
118 init_winreg_String(&r.in.keyclass, class);
120 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
121 r.in.action_taken = r.out.action_taken = &action_taken;
124 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
127 torture_assert_werr_ok(tctx, r.out.result, "CreateKey failed");
134 createkey testing with a SD
136 static bool test_CreateKey_sd(struct dcerpc_pipe *p,
137 struct torture_context *tctx,
138 struct policy_handle *handle, const char *name,
140 struct policy_handle *newhandle)
142 struct winreg_CreateKey r;
143 enum winreg_CreateAction action_taken = 0;
144 struct security_descriptor *sd;
146 struct winreg_SecBuf secbuf;
148 sd = security_descriptor_dacl_create(tctx,
151 SID_NT_AUTHENTICATED_USERS,
152 SEC_ACE_TYPE_ACCESS_ALLOWED,
154 SEC_ACE_FLAG_OBJECT_INHERIT |
155 SEC_ACE_FLAG_CONTAINER_INHERIT,
158 torture_assert_ndr_success(tctx,
159 ndr_push_struct_blob(&sdblob, tctx, sd,
160 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
161 "Failed to push security_descriptor ?!\n");
163 secbuf.sd.data = sdblob.data;
164 secbuf.sd.len = sdblob.length;
165 secbuf.sd.size = sdblob.length;
166 secbuf.length = sdblob.length-10;
169 r.in.handle = handle;
170 r.out.new_handle = newhandle;
171 init_winreg_String(&r.in.name, name);
172 init_winreg_String(&r.in.keyclass, class);
174 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
175 r.in.action_taken = r.out.action_taken = &action_taken;
176 r.in.secdesc = &secbuf;
178 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
179 "CreateKey with sd failed");
181 torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed");
186 static bool _test_GetKeySecurity(struct dcerpc_pipe *p,
187 struct torture_context *tctx,
188 struct policy_handle *handle,
189 uint32_t *sec_info_ptr,
191 struct security_descriptor **sd_out)
193 struct winreg_GetKeySecurity r;
194 struct security_descriptor *sd = NULL;
199 sec_info = *sec_info_ptr;
201 sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
206 r.in.handle = handle;
207 r.in.sec_info = sec_info;
208 r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData);
209 r.in.sd->size = 0x1000;
211 torture_assert_ntstatus_ok(tctx,
212 dcerpc_winreg_GetKeySecurity(p, tctx, &r),
213 "GetKeySecurity failed");
215 torture_assert_werr_equal(tctx, r.out.result, get_werr,
216 "GetKeySecurity failed");
218 sdblob.data = r.out.sd->data;
219 sdblob.length = r.out.sd->len;
221 sd = talloc_zero(tctx, struct security_descriptor);
223 torture_assert_ndr_success(tctx,
224 ndr_pull_struct_blob(&sdblob, tctx, sd,
225 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor),
226 "pull_security_descriptor failed");
228 if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
229 NDR_PRINT_DEBUG(security_descriptor, sd);
241 static bool test_GetKeySecurity(struct dcerpc_pipe *p,
242 struct torture_context *tctx,
243 struct policy_handle *handle,
244 struct security_descriptor **sd_out)
246 return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out);
249 static bool _test_SetKeySecurity(struct dcerpc_pipe *p,
250 struct torture_context *tctx,
251 struct policy_handle *handle,
252 uint32_t *sec_info_ptr,
253 struct security_descriptor *sd,
256 struct winreg_SetKeySecurity r;
257 struct KeySecurityData *sdata = NULL;
263 if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
264 NDR_PRINT_DEBUG(security_descriptor, sd);
267 torture_assert_ndr_success(tctx,
268 ndr_push_struct_blob(&sdblob, tctx, sd,
269 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
270 "push_security_descriptor failed");
272 sdata = talloc_zero(tctx, struct KeySecurityData);
273 sdata->data = sdblob.data;
274 sdata->size = sdblob.length;
275 sdata->len = sdblob.length;
278 sec_info = *sec_info_ptr;
280 sec_info = SECINFO_UNPROTECTED_SACL |
281 SECINFO_UNPROTECTED_DACL;
283 sec_info |= SECINFO_OWNER;
286 sec_info |= SECINFO_GROUP;
289 sec_info |= SECINFO_SACL;
292 sec_info |= SECINFO_DACL;
296 r.in.handle = handle;
297 r.in.sec_info = sec_info;
300 torture_assert_ntstatus_ok(tctx,
301 dcerpc_winreg_SetKeySecurity(p, tctx, &r),
302 "SetKeySecurity failed");
304 torture_assert_werr_equal(tctx, r.out.result, werr,
305 "SetKeySecurity failed");
310 static bool test_SetKeySecurity(struct dcerpc_pipe *p,
311 struct torture_context *tctx,
312 struct policy_handle *handle,
313 struct security_descriptor *sd)
315 return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK);
318 static bool test_CloseKey(struct dcerpc_pipe *p, struct torture_context *tctx,
319 struct policy_handle *handle)
321 struct winreg_CloseKey r;
323 r.in.handle = r.out.handle = handle;
325 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey(p, tctx, &r),
328 torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");
333 static bool test_FlushKey(struct dcerpc_pipe *p, struct torture_context *tctx,
334 struct policy_handle *handle)
336 struct winreg_FlushKey r;
338 r.in.handle = handle;
340 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey(p, tctx, &r),
343 torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed");
348 static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
349 struct policy_handle *hive_handle,
350 const char *keyname, uint32_t access_mask,
351 struct policy_handle *key_handle,
355 struct winreg_OpenKey r;
357 r.in.parent_handle = hive_handle;
358 init_winreg_String(&r.in.keyname, keyname);
359 r.in.unknown = 0x00000000;
360 r.in.access_mask = access_mask;
361 r.out.handle = key_handle;
363 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r),
366 torture_assert_werr_equal(tctx, r.out.result, open_werr,
369 if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) {
376 static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
377 struct policy_handle *hive_handle,
378 const char *keyname, struct policy_handle *key_handle)
380 return _test_OpenKey(p, tctx, hive_handle, keyname,
381 SEC_FLAG_MAXIMUM_ALLOWED, key_handle,
385 static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx,
386 struct policy_handle *handle, const char *key)
388 struct winreg_DeleteKey r;
390 r.in.handle = handle;
392 init_winreg_String(&r.in.key, key);
393 dcerpc_winreg_DeleteKey(p, tctx, &r);
398 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p,
399 struct torture_context *tctx,
400 struct policy_handle *handle,
404 struct security_descriptor *sd = NULL;
406 if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) {
410 if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) {
417 static bool test_SecurityDescriptor(struct dcerpc_pipe *p,
418 struct torture_context *tctx,
419 struct policy_handle *handle,
422 struct policy_handle new_handle;
425 torture_comment(tctx, "SecurityDescriptor get & set\n");
427 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
431 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
436 if (!test_CloseKey(p, tctx, &new_handle)) {
443 static bool _test_SecurityDescriptor(struct dcerpc_pipe *p,
444 struct torture_context *tctx,
445 struct policy_handle *handle,
446 uint32_t access_mask,
452 struct policy_handle new_handle;
454 bool got_key = false;
456 if (!_test_OpenKey(p, tctx, handle, key, access_mask, &new_handle,
457 open_werr, &got_key)) {
465 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
466 get_werr, set_werr)) {
470 if (!test_CloseKey(p, tctx, &new_handle)) {
477 static bool test_dacl_trustee_present(struct dcerpc_pipe *p,
478 struct torture_context *tctx,
479 struct policy_handle *handle,
480 const struct dom_sid *sid)
482 struct security_descriptor *sd = NULL;
485 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
489 if (!sd || !sd->dacl) {
493 for (i = 0; i < sd->dacl->num_aces; i++) {
494 if (dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) {
502 static bool _test_dacl_trustee_present(struct dcerpc_pipe *p,
503 struct torture_context *tctx,
504 struct policy_handle *handle,
506 const struct dom_sid *sid)
508 struct policy_handle new_handle;
511 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
515 ret = test_dacl_trustee_present(p, tctx, &new_handle, sid);
517 test_CloseKey(p, tctx, &new_handle);
522 static bool test_sacl_trustee_present(struct dcerpc_pipe *p,
523 struct torture_context *tctx,
524 struct policy_handle *handle,
525 const struct dom_sid *sid)
527 struct security_descriptor *sd = NULL;
529 uint32_t sec_info = SECINFO_SACL;
531 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
535 if (!sd || !sd->sacl) {
539 for (i = 0; i < sd->sacl->num_aces; i++) {
540 if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) {
548 static bool _test_sacl_trustee_present(struct dcerpc_pipe *p,
549 struct torture_context *tctx,
550 struct policy_handle *handle,
552 const struct dom_sid *sid)
554 struct policy_handle new_handle;
557 if (!_test_OpenKey(p, tctx, handle, key, SEC_FLAG_SYSTEM_SECURITY,
558 &new_handle, WERR_OK, NULL)) {
562 ret = test_sacl_trustee_present(p, tctx, &new_handle, sid);
564 test_CloseKey(p, tctx, &new_handle);
569 static bool test_owner_present(struct dcerpc_pipe *p,
570 struct torture_context *tctx,
571 struct policy_handle *handle,
572 const struct dom_sid *sid)
574 struct security_descriptor *sd = NULL;
575 uint32_t sec_info = SECINFO_OWNER;
577 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
581 if (!sd || !sd->owner_sid) {
585 return dom_sid_equal(sd->owner_sid, sid);
588 static bool _test_owner_present(struct dcerpc_pipe *p,
589 struct torture_context *tctx,
590 struct policy_handle *handle,
592 const struct dom_sid *sid)
594 struct policy_handle new_handle;
597 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
601 ret = test_owner_present(p, tctx, &new_handle, sid);
603 test_CloseKey(p, tctx, &new_handle);
608 static bool test_group_present(struct dcerpc_pipe *p,
609 struct torture_context *tctx,
610 struct policy_handle *handle,
611 const struct dom_sid *sid)
613 struct security_descriptor *sd = NULL;
614 uint32_t sec_info = SECINFO_GROUP;
616 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
620 if (!sd || !sd->group_sid) {
624 return dom_sid_equal(sd->group_sid, sid);
627 static bool _test_group_present(struct dcerpc_pipe *p,
628 struct torture_context *tctx,
629 struct policy_handle *handle,
631 const struct dom_sid *sid)
633 struct policy_handle new_handle;
636 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
640 ret = test_group_present(p, tctx, &new_handle, sid);
642 test_CloseKey(p, tctx, &new_handle);
647 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p,
648 struct torture_context *tctx,
649 struct policy_handle *handle,
650 const struct dom_sid *sid,
653 struct security_descriptor *sd = NULL;
656 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
660 if (!sd || !sd->dacl) {
664 for (i = 0; i < sd->dacl->num_aces; i++) {
665 if ((dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) &&
666 (sd->dacl->aces[i].flags == flags)) {
674 static bool test_dacl_ace_present(struct dcerpc_pipe *p,
675 struct torture_context *tctx,
676 struct policy_handle *handle,
677 const struct security_ace *ace)
679 struct security_descriptor *sd = NULL;
682 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
686 if (!sd || !sd->dacl) {
690 for (i = 0; i < sd->dacl->num_aces; i++) {
691 if (security_ace_equal(&sd->dacl->aces[i], ace)) {
699 static bool test_RestoreSecurity(struct dcerpc_pipe *p,
700 struct torture_context *tctx,
701 struct policy_handle *handle,
703 struct security_descriptor *sd)
705 struct policy_handle new_handle;
708 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
712 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
716 if (!test_CloseKey(p, tctx, &new_handle)) {
723 static bool test_BackupSecurity(struct dcerpc_pipe *p,
724 struct torture_context *tctx,
725 struct policy_handle *handle,
727 struct security_descriptor **sd)
729 struct policy_handle new_handle;
732 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
736 if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) {
740 if (!test_CloseKey(p, tctx, &new_handle)) {
747 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p,
748 struct torture_context *tctx,
749 struct policy_handle *handle,
753 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
768 struct security_descriptor *sd = NULL;
769 struct security_descriptor *sd_orig = NULL;
770 struct security_ace *ace = NULL;
771 struct policy_handle new_handle;
775 torture_comment(tctx, "SecurityDescriptor inheritance\n");
777 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
781 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
785 sd_orig = security_descriptor_copy(tctx, sd);
786 if (sd_orig == NULL) {
790 ace = security_ace_create(tctx,
792 SEC_ACE_TYPE_ACCESS_ALLOWED,
794 SEC_ACE_FLAG_CONTAINER_INHERIT);
796 status = security_descriptor_dacl_add(sd, ace);
797 if (!NT_STATUS_IS_OK(status)) {
798 printf("failed to add ace: %s\n", nt_errstr(status));
802 /* FIXME: add further tests for these flags */
803 sd->type |= SEC_DESC_DACL_AUTO_INHERIT_REQ |
804 SEC_DESC_SACL_AUTO_INHERITED;
806 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
810 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
811 printf("new ACE not present!\n");
815 if (!test_CloseKey(p, tctx, &new_handle)) {
819 if (!test_CreateKey(p, tctx, handle, TEST_SUBKEY_SD, NULL)) {
824 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
829 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
830 printf("inherited ACE not present!\n");
835 test_CloseKey(p, tctx, &new_handle);
836 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
841 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
846 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
847 printf("inherited ACE not present!\n");
853 test_CloseKey(p, tctx, &new_handle);
854 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
855 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
856 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
861 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe *p,
862 struct torture_context *tctx,
863 struct policy_handle *handle,
867 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
879 struct security_descriptor *sd = NULL;
880 struct security_descriptor *sd_orig = NULL;
881 struct security_ace *ace = NULL;
882 struct policy_handle new_handle;
883 struct dom_sid *sid = NULL;
886 uint8_t ace_flags = 0x0;
888 torture_comment(tctx, "SecurityDescriptor inheritance block\n");
890 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
894 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
898 sd_orig = security_descriptor_copy(tctx, sd);
899 if (sd_orig == NULL) {
903 ace = security_ace_create(tctx,
905 SEC_ACE_TYPE_ACCESS_ALLOWED,
907 SEC_ACE_FLAG_CONTAINER_INHERIT |
908 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
910 status = security_descriptor_dacl_add(sd, ace);
911 if (!NT_STATUS_IS_OK(status)) {
912 printf("failed to add ace: %s\n", nt_errstr(status));
916 if (!_test_SetKeySecurity(p, tctx, &new_handle, NULL, sd, WERR_OK)) {
920 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
921 printf("new ACE not present!\n");
925 if (!test_CloseKey(p, tctx, &new_handle)) {
929 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
933 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
938 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
939 printf("inherited ACE present but should not!\n");
944 sid = dom_sid_parse_talloc(tctx, TEST_SID);
949 if (test_dacl_trustee_present(p, tctx, &new_handle, sid)) {
950 printf("inherited trustee SID present but should not!\n");
955 test_CloseKey(p, tctx, &new_handle);
957 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
962 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
963 printf("inherited ACE present but should not!\n");
968 if (!test_dacl_trustee_flags_present(p, tctx, &new_handle, sid, ace_flags)) {
969 printf("inherited trustee SID with flags 0x%02x not present!\n",
976 test_CloseKey(p, tctx, &new_handle);
977 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
978 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
979 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
984 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe *p,
985 struct torture_context *tctx,
986 struct policy_handle *handle,
992 struct winreg_mask_result_table {
993 uint32_t access_mask;
997 } sd_mask_tests[] = {
999 WERR_ACCESS_DENIED, WERR_BADFILE, WERR_FOOBAR },
1000 { SEC_FLAG_MAXIMUM_ALLOWED,
1001 WERR_OK, WERR_OK, WERR_OK },
1002 { SEC_STD_WRITE_DAC,
1003 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR },
1004 { SEC_FLAG_SYSTEM_SECURITY,
1005 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR }
1008 /* FIXME: before this test can ever run successfully we need a way to
1009 * correctly read a NULL security_descritpor in ndr, get the required
1010 * length, requery, etc.
1015 for (i=0; i < ARRAY_SIZE(sd_mask_tests); i++) {
1017 torture_comment(tctx,
1018 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1019 sd_mask_tests[i].access_mask);
1020 torture_comment(tctx,
1021 "expecting: open %s, get: %s, set: %s\n",
1022 win_errstr(sd_mask_tests[i].open_werr),
1023 win_errstr(sd_mask_tests[i].get_werr),
1024 win_errstr(sd_mask_tests[i].set_werr));
1026 if (_test_SecurityDescriptor(p, tctx, handle,
1027 sd_mask_tests[i].access_mask, key,
1028 sd_mask_tests[i].open_werr,
1029 sd_mask_tests[i].get_werr,
1030 sd_mask_tests[i].set_werr)) {
1038 typedef bool (*secinfo_verify_fn)(struct dcerpc_pipe *,
1039 struct torture_context *,
1040 struct policy_handle *,
1042 const struct dom_sid *);
1044 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe *p,
1045 struct torture_context *tctx,
1046 struct policy_handle *handle,
1049 uint32_t access_mask,
1051 struct security_descriptor *sd,
1053 bool expect_present,
1054 bool (*fn) (struct dcerpc_pipe *,
1055 struct torture_context *,
1056 struct policy_handle *,
1058 const struct dom_sid *),
1059 const struct dom_sid *sid)
1061 struct policy_handle new_handle;
1062 bool open_success = false;
1064 torture_comment(tctx, "SecurityDescriptor (%s) sets for secinfo: "
1065 "0x%08x, access_mask: 0x%08x\n",
1066 test, sec_info, access_mask);
1068 if (!_test_OpenKey(p, tctx, handle, key,
1076 if (!open_success) {
1077 printf("key did not open\n");
1078 test_CloseKey(p, tctx, &new_handle);
1082 if (!_test_SetKeySecurity(p, tctx, &new_handle, &sec_info,
1085 torture_warning(tctx,
1086 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1089 test_CloseKey(p, tctx, &new_handle);
1093 test_CloseKey(p, tctx, &new_handle);
1095 if (W_ERROR_IS_OK(set_werr)) {
1097 present = fn(p, tctx, handle, key, sid);
1098 if ((expect_present) && (!present)) {
1099 torture_warning(tctx,
1100 "%s sid is not present!\n",
1104 if ((!expect_present) && (present)) {
1105 torture_warning(tctx,
1106 "%s sid is present but not expected!\n",
1115 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe *p,
1116 struct torture_context *tctx,
1117 struct policy_handle *handle,
1120 struct security_descriptor *sd_orig = NULL;
1121 struct dom_sid *sid = NULL;
1125 struct security_descriptor *sd_owner =
1126 security_descriptor_dacl_create(tctx,
1128 TEST_SID, NULL, NULL);
1130 struct security_descriptor *sd_group =
1131 security_descriptor_dacl_create(tctx,
1133 NULL, TEST_SID, NULL);
1135 struct security_descriptor *sd_dacl =
1136 security_descriptor_dacl_create(tctx,
1140 SEC_ACE_TYPE_ACCESS_ALLOWED,
1143 SID_NT_AUTHENTICATED_USERS,
1144 SEC_ACE_TYPE_ACCESS_ALLOWED,
1149 struct security_descriptor *sd_sacl =
1150 security_descriptor_sacl_create(tctx,
1154 SEC_ACE_TYPE_SYSTEM_AUDIT,
1156 SEC_ACE_FLAG_SUCCESSFUL_ACCESS,
1159 struct winreg_secinfo_table {
1160 struct security_descriptor *sd;
1164 secinfo_verify_fn fn;
1167 struct winreg_secinfo_table sec_info_owner_tests[] = {
1168 { sd_owner, 0, WERR_OK,
1169 false, (secinfo_verify_fn)_test_owner_present },
1170 { sd_owner, SECINFO_OWNER, WERR_OK,
1171 true, (secinfo_verify_fn)_test_owner_present },
1172 { sd_owner, SECINFO_GROUP, WERR_INVALID_PARAM },
1173 { sd_owner, SECINFO_DACL, WERR_OK,
1174 true, (secinfo_verify_fn)_test_owner_present },
1175 { sd_owner, SECINFO_SACL, WERR_ACCESS_DENIED },
1178 uint32_t sd_owner_good_access_masks[] = {
1179 SEC_FLAG_MAXIMUM_ALLOWED,
1180 /* SEC_STD_WRITE_OWNER, */
1183 struct winreg_secinfo_table sec_info_group_tests[] = {
1184 { sd_group, 0, WERR_OK,
1185 false, (secinfo_verify_fn)_test_group_present },
1186 { sd_group, SECINFO_OWNER, WERR_INVALID_PARAM },
1187 { sd_group, SECINFO_GROUP, WERR_OK,
1188 true, (secinfo_verify_fn)_test_group_present },
1189 { sd_group, SECINFO_DACL, WERR_OK,
1190 true, (secinfo_verify_fn)_test_group_present },
1191 { sd_group, SECINFO_SACL, WERR_ACCESS_DENIED },
1194 uint32_t sd_group_good_access_masks[] = {
1195 SEC_FLAG_MAXIMUM_ALLOWED,
1198 struct winreg_secinfo_table sec_info_dacl_tests[] = {
1199 { sd_dacl, 0, WERR_OK,
1200 false, (secinfo_verify_fn)_test_dacl_trustee_present },
1201 { sd_dacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1202 { sd_dacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1203 { sd_dacl, SECINFO_DACL, WERR_OK,
1204 true, (secinfo_verify_fn)_test_dacl_trustee_present },
1205 { sd_dacl, SECINFO_SACL, WERR_ACCESS_DENIED },
1208 uint32_t sd_dacl_good_access_masks[] = {
1209 SEC_FLAG_MAXIMUM_ALLOWED,
1213 struct winreg_secinfo_table sec_info_sacl_tests[] = {
1214 { sd_sacl, 0, WERR_OK,
1215 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1216 { sd_sacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1217 { sd_sacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1218 { sd_sacl, SECINFO_DACL, WERR_OK,
1219 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1220 { sd_sacl, SECINFO_SACL, WERR_OK,
1221 true, (secinfo_verify_fn)_test_sacl_trustee_present },
1224 uint32_t sd_sacl_good_access_masks[] = {
1225 SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY,
1226 /* SEC_FLAG_SYSTEM_SECURITY, */
1229 sid = dom_sid_parse_talloc(tctx, TEST_SID);
1234 if (!test_BackupSecurity(p, tctx, handle, key, &sd_orig)) {
1240 for (i=0; i < ARRAY_SIZE(sec_info_owner_tests); i++) {
1242 for (a=0; a < ARRAY_SIZE(sd_owner_good_access_masks); a++) {
1244 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1247 sd_owner_good_access_masks[a],
1248 sec_info_owner_tests[i].sec_info,
1249 sec_info_owner_tests[i].sd,
1250 sec_info_owner_tests[i].set_werr,
1251 sec_info_owner_tests[i].sid_present,
1252 sec_info_owner_tests[i].fn,
1255 printf("test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1264 for (i=0; i < ARRAY_SIZE(sec_info_group_tests); i++) {
1266 for (a=0; a < ARRAY_SIZE(sd_group_good_access_masks); a++) {
1268 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1271 sd_group_good_access_masks[a],
1272 sec_info_group_tests[i].sec_info,
1273 sec_info_group_tests[i].sd,
1274 sec_info_group_tests[i].set_werr,
1275 sec_info_group_tests[i].sid_present,
1276 sec_info_group_tests[i].fn,
1279 printf("test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1288 for (i=0; i < ARRAY_SIZE(sec_info_dacl_tests); i++) {
1290 for (a=0; a < ARRAY_SIZE(sd_dacl_good_access_masks); a++) {
1292 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1295 sd_dacl_good_access_masks[a],
1296 sec_info_dacl_tests[i].sec_info,
1297 sec_info_dacl_tests[i].sd,
1298 sec_info_dacl_tests[i].set_werr,
1299 sec_info_dacl_tests[i].sid_present,
1300 sec_info_dacl_tests[i].fn,
1303 printf("test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1312 for (i=0; i < ARRAY_SIZE(sec_info_sacl_tests); i++) {
1314 for (a=0; a < ARRAY_SIZE(sd_sacl_good_access_masks); a++) {
1316 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1319 sd_sacl_good_access_masks[a],
1320 sec_info_sacl_tests[i].sec_info,
1321 sec_info_sacl_tests[i].sd,
1322 sec_info_sacl_tests[i].set_werr,
1323 sec_info_sacl_tests[i].sid_present,
1324 sec_info_sacl_tests[i].fn,
1327 printf("test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1335 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
1340 static bool test_SecurityDescriptors(struct dcerpc_pipe *p,
1341 struct torture_context *tctx,
1342 struct policy_handle *handle,
1347 if (!test_SecurityDescriptor(p, tctx, handle, key)) {
1348 printf("test_SecurityDescriptor failed\n");
1352 if (!test_SecurityDescriptorInheritance(p, tctx, handle, key)) {
1353 printf("test_SecurityDescriptorInheritance failed\n");
1357 if (!test_SecurityDescriptorBlockInheritance(p, tctx, handle, key)) {
1358 printf("test_SecurityDescriptorBlockInheritance failed\n");
1362 if (!test_SecurityDescriptorsSecInfo(p, tctx, handle, key)) {
1363 printf("test_SecurityDescriptorsSecInfo failed\n");
1367 if (!test_SecurityDescriptorsMasks(p, tctx, handle, key)) {
1368 printf("test_SecurityDescriptorsMasks failed\n");
1375 static bool test_DeleteKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1376 struct policy_handle *handle, const char *key)
1379 struct winreg_DeleteKey r;
1381 r.in.handle = handle;
1382 init_winreg_String(&r.in.key, key);
1384 status = dcerpc_winreg_DeleteKey(p, tctx, &r);
1386 torture_assert_ntstatus_ok(tctx, status, "DeleteKey failed");
1387 torture_assert_werr_ok(tctx, r.out.result, "DeleteKey failed");
1392 /* DeleteKey on a key with subkey(s) should
1393 * return WERR_ACCESS_DENIED. */
1394 static bool test_DeleteKeyWithSubkey(struct dcerpc_pipe *p,
1395 struct torture_context *tctx,
1396 struct policy_handle *handle,
1399 struct winreg_DeleteKey r;
1401 r.in.handle = handle;
1402 init_winreg_String(&r.in.key, key);
1404 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteKey(p, tctx, &r),
1405 "DeleteKeyWithSubkey failed");
1407 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
1408 "DeleteKeyWithSubkey failed");
1413 static bool test_QueryInfoKey(struct dcerpc_pipe *p,
1414 struct torture_context *tctx,
1415 struct policy_handle *handle, char *class)
1417 struct winreg_QueryInfoKey r;
1418 uint32_t num_subkeys, max_subkeylen, max_subkeysize,
1419 num_values, max_valnamelen, max_valbufsize,
1421 NTTIME last_changed_time;
1424 r.in.handle = handle;
1425 r.out.num_subkeys = &num_subkeys;
1426 r.out.max_subkeylen = &max_subkeylen;
1427 r.out.max_subkeysize = &max_subkeysize;
1428 r.out.num_values = &num_values;
1429 r.out.max_valnamelen = &max_valnamelen;
1430 r.out.max_valbufsize = &max_valbufsize;
1431 r.out.secdescsize = &secdescsize;
1432 r.out.last_changed_time = &last_changed_time;
1434 r.out.classname = talloc(tctx, struct winreg_String);
1436 r.in.classname = talloc(tctx, struct winreg_String);
1437 init_winreg_String(r.in.classname, class);
1439 torture_assert_ntstatus_ok(tctx,
1440 dcerpc_winreg_QueryInfoKey(p, tctx, &r),
1441 "QueryInfoKey failed");
1443 torture_assert_werr_ok(tctx, r.out.result, "QueryInfoKey failed");
1448 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1449 struct policy_handle *handle, int depth);
1451 static bool test_EnumKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1452 struct policy_handle *handle, int depth)
1454 struct winreg_EnumKey r;
1455 struct winreg_StringBuf class, name;
1462 r.in.handle = handle;
1463 r.in.enum_index = 0;
1465 r.in.keyclass = &class;
1467 r.in.last_changed_time = &t;
1473 status = dcerpc_winreg_EnumKey(p, tctx, &r);
1475 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) {
1476 struct policy_handle key_handle;
1478 torture_comment(tctx, "EnumKey: %d: %s\n",
1482 if (!test_OpenKey(p, tctx, handle, r.out.name->name,
1485 test_key(p, tctx, &key_handle, depth + 1);
1491 } while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result));
1493 torture_assert_ntstatus_ok(tctx, status, "EnumKey failed");
1495 if (!W_ERROR_IS_OK(r.out.result) &&
1496 !W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
1497 torture_fail(tctx, "EnumKey failed");
1503 static bool test_QueryMultipleValues(struct dcerpc_pipe *p,
1504 struct torture_context *tctx,
1505 struct policy_handle *handle,
1506 const char *valuename)
1508 struct winreg_QueryMultipleValues r;
1512 r.in.key_handle = handle;
1513 r.in.values = r.out.values = talloc_array(tctx, struct QueryMultipleValue, 1);
1514 r.in.values[0].name = talloc(tctx, struct winreg_String);
1515 r.in.values[0].name->name = valuename;
1516 r.in.values[0].offset = 0;
1517 r.in.values[0].length = 0;
1518 r.in.values[0].type = 0;
1520 r.in.num_values = 1;
1521 r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t);
1522 *r.in.buffer_size = bufsize;
1524 *r.in.buffer_size = bufsize;
1525 r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t,
1528 status = dcerpc_winreg_QueryMultipleValues(p, tctx, &r);
1530 if(NT_STATUS_IS_ERR(status))
1531 torture_fail(tctx, "QueryMultipleValues failed");
1533 talloc_free(r.in.buffer);
1535 } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
1537 torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed");
1542 static bool test_QueryValue(struct dcerpc_pipe *p,
1543 struct torture_context *tctx,
1544 struct policy_handle *handle,
1545 const char *valuename)
1547 struct winreg_QueryValue r;
1549 enum winreg_Type zero_type = 0;
1550 uint32_t offered = 0xfff;
1553 r.in.handle = handle;
1555 r.in.value_name.name = valuename;
1556 r.in.type = &zero_type;
1557 r.in.size = &offered;
1558 r.in.length = &zero;
1560 status = dcerpc_winreg_QueryValue(p, tctx, &r);
1561 if (NT_STATUS_IS_ERR(status)) {
1562 torture_fail(tctx, "QueryValue failed");
1565 torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
1570 static bool test_EnumValue(struct dcerpc_pipe *p, struct torture_context *tctx,
1571 struct policy_handle *handle, int max_valnamelen,
1574 struct winreg_EnumValue r;
1575 enum winreg_Type type = 0;
1576 uint32_t size = max_valbufsize, zero = 0;
1579 struct winreg_StringBuf name;
1584 r.in.handle = handle;
1585 r.in.enum_index = 0;
1590 r.in.length = &zero;
1594 torture_assert_ntstatus_ok(tctx,
1595 dcerpc_winreg_EnumValue(p, tctx, &r),
1596 "EnumValue failed");
1598 if (W_ERROR_IS_OK(r.out.result)) {
1599 ret &= test_QueryValue(p, tctx, handle,
1601 ret &= test_QueryMultipleValues(p, tctx, handle,
1606 } while (W_ERROR_IS_OK(r.out.result));
1608 torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS,
1609 "EnumValue failed");
1614 static bool test_AbortSystemShutdown(struct dcerpc_pipe *p,
1615 struct torture_context *tctx)
1617 struct winreg_AbortSystemShutdown r;
1618 uint16_t server = 0x0;
1620 r.in.server = &server;
1622 torture_assert_ntstatus_ok(tctx,
1623 dcerpc_winreg_AbortSystemShutdown(p, tctx, &r),
1624 "AbortSystemShutdown failed");
1626 torture_assert_werr_ok(tctx, r.out.result,
1627 "AbortSystemShutdown failed");
1632 static bool test_InitiateSystemShutdown(struct torture_context *tctx,
1633 struct dcerpc_pipe *p)
1635 struct winreg_InitiateSystemShutdown r;
1636 uint16_t hostname = 0x0;
1638 r.in.hostname = &hostname;
1639 r.in.message = talloc(tctx, struct initshutdown_String);
1640 init_initshutdown_String(tctx, r.in.message, "spottyfood");
1641 r.in.force_apps = 1;
1645 torture_assert_ntstatus_ok(tctx,
1646 dcerpc_winreg_InitiateSystemShutdown(p, tctx, &r),
1647 "InitiateSystemShutdown failed");
1649 torture_assert_werr_ok(tctx, r.out.result,
1650 "InitiateSystemShutdown failed");
1652 return test_AbortSystemShutdown(p, tctx);
1656 static bool test_InitiateSystemShutdownEx(struct torture_context *tctx,
1657 struct dcerpc_pipe *p)
1659 struct winreg_InitiateSystemShutdownEx r;
1660 uint16_t hostname = 0x0;
1662 r.in.hostname = &hostname;
1663 r.in.message = talloc(tctx, struct initshutdown_String);
1664 init_initshutdown_String(tctx, r.in.message, "spottyfood");
1665 r.in.force_apps = 1;
1670 torture_assert_ntstatus_ok(tctx,
1671 dcerpc_winreg_InitiateSystemShutdownEx(p, tctx, &r),
1672 "InitiateSystemShutdownEx failed");
1674 torture_assert_werr_ok(tctx, r.out.result,
1675 "InitiateSystemShutdownEx failed");
1677 return test_AbortSystemShutdown(p, tctx);
1679 #define MAX_DEPTH 2 /* Only go this far down the tree */
1681 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1682 struct policy_handle *handle, int depth)
1684 if (depth == MAX_DEPTH)
1687 if (!test_QueryInfoKey(p, tctx, handle, NULL)) {
1690 if (!test_NotifyChangeKeyValue(p, tctx, handle)) {
1693 if (!test_GetKeySecurity(p, tctx, handle, NULL)) {
1696 if (!test_EnumKey(p, tctx, handle, depth)) {
1699 if (!test_EnumValue(p, tctx, handle, 0xFF, 0xFFFF)) {
1702 test_CloseKey(p, tctx, handle);
1707 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
1709 static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p,
1712 struct policy_handle handle, newhandle;
1713 bool ret = true, created = false, created2 = false, deleted = false;
1714 bool created3 = false, created_subkey = false;
1715 bool created4 = false;
1716 struct winreg_OpenHKLM r;
1718 winreg_open_fn open_fn = userdata;
1720 r.in.system_name = 0;
1721 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1722 r.out.handle = &handle;
1724 torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, &r),
1727 test_Cleanup(p, tctx, &handle, TEST_KEY1);
1728 test_Cleanup(p, tctx, &handle, TEST_SUBSUBKEY_SD);
1729 test_Cleanup(p, tctx, &handle, TEST_SUBKEY_SD);
1730 test_Cleanup(p, tctx, &handle, TEST_KEY4);
1731 test_Cleanup(p, tctx, &handle, TEST_KEY2);
1732 test_Cleanup(p, tctx, &handle, TEST_SUBKEY);
1733 test_Cleanup(p, tctx, &handle, TEST_KEY3);
1734 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1736 if (!test_CreateKey(p, tctx, &handle, TEST_KEY1, NULL)) {
1737 torture_comment(tctx,
1738 "CreateKey failed - not considering a failure\n");
1743 if (created && !test_FlushKey(p, tctx, &handle)) {
1744 torture_comment(tctx, "FlushKey failed\n");
1748 if (created && !test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle))
1750 "CreateKey failed (OpenKey after Create didn't work)\n");
1752 if (created && !test_CloseKey(p, tctx, &newhandle))
1754 "CreateKey failed (CloseKey after Open didn't work)\n");
1756 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY1)) {
1757 torture_comment(tctx, "DeleteKey failed\n");
1763 if (created && !test_FlushKey(p, tctx, &handle)) {
1764 torture_comment(tctx, "FlushKey failed\n");
1768 if (created && deleted &&
1769 test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle)) {
1770 torture_comment(tctx,
1771 "DeleteKey failed (OpenKey after Delete worked)\n");
1775 if (!test_GetVersion(p, tctx, &handle)) {
1776 torture_comment(tctx, "GetVersion failed\n");
1780 if (created && test_CreateKey_sd(p, tctx, &handle, TEST_KEY2,
1781 NULL, &newhandle)) {
1785 if (created2 && !test_CloseKey(p, tctx, &newhandle)) {
1786 printf("CloseKey failed\n");
1790 if (test_CreateKey_sd(p, tctx, &handle, TEST_KEY4, NULL, &newhandle)) {
1794 if (!created4 && !test_CloseKey(p, tctx, &newhandle)) {
1795 printf("CloseKey failed\n");
1799 if (created4 && !test_SecurityDescriptors(p, tctx, &handle, TEST_KEY4)) {
1803 if (created4 && !test_DeleteKey(p, tctx, &handle, TEST_KEY4)) {
1804 printf("DeleteKey failed\n");
1809 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY2)) {
1810 printf("DeleteKey failed\n");
1814 if (created && test_CreateKey(p, tctx, &handle, TEST_KEY3, NULL)) {
1819 test_CreateKey(p, tctx, &handle, TEST_SUBKEY, NULL)) {
1820 created_subkey = true;
1823 if (created_subkey &&
1824 !test_DeleteKeyWithSubkey(p, tctx, &handle, TEST_KEY3)) {
1825 printf("DeleteKeyWithSubkey failed "
1826 "(DeleteKey didn't return ACCESS_DENIED)\n");
1830 if (created_subkey &&
1831 !test_DeleteKey(p, tctx, &handle, TEST_SUBKEY)) {
1832 printf("DeleteKey failed\n");
1837 !test_DeleteKey(p, tctx, &handle, TEST_KEY3)) {
1838 printf("DeleteKey failed\n");
1842 /* The HKCR hive has a very large fanout */
1843 if (open_fn == (void *)dcerpc_winreg_OpenHKCR) {
1844 if(!test_key(p, tctx, &handle, MAX_DEPTH - 1)) {
1849 if (!test_key(p, tctx, &handle, 0)) {
1853 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1858 struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx)
1863 } open_fns[] = {{"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM },
1864 {"OpenHKU", (winreg_open_fn)dcerpc_winreg_OpenHKU },
1865 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR },
1866 {"OpenHKCU", (winreg_open_fn)dcerpc_winreg_OpenHKCU }};
1868 struct torture_rpc_tcase *tcase;
1869 struct torture_suite *suite = torture_suite_create(mem_ctx, "WINREG");
1870 struct torture_test *test;
1872 tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg",
1875 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown",
1876 test_InitiateSystemShutdown);
1877 test->dangerous = true;
1879 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx",
1880 test_InitiateSystemShutdownEx);
1881 test->dangerous = true;
1883 for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
1884 torture_rpc_tcase_add_test_ex(tcase, open_fns[i].name,
1885 test_Open, open_fns[i].fn);