79e82a25daaad5750600cb17c8c7b6c9ebadc62e
[samba.git] / source / torture / rpc / lsa.c
1 /* 
2    Unix SMB/CIFS implementation.
3    test suite for lsa rpc operations
4
5    Copyright (C) Andrew Tridgell 2003
6    
7    This program is free software; you can redistribute it and/or modify
8    it under the terms of the GNU General Public License as published by
9    the Free Software Foundation; either version 2 of the License, or
10    (at your option) any later version.
11    
12    This program is distributed in the hope that it will be useful,
13    but WITHOUT ANY WARRANTY; without even the implied warranty of
14    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15    GNU General Public License for more details.
16    
17    You should have received a copy of the GNU General Public License
18    along with this program; if not, write to the Free Software
19    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22 #include "includes.h"
23 #include "librpc/gen_ndr/ndr_lsa.h"
24
25 static void init_lsa_String(struct lsa_String *name, const char *s)
26 {
27         name->string = s;
28 }
29
30 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
31 {
32         struct lsa_ObjectAttribute attr;
33         struct policy_handle handle;
34         struct lsa_QosInfo qos;
35         struct lsa_OpenPolicy r;
36         NTSTATUS status;
37         uint16_t system_name = '\\';
38
39         printf("\ntesting OpenPolicy\n");
40
41         qos.len = 0;
42         qos.impersonation_level = 2;
43         qos.context_mode = 1;
44         qos.effective_only = 0;
45
46         attr.len = 0;
47         attr.root_dir = NULL;
48         attr.object_name = NULL;
49         attr.attributes = 0;
50         attr.sec_desc = NULL;
51         attr.sec_qos = &qos;
52
53         r.in.system_name = &system_name;
54         r.in.attr = &attr;
55         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
56         r.out.handle = &handle;
57
58         status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
59         if (!NT_STATUS_IS_OK(status)) {
60                 printf("OpenPolicy failed - %s\n", nt_errstr(status));
61                 return False;
62         }
63
64         return True;
65 }
66
67
68 BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, 
69                           struct policy_handle *handle)
70 {
71         struct lsa_ObjectAttribute attr;
72         struct lsa_QosInfo qos;
73         struct lsa_OpenPolicy2 r;
74         NTSTATUS status;
75
76         printf("\ntesting OpenPolicy2\n");
77
78         qos.len = 0;
79         qos.impersonation_level = 2;
80         qos.context_mode = 1;
81         qos.effective_only = 0;
82
83         attr.len = 0;
84         attr.root_dir = NULL;
85         attr.object_name = NULL;
86         attr.attributes = 0;
87         attr.sec_desc = NULL;
88         attr.sec_qos = &qos;
89
90         r.in.system_name = "\\";
91         r.in.attr = &attr;
92         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
93         r.out.handle = handle;
94
95         status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
96         if (!NT_STATUS_IS_OK(status)) {
97                 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
98                 return False;
99         }
100
101         return True;
102 }
103
104 static BOOL test_LookupNames(struct dcerpc_pipe *p, 
105                             TALLOC_CTX *mem_ctx, 
106                             struct policy_handle *handle,
107                             struct lsa_TransNameArray *tnames)
108 {
109         struct lsa_LookupNames r;
110         struct lsa_TransSidArray sids;
111         struct lsa_String *names;
112         uint32_t count = 0;
113         NTSTATUS status;
114         int i;
115
116         printf("\nTesting LookupNames with %d names\n", tnames->count);
117
118         sids.count = 0;
119         sids.sids = NULL;
120
121         names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
122         for (i=0;i<tnames->count;i++) {
123                 init_lsa_String(&names[i], tnames->names[i].name.string);
124         }
125
126         r.in.handle = handle;
127         r.in.num_names = tnames->count;
128         r.in.names = names;
129         r.in.sids = &sids;
130         r.in.level = 1;
131         r.in.count = &count;
132         r.out.count = &count;
133         r.out.sids = &sids;
134
135         status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
136         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
137                 printf("LookupNames failed - %s\n", nt_errstr(status));
138                 return False;
139         }
140
141         printf("\n");
142
143         return True;
144 }
145
146 static BOOL test_LookupNames2(struct dcerpc_pipe *p, 
147                               TALLOC_CTX *mem_ctx, 
148                               struct policy_handle *handle,
149                               struct lsa_TransNameArray2 *tnames)
150 {
151         struct lsa_LookupNames2 r;
152         struct lsa_TransSidArray2 sids;
153         struct lsa_String *names;
154         uint32_t count = 0;
155         NTSTATUS status;
156         int i;
157
158         printf("\nTesting LookupNames2 with %d names\n", tnames->count);
159
160         sids.count = 0;
161         sids.sids = NULL;
162
163         names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
164         for (i=0;i<tnames->count;i++) {
165                 init_lsa_String(&names[i], tnames->names[i].name.string);
166         }
167
168         r.in.handle = handle;
169         r.in.num_names = tnames->count;
170         r.in.names = names;
171         r.in.sids = &sids;
172         r.in.level = 1;
173         r.in.count = &count;
174         r.in.unknown1 = 0;
175         r.in.unknown2 = 0;
176         r.out.count = &count;
177         r.out.sids = &sids;
178
179         status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r);
180         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
181                 printf("LookupNames2 failed - %s\n", nt_errstr(status));
182                 return False;
183         }
184
185         printf("\n");
186
187         return True;
188 }
189
190
191 static BOOL test_LookupNames3(struct dcerpc_pipe *p, 
192                               TALLOC_CTX *mem_ctx, 
193                               struct policy_handle *handle,
194                               struct lsa_TransNameArray2 *tnames)
195 {
196         struct lsa_LookupNames3 r;
197         struct lsa_TransSidArray3 sids;
198         struct lsa_String *names;
199         uint32_t count = 0;
200         NTSTATUS status;
201         int i;
202
203         printf("\nTesting LookupNames3 with %d names\n", tnames->count);
204
205         sids.count = 0;
206         sids.sids = NULL;
207
208         names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
209         for (i=0;i<tnames->count;i++) {
210                 init_lsa_String(&names[i], tnames->names[i].name.string);
211         }
212
213         r.in.handle = handle;
214         r.in.num_names = tnames->count;
215         r.in.names = names;
216         r.in.sids = &sids;
217         r.in.level = 1;
218         r.in.count = &count;
219         r.in.unknown1 = 0;
220         r.in.unknown2 = 0;
221         r.out.count = &count;
222         r.out.sids = &sids;
223
224         status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r);
225         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
226                 printf("LookupNames3 failed - %s\n", nt_errstr(status));
227                 return False;
228         }
229
230         printf("\n");
231
232         return True;
233 }
234
235
236 static BOOL test_LookupSids(struct dcerpc_pipe *p, 
237                             TALLOC_CTX *mem_ctx, 
238                             struct policy_handle *handle,
239                             struct lsa_SidArray *sids)
240 {
241         struct lsa_LookupSids r;
242         struct lsa_TransNameArray names;
243         uint32_t count = sids->num_sids;
244         NTSTATUS status;
245
246         printf("\nTesting LookupSids\n");
247
248         names.count = 0;
249         names.names = NULL;
250
251         r.in.handle = handle;
252         r.in.sids = sids;
253         r.in.names = &names;
254         r.in.level = 1;
255         r.in.count = &count;
256         r.out.count = &count;
257         r.out.names = &names;
258
259         status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
260         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
261                 printf("LookupSids failed - %s\n", nt_errstr(status));
262                 return False;
263         }
264
265         printf("\n");
266
267         if (!test_LookupNames(p, mem_ctx, handle, &names)) {
268                 return False;
269         }
270
271         return True;
272 }
273
274
275 static BOOL test_LookupSids2(struct dcerpc_pipe *p, 
276                             TALLOC_CTX *mem_ctx, 
277                             struct policy_handle *handle,
278                             struct lsa_SidArray *sids)
279 {
280         struct lsa_LookupSids2 r;
281         struct lsa_TransNameArray2 names;
282         uint32_t count = sids->num_sids;
283         NTSTATUS status;
284
285         printf("\nTesting LookupSids2\n");
286
287         names.count = 0;
288         names.names = NULL;
289
290         r.in.handle = handle;
291         r.in.sids = sids;
292         r.in.names = &names;
293         r.in.level = 1;
294         r.in.count = &count;
295         r.in.unknown1 = 0;
296         r.in.unknown2 = 0;
297         r.out.count = &count;
298         r.out.names = &names;
299
300         status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
301         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
302                 printf("LookupSids2 failed - %s\n", nt_errstr(status));
303                 return False;
304         }
305
306         printf("\n");
307
308         if (!test_LookupNames2(p, mem_ctx, handle, &names)) {
309                 return False;
310         }
311
312         if (!test_LookupNames3(p, mem_ctx, handle, &names)) {
313                 return False;
314         }
315
316         return True;
317 }
318
319 static BOOL test_LookupSids3(struct dcerpc_pipe *p, 
320                             TALLOC_CTX *mem_ctx, 
321                             struct policy_handle *handle,
322                             struct lsa_SidArray *sids)
323 {
324         struct lsa_LookupSids3 r;
325         struct lsa_TransNameArray2 names;
326         uint32_t count = sids->num_sids;
327         NTSTATUS status;
328
329         printf("\nTesting LookupSids3\n");
330
331         names.count = 0;
332         names.names = NULL;
333
334         r.in.sids = sids;
335         r.in.names = &names;
336         r.in.level = 1;
337         r.in.count = &count;
338         r.in.unknown1 = 0;
339         r.in.unknown2 = 0;
340         r.out.count = &count;
341         r.out.names = &names;
342
343         status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
344         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
345                 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
346                     NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
347                         printf("not considering %s to be an error\n", nt_errstr(status));
348                         return True;
349                 }
350                 printf("LookupSids3 failed - %s - not considered an error\n", 
351                        nt_errstr(status));
352                 return False;
353         }
354
355         printf("\n");
356
357         if (!test_LookupNames3(p, mem_ctx, handle, &names)) {
358                 return False;
359         }
360
361         return True;
362 }
363
364 static BOOL test_many_LookupSids(struct dcerpc_pipe *p, 
365                                  TALLOC_CTX *mem_ctx, 
366                                  struct policy_handle *handle)
367 {
368         struct lsa_LookupSids r;
369         struct lsa_TransNameArray names;
370         uint32_t count;
371         NTSTATUS status;
372         struct lsa_SidArray sids;
373         int i;
374
375         printf("\nTesting LookupSids with lots of SIDs\n");
376
377         names.count = 0;
378         names.names = NULL;
379
380         sids.num_sids = 100;
381
382         sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, sids.num_sids);
383
384         for (i=0; i<sids.num_sids; i++) {
385                 const char *sidstr = "S-1-5-32-545";
386                 sids.sids[i].sid = dom_sid_parse_talloc(mem_ctx, sidstr);
387         }
388
389         count = sids.num_sids;
390
391         r.in.handle = handle;
392         r.in.sids = &sids;
393         r.in.names = &names;
394         r.in.level = 1;
395         r.in.count = &names.count;
396         r.out.count = &count;
397         r.out.names = &names;
398
399         status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
400         if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
401                 printf("LookupSids failed - %s\n", nt_errstr(status));
402                 return False;
403         }
404
405         printf("\n");
406
407         if (!test_LookupNames(p, mem_ctx, handle, &names)) {
408                 return False;
409         }
410
411         return True;
412 }
413
414 static BOOL test_LookupPrivValue(struct dcerpc_pipe *p, 
415                                  TALLOC_CTX *mem_ctx, 
416                                  struct policy_handle *handle,
417                                  struct lsa_String *name)
418 {
419         NTSTATUS status;
420         struct lsa_LookupPrivValue r;
421         struct lsa_LUID luid;
422
423         r.in.handle = handle;
424         r.in.name = name;
425         r.out.luid = &luid;
426
427         status = dcerpc_lsa_LookupPrivValue(p, mem_ctx, &r);
428         if (!NT_STATUS_IS_OK(status)) {
429                 printf("\nLookupPrivValue failed - %s\n", nt_errstr(status));
430                 return False;
431         }
432
433         return True;
434 }
435
436 static BOOL test_LookupPrivName(struct dcerpc_pipe *p, 
437                                 TALLOC_CTX *mem_ctx, 
438                                 struct policy_handle *handle,
439                                 struct lsa_LUID *luid)
440 {
441         NTSTATUS status;
442         struct lsa_LookupPrivName r;
443
444         r.in.handle = handle;
445         r.in.luid = luid;
446
447         status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
448         if (!NT_STATUS_IS_OK(status)) {
449                 printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
450                 return False;
451         }
452
453         return True;
454 }
455
456 static BOOL test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, 
457                                              TALLOC_CTX *mem_ctx,                                 
458                                              struct policy_handle *acct_handle,
459                                              struct lsa_LUID *luid)
460 {
461         NTSTATUS status;
462         struct lsa_RemovePrivilegesFromAccount r;
463         struct lsa_PrivilegeSet privs;
464         BOOL ret = True;
465
466         printf("Testing RemovePrivilegesFromAccount\n");
467
468         r.in.handle = acct_handle;
469         r.in.remove_all = 0;
470         r.in.privs = &privs;
471
472         privs.count = 1;
473         privs.unknown = 0;
474         privs.set = talloc_array_p(mem_ctx, struct lsa_LUIDAttribute, 1);
475         privs.set[0].luid = *luid;
476         privs.set[0].attribute = 0;
477
478         status = dcerpc_lsa_RemovePrivilegesFromAccount(p, mem_ctx, &r);
479         if (!NT_STATUS_IS_OK(status)) {
480                 printf("RemovePrivilegesFromAccount failed - %s\n", nt_errstr(status));
481                 return False;
482         }
483
484         return ret;
485 }
486
487 static BOOL test_AddPrivilegesToAccount(struct dcerpc_pipe *p, 
488                                         TALLOC_CTX *mem_ctx,                              
489                                         struct policy_handle *acct_handle,
490                                         struct lsa_LUID *luid)
491 {
492         NTSTATUS status;
493         struct lsa_AddPrivilegesToAccount r;
494         struct lsa_PrivilegeSet privs;
495         BOOL ret = True;
496
497         printf("Testing AddPrivilegesToAccount\n");
498
499         r.in.handle = acct_handle;
500         r.in.privs = &privs;
501
502         privs.count = 1;
503         privs.unknown = 0;
504         privs.set = talloc_array_p(mem_ctx, struct lsa_LUIDAttribute, 1);
505         privs.set[0].luid = *luid;
506         privs.set[0].attribute = 0;
507
508         status = dcerpc_lsa_AddPrivilegesToAccount(p, mem_ctx, &r);
509         if (!NT_STATUS_IS_OK(status)) {
510                 printf("AddPrivilegesToAccount failed - %s\n", nt_errstr(status));
511                 return False;
512         }
513
514         return ret;
515 }
516
517 static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p, 
518                                   TALLOC_CTX *mem_ctx,                            
519                                   struct policy_handle *handle,
520                                   struct policy_handle *acct_handle)
521 {
522         NTSTATUS status;
523         struct lsa_EnumPrivsAccount r;
524         BOOL ret = True;
525
526         printf("Testing EnumPrivsAccount\n");
527
528         r.in.handle = acct_handle;
529
530         status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
531         if (!NT_STATUS_IS_OK(status)) {
532                 printf("EnumPrivsAccount failed - %s\n", nt_errstr(status));
533                 return False;
534         }
535
536         if (r.out.privs && r.out.privs->count > 0) {
537                 int i;
538                 for (i=0;i<r.out.privs->count;i++) {
539                         test_LookupPrivName(p, mem_ctx, handle, 
540                                             &r.out.privs->set[i].luid);
541                 }
542
543                 ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, acct_handle, 
544                                                         &r.out.privs->set[0].luid);
545                 ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle, 
546                                                    &r.out.privs->set[0].luid);
547         }
548
549         return ret;
550 }
551
552 static BOOL test_Delete(struct dcerpc_pipe *p, 
553                        TALLOC_CTX *mem_ctx, 
554                        struct policy_handle *handle)
555 {
556         NTSTATUS status;
557         struct lsa_Delete r;
558
559         printf("\ntesting Delete\n");
560
561         r.in.handle = handle;
562         status = dcerpc_lsa_Delete(p, mem_ctx, &r);
563         if (!NT_STATUS_IS_OK(status)) {
564                 printf("Delete failed - %s\n", nt_errstr(status));
565                 return False;
566         }
567
568         printf("\n");
569
570         return True;
571 }
572
573
574 static BOOL test_CreateAccount(struct dcerpc_pipe *p, 
575                                TALLOC_CTX *mem_ctx, 
576                                struct policy_handle *handle)
577 {
578         NTSTATUS status;
579         struct lsa_CreateAccount r;
580         struct dom_sid2 *newsid;
581         struct policy_handle acct_handle;
582
583         newsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-12349876-4321-2854");
584
585         printf("Testing CreateAccount\n");
586
587         r.in.handle = handle;
588         r.in.sid = newsid;
589         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
590         r.out.acct_handle = &acct_handle;
591
592         status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
593         if (!NT_STATUS_IS_OK(status)) {
594                 printf("CreateAccount failed - %s\n", nt_errstr(status));
595                 return False;
596         }
597
598         if (!test_Delete(p, mem_ctx, &acct_handle)) {
599                 return False;
600         }
601
602         return True;
603 }
604
605 static BOOL test_DeleteTrustedDomain(struct dcerpc_pipe *p, 
606                                      TALLOC_CTX *mem_ctx, 
607                                      struct policy_handle *handle,
608                                      struct lsa_String name)
609 {
610         NTSTATUS status;
611         struct lsa_OpenTrustedDomainByName r;
612         struct policy_handle trustdom_handle;
613
614         r.in.handle = handle;
615         r.in.name = name;
616         r.in.access_mask = SEC_STD_DELETE;
617         r.out.trustdom_handle = &trustdom_handle;
618
619         status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &r);
620         if (!NT_STATUS_IS_OK(status)) {
621                 printf("lsa_OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
622                 return False;
623         }
624
625         if (!test_Delete(p, mem_ctx, &trustdom_handle)) {
626                 return False;
627         }
628
629         return True;
630 }
631
632
633 static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p, 
634                                      TALLOC_CTX *mem_ctx, 
635                                      struct policy_handle *handle)
636 {
637         NTSTATUS status;
638         struct lsa_CreateTrustedDomain r;
639         struct lsa_TrustInformation trustinfo;
640         struct dom_sid *domsid;
641         struct policy_handle dom_handle;
642
643         printf("Testing CreateTrustedDomain\n");
644
645         domsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-21-97398-379795-12345");
646
647         trustinfo.sid = domsid;
648         init_lsa_String(&trustinfo.name, "torturedomain");
649
650         r.in.handle = handle;
651         r.in.info = &trustinfo;
652         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
653         r.out.dom_handle = &dom_handle;
654
655         status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
656         if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
657                 test_DeleteTrustedDomain(p, mem_ctx, handle, trustinfo.name);
658                 status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
659         }
660         if (!NT_STATUS_IS_OK(status)) {
661                 printf("CreateTrustedDomain failed - %s\n", nt_errstr(status));
662                 return False;
663         }
664
665         if (!test_Delete(p, mem_ctx, &dom_handle)) {
666                 return False;
667         }
668
669         return True;
670 }
671
672 static BOOL test_CreateSecret(struct dcerpc_pipe *p, 
673                               TALLOC_CTX *mem_ctx, 
674                               struct policy_handle *handle)
675 {
676         NTSTATUS status;
677         struct lsa_CreateSecret r;
678         struct lsa_OpenSecret r2;
679         struct lsa_SetSecret r3;
680         struct lsa_QuerySecret r4;
681         struct lsa_SetSecret r5;
682         struct lsa_QuerySecret r6;
683         struct policy_handle sec_handle, sec_handle2;
684         struct lsa_Delete d;
685         struct lsa_DATA_BUF buf1;
686         struct lsa_DATA_BUF_PTR bufp1;
687         DATA_BLOB enc_key;
688         BOOL ret = True;
689         DATA_BLOB session_key;
690         NTTIME old_mtime, new_mtime;
691         DATA_BLOB blob1, blob2;
692         const char *secret1 = "abcdef12345699qwerty";
693         char *secret2;
694         const char *secret3 = "ABCDEF12345699QWERTY";
695         char *secret4;
696         char *secname[2];
697         int i;
698
699
700         secname[0] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random());
701         secname[1] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random());
702
703         for (i=0; i< 2; i++) {
704                 printf("Testing CreateSecret of %s\n", secname[i]);
705                 
706                 init_lsa_String(&r.in.name, secname[i]);
707                 
708                 r.in.handle = handle;
709                 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
710                 r.out.sec_handle = &sec_handle;
711                 
712                 status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
713                 if (!NT_STATUS_IS_OK(status)) {
714                         printf("CreateSecret failed - %s\n", nt_errstr(status));
715                         return False;
716                 }
717                 
718                 r2.in.handle = handle;
719                 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
720                 r2.in.name = r.in.name;
721                 r2.out.sec_handle = &sec_handle2;
722                 
723                 printf("Testing OpenSecret\n");
724                 
725                 status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
726                 if (!NT_STATUS_IS_OK(status)) {
727                         printf("OpenSecret failed - %s\n", nt_errstr(status));
728                         ret = False;
729                 }
730                 
731                 status = dcerpc_fetch_session_key(p, &session_key);
732                 if (!NT_STATUS_IS_OK(status)) {
733                         printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
734                         ret = False;
735                 }
736                 
737                 enc_key = sess_encrypt_string(secret1, &session_key);
738                 
739                 r3.in.handle = &sec_handle;
740                 r3.in.new_val = &buf1;
741                 r3.in.old_val = NULL;
742                 r3.in.new_val->data = enc_key.data;
743                 r3.in.new_val->length = enc_key.length;
744                 r3.in.new_val->size = enc_key.length;
745                 
746                 printf("Testing SetSecret\n");
747                 
748                 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r3);
749                 if (!NT_STATUS_IS_OK(status)) {
750                         printf("SetSecret failed - %s\n", nt_errstr(status));
751                         ret = False;
752                 }
753                 
754                 data_blob_free(&enc_key);
755                 
756                 ZERO_STRUCT(new_mtime);
757                 ZERO_STRUCT(old_mtime);
758                 
759                 /* fetch the secret back again */
760                 r4.in.handle = &sec_handle;
761                 r4.in.new_val = &bufp1;
762                 r4.in.new_mtime = &new_mtime;
763                 r4.in.old_val = NULL;
764                 r4.in.old_mtime = NULL;
765                 
766                 bufp1.buf = NULL;
767                 
768                 status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r4);
769                 if (!NT_STATUS_IS_OK(status)) {
770                         printf("QuerySecret failed - %s\n", nt_errstr(status));
771                         ret = False;
772                 }
773                 
774                 if (r4.out.new_val->buf == NULL) {
775                         printf("No secret buffer returned\n");
776                         ret = False;
777                 } else {
778                         blob1.data = r4.out.new_val->buf->data;
779                         blob1.length = r4.out.new_val->buf->length;
780                         
781                         blob2 = data_blob(NULL, blob1.length);
782                         
783                         secret2 = sess_decrypt_string(&blob1, &session_key);
784                         
785                         printf("returned secret '%s'\n", secret2);
786                         
787                         if (strcmp(secret1, secret2) != 0) {
788                                 printf("Returned secret doesn't match\n");
789                                 ret = False;
790                         }
791                 }
792                 
793                 enc_key = sess_encrypt_string(secret3, &session_key);
794                 
795                 r5.in.handle = &sec_handle;
796                 r5.in.new_val = &buf1;
797                 r5.in.old_val = NULL;
798                 r5.in.new_val->data = enc_key.data;
799                 r5.in.new_val->length = enc_key.length;
800                 r5.in.new_val->size = enc_key.length;
801                 
802                 printf("Testing SetSecret\n");
803                 
804                 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r5);
805                 if (!NT_STATUS_IS_OK(status)) {
806                         printf("SetSecret failed - %s\n", nt_errstr(status));
807                         ret = False;
808                 }
809                 
810                 data_blob_free(&enc_key);
811                 
812                 ZERO_STRUCT(new_mtime);
813                 ZERO_STRUCT(old_mtime);
814                 
815                 /* fetch the secret back again */
816                 r6.in.handle = &sec_handle;
817                 r6.in.new_val = &bufp1;
818                 r6.in.new_mtime = &new_mtime;
819                 r6.in.old_val = NULL;
820                 r6.in.old_mtime = NULL;
821                 
822                 bufp1.buf = NULL;
823                 
824                 status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r6);
825                 if (!NT_STATUS_IS_OK(status)) {
826                         printf("QuerySecret failed - %s\n", nt_errstr(status));
827                         ret = False;
828                 }
829                 
830                 if (r6.out.new_val->buf == NULL) {
831                         printf("No secret buffer returned\n");
832                         ret = False;
833                 } else {
834                         blob1.data = r6.out.new_val->buf->data;
835                         blob1.length = r6.out.new_val->buf->length;
836                         
837                         blob2 = data_blob(NULL, blob1.length);
838                         
839                         secret4 = sess_decrypt_string(&blob1, &session_key);
840                         
841                         printf("returned secret '%s'\n", secret3);
842                         
843                         if (strcmp(secret3, secret4) != 0) {
844                                 printf("Returned secret %s doesn't match %s\n", secret4, secret3);
845                                 ret = False;
846                         }
847                 }
848                 
849                 if (!test_Delete(p, mem_ctx, &sec_handle)) {
850                         ret = False;
851                 }
852                 
853                 d.in.handle = &sec_handle2;
854                 status = dcerpc_lsa_Delete(p, mem_ctx, &d);
855                 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
856                         printf("Second delete expected INVALID_HANDLE - %s\n", nt_errstr(status));
857                         ret = False;
858                 }
859
860                 printf("Testing OpenSecret of just-deleted secret\n");
861                 
862                 status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
863                 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
864                         printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
865                         ret = False;
866                 }
867                 
868         }
869
870         return ret;
871 }
872
873
874 static BOOL test_EnumAccountRights(struct dcerpc_pipe *p, 
875                                    TALLOC_CTX *mem_ctx, 
876                                    struct policy_handle *acct_handle,
877                                    struct dom_sid *sid)
878 {
879         NTSTATUS status;
880         struct lsa_EnumAccountRights r;
881         struct lsa_RightSet rights;
882
883         printf("Testing EnumAccountRights\n");
884
885         r.in.handle = acct_handle;
886         r.in.sid = sid;
887         r.out.rights = &rights;
888
889         status = dcerpc_lsa_EnumAccountRights(p, mem_ctx, &r);
890         if (!NT_STATUS_IS_OK(status)) {
891                 printf("EnumAccountRights failed - %s\n", nt_errstr(status));
892                 return False;
893         }
894
895         return True;
896 }
897
898
899 static BOOL test_QuerySecurity(struct dcerpc_pipe *p, 
900                              TALLOC_CTX *mem_ctx, 
901                              struct policy_handle *handle,
902                              struct policy_handle *acct_handle)
903 {
904         NTSTATUS status;
905         struct lsa_QuerySecurity r;
906
907         printf("Testing QuerySecurity\n");
908
909         r.in.handle = acct_handle;
910         r.in.sec_info = 7;
911
912         status = dcerpc_lsa_QuerySecurity(p, mem_ctx, &r);
913         if (!NT_STATUS_IS_OK(status)) {
914                 printf("QuerySecurity failed - %s\n", nt_errstr(status));
915                 return False;
916         }
917
918         return True;
919 }
920
921 static BOOL test_OpenAccount(struct dcerpc_pipe *p, 
922                              TALLOC_CTX *mem_ctx, 
923                              struct policy_handle *handle,
924                              struct dom_sid *sid)
925 {
926         NTSTATUS status;
927         struct lsa_OpenAccount r;
928         struct policy_handle acct_handle;
929
930         printf("Testing OpenAccount\n");
931
932         r.in.handle = handle;
933         r.in.sid = sid;
934         r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
935         r.out.acct_handle = &acct_handle;
936
937         status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
938         if (!NT_STATUS_IS_OK(status)) {
939                 printf("OpenAccount failed - %s\n", nt_errstr(status));
940                 return False;
941         }
942
943         if (!test_EnumPrivsAccount(p, mem_ctx, handle, &acct_handle)) {
944                 return False;
945         }
946
947         if (!test_QuerySecurity(p, mem_ctx, handle, &acct_handle)) {
948                 return False;
949         }
950
951         return True;
952 }
953
954 static BOOL test_EnumAccounts(struct dcerpc_pipe *p, 
955                           TALLOC_CTX *mem_ctx, 
956                           struct policy_handle *handle)
957 {
958         NTSTATUS status;
959         struct lsa_EnumAccounts r;
960         struct lsa_SidArray sids1, sids2;
961         uint32_t resume_handle = 0;
962         int i;
963
964         printf("\ntesting EnumAccounts\n");
965
966         r.in.handle = handle;
967         r.in.resume_handle = &resume_handle;
968         r.in.num_entries = 100;
969         r.out.resume_handle = &resume_handle;
970         r.out.sids = &sids1;
971
972         resume_handle = 0;
973         while (True) {
974                 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
975                 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
976                         break;
977                 }
978                 if (!NT_STATUS_IS_OK(status)) {
979                         printf("EnumAccounts failed - %s\n", nt_errstr(status));
980                         return False;
981                 }
982
983                 if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
984                         return False;
985                 }
986
987                 if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
988                         return False;
989                 }
990
991                 if (!test_LookupSids3(p, mem_ctx, handle, &sids1)) {
992                         return False;
993                 }
994
995                 printf("testing all accounts\n");
996                 for (i=0;i<sids1.num_sids;i++) {
997                         test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
998                         test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
999                 }
1000                 printf("\n");
1001         }
1002
1003         if (sids1.num_sids < 3) {
1004                 return True;
1005         }
1006         
1007         printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
1008         resume_handle = 2;
1009         r.in.num_entries = 1;
1010         r.out.sids = &sids2;
1011
1012         status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
1013         if (!NT_STATUS_IS_OK(status)) {
1014                 printf("EnumAccounts failed - %s\n", nt_errstr(status));
1015                 return False;
1016         }
1017
1018         if (sids2.num_sids != 1) {
1019                 printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
1020                 return False;
1021         }
1022
1023         return True;
1024 }
1025
1026 static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
1027                                 TALLOC_CTX *mem_ctx,
1028                                 struct policy_handle *handle,
1029                                 struct lsa_String *priv_name)
1030 {
1031         struct lsa_LookupPrivDisplayName r;
1032         NTSTATUS status;
1033         /* produce a reasonable range of language output without screwing up
1034            terminals */
1035         uint16 language_id = (random() % 4) + 0x409;
1036
1037         printf("testing LookupPrivDisplayName(%s)\n", priv_name->string);
1038         
1039         r.in.handle = handle;
1040         r.in.name = priv_name;
1041         r.in.language_id = &language_id;
1042         r.out.language_id = &language_id;
1043         r.in.unknown = 0;
1044
1045         status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r);
1046         if (!NT_STATUS_IS_OK(status)) {
1047                 printf("LookupPrivDisplayName failed - %s\n", nt_errstr(status));
1048                 return False;
1049         }
1050         printf("%s -> \"%s\"  (language 0x%x/0x%x)\n", 
1051                priv_name->string, r.out.disp_name->string, 
1052                *r.in.language_id, *r.out.language_id);
1053
1054         return True;
1055 }
1056
1057 static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, 
1058                                 TALLOC_CTX *mem_ctx,
1059                                 struct policy_handle *handle,
1060                                 struct lsa_String *priv_name)
1061 {
1062         struct lsa_EnumAccountsWithUserRight r;
1063         struct lsa_SidArray sids;
1064         NTSTATUS status;
1065
1066         ZERO_STRUCT(sids);
1067         
1068         printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string);
1069         
1070         r.in.handle = handle;
1071         r.in.name = priv_name;
1072         r.out.sids = &sids;
1073
1074         status = dcerpc_lsa_EnumAccountsWithUserRight(p, mem_ctx, &r);
1075
1076         /* NT_STATUS_NO_MORE_ENTRIES means noone has this privilege */
1077         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
1078                 return True;
1079         }
1080
1081         if (!NT_STATUS_IS_OK(status)) {
1082                 printf("EnumAccountsWithUserRight failed - %s\n", nt_errstr(status));
1083                 return False;
1084         }
1085         
1086         return True;
1087 }
1088
1089
1090 static BOOL test_EnumPrivs(struct dcerpc_pipe *p, 
1091                            TALLOC_CTX *mem_ctx, 
1092                            struct policy_handle *handle)
1093 {
1094         NTSTATUS status;
1095         struct lsa_EnumPrivs r;
1096         struct lsa_PrivArray privs1;
1097         uint32_t resume_handle = 0;
1098         int i;
1099         BOOL ret = True;
1100
1101         printf("\ntesting EnumPrivs\n");
1102
1103         r.in.handle = handle;
1104         r.in.resume_handle = &resume_handle;
1105         r.in.max_count = 100;
1106         r.out.resume_handle = &resume_handle;
1107         r.out.privs = &privs1;
1108
1109         resume_handle = 0;
1110         status = dcerpc_lsa_EnumPrivs(p, mem_ctx, &r);
1111         if (!NT_STATUS_IS_OK(status)) {
1112                 printf("EnumPrivs failed - %s\n", nt_errstr(status));
1113                 return False;
1114         }
1115
1116         for (i = 0; i< privs1.count; i++) {
1117                 test_LookupPrivDisplayName(p, mem_ctx, handle, &privs1.privs[i].name);
1118                 test_LookupPrivValue(p, mem_ctx, handle, &privs1.privs[i].name);
1119                 if (!test_EnumAccountsWithUserRight(p, mem_ctx, handle, &privs1.privs[i].name)) {
1120                         ret = False;
1121                 }
1122         }
1123
1124         return ret;
1125 }
1126
1127
1128 static BOOL test_EnumTrustDom(struct dcerpc_pipe *p, 
1129                               TALLOC_CTX *mem_ctx, 
1130                               struct policy_handle *handle)
1131 {
1132         struct lsa_EnumTrustDom r;
1133         NTSTATUS status;
1134         uint32_t resume_handle = 0;
1135         struct lsa_DomainList domains;
1136         int i,j;
1137         BOOL ret = True;
1138
1139         printf("\nTesting EnumTrustDom\n");
1140
1141         r.in.handle = handle;
1142         r.in.resume_handle = &resume_handle;
1143         r.in.num_entries = 100;
1144         r.out.domains = &domains;
1145         r.out.resume_handle = &resume_handle;
1146
1147         status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r);
1148
1149         /* NO_MORE_ENTRIES is allowed */
1150         if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
1151                 return True;
1152         }
1153
1154         if (!NT_STATUS_IS_OK(status)) {
1155                 printf("EnumTrustDom failed - %s\n", nt_errstr(status));
1156                 return False;
1157         }
1158
1159         printf("\nTesting OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain\n");
1160
1161         for (i=0; i< domains.count; i++) {
1162                 struct lsa_OpenTrustedDomain trust;
1163                 struct lsa_OpenTrustedDomainByName trust_by_name;
1164                 struct policy_handle trustdom_handle;
1165                 struct policy_handle handle2;
1166                 struct lsa_Close c;
1167                 int levels [] = {1, 3, 6, 8, 12};
1168                 
1169                 trust.in.handle = handle;
1170                 trust.in.sid = domains.domains[i].sid;
1171                 trust.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1172                 trust.out.trustdom_handle = &trustdom_handle;
1173
1174                 status = dcerpc_lsa_OpenTrustedDomain(p, mem_ctx, &trust);
1175
1176                 if (!NT_STATUS_IS_OK(status)) {
1177                         printf("OpenTrustedDomain failed - %s\n", nt_errstr(status));
1178                         return False;
1179                 }
1180
1181                 c.in.handle = &trustdom_handle;
1182                 c.out.handle = &handle2;
1183                 
1184                 for (j=0; j < ARRAY_SIZE(levels); j++) {
1185                         struct lsa_QueryTrustedDomainInfo q;
1186                         union lsa_TrustedDomainInfo info;
1187                         q.in.trustdom_handle = &trustdom_handle;
1188                         q.in.level = levels[j];
1189                         q.out.info = &info;
1190                         status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
1191                         if (!NT_STATUS_IS_OK(status)) {
1192                                 printf("QueryTrustedDomainInfo level %d failed - %s\n", 
1193                                        levels[j], nt_errstr(status));
1194                                 ret = False;
1195                         }
1196                 }
1197                 
1198                 status = dcerpc_lsa_Close(p, mem_ctx, &c);
1199                 if (!NT_STATUS_IS_OK(status)) {
1200                         printf("Close of trusted domain failed - %s\n", nt_errstr(status));
1201                         return False;
1202                 }
1203
1204                 trust_by_name.in.handle = handle;
1205                 trust_by_name.in.name = domains.domains[i].name;
1206                 trust_by_name.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1207                 trust_by_name.out.trustdom_handle = &trustdom_handle;
1208                 
1209                 status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &trust_by_name);
1210
1211                 if (!NT_STATUS_IS_OK(status)) {
1212                         printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
1213                         return False;
1214                 }
1215
1216                 for (j=0; j < ARRAY_SIZE(levels); j++) {
1217                         struct lsa_QueryTrustedDomainInfo q;
1218                         union lsa_TrustedDomainInfo info;
1219                         q.in.trustdom_handle = &trustdom_handle;
1220                         q.in.level = levels[j];
1221                         q.out.info = &info;
1222                         status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
1223                         if (!NT_STATUS_IS_OK(status)) {
1224                                 printf("QueryTrustedDomainInfo level %d failed - %s\n", 
1225                                        levels[j], nt_errstr(status));
1226                                 ret = False;
1227                         }
1228                 }
1229                 
1230                 c.in.handle = &trustdom_handle;
1231                 c.out.handle = &handle2;
1232
1233                 status = dcerpc_lsa_Close(p, mem_ctx, &c);
1234                 if (!NT_STATUS_IS_OK(status)) {
1235                         printf("Close of trusted domain failed - %s\n", nt_errstr(status));
1236                         return False;
1237                 }
1238
1239                 for (j=0; j < ARRAY_SIZE(levels); j++) {
1240                         struct lsa_QueryTrustedDomainInfoBySid q;
1241                         union lsa_TrustedDomainInfo info;
1242                         q.in.handle  = handle;
1243                         q.in.dom_sid = domains.domains[i].sid;
1244                         q.in.level   = levels[j];
1245                         q.out.info   = &info;
1246                         status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q);
1247                         if (!NT_STATUS_IS_OK(status)) {
1248                                 printf("QueryTrustedDomainInfoBySid level %d failed - %s\n", 
1249                                        levels[j], nt_errstr(status));
1250                                 ret = False;
1251                         }
1252                 }
1253                 
1254                 for (j=0; j < ARRAY_SIZE(levels); j++) {
1255                         struct lsa_QueryTrustedDomainInfoByName q;
1256                         union lsa_TrustedDomainInfo info;
1257                         q.in.handle         = handle;
1258                         q.in.trusted_domain = domains.domains[i].name;
1259                         q.in.level          = levels[j];
1260                         q.out.info          = &info;
1261                         status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q);
1262                         if (!NT_STATUS_IS_OK(status)) {
1263                                 printf("QueryTrustedDomainInfoByName level %d failed - %s\n", 
1264                                        levels[j], nt_errstr(status));
1265                                 ret = False;
1266                         }
1267                 }
1268                 
1269                 
1270
1271         }
1272
1273         return ret;
1274 }
1275
1276 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, 
1277                                  TALLOC_CTX *mem_ctx, 
1278                                  struct policy_handle *handle)
1279 {
1280         struct lsa_QueryInfoPolicy r;
1281         NTSTATUS status;
1282         int i;
1283         BOOL ret = True;
1284         printf("\nTesting QueryInfoPolicy\n");
1285
1286         for (i=1;i<13;i++) {
1287                 r.in.handle = handle;
1288                 r.in.level = i;
1289
1290                 printf("\ntrying QueryInfoPolicy level %d\n", i);
1291
1292                 status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
1293
1294                 if ((i == 9 || i == 10 || i == 11) &&
1295                     NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1296                         printf("server failed level %u (OK)\n", i);
1297                         continue;
1298                 }
1299
1300                 if (!NT_STATUS_IS_OK(status)) {
1301                         printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
1302                         ret = False;
1303                         continue;
1304                 }
1305         }
1306
1307         return ret;
1308 }
1309
1310 static BOOL test_QueryInfoPolicy2(struct dcerpc_pipe *p, 
1311                                   TALLOC_CTX *mem_ctx, 
1312                                   struct policy_handle *handle)
1313 {
1314         struct lsa_QueryInfoPolicy2 r;
1315         NTSTATUS status;
1316         int i;
1317         BOOL ret = True;
1318         printf("\nTesting QueryInfoPolicy2\n");
1319
1320         for (i=1;i<13;i++) {
1321                 r.in.handle = handle;
1322                 r.in.level = i;
1323
1324                 printf("\ntrying QueryInfoPolicy2 level %d\n", i);
1325
1326                 status = dcerpc_lsa_QueryInfoPolicy2(p, mem_ctx, &r);
1327
1328                 if ((i == 9 || i == 10 || i == 11) &&
1329                     NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1330                         printf("server failed level %u (OK)\n", i);
1331                         continue;
1332                 }
1333
1334                 if (!NT_STATUS_IS_OK(status)) {
1335                         printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
1336                         ret = False;
1337                         continue;
1338                 }
1339         }
1340
1341         return ret;
1342 }
1343
1344 static BOOL test_GetUserName(struct dcerpc_pipe *p, 
1345                                   TALLOC_CTX *mem_ctx, 
1346                                   struct policy_handle *handle)
1347 {
1348         struct lsa_GetUserName r;
1349         NTSTATUS status;
1350         BOOL ret = True;
1351         struct lsa_StringPointer authority_name_p;
1352
1353         printf("\nTesting GetUserName\n");
1354
1355         r.in.system_name = "\\";        
1356         r.in.account_name = NULL;       
1357         r.in.authority_name = &authority_name_p;
1358         authority_name_p.string = NULL;
1359
1360         status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
1361
1362         if (!NT_STATUS_IS_OK(status)) {
1363                 printf("GetUserName failed - %s\n", nt_errstr(status));
1364                 ret = False;
1365         }
1366
1367         return ret;
1368 }
1369
1370 BOOL test_lsa_Close(struct dcerpc_pipe *p, 
1371                     TALLOC_CTX *mem_ctx, 
1372                     struct policy_handle *handle)
1373 {
1374         NTSTATUS status;
1375         struct lsa_Close r;
1376         struct policy_handle handle2;
1377
1378         printf("\ntesting Close\n");
1379
1380         r.in.handle = handle;
1381         r.out.handle = &handle2;
1382
1383         status = dcerpc_lsa_Close(p, mem_ctx, &r);
1384         if (!NT_STATUS_IS_OK(status)) {
1385                 printf("Close failed - %s\n", nt_errstr(status));
1386                 return False;
1387         }
1388
1389         status = dcerpc_lsa_Close(p, mem_ctx, &r);
1390         /* its really a fault - we need a status code for rpc fault */
1391         if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
1392                 printf("Close failed - %s\n", nt_errstr(status));
1393                 return False;
1394         }
1395
1396         printf("\n");
1397
1398         return True;
1399 }
1400
1401 BOOL torture_rpc_lsa(void)
1402 {
1403         NTSTATUS status;
1404         struct dcerpc_pipe *p;
1405         TALLOC_CTX *mem_ctx;
1406         BOOL ret = True;
1407         struct policy_handle handle;
1408
1409         mem_ctx = talloc_init("torture_rpc_lsa");
1410
1411         status = torture_rpc_connection(&p, 
1412                                         DCERPC_LSARPC_NAME, 
1413                                         DCERPC_LSARPC_UUID, 
1414                                         DCERPC_LSARPC_VERSION);
1415         if (!NT_STATUS_IS_OK(status)) {
1416                 return False;
1417         }
1418
1419         if (!test_OpenPolicy(p, mem_ctx)) {
1420                 ret = False;
1421         }
1422
1423         if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) {
1424                 ret = False;
1425         }
1426
1427         if (!test_many_LookupSids(p, mem_ctx, &handle)) {
1428                 ret = False;
1429         }
1430
1431         if (!test_CreateAccount(p, mem_ctx, &handle)) {
1432                 ret = False;
1433         }
1434
1435         if (!test_CreateSecret(p, mem_ctx, &handle)) {
1436                 ret = False;
1437         }
1438
1439         if (!test_CreateTrustedDomain(p, mem_ctx, &handle)) {
1440                 ret = False;
1441         }
1442
1443         if (!test_EnumAccounts(p, mem_ctx, &handle)) {
1444                 ret = False;
1445         }
1446
1447         if (!test_EnumPrivs(p, mem_ctx, &handle)) {
1448                 ret = False;
1449         }
1450
1451         if (!test_EnumTrustDom(p, mem_ctx, &handle)) {
1452                 ret = False;
1453         }
1454
1455         if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
1456                 ret = False;
1457         }
1458
1459         if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) {
1460                 ret = False;
1461         }
1462
1463         if (!test_GetUserName(p, mem_ctx, &handle)) {
1464                 ret = False;
1465         }
1466
1467 #if 0
1468         if (!test_Delete(p, mem_ctx, &handle)) {
1469                 ret = False;
1470         }
1471 #endif
1472         
1473         if (!test_lsa_Close(p, mem_ctx, &handle)) {
1474                 ret = False;
1475         }
1476
1477         talloc_destroy(mem_ctx);
1478
1479         torture_rpc_close(p);
1480
1481         return ret;
1482 }