2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "librpc/gen_ndr/ndr_winreg_c.h"
25 #include "librpc/gen_ndr/ndr_security.h"
26 #include "libcli/security/security.h"
27 #include "torture/rpc/rpc.h"
29 #define TEST_KEY_BASE "smbtorture test"
30 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
31 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
32 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
33 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
34 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
35 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
36 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
38 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
40 static void init_initshutdown_String(TALLOC_CTX *mem_ctx,
41 struct initshutdown_String *name,
44 name->name = talloc(mem_ctx, struct initshutdown_String_sub);
48 static void init_winreg_String(struct winreg_String *name, const char *s)
52 name->name_len = 2 * (strlen_m(s) + 1);
53 name->name_size = name->name_len;
60 static bool test_GetVersion(struct dcerpc_pipe *p,
61 struct torture_context *tctx,
62 struct policy_handle *handle)
64 struct winreg_GetVersion r;
71 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion(p, tctx, &r),
74 torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed");
79 static bool test_NotifyChangeKeyValue(struct dcerpc_pipe *p,
80 struct torture_context *tctx,
81 struct policy_handle *handle)
83 struct winreg_NotifyChangeKeyValue r;
86 r.in.watch_subtree = true;
87 r.in.notify_filter = 0;
88 r.in.unknown = r.in.unknown2 = 0;
89 init_winreg_String(&r.in.string1, NULL);
90 init_winreg_String(&r.in.string2, NULL);
92 torture_assert_ntstatus_ok(tctx,
93 dcerpc_winreg_NotifyChangeKeyValue(p, tctx, &r),
94 "NotifyChangeKeyValue failed");
96 if (!W_ERROR_IS_OK(r.out.result)) {
98 "NotifyChangeKeyValue failed - %s - not considering\n",
99 win_errstr(r.out.result));
106 static bool test_CreateKey(struct dcerpc_pipe *p, struct torture_context *tctx,
107 struct policy_handle *handle, const char *name,
110 struct winreg_CreateKey r;
111 struct policy_handle newhandle;
112 enum winreg_CreateAction action_taken = 0;
114 r.in.handle = handle;
115 r.out.new_handle = &newhandle;
116 init_winreg_String(&r.in.name, name);
117 init_winreg_String(&r.in.keyclass, class);
119 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
120 r.in.action_taken = r.out.action_taken = &action_taken;
123 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
126 torture_assert_werr_ok(tctx, r.out.result, "CreateKey failed");
133 createkey testing with a SD
135 static bool test_CreateKey_sd(struct dcerpc_pipe *p,
136 struct torture_context *tctx,
137 struct policy_handle *handle, const char *name,
139 struct policy_handle *newhandle)
141 struct winreg_CreateKey r;
142 enum winreg_CreateAction action_taken = 0;
143 struct security_descriptor *sd;
145 struct winreg_SecBuf secbuf;
147 sd = security_descriptor_dacl_create(tctx,
150 SID_NT_AUTHENTICATED_USERS,
151 SEC_ACE_TYPE_ACCESS_ALLOWED,
153 SEC_ACE_FLAG_OBJECT_INHERIT |
154 SEC_ACE_FLAG_CONTAINER_INHERIT,
157 torture_assert_ntstatus_ok(tctx,
158 ndr_push_struct_blob(&sdblob, tctx, sd,
159 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
160 "Failed to push security_descriptor ?!\n");
162 secbuf.sd.data = sdblob.data;
163 secbuf.sd.len = sdblob.length;
164 secbuf.sd.size = sdblob.length;
165 secbuf.length = sdblob.length-10;
168 r.in.handle = handle;
169 r.out.new_handle = newhandle;
170 init_winreg_String(&r.in.name, name);
171 init_winreg_String(&r.in.keyclass, class);
173 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
174 r.in.action_taken = r.out.action_taken = &action_taken;
175 r.in.secdesc = &secbuf;
177 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
178 "CreateKey with sd failed");
180 torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed");
185 static bool _test_GetKeySecurity(struct dcerpc_pipe *p,
186 struct torture_context *tctx,
187 struct policy_handle *handle,
188 uint32_t *sec_info_ptr,
190 struct security_descriptor **sd_out)
192 struct winreg_GetKeySecurity r;
193 struct security_descriptor *sd = NULL;
198 sec_info = *sec_info_ptr;
200 sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
205 r.in.handle = handle;
206 r.in.sec_info = sec_info;
207 r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData);
208 r.in.sd->size = 0x1000;
210 torture_assert_ntstatus_ok(tctx,
211 dcerpc_winreg_GetKeySecurity(p, tctx, &r),
212 "GetKeySecurity failed");
214 torture_assert_werr_equal(tctx, r.out.result, get_werr,
215 "GetKeySecurity failed");
217 sdblob.data = r.out.sd->data;
218 sdblob.length = r.out.sd->len;
220 sd = talloc_zero(tctx, struct security_descriptor);
222 torture_assert_ntstatus_ok(tctx,
223 ndr_pull_struct_blob(&sdblob, tctx, sd,
224 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor),
225 "pull_security_descriptor failed");
227 if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
228 NDR_PRINT_DEBUG(security_descriptor, sd);
240 static bool test_GetKeySecurity(struct dcerpc_pipe *p,
241 struct torture_context *tctx,
242 struct policy_handle *handle,
243 struct security_descriptor **sd_out)
245 return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out);
248 static bool _test_SetKeySecurity(struct dcerpc_pipe *p,
249 struct torture_context *tctx,
250 struct policy_handle *handle,
251 uint32_t *sec_info_ptr,
252 struct security_descriptor *sd,
255 struct winreg_SetKeySecurity r;
256 struct KeySecurityData *sdata = NULL;
262 if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
263 NDR_PRINT_DEBUG(security_descriptor, sd);
266 torture_assert_ntstatus_ok(tctx,
267 ndr_push_struct_blob(&sdblob, tctx, sd,
268 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
269 "push_security_descriptor failed");
271 sdata = talloc_zero(tctx, struct KeySecurityData);
272 sdata->data = sdblob.data;
273 sdata->size = sdblob.length;
274 sdata->len = sdblob.length;
277 sec_info = *sec_info_ptr;
279 sec_info = SECINFO_UNPROTECTED_SACL |
280 SECINFO_UNPROTECTED_DACL;
282 sec_info |= SECINFO_OWNER;
285 sec_info |= SECINFO_GROUP;
288 sec_info |= SECINFO_SACL;
291 sec_info |= SECINFO_DACL;
295 r.in.handle = handle;
296 r.in.sec_info = sec_info;
299 torture_assert_ntstatus_ok(tctx,
300 dcerpc_winreg_SetKeySecurity(p, tctx, &r),
301 "SetKeySecurity failed");
303 torture_assert_werr_equal(tctx, r.out.result, werr,
304 "SetKeySecurity failed");
309 static bool test_SetKeySecurity(struct dcerpc_pipe *p,
310 struct torture_context *tctx,
311 struct policy_handle *handle,
312 struct security_descriptor *sd)
314 return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK);
317 static bool test_CloseKey(struct dcerpc_pipe *p, struct torture_context *tctx,
318 struct policy_handle *handle)
320 struct winreg_CloseKey r;
322 r.in.handle = r.out.handle = handle;
324 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey(p, tctx, &r),
327 torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");
332 static bool test_FlushKey(struct dcerpc_pipe *p, struct torture_context *tctx,
333 struct policy_handle *handle)
335 struct winreg_FlushKey r;
337 r.in.handle = handle;
339 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey(p, tctx, &r),
342 torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed");
347 static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
348 struct policy_handle *hive_handle,
349 const char *keyname, uint32_t access_mask,
350 struct policy_handle *key_handle,
354 struct winreg_OpenKey r;
356 r.in.parent_handle = hive_handle;
357 init_winreg_String(&r.in.keyname, keyname);
358 r.in.unknown = 0x00000000;
359 r.in.access_mask = access_mask;
360 r.out.handle = key_handle;
362 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r),
365 torture_assert_werr_equal(tctx, r.out.result, open_werr,
368 if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) {
375 static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
376 struct policy_handle *hive_handle,
377 const char *keyname, struct policy_handle *key_handle)
379 return _test_OpenKey(p, tctx, hive_handle, keyname,
380 SEC_FLAG_MAXIMUM_ALLOWED, key_handle,
384 static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx,
385 struct policy_handle *handle, const char *key)
387 struct winreg_DeleteKey r;
389 r.in.handle = handle;
391 init_winreg_String(&r.in.key, key);
392 dcerpc_winreg_DeleteKey(p, tctx, &r);
397 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p,
398 struct torture_context *tctx,
399 struct policy_handle *handle,
403 struct security_descriptor *sd = NULL;
405 if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) {
409 if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) {
416 static bool test_SecurityDescriptor(struct dcerpc_pipe *p,
417 struct torture_context *tctx,
418 struct policy_handle *handle,
421 struct policy_handle new_handle;
424 torture_comment(tctx, "SecurityDescriptor get & set\n");
426 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
430 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
435 if (!test_CloseKey(p, tctx, &new_handle)) {
442 static bool _test_SecurityDescriptor(struct dcerpc_pipe *p,
443 struct torture_context *tctx,
444 struct policy_handle *handle,
445 uint32_t access_mask,
451 struct policy_handle new_handle;
453 bool got_key = false;
455 if (!_test_OpenKey(p, tctx, handle, key, access_mask, &new_handle,
456 open_werr, &got_key)) {
464 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
465 get_werr, set_werr)) {
469 if (!test_CloseKey(p, tctx, &new_handle)) {
476 static bool test_dacl_trustee_present(struct dcerpc_pipe *p,
477 struct torture_context *tctx,
478 struct policy_handle *handle,
479 const struct dom_sid *sid)
481 struct security_descriptor *sd = NULL;
484 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
488 if (!sd || !sd->dacl) {
492 for (i = 0; i < sd->dacl->num_aces; i++) {
493 if (dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) {
501 static bool _test_dacl_trustee_present(struct dcerpc_pipe *p,
502 struct torture_context *tctx,
503 struct policy_handle *handle,
505 const struct dom_sid *sid)
507 struct policy_handle new_handle;
510 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
514 ret = test_dacl_trustee_present(p, tctx, &new_handle, sid);
516 test_CloseKey(p, tctx, &new_handle);
521 static bool test_sacl_trustee_present(struct dcerpc_pipe *p,
522 struct torture_context *tctx,
523 struct policy_handle *handle,
524 const struct dom_sid *sid)
526 struct security_descriptor *sd = NULL;
528 uint32_t sec_info = SECINFO_SACL;
530 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
534 if (!sd || !sd->sacl) {
538 for (i = 0; i < sd->sacl->num_aces; i++) {
539 if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) {
547 static bool _test_sacl_trustee_present(struct dcerpc_pipe *p,
548 struct torture_context *tctx,
549 struct policy_handle *handle,
551 const struct dom_sid *sid)
553 struct policy_handle new_handle;
556 if (!_test_OpenKey(p, tctx, handle, key, SEC_FLAG_SYSTEM_SECURITY,
557 &new_handle, WERR_OK, NULL)) {
561 ret = test_sacl_trustee_present(p, tctx, &new_handle, sid);
563 test_CloseKey(p, tctx, &new_handle);
568 static bool test_owner_present(struct dcerpc_pipe *p,
569 struct torture_context *tctx,
570 struct policy_handle *handle,
571 const struct dom_sid *sid)
573 struct security_descriptor *sd = NULL;
574 uint32_t sec_info = SECINFO_OWNER;
576 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
580 if (!sd || !sd->owner_sid) {
584 return dom_sid_equal(sd->owner_sid, sid);
587 static bool _test_owner_present(struct dcerpc_pipe *p,
588 struct torture_context *tctx,
589 struct policy_handle *handle,
591 const struct dom_sid *sid)
593 struct policy_handle new_handle;
596 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
600 ret = test_owner_present(p, tctx, &new_handle, sid);
602 test_CloseKey(p, tctx, &new_handle);
607 static bool test_group_present(struct dcerpc_pipe *p,
608 struct torture_context *tctx,
609 struct policy_handle *handle,
610 const struct dom_sid *sid)
612 struct security_descriptor *sd = NULL;
613 uint32_t sec_info = SECINFO_GROUP;
615 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
619 if (!sd || !sd->group_sid) {
623 return dom_sid_equal(sd->group_sid, sid);
626 static bool _test_group_present(struct dcerpc_pipe *p,
627 struct torture_context *tctx,
628 struct policy_handle *handle,
630 const struct dom_sid *sid)
632 struct policy_handle new_handle;
635 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
639 ret = test_group_present(p, tctx, &new_handle, sid);
641 test_CloseKey(p, tctx, &new_handle);
646 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p,
647 struct torture_context *tctx,
648 struct policy_handle *handle,
649 const struct dom_sid *sid,
652 struct security_descriptor *sd = NULL;
655 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
659 if (!sd || !sd->dacl) {
663 for (i = 0; i < sd->dacl->num_aces; i++) {
664 if ((dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) &&
665 (sd->dacl->aces[i].flags == flags)) {
673 static bool test_dacl_ace_present(struct dcerpc_pipe *p,
674 struct torture_context *tctx,
675 struct policy_handle *handle,
676 const struct security_ace *ace)
678 struct security_descriptor *sd = NULL;
681 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
685 if (!sd || !sd->dacl) {
689 for (i = 0; i < sd->dacl->num_aces; i++) {
690 if (security_ace_equal(&sd->dacl->aces[i], ace)) {
698 static bool test_RestoreSecurity(struct dcerpc_pipe *p,
699 struct torture_context *tctx,
700 struct policy_handle *handle,
702 struct security_descriptor *sd)
704 struct policy_handle new_handle;
707 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
711 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
715 if (!test_CloseKey(p, tctx, &new_handle)) {
722 static bool test_BackupSecurity(struct dcerpc_pipe *p,
723 struct torture_context *tctx,
724 struct policy_handle *handle,
726 struct security_descriptor **sd)
728 struct policy_handle new_handle;
731 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
735 if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) {
739 if (!test_CloseKey(p, tctx, &new_handle)) {
746 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p,
747 struct torture_context *tctx,
748 struct policy_handle *handle,
752 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
767 struct security_descriptor *sd = NULL;
768 struct security_descriptor *sd_orig = NULL;
769 struct security_ace *ace = NULL;
770 struct policy_handle new_handle;
774 torture_comment(tctx, "SecurityDescriptor inheritance\n");
776 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
780 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
784 sd_orig = security_descriptor_copy(tctx, sd);
785 if (sd_orig == NULL) {
789 ace = security_ace_create(tctx,
791 SEC_ACE_TYPE_ACCESS_ALLOWED,
793 SEC_ACE_FLAG_CONTAINER_INHERIT);
795 status = security_descriptor_dacl_add(sd, ace);
796 if (!NT_STATUS_IS_OK(status)) {
797 printf("failed to add ace: %s\n", nt_errstr(status));
801 /* FIXME: add further tests for these flags */
802 sd->type |= SEC_DESC_DACL_AUTO_INHERIT_REQ |
803 SEC_DESC_SACL_AUTO_INHERITED;
805 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
809 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
810 printf("new ACE not present!\n");
814 if (!test_CloseKey(p, tctx, &new_handle)) {
818 if (!test_CreateKey(p, tctx, handle, TEST_SUBKEY_SD, NULL)) {
823 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
828 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
829 printf("inherited ACE not present!\n");
834 test_CloseKey(p, tctx, &new_handle);
835 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
840 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
845 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
846 printf("inherited ACE not present!\n");
852 test_CloseKey(p, tctx, &new_handle);
853 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
854 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
855 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
860 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe *p,
861 struct torture_context *tctx,
862 struct policy_handle *handle,
866 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
878 struct security_descriptor *sd = NULL;
879 struct security_descriptor *sd_orig = NULL;
880 struct security_ace *ace = NULL;
881 struct policy_handle new_handle;
882 struct dom_sid *sid = NULL;
885 uint8_t ace_flags = 0x0;
887 torture_comment(tctx, "SecurityDescriptor inheritance block\n");
889 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
893 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
897 sd_orig = security_descriptor_copy(tctx, sd);
898 if (sd_orig == NULL) {
902 ace = security_ace_create(tctx,
904 SEC_ACE_TYPE_ACCESS_ALLOWED,
906 SEC_ACE_FLAG_CONTAINER_INHERIT |
907 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
909 status = security_descriptor_dacl_add(sd, ace);
910 if (!NT_STATUS_IS_OK(status)) {
911 printf("failed to add ace: %s\n", nt_errstr(status));
915 if (!_test_SetKeySecurity(p, tctx, &new_handle, NULL, sd, WERR_OK)) {
919 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
920 printf("new ACE not present!\n");
924 if (!test_CloseKey(p, tctx, &new_handle)) {
928 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
932 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
937 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
938 printf("inherited ACE present but should not!\n");
943 sid = dom_sid_parse_talloc(tctx, TEST_SID);
948 if (test_dacl_trustee_present(p, tctx, &new_handle, sid)) {
949 printf("inherited trustee SID present but should not!\n");
954 test_CloseKey(p, tctx, &new_handle);
956 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
961 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
962 printf("inherited ACE present but should not!\n");
967 if (!test_dacl_trustee_flags_present(p, tctx, &new_handle, sid, ace_flags)) {
968 printf("inherited trustee SID with flags 0x%02x not present!\n",
975 test_CloseKey(p, tctx, &new_handle);
976 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
977 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
978 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
983 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe *p,
984 struct torture_context *tctx,
985 struct policy_handle *handle,
991 struct winreg_mask_result_table {
992 uint32_t access_mask;
996 } sd_mask_tests[] = {
998 WERR_ACCESS_DENIED, WERR_BADFILE, WERR_FOOBAR },
999 { SEC_FLAG_MAXIMUM_ALLOWED,
1000 WERR_OK, WERR_OK, WERR_OK },
1001 { SEC_STD_WRITE_DAC,
1002 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR },
1003 { SEC_FLAG_SYSTEM_SECURITY,
1004 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR }
1007 /* FIXME: before this test can ever run successfully we need a way to
1008 * correctly read a NULL security_descritpor in ndr, get the required
1009 * length, requery, etc.
1014 for (i=0; i < ARRAY_SIZE(sd_mask_tests); i++) {
1016 torture_comment(tctx,
1017 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1018 sd_mask_tests[i].access_mask);
1019 torture_comment(tctx,
1020 "expecting: open %s, get: %s, set: %s\n",
1021 win_errstr(sd_mask_tests[i].open_werr),
1022 win_errstr(sd_mask_tests[i].get_werr),
1023 win_errstr(sd_mask_tests[i].set_werr));
1025 if (_test_SecurityDescriptor(p, tctx, handle,
1026 sd_mask_tests[i].access_mask, key,
1027 sd_mask_tests[i].open_werr,
1028 sd_mask_tests[i].get_werr,
1029 sd_mask_tests[i].set_werr)) {
1037 typedef bool (*secinfo_verify_fn)(struct dcerpc_pipe *,
1038 struct torture_context *,
1039 struct policy_handle *,
1041 const struct dom_sid *);
1043 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe *p,
1044 struct torture_context *tctx,
1045 struct policy_handle *handle,
1048 uint32_t access_mask,
1050 struct security_descriptor *sd,
1052 bool expect_present,
1053 bool (*fn) (struct dcerpc_pipe *,
1054 struct torture_context *,
1055 struct policy_handle *,
1057 const struct dom_sid *),
1058 const struct dom_sid *sid)
1060 struct policy_handle new_handle;
1061 bool open_success = false;
1063 torture_comment(tctx, "SecurityDescriptor (%s) sets for secinfo: "
1064 "0x%08x, access_mask: 0x%08x\n",
1065 test, sec_info, access_mask);
1067 if (!_test_OpenKey(p, tctx, handle, key,
1075 if (!open_success) {
1076 printf("key did not open\n");
1077 test_CloseKey(p, tctx, &new_handle);
1081 if (!_test_SetKeySecurity(p, tctx, &new_handle, &sec_info,
1084 torture_warning(tctx,
1085 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1088 test_CloseKey(p, tctx, &new_handle);
1092 test_CloseKey(p, tctx, &new_handle);
1094 if (W_ERROR_IS_OK(set_werr)) {
1096 present = fn(p, tctx, handle, key, sid);
1097 if ((expect_present) && (!present)) {
1098 torture_warning(tctx,
1099 "%s sid is not present!\n",
1103 if ((!expect_present) && (present)) {
1104 torture_warning(tctx,
1105 "%s sid is present but not expected!\n",
1114 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe *p,
1115 struct torture_context *tctx,
1116 struct policy_handle *handle,
1119 struct security_descriptor *sd_orig = NULL;
1120 struct dom_sid *sid = NULL;
1124 struct security_descriptor *sd_owner =
1125 security_descriptor_dacl_create(tctx,
1127 TEST_SID, NULL, NULL);
1129 struct security_descriptor *sd_group =
1130 security_descriptor_dacl_create(tctx,
1132 NULL, TEST_SID, NULL);
1134 struct security_descriptor *sd_dacl =
1135 security_descriptor_dacl_create(tctx,
1139 SEC_ACE_TYPE_ACCESS_ALLOWED,
1142 SID_NT_AUTHENTICATED_USERS,
1143 SEC_ACE_TYPE_ACCESS_ALLOWED,
1148 struct security_descriptor *sd_sacl =
1149 security_descriptor_sacl_create(tctx,
1153 SEC_ACE_TYPE_SYSTEM_AUDIT,
1155 SEC_ACE_FLAG_SUCCESSFUL_ACCESS,
1158 struct winreg_secinfo_table {
1159 struct security_descriptor *sd;
1163 secinfo_verify_fn fn;
1166 struct winreg_secinfo_table sec_info_owner_tests[] = {
1167 { sd_owner, 0, WERR_OK,
1168 false, (secinfo_verify_fn)_test_owner_present },
1169 { sd_owner, SECINFO_OWNER, WERR_OK,
1170 true, (secinfo_verify_fn)_test_owner_present },
1171 { sd_owner, SECINFO_GROUP, WERR_INVALID_PARAM },
1172 { sd_owner, SECINFO_DACL, WERR_OK,
1173 true, (secinfo_verify_fn)_test_owner_present },
1174 { sd_owner, SECINFO_SACL, WERR_ACCESS_DENIED },
1177 uint32_t sd_owner_good_access_masks[] = {
1178 SEC_FLAG_MAXIMUM_ALLOWED,
1179 /* SEC_STD_WRITE_OWNER, */
1182 struct winreg_secinfo_table sec_info_group_tests[] = {
1183 { sd_group, 0, WERR_OK,
1184 false, (secinfo_verify_fn)_test_group_present },
1185 { sd_group, SECINFO_OWNER, WERR_INVALID_PARAM },
1186 { sd_group, SECINFO_GROUP, WERR_OK,
1187 true, (secinfo_verify_fn)_test_group_present },
1188 { sd_group, SECINFO_DACL, WERR_OK,
1189 true, (secinfo_verify_fn)_test_group_present },
1190 { sd_group, SECINFO_SACL, WERR_ACCESS_DENIED },
1193 uint32_t sd_group_good_access_masks[] = {
1194 SEC_FLAG_MAXIMUM_ALLOWED,
1197 struct winreg_secinfo_table sec_info_dacl_tests[] = {
1198 { sd_dacl, 0, WERR_OK,
1199 false, (secinfo_verify_fn)_test_dacl_trustee_present },
1200 { sd_dacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1201 { sd_dacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1202 { sd_dacl, SECINFO_DACL, WERR_OK,
1203 true, (secinfo_verify_fn)_test_dacl_trustee_present },
1204 { sd_dacl, SECINFO_SACL, WERR_ACCESS_DENIED },
1207 uint32_t sd_dacl_good_access_masks[] = {
1208 SEC_FLAG_MAXIMUM_ALLOWED,
1212 struct winreg_secinfo_table sec_info_sacl_tests[] = {
1213 { sd_sacl, 0, WERR_OK,
1214 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1215 { sd_sacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1216 { sd_sacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1217 { sd_sacl, SECINFO_DACL, WERR_OK,
1218 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1219 { sd_sacl, SECINFO_SACL, WERR_OK,
1220 true, (secinfo_verify_fn)_test_sacl_trustee_present },
1223 uint32_t sd_sacl_good_access_masks[] = {
1224 SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY,
1225 /* SEC_FLAG_SYSTEM_SECURITY, */
1228 sid = dom_sid_parse_talloc(tctx, TEST_SID);
1233 if (!test_BackupSecurity(p, tctx, handle, key, &sd_orig)) {
1239 for (i=0; i < ARRAY_SIZE(sec_info_owner_tests); i++) {
1241 for (a=0; a < ARRAY_SIZE(sd_owner_good_access_masks); a++) {
1243 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1246 sd_owner_good_access_masks[a],
1247 sec_info_owner_tests[i].sec_info,
1248 sec_info_owner_tests[i].sd,
1249 sec_info_owner_tests[i].set_werr,
1250 sec_info_owner_tests[i].sid_present,
1251 sec_info_owner_tests[i].fn,
1254 printf("test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1263 for (i=0; i < ARRAY_SIZE(sec_info_group_tests); i++) {
1265 for (a=0; a < ARRAY_SIZE(sd_group_good_access_masks); a++) {
1267 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1270 sd_group_good_access_masks[a],
1271 sec_info_group_tests[i].sec_info,
1272 sec_info_group_tests[i].sd,
1273 sec_info_group_tests[i].set_werr,
1274 sec_info_group_tests[i].sid_present,
1275 sec_info_group_tests[i].fn,
1278 printf("test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1287 for (i=0; i < ARRAY_SIZE(sec_info_dacl_tests); i++) {
1289 for (a=0; a < ARRAY_SIZE(sd_dacl_good_access_masks); a++) {
1291 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1294 sd_dacl_good_access_masks[a],
1295 sec_info_dacl_tests[i].sec_info,
1296 sec_info_dacl_tests[i].sd,
1297 sec_info_dacl_tests[i].set_werr,
1298 sec_info_dacl_tests[i].sid_present,
1299 sec_info_dacl_tests[i].fn,
1302 printf("test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1311 for (i=0; i < ARRAY_SIZE(sec_info_sacl_tests); i++) {
1313 for (a=0; a < ARRAY_SIZE(sd_sacl_good_access_masks); a++) {
1315 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1318 sd_sacl_good_access_masks[a],
1319 sec_info_sacl_tests[i].sec_info,
1320 sec_info_sacl_tests[i].sd,
1321 sec_info_sacl_tests[i].set_werr,
1322 sec_info_sacl_tests[i].sid_present,
1323 sec_info_sacl_tests[i].fn,
1326 printf("test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1334 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
1339 static bool test_SecurityDescriptors(struct dcerpc_pipe *p,
1340 struct torture_context *tctx,
1341 struct policy_handle *handle,
1346 if (!test_SecurityDescriptor(p, tctx, handle, key)) {
1347 printf("test_SecurityDescriptor failed\n");
1351 if (!test_SecurityDescriptorInheritance(p, tctx, handle, key)) {
1352 printf("test_SecurityDescriptorInheritance failed\n");
1356 if (!test_SecurityDescriptorBlockInheritance(p, tctx, handle, key)) {
1357 printf("test_SecurityDescriptorBlockInheritance failed\n");
1361 if (!test_SecurityDescriptorsSecInfo(p, tctx, handle, key)) {
1362 printf("test_SecurityDescriptorsSecInfo failed\n");
1366 if (!test_SecurityDescriptorsMasks(p, tctx, handle, key)) {
1367 printf("test_SecurityDescriptorsMasks failed\n");
1374 static bool test_DeleteKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1375 struct policy_handle *handle, const char *key)
1378 struct winreg_DeleteKey r;
1380 r.in.handle = handle;
1381 init_winreg_String(&r.in.key, key);
1383 status = dcerpc_winreg_DeleteKey(p, tctx, &r);
1385 torture_assert_ntstatus_ok(tctx, status, "DeleteKey failed");
1386 torture_assert_werr_ok(tctx, r.out.result, "DeleteKey failed");
1391 /* DeleteKey on a key with subkey(s) should
1392 * return WERR_ACCESS_DENIED. */
1393 static bool test_DeleteKeyWithSubkey(struct dcerpc_pipe *p,
1394 struct torture_context *tctx,
1395 struct policy_handle *handle,
1398 struct winreg_DeleteKey r;
1400 r.in.handle = handle;
1401 init_winreg_String(&r.in.key, key);
1403 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteKey(p, tctx, &r),
1404 "DeleteKeyWithSubkey failed");
1406 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
1407 "DeleteKeyWithSubkey failed");
1412 static bool test_QueryInfoKey(struct dcerpc_pipe *p,
1413 struct torture_context *tctx,
1414 struct policy_handle *handle, char *class)
1416 struct winreg_QueryInfoKey r;
1417 uint32_t num_subkeys, max_subkeylen, max_subkeysize,
1418 num_values, max_valnamelen, max_valbufsize,
1420 NTTIME last_changed_time;
1423 r.in.handle = handle;
1424 r.out.num_subkeys = &num_subkeys;
1425 r.out.max_subkeylen = &max_subkeylen;
1426 r.out.max_subkeysize = &max_subkeysize;
1427 r.out.num_values = &num_values;
1428 r.out.max_valnamelen = &max_valnamelen;
1429 r.out.max_valbufsize = &max_valbufsize;
1430 r.out.secdescsize = &secdescsize;
1431 r.out.last_changed_time = &last_changed_time;
1433 r.out.classname = talloc(tctx, struct winreg_String);
1435 r.in.classname = talloc(tctx, struct winreg_String);
1436 init_winreg_String(r.in.classname, class);
1438 torture_assert_ntstatus_ok(tctx,
1439 dcerpc_winreg_QueryInfoKey(p, tctx, &r),
1440 "QueryInfoKey failed");
1442 torture_assert_werr_ok(tctx, r.out.result, "QueryInfoKey failed");
1447 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1448 struct policy_handle *handle, int depth);
1450 static bool test_EnumKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1451 struct policy_handle *handle, int depth)
1453 struct winreg_EnumKey r;
1454 struct winreg_StringBuf class, name;
1461 r.in.handle = handle;
1462 r.in.enum_index = 0;
1464 r.in.keyclass = &class;
1466 r.in.last_changed_time = &t;
1472 status = dcerpc_winreg_EnumKey(p, tctx, &r);
1474 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) {
1475 struct policy_handle key_handle;
1477 torture_comment(tctx, "EnumKey: %d: %s\n",
1481 if (!test_OpenKey(p, tctx, handle, r.out.name->name,
1484 test_key(p, tctx, &key_handle, depth + 1);
1490 } while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result));
1492 torture_assert_ntstatus_ok(tctx, status, "EnumKey failed");
1494 if (!W_ERROR_IS_OK(r.out.result) &&
1495 !W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
1496 torture_fail(tctx, "EnumKey failed");
1502 static bool test_QueryMultipleValues(struct dcerpc_pipe *p,
1503 struct torture_context *tctx,
1504 struct policy_handle *handle,
1505 const char *valuename)
1507 struct winreg_QueryMultipleValues r;
1511 r.in.key_handle = handle;
1512 r.in.values = r.out.values = talloc_array(tctx, struct QueryMultipleValue, 1);
1513 r.in.values[0].name = talloc(tctx, struct winreg_String);
1514 r.in.values[0].name->name = valuename;
1515 r.in.values[0].offset = 0;
1516 r.in.values[0].length = 0;
1517 r.in.values[0].type = 0;
1519 r.in.num_values = 1;
1520 r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t);
1521 *r.in.buffer_size = bufsize;
1523 *r.in.buffer_size = bufsize;
1524 r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t,
1527 status = dcerpc_winreg_QueryMultipleValues(p, tctx, &r);
1529 if(NT_STATUS_IS_ERR(status))
1530 torture_fail(tctx, "QueryMultipleValues failed");
1532 talloc_free(r.in.buffer);
1534 } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
1536 torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed");
1541 static bool test_QueryValue(struct dcerpc_pipe *p,
1542 struct torture_context *tctx,
1543 struct policy_handle *handle,
1544 const char *valuename)
1546 struct winreg_QueryValue r;
1548 enum winreg_Type zero_type = 0;
1549 uint32_t offered = 0xfff;
1552 r.in.handle = handle;
1554 r.in.value_name.name = valuename;
1555 r.in.type = &zero_type;
1556 r.in.size = &offered;
1557 r.in.length = &zero;
1559 status = dcerpc_winreg_QueryValue(p, tctx, &r);
1560 if (NT_STATUS_IS_ERR(status)) {
1561 torture_fail(tctx, "QueryValue failed");
1564 torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
1569 static bool test_EnumValue(struct dcerpc_pipe *p, struct torture_context *tctx,
1570 struct policy_handle *handle, int max_valnamelen,
1573 struct winreg_EnumValue r;
1574 enum winreg_Type type = 0;
1575 uint32_t size = max_valbufsize, zero = 0;
1578 struct winreg_StringBuf name;
1583 r.in.handle = handle;
1584 r.in.enum_index = 0;
1589 r.in.length = &zero;
1593 torture_assert_ntstatus_ok(tctx,
1594 dcerpc_winreg_EnumValue(p, tctx, &r),
1595 "EnumValue failed");
1597 if (W_ERROR_IS_OK(r.out.result)) {
1598 ret &= test_QueryValue(p, tctx, handle,
1600 ret &= test_QueryMultipleValues(p, tctx, handle,
1605 } while (W_ERROR_IS_OK(r.out.result));
1607 torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS,
1608 "EnumValue failed");
1613 static bool test_AbortSystemShutdown(struct dcerpc_pipe *p,
1614 struct torture_context *tctx)
1616 struct winreg_AbortSystemShutdown r;
1617 uint16_t server = 0x0;
1619 r.in.server = &server;
1621 torture_assert_ntstatus_ok(tctx,
1622 dcerpc_winreg_AbortSystemShutdown(p, tctx, &r),
1623 "AbortSystemShutdown failed");
1625 torture_assert_werr_ok(tctx, r.out.result,
1626 "AbortSystemShutdown failed");
1631 static bool test_InitiateSystemShutdown(struct torture_context *tctx,
1632 struct dcerpc_pipe *p)
1634 struct winreg_InitiateSystemShutdown r;
1635 uint16_t hostname = 0x0;
1637 r.in.hostname = &hostname;
1638 r.in.message = talloc(tctx, struct initshutdown_String);
1639 init_initshutdown_String(tctx, r.in.message, "spottyfood");
1640 r.in.force_apps = 1;
1644 torture_assert_ntstatus_ok(tctx,
1645 dcerpc_winreg_InitiateSystemShutdown(p, tctx, &r),
1646 "InitiateSystemShutdown failed");
1648 torture_assert_werr_ok(tctx, r.out.result,
1649 "InitiateSystemShutdown failed");
1651 return test_AbortSystemShutdown(p, tctx);
1655 static bool test_InitiateSystemShutdownEx(struct torture_context *tctx,
1656 struct dcerpc_pipe *p)
1658 struct winreg_InitiateSystemShutdownEx r;
1659 uint16_t hostname = 0x0;
1661 r.in.hostname = &hostname;
1662 r.in.message = talloc(tctx, struct initshutdown_String);
1663 init_initshutdown_String(tctx, r.in.message, "spottyfood");
1664 r.in.force_apps = 1;
1669 torture_assert_ntstatus_ok(tctx,
1670 dcerpc_winreg_InitiateSystemShutdownEx(p, tctx, &r),
1671 "InitiateSystemShutdownEx failed");
1673 torture_assert_werr_ok(tctx, r.out.result,
1674 "InitiateSystemShutdownEx failed");
1676 return test_AbortSystemShutdown(p, tctx);
1678 #define MAX_DEPTH 2 /* Only go this far down the tree */
1680 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1681 struct policy_handle *handle, int depth)
1683 if (depth == MAX_DEPTH)
1686 if (!test_QueryInfoKey(p, tctx, handle, NULL)) {
1689 if (!test_NotifyChangeKeyValue(p, tctx, handle)) {
1692 if (!test_GetKeySecurity(p, tctx, handle, NULL)) {
1695 if (!test_EnumKey(p, tctx, handle, depth)) {
1698 if (!test_EnumValue(p, tctx, handle, 0xFF, 0xFFFF)) {
1701 test_CloseKey(p, tctx, handle);
1706 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
1708 static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p,
1711 struct policy_handle handle, newhandle;
1712 bool ret = true, created = false, created2 = false, deleted = false;
1713 bool created3 = false, created_subkey = false;
1714 bool created4 = false;
1715 struct winreg_OpenHKLM r;
1717 winreg_open_fn open_fn = userdata;
1719 r.in.system_name = 0;
1720 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1721 r.out.handle = &handle;
1723 torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, &r),
1726 test_Cleanup(p, tctx, &handle, TEST_KEY1);
1727 test_Cleanup(p, tctx, &handle, TEST_SUBSUBKEY_SD);
1728 test_Cleanup(p, tctx, &handle, TEST_SUBKEY_SD);
1729 test_Cleanup(p, tctx, &handle, TEST_KEY4);
1730 test_Cleanup(p, tctx, &handle, TEST_KEY2);
1731 test_Cleanup(p, tctx, &handle, TEST_SUBKEY);
1732 test_Cleanup(p, tctx, &handle, TEST_KEY3);
1733 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1735 if (!test_CreateKey(p, tctx, &handle, TEST_KEY1, NULL)) {
1736 torture_comment(tctx,
1737 "CreateKey failed - not considering a failure\n");
1742 if (created && !test_FlushKey(p, tctx, &handle)) {
1743 torture_comment(tctx, "FlushKey failed\n");
1747 if (created && !test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle))
1749 "CreateKey failed (OpenKey after Create didn't work)\n");
1751 if (created && !test_CloseKey(p, tctx, &newhandle))
1753 "CreateKey failed (CloseKey after Open didn't work)\n");
1755 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY1)) {
1756 torture_comment(tctx, "DeleteKey failed\n");
1762 if (created && !test_FlushKey(p, tctx, &handle)) {
1763 torture_comment(tctx, "FlushKey failed\n");
1767 if (created && deleted &&
1768 test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle)) {
1769 torture_comment(tctx,
1770 "DeleteKey failed (OpenKey after Delete worked)\n");
1774 if (!test_GetVersion(p, tctx, &handle)) {
1775 torture_comment(tctx, "GetVersion failed\n");
1779 if (created && test_CreateKey_sd(p, tctx, &handle, TEST_KEY2,
1780 NULL, &newhandle)) {
1784 if (created2 && !test_CloseKey(p, tctx, &newhandle)) {
1785 printf("CloseKey failed\n");
1789 if (test_CreateKey_sd(p, tctx, &handle, TEST_KEY4, NULL, &newhandle)) {
1793 if (!created4 && !test_CloseKey(p, tctx, &newhandle)) {
1794 printf("CloseKey failed\n");
1798 if (created4 && !test_SecurityDescriptors(p, tctx, &handle, TEST_KEY4)) {
1802 if (created4 && !test_DeleteKey(p, tctx, &handle, TEST_KEY4)) {
1803 printf("DeleteKey failed\n");
1808 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY2)) {
1809 printf("DeleteKey failed\n");
1813 if (created && test_CreateKey(p, tctx, &handle, TEST_KEY3, NULL)) {
1818 test_CreateKey(p, tctx, &handle, TEST_SUBKEY, NULL)) {
1819 created_subkey = true;
1822 if (created_subkey &&
1823 !test_DeleteKeyWithSubkey(p, tctx, &handle, TEST_KEY3)) {
1824 printf("DeleteKeyWithSubkey failed "
1825 "(DeleteKey didn't return ACCESS_DENIED)\n");
1829 if (created_subkey &&
1830 !test_DeleteKey(p, tctx, &handle, TEST_SUBKEY)) {
1831 printf("DeleteKey failed\n");
1836 !test_DeleteKey(p, tctx, &handle, TEST_KEY3)) {
1837 printf("DeleteKey failed\n");
1841 /* The HKCR hive has a very large fanout */
1842 if (open_fn == (void *)dcerpc_winreg_OpenHKCR) {
1843 if(!test_key(p, tctx, &handle, MAX_DEPTH - 1)) {
1848 if (!test_key(p, tctx, &handle, 0)) {
1852 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1857 struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx)
1862 } open_fns[] = {{"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM },
1863 {"OpenHKU", (winreg_open_fn)dcerpc_winreg_OpenHKU },
1864 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR },
1865 {"OpenHKCU", (winreg_open_fn)dcerpc_winreg_OpenHKCU }};
1867 struct torture_rpc_tcase *tcase;
1868 struct torture_suite *suite = torture_suite_create(mem_ctx, "WINREG");
1869 struct torture_test *test;
1871 tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg",
1874 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown",
1875 test_InitiateSystemShutdown);
1876 test->dangerous = true;
1878 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx",
1879 test_InitiateSystemShutdownEx);
1880 test->dangerous = true;
1882 for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
1883 torture_rpc_tcase_add_test_ex(tcase, open_fns[i].name,
1884 test_Open, open_fns[i].fn);