#include "includes.h"
#include "librpc/gen_ndr/ndr_winreg.h"
+static void init_initshutdown_String(TALLOC_CTX *mem_ctx, struct initshutdown_String *name, const char *s)
+{
+ name->name = talloc(mem_ctx, struct initshutdown_String_sub);
+ name->name->name = s;
+}
+
static void init_winreg_String(struct winreg_String *name, const char *s)
{
name->name = s;
return True;
}
+static BOOL test_NotifyChangeKeyValue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ struct winreg_NotifyChangeKeyValue r;
+ NTSTATUS status;
+
+ printf("\ntesting NotifyChangeKeyValue\n");
+
+ r.in.handle = handle;
+ r.in.watch_subtree = 1;
+ r.in.notify_filter = 0;
+ r.in.unknown = r.in.unknown2 = 0;
+ init_winreg_String(&r.in.string1, NULL);
+ init_winreg_String(&r.in.string2, NULL);
+
+ status = dcerpc_winreg_NotifyChangeKeyValue(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("NotifyChangeKeyValue failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("NotifyChangeKeyValue failed - %s - not considering\n", win_errstr(r.out.result));
+ return True;
+ }
+
+ return True;
+}
+
static BOOL test_CreateKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle, const char *name,
const char *class)
struct winreg_CreateKey r;
struct policy_handle newhandle;
NTSTATUS status;
- uint32_t sec_info = 0;
+ uint32_t action_taken = 0;
printf("\ntesting CreateKey\n");
r.out.handle = &newhandle;
init_winreg_String(&r.in.key, name);
init_winreg_String(&r.in.class, class);
- r.in.reserved = 0x0;
- r.in.access_mask = 0x02000000;
- r.in.sec_info = &sec_info;
+ r.in.options = 0x0;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ r.in.action_taken = r.out.action_taken = &action_taken;
r.in.sec_desc = NULL;
status = dcerpc_winreg_CreateKey(p, mem_ctx, &r);
return True;
}
+static BOOL test_GetKeySecurity(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ NTSTATUS status;
+ struct winreg_GetKeySecurity r;
+
+ printf("\ntesting GetKeySecurity\n");
+
+ ZERO_STRUCT(r);
+
+ r.in.handle = handle;
+ r.in.data = r.out.data = talloc_zero(mem_ctx, struct KeySecurityData);
+ r.in.data->size = 0xffff;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+
+ status = dcerpc_winreg_GetKeySecurity(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("GetKeySecurity failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("GetKeySecurity failed - %s\n", win_errstr(r.out.result));
+ return False;
+ }
+
+ return False;
+}
+
static BOOL test_CloseKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
{
return True;
}
+static BOOL test_QueryMultipleValues(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, const char *valuename)
+{
+ struct winreg_QueryMultipleValues r;
+ NTSTATUS status;
+
+ printf("Testing QueryMultipleValues\n");
+
+ r.in.key_handle = handle;
+ r.in.values = r.out.values = talloc_array(mem_ctx, struct QueryMultipleValue, 1);
+ r.in.values[0].name = talloc(mem_ctx, struct winreg_String);
+ r.in.values[0].name->name = valuename;
+ r.in.values[0].offset = 0;
+ r.in.values[0].length = 0;
+ r.in.values[0].type = 0;
+
+ r.in.num_values = 1;
+ r.in.buffer_size = r.out.buffer_size = talloc(mem_ctx, uint32_t);
+ *r.in.buffer_size = 0x00;
+ r.in.buffer = r.out.buffer = talloc_zero_array(mem_ctx, uint8_t, *r.in.buffer_size);
+
+ do {
+ *r.in.buffer_size += 0x20;
+
+ status = dcerpc_winreg_QueryMultipleValues(p, mem_ctx, &r);
+
+ if(NT_STATUS_IS_ERR(status)) {
+ printf("QueryMultipleValues failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
+
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("QueryMultipleValues failed - %s\n", win_errstr(r.out.result));
+ return False;
+ }
+
+ return True;
+}
+
static BOOL test_QueryValue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, const char *valuename)
{
struct winreg_QueryValue r;
NTSTATUS status;
- struct EnumValueNameOut valname;
- uint32 zero = 0;
- uint32 offered = 0xfff;
-
- valname.name = valuename;
+ uint32_t zero = 0;
+ uint32_t offered = 0xfff;
printf("Testing QueryValue\n");
r.in.handle = handle;
+ r.in.data = NULL;
r.in.value_name.name = valuename;
r.in.type = &zero;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
- r.in.offered = &offered;
- r.in.value_len1 = &offered;
- r.in.value_len2 = &zero;
+ r.in.size = &offered;
+ r.in.length = &zero;
status = dcerpc_winreg_QueryValue(p, mem_ctx, &r);
if(NT_STATUS_IS_ERR(status)) {
struct policy_handle *handle, int max_valnamelen, int max_valbufsize)
{
struct winreg_EnumValue r;
- struct EnumValueIn buf_name;
- struct EnumValueIn buf_val;
- uint32 type;
- uint32 len1 = max_valbufsize, len2 = 0;
+ uint32_t type = 0;
+ uint32_t size = max_valbufsize, zero = 0;
BOOL ret = True;
+ uint8_t buf8;
+ uint16_t buf16;
printf("testing EnumValue\n");
r.in.handle = handle;
r.in.enum_index = 0;
- r.in.name_in.len = 0;
- r.in.name_in.max_len = max_valnamelen * 2;
- buf_name.max_len = max_valnamelen;
- buf_name.offset = 0;
- buf_name.len = 0;
- r.in.name_in.buffer = &buf_name;
+ r.in.name_in.length = 0;
+ r.in.name_in.size = 0x200;
+ r.in.name_in.name = &buf16;
r.in.type = &type;
- buf_val.max_len = max_valbufsize;
- buf_val.offset = 0;
- buf_val.len = 0;
- r.in.value_in = &buf_val;
- r.in.value_len1 = &len1;
- r.in.value_len2 = &len2;
+ r.in.value = &buf8;
+ r.in.length = &zero;
+ r.in.size = &size;
do {
NTSTATUS status = dcerpc_winreg_EnumValue(p, mem_ctx, &r);
if (W_ERROR_IS_OK(r.out.result)) {
ret &= test_QueryValue(p, mem_ctx, handle, r.out.name_out.name);
+ ret &= test_QueryMultipleValues(p, mem_ctx, handle, r.out.name_out.name);
}
r.in.enum_index++;
return False;
}
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("OpenHKU failed - %s\n", win_errstr(r.out.result));
+ return False;
+ }
+
return ret;
}
return False;
}
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("OpenHKU failed - %s\n", win_errstr(r.out.result));
+ return False;
+ }
return ret;
}
{
struct winreg_InitiateSystemShutdown r;
NTSTATUS status;
+ uint16_t hostname = 0x0;
- init_winreg_String(&r.in.message, msg);
- r.in.flags = 0;
+ r.in.hostname = &hostname;
+ r.in.message = talloc(mem_ctx, struct initshutdown_String);
+ init_initshutdown_String(mem_ctx, r.in.message, msg);
+ r.in.force_apps = 1;
r.in.timeout = timeout;
+ r.in.reboot = 1;
status = dcerpc_winreg_InitiateSystemShutdown(p, mem_ctx, &r);
return True;
}
+static BOOL test_InitiateSystemShutdownEx(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
+ const char *msg, uint32_t timeout)
+{
+ struct winreg_InitiateSystemShutdownEx r;
+ NTSTATUS status;
+ uint16_t hostname = 0x0;
+
+ r.in.hostname = &hostname;
+ r.in.message = talloc(mem_ctx, struct initshutdown_String);
+ init_initshutdown_String(mem_ctx, r.in.message, msg);
+ r.in.force_apps = 1;
+ r.in.timeout = timeout;
+ r.in.reboot = 1;
+ r.in.reason = 0;
+
+ status = dcerpc_winreg_InitiateSystemShutdownEx(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("InitiateSystemShutdownEx failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ if (!W_ERROR_IS_OK(r.out.result)) {
+ printf("InitiateSystemShutdownEx failed - %s\n", win_errstr(r.out.result));
+ return False;
+ }
+
+ return True;
+}
+
static BOOL test_AbortSystemShutdown(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
{
struct winreg_AbortSystemShutdown r;
if (!test_QueryInfoKey(p, mem_ctx, handle, NULL)) {
}
+
+ if (!test_NotifyChangeKeyValue(p, mem_ctx, handle)) {
+ }
+
+ if (!test_GetKeySecurity(p, mem_ctx, handle)) {
+ }
+
if (!test_EnumKey(p, mem_ctx, handle, depth)) {
}
if (!test_EnumValue(p, mem_ctx, handle, 0xFF, 0xFFFF)) {
}
+
test_CloseKey(p, mem_ctx, handle);
return True;
static BOOL test_Open(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, void *fn)
{
struct policy_handle handle, newhandle;
- BOOL ret = True;
+ BOOL ret = True, created = False, deleted = False;
winreg_open_fn *open_fn = (winreg_open_fn *)fn;
if (!open_fn(p, mem_ctx, &handle)) {
}
if (!test_CreateKey(p, mem_ctx, &handle, "spottyfoot", NULL)) {
- printf("CreateKey failed\n");
- ret = False;
+ printf("CreateKey failed - not considering a failure\n");
+ } else {
+ created = True;
}
- if (!test_FlushKey(p, mem_ctx, &handle)) {
+ if (created && !test_FlushKey(p, mem_ctx, &handle)) {
printf("FlushKey failed\n");
ret = False;
}
- if (!test_OpenKey(p, mem_ctx, &handle, "spottyfoot", &newhandle)) {
+ if (created && !test_OpenKey(p, mem_ctx, &handle, "spottyfoot", &newhandle)) {
printf("CreateKey failed (OpenKey after Create didn't work)\n");
ret = False;
}
- if (!test_DeleteKey(p, mem_ctx, &handle, "spottyfoot")) {
+ if (created && !test_DeleteKey(p, mem_ctx, &handle, "spottyfoot")) {
printf("DeleteKey failed\n");
ret = False;
+ } else {
+ deleted = True;
}
- if (!test_FlushKey(p, mem_ctx, &handle)) {
+ if (created && !test_FlushKey(p, mem_ctx, &handle)) {
printf("FlushKey failed\n");
ret = False;
}
- if (test_OpenKey(p, mem_ctx, &handle, "spottyfoot", &newhandle)) {
+ if (deleted && test_OpenKey(p, mem_ctx, &handle, "spottyfoot", &newhandle)) {
printf("DeleteKey failed (OpenKey after Delete didn't work)\n");
ret = False;
}
BOOL torture_rpc_winreg(void)
{
NTSTATUS status;
- struct dcerpc_pipe *p;
+ struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
winreg_open_fn *open_fns[] = { test_OpenHKLM, test_OpenHKU,
mem_ctx = talloc_init("torture_rpc_winreg");
- status = torture_rpc_connection(&p,
+ status = torture_rpc_connection(mem_ctx,
+ &p,
DCERPC_WINREG_NAME,
DCERPC_WINREG_UUID,
DCERPC_WINREG_VERSION);
if (!NT_STATUS_IS_OK(status)) {
+ talloc_free(mem_ctx);
return False;
}
- if(!test_InitiateSystemShutdown(p, mem_ctx, "spottyfood", 30))
- ret = False;
-
- if(!test_AbortSystemShutdown(p, mem_ctx))
- ret = False;
+ if (!lp_parm_bool(-1, "torture", "dangerous", False)) {
+ printf("winreg_InitiateShutdown disabled - enable dangerous tests to use\n");
+ } else {
+ ret &= test_InitiateSystemShutdown(p, mem_ctx, "spottyfood", 30);
+ ret &= test_AbortSystemShutdown(p, mem_ctx);
+ ret &= test_InitiateSystemShutdownEx(p, mem_ctx, "spottyfood", 30);
+ ret &= test_AbortSystemShutdown(p, mem_ctx);
+ }
for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
if (!test_Open(p, mem_ctx, open_fns[i]))
ret = False;
}
- talloc_destroy(mem_ctx);
-
- torture_rpc_close(p);
+ talloc_free(mem_ctx);
return ret;
}