r.in.system_name = &system_name;
r.in.attr = &attr;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = &handle;
status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
r.in.system_name = "\\";
r.in.attr = &attr;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = handle;
status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
sids.count = 0;
sids.sids = NULL;
- names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
+ names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
init_lsa_String(&names[i], tnames->names[i].name.string);
}
sids.count = 0;
sids.sids = NULL;
- names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
+ names = talloc_array_p(mem_ctx, struct lsa_String, tnames->count);
for (i=0;i<tnames->count;i++) {
init_lsa_String(&names[i], tnames->names[i].name.string);
}
names.count = 0;
names.names = NULL;
- sids.num_sids = 1000;
+ sids.num_sids = 100;
sids.sids = talloc_array_p(mem_ctx, struct lsa_SidPtr, sids.num_sids);
return True;
}
+static BOOL test_LookupPrivValue(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle,
+ struct lsa_String *name)
+{
+ NTSTATUS status;
+ struct lsa_LookupPrivValue r;
+ struct lsa_LUID luid;
+
+ r.in.handle = handle;
+ r.in.name = name;
+ r.out.luid = &luid;
+
+ status = dcerpc_lsa_LookupPrivValue(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("\nLookupPrivValue failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ return True;
+}
+
static BOOL test_LookupPrivName(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
return True;
}
+static BOOL test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *acct_handle,
+ struct lsa_LUID *luid)
+{
+ NTSTATUS status;
+ struct lsa_RemovePrivilegesFromAccount r;
+ struct lsa_PrivilegeSet privs;
+ BOOL ret = True;
+
+ printf("Testing RemovePrivilegesFromAccount\n");
+
+ r.in.handle = acct_handle;
+ r.in.remove_all = 0;
+ r.in.privs = &privs;
+
+ privs.count = 1;
+ privs.unknown = 0;
+ privs.set = talloc_array_p(mem_ctx, struct lsa_LUIDAttribute, 1);
+ privs.set[0].luid = *luid;
+ privs.set[0].attribute = 0;
+
+ status = dcerpc_lsa_RemovePrivilegesFromAccount(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("RemovePrivilegesFromAccount failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ return ret;
+}
+
+static BOOL test_AddPrivilegesToAccount(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *acct_handle,
+ struct lsa_LUID *luid)
+{
+ NTSTATUS status;
+ struct lsa_AddPrivilegesToAccount r;
+ struct lsa_PrivilegeSet privs;
+ BOOL ret = True;
+
+ printf("Testing AddPrivilegesToAccount\n");
+
+ r.in.handle = acct_handle;
+ r.in.privs = &privs;
+
+ privs.count = 1;
+ privs.unknown = 0;
+ privs.set = talloc_array_p(mem_ctx, struct lsa_LUIDAttribute, 1);
+ privs.set[0].luid = *luid;
+ privs.set[0].attribute = 0;
+
+ status = dcerpc_lsa_AddPrivilegesToAccount(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("AddPrivilegesToAccount failed - %s\n", nt_errstr(status));
+ return False;
+ }
+
+ return ret;
+}
+
static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
{
NTSTATUS status;
struct lsa_EnumPrivsAccount r;
+ BOOL ret = True;
printf("Testing EnumPrivsAccount\n");
return False;
}
- if (r.out.privs) {
+ if (r.out.privs && r.out.privs->count > 0) {
int i;
for (i=0;i<r.out.privs->count;i++) {
test_LookupPrivName(p, mem_ctx, handle,
&r.out.privs->set[i].luid);
}
+
+ ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, acct_handle,
+ &r.out.privs->set[0].luid);
+ ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
+ &r.out.privs->set[0].luid);
}
- return True;
+ return ret;
}
static BOOL test_Delete(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.sid = newsid;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.acct_handle = &acct_handle;
status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
r.in.handle = handle;
r.in.info = &trustinfo;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.dom_handle = &dom_handle;
status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
init_lsa_String(&r.in.name, secname);
r.in.handle = handle;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.sec_handle = &sec_handle;
status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
}
r2.in.handle = handle;
- r2.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r2.in.name = r.in.name;
r2.out.sec_handle = &sec_handle2;
NTSTATUS status;
struct lsa_QuerySecurity r;
- printf("Testing QuerySecuriy\n");
+ printf("Testing QuerySecurity\n");
r.in.handle = acct_handle;
r.in.sec_info = 7;
r.in.handle = handle;
r.in.sid = sid;
- r.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.acct_handle = &acct_handle;
status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
r.out.sids = &sids1;
resume_handle = 0;
- status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status)) {
- printf("EnumAccounts failed - %s\n", nt_errstr(status));
- return False;
- }
+ while (True) {
+ status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
+ break;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("EnumAccounts failed - %s\n", nt_errstr(status));
+ return False;
+ }
- if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
- return False;
- }
+ if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
+ return False;
+ }
- if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
- return False;
- }
+ if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
+ return False;
+ }
- printf("testing all accounts\n");
- for (i=0;i<sids1.num_sids;i++) {
- test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
- test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+ printf("testing all accounts\n");
+ for (i=0;i<sids1.num_sids;i++) {
+ test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
+ test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
+ }
+ printf("\n");
}
- printf("\n");
if (sids1.num_sids < 3) {
return True;
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
- r.in.max_count = 1000;
+ r.in.max_count = 100;
r.out.resume_handle = &resume_handle;
r.out.privs = &privs1;
for (i = 0; i< privs1.count; i++) {
test_LookupPrivDisplayName(p, mem_ctx, handle, &privs1.privs[i].name);
+ test_LookupPrivValue(p, mem_ctx, handle, &privs1.privs[i].name);
if (!test_EnumAccountsWithUserRight(p, mem_ctx, handle, &privs1.privs[i].name)) {
ret = False;
}
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
- r.in.num_entries = 1000;
+ r.in.num_entries = 100;
r.out.domains = &domains;
r.out.resume_handle = &resume_handle;
trust.in.handle = handle;
trust.in.sid = domains.domains[i].sid;
- trust.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ trust.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
trust.out.trustdom_handle = &trustdom_handle;
status = dcerpc_lsa_OpenTrustedDomain(p, mem_ctx, &trust);
trust_by_name.in.handle = handle;
trust_by_name.in.name = domains.domains[i].name;
- trust_by_name.in.access_mask = SEC_RIGHTS_MAXIMUM_ALLOWED;
+ trust_by_name.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
trust_by_name.out.trustdom_handle = &trustdom_handle;
status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &trust_by_name);
return ret;
}
+static BOOL test_GetUserName(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle)
+{
+ struct lsa_GetUserName r;
+ NTSTATUS status;
+ BOOL ret = True;
+ struct lsa_StringPointer authority_name_p;
+
+ printf("\nTesting GetUserName\n");
+
+ r.in.system_name = "\\";
+ r.in.account_name = NULL;
+ r.in.authority_name = &authority_name_p;
+ authority_name_p.string = NULL;
+
+ status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("GetUserName failed - %s\n", nt_errstr(status));
+ ret = False;
+ }
+
+ return ret;
+}
+
static BOOL test_Close(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
if (!test_QueryInfoPolicy2(p, mem_ctx, &handle)) {
ret = False;
}
-
+
+ if (!test_GetUserName(p, mem_ctx, &handle)) {
+ ret = False;
+ }
+
#if 0
if (!test_Delete(p, mem_ctx, &handle)) {
ret = False;