torture/rpc/lsa: allow testing different lookup levels
authorAlexander Bokovoy <ab@samba.org>
Thu, 1 Aug 2019 18:08:52 +0000 (21:08 +0300)
committerAlexander Bokovoy <ab@samba.org>
Wed, 14 Aug 2019 11:49:33 +0000 (11:49 +0000)
Convert torture/rpc/lsa LookupNames/LookupSids code to allow testing
different LSA_LOOKUP_NAMES_* levels. Keep existing level 1
(LSA_LOOKUP_NAMES_ALL) for the current set of tests.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
source4/torture/rpc/lsa.c
source4/torture/rpc/schannel.c

index 5b16ed9..fdbfcbf 100644 (file)
@@ -281,6 +281,7 @@ static bool test_OpenPolicy2_fail(struct dcerpc_binding_handle *b,
 static bool test_LookupNames(struct dcerpc_binding_handle *b,
                             struct torture_context *tctx,
                             struct policy_handle *handle,
+                            enum lsa_LookupNamesLevel level,
                             struct lsa_TransNameArray *tnames)
 {
        struct lsa_LookupNames r;
@@ -313,7 +314,7 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
        r.in.handle = handle;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
@@ -369,7 +370,8 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b,
 
 static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
                                   struct torture_context *tctx,
-                                  struct policy_handle *handle)
+                                  struct policy_handle *handle,
+                                  enum lsa_LookupNamesLevel level)
 {
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
@@ -388,7 +390,7 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
        r.in.num_names = 1;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
@@ -409,7 +411,8 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b,
 
 static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
                                  struct torture_context *tctx,
-                                 struct policy_handle *handle)
+                                 struct policy_handle *handle,
+                                 enum lsa_LookupNamesLevel level)
 {
        struct lsa_LookupNames r;
        struct lsa_TransSidArray sids;
@@ -428,7 +431,7 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
        r.in.num_names = 1;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.out.count = &count;
        r.out.sids = &sids;
@@ -453,7 +456,8 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b,
 
 static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b,
                                       struct torture_context *tctx,
-                                      struct policy_handle *handle)
+                                      struct policy_handle *handle,
+                                      enum lsa_LookupNamesLevel level)
 {
        struct lsa_TranslatedName name;
        struct lsa_TransNameArray tnames;
@@ -465,45 +469,46 @@ static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b,
        tnames.count = 1;
        name.name.string = "NT AUTHORITY\\SYSTEM";
        name.sid_type = SID_NAME_WKN_GRP;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "NT AUTHORITY\\ANONYMOUS LOGON";
        name.sid_type = SID_NAME_WKN_GRP;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "NT AUTHORITY\\Authenticated Users";
        name.sid_type = SID_NAME_WKN_GRP;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
 #if 0
        name.name.string = "NT AUTHORITY";
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "NT AUTHORITY\\";
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 #endif
 
        name.name.string = "BUILTIN\\";
        name.sid_type = SID_NAME_DOMAIN;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "BUILTIN\\Administrators";
        name.sid_type = SID_NAME_ALIAS;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "SYSTEM";
        name.sid_type = SID_NAME_WKN_GRP;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
 
        name.name.string = "Everyone";
        name.sid_type = SID_NAME_WKN_GRP;
-       ret &= test_LookupNames(b, tctx, handle, &tnames);
+       ret &= test_LookupNames(b, tctx, handle, level, &tnames);
        return ret;
 }
 
 static bool test_LookupNames2(struct dcerpc_binding_handle *b,
                              struct torture_context *tctx,
                              struct policy_handle *handle,
+                             enum lsa_LookupNamesLevel level,
                              struct lsa_TransNameArray2 *tnames,
                              bool check_result)
 {
@@ -536,7 +541,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b,
        r.in.handle = handle;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -565,6 +570,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b,
 static bool test_LookupNames3(struct dcerpc_binding_handle *b,
                              struct torture_context *tctx,
                              struct policy_handle *handle,
+                             enum lsa_LookupNamesLevel level,
                              struct lsa_TransNameArray2 *tnames,
                              bool check_result)
 {
@@ -596,7 +602,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b,
        r.in.handle = handle;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -624,6 +630,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b,
 
 static bool test_LookupNames4(struct dcerpc_binding_handle *b,
                              struct torture_context *tctx,
+                             enum lsa_LookupNamesLevel level,
                              struct lsa_TransNameArray2 *tnames,
                              bool check_result)
 {
@@ -655,7 +662,7 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b,
        r.in.num_names = tnames->count;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -693,7 +700,8 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b,
 }
 
 static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
-                                  struct torture_context *tctx)
+                                  struct torture_context *tctx,
+                                  enum lsa_LookupNamesLevel level)
 {
        struct lsa_LookupNames4 r;
        struct lsa_TransSidArray3 sids;
@@ -712,7 +720,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
        r.in.num_names = count;
        r.in.names = names;
        r.in.sids = &sids;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -760,6 +768,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b,
 static bool test_LookupSids(struct dcerpc_binding_handle *b,
                            struct torture_context *tctx,
                            struct policy_handle *handle,
+                           enum lsa_LookupNamesLevel level,
                            struct lsa_SidArray *sids)
 {
        struct lsa_LookupSids r;
@@ -775,7 +784,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
        r.in.handle = handle;
        r.in.sids = sids;
        r.in.names = &names;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.out.count = &count;
        r.out.names = &names;
@@ -790,7 +799,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
 
        torture_comment(tctx, "\n");
 
-       if (!test_LookupNames(b, tctx, handle, &names)) {
+       if (!test_LookupNames(b, tctx, handle, level, &names)) {
                return false;
        }
 
@@ -801,6 +810,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b,
 static bool test_LookupSids2(struct dcerpc_binding_handle *b,
                            struct torture_context *tctx,
                            struct policy_handle *handle,
+                           enum lsa_LookupNamesLevel level,
                            struct lsa_SidArray *sids)
 {
        struct lsa_LookupSids2 r;
@@ -816,7 +826,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
        r.in.handle = handle;
        r.in.sids = sids;
        r.in.names = &names;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -835,11 +845,11 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
 
        torture_comment(tctx, "\n");
 
-       if (!test_LookupNames2(b, tctx, handle, &names, false)) {
+       if (!test_LookupNames2(b, tctx, handle, level, &names, false)) {
                return false;
        }
 
-       if (!test_LookupNames3(b, tctx, handle, &names, false)) {
+       if (!test_LookupNames3(b, tctx, handle, level, &names, false)) {
                return false;
        }
 
@@ -848,6 +858,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
 
 static bool test_LookupSids3(struct dcerpc_binding_handle *b,
                            struct torture_context *tctx,
+                           enum lsa_LookupNamesLevel level,
                            struct lsa_SidArray *sids)
 {
        struct lsa_LookupSids3 r;
@@ -862,7 +873,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
 
        r.in.sids = sids;
        r.in.names = &names;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -891,7 +902,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
 
        torture_comment(tctx, "\n");
 
-       if (!test_LookupNames4(b, tctx, &names, true)) {
+       if (!test_LookupNames4(b, tctx, level, &names, true)) {
                return false;
        }
 
@@ -900,6 +911,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
 
 static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
                                  struct torture_context *tctx,
+                                 enum lsa_LookupNamesLevel level,
                                  struct lsa_SidArray *sids)
 {
        struct lsa_LookupSids3 r;
@@ -915,7 +927,7 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
 
        r.in.sids = sids;
        r.in.names = &names;
-       r.in.level = 1;
+       r.in.level = level;
        r.in.count = &count;
        r.in.lookup_options = 0;
        r.in.client_revision = 0;
@@ -959,7 +971,8 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
 
 bool test_many_LookupSids(struct dcerpc_pipe *p,
                          struct torture_context *tctx,
-                         struct policy_handle *handle)
+                         struct policy_handle *handle,
+                         enum lsa_LookupNamesLevel level)
 {
        uint32_t count;
        struct lsa_SidArray sids;
@@ -990,7 +1003,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
                r.in.handle = handle;
                r.in.sids = &sids;
                r.in.names = &names;
-               r.in.level = 1;
+               r.in.level = level;
                r.in.count = &names.count;
                r.out.count = &count;
                r.out.names = &names;
@@ -1006,16 +1019,16 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 
                torture_comment(tctx, "\n");
 
-               if (!test_LookupNames(b, tctx, handle, &names)) {
+               if (!test_LookupNames(b, tctx, handle, level, &names)) {
                        return false;
                }
        }
 
        if (transport == NCACN_NP) {
-               if (!test_LookupSids3_fail(b, tctx, &sids)) {
+               if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
                        return false;
                }
-               if (!test_LookupNames4_fail(b, tctx)) {
+               if (!test_LookupNames4_fail(b, tctx, level)) {
                        return false;
                }
        } else if (transport == NCACN_IP_TCP) {
@@ -1031,10 +1044,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
 
                if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
                    auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
-                       if (!test_LookupSids3(b, tctx, &sids)) {
+                       if (!test_LookupSids3(b, tctx, level, &sids)) {
                                return false;
                        }
-                       if (!test_LookupNames4(b, tctx, &names, true)) {
+                       if (!test_LookupNames4(b, tctx, level, &names, true)) {
                                return false;
                        }
                } else {
@@ -1042,10 +1055,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
                         * If we don't have a secure channel these tests must
                         * fail with ACCESS_DENIED.
                         */
-                       if (!test_LookupSids3_fail(b, tctx, &sids)) {
+                       if (!test_LookupSids3_fail(b, tctx, level, &sids)) {
                                return false;
                        }
-                       if (!test_LookupNames4_fail(b, tctx)) {
+                       if (!test_LookupNames4_fail(b, tctx, level)) {
                                return false;
                        }
                }
@@ -1077,7 +1090,8 @@ static void lookupsids_cb(struct tevent_req *subreq)
 
 static bool test_LookupSids_async(struct dcerpc_binding_handle *b,
                                  struct torture_context *tctx,
-                                 struct policy_handle *handle)
+                                 struct policy_handle *handle,
+                                 enum lsa_LookupNamesLevel level)
 {
        struct lsa_SidArray sids;
        struct lsa_SidPtr sidptr;
@@ -1112,7 +1126,7 @@ static bool test_LookupSids_async(struct dcerpc_binding_handle *b,
                r[i].in.handle = handle;
                r[i].in.sids = &sids;
                r[i].in.names = &names[i];
-               r[i].in.level = 1;
+               r[i].in.level = level;
                r[i].in.count = &names[i].count;
                r[i].out.count = &count[i];
                r[i].out.names = &names[i];
@@ -1923,11 +1937,11 @@ static bool test_EnumAccounts(struct dcerpc_binding_handle *b,
                torture_assert_ntstatus_ok(tctx, r.out.result,
                        "EnumAccounts failed");
 
-               if (!test_LookupSids(b, tctx, handle, &sids1)) {
+               if (!test_LookupSids(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
                        return false;
                }
 
-               if (!test_LookupSids2(b, tctx, handle, &sids1)) {
+               if (!test_LookupSids2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) {
                        return false;
                }
 
@@ -4836,7 +4850,7 @@ static bool test_QueryInfoPolicyCalls(    bool version2,
                        tnames.names[12].sid_type = SID_NAME_USER;
                        tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string);
                        tnames.names[13].sid_type = SID_NAME_USER;
-                       ret &= test_LookupNames(b, tctx, handle, &tnames);
+                       ret &= test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames);
 
                }
        }
@@ -5002,7 +5016,7 @@ bool torture_rpc_lsa(struct torture_context *tctx)
                        ret = false;
                }
 
-               if (!test_many_LookupSids(p, tctx, handle)) {
+               if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                        ret = false;
                }
 
@@ -5023,7 +5037,7 @@ bool torture_rpc_lsa(struct torture_context *tctx)
                        ret = false;
                }
 
-               if (!test_LookupSids_async(b, tctx, handle)) {
+               if (!test_LookupSids_async(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                        ret = false;
                }
 
@@ -5047,7 +5061,7 @@ bool torture_rpc_lsa(struct torture_context *tctx)
                        ret = false;
                }
 
-               if (!test_many_LookupSids(p, tctx, handle)) {
+               if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                        ret = false;
                }
 
@@ -5058,7 +5072,7 @@ bool torture_rpc_lsa(struct torture_context *tctx)
                torture_leave_domain(tctx, join);
 
        } else {
-               if (!test_many_LookupSids(p, tctx, handle)) {
+               if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                        ret = false;
                }
        }
@@ -5133,7 +5147,7 @@ static bool testcase_LookupNames(struct torture_context *tctx,
        tnames.names[0].name.string = "BUILTIN";
        tnames.names[0].sid_type = SID_NAME_DOMAIN;
 
-       if (!test_LookupNames(b, tctx, handle, &tnames)) {
+       if (!test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames)) {
                ret = false;
        }
 
@@ -5143,23 +5157,23 @@ static bool testcase_LookupNames(struct torture_context *tctx,
        tnames2.names[0].name.string = "BUILTIN";
        tnames2.names[0].sid_type = SID_NAME_DOMAIN;
 
-       if (!test_LookupNames2(b, tctx, handle, &tnames2, true)) {
+       if (!test_LookupNames2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) {
                ret = false;
        }
 
-       if (!test_LookupNames3(b, tctx, handle, &tnames2, true)) {
+       if (!test_LookupNames3(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) {
                ret = false;
        }
 
-       if (!test_LookupNames_wellknown(b, tctx, handle)) {
+       if (!test_LookupNames_wellknown(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                ret = false;
        }
 
-       if (!test_LookupNames_NULL(b, tctx, handle)) {
+       if (!test_LookupNames_NULL(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                ret = false;
        }
 
-       if (!test_LookupNames_bogus(b, tctx, handle)) {
+       if (!test_LookupNames_bogus(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) {
                ret = false;
        }
 
index 5b40af2..fff0b1a 100644 (file)
@@ -470,7 +470,7 @@ static bool test_schannel(struct torture_context *tctx,
                "failed to connect lsarpc with schannel");
 
        torture_assert(tctx,
-               test_many_LookupSids(p_lsa, tctx, NULL),
+               test_many_LookupSids(p_lsa, tctx, NULL, LSA_LOOKUP_NAMES_ALL),
                "LsaLookupSids3 failed!\n");
 
        status = dcerpc_binding_set_transport(b, transport);