2 Unix SMB/CIFS implementation.
4 test suite for behaviour of rpc policy handles
6 Copyright (C) Andrew Tridgell 2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/ndr_samr_c.h"
24 #include "librpc/gen_ndr/ndr_lsa_c.h"
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/torture_rpc.h"
29 this tests the use of policy handles between connections
32 static bool test_handles_lsa(struct torture_context *torture)
35 struct dcerpc_pipe *p1, *p2;
36 struct dcerpc_binding_handle *b1, *b2;
37 struct policy_handle handle;
38 struct policy_handle handle2;
39 struct lsa_ObjectAttribute attr;
40 struct lsa_QosInfo qos;
41 struct lsa_OpenPolicy r;
43 uint16_t system_name = '\\';
44 TALLOC_CTX *mem_ctx = talloc_new(torture);
46 torture_comment(torture, "RPC-HANDLE-LSARPC\n");
48 status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
49 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
50 b1 = p1->binding_handle;
52 status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
53 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
54 b2 = p2->binding_handle;
57 qos.impersonation_level = 2;
59 qos.effective_only = 0;
63 attr.object_name = NULL;
68 r.in.system_name = &system_name;
70 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
71 r.out.handle = &handle;
73 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
75 if (!NT_STATUS_IS_OK(r.out.result)) {
76 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
81 c.in.handle = &handle;
82 c.out.handle = &handle2;
84 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
85 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
86 "closing policy handle on p2");
88 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
90 torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
92 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
93 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
94 "closing policy handle on p1 again");
101 static bool test_handles_lsa_shared(struct torture_context *torture)
104 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
105 struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
106 struct policy_handle handle;
107 struct policy_handle handle2;
108 struct lsa_ObjectAttribute attr;
109 struct lsa_QosInfo qos;
110 struct lsa_OpenPolicy r;
112 struct lsa_QuerySecurity qsec;
113 struct sec_desc_buf *sdbuf = NULL;
114 uint16_t system_name = '\\';
115 TALLOC_CTX *mem_ctx = talloc_new(torture);
116 enum dcerpc_transport_t transport;
117 uint32_t assoc_group_id;
119 torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
121 torture_comment(torture, "connect lsa pipe1\n");
122 status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
123 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
124 b1 = p1->binding_handle;
126 transport = p1->conn->transport.transport;
127 assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
129 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
131 torture_comment(torture, "connect lsa pipe2\n");
132 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
136 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
137 b2 = p2->binding_handle;
139 torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
140 dcerpc_binding_get_assoc_group_id(p2->binding));
143 qos.impersonation_level = 2;
144 qos.context_mode = 1;
145 qos.effective_only = 0;
148 attr.root_dir = NULL;
149 attr.object_name = NULL;
151 attr.sec_desc = NULL;
154 r.in.system_name = &system_name;
156 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
157 r.out.handle = &handle;
159 torture_comment(torture, "open lsa policy handle\n");
160 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
161 "OpenPolicy failed");
162 if (!NT_STATUS_IS_OK(r.out.result)) {
163 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
164 talloc_free(mem_ctx);
169 * connect p3 after the policy handle is opened
171 torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
172 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
176 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
177 b3 = p3->binding_handle;
179 qsec.in.handle = &handle;
180 qsec.in.sec_info = 0;
181 qsec.out.sdbuf = &sdbuf;
182 c.in.handle = &handle;
183 c.out.handle = &handle2;
186 * use policy handle on all 3 connections
188 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
189 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
190 "QuerySecurity failed");
191 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
192 "use policy handle on p1");
194 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
195 "QuerySecurity failed");
196 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
197 "use policy handle on p2");
199 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
200 "QuerySecurity failed");
201 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
202 "use policy handle on p3");
205 * close policy handle on connection 2 and the others get a fault
207 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
208 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
210 torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
211 "closing policy handle on p2");
213 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
215 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
216 "closing policy handle on p1 again");
218 status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
219 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
220 "closing policy handle on p3");
222 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
223 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
224 "closing policy handle on p2 again");
227 * open a new policy handle on p3
229 torture_comment(torture, "open a new policy handle on p3\n");
230 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
231 "OpenPolicy failed");
232 torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
233 "open policy handle on p3");
236 * use policy handle on all 3 connections
238 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
239 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
240 "Query Security failed");
241 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
242 "use policy handle on p1");
244 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
245 "Query Security failed");
246 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
247 "use policy handle on p2");
249 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
250 "Query Security failed");
251 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
252 "use policy handle on p3");
255 * close policy handle on connection 2 and the others get a fault
257 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
258 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
260 torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
261 "closing policy handle on p2");
263 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
264 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
265 "closing policy handle on p1 again");
267 status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
268 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
269 "closing policy handle on p3");
271 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
272 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
273 "closing policy handle on p2 again");
276 * open a new policy handle
278 torture_comment(torture, "open a new policy handle on p1 and use it\n");
279 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
280 "OpenPolicy failed");
281 torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
282 "open 2nd policy handle on p1");
284 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
285 "QuerySecurity failed");
286 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
287 "QuerySecurity handle on p1");
289 /* close first connection */
290 torture_comment(torture, "disconnect p1\n");
295 * and it's still available on p2,p3
297 torture_comment(torture, "use policy handle on p2,p3\n");
298 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
299 "QuerySecurity failed");
300 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
301 "QuerySecurity handle on p2 after p1 was disconnected");
303 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
304 "QuerySecurity failed");
305 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
306 "QuerySecurity handle on p3 after p1 was disconnected");
310 * and use the handle on it
312 torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
313 status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
317 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
318 b4 = p4->binding_handle;
320 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
321 "QuerySecurity failed");
322 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
323 "using policy handle on p4");
327 * without closing the policy handle
329 torture_comment(torture, "disconnect p2,p3,p4\n");
338 torture_comment(torture, "connect lsa pipe5 - should fail\n");
339 status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
343 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
344 "opening lsa pipe5");
346 talloc_free(mem_ctx);
352 static bool test_handles_samr(struct torture_context *torture)
355 struct dcerpc_pipe *p1, *p2;
356 struct dcerpc_binding_handle *b1, *b2;
357 struct policy_handle handle;
358 struct policy_handle handle2;
359 struct samr_Connect r;
361 TALLOC_CTX *mem_ctx = talloc_new(torture);
363 torture_comment(torture, "RPC-HANDLE-SAMR\n");
365 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
366 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
367 b1 = p1->binding_handle;
369 status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
370 torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
371 b2 = p2->binding_handle;
373 r.in.system_name = 0;
374 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
375 r.out.connect_handle = &handle;
377 torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
379 torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
381 c.in.handle = &handle;
382 c.out.handle = &handle2;
384 status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
385 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
386 "closing policy handle on p2");
388 torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
390 torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
392 status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
393 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
394 "closing policy handle on p1 again");
396 talloc_free(mem_ctx);
401 static bool test_handles_mixed_shared(struct torture_context *torture)
404 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
405 struct dcerpc_binding_handle *b1, *b2;
406 struct policy_handle handle;
407 struct policy_handle handle2;
408 struct samr_Connect r;
410 struct samr_Close sc;
411 TALLOC_CTX *mem_ctx = talloc_new(torture);
412 enum dcerpc_transport_t transport;
413 uint32_t assoc_group_id;
415 torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
417 torture_comment(torture, "connect samr pipe1\n");
418 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
419 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
420 b1 = p1->binding_handle;
422 transport = p1->conn->transport.transport;
423 assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
425 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
427 torture_comment(torture, "connect lsa pipe2\n");
428 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
432 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
433 b2 = p2->binding_handle;
435 torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
436 dcerpc_binding_get_assoc_group_id(p2->binding));
437 r.in.system_name = 0;
438 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
439 r.out.connect_handle = &handle;
441 torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
442 torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
444 torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
446 lc.in.handle = &handle;
447 lc.out.handle = &handle2;
448 sc.in.handle = &handle;
449 sc.out.handle = &handle2;
451 torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
452 status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
453 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
454 "closing handle on lsa p2");
456 torture_comment(torture, "closing policy handle on samr p1\n");
457 torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
459 torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
465 torture_comment(torture, "connect samr pipe3 - should fail\n");
466 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
470 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
471 "opening samr pipe3");
473 torture_comment(torture, "connect lsa pipe4 - should fail\n");
474 status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
478 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
479 "opening lsa pipe4");
482 * We use ~assoc_group_id instead of p1->assoc_group_id, because
483 * this way we are less likely to use an id which is already in use.
485 assoc_group_id = ~assoc_group_id;
486 torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
487 status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
491 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
492 "opening samr pipe5");
494 torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
495 status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
499 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
500 "opening lsa pipe6");
502 talloc_free(mem_ctx);
507 static bool test_handles_random_assoc(struct torture_context *torture)
510 struct dcerpc_pipe *p1, *p2, *p3;
511 TALLOC_CTX *mem_ctx = talloc_new(torture);
512 enum dcerpc_transport_t transport;
513 uint32_t assoc_group_id;
515 torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
517 torture_comment(torture, "connect samr pipe1\n");
518 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
519 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
521 torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n",
522 dcerpc_binding_get_assoc_group_id(p1->binding));
524 transport = p1->conn->transport.transport;
526 * We use ~p1->assoc_group_id instead of p1->assoc_group_id, because
527 * this way we are less likely to use an id which is already in use.
529 assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding);
530 assoc_group_id = ~assoc_group_id;
532 torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
533 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
537 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
538 "opening samr pipe2");
540 torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
541 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
545 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
546 "opening samr pipe3");
548 talloc_free(mem_ctx);
554 static bool test_handles_drsuapi(struct torture_context *torture)
557 struct dcerpc_pipe *p1, *p2;
558 struct dcerpc_binding_handle *b1, *b2;
559 struct policy_handle handle;
560 struct policy_handle handle2;
561 struct GUID bind_guid;
562 struct drsuapi_DsBind r;
563 struct drsuapi_DsUnbind c;
564 TALLOC_CTX *mem_ctx = talloc_new(torture);
566 torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
568 status = torture_rpc_connection(torture, &p1, &ndr_table_drsuapi);
569 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
570 b1 = p1->binding_handle;
572 status = torture_rpc_connection(torture, &p2, &ndr_table_drsuapi);
573 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
574 b2 = p2->binding_handle;
576 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
578 r.in.bind_guid = &bind_guid;
579 r.in.bind_info = NULL;
580 r.out.bind_handle = &handle;
582 status = dcerpc_drsuapi_DsBind_r(b1, mem_ctx, &r);
583 if (!NT_STATUS_IS_OK(status)) {
584 torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
585 talloc_free(mem_ctx);
589 c.in.bind_handle = &handle;
590 c.out.bind_handle = &handle2;
592 status = dcerpc_drsuapi_DsUnbind_r(b2, mem_ctx, &c);
593 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
594 "closing policy handle on p2");
596 status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
597 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
599 status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
600 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
601 "closing policy handle on p1 again");
603 talloc_free(mem_ctx);
608 struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
610 struct torture_suite *suite;
612 suite = torture_suite_create(mem_ctx, "handles");
613 torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
614 torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
615 torture_suite_add_simple_test(suite, "samr", test_handles_samr);
616 torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
617 torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
618 torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);
git.samba.org / vlendec / samba-autobuild / .git / blob