2 Unix SMB/CIFS implementation.
4 test suite for behaviour of rpc policy handles
6 Copyright (C) Andrew Tridgell 2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "librpc/gen_ndr/ndr_samr_c.h"
25 #include "librpc/gen_ndr/ndr_lsa_c.h"
26 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
27 #include "torture/rpc/rpc.h"
30 this tests the use of policy handles between connections
33 static bool test_handles_lsa(struct torture_context *torture)
36 struct dcerpc_pipe *p1, *p2;
37 struct policy_handle handle;
38 struct policy_handle handle2;
39 struct lsa_ObjectAttribute attr;
40 struct lsa_QosInfo qos;
41 struct lsa_OpenPolicy r;
43 uint16_t system_name = '\\';
44 TALLOC_CTX *mem_ctx = talloc_new(torture);
46 torture_comment(torture, "RPC-HANDLE-LSARPC\n");
48 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_lsarpc);
49 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
51 status = torture_rpc_connection(mem_ctx, &p2, &ndr_table_lsarpc);
52 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
55 qos.impersonation_level = 2;
57 qos.effective_only = 0;
61 attr.object_name = NULL;
66 r.in.system_name = &system_name;
68 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
69 r.out.handle = &handle;
71 status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r);
72 if (!NT_STATUS_IS_OK(status)) {
73 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
78 c.in.handle = &handle;
79 c.out.handle = &handle2;
81 status = dcerpc_lsa_Close(p2, mem_ctx, &c);
82 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
83 "closing policy handle on p2");
84 torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
85 "closing policy handle on p2");
87 status = dcerpc_lsa_Close(p1, mem_ctx, &c);
88 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
90 status = dcerpc_lsa_Close(p1, mem_ctx, &c);
91 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
92 "closing policy handle on p1 again");
93 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
94 "closing policy handle on p1 again");
101 static bool test_handles_lsa_shared(struct torture_context *torture)
104 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
105 struct policy_handle handle;
106 struct policy_handle handle2;
107 struct lsa_ObjectAttribute attr;
108 struct lsa_QosInfo qos;
109 struct lsa_OpenPolicy r;
111 struct lsa_QuerySecurity qsec;
112 uint16_t system_name = '\\';
113 TALLOC_CTX *mem_ctx = talloc_new(torture);
114 enum dcerpc_transport_t transport;
115 uint32_t assoc_group_id;
117 torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
119 if (lp_parm_bool(-1, "torture", "samba4", False)) {
120 torture_comment(torture, "LSA shared-policy-handle test against Samba4 - skipping\n");
124 torture_comment(torture, "connect lsa pipe1\n");
125 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_lsarpc);
126 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
128 transport = p1->conn->transport.transport,
129 assoc_group_id = p1->assoc_group_id;
131 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
133 torture_comment(torture, "connect lsa pipe2\n");
134 status = torture_rpc_connection_transport(mem_ctx, &p2, &ndr_table_lsarpc,
137 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
140 qos.impersonation_level = 2;
141 qos.context_mode = 1;
142 qos.effective_only = 0;
145 attr.root_dir = NULL;
146 attr.object_name = NULL;
148 attr.sec_desc = NULL;
151 r.in.system_name = &system_name;
153 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
154 r.out.handle = &handle;
156 torture_comment(torture, "open lsa policy handle\n");
157 status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r);
158 if (!NT_STATUS_IS_OK(status)) {
159 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
160 talloc_free(mem_ctx);
165 * connect p3 after the policy handle is opened
167 torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
168 status = torture_rpc_connection_transport(mem_ctx, &p3, &ndr_table_lsarpc,
171 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
173 qsec.in.handle = &handle;
174 qsec.in.sec_info = 0;
175 c.in.handle = &handle;
176 c.out.handle = &handle2;
179 * use policy handle on all 3 connections
181 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
182 status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec);
183 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
184 "use policy handle on p1");
186 status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec);
187 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
188 "use policy handle on p2");
190 status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec);
191 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
192 "use policy handle on p3");
195 * close policy handle on connection 2 and the others get a fault
197 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
198 status = dcerpc_lsa_Close(p2, mem_ctx, &c);
199 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
200 "closing policy handle on p2");
202 status = dcerpc_lsa_Close(p1, mem_ctx, &c);
203 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
204 "closing policy handle on p1 again");
205 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
206 "closing policy handle on p1 again");
208 status = dcerpc_lsa_Close(p3, mem_ctx, &c);
209 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
210 "closing policy handle on p3");
211 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
212 "closing policy handle on p3");
214 status = dcerpc_lsa_Close(p2, mem_ctx, &c);
215 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
216 "closing policy handle on p2 again");
217 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
218 "closing policy handle on p2 again");
221 * open a new policy handle on p3
223 torture_comment(torture, "open a new policy handle on p3\n");
224 status = dcerpc_lsa_OpenPolicy(p3, mem_ctx, &r);
225 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
226 "open policy handle on p3");
229 * use policy handle on all 3 connections
231 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
232 status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec);
233 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
234 "use policy handle on p1");
236 status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec);
237 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
238 "use policy handle on p2");
240 status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec);
241 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
242 "use policy handle on p3");
245 * close policy handle on connection 2 and the others get a fault
247 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
248 status = dcerpc_lsa_Close(p2, mem_ctx, &c);
249 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
250 "closing policy handle on p2");
252 status = dcerpc_lsa_Close(p1, mem_ctx, &c);
253 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
254 "closing policy handle on p1 again");
255 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
256 "closing policy handle on p1 again");
258 status = dcerpc_lsa_Close(p3, mem_ctx, &c);
259 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
260 "closing policy handle on p3");
261 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
262 "closing policy handle on p3");
264 status = dcerpc_lsa_Close(p2, mem_ctx, &c);
265 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
266 "closing policy handle on p2 again");
267 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
268 "closing policy handle on p2 again");
271 * open a new policy handle
273 torture_comment(torture, "open a new policy handle on p1 and use it\n");
274 status = dcerpc_lsa_OpenPolicy(p1, mem_ctx, &r);
275 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
276 "open 2nd policy handle on p1");
278 status = dcerpc_lsa_QuerySecurity(p1, mem_ctx, &qsec);
279 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
280 "QuerySecurity handle on p1");
282 /* close first connection */
283 torture_comment(torture, "disconnect p1\n");
288 * and it's still available on p2,p3
290 torture_comment(torture, "use policy handle on p2,p3\n");
291 status = dcerpc_lsa_QuerySecurity(p2, mem_ctx, &qsec);
292 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
293 "QuerySecurity handle on p2 after p1 was disconnected");
295 status = dcerpc_lsa_QuerySecurity(p3, mem_ctx, &qsec);
296 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
297 "QuerySecurity handle on p3 after p1 was disconnected");
301 * and use the handle on it
303 torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
304 status = torture_rpc_connection_transport(mem_ctx, &p4, &ndr_table_lsarpc,
307 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
309 status = dcerpc_lsa_QuerySecurity(p4, mem_ctx, &qsec);
310 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
311 "using policy handle on p4");
315 * without closing the policy handle
317 torture_comment(torture, "disconnect p2,p3,p4\n");
326 torture_comment(torture, "connect lsa pipe5 - should fail\n");
327 status = torture_rpc_connection_transport(mem_ctx, &p5, &ndr_table_lsarpc,
330 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
331 "opening lsa pipe5");
333 talloc_free(mem_ctx);
339 static bool test_handles_samr(struct torture_context *torture)
342 struct dcerpc_pipe *p1, *p2;
343 struct policy_handle handle;
344 struct policy_handle handle2;
345 struct samr_Connect r;
347 TALLOC_CTX *mem_ctx = talloc_new(torture);
349 torture_comment(torture, "RPC-HANDLE-SAMR\n");
351 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_samr);
352 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
354 status = torture_rpc_connection(mem_ctx, &p2, &ndr_table_samr);
355 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
357 r.in.system_name = 0;
358 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
359 r.out.connect_handle = &handle;
361 status = dcerpc_samr_Connect(p1, mem_ctx, &r);
362 torture_assert_ntstatus_ok(torture, status, "opening policy handle on p1");
364 c.in.handle = &handle;
365 c.out.handle = &handle2;
367 status = dcerpc_samr_Close(p2, mem_ctx, &c);
368 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
369 "closing policy handle on p2");
370 torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
371 "closing policy handle on p2");
373 status = dcerpc_samr_Close(p1, mem_ctx, &c);
374 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
376 status = dcerpc_samr_Close(p1, mem_ctx, &c);
377 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
378 "closing policy handle on p1 again");
379 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
380 "closing policy handle on p1 again");
382 talloc_free(mem_ctx);
387 static bool test_handles_mixed_shared(struct torture_context *torture)
390 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
391 struct policy_handle handle;
392 struct policy_handle handle2;
393 struct samr_Connect r;
395 struct samr_Close sc;
396 TALLOC_CTX *mem_ctx = talloc_new(torture);
397 enum dcerpc_transport_t transport;
398 uint32_t assoc_group_id;
400 torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
402 if (lp_parm_bool(-1, "torture", "samba4", False)) {
403 torture_comment(torture, "Mixed shared-policy-handle test against Samba4 - skipping\n");
407 torture_comment(torture, "connect samr pipe1\n");
408 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_samr);
409 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
411 transport = p1->conn->transport.transport,
412 assoc_group_id = p1->assoc_group_id;
414 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
416 torture_comment(torture, "connect lsa pipe2\n");
417 status = torture_rpc_connection_transport(mem_ctx, &p2, &ndr_table_lsarpc,
420 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
422 r.in.system_name = 0;
423 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
424 r.out.connect_handle = &handle;
426 torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
427 status = dcerpc_samr_Connect(p1, mem_ctx, &r);
428 torture_assert_ntstatus_ok(torture, status, "opening policy handle on p1");
430 lc.in.handle = &handle;
431 lc.out.handle = &handle2;
432 sc.in.handle = &handle;
433 sc.out.handle = &handle2;
435 torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
436 status = dcerpc_lsa_Close(p2, mem_ctx, &lc);
437 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
438 "closing handle on lsa p2");
439 torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
440 "closing handle on lsa p2");
442 torture_comment(torture, "closing policy handle on samr p1\n");
443 status = dcerpc_samr_Close(p1, mem_ctx, &sc);
444 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
450 torture_comment(torture, "connect samr pipe3 - should fail\n");
451 status = torture_rpc_connection_transport(mem_ctx, &p3, &ndr_table_samr,
454 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
455 "opening samr pipe3");
457 torture_comment(torture, "connect lsa pipe4 - should fail\n");
458 status = torture_rpc_connection_transport(mem_ctx, &p4, &ndr_table_lsarpc,
461 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
462 "opening lsa pipe4");
464 torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
465 status = torture_rpc_connection_transport(mem_ctx, &p5, &ndr_table_samr,
468 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
469 "opening samr pipe5");
471 torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
472 status = torture_rpc_connection_transport(mem_ctx, &p6, &ndr_table_lsarpc,
475 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
476 "opening lsa pipe6");
478 talloc_free(mem_ctx);
483 static bool test_handles_random_assoc(struct torture_context *torture)
486 struct dcerpc_pipe *p1, *p2, *p3;
487 TALLOC_CTX *mem_ctx = talloc_new(torture);
488 enum dcerpc_transport_t transport;
489 uint32_t assoc_group_id;
491 torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
493 torture_comment(torture, "connect samr pipe1\n");
494 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_samr);
495 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
497 transport = p1->conn->transport.transport,
498 assoc_group_id = p1->assoc_group_id;
500 torture_comment(torture, "pip1 use assoc_group_id[0x%08X]\n", assoc_group_id);
502 torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
503 status = torture_rpc_connection_transport(mem_ctx, &p2, &ndr_table_samr,
506 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
507 "opening samr pipe2");
509 torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
510 status = torture_rpc_connection_transport(mem_ctx, &p3, &ndr_table_samr,
513 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
514 "opening samr pipe3");
516 talloc_free(mem_ctx);
522 static bool test_handles_drsuapi(struct torture_context *torture)
525 struct dcerpc_pipe *p1, *p2;
526 struct policy_handle handle;
527 struct policy_handle handle2;
528 struct GUID bind_guid;
529 struct drsuapi_DsBind r;
530 struct drsuapi_DsUnbind c;
531 TALLOC_CTX *mem_ctx = talloc_new(torture);
533 torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
535 status = torture_rpc_connection(mem_ctx, &p1, &ndr_table_drsuapi);
536 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
538 status = torture_rpc_connection(mem_ctx, &p2, &ndr_table_drsuapi);
539 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
541 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
543 r.in.bind_guid = &bind_guid;
544 r.in.bind_info = NULL;
545 r.out.bind_handle = &handle;
547 status = dcerpc_drsuapi_DsBind(p1, mem_ctx, &r);
548 if (!NT_STATUS_IS_OK(status)) {
549 torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
550 talloc_free(mem_ctx);
554 c.in.bind_handle = &handle;
555 c.out.bind_handle = &handle2;
557 status = dcerpc_drsuapi_DsUnbind(p2, mem_ctx, &c);
558 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
559 "closing policy handle on p2");
560 torture_assert_int_equal(torture, p2->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
561 "closing policy handle on p2");
563 status = dcerpc_drsuapi_DsUnbind(p1, mem_ctx, &c);
564 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
566 status = dcerpc_drsuapi_DsUnbind(p1, mem_ctx, &c);
567 torture_assert_ntstatus_equal(torture, status, NT_STATUS_NET_WRITE_FAULT,
568 "closing policy handle on p1 again");
569 torture_assert_int_equal(torture, p1->last_fault_code, DCERPC_FAULT_CONTEXT_MISMATCH,
570 "closing policy handle on p1 again");
572 talloc_free(mem_ctx);
578 struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
580 struct torture_suite *suite;
582 suite = torture_suite_create(mem_ctx, "HANDLES");
583 torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
584 torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
585 torture_suite_add_simple_test(suite, "samr", test_handles_samr);
586 torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
587 torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
588 torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);