2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc operations
5 Copyright (C) Andrew Tridgell 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 these really shouldn't be here ....
27 static char *lsa_sid_string_talloc(TALLOC_CTX *mem_ctx, struct dom_sid *sid)
34 return talloc_asprintf(mem_ctx, "(NULL SID)");
37 maxlen = sid->num_auths * 11 + 25;
38 ret = talloc(mem_ctx, maxlen);
39 if (!ret) return NULL;
41 ia = (sid->id_auth[5]) +
42 (sid->id_auth[4] << 8 ) +
43 (sid->id_auth[3] << 16) +
44 (sid->id_auth[2] << 24);
46 ofs = snprintf(ret, maxlen, "S-%u-%lu",
47 (unsigned int)sid->sid_rev_num, (unsigned long)ia);
49 for (i = 0; i < sid->num_auths; i++) {
50 ofs += snprintf(ret + ofs, maxlen - ofs, "-%lu", (unsigned long)sid->sub_auths[i]);
56 static int dom_sid_compare(struct dom_sid *sid1, struct dom_sid *sid2)
60 if (sid1 == sid2) return 0;
64 /* Compare most likely different rids, first: i.e start at end */
65 if (sid1->num_auths != sid2->num_auths)
66 return sid1->num_auths - sid2->num_auths;
68 for (i = sid1->num_auths-1; i >= 0; --i)
69 if (sid1->sub_auths[i] != sid2->sub_auths[i])
70 return sid1->sub_auths[i] - sid2->sub_auths[i];
72 if (sid1->sid_rev_num != sid2->sid_rev_num)
73 return sid1->sid_rev_num - sid2->sid_rev_num;
75 for (i = 0; i < 6; i++)
76 if (sid1->id_auth[i] != sid2->id_auth[i])
77 return sid1->id_auth[i] - sid2->id_auth[i];
82 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
84 struct lsa_ObjectAttribute attr;
85 struct policy_handle handle;
86 struct lsa_QosInfo qos;
87 struct lsa_OpenPolicy r;
89 uint16 system_name = '\\';
91 printf("\ntesting OpenPolicy\n");
93 qos.impersonation_level = 2;
95 qos.effective_only = 0;
98 attr.object_name = NULL;
100 attr.sec_desc = NULL;
103 r.in.system_name = &system_name;
105 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
106 r.out.handle = &handle;
108 status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
109 if (!NT_STATUS_IS_OK(status)) {
110 printf("OpenPolicy failed - %s\n", nt_errstr(status));
118 static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
119 struct policy_handle *handle)
121 struct lsa_ObjectAttribute attr;
122 struct lsa_QosInfo qos;
123 struct lsa_OpenPolicy2 r;
126 printf("\ntesting OpenPolicy2\n");
128 qos.impersonation_level = 2;
129 qos.context_mode = 1;
130 qos.effective_only = 0;
132 attr.root_dir = NULL;
133 attr.object_name = NULL;
135 attr.sec_desc = NULL;
138 r.in.system_name = "\\";
140 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
141 r.out.handle = handle;
143 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
144 if (!NT_STATUS_IS_OK(status)) {
145 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
152 static BOOL test_LookupNames(struct dcerpc_pipe *p,
154 struct policy_handle *handle,
155 struct lsa_TransNameArray *tnames)
157 struct lsa_LookupNames r;
158 struct lsa_TransSidArray sids;
159 struct lsa_Name *names;
164 printf("\nTesting LookupNames\n");
169 names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
170 for (i=0;i<tnames->count;i++) {
171 names[i].name_len = 2*strlen(tnames->names[i].name.name);
172 names[i].name_size = 2*strlen(tnames->names[i].name.name);
173 names[i].name = tnames->names[i].name.name;
176 r.in.handle = handle;
177 r.in.num_names = tnames->count;
182 r.out.count = &count;
185 status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
186 if (!NT_STATUS_IS_OK(status)) {
187 printf("LookupNames failed - %s\n", nt_errstr(status));
192 printf("lookup gave %d domains (max_count=%d)\n",
193 r.out.domains->count,
194 r.out.domains->max_count);
195 for (i=0;i<r.out.domains->count;i++) {
196 printf("name='%s' sid=%s\n",
197 r.out.domains->domains[i].name.name,
198 lsa_sid_string_talloc(mem_ctx, r.out.domains->domains[i].sid));
202 printf("lookup gave %d sids (sids.count=%d)\n", count, sids.count);
203 for (i=0;i<sids.count;i++) {
204 printf("sid_type=%d rid=%d sid_index=%d\n",
205 sids.sids[i].sid_type,
207 sids.sids[i].sid_index);
216 static BOOL test_LookupSids(struct dcerpc_pipe *p,
218 struct policy_handle *handle,
219 struct lsa_SidArray *sids)
221 struct lsa_LookupSids r;
222 struct lsa_TransNameArray names;
223 uint32 count = sids->num_sids;
227 printf("\nTesting LookupSids\n");
232 r.in.handle = handle;
237 r.out.count = &count;
238 r.out.names = &names;
240 status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
241 if (!NT_STATUS_IS_OK(status)) {
242 printf("LookupSids failed - %s\n", nt_errstr(status));
247 printf("lookup gave %d domains (max_count=%d)\n",
248 r.out.domains->count,
249 r.out.domains->max_count);
250 for (i=0;i<r.out.domains->count;i++) {
251 printf("name='%s' sid=%s\n",
252 r.out.domains->domains[i].name.name,
253 lsa_sid_string_talloc(mem_ctx, r.out.domains->domains[i].sid));
257 printf("lookup gave %d names (names.count=%d)\n", count, names.count);
258 for (i=0;i<names.count;i++) {
259 printf("type=%d sid_index=%d name='%s'\n",
260 names.names[i].sid_type,
261 names.names[i].sid_index,
262 names.names[i].name.name);
267 if (!test_LookupNames(p, mem_ctx, handle, &names)) {
274 static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
276 struct policy_handle *handle)
279 struct lsa_EnumAccounts r;
280 struct lsa_SidArray sids1, sids2;
281 uint32 resume_handle = 0;
284 printf("\ntesting EnumAccounts\n");
286 r.in.handle = handle;
287 r.in.resume_handle = &resume_handle;
288 r.in.num_entries = 100;
289 r.out.resume_handle = &resume_handle;
293 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
294 if (!NT_STATUS_IS_OK(status)) {
295 printf("EnumAccounts failed - %s\n", nt_errstr(status));
299 printf("Got %d sids resume_handle=%u\n", sids1.num_sids, resume_handle);
301 for (i=0;i<sids1.num_sids;i++) {
302 printf("%s\n", lsa_sid_string_talloc(mem_ctx, sids1.sids[i].sid));
305 if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
309 if (sids1.num_sids < 3) {
313 printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
315 r.in.num_entries = 1;
318 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
319 if (!NT_STATUS_IS_OK(status)) {
320 printf("EnumAccounts failed - %s\n", nt_errstr(status));
324 if (sids2.num_sids != 1) {
325 printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
333 static BOOL test_EnumPrivs(struct dcerpc_pipe *p,
335 struct policy_handle *handle)
338 struct lsa_EnumPrivs r;
339 struct lsa_PrivArray privs1;
340 uint32 resume_handle = 0;
343 printf("\ntesting EnumPrivs\n");
345 r.in.handle = handle;
346 r.in.resume_handle = &resume_handle;
347 r.in.max_count = 1000;
348 r.out.resume_handle = &resume_handle;
349 r.out.privs = &privs1;
352 status = dcerpc_lsa_EnumPrivs(p, mem_ctx, &r);
353 if (!NT_STATUS_IS_OK(status)) {
354 printf("EnumPrivs failed - %s\n", nt_errstr(status));
358 printf("Got %d privs resume_handle=%u\n", privs1.count, resume_handle);
360 for (i=0;i<privs1.count;i++) {
361 printf("luid=%08x-%08x '%s'\n",
362 privs1.privs[i].luid_low,
363 privs1.privs[i].luid_high,
364 privs1.privs[i].name.name);
371 static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
373 struct policy_handle *handle)
375 struct lsa_EnumTrustDom r;
378 uint32 resume_handle = 0;
380 printf("\nTesting EnumTrustDom\n");
382 r.in.handle = handle;
383 r.in.resume_handle = &resume_handle;
384 r.in.num_entries = 1000;
385 r.out.resume_handle = &resume_handle;
387 status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r);
388 if (!NT_STATUS_IS_OK(status)) {
389 printf("EnumTrustDom failed - %s\n", nt_errstr(status));
394 printf("lookup gave %d domains (max_count=%d)\n",
395 r.out.domains->count,
396 r.out.domains->max_count);
397 for (i=0;i<r.out.domains->count;i++) {
398 printf("name='%s' sid=%s\n",
399 r.out.domains->domains[i].name.name,
400 lsa_sid_string_talloc(mem_ctx, r.out.domains->domains[i].sid));
407 static BOOL test_Delete(struct dcerpc_pipe *p,
409 struct policy_handle *handle)
414 printf("\ntesting Delete - but what does it do?\n");
416 r.in.handle = handle;
417 status = dcerpc_lsa_Delete(p, mem_ctx, &r);
418 if (!NT_STATUS_IS_OK(status)) {
419 printf("Delete failed - %s\n", nt_errstr(status));
428 static BOOL test_Close(struct dcerpc_pipe *p,
430 struct policy_handle *handle)
435 printf("\ntesting Close\n");
437 r.in.handle = handle;
438 status = dcerpc_lsa_Close(p, mem_ctx, &r);
439 if (!NT_STATUS_IS_OK(status)) {
440 printf("Close failed - %s\n", nt_errstr(status));
444 status = dcerpc_lsa_Close(p, mem_ctx, &r);
445 /* its really a fault - we need a status code for rpc fault */
446 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_LEVEL)) {
447 printf("Close failed - %s\n", nt_errstr(status));
456 BOOL torture_rpc_lsa(int dummy)
459 struct dcerpc_pipe *p;
462 struct policy_handle handle;
464 mem_ctx = talloc_init("torture_rpc_lsa");
466 status = torture_rpc_connection(&p, "lsarpc");
467 if (!NT_STATUS_IS_OK(status)) {
471 if (!test_OpenPolicy(p, mem_ctx)) {
475 if (!test_OpenPolicy2(p, mem_ctx, &handle)) {
479 if (!test_EnumAccounts(p, mem_ctx, &handle)) {
483 if (!test_EnumPrivs(p, mem_ctx, &handle)) {
487 if (!test_EnumTrustDom(p, mem_ctx, &handle)) {
492 if (!test_Delete(p, mem_ctx, &handle)) {
497 if (!test_Close(p, mem_ctx, &handle)) {
501 torture_rpc_close(p);
git.samba.org / ira / wip.git / blob