2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc operations
5 Copyright (C) Andrew Tridgell 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
25 this makes the debug code display the right thing
27 static void init_lsa_Name(struct lsa_Name *name, const char *s)
30 name->name_len = strlen_m(s)*2;
31 name->name_size = name->name_len;
34 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
36 struct lsa_ObjectAttribute attr;
37 struct policy_handle handle;
38 struct lsa_QosInfo qos;
39 struct lsa_OpenPolicy r;
41 uint16 system_name = '\\';
43 printf("\ntesting OpenPolicy\n");
46 qos.impersonation_level = 2;
48 qos.effective_only = 0;
52 attr.object_name = NULL;
57 r.in.system_name = &system_name;
59 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
60 r.out.handle = &handle;
62 status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
63 if (!NT_STATUS_IS_OK(status)) {
64 printf("OpenPolicy failed - %s\n", nt_errstr(status));
72 static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
73 struct policy_handle *handle)
75 struct lsa_ObjectAttribute attr;
76 struct lsa_QosInfo qos;
77 struct lsa_OpenPolicy2 r;
80 printf("\ntesting OpenPolicy2\n");
83 qos.impersonation_level = 2;
85 qos.effective_only = 0;
89 attr.object_name = NULL;
94 r.in.system_name = "\\";
96 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
97 r.out.handle = handle;
99 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
100 if (!NT_STATUS_IS_OK(status)) {
101 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
108 static BOOL test_LookupNames(struct dcerpc_pipe *p,
110 struct policy_handle *handle,
111 struct lsa_TransNameArray *tnames)
113 struct lsa_LookupNames r;
114 struct lsa_TransSidArray sids;
115 struct lsa_Name *names;
120 printf("\nTesting LookupNames\n");
125 names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
126 for (i=0;i<tnames->count;i++) {
127 init_lsa_Name(&names[i], tnames->names[i].name.name);
130 r.in.handle = handle;
131 r.in.num_names = tnames->count;
136 r.out.count = &count;
139 status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
140 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
141 printf("LookupNames failed - %s\n", nt_errstr(status));
151 static BOOL test_LookupSids(struct dcerpc_pipe *p,
153 struct policy_handle *handle,
154 struct lsa_SidArray *sids)
156 struct lsa_LookupSids r;
157 struct lsa_TransNameArray names;
158 uint32 count = sids->num_sids;
161 printf("\nTesting LookupSids\n");
166 r.in.handle = handle;
171 r.out.count = &count;
172 r.out.names = &names;
174 status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
175 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
176 printf("LookupSids failed - %s\n", nt_errstr(status));
182 if (!test_LookupNames(p, mem_ctx, handle, &names)) {
189 static BOOL test_LookupPrivName(struct dcerpc_pipe *p,
191 struct policy_handle *handle,
192 struct lsa_LUID *luid)
195 struct lsa_LookupPrivName r;
197 r.in.handle = handle;
200 status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
201 if (!NT_STATUS_IS_OK(status)) {
202 printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
209 static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p,
211 struct policy_handle *handle,
212 struct policy_handle *acct_handle)
215 struct lsa_EnumPrivsAccount r;
217 printf("Testing EnumPrivsAccount\n");
219 r.in.handle = acct_handle;
221 status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
222 if (!NT_STATUS_IS_OK(status)) {
223 printf("EnumPrivsAccount failed - %s\n", nt_errstr(status));
229 for (i=0;i<r.out.privs->count;i++) {
230 test_LookupPrivName(p, mem_ctx, handle,
231 &r.out.privs->set[i].luid);
238 static BOOL test_EnumAccountRights(struct dcerpc_pipe *p,
240 struct policy_handle *acct_handle,
244 struct lsa_EnumAccountRights r;
245 struct lsa_RightSet rights;
247 printf("Testing EnumAccountRights\n");
249 r.in.handle = acct_handle;
251 r.out.rights = &rights;
253 status = dcerpc_lsa_EnumAccountRights(p, mem_ctx, &r);
254 if (!NT_STATUS_IS_OK(status)) {
255 printf("EnumAccountRights failed - %s\n", nt_errstr(status));
263 static BOOL test_QuerySecObj(struct dcerpc_pipe *p,
265 struct policy_handle *handle,
266 struct policy_handle *acct_handle)
269 struct lsa_QuerySecObj r;
271 printf("Testing QuerySecObj\n");
273 r.in.handle = acct_handle;
276 status = dcerpc_lsa_QuerySecObj(p, mem_ctx, &r);
277 if (!NT_STATUS_IS_OK(status)) {
278 printf("QuerySecObj failed - %s\n", nt_errstr(status));
285 static BOOL test_OpenAccount(struct dcerpc_pipe *p,
287 struct policy_handle *handle,
291 struct lsa_OpenAccount r;
292 struct policy_handle acct_handle;
294 printf("Testing OpenAccount\n");
296 r.in.handle = handle;
298 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
299 r.out.acct_handle = &acct_handle;
301 status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
302 if (!NT_STATUS_IS_OK(status)) {
303 printf("OpenAccount failed - %s\n", nt_errstr(status));
307 if (!test_EnumPrivsAccount(p, mem_ctx, handle, &acct_handle)) {
311 if (!test_QuerySecObj(p, mem_ctx, handle, &acct_handle)) {
318 static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
320 struct policy_handle *handle)
323 struct lsa_EnumAccounts r;
324 struct lsa_SidArray sids1, sids2;
325 uint32 resume_handle = 0;
328 printf("\ntesting EnumAccounts\n");
330 r.in.handle = handle;
331 r.in.resume_handle = &resume_handle;
332 r.in.num_entries = 100;
333 r.out.resume_handle = &resume_handle;
337 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
338 if (!NT_STATUS_IS_OK(status)) {
339 printf("EnumAccounts failed - %s\n", nt_errstr(status));
343 if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
347 printf("testing all accounts\n");
348 for (i=0;i<sids1.num_sids;i++) {
349 test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
350 test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
354 if (sids1.num_sids < 3) {
358 printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
360 r.in.num_entries = 1;
363 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
364 if (!NT_STATUS_IS_OK(status)) {
365 printf("EnumAccounts failed - %s\n", nt_errstr(status));
369 if (sids2.num_sids != 1) {
370 printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
378 static BOOL test_EnumPrivs(struct dcerpc_pipe *p,
380 struct policy_handle *handle)
383 struct lsa_EnumPrivs r;
384 struct lsa_PrivArray privs1;
385 uint32 resume_handle = 0;
387 printf("\ntesting EnumPrivs\n");
389 r.in.handle = handle;
390 r.in.resume_handle = &resume_handle;
391 r.in.max_count = 1000;
392 r.out.resume_handle = &resume_handle;
393 r.out.privs = &privs1;
396 status = dcerpc_lsa_EnumPrivs(p, mem_ctx, &r);
397 if (!NT_STATUS_IS_OK(status)) {
398 printf("EnumPrivs failed - %s\n", nt_errstr(status));
406 static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
408 struct policy_handle *handle)
410 struct lsa_EnumTrustDom r;
412 uint32 resume_handle = 0;
413 struct lsa_DomainList domains;
415 printf("\nTesting EnumTrustDom\n");
417 r.in.handle = handle;
418 r.in.resume_handle = &resume_handle;
419 r.in.num_entries = 1000;
420 r.out.domains = &domains;
421 r.out.resume_handle = &resume_handle;
423 status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r);
425 /* NO_MORE_ENTRIES is allowed */
426 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
430 if (!NT_STATUS_IS_OK(status)) {
431 printf("EnumTrustDom failed - %s\n", nt_errstr(status));
438 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
440 struct policy_handle *handle)
442 struct lsa_QueryInfoPolicy r;
446 printf("\nTesting QueryInfoPolicy\n");
449 r.in.handle = handle;
452 printf("\ntrying QueryInfoPolicy level %d\n", i);
454 status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
456 if ((i == 9 || i == 10 || i == 11) &&
457 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
458 printf("server failed level %u (OK)\n", i);
462 if (!NT_STATUS_IS_OK(status)) {
463 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
472 static BOOL test_Delete(struct dcerpc_pipe *p,
474 struct policy_handle *handle)
479 printf("\ntesting Delete - but what does it do?\n");
481 r.in.handle = handle;
482 status = dcerpc_lsa_Delete(p, mem_ctx, &r);
483 if (!NT_STATUS_IS_OK(status)) {
484 printf("Delete failed - %s\n", nt_errstr(status));
493 static BOOL test_Close(struct dcerpc_pipe *p,
495 struct policy_handle *handle)
499 struct policy_handle handle2;
501 printf("\ntesting Close\n");
503 r.in.handle = handle;
504 r.out.handle = &handle2;
506 status = dcerpc_lsa_Close(p, mem_ctx, &r);
507 if (!NT_STATUS_IS_OK(status)) {
508 printf("Close failed - %s\n", nt_errstr(status));
512 status = dcerpc_lsa_Close(p, mem_ctx, &r);
513 /* its really a fault - we need a status code for rpc fault */
514 if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
515 printf("Close failed - %s\n", nt_errstr(status));
524 BOOL torture_rpc_lsa(int dummy)
527 struct dcerpc_pipe *p;
530 struct policy_handle handle;
532 mem_ctx = talloc_init("torture_rpc_lsa");
534 status = torture_rpc_connection(&p,
537 DCERPC_LSARPC_VERSION);
538 if (!NT_STATUS_IS_OK(status)) {
542 p->flags |= DCERPC_DEBUG_PRINT_BOTH;
544 if (!test_OpenPolicy(p, mem_ctx)) {
548 if (!test_OpenPolicy2(p, mem_ctx, &handle)) {
552 if (!test_EnumAccounts(p, mem_ctx, &handle)) {
556 if (!test_EnumPrivs(p, mem_ctx, &handle)) {
560 if (!test_EnumTrustDom(p, mem_ctx, &handle)) {
564 if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
569 if (!test_Delete(p, mem_ctx, &handle)) {
574 if (!test_Close(p, mem_ctx, &handle)) {
578 talloc_destroy(mem_ctx);
580 torture_rpc_close(p);