2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc operations
5 Copyright (C) Andrew Tridgell 2003
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
26 struct lsa_ObjectAttribute attr;
27 struct policy_handle handle;
28 struct lsa_QosInfo qos;
29 struct lsa_OpenPolicy r;
31 uint16 system_name = '\\';
33 printf("\ntesting OpenPolicy\n");
36 qos.impersonation_level = 2;
38 qos.effective_only = 0;
42 attr.object_name = NULL;
47 r.in.system_name = &system_name;
49 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
50 r.out.handle = &handle;
52 status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
53 if (!NT_STATUS_IS_OK(status)) {
54 printf("OpenPolicy failed - %s\n", nt_errstr(status));
62 static BOOL test_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
63 struct policy_handle *handle)
65 struct lsa_ObjectAttribute attr;
66 struct lsa_QosInfo qos;
67 struct lsa_OpenPolicy2 r;
70 printf("\ntesting OpenPolicy2\n");
73 qos.impersonation_level = 2;
75 qos.effective_only = 0;
79 attr.object_name = NULL;
84 r.in.system_name = "\\";
86 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
87 r.out.handle = handle;
89 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
90 if (!NT_STATUS_IS_OK(status)) {
91 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
98 static BOOL test_LookupNames(struct dcerpc_pipe *p,
100 struct policy_handle *handle,
101 struct lsa_TransNameArray *tnames)
103 struct lsa_LookupNames r;
104 struct lsa_TransSidArray sids;
105 struct lsa_Name *names;
110 printf("\nTesting LookupNames\n");
115 names = talloc(mem_ctx, tnames->count * sizeof(names[0]));
116 for (i=0;i<tnames->count;i++) {
117 names[i].name_len = 2*strlen(tnames->names[i].name.name);
118 names[i].name_size = 2*strlen(tnames->names[i].name.name);
119 names[i].name = tnames->names[i].name.name;
122 r.in.handle = handle;
123 r.in.num_names = tnames->count;
128 r.out.count = &count;
131 status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
132 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
133 printf("LookupNames failed - %s\n", nt_errstr(status));
143 static BOOL test_LookupSids(struct dcerpc_pipe *p,
145 struct policy_handle *handle,
146 struct lsa_SidArray *sids)
148 struct lsa_LookupSids r;
149 struct lsa_TransNameArray names;
150 uint32 count = sids->num_sids;
153 printf("\nTesting LookupSids\n");
158 r.in.handle = handle;
163 r.out.count = &count;
164 r.out.names = &names;
166 status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
167 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
168 printf("LookupSids failed - %s\n", nt_errstr(status));
174 if (!test_LookupNames(p, mem_ctx, handle, &names)) {
181 static BOOL test_LookupPrivName(struct dcerpc_pipe *p,
183 struct policy_handle *handle,
184 struct lsa_LUID *luid)
187 struct lsa_LookupPrivName r;
189 r.in.handle = handle;
192 status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
193 if (!NT_STATUS_IS_OK(status)) {
194 printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
201 static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p,
203 struct policy_handle *handle,
204 struct policy_handle *acct_handle)
207 struct lsa_EnumPrivsAccount r;
209 printf("Testing EnumPrivsAccount\n");
211 r.in.handle = acct_handle;
213 status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
214 if (!NT_STATUS_IS_OK(status)) {
215 printf("EnumPrivsAccount failed - %s\n", nt_errstr(status));
221 for (i=0;i<r.out.privs->count;i++) {
222 test_LookupPrivName(p, mem_ctx, handle,
223 &r.out.privs->set[i].luid);
230 static BOOL test_EnumAccountRights(struct dcerpc_pipe *p,
232 struct policy_handle *acct_handle,
236 struct lsa_EnumAccountRights r;
237 struct lsa_RightSet rights;
239 printf("Testing EnumAccountRights\n");
241 r.in.handle = acct_handle;
243 r.out.rights = &rights;
245 status = dcerpc_lsa_EnumAccountRights(p, mem_ctx, &r);
246 if (!NT_STATUS_IS_OK(status)) {
247 printf("EnumAccountRights failed - %s\n", nt_errstr(status));
255 static BOOL test_QuerySecObj(struct dcerpc_pipe *p,
257 struct policy_handle *handle,
258 struct policy_handle *acct_handle)
261 struct lsa_QuerySecObj r;
263 printf("Testing QuerySecObj\n");
265 r.in.handle = acct_handle;
268 status = dcerpc_lsa_QuerySecObj(p, mem_ctx, &r);
269 if (!NT_STATUS_IS_OK(status)) {
270 printf("QuerySecObj failed - %s\n", nt_errstr(status));
277 static BOOL test_OpenAccount(struct dcerpc_pipe *p,
279 struct policy_handle *handle,
283 struct lsa_OpenAccount r;
284 struct policy_handle acct_handle;
286 printf("Testing OpenAccount\n");
288 r.in.handle = handle;
290 r.in.desired_access = SEC_RIGHTS_MAXIMUM_ALLOWED;
291 r.out.acct_handle = &acct_handle;
293 status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
294 if (!NT_STATUS_IS_OK(status)) {
295 printf("OpenAccount failed - %s\n", nt_errstr(status));
299 if (!test_EnumPrivsAccount(p, mem_ctx, handle, &acct_handle)) {
303 if (!test_QuerySecObj(p, mem_ctx, handle, &acct_handle)) {
310 static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
312 struct policy_handle *handle)
315 struct lsa_EnumAccounts r;
316 struct lsa_SidArray sids1, sids2;
317 uint32 resume_handle = 0;
320 printf("\ntesting EnumAccounts\n");
322 r.in.handle = handle;
323 r.in.resume_handle = &resume_handle;
324 r.in.num_entries = 100;
325 r.out.resume_handle = &resume_handle;
329 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
330 if (!NT_STATUS_IS_OK(status)) {
331 printf("EnumAccounts failed - %s\n", nt_errstr(status));
335 if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
339 printf("testing all accounts\n");
340 for (i=0;i<sids1.num_sids;i++) {
341 test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
342 test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
346 if (sids1.num_sids < 3) {
350 printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
352 r.in.num_entries = 1;
355 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
356 if (!NT_STATUS_IS_OK(status)) {
357 printf("EnumAccounts failed - %s\n", nt_errstr(status));
361 if (sids2.num_sids != 1) {
362 printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
370 static BOOL test_EnumPrivs(struct dcerpc_pipe *p,
372 struct policy_handle *handle)
375 struct lsa_EnumPrivs r;
376 struct lsa_PrivArray privs1;
377 uint32 resume_handle = 0;
379 printf("\ntesting EnumPrivs\n");
381 r.in.handle = handle;
382 r.in.resume_handle = &resume_handle;
383 r.in.max_count = 1000;
384 r.out.resume_handle = &resume_handle;
385 r.out.privs = &privs1;
388 status = dcerpc_lsa_EnumPrivs(p, mem_ctx, &r);
389 if (!NT_STATUS_IS_OK(status)) {
390 printf("EnumPrivs failed - %s\n", nt_errstr(status));
398 static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
400 struct policy_handle *handle)
402 struct lsa_EnumTrustDom r;
404 uint32 resume_handle = 0;
405 struct lsa_DomainList domains;
407 printf("\nTesting EnumTrustDom\n");
409 r.in.handle = handle;
410 r.in.resume_handle = &resume_handle;
411 r.in.num_entries = 1000;
412 r.out.domains = &domains;
413 r.out.resume_handle = &resume_handle;
415 status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r);
416 if (!NT_STATUS_IS_OK(status)) {
417 printf("EnumTrustDom failed - %s\n", nt_errstr(status));
424 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
426 struct policy_handle *handle)
428 struct lsa_QueryInfoPolicy r;
433 printf("\nTesting QueryInfoPolicy\n");
436 r.in.handle = handle;
439 printf("\ntrying QueryInfoPolicy level %d\n", i);
441 status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
442 if (!NT_STATUS_IS_OK(status)) {
443 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
452 static BOOL test_Delete(struct dcerpc_pipe *p,
454 struct policy_handle *handle)
459 printf("\ntesting Delete - but what does it do?\n");
461 r.in.handle = handle;
462 status = dcerpc_lsa_Delete(p, mem_ctx, &r);
463 if (!NT_STATUS_IS_OK(status)) {
464 printf("Delete failed - %s\n", nt_errstr(status));
473 static BOOL test_Close(struct dcerpc_pipe *p,
475 struct policy_handle *handle)
479 struct policy_handle handle2;
481 printf("\ntesting Close\n");
483 r.in.handle = handle;
484 r.out.handle = &handle2;
486 status = dcerpc_lsa_Close(p, mem_ctx, &r);
487 if (!NT_STATUS_IS_OK(status)) {
488 printf("Close failed - %s\n", nt_errstr(status));
492 status = dcerpc_lsa_Close(p, mem_ctx, &r);
493 /* its really a fault - we need a status code for rpc fault */
494 if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
495 printf("Close failed - %s\n", nt_errstr(status));
504 BOOL torture_rpc_lsa(int dummy)
507 struct dcerpc_pipe *p;
510 struct policy_handle handle;
512 mem_ctx = talloc_init("torture_rpc_lsa");
514 status = torture_rpc_connection(&p,
517 DCERPC_LSARPC_VERSION);
518 if (!NT_STATUS_IS_OK(status)) {
522 p->flags |= DCERPC_DEBUG_PRINT_BOTH;
524 if (!test_OpenPolicy(p, mem_ctx)) {
528 if (!test_OpenPolicy2(p, mem_ctx, &handle)) {
532 if (!test_EnumAccounts(p, mem_ctx, &handle)) {
536 if (!test_EnumPrivs(p, mem_ctx, &handle)) {
540 if (!test_EnumTrustDom(p, mem_ctx, &handle)) {
544 if (!test_QueryInfoPolicy(p, mem_ctx, &handle)) {
549 if (!test_Delete(p, mem_ctx, &handle)) {
554 if (!test_Close(p, mem_ctx, &handle)) {
558 torture_rpc_close(p);