2 Unix SMB/CIFS implementation.
4 test suite for behaviour of rpc policy handles
6 Copyright (C) Andrew Tridgell 2007
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "librpc/gen_ndr/ndr_samr_c.h"
24 #include "librpc/gen_ndr/ndr_lsa_c.h"
25 #include "librpc/gen_ndr/ndr_drsuapi_c.h"
26 #include "torture/rpc/torture_rpc.h"
29 this tests the use of policy handles between connections
32 static bool test_handles_lsa(struct torture_context *torture)
35 struct dcerpc_pipe *p1, *p2;
36 struct dcerpc_binding_handle *b1, *b2;
37 struct policy_handle handle;
38 struct policy_handle handle2;
39 struct lsa_ObjectAttribute attr;
40 struct lsa_QosInfo qos;
41 struct lsa_OpenPolicy r;
43 uint16_t system_name = '\\';
44 TALLOC_CTX *mem_ctx = talloc_new(torture);
46 torture_comment(torture, "RPC-HANDLE-LSARPC\n");
48 status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
49 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
50 b1 = p1->binding_handle;
52 status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc);
53 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
54 b2 = p2->binding_handle;
57 qos.impersonation_level = 2;
59 qos.effective_only = 0;
63 attr.object_name = NULL;
68 r.in.system_name = &system_name;
70 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
71 r.out.handle = &handle;
73 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
75 if (!NT_STATUS_IS_OK(r.out.result)) {
76 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
81 c.in.handle = &handle;
82 c.out.handle = &handle2;
84 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
85 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
86 "closing policy handle on p2");
88 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c),
90 torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
92 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
93 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
94 "closing policy handle on p1 again");
101 static bool test_handles_lsa_shared(struct torture_context *torture)
104 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5;
105 struct dcerpc_binding_handle *b1, *b2, *b3, *b4;
106 struct policy_handle handle;
107 struct policy_handle handle2;
108 struct lsa_ObjectAttribute attr;
109 struct lsa_QosInfo qos;
110 struct lsa_OpenPolicy r;
112 struct lsa_QuerySecurity qsec;
113 struct sec_desc_buf *sdbuf = NULL;
114 uint16_t system_name = '\\';
115 TALLOC_CTX *mem_ctx = talloc_new(torture);
116 enum dcerpc_transport_t transport;
117 uint32_t assoc_group_id;
119 torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n");
121 torture_comment(torture, "connect lsa pipe1\n");
122 status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc);
123 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1");
124 b1 = p1->binding_handle;
126 transport = p1->conn->transport.transport;
127 assoc_group_id = p1->assoc_group_id;
129 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
131 torture_comment(torture, "connect lsa pipe2\n");
132 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
135 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
136 b2 = p2->binding_handle;
138 torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
142 qos.impersonation_level = 2;
143 qos.context_mode = 1;
144 qos.effective_only = 0;
147 attr.root_dir = NULL;
148 attr.object_name = NULL;
150 attr.sec_desc = NULL;
153 r.in.system_name = &system_name;
155 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
156 r.out.handle = &handle;
158 torture_comment(torture, "open lsa policy handle\n");
159 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
160 "OpenPolicy failed");
161 if (!NT_STATUS_IS_OK(r.out.result)) {
162 torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n");
163 talloc_free(mem_ctx);
168 * connect p3 after the policy handle is opened
170 torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n");
171 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc,
174 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3");
175 b3 = p3->binding_handle;
177 qsec.in.handle = &handle;
178 qsec.in.sec_info = 0;
179 qsec.out.sdbuf = &sdbuf;
180 c.in.handle = &handle;
181 c.out.handle = &handle2;
184 * use policy handle on all 3 connections
186 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
187 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
188 "QuerySecurity failed");
189 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
190 "use policy handle on p1");
192 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
193 "QuerySecurity failed");
194 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
195 "use policy handle on p2");
197 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
198 "QuerySecurity failed");
199 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
200 "use policy handle on p3");
203 * close policy handle on connection 2 and the others get a fault
205 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
206 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
208 torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
209 "closing policy handle on p2");
211 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
213 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
214 "closing policy handle on p1 again");
216 status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
217 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
218 "closing policy handle on p3");
220 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
221 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
222 "closing policy handle on p2 again");
225 * open a new policy handle on p3
227 torture_comment(torture, "open a new policy handle on p3\n");
228 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r),
229 "OpenPolicy failed");
230 torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
231 "open policy handle on p3");
234 * use policy handle on all 3 connections
236 torture_comment(torture, "use the policy handle on p1,p2,p3\n");
237 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
238 "Query Security failed");
239 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
240 "use policy handle on p1");
242 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
243 "Query Security failed");
244 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
245 "use policy handle on p2");
247 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
248 "Query Security failed");
249 torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK,
250 "use policy handle on p3");
253 * close policy handle on connection 2 and the others get a fault
255 torture_comment(torture, "close the policy handle on p2 others get a fault\n");
256 torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c),
258 torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK,
259 "closing policy handle on p2");
261 status = dcerpc_lsa_Close_r(b1, mem_ctx, &c);
262 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
263 "closing policy handle on p1 again");
265 status = dcerpc_lsa_Close_r(b3, mem_ctx, &c);
266 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
267 "closing policy handle on p3");
269 status = dcerpc_lsa_Close_r(b2, mem_ctx, &c);
270 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
271 "closing policy handle on p2 again");
274 * open a new policy handle
276 torture_comment(torture, "open a new policy handle on p1 and use it\n");
277 torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r),
278 "OpenPolicy failed");
279 torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK,
280 "open 2nd policy handle on p1");
282 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec),
283 "QuerySecurity failed");
284 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
285 "QuerySecurity handle on p1");
287 /* close first connection */
288 torture_comment(torture, "disconnect p1\n");
293 * and it's still available on p2,p3
295 torture_comment(torture, "use policy handle on p2,p3\n");
296 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec),
297 "QuerySecurity failed");
298 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
299 "QuerySecurity handle on p2 after p1 was disconnected");
301 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec),
302 "QuerySecurity failed");
303 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
304 "QuerySecurity handle on p3 after p1 was disconnected");
308 * and use the handle on it
310 torture_comment(torture, "connect lsa pipe4 and use policy handle\n");
311 status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
314 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4");
315 b4 = p4->binding_handle;
317 torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec),
318 "QuerySecurity failed");
319 torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK,
320 "using policy handle on p4");
324 * without closing the policy handle
326 torture_comment(torture, "disconnect p2,p3,p4\n");
335 torture_comment(torture, "connect lsa pipe5 - should fail\n");
336 status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc,
339 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
340 "opening lsa pipe5");
342 talloc_free(mem_ctx);
348 static bool test_handles_samr(struct torture_context *torture)
351 struct dcerpc_pipe *p1, *p2;
352 struct dcerpc_binding_handle *b1, *b2;
353 struct policy_handle handle;
354 struct policy_handle handle2;
355 struct samr_Connect r;
357 TALLOC_CTX *mem_ctx = talloc_new(torture);
359 torture_comment(torture, "RPC-HANDLE-SAMR\n");
361 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
362 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
363 b1 = p1->binding_handle;
365 status = torture_rpc_connection(torture, &p2, &ndr_table_samr);
366 torture_assert_ntstatus_ok(torture, status, "opening samr pipe2");
367 b2 = p2->binding_handle;
369 r.in.system_name = 0;
370 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
371 r.out.connect_handle = &handle;
373 torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
375 torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
377 c.in.handle = &handle;
378 c.out.handle = &handle2;
380 status = dcerpc_samr_Close_r(b2, mem_ctx, &c);
381 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
382 "closing policy handle on p2");
384 torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &c),
386 torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1");
388 status = dcerpc_samr_Close_r(b1, mem_ctx, &c);
389 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
390 "closing policy handle on p1 again");
392 talloc_free(mem_ctx);
397 static bool test_handles_mixed_shared(struct torture_context *torture)
400 struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6;
401 struct dcerpc_binding_handle *b1, *b2;
402 struct policy_handle handle;
403 struct policy_handle handle2;
404 struct samr_Connect r;
406 struct samr_Close sc;
407 TALLOC_CTX *mem_ctx = talloc_new(torture);
408 enum dcerpc_transport_t transport;
409 uint32_t assoc_group_id;
411 torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n");
413 torture_comment(torture, "connect samr pipe1\n");
414 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
415 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
416 b1 = p1->binding_handle;
418 transport = p1->conn->transport.transport;
419 assoc_group_id = p1->assoc_group_id;
421 torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id);
423 torture_comment(torture, "connect lsa pipe2\n");
424 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc,
427 torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2");
428 b2 = p2->binding_handle;
430 torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n",
432 r.in.system_name = 0;
433 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
434 r.out.connect_handle = &handle;
436 torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n");
437 torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r),
439 torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1");
441 lc.in.handle = &handle;
442 lc.out.handle = &handle2;
443 sc.in.handle = &handle;
444 sc.out.handle = &handle2;
446 torture_comment(torture, "use policy handle on lsa p2 - should fail\n");
447 status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc);
448 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
449 "closing handle on lsa p2");
451 torture_comment(torture, "closing policy handle on samr p1\n");
452 torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc),
454 torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1");
460 torture_comment(torture, "connect samr pipe3 - should fail\n");
461 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
464 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
465 "opening samr pipe3");
467 torture_comment(torture, "connect lsa pipe4 - should fail\n");
468 status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc,
471 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
472 "opening lsa pipe4");
474 torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
475 status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr,
478 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
479 "opening samr pipe5");
481 torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
482 status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc,
485 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
486 "opening lsa pipe6");
488 talloc_free(mem_ctx);
493 static bool test_handles_random_assoc(struct torture_context *torture)
496 struct dcerpc_pipe *p1, *p2, *p3;
497 TALLOC_CTX *mem_ctx = talloc_new(torture);
498 enum dcerpc_transport_t transport;
499 uint32_t assoc_group_id;
501 torture_comment(torture, "RPC-HANDLE-RANDOM-ASSOC\n");
503 torture_comment(torture, "connect samr pipe1\n");
504 status = torture_rpc_connection(torture, &p1, &ndr_table_samr);
505 torture_assert_ntstatus_ok(torture, status, "opening samr pipe1");
507 transport = p1->conn->transport.transport;
508 assoc_group_id = p1->assoc_group_id;
510 torture_comment(torture, "pipe1 uses assoc_group_id[0x%08X]\n", assoc_group_id);
512 torture_comment(torture, "connect samr pipe2 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
513 status = torture_rpc_connection_transport(torture, &p2, &ndr_table_samr,
516 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
517 "opening samr pipe2");
519 torture_comment(torture, "connect samr pipe3 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id);
520 status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr,
523 torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL,
524 "opening samr pipe3");
526 talloc_free(mem_ctx);
532 static bool test_handles_drsuapi(struct torture_context *torture)
535 struct dcerpc_pipe *p1, *p2;
536 struct dcerpc_binding_handle *b1, *b2;
537 struct policy_handle handle;
538 struct policy_handle handle2;
539 struct GUID bind_guid;
540 struct drsuapi_DsBind r;
541 struct drsuapi_DsUnbind c;
542 TALLOC_CTX *mem_ctx = talloc_new(torture);
544 torture_comment(torture, "RPC-HANDLE-DRSUAPI\n");
546 status = torture_rpc_connection(torture, &p1, &ndr_table_drsuapi);
547 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
548 b1 = p1->binding_handle;
550 status = torture_rpc_connection(torture, &p2, &ndr_table_drsuapi);
551 torture_assert_ntstatus_ok(torture, status, "opening drsuapi pipe1");
552 b2 = p2->binding_handle;
554 GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid);
556 r.in.bind_guid = &bind_guid;
557 r.in.bind_info = NULL;
558 r.out.bind_handle = &handle;
560 status = dcerpc_drsuapi_DsBind_r(b1, mem_ctx, &r);
561 if (!NT_STATUS_IS_OK(status)) {
562 torture_comment(torture, "drsuapi_DsBind not supported - skipping\n");
563 talloc_free(mem_ctx);
567 c.in.bind_handle = &handle;
568 c.out.bind_handle = &handle2;
570 status = dcerpc_drsuapi_DsUnbind_r(b2, mem_ctx, &c);
571 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
572 "closing policy handle on p2");
574 status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
575 torture_assert_ntstatus_ok(torture, status, "closing policy handle on p1");
577 status = dcerpc_drsuapi_DsUnbind_r(b1, mem_ctx, &c);
578 torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH,
579 "closing policy handle on p1 again");
581 talloc_free(mem_ctx);
586 struct torture_suite *torture_rpc_handles(TALLOC_CTX *mem_ctx)
588 struct torture_suite *suite;
590 suite = torture_suite_create(mem_ctx, "HANDLES");
591 torture_suite_add_simple_test(suite, "lsarpc", test_handles_lsa);
592 torture_suite_add_simple_test(suite, "lsarpc-shared", test_handles_lsa_shared);
593 torture_suite_add_simple_test(suite, "samr", test_handles_samr);
594 torture_suite_add_simple_test(suite, "mixed-shared", test_handles_mixed_shared);
595 torture_suite_add_simple_test(suite, "random-assoc", test_handles_random_assoc);
596 torture_suite_add_simple_test(suite, "drsuapi", test_handles_drsuapi);
git.samba.org / sfrench / samba-autobuild / .git / blob