2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
7 Copyright (C) Günther Deschner 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "torture/torture.h"
25 #include "librpc/gen_ndr/ndr_winreg_c.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "libcli/security/security.h"
28 #include "torture/rpc/rpc.h"
30 #define TEST_KEY_BASE "smbtorture test"
31 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
32 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
33 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
34 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
35 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
36 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
37 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
39 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
41 static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
46 static void init_winreg_String(struct winreg_String *name, const char *s)
50 name->name_len = 2 * (strlen_m(s) + 1);
51 name->name_size = name->name_len;
58 static bool test_GetVersion(struct dcerpc_pipe *p,
59 struct torture_context *tctx,
60 struct policy_handle *handle)
62 struct winreg_GetVersion r;
69 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion(p, tctx, &r),
72 torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed");
77 static bool test_NotifyChangeKeyValue(struct dcerpc_pipe *p,
78 struct torture_context *tctx,
79 struct policy_handle *handle)
81 struct winreg_NotifyChangeKeyValue r;
84 r.in.watch_subtree = true;
85 r.in.notify_filter = 0;
86 r.in.unknown = r.in.unknown2 = 0;
87 init_winreg_String(&r.in.string1, NULL);
88 init_winreg_String(&r.in.string2, NULL);
90 torture_assert_ntstatus_ok(tctx,
91 dcerpc_winreg_NotifyChangeKeyValue(p, tctx, &r),
92 "NotifyChangeKeyValue failed");
94 if (!W_ERROR_IS_OK(r.out.result)) {
96 "NotifyChangeKeyValue failed - %s - not considering\n",
97 win_errstr(r.out.result));
104 static bool test_CreateKey(struct dcerpc_pipe *p, struct torture_context *tctx,
105 struct policy_handle *handle, const char *name,
108 struct winreg_CreateKey r;
109 struct policy_handle newhandle;
110 enum winreg_CreateAction action_taken = 0;
112 r.in.handle = handle;
113 r.out.new_handle = &newhandle;
114 init_winreg_String(&r.in.name, name);
115 init_winreg_String(&r.in.keyclass, class);
117 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
118 r.in.action_taken = r.out.action_taken = &action_taken;
121 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
124 torture_assert_werr_ok(tctx, r.out.result, "CreateKey failed");
131 createkey testing with a SD
133 static bool test_CreateKey_sd(struct dcerpc_pipe *p,
134 struct torture_context *tctx,
135 struct policy_handle *handle, const char *name,
137 struct policy_handle *newhandle)
139 struct winreg_CreateKey r;
140 enum winreg_CreateAction action_taken = 0;
141 struct security_descriptor *sd;
143 struct winreg_SecBuf secbuf;
145 sd = security_descriptor_dacl_create(tctx,
148 SID_NT_AUTHENTICATED_USERS,
149 SEC_ACE_TYPE_ACCESS_ALLOWED,
151 SEC_ACE_FLAG_OBJECT_INHERIT |
152 SEC_ACE_FLAG_CONTAINER_INHERIT,
155 torture_assert_ndr_success(tctx,
156 ndr_push_struct_blob(&sdblob, tctx, NULL, sd,
157 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
158 "Failed to push security_descriptor ?!\n");
160 secbuf.sd.data = sdblob.data;
161 secbuf.sd.len = sdblob.length;
162 secbuf.sd.size = sdblob.length;
163 secbuf.length = sdblob.length-10;
166 r.in.handle = handle;
167 r.out.new_handle = newhandle;
168 init_winreg_String(&r.in.name, name);
169 init_winreg_String(&r.in.keyclass, class);
171 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
172 r.in.action_taken = r.out.action_taken = &action_taken;
173 r.in.secdesc = &secbuf;
175 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
176 "CreateKey with sd failed");
178 torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed");
183 static bool _test_GetKeySecurity(struct dcerpc_pipe *p,
184 struct torture_context *tctx,
185 struct policy_handle *handle,
186 uint32_t *sec_info_ptr,
188 struct security_descriptor **sd_out)
190 struct winreg_GetKeySecurity r;
191 struct security_descriptor *sd = NULL;
196 sec_info = *sec_info_ptr;
198 sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
203 r.in.handle = handle;
204 r.in.sec_info = sec_info;
205 r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData);
206 r.in.sd->size = 0x1000;
208 torture_assert_ntstatus_ok(tctx,
209 dcerpc_winreg_GetKeySecurity(p, tctx, &r),
210 "GetKeySecurity failed");
212 torture_assert_werr_equal(tctx, r.out.result, get_werr,
213 "GetKeySecurity failed");
215 sdblob.data = r.out.sd->data;
216 sdblob.length = r.out.sd->len;
218 sd = talloc_zero(tctx, struct security_descriptor);
220 torture_assert_ndr_success(tctx,
221 ndr_pull_struct_blob(&sdblob, tctx, NULL, sd,
222 (ndr_pull_flags_fn_t)ndr_pull_security_descriptor),
223 "pull_security_descriptor failed");
225 if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
226 NDR_PRINT_DEBUG(security_descriptor, sd);
238 static bool test_GetKeySecurity(struct dcerpc_pipe *p,
239 struct torture_context *tctx,
240 struct policy_handle *handle,
241 struct security_descriptor **sd_out)
243 return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out);
246 static bool _test_SetKeySecurity(struct dcerpc_pipe *p,
247 struct torture_context *tctx,
248 struct policy_handle *handle,
249 uint32_t *sec_info_ptr,
250 struct security_descriptor *sd,
253 struct winreg_SetKeySecurity r;
254 struct KeySecurityData *sdata = NULL;
260 if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
261 NDR_PRINT_DEBUG(security_descriptor, sd);
264 torture_assert_ndr_success(tctx,
265 ndr_push_struct_blob(&sdblob, tctx, NULL, sd,
266 (ndr_push_flags_fn_t)ndr_push_security_descriptor),
267 "push_security_descriptor failed");
269 sdata = talloc_zero(tctx, struct KeySecurityData);
270 sdata->data = sdblob.data;
271 sdata->size = sdblob.length;
272 sdata->len = sdblob.length;
275 sec_info = *sec_info_ptr;
277 sec_info = SECINFO_UNPROTECTED_SACL |
278 SECINFO_UNPROTECTED_DACL;
280 sec_info |= SECINFO_OWNER;
283 sec_info |= SECINFO_GROUP;
286 sec_info |= SECINFO_SACL;
289 sec_info |= SECINFO_DACL;
293 r.in.handle = handle;
294 r.in.sec_info = sec_info;
297 torture_assert_ntstatus_ok(tctx,
298 dcerpc_winreg_SetKeySecurity(p, tctx, &r),
299 "SetKeySecurity failed");
301 torture_assert_werr_equal(tctx, r.out.result, werr,
302 "SetKeySecurity failed");
307 static bool test_SetKeySecurity(struct dcerpc_pipe *p,
308 struct torture_context *tctx,
309 struct policy_handle *handle,
310 struct security_descriptor *sd)
312 return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK);
315 static bool test_CloseKey(struct dcerpc_pipe *p, struct torture_context *tctx,
316 struct policy_handle *handle)
318 struct winreg_CloseKey r;
320 r.in.handle = r.out.handle = handle;
322 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey(p, tctx, &r),
325 torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");
330 static bool test_FlushKey(struct dcerpc_pipe *p, struct torture_context *tctx,
331 struct policy_handle *handle)
333 struct winreg_FlushKey r;
335 r.in.handle = handle;
337 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey(p, tctx, &r),
340 torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed");
345 static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
346 struct policy_handle *hive_handle,
347 const char *keyname, uint32_t access_mask,
348 struct policy_handle *key_handle,
352 struct winreg_OpenKey r;
354 r.in.parent_handle = hive_handle;
355 init_winreg_String(&r.in.keyname, keyname);
356 r.in.unknown = 0x00000000;
357 r.in.access_mask = access_mask;
358 r.out.handle = key_handle;
360 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r),
363 torture_assert_werr_equal(tctx, r.out.result, open_werr,
366 if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) {
373 static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
374 struct policy_handle *hive_handle,
375 const char *keyname, struct policy_handle *key_handle)
377 return _test_OpenKey(p, tctx, hive_handle, keyname,
378 SEC_FLAG_MAXIMUM_ALLOWED, key_handle,
382 static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx,
383 struct policy_handle *handle, const char *key)
385 struct winreg_DeleteKey r;
387 r.in.handle = handle;
389 init_winreg_String(&r.in.key, key);
390 dcerpc_winreg_DeleteKey(p, tctx, &r);
395 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p,
396 struct torture_context *tctx,
397 struct policy_handle *handle,
401 struct security_descriptor *sd = NULL;
403 if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) {
407 if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) {
414 static bool test_SecurityDescriptor(struct dcerpc_pipe *p,
415 struct torture_context *tctx,
416 struct policy_handle *handle,
419 struct policy_handle new_handle;
422 torture_comment(tctx, "SecurityDescriptor get & set\n");
424 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
428 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
433 if (!test_CloseKey(p, tctx, &new_handle)) {
440 static bool _test_SecurityDescriptor(struct dcerpc_pipe *p,
441 struct torture_context *tctx,
442 struct policy_handle *handle,
443 uint32_t access_mask,
449 struct policy_handle new_handle;
451 bool got_key = false;
453 if (!_test_OpenKey(p, tctx, handle, key, access_mask, &new_handle,
454 open_werr, &got_key)) {
462 if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
463 get_werr, set_werr)) {
467 if (!test_CloseKey(p, tctx, &new_handle)) {
474 static bool test_dacl_trustee_present(struct dcerpc_pipe *p,
475 struct torture_context *tctx,
476 struct policy_handle *handle,
477 const struct dom_sid *sid)
479 struct security_descriptor *sd = NULL;
482 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
486 if (!sd || !sd->dacl) {
490 for (i = 0; i < sd->dacl->num_aces; i++) {
491 if (dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) {
499 static bool _test_dacl_trustee_present(struct dcerpc_pipe *p,
500 struct torture_context *tctx,
501 struct policy_handle *handle,
503 const struct dom_sid *sid)
505 struct policy_handle new_handle;
508 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
512 ret = test_dacl_trustee_present(p, tctx, &new_handle, sid);
514 test_CloseKey(p, tctx, &new_handle);
519 static bool test_sacl_trustee_present(struct dcerpc_pipe *p,
520 struct torture_context *tctx,
521 struct policy_handle *handle,
522 const struct dom_sid *sid)
524 struct security_descriptor *sd = NULL;
526 uint32_t sec_info = SECINFO_SACL;
528 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
532 if (!sd || !sd->sacl) {
536 for (i = 0; i < sd->sacl->num_aces; i++) {
537 if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) {
545 static bool _test_sacl_trustee_present(struct dcerpc_pipe *p,
546 struct torture_context *tctx,
547 struct policy_handle *handle,
549 const struct dom_sid *sid)
551 struct policy_handle new_handle;
554 if (!_test_OpenKey(p, tctx, handle, key, SEC_FLAG_SYSTEM_SECURITY,
555 &new_handle, WERR_OK, NULL)) {
559 ret = test_sacl_trustee_present(p, tctx, &new_handle, sid);
561 test_CloseKey(p, tctx, &new_handle);
566 static bool test_owner_present(struct dcerpc_pipe *p,
567 struct torture_context *tctx,
568 struct policy_handle *handle,
569 const struct dom_sid *sid)
571 struct security_descriptor *sd = NULL;
572 uint32_t sec_info = SECINFO_OWNER;
574 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
578 if (!sd || !sd->owner_sid) {
582 return dom_sid_equal(sd->owner_sid, sid);
585 static bool _test_owner_present(struct dcerpc_pipe *p,
586 struct torture_context *tctx,
587 struct policy_handle *handle,
589 const struct dom_sid *sid)
591 struct policy_handle new_handle;
594 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
598 ret = test_owner_present(p, tctx, &new_handle, sid);
600 test_CloseKey(p, tctx, &new_handle);
605 static bool test_group_present(struct dcerpc_pipe *p,
606 struct torture_context *tctx,
607 struct policy_handle *handle,
608 const struct dom_sid *sid)
610 struct security_descriptor *sd = NULL;
611 uint32_t sec_info = SECINFO_GROUP;
613 if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
617 if (!sd || !sd->group_sid) {
621 return dom_sid_equal(sd->group_sid, sid);
624 static bool _test_group_present(struct dcerpc_pipe *p,
625 struct torture_context *tctx,
626 struct policy_handle *handle,
628 const struct dom_sid *sid)
630 struct policy_handle new_handle;
633 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
637 ret = test_group_present(p, tctx, &new_handle, sid);
639 test_CloseKey(p, tctx, &new_handle);
644 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p,
645 struct torture_context *tctx,
646 struct policy_handle *handle,
647 const struct dom_sid *sid,
650 struct security_descriptor *sd = NULL;
653 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
657 if (!sd || !sd->dacl) {
661 for (i = 0; i < sd->dacl->num_aces; i++) {
662 if ((dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) &&
663 (sd->dacl->aces[i].flags == flags)) {
671 static bool test_dacl_ace_present(struct dcerpc_pipe *p,
672 struct torture_context *tctx,
673 struct policy_handle *handle,
674 const struct security_ace *ace)
676 struct security_descriptor *sd = NULL;
679 if (!test_GetKeySecurity(p, tctx, handle, &sd)) {
683 if (!sd || !sd->dacl) {
687 for (i = 0; i < sd->dacl->num_aces; i++) {
688 if (security_ace_equal(&sd->dacl->aces[i], ace)) {
696 static bool test_RestoreSecurity(struct dcerpc_pipe *p,
697 struct torture_context *tctx,
698 struct policy_handle *handle,
700 struct security_descriptor *sd)
702 struct policy_handle new_handle;
705 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
709 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
713 if (!test_CloseKey(p, tctx, &new_handle)) {
720 static bool test_BackupSecurity(struct dcerpc_pipe *p,
721 struct torture_context *tctx,
722 struct policy_handle *handle,
724 struct security_descriptor **sd)
726 struct policy_handle new_handle;
729 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
733 if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) {
737 if (!test_CloseKey(p, tctx, &new_handle)) {
744 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p,
745 struct torture_context *tctx,
746 struct policy_handle *handle,
750 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
765 struct security_descriptor *sd = NULL;
766 struct security_descriptor *sd_orig = NULL;
767 struct security_ace *ace = NULL;
768 struct policy_handle new_handle;
772 torture_comment(tctx, "SecurityDescriptor inheritance\n");
774 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
778 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
782 sd_orig = security_descriptor_copy(tctx, sd);
783 if (sd_orig == NULL) {
787 ace = security_ace_create(tctx,
789 SEC_ACE_TYPE_ACCESS_ALLOWED,
791 SEC_ACE_FLAG_CONTAINER_INHERIT);
793 status = security_descriptor_dacl_add(sd, ace);
794 if (!NT_STATUS_IS_OK(status)) {
795 printf("failed to add ace: %s\n", nt_errstr(status));
799 /* FIXME: add further tests for these flags */
800 sd->type |= SEC_DESC_DACL_AUTO_INHERIT_REQ |
801 SEC_DESC_SACL_AUTO_INHERITED;
803 if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) {
807 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
808 printf("new ACE not present!\n");
812 if (!test_CloseKey(p, tctx, &new_handle)) {
816 if (!test_CreateKey(p, tctx, handle, TEST_SUBKEY_SD, NULL)) {
821 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
826 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
827 printf("inherited ACE not present!\n");
832 test_CloseKey(p, tctx, &new_handle);
833 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
838 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
843 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
844 printf("inherited ACE not present!\n");
850 test_CloseKey(p, tctx, &new_handle);
851 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
852 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
853 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
858 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe *p,
859 struct torture_context *tctx,
860 struct policy_handle *handle,
864 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
876 struct security_descriptor *sd = NULL;
877 struct security_descriptor *sd_orig = NULL;
878 struct security_ace *ace = NULL;
879 struct policy_handle new_handle;
880 struct dom_sid *sid = NULL;
883 uint8_t ace_flags = 0x0;
885 torture_comment(tctx, "SecurityDescriptor inheritance block\n");
887 if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
891 if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) {
895 sd_orig = security_descriptor_copy(tctx, sd);
896 if (sd_orig == NULL) {
900 ace = security_ace_create(tctx,
902 SEC_ACE_TYPE_ACCESS_ALLOWED,
904 SEC_ACE_FLAG_CONTAINER_INHERIT |
905 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT);
907 status = security_descriptor_dacl_add(sd, ace);
908 if (!NT_STATUS_IS_OK(status)) {
909 printf("failed to add ace: %s\n", nt_errstr(status));
913 if (!_test_SetKeySecurity(p, tctx, &new_handle, NULL, sd, WERR_OK)) {
917 if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) {
918 printf("new ACE not present!\n");
922 if (!test_CloseKey(p, tctx, &new_handle)) {
926 if (!test_CreateKey(p, tctx, handle, TEST_SUBSUBKEY_SD, NULL)) {
930 if (!test_OpenKey(p, tctx, handle, TEST_SUBSUBKEY_SD, &new_handle)) {
935 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
936 printf("inherited ACE present but should not!\n");
941 sid = dom_sid_parse_talloc(tctx, TEST_SID);
946 if (test_dacl_trustee_present(p, tctx, &new_handle, sid)) {
947 printf("inherited trustee SID present but should not!\n");
952 test_CloseKey(p, tctx, &new_handle);
954 if (!test_OpenKey(p, tctx, handle, TEST_SUBKEY_SD, &new_handle)) {
959 if (test_dacl_ace_present(p, tctx, &new_handle, ace)) {
960 printf("inherited ACE present but should not!\n");
965 if (!test_dacl_trustee_flags_present(p, tctx, &new_handle, sid, ace_flags)) {
966 printf("inherited trustee SID with flags 0x%02x not present!\n",
973 test_CloseKey(p, tctx, &new_handle);
974 test_Cleanup(p, tctx, handle, TEST_SUBSUBKEY_SD);
975 test_Cleanup(p, tctx, handle, TEST_SUBKEY_SD);
976 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
981 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe *p,
982 struct torture_context *tctx,
983 struct policy_handle *handle,
989 struct winreg_mask_result_table {
990 uint32_t access_mask;
994 } sd_mask_tests[] = {
996 WERR_ACCESS_DENIED, WERR_BADFILE, WERR_FOOBAR },
997 { SEC_FLAG_MAXIMUM_ALLOWED,
998 WERR_OK, WERR_OK, WERR_OK },
1000 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR },
1001 { SEC_FLAG_SYSTEM_SECURITY,
1002 WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR }
1005 /* FIXME: before this test can ever run successfully we need a way to
1006 * correctly read a NULL security_descritpor in ndr, get the required
1007 * length, requery, etc.
1012 for (i=0; i < ARRAY_SIZE(sd_mask_tests); i++) {
1014 torture_comment(tctx,
1015 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1016 sd_mask_tests[i].access_mask);
1017 torture_comment(tctx,
1018 "expecting: open %s, get: %s, set: %s\n",
1019 win_errstr(sd_mask_tests[i].open_werr),
1020 win_errstr(sd_mask_tests[i].get_werr),
1021 win_errstr(sd_mask_tests[i].set_werr));
1023 if (_test_SecurityDescriptor(p, tctx, handle,
1024 sd_mask_tests[i].access_mask, key,
1025 sd_mask_tests[i].open_werr,
1026 sd_mask_tests[i].get_werr,
1027 sd_mask_tests[i].set_werr)) {
1035 typedef bool (*secinfo_verify_fn)(struct dcerpc_pipe *,
1036 struct torture_context *,
1037 struct policy_handle *,
1039 const struct dom_sid *);
1041 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe *p,
1042 struct torture_context *tctx,
1043 struct policy_handle *handle,
1046 uint32_t access_mask,
1048 struct security_descriptor *sd,
1050 bool expect_present,
1051 bool (*fn) (struct dcerpc_pipe *,
1052 struct torture_context *,
1053 struct policy_handle *,
1055 const struct dom_sid *),
1056 const struct dom_sid *sid)
1058 struct policy_handle new_handle;
1059 bool open_success = false;
1061 torture_comment(tctx, "SecurityDescriptor (%s) sets for secinfo: "
1062 "0x%08x, access_mask: 0x%08x\n",
1063 test, sec_info, access_mask);
1065 if (!_test_OpenKey(p, tctx, handle, key,
1073 if (!open_success) {
1074 printf("key did not open\n");
1075 test_CloseKey(p, tctx, &new_handle);
1079 if (!_test_SetKeySecurity(p, tctx, &new_handle, &sec_info,
1082 torture_warning(tctx,
1083 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1086 test_CloseKey(p, tctx, &new_handle);
1090 test_CloseKey(p, tctx, &new_handle);
1092 if (W_ERROR_IS_OK(set_werr)) {
1094 present = fn(p, tctx, handle, key, sid);
1095 if ((expect_present) && (!present)) {
1096 torture_warning(tctx,
1097 "%s sid is not present!\n",
1101 if ((!expect_present) && (present)) {
1102 torture_warning(tctx,
1103 "%s sid is present but not expected!\n",
1112 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe *p,
1113 struct torture_context *tctx,
1114 struct policy_handle *handle,
1117 struct security_descriptor *sd_orig = NULL;
1118 struct dom_sid *sid = NULL;
1122 struct security_descriptor *sd_owner =
1123 security_descriptor_dacl_create(tctx,
1125 TEST_SID, NULL, NULL);
1127 struct security_descriptor *sd_group =
1128 security_descriptor_dacl_create(tctx,
1130 NULL, TEST_SID, NULL);
1132 struct security_descriptor *sd_dacl =
1133 security_descriptor_dacl_create(tctx,
1137 SEC_ACE_TYPE_ACCESS_ALLOWED,
1140 SID_NT_AUTHENTICATED_USERS,
1141 SEC_ACE_TYPE_ACCESS_ALLOWED,
1146 struct security_descriptor *sd_sacl =
1147 security_descriptor_sacl_create(tctx,
1151 SEC_ACE_TYPE_SYSTEM_AUDIT,
1153 SEC_ACE_FLAG_SUCCESSFUL_ACCESS,
1156 struct winreg_secinfo_table {
1157 struct security_descriptor *sd;
1161 secinfo_verify_fn fn;
1164 struct winreg_secinfo_table sec_info_owner_tests[] = {
1165 { sd_owner, 0, WERR_OK,
1166 false, (secinfo_verify_fn)_test_owner_present },
1167 { sd_owner, SECINFO_OWNER, WERR_OK,
1168 true, (secinfo_verify_fn)_test_owner_present },
1169 { sd_owner, SECINFO_GROUP, WERR_INVALID_PARAM },
1170 { sd_owner, SECINFO_DACL, WERR_OK,
1171 true, (secinfo_verify_fn)_test_owner_present },
1172 { sd_owner, SECINFO_SACL, WERR_ACCESS_DENIED },
1175 uint32_t sd_owner_good_access_masks[] = {
1176 SEC_FLAG_MAXIMUM_ALLOWED,
1177 /* SEC_STD_WRITE_OWNER, */
1180 struct winreg_secinfo_table sec_info_group_tests[] = {
1181 { sd_group, 0, WERR_OK,
1182 false, (secinfo_verify_fn)_test_group_present },
1183 { sd_group, SECINFO_OWNER, WERR_INVALID_PARAM },
1184 { sd_group, SECINFO_GROUP, WERR_OK,
1185 true, (secinfo_verify_fn)_test_group_present },
1186 { sd_group, SECINFO_DACL, WERR_OK,
1187 true, (secinfo_verify_fn)_test_group_present },
1188 { sd_group, SECINFO_SACL, WERR_ACCESS_DENIED },
1191 uint32_t sd_group_good_access_masks[] = {
1192 SEC_FLAG_MAXIMUM_ALLOWED,
1195 struct winreg_secinfo_table sec_info_dacl_tests[] = {
1196 { sd_dacl, 0, WERR_OK,
1197 false, (secinfo_verify_fn)_test_dacl_trustee_present },
1198 { sd_dacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1199 { sd_dacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1200 { sd_dacl, SECINFO_DACL, WERR_OK,
1201 true, (secinfo_verify_fn)_test_dacl_trustee_present },
1202 { sd_dacl, SECINFO_SACL, WERR_ACCESS_DENIED },
1205 uint32_t sd_dacl_good_access_masks[] = {
1206 SEC_FLAG_MAXIMUM_ALLOWED,
1210 struct winreg_secinfo_table sec_info_sacl_tests[] = {
1211 { sd_sacl, 0, WERR_OK,
1212 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1213 { sd_sacl, SECINFO_OWNER, WERR_INVALID_PARAM },
1214 { sd_sacl, SECINFO_GROUP, WERR_INVALID_PARAM },
1215 { sd_sacl, SECINFO_DACL, WERR_OK,
1216 false, (secinfo_verify_fn)_test_sacl_trustee_present },
1217 { sd_sacl, SECINFO_SACL, WERR_OK,
1218 true, (secinfo_verify_fn)_test_sacl_trustee_present },
1221 uint32_t sd_sacl_good_access_masks[] = {
1222 SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY,
1223 /* SEC_FLAG_SYSTEM_SECURITY, */
1226 sid = dom_sid_parse_talloc(tctx, TEST_SID);
1231 if (!test_BackupSecurity(p, tctx, handle, key, &sd_orig)) {
1237 for (i=0; i < ARRAY_SIZE(sec_info_owner_tests); i++) {
1239 for (a=0; a < ARRAY_SIZE(sd_owner_good_access_masks); a++) {
1241 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1244 sd_owner_good_access_masks[a],
1245 sec_info_owner_tests[i].sec_info,
1246 sec_info_owner_tests[i].sd,
1247 sec_info_owner_tests[i].set_werr,
1248 sec_info_owner_tests[i].sid_present,
1249 sec_info_owner_tests[i].fn,
1252 printf("test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1261 for (i=0; i < ARRAY_SIZE(sec_info_group_tests); i++) {
1263 for (a=0; a < ARRAY_SIZE(sd_group_good_access_masks); a++) {
1265 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1268 sd_group_good_access_masks[a],
1269 sec_info_group_tests[i].sec_info,
1270 sec_info_group_tests[i].sd,
1271 sec_info_group_tests[i].set_werr,
1272 sec_info_group_tests[i].sid_present,
1273 sec_info_group_tests[i].fn,
1276 printf("test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1285 for (i=0; i < ARRAY_SIZE(sec_info_dacl_tests); i++) {
1287 for (a=0; a < ARRAY_SIZE(sd_dacl_good_access_masks); a++) {
1289 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1292 sd_dacl_good_access_masks[a],
1293 sec_info_dacl_tests[i].sec_info,
1294 sec_info_dacl_tests[i].sd,
1295 sec_info_dacl_tests[i].set_werr,
1296 sec_info_dacl_tests[i].sid_present,
1297 sec_info_dacl_tests[i].fn,
1300 printf("test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1309 for (i=0; i < ARRAY_SIZE(sec_info_sacl_tests); i++) {
1311 for (a=0; a < ARRAY_SIZE(sd_sacl_good_access_masks); a++) {
1313 if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle,
1316 sd_sacl_good_access_masks[a],
1317 sec_info_sacl_tests[i].sec_info,
1318 sec_info_sacl_tests[i].sd,
1319 sec_info_sacl_tests[i].set_werr,
1320 sec_info_sacl_tests[i].sid_present,
1321 sec_info_sacl_tests[i].fn,
1324 printf("test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1332 test_RestoreSecurity(p, tctx, handle, key, sd_orig);
1337 static bool test_SecurityDescriptors(struct dcerpc_pipe *p,
1338 struct torture_context *tctx,
1339 struct policy_handle *handle,
1344 if (!test_SecurityDescriptor(p, tctx, handle, key)) {
1345 printf("test_SecurityDescriptor failed\n");
1349 if (!test_SecurityDescriptorInheritance(p, tctx, handle, key)) {
1350 printf("test_SecurityDescriptorInheritance failed\n");
1354 if (!test_SecurityDescriptorBlockInheritance(p, tctx, handle, key)) {
1355 printf("test_SecurityDescriptorBlockInheritance failed\n");
1359 if (!test_SecurityDescriptorsSecInfo(p, tctx, handle, key)) {
1360 printf("test_SecurityDescriptorsSecInfo failed\n");
1364 if (!test_SecurityDescriptorsMasks(p, tctx, handle, key)) {
1365 printf("test_SecurityDescriptorsMasks failed\n");
1372 static bool test_DeleteKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1373 struct policy_handle *handle, const char *key)
1376 struct winreg_DeleteKey r;
1378 r.in.handle = handle;
1379 init_winreg_String(&r.in.key, key);
1381 status = dcerpc_winreg_DeleteKey(p, tctx, &r);
1383 torture_assert_ntstatus_ok(tctx, status, "DeleteKey failed");
1384 torture_assert_werr_ok(tctx, r.out.result, "DeleteKey failed");
1389 /* DeleteKey on a key with subkey(s) should
1390 * return WERR_ACCESS_DENIED. */
1391 static bool test_DeleteKeyWithSubkey(struct dcerpc_pipe *p,
1392 struct torture_context *tctx,
1393 struct policy_handle *handle,
1396 struct winreg_DeleteKey r;
1398 r.in.handle = handle;
1399 init_winreg_String(&r.in.key, key);
1401 torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteKey(p, tctx, &r),
1402 "DeleteKeyWithSubkey failed");
1404 torture_assert_werr_equal(tctx, r.out.result, WERR_ACCESS_DENIED,
1405 "DeleteKeyWithSubkey failed");
1410 static bool test_QueryInfoKey(struct dcerpc_pipe *p,
1411 struct torture_context *tctx,
1412 struct policy_handle *handle, char *class)
1414 struct winreg_QueryInfoKey r;
1415 uint32_t num_subkeys, max_subkeylen, max_subkeysize,
1416 num_values, max_valnamelen, max_valbufsize,
1418 NTTIME last_changed_time;
1421 r.in.handle = handle;
1422 r.out.num_subkeys = &num_subkeys;
1423 r.out.max_subkeylen = &max_subkeylen;
1424 r.out.max_subkeysize = &max_subkeysize;
1425 r.out.num_values = &num_values;
1426 r.out.max_valnamelen = &max_valnamelen;
1427 r.out.max_valbufsize = &max_valbufsize;
1428 r.out.secdescsize = &secdescsize;
1429 r.out.last_changed_time = &last_changed_time;
1431 r.out.classname = talloc(tctx, struct winreg_String);
1433 r.in.classname = talloc(tctx, struct winreg_String);
1434 init_winreg_String(r.in.classname, class);
1436 torture_assert_ntstatus_ok(tctx,
1437 dcerpc_winreg_QueryInfoKey(p, tctx, &r),
1438 "QueryInfoKey failed");
1440 torture_assert_werr_ok(tctx, r.out.result, "QueryInfoKey failed");
1445 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1446 struct policy_handle *handle, int depth);
1448 static bool test_EnumKey(struct dcerpc_pipe *p, struct torture_context *tctx,
1449 struct policy_handle *handle, int depth)
1451 struct winreg_EnumKey r;
1452 struct winreg_StringBuf class, name;
1459 r.in.handle = handle;
1460 r.in.enum_index = 0;
1462 r.in.keyclass = &class;
1464 r.in.last_changed_time = &t;
1470 status = dcerpc_winreg_EnumKey(p, tctx, &r);
1472 if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) {
1473 struct policy_handle key_handle;
1475 torture_comment(tctx, "EnumKey: %d: %s\n",
1479 if (!test_OpenKey(p, tctx, handle, r.out.name->name,
1482 test_key(p, tctx, &key_handle, depth + 1);
1488 } while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result));
1490 torture_assert_ntstatus_ok(tctx, status, "EnumKey failed");
1492 if (!W_ERROR_IS_OK(r.out.result) &&
1493 !W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
1494 torture_fail(tctx, "EnumKey failed");
1500 static bool test_QueryMultipleValues(struct dcerpc_pipe *p,
1501 struct torture_context *tctx,
1502 struct policy_handle *handle,
1503 const char *valuename)
1505 struct winreg_QueryMultipleValues r;
1509 r.in.key_handle = handle;
1510 r.in.values = r.out.values = talloc_array(tctx, struct QueryMultipleValue, 1);
1511 r.in.values[0].name = talloc(tctx, struct winreg_String);
1512 r.in.values[0].name->name = valuename;
1513 r.in.values[0].offset = 0;
1514 r.in.values[0].length = 0;
1515 r.in.values[0].type = 0;
1517 r.in.num_values = 1;
1518 r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t);
1519 *r.in.buffer_size = bufsize;
1521 *r.in.buffer_size = bufsize;
1522 r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t,
1525 status = dcerpc_winreg_QueryMultipleValues(p, tctx, &r);
1527 if(NT_STATUS_IS_ERR(status))
1528 torture_fail(tctx, "QueryMultipleValues failed");
1530 talloc_free(r.in.buffer);
1532 } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));
1534 torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed");
1539 static bool test_QueryValue(struct dcerpc_pipe *p,
1540 struct torture_context *tctx,
1541 struct policy_handle *handle,
1542 const char *valuename)
1544 struct winreg_QueryValue r;
1546 enum winreg_Type zero_type = 0;
1547 uint32_t offered = 0xfff;
1550 r.in.handle = handle;
1552 r.in.value_name.name = valuename;
1553 r.in.type = &zero_type;
1554 r.in.size = &offered;
1555 r.in.length = &zero;
1557 status = dcerpc_winreg_QueryValue(p, tctx, &r);
1558 if (NT_STATUS_IS_ERR(status)) {
1559 torture_fail(tctx, "QueryValue failed");
1562 torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");
1567 static bool test_EnumValue(struct dcerpc_pipe *p, struct torture_context *tctx,
1568 struct policy_handle *handle, int max_valnamelen,
1571 struct winreg_EnumValue r;
1572 enum winreg_Type type = 0;
1573 uint32_t size = max_valbufsize, zero = 0;
1576 struct winreg_StringBuf name;
1581 r.in.handle = handle;
1582 r.in.enum_index = 0;
1587 r.in.length = &zero;
1591 torture_assert_ntstatus_ok(tctx,
1592 dcerpc_winreg_EnumValue(p, tctx, &r),
1593 "EnumValue failed");
1595 if (W_ERROR_IS_OK(r.out.result)) {
1596 ret &= test_QueryValue(p, tctx, handle,
1598 ret &= test_QueryMultipleValues(p, tctx, handle,
1603 } while (W_ERROR_IS_OK(r.out.result));
1605 torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS,
1606 "EnumValue failed");
1611 static bool test_AbortSystemShutdown(struct dcerpc_pipe *p,
1612 struct torture_context *tctx)
1614 struct winreg_AbortSystemShutdown r;
1615 uint16_t server = 0x0;
1617 r.in.server = &server;
1619 torture_assert_ntstatus_ok(tctx,
1620 dcerpc_winreg_AbortSystemShutdown(p, tctx, &r),
1621 "AbortSystemShutdown failed");
1623 torture_assert_werr_ok(tctx, r.out.result,
1624 "AbortSystemShutdown failed");
1629 static bool test_InitiateSystemShutdown(struct torture_context *tctx,
1630 struct dcerpc_pipe *p)
1632 struct winreg_InitiateSystemShutdown r;
1633 uint16_t hostname = 0x0;
1635 r.in.hostname = &hostname;
1636 r.in.message = talloc(tctx, struct lsa_StringLarge);
1637 init_lsa_StringLarge(r.in.message, "spottyfood");
1638 r.in.force_apps = 1;
1642 torture_assert_ntstatus_ok(tctx,
1643 dcerpc_winreg_InitiateSystemShutdown(p, tctx, &r),
1644 "InitiateSystemShutdown failed");
1646 torture_assert_werr_ok(tctx, r.out.result,
1647 "InitiateSystemShutdown failed");
1649 return test_AbortSystemShutdown(p, tctx);
1653 static bool test_InitiateSystemShutdownEx(struct torture_context *tctx,
1654 struct dcerpc_pipe *p)
1656 struct winreg_InitiateSystemShutdownEx r;
1657 uint16_t hostname = 0x0;
1659 r.in.hostname = &hostname;
1660 r.in.message = talloc(tctx, struct lsa_StringLarge);
1661 init_lsa_StringLarge(r.in.message, "spottyfood");
1662 r.in.force_apps = 1;
1667 torture_assert_ntstatus_ok(tctx,
1668 dcerpc_winreg_InitiateSystemShutdownEx(p, tctx, &r),
1669 "InitiateSystemShutdownEx failed");
1671 torture_assert_werr_ok(tctx, r.out.result,
1672 "InitiateSystemShutdownEx failed");
1674 return test_AbortSystemShutdown(p, tctx);
1676 #define MAX_DEPTH 2 /* Only go this far down the tree */
1678 static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
1679 struct policy_handle *handle, int depth)
1681 if (depth == MAX_DEPTH)
1684 if (!test_QueryInfoKey(p, tctx, handle, NULL)) {
1687 if (!test_NotifyChangeKeyValue(p, tctx, handle)) {
1690 if (!test_GetKeySecurity(p, tctx, handle, NULL)) {
1693 if (!test_EnumKey(p, tctx, handle, depth)) {
1696 if (!test_EnumValue(p, tctx, handle, 0xFF, 0xFFFF)) {
1699 test_CloseKey(p, tctx, handle);
1704 typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);
1706 static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p,
1709 struct policy_handle handle, newhandle;
1710 bool ret = true, created = false, created2 = false, deleted = false;
1711 bool created3 = false, created_subkey = false;
1712 bool created4 = false;
1713 struct winreg_OpenHKLM r;
1715 winreg_open_fn open_fn = userdata;
1717 r.in.system_name = 0;
1718 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1719 r.out.handle = &handle;
1721 torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, &r),
1724 test_Cleanup(p, tctx, &handle, TEST_KEY1);
1725 test_Cleanup(p, tctx, &handle, TEST_SUBSUBKEY_SD);
1726 test_Cleanup(p, tctx, &handle, TEST_SUBKEY_SD);
1727 test_Cleanup(p, tctx, &handle, TEST_KEY4);
1728 test_Cleanup(p, tctx, &handle, TEST_KEY2);
1729 test_Cleanup(p, tctx, &handle, TEST_SUBKEY);
1730 test_Cleanup(p, tctx, &handle, TEST_KEY3);
1731 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1733 if (!test_CreateKey(p, tctx, &handle, TEST_KEY1, NULL)) {
1734 torture_comment(tctx,
1735 "CreateKey failed - not considering a failure\n");
1740 if (created && !test_FlushKey(p, tctx, &handle)) {
1741 torture_comment(tctx, "FlushKey failed\n");
1745 if (created && !test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle))
1747 "CreateKey failed (OpenKey after Create didn't work)\n");
1749 if (created && !test_CloseKey(p, tctx, &newhandle))
1751 "CreateKey failed (CloseKey after Open didn't work)\n");
1753 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY1)) {
1754 torture_comment(tctx, "DeleteKey failed\n");
1760 if (created && !test_FlushKey(p, tctx, &handle)) {
1761 torture_comment(tctx, "FlushKey failed\n");
1765 if (created && deleted &&
1766 test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle)) {
1767 torture_comment(tctx,
1768 "DeleteKey failed (OpenKey after Delete worked)\n");
1772 if (!test_GetVersion(p, tctx, &handle)) {
1773 torture_comment(tctx, "GetVersion failed\n");
1777 if (created && test_CreateKey_sd(p, tctx, &handle, TEST_KEY2,
1778 NULL, &newhandle)) {
1782 if (created2 && !test_CloseKey(p, tctx, &newhandle)) {
1783 printf("CloseKey failed\n");
1787 if (test_CreateKey_sd(p, tctx, &handle, TEST_KEY4, NULL, &newhandle)) {
1791 if (!created4 && !test_CloseKey(p, tctx, &newhandle)) {
1792 printf("CloseKey failed\n");
1796 if (created4 && !test_SecurityDescriptors(p, tctx, &handle, TEST_KEY4)) {
1800 if (created4 && !test_DeleteKey(p, tctx, &handle, TEST_KEY4)) {
1801 printf("DeleteKey failed\n");
1806 if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY2)) {
1807 printf("DeleteKey failed\n");
1811 if (created && test_CreateKey(p, tctx, &handle, TEST_KEY3, NULL)) {
1816 test_CreateKey(p, tctx, &handle, TEST_SUBKEY, NULL)) {
1817 created_subkey = true;
1820 if (created_subkey &&
1821 !test_DeleteKeyWithSubkey(p, tctx, &handle, TEST_KEY3)) {
1822 printf("DeleteKeyWithSubkey failed "
1823 "(DeleteKey didn't return ACCESS_DENIED)\n");
1827 if (created_subkey &&
1828 !test_DeleteKey(p, tctx, &handle, TEST_SUBKEY)) {
1829 printf("DeleteKey failed\n");
1834 !test_DeleteKey(p, tctx, &handle, TEST_KEY3)) {
1835 printf("DeleteKey failed\n");
1839 /* The HKCR hive has a very large fanout */
1840 if (open_fn == (void *)dcerpc_winreg_OpenHKCR) {
1841 if(!test_key(p, tctx, &handle, MAX_DEPTH - 1)) {
1846 if (!test_key(p, tctx, &handle, 0)) {
1850 test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);
1855 struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx)
1860 } open_fns[] = {{"OpenHKLM", (winreg_open_fn)dcerpc_winreg_OpenHKLM },
1861 {"OpenHKU", (winreg_open_fn)dcerpc_winreg_OpenHKU },
1862 {"OpenHKCR", (winreg_open_fn)dcerpc_winreg_OpenHKCR },
1863 {"OpenHKCU", (winreg_open_fn)dcerpc_winreg_OpenHKCU }};
1865 struct torture_rpc_tcase *tcase;
1866 struct torture_suite *suite = torture_suite_create(mem_ctx, "WINREG");
1867 struct torture_test *test;
1869 tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg",
1872 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown",
1873 test_InitiateSystemShutdown);
1874 test->dangerous = true;
1876 test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx",
1877 test_InitiateSystemShutdownEx);
1878 test->dangerous = true;
1880 for (i = 0; i < ARRAY_SIZE(open_fns); i++) {
1881 torture_rpc_tcase_add_test_ex(tcase, open_fns[i].name,
1882 test_Open, open_fns[i].fn);