2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 2 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program; if not, write to the Free Software
20 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
24 #include "torture/torture.h"
25 #include "librpc/gen_ndr/ndr_lsa.h"
26 #include "lib/events/events.h"
28 static void init_lsa_String(struct lsa_String *name, const char *s)
33 static BOOL test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
35 struct lsa_ObjectAttribute attr;
36 struct policy_handle handle;
37 struct lsa_QosInfo qos;
38 struct lsa_OpenPolicy r;
40 uint16_t system_name = '\\';
42 printf("\ntesting OpenPolicy\n");
45 qos.impersonation_level = 2;
47 qos.effective_only = 0;
51 attr.object_name = NULL;
56 r.in.system_name = &system_name;
58 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
59 r.out.handle = &handle;
61 status = dcerpc_lsa_OpenPolicy(p, mem_ctx, &r);
62 if (!NT_STATUS_IS_OK(status)) {
63 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
64 NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
65 printf("not considering %s to be an error\n", nt_errstr(status));
68 printf("OpenPolicy failed - %s\n", nt_errstr(status));
76 BOOL test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
77 struct policy_handle **handle)
79 struct lsa_ObjectAttribute attr;
80 struct lsa_QosInfo qos;
81 struct lsa_OpenPolicy2 r;
84 printf("\ntesting OpenPolicy2\n");
86 *handle = talloc(mem_ctx, struct policy_handle);
92 qos.impersonation_level = 2;
94 qos.effective_only = 0;
98 attr.object_name = NULL;
100 attr.sec_desc = NULL;
103 r.in.system_name = "\\";
105 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
106 r.out.handle = *handle;
108 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
109 if (!NT_STATUS_IS_OK(status)) {
110 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
111 NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
112 printf("not considering %s to be an error\n", nt_errstr(status));
113 talloc_free(*handle);
117 printf("OpenPolicy2 failed - %s\n", nt_errstr(status));
124 static BOOL test_LookupNames(struct dcerpc_pipe *p,
126 struct policy_handle *handle,
127 struct lsa_TransNameArray *tnames)
129 struct lsa_LookupNames r;
130 struct lsa_TransSidArray sids;
131 struct lsa_String *names;
136 printf("\nTesting LookupNames with %d names\n", tnames->count);
141 names = talloc_array(mem_ctx, struct lsa_String, tnames->count);
142 for (i=0;i<tnames->count;i++) {
143 init_lsa_String(&names[i], tnames->names[i].name.string);
146 r.in.handle = handle;
147 r.in.num_names = tnames->count;
152 r.out.count = &count;
155 status = dcerpc_lsa_LookupNames(p, mem_ctx, &r);
156 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
157 printf("LookupNames failed - %s\n", nt_errstr(status));
166 static BOOL test_LookupNames2(struct dcerpc_pipe *p,
168 struct policy_handle *handle,
169 struct lsa_TransNameArray2 *tnames)
171 struct lsa_LookupNames2 r;
172 struct lsa_TransSidArray2 sids;
173 struct lsa_String *names;
178 printf("\nTesting LookupNames2 with %d names\n", tnames->count);
183 names = talloc_array(mem_ctx, struct lsa_String, tnames->count);
184 for (i=0;i<tnames->count;i++) {
185 init_lsa_String(&names[i], tnames->names[i].name.string);
188 r.in.handle = handle;
189 r.in.num_names = tnames->count;
196 r.out.count = &count;
199 status = dcerpc_lsa_LookupNames2(p, mem_ctx, &r);
200 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
201 printf("LookupNames2 failed - %s\n", nt_errstr(status));
211 static BOOL test_LookupNames3(struct dcerpc_pipe *p,
213 struct policy_handle *handle,
214 struct lsa_TransNameArray2 *tnames)
216 struct lsa_LookupNames3 r;
217 struct lsa_TransSidArray3 sids;
218 struct lsa_String *names;
223 printf("\nTesting LookupNames3 with %d names\n", tnames->count);
228 names = talloc_array(mem_ctx, struct lsa_String, tnames->count);
229 for (i=0;i<tnames->count;i++) {
230 init_lsa_String(&names[i], tnames->names[i].name.string);
233 r.in.handle = handle;
234 r.in.num_names = tnames->count;
241 r.out.count = &count;
244 status = dcerpc_lsa_LookupNames3(p, mem_ctx, &r);
245 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
246 printf("LookupNames3 failed - %s\n", nt_errstr(status));
255 static BOOL test_LookupNames4(struct dcerpc_pipe *p,
257 struct lsa_TransNameArray2 *tnames)
259 struct lsa_LookupNames4 r;
260 struct lsa_TransSidArray3 sids;
261 struct lsa_String *names;
266 printf("\nTesting LookupNames4 with %d names\n", tnames->count);
271 names = talloc_array(mem_ctx, struct lsa_String, tnames->count);
272 for (i=0;i<tnames->count;i++) {
273 init_lsa_String(&names[i], tnames->names[i].name.string);
276 r.in.num_names = tnames->count;
283 r.out.count = &count;
286 status = dcerpc_lsa_LookupNames4(p, mem_ctx, &r);
287 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
288 printf("LookupNames4 failed - %s\n", nt_errstr(status));
298 static BOOL test_LookupSids(struct dcerpc_pipe *p,
300 struct policy_handle *handle,
301 struct lsa_SidArray *sids)
303 struct lsa_LookupSids r;
304 struct lsa_TransNameArray names;
305 uint32_t count = sids->num_sids;
308 printf("\nTesting LookupSids\n");
313 r.in.handle = handle;
318 r.out.count = &count;
319 r.out.names = &names;
321 status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
322 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
323 printf("LookupSids failed - %s\n", nt_errstr(status));
329 if (!test_LookupNames(p, mem_ctx, handle, &names)) {
337 static BOOL test_LookupSids2(struct dcerpc_pipe *p,
339 struct policy_handle *handle,
340 struct lsa_SidArray *sids)
342 struct lsa_LookupSids2 r;
343 struct lsa_TransNameArray2 names;
344 uint32_t count = sids->num_sids;
347 printf("\nTesting LookupSids2\n");
352 r.in.handle = handle;
359 r.out.count = &count;
360 r.out.names = &names;
362 status = dcerpc_lsa_LookupSids2(p, mem_ctx, &r);
363 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
364 printf("LookupSids2 failed - %s\n", nt_errstr(status));
370 if (!test_LookupNames2(p, mem_ctx, handle, &names)) {
374 if (!test_LookupNames3(p, mem_ctx, handle, &names)) {
381 static BOOL test_LookupSids3(struct dcerpc_pipe *p,
383 struct lsa_SidArray *sids)
385 struct lsa_LookupSids3 r;
386 struct lsa_TransNameArray2 names;
387 uint32_t count = sids->num_sids;
390 printf("\nTesting LookupSids3\n");
401 r.out.count = &count;
402 r.out.names = &names;
404 status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
405 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
406 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
407 NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
408 printf("not considering %s to be an error\n", nt_errstr(status));
411 printf("LookupSids3 failed - %s - not considered an error\n",
418 if (!test_LookupNames4(p, mem_ctx, &names)) {
425 BOOL test_many_LookupSids(struct dcerpc_pipe *p,
427 struct policy_handle *handle)
431 struct lsa_SidArray sids;
434 printf("\nTesting LookupSids with lots of SIDs\n");
438 sids.sids = talloc_array(mem_ctx, struct lsa_SidPtr, sids.num_sids);
440 for (i=0; i<sids.num_sids; i++) {
441 const char *sidstr = "S-1-5-32-545";
442 sids.sids[i].sid = dom_sid_parse_talloc(mem_ctx, sidstr);
445 count = sids.num_sids;
448 struct lsa_LookupSids r;
449 struct lsa_TransNameArray names;
453 r.in.handle = handle;
457 r.in.count = &names.count;
458 r.out.count = &count;
459 r.out.names = &names;
461 status = dcerpc_lsa_LookupSids(p, mem_ctx, &r);
462 if (!NT_STATUS_IS_OK(status) &&
463 !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
464 printf("LookupSids failed - %s\n", nt_errstr(status));
470 if (!test_LookupNames(p, mem_ctx, handle, &names)) {
474 struct lsa_LookupSids3 r;
475 struct lsa_TransNameArray2 names;
480 printf("\nTesting LookupSids3\n");
488 r.out.count = &count;
489 r.out.names = &names;
491 status = dcerpc_lsa_LookupSids3(p, mem_ctx, &r);
492 if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
493 if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) ||
494 NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
495 printf("not considering %s to be an error\n", nt_errstr(status));
498 printf("LookupSids3 failed - %s\n",
502 if (!test_LookupNames4(p, mem_ctx, &names)) {
514 #define NUM_ASYNC_REQUESTS 1000
516 static void lookupsids_cb(struct rpc_request *req)
518 int *replies = (int *)req->async.private;
521 status = dcerpc_ndr_request_recv(req);
522 DEBUG(3, ("lookupsids returned %s\n", nt_errstr(status)));
523 if (!NT_STATUS_IS_OK(status)) {
530 static BOOL test_LookupSids_async(struct dcerpc_pipe *p,
532 struct policy_handle *handle)
534 struct lsa_SidArray sids;
535 struct lsa_SidPtr sidptr;
537 uint32_t count[NUM_ASYNC_REQUESTS];
538 struct lsa_TransNameArray names[NUM_ASYNC_REQUESTS];
539 struct lsa_LookupSids r[NUM_ASYNC_REQUESTS];
540 struct rpc_request **req;
545 printf("\nTesting %d async lookupsids request\n", 100);
547 req = talloc_array(mem_ctx, struct rpc_request *, NUM_ASYNC_REQUESTS);
551 sidptr.sid = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-545");
555 for (i=0; i<NUM_ASYNC_REQUESTS; i++) {
558 names[i].names = NULL;
560 r[i].in.handle = handle;
561 r[i].in.sids = &sids;
562 r[i].in.names = &names[i];
564 r[i].in.count = &names[i].count;
565 r[i].out.count = &count[i];
566 r[i].out.names = &names[i];
568 req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]);
569 if (req[i] == NULL) {
574 req[i]->async.callback = lookupsids_cb;
575 req[i]->async.private = &replies;
578 while (replies < NUM_ASYNC_REQUESTS) {
579 event_loop_once(p->conn->event_ctx);
591 static BOOL test_LookupPrivValue(struct dcerpc_pipe *p,
593 struct policy_handle *handle,
594 struct lsa_String *name)
597 struct lsa_LookupPrivValue r;
598 struct lsa_LUID luid;
600 r.in.handle = handle;
604 status = dcerpc_lsa_LookupPrivValue(p, mem_ctx, &r);
605 if (!NT_STATUS_IS_OK(status)) {
606 printf("\nLookupPrivValue failed - %s\n", nt_errstr(status));
613 static BOOL test_LookupPrivName(struct dcerpc_pipe *p,
615 struct policy_handle *handle,
616 struct lsa_LUID *luid)
619 struct lsa_LookupPrivName r;
621 r.in.handle = handle;
624 status = dcerpc_lsa_LookupPrivName(p, mem_ctx, &r);
625 if (!NT_STATUS_IS_OK(status)) {
626 printf("\nLookupPrivName failed - %s\n", nt_errstr(status));
633 static BOOL test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
635 struct policy_handle *acct_handle,
636 struct lsa_LUID *luid)
639 struct lsa_RemovePrivilegesFromAccount r;
640 struct lsa_PrivilegeSet privs;
643 printf("Testing RemovePrivilegesFromAccount\n");
645 r.in.handle = acct_handle;
651 privs.set = talloc_array(mem_ctx, struct lsa_LUIDAttribute, 1);
652 privs.set[0].luid = *luid;
653 privs.set[0].attribute = 0;
655 status = dcerpc_lsa_RemovePrivilegesFromAccount(p, mem_ctx, &r);
656 if (!NT_STATUS_IS_OK(status)) {
657 printf("RemovePrivilegesFromAccount failed - %s\n", nt_errstr(status));
664 static BOOL test_AddPrivilegesToAccount(struct dcerpc_pipe *p,
666 struct policy_handle *acct_handle,
667 struct lsa_LUID *luid)
670 struct lsa_AddPrivilegesToAccount r;
671 struct lsa_PrivilegeSet privs;
674 printf("Testing AddPrivilegesToAccount\n");
676 r.in.handle = acct_handle;
681 privs.set = talloc_array(mem_ctx, struct lsa_LUIDAttribute, 1);
682 privs.set[0].luid = *luid;
683 privs.set[0].attribute = 0;
685 status = dcerpc_lsa_AddPrivilegesToAccount(p, mem_ctx, &r);
686 if (!NT_STATUS_IS_OK(status)) {
687 printf("AddPrivilegesToAccount failed - %s\n", nt_errstr(status));
694 static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p,
696 struct policy_handle *handle,
697 struct policy_handle *acct_handle)
700 struct lsa_EnumPrivsAccount r;
703 printf("Testing EnumPrivsAccount\n");
705 r.in.handle = acct_handle;
707 status = dcerpc_lsa_EnumPrivsAccount(p, mem_ctx, &r);
708 if (!NT_STATUS_IS_OK(status)) {
709 printf("EnumPrivsAccount failed - %s\n", nt_errstr(status));
713 if (r.out.privs && r.out.privs->count > 0) {
715 for (i=0;i<r.out.privs->count;i++) {
716 test_LookupPrivName(p, mem_ctx, handle,
717 &r.out.privs->set[i].luid);
720 ret &= test_RemovePrivilegesFromAccount(p, mem_ctx, acct_handle,
721 &r.out.privs->set[0].luid);
722 ret &= test_AddPrivilegesToAccount(p, mem_ctx, acct_handle,
723 &r.out.privs->set[0].luid);
729 static BOOL test_Delete(struct dcerpc_pipe *p,
731 struct policy_handle *handle)
736 printf("testing Delete\n");
738 r.in.handle = handle;
739 status = dcerpc_lsa_Delete(p, mem_ctx, &r);
740 if (!NT_STATUS_IS_OK(status)) {
741 printf("Delete failed - %s\n", nt_errstr(status));
749 static BOOL test_CreateAccount(struct dcerpc_pipe *p,
751 struct policy_handle *handle)
754 struct lsa_CreateAccount r;
755 struct dom_sid2 *newsid;
756 struct policy_handle acct_handle;
758 newsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-12349876-4321-2854");
760 printf("Testing CreateAccount\n");
762 r.in.handle = handle;
764 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
765 r.out.acct_handle = &acct_handle;
767 status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r);
768 if (!NT_STATUS_IS_OK(status)) {
769 printf("CreateAccount failed - %s\n", nt_errstr(status));
773 if (!test_Delete(p, mem_ctx, &acct_handle)) {
780 static BOOL test_DeleteTrustedDomain(struct dcerpc_pipe *p,
782 struct policy_handle *handle,
783 struct lsa_StringLarge name)
786 struct lsa_OpenTrustedDomainByName r;
787 struct policy_handle trustdom_handle;
789 r.in.handle = handle;
790 r.in.name.string = name.string;
791 r.in.access_mask = SEC_STD_DELETE;
792 r.out.trustdom_handle = &trustdom_handle;
794 status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &r);
795 if (!NT_STATUS_IS_OK(status)) {
796 printf("lsa_OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
800 if (!test_Delete(p, mem_ctx, &trustdom_handle)) {
808 static BOOL test_CreateSecret(struct dcerpc_pipe *p,
810 struct policy_handle *handle)
813 struct lsa_CreateSecret r;
814 struct lsa_OpenSecret r2;
815 struct lsa_SetSecret r3;
816 struct lsa_QuerySecret r4;
817 struct lsa_SetSecret r5;
818 struct lsa_QuerySecret r6;
819 struct lsa_SetSecret r7;
820 struct lsa_QuerySecret r8;
821 struct policy_handle sec_handle, sec_handle2, sec_handle3;
823 struct lsa_DATA_BUF buf1;
824 struct lsa_DATA_BUF_PTR bufp1;
825 struct lsa_DATA_BUF_PTR bufp2;
828 DATA_BLOB session_key;
829 NTTIME old_mtime, new_mtime;
830 DATA_BLOB blob1, blob2;
831 const char *secret1 = "abcdef12345699qwerty";
833 const char *secret3 = "ABCDEF12345699QWERTY";
835 const char *secret5 = "NEW-SAMBA4-SECRET";
840 const int GLOBAL = 1;
842 secname[LOCAL] = talloc_asprintf(mem_ctx, "torturesecret-%u", (uint_t)random());
843 secname[GLOBAL] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random());
845 for (i=0; i< 2; i++) {
846 printf("Testing CreateSecret of %s\n", secname[i]);
848 init_lsa_String(&r.in.name, secname[i]);
850 r.in.handle = handle;
851 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
852 r.out.sec_handle = &sec_handle;
854 status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
855 if (!NT_STATUS_IS_OK(status)) {
856 printf("CreateSecret failed - %s\n", nt_errstr(status));
860 r.in.handle = handle;
861 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
862 r.out.sec_handle = &sec_handle3;
864 status = dcerpc_lsa_CreateSecret(p, mem_ctx, &r);
865 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
866 printf("CreateSecret should have failed OBJECT_NAME_COLLISION - %s\n", nt_errstr(status));
870 r2.in.handle = handle;
871 r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
872 r2.in.name = r.in.name;
873 r2.out.sec_handle = &sec_handle2;
875 printf("Testing OpenSecret\n");
877 status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
878 if (!NT_STATUS_IS_OK(status)) {
879 printf("OpenSecret failed - %s\n", nt_errstr(status));
883 status = dcerpc_fetch_session_key(p, &session_key);
884 if (!NT_STATUS_IS_OK(status)) {
885 printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status));
889 enc_key = sess_encrypt_string(secret1, &session_key);
891 r3.in.sec_handle = &sec_handle;
892 r3.in.new_val = &buf1;
893 r3.in.old_val = NULL;
894 r3.in.new_val->data = enc_key.data;
895 r3.in.new_val->length = enc_key.length;
896 r3.in.new_val->size = enc_key.length;
898 printf("Testing SetSecret\n");
900 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r3);
901 if (!NT_STATUS_IS_OK(status)) {
902 printf("SetSecret failed - %s\n", nt_errstr(status));
906 r3.in.sec_handle = &sec_handle;
907 r3.in.new_val = &buf1;
908 r3.in.old_val = NULL;
909 r3.in.new_val->data = enc_key.data;
910 r3.in.new_val->length = enc_key.length;
911 r3.in.new_val->size = enc_key.length;
913 /* break the encrypted data */
916 printf("Testing SetSecret with broken key\n");
918 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r3);
919 if (!NT_STATUS_EQUAL(status, NT_STATUS_UNKNOWN_REVISION)) {
920 printf("SetSecret should have failed UNKNOWN_REVISION - %s\n", nt_errstr(status));
924 data_blob_free(&enc_key);
926 ZERO_STRUCT(new_mtime);
927 ZERO_STRUCT(old_mtime);
929 /* fetch the secret back again */
930 r4.in.sec_handle = &sec_handle;
931 r4.in.new_val = &bufp1;
932 r4.in.new_mtime = &new_mtime;
933 r4.in.old_val = NULL;
934 r4.in.old_mtime = NULL;
938 printf("Testing QuerySecret\n");
939 status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r4);
940 if (!NT_STATUS_IS_OK(status)) {
941 printf("QuerySecret failed - %s\n", nt_errstr(status));
944 if (r4.out.new_val == NULL || r4.out.new_val->buf == NULL) {
945 printf("No secret buffer returned\n");
948 blob1.data = r4.out.new_val->buf->data;
949 blob1.length = r4.out.new_val->buf->size;
951 blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
953 secret2 = sess_decrypt_string(&blob1, &session_key);
955 if (strcmp(secret1, secret2) != 0) {
956 printf("Returned secret '%s' doesn't match '%s'\n",
963 enc_key = sess_encrypt_string(secret3, &session_key);
965 r5.in.sec_handle = &sec_handle;
966 r5.in.new_val = &buf1;
967 r5.in.old_val = NULL;
968 r5.in.new_val->data = enc_key.data;
969 r5.in.new_val->length = enc_key.length;
970 r5.in.new_val->size = enc_key.length;
972 printf("Testing SetSecret (existing value should move to old)\n");
974 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r5);
975 if (!NT_STATUS_IS_OK(status)) {
976 printf("SetSecret failed - %s\n", nt_errstr(status));
980 data_blob_free(&enc_key);
982 ZERO_STRUCT(new_mtime);
983 ZERO_STRUCT(old_mtime);
985 /* fetch the secret back again */
986 r6.in.sec_handle = &sec_handle;
987 r6.in.new_val = &bufp1;
988 r6.in.new_mtime = &new_mtime;
989 r6.in.old_val = &bufp2;
990 r6.in.old_mtime = &old_mtime;
995 status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r6);
996 if (!NT_STATUS_IS_OK(status)) {
997 printf("QuerySecret failed - %s\n", nt_errstr(status));
1002 if (r6.out.new_val->buf == NULL || r6.out.old_val->buf == NULL
1003 || r6.out.new_mtime == NULL || r6.out.old_mtime == NULL) {
1004 printf("Both secret buffers and both times not returned\n");
1008 blob1.data = r6.out.new_val->buf->data;
1009 blob1.length = r6.out.new_val->buf->size;
1011 blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
1013 secret4 = sess_decrypt_string(&blob1, &session_key);
1015 if (strcmp(secret3, secret4) != 0) {
1016 printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3);
1020 blob1.data = r6.out.old_val->buf->data;
1021 blob1.length = r6.out.old_val->buf->length;
1023 blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
1025 secret2 = sess_decrypt_string(&blob1, &session_key);
1027 if (strcmp(secret1, secret2) != 0) {
1028 printf("Returned OLD secret %s doesn't match %s\n", secret2, secret1);
1032 if (*r6.out.new_mtime == *r6.out.old_mtime) {
1033 printf("Returned secret %s had same mtime for both secrets: %s\n",
1035 nt_time_string(mem_ctx, *r6.out.new_mtime));
1041 enc_key = sess_encrypt_string(secret5, &session_key);
1043 r7.in.sec_handle = &sec_handle;
1044 r7.in.old_val = &buf1;
1045 r7.in.old_val->data = enc_key.data;
1046 r7.in.old_val->length = enc_key.length;
1047 r7.in.old_val->size = enc_key.length;
1048 r7.in.new_val = NULL;
1050 printf("Testing SetSecret of old Secret only\n");
1052 status = dcerpc_lsa_SetSecret(p, mem_ctx, &r7);
1053 if (!NT_STATUS_IS_OK(status)) {
1054 printf("SetSecret failed - %s\n", nt_errstr(status));
1058 data_blob_free(&enc_key);
1060 /* fetch the secret back again */
1061 r8.in.sec_handle = &sec_handle;
1062 r8.in.new_val = &bufp1;
1063 r8.in.new_mtime = &new_mtime;
1064 r8.in.old_val = &bufp2;
1065 r8.in.old_mtime = &old_mtime;
1070 status = dcerpc_lsa_QuerySecret(p, mem_ctx, &r8);
1071 if (!NT_STATUS_IS_OK(status)) {
1072 printf("QuerySecret failed - %s\n", nt_errstr(status));
1075 if (!r8.out.new_val || !r8.out.old_val) {
1076 printf("in/out pointers not returned, despite being set on in for QuerySecret\n");
1078 } else if (r8.out.new_val->buf == NULL) {
1080 printf("NEW secret buffer not returned after GLOBAL OLD set\n");
1083 } else if (r8.out.old_val->buf == NULL) {
1084 printf("OLD secret buffer not returned after OLD set\n");
1086 } else if (r8.out.new_mtime == NULL || r8.out.old_mtime == NULL) {
1087 printf("Both times not returned after OLD set\n");
1091 printf("NEW secret buffer should not be returned after LOCAL OLD set\n");
1094 blob1.data = r8.out.new_val->buf->data;
1095 blob1.length = r8.out.new_val->buf->length;
1097 blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
1099 secret6 = sess_decrypt_string(&blob1, &session_key);
1101 if (strcmp(secret3, secret4) != 0) {
1102 printf("Returned NEW secret '%s' doesn't match '%s'\n", secret4, secret3);
1106 blob1.data = r8.out.old_val->buf->data;
1107 blob1.length = r8.out.old_val->buf->size;
1109 blob2 = data_blob_talloc(mem_ctx, NULL, blob1.length);
1111 secret6 = sess_decrypt_string(&blob1, &session_key);
1113 if (strcmp(secret5, secret6) != 0) {
1114 printf("Returned OLD secret %s doesn't match %s\n", secret5, secret6);
1118 if (*r8.out.new_mtime == *r8.out.old_mtime) {
1120 printf("Returned secret %s had same mtime for both secrets: %s\n",
1122 nt_time_string(mem_ctx, *r8.out.new_mtime));
1126 printf("Returned secret %s should have had same mtime for both secrets: %s != %s\n",
1128 nt_time_string(mem_ctx, *r8.out.old_mtime),
1129 nt_time_string(mem_ctx, *r8.out.new_mtime));
1135 if (!test_Delete(p, mem_ctx, &sec_handle)) {
1139 d.in.handle = &sec_handle2;
1140 status = dcerpc_lsa_Delete(p, mem_ctx, &d);
1141 if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
1142 printf("Second delete expected INVALID_HANDLE - %s\n", nt_errstr(status));
1146 printf("Testing OpenSecret of just-deleted secret\n");
1148 status = dcerpc_lsa_OpenSecret(p, mem_ctx, &r2);
1149 if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
1150 printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status));
1161 static BOOL test_EnumAccountRights(struct dcerpc_pipe *p,
1162 TALLOC_CTX *mem_ctx,
1163 struct policy_handle *acct_handle,
1164 struct dom_sid *sid)
1167 struct lsa_EnumAccountRights r;
1168 struct lsa_RightSet rights;
1170 printf("Testing EnumAccountRights\n");
1172 r.in.handle = acct_handle;
1174 r.out.rights = &rights;
1176 status = dcerpc_lsa_EnumAccountRights(p, mem_ctx, &r);
1177 if (!NT_STATUS_IS_OK(status)) {
1178 printf("EnumAccountRights failed - %s\n", nt_errstr(status));
1186 static BOOL test_QuerySecurity(struct dcerpc_pipe *p,
1187 TALLOC_CTX *mem_ctx,
1188 struct policy_handle *handle,
1189 struct policy_handle *acct_handle)
1192 struct lsa_QuerySecurity r;
1194 printf("Testing QuerySecurity\n");
1196 r.in.handle = acct_handle;
1199 status = dcerpc_lsa_QuerySecurity(p, mem_ctx, &r);
1200 if (!NT_STATUS_IS_OK(status)) {
1201 printf("QuerySecurity failed - %s\n", nt_errstr(status));
1208 static BOOL test_OpenAccount(struct dcerpc_pipe *p,
1209 TALLOC_CTX *mem_ctx,
1210 struct policy_handle *handle,
1211 struct dom_sid *sid)
1214 struct lsa_OpenAccount r;
1215 struct policy_handle acct_handle;
1217 printf("Testing OpenAccount\n");
1219 r.in.handle = handle;
1221 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1222 r.out.acct_handle = &acct_handle;
1224 status = dcerpc_lsa_OpenAccount(p, mem_ctx, &r);
1225 if (!NT_STATUS_IS_OK(status)) {
1226 printf("OpenAccount failed - %s\n", nt_errstr(status));
1230 if (!test_EnumPrivsAccount(p, mem_ctx, handle, &acct_handle)) {
1234 if (!test_QuerySecurity(p, mem_ctx, handle, &acct_handle)) {
1241 static BOOL test_EnumAccounts(struct dcerpc_pipe *p,
1242 TALLOC_CTX *mem_ctx,
1243 struct policy_handle *handle)
1246 struct lsa_EnumAccounts r;
1247 struct lsa_SidArray sids1, sids2;
1248 uint32_t resume_handle = 0;
1251 printf("\ntesting EnumAccounts\n");
1253 r.in.handle = handle;
1254 r.in.resume_handle = &resume_handle;
1255 r.in.num_entries = 100;
1256 r.out.resume_handle = &resume_handle;
1257 r.out.sids = &sids1;
1261 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
1262 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
1265 if (!NT_STATUS_IS_OK(status)) {
1266 printf("EnumAccounts failed - %s\n", nt_errstr(status));
1270 if (!test_LookupSids(p, mem_ctx, handle, &sids1)) {
1274 if (!test_LookupSids2(p, mem_ctx, handle, &sids1)) {
1278 if (!test_LookupSids3(p, mem_ctx, &sids1)) {
1282 printf("testing all accounts\n");
1283 for (i=0;i<sids1.num_sids;i++) {
1284 test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
1285 test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
1290 if (sids1.num_sids < 3) {
1294 printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
1296 r.in.num_entries = 1;
1297 r.out.sids = &sids2;
1299 status = dcerpc_lsa_EnumAccounts(p, mem_ctx, &r);
1300 if (!NT_STATUS_IS_OK(status)) {
1301 printf("EnumAccounts failed - %s\n", nt_errstr(status));
1305 if (sids2.num_sids != 1) {
1306 printf("Returned wrong number of entries (%d)\n", sids2.num_sids);
1313 static BOOL test_LookupPrivDisplayName(struct dcerpc_pipe *p,
1314 TALLOC_CTX *mem_ctx,
1315 struct policy_handle *handle,
1316 struct lsa_String *priv_name)
1318 struct lsa_LookupPrivDisplayName r;
1320 /* produce a reasonable range of language output without screwing up
1322 uint16_t language_id = (random() % 4) + 0x409;
1324 printf("testing LookupPrivDisplayName(%s)\n", priv_name->string);
1326 r.in.handle = handle;
1327 r.in.name = priv_name;
1328 r.in.language_id = &language_id;
1329 r.out.language_id = &language_id;
1332 status = dcerpc_lsa_LookupPrivDisplayName(p, mem_ctx, &r);
1333 if (!NT_STATUS_IS_OK(status)) {
1334 printf("LookupPrivDisplayName failed - %s\n", nt_errstr(status));
1337 printf("%s -> \"%s\" (language 0x%x/0x%x)\n",
1338 priv_name->string, r.out.disp_name->string,
1339 *r.in.language_id, *r.out.language_id);
1344 static BOOL test_EnumAccountsWithUserRight(struct dcerpc_pipe *p,
1345 TALLOC_CTX *mem_ctx,
1346 struct policy_handle *handle,
1347 struct lsa_String *priv_name)
1349 struct lsa_EnumAccountsWithUserRight r;
1350 struct lsa_SidArray sids;
1355 printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string);
1357 r.in.handle = handle;
1358 r.in.name = priv_name;
1361 status = dcerpc_lsa_EnumAccountsWithUserRight(p, mem_ctx, &r);
1363 /* NT_STATUS_NO_MORE_ENTRIES means noone has this privilege */
1364 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES)) {
1368 if (!NT_STATUS_IS_OK(status)) {
1369 printf("EnumAccountsWithUserRight failed - %s\n", nt_errstr(status));
1377 static BOOL test_EnumPrivs(struct dcerpc_pipe *p,
1378 TALLOC_CTX *mem_ctx,
1379 struct policy_handle *handle)
1382 struct lsa_EnumPrivs r;
1383 struct lsa_PrivArray privs1;
1384 uint32_t resume_handle = 0;
1388 printf("\ntesting EnumPrivs\n");
1390 r.in.handle = handle;
1391 r.in.resume_handle = &resume_handle;
1392 r.in.max_count = 100;
1393 r.out.resume_handle = &resume_handle;
1394 r.out.privs = &privs1;
1397 status = dcerpc_lsa_EnumPrivs(p, mem_ctx, &r);
1398 if (!NT_STATUS_IS_OK(status)) {
1399 printf("EnumPrivs failed - %s\n", nt_errstr(status));
1403 for (i = 0; i< privs1.count; i++) {
1404 test_LookupPrivDisplayName(p, mem_ctx, handle, (struct lsa_String *)&privs1.privs[i].name);
1405 test_LookupPrivValue(p, mem_ctx, handle, (struct lsa_String *)&privs1.privs[i].name);
1406 if (!test_EnumAccountsWithUserRight(p, mem_ctx, handle, (struct lsa_String *)&privs1.privs[i].name)) {
1414 static BOOL test_query_each_TrustDom(struct dcerpc_pipe *p,
1415 TALLOC_CTX *mem_ctx,
1416 struct policy_handle *handle,
1417 struct lsa_DomainList *domains)
1423 printf("\nTesting OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain\n");
1424 for (i=0; i< domains->count; i++) {
1425 struct lsa_OpenTrustedDomain trust;
1426 struct lsa_OpenTrustedDomainByName trust_by_name;
1427 struct policy_handle trustdom_handle;
1428 struct policy_handle handle2;
1430 int levels [] = {1, 3, 6, 8, 12};
1432 if (domains->domains[i].sid) {
1433 trust.in.handle = handle;
1434 trust.in.sid = domains->domains[i].sid;
1435 trust.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1436 trust.out.trustdom_handle = &trustdom_handle;
1438 status = dcerpc_lsa_OpenTrustedDomain(p, mem_ctx, &trust);
1440 if (!NT_STATUS_IS_OK(status)) {
1441 printf("OpenTrustedDomain failed - %s\n", nt_errstr(status));
1445 c.in.handle = &trustdom_handle;
1446 c.out.handle = &handle2;
1448 for (j=0; j < ARRAY_SIZE(levels); j++) {
1449 struct lsa_QueryTrustedDomainInfo q;
1450 union lsa_TrustedDomainInfo info;
1451 q.in.trustdom_handle = &trustdom_handle;
1452 q.in.level = levels[j];
1454 status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
1455 if (!NT_STATUS_IS_OK(status)) {
1456 printf("QueryTrustedDomainInfo level %d failed - %s\n",
1457 levels[j], nt_errstr(status));
1462 status = dcerpc_lsa_Close(p, mem_ctx, &c);
1463 if (!NT_STATUS_IS_OK(status)) {
1464 printf("Close of trusted domain failed - %s\n", nt_errstr(status));
1469 trust_by_name.in.handle = handle;
1470 trust_by_name.in.name.string = domains->domains[i].name.string;
1471 trust_by_name.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1472 trust_by_name.out.trustdom_handle = &trustdom_handle;
1474 status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &trust_by_name);
1476 if (!NT_STATUS_IS_OK(status)) {
1477 printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
1481 for (j=0; j < ARRAY_SIZE(levels); j++) {
1482 struct lsa_QueryTrustedDomainInfo q;
1483 union lsa_TrustedDomainInfo info;
1484 q.in.trustdom_handle = &trustdom_handle;
1485 q.in.level = levels[j];
1487 status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
1488 if (!NT_STATUS_IS_OK(status)) {
1489 printf("QueryTrustedDomainInfo level %d failed - %s\n",
1490 levels[j], nt_errstr(status));
1495 c.in.handle = &trustdom_handle;
1496 c.out.handle = &handle2;
1498 status = dcerpc_lsa_Close(p, mem_ctx, &c);
1499 if (!NT_STATUS_IS_OK(status)) {
1500 printf("Close of trusted domain failed - %s\n", nt_errstr(status));
1504 for (j=0; j < ARRAY_SIZE(levels); j++) {
1505 struct lsa_QueryTrustedDomainInfoBySid q;
1506 union lsa_TrustedDomainInfo info;
1508 if (!domains->domains[i].sid) {
1512 q.in.handle = handle;
1513 q.in.dom_sid = domains->domains[i].sid;
1514 q.in.level = levels[j];
1516 status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, mem_ctx, &q);
1517 if (!NT_STATUS_IS_OK(status)) {
1518 printf("QueryTrustedDomainInfoBySid level %d failed - %s\n",
1519 levels[j], nt_errstr(status));
1524 for (j=0; j < ARRAY_SIZE(levels); j++) {
1525 struct lsa_QueryTrustedDomainInfoByName q;
1526 union lsa_TrustedDomainInfo info;
1527 q.in.handle = handle;
1528 q.in.trusted_domain.string = domains->domains[i].name.string;
1529 q.in.level = levels[j];
1531 status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, mem_ctx, &q);
1532 if (!NT_STATUS_IS_OK(status)) {
1533 printf("QueryTrustedDomainInfoByName level %d failed - %s\n",
1534 levels[j], nt_errstr(status));
1542 static BOOL test_EnumTrustDom(struct dcerpc_pipe *p,
1543 TALLOC_CTX *mem_ctx,
1544 struct policy_handle *handle)
1546 struct lsa_EnumTrustDom r;
1547 NTSTATUS enum_status;
1548 uint32_t resume_handle = 0;
1549 struct lsa_DomainList domains;
1552 printf("\nTesting EnumTrustDom\n");
1555 r.in.handle = handle;
1556 r.in.resume_handle = &resume_handle;
1557 r.in.max_size = LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3;
1558 r.out.domains = &domains;
1559 r.out.resume_handle = &resume_handle;
1561 enum_status = dcerpc_lsa_EnumTrustDom(p, mem_ctx, &r);
1563 /* NO_MORE_ENTRIES is allowed */
1564 if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) {
1566 } else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) {
1567 /* Windows 2003 gets this off by one on the first run */
1568 if (r.out.domains->count < 3 || r.out.domains->count > 4) {
1569 printf("EnumTrustDom didn't fill the buffer we "
1570 "asked it to (got %d, expected %d / %d == %d entries)\n",
1571 r.out.domains->count, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3,
1572 LSA_ENUM_TRUST_DOMAIN_MULTIPLIER, r.in.max_size);
1575 } else if (!NT_STATUS_IS_OK(enum_status)) {
1576 printf("EnumTrustDom failed - %s\n", nt_errstr(enum_status));
1580 ret &= test_query_each_TrustDom(p, mem_ctx, handle, &domains);
1582 } while ((NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)));
1587 static BOOL test_CreateTrustedDomain(struct dcerpc_pipe *p,
1588 TALLOC_CTX *mem_ctx,
1589 struct policy_handle *handle)
1593 struct lsa_CreateTrustedDomain r;
1594 struct lsa_TrustInformation trustinfo;
1595 struct dom_sid *domsid[12];
1596 struct policy_handle trustdom_handle[12];
1597 struct lsa_QueryTrustedDomainInfo q;
1600 printf("Testing CreateTrustedDomain for 12 domains\n");
1602 for (i=0; i< 12; i++) {
1603 char *trust_name = talloc_asprintf(mem_ctx, "torturedom%02d", i);
1604 char *trust_sid = talloc_asprintf(mem_ctx, "S-1-5-21-97398-379795-100%02d", i);
1606 domsid[i] = dom_sid_parse_talloc(mem_ctx, trust_sid);
1608 trustinfo.sid = domsid[i];
1609 init_lsa_String((struct lsa_String *)&trustinfo.name, trust_name);
1611 r.in.handle = handle;
1612 r.in.info = &trustinfo;
1613 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
1614 r.out.trustdom_handle = &trustdom_handle[i];
1616 status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
1617 if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) {
1618 test_DeleteTrustedDomain(p, mem_ctx, handle, trustinfo.name);
1619 status = dcerpc_lsa_CreateTrustedDomain(p, mem_ctx, &r);
1621 if (!NT_STATUS_IS_OK(status)) {
1622 printf("CreateTrustedDomain failed - %s\n", nt_errstr(status));
1626 q.in.trustdom_handle = &trustdom_handle[i];
1627 q.in.level = LSA_TRUSTED_DOMAIN_INFO_NAME;
1628 status = dcerpc_lsa_QueryTrustedDomainInfo(p, mem_ctx, &q);
1629 if (!NT_STATUS_IS_OK(status)) {
1630 printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
1632 } else if (!q.out.info) {
1635 if (strcmp(q.out.info->name.netbios_name.string, trustinfo.name.string) != 0) {
1636 printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
1637 q.out.info->name.netbios_name.string, trustinfo.name.string);
1644 /* now that we have some domains to look over, we can test the enum calls */
1645 if (!test_EnumTrustDom(p, mem_ctx, handle)) {
1649 for (i=0; i<12; i++) {
1650 if (!test_Delete(p, mem_ctx, &trustdom_handle[i])) {
1658 static BOOL test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
1659 TALLOC_CTX *mem_ctx,
1660 struct policy_handle *handle)
1662 struct lsa_QueryDomainInformationPolicy r;
1666 printf("\nTesting QueryDomainInformationPolicy\n");
1669 r.in.handle = handle;
1672 printf("\ntrying QueryDomainInformationPolicy level %d\n", i);
1674 status = dcerpc_lsa_QueryDomainInformationPolicy(p, mem_ctx, &r);
1676 if (!NT_STATUS_IS_OK(status)) {
1677 printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status));
1687 static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p,
1688 TALLOC_CTX *mem_ctx,
1689 struct policy_handle *handle)
1691 struct lsa_QueryInfoPolicy r;
1695 printf("\nTesting QueryInfoPolicy\n");
1697 for (i=1;i<13;i++) {
1698 r.in.handle = handle;
1701 printf("\ntrying QueryInfoPolicy level %d\n", i);
1703 status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
1705 if ((i == 9 || i == 10 || i == 11) &&
1706 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1707 printf("server failed level %u (OK)\n", i);
1711 if (!NT_STATUS_IS_OK(status)) {
1712 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
1721 static BOOL test_QueryInfoPolicy2(struct dcerpc_pipe *p,
1722 TALLOC_CTX *mem_ctx,
1723 struct policy_handle *handle)
1725 struct lsa_QueryInfoPolicy2 r;
1729 printf("\nTesting QueryInfoPolicy2\n");
1731 for (i=1;i<13;i++) {
1732 r.in.handle = handle;
1735 printf("\ntrying QueryInfoPolicy2 level %d\n", i);
1737 status = dcerpc_lsa_QueryInfoPolicy2(p, mem_ctx, &r);
1739 if ((i == 9 || i == 10 || i == 11) &&
1740 NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
1741 printf("server failed level %u (OK)\n", i);
1745 if (!NT_STATUS_IS_OK(status)) {
1746 printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
1755 static BOOL test_GetUserName(struct dcerpc_pipe *p,
1756 TALLOC_CTX *mem_ctx,
1757 struct policy_handle *handle)
1759 struct lsa_GetUserName r;
1762 struct lsa_StringPointer authority_name_p;
1764 printf("\nTesting GetUserName\n");
1766 r.in.system_name = "\\";
1767 r.in.account_name = NULL;
1768 r.in.authority_name = &authority_name_p;
1769 authority_name_p.string = NULL;
1771 status = dcerpc_lsa_GetUserName(p, mem_ctx, &r);
1773 if (!NT_STATUS_IS_OK(status)) {
1774 printf("GetUserName failed - %s\n", nt_errstr(status));
1781 BOOL test_lsa_Close(struct dcerpc_pipe *p,
1782 TALLOC_CTX *mem_ctx,
1783 struct policy_handle *handle)
1787 struct policy_handle handle2;
1789 printf("\ntesting Close\n");
1791 r.in.handle = handle;
1792 r.out.handle = &handle2;
1794 status = dcerpc_lsa_Close(p, mem_ctx, &r);
1795 if (!NT_STATUS_IS_OK(status)) {
1796 printf("Close failed - %s\n", nt_errstr(status));
1800 status = dcerpc_lsa_Close(p, mem_ctx, &r);
1801 /* its really a fault - we need a status code for rpc fault */
1802 if (!NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) {
1803 printf("Close failed - %s\n", nt_errstr(status));
1812 BOOL torture_rpc_lsa(void)
1815 struct dcerpc_pipe *p;
1816 TALLOC_CTX *mem_ctx;
1818 struct policy_handle *handle;
1820 mem_ctx = talloc_init("torture_rpc_lsa");
1822 status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_lsarpc);
1823 if (!NT_STATUS_IS_OK(status)) {
1824 talloc_free(mem_ctx);
1828 if (!test_OpenPolicy(p, mem_ctx)) {
1832 if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) {
1837 if (!test_LookupSids_async(p, mem_ctx, handle)) {
1841 if (!test_QueryDomainInfoPolicy(p, mem_ctx, handle)) {
1845 if (!test_CreateAccount(p, mem_ctx, handle)) {
1849 if (!test_CreateSecret(p, mem_ctx, handle)) {
1853 if (!test_CreateTrustedDomain(p, mem_ctx, handle)) {
1857 if (!test_EnumAccounts(p, mem_ctx, handle)) {
1861 if (!test_EnumPrivs(p, mem_ctx, handle)) {
1865 if (!test_QueryInfoPolicy(p, mem_ctx, handle)) {
1869 if (!test_QueryInfoPolicy2(p, mem_ctx, handle)) {
1873 if (!test_GetUserName(p, mem_ctx, handle)) {
1878 if (!test_Delete(p, mem_ctx, handle)) {
1883 if (!test_many_LookupSids(p, mem_ctx, handle)) {
1887 if (!test_lsa_Close(p, mem_ctx, handle)) {
1891 if (!test_many_LookupSids(p, mem_ctx, handle)) {
1896 talloc_free(mem_ctx);