*/
#include "includes.h"
-#include "torture/torture.h"
-#include "lib/events/events.h"
-#include "libnet/libnet_join.h"
-#include "torture/rpc/rpc.h"
+#include "torture/rpc/torture_rpc.h"
#include "librpc/gen_ndr/ndr_lsa_c.h"
#include "libcli/security/security.h"
-static bool open_policy(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
+static bool open_policy(struct torture_context *tctx,
+ struct dcerpc_binding_handle *b,
struct policy_handle **handle)
{
struct lsa_ObjectAttribute attr;
struct lsa_QosInfo qos;
struct lsa_OpenPolicy2 r;
- NTSTATUS status;
- *handle = talloc(mem_ctx, struct policy_handle);
+ *handle = talloc(tctx, struct policy_handle);
if (!*handle) {
return false;
}
r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
r.out.handle = *handle;
- status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_OpenPolicy2_r(b, tctx, &r),
+ "OpenPolicy2 failed");
- return NT_STATUS_IS_OK(status);
+ return NT_STATUS_IS_OK(r.out.result);
}
-static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
+static bool get_domainsid(struct torture_context *tctx,
+ struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sid)
{
struct lsa_QueryInfoPolicy r;
- NTSTATUS status;
+ union lsa_PolicyInformation *info = NULL;
r.in.level = LSA_POLICY_INFO_DOMAIN;
r.in.handle = handle;
+ r.out.info = &info;
- status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
- if (!NT_STATUS_IS_OK(status)) return false;
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryInfoPolicy_r(b, tctx, &r),
+ "QueryInfoPolicy failed");
+ torture_assert_ntstatus_ok(tctx, r.out.result, "QueryInfoPolicy failed");
- *sid = r.out.info->domain.sid;
+ *sid = info->domain.sid;
return true;
}
-static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level,
- struct dcerpc_pipe *p,
+static NTSTATUS lookup_sids(struct torture_context *tctx,
+ uint16_t level,
+ struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sids, uint32_t num_sids,
struct lsa_TransNameArray *names)
{
struct lsa_LookupSids r;
struct lsa_SidArray sidarray;
+ struct lsa_RefDomainList *domains;
uint32_t count = 0;
uint32_t i;
+ NTSTATUS status;
names->count = 0;
names->names = NULL;
sidarray.num_sids = num_sids;
- sidarray.sids = talloc_array(mem_ctx, struct lsa_SidPtr, num_sids);
+ sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids);
for (i=0; i<num_sids; i++) {
sidarray.sids[i].sid = sids[i];
r.in.count = &count;
r.out.names = names;
r.out.count = &count;
+ r.out.domains = &domains;
- return dcerpc_lsa_LookupSids(p, mem_ctx, &r);
-}
-
-static const char *sid_type_lookup(enum lsa_SidType r)
-{
- switch (r) {
- case SID_NAME_USE_NONE: return "SID_NAME_USE_NONE"; break;
- case SID_NAME_USER: return "SID_NAME_USER"; break;
- case SID_NAME_DOM_GRP: return "SID_NAME_DOM_GRP"; break;
- case SID_NAME_DOMAIN: return "SID_NAME_DOMAIN"; break;
- case SID_NAME_ALIAS: return "SID_NAME_ALIAS"; break;
- case SID_NAME_WKN_GRP: return "SID_NAME_WKN_GRP"; break;
- case SID_NAME_DELETED: return "SID_NAME_DELETED"; break;
- case SID_NAME_INVALID: return "SID_NAME_INVALID"; break;
- case SID_NAME_UNKNOWN: return "SID_NAME_UNKNOWN"; break;
- case SID_NAME_COMPUTER: return "SID_NAME_COMPUTER"; break;
+ status = dcerpc_lsa_LookupSids_r(b, tctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- return "Invalid sid type\n";
+ return r.out.result;
}
-static bool test_lookupsids(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
+static bool test_lookupsids(struct torture_context *tctx,
+ struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sids, uint32_t num_sids,
int level, NTSTATUS expected_result,
uint32_t i;
bool ret = true;
- status = lookup_sids(mem_ctx, level, p, handle, sids, num_sids,
+ status = lookup_sids(tctx, level, b, handle, sids, num_sids,
&names);
if (!NT_STATUS_EQUAL(status, expected_result)) {
printf("For level %d expected %s, got %s\n",
if (names.names[i].sid_type != types[i]) {
printf("In level %d, for sid %s expected %s, "
"got %s\n", level,
- dom_sid_string(mem_ctx, sids[i]),
+ dom_sid_string(tctx, sids[i]),
sid_type_lookup(types[i]),
sid_type_lookup(names.names[i].sid_type));
ret = false;
return ret;
}
-static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe *p,
+static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_binding_handle *b,
struct policy_handle *handle,
struct dom_sid **sid)
{
struct lsa_EnumTrustDom r;
uint32_t resume_handle = 0;
struct lsa_DomainList domains;
- NTSTATUS status;
int i;
r.in.handle = handle;
r.out.domains = &domains;
r.out.resume_handle = &resume_handle;
- status = dcerpc_lsa_EnumTrustDom(p, tctx, &r);
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_EnumTrustDom_r(b, tctx, &r),
+ "EnumTrustDom failed");
- if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))
+ if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_NO_MORE_ENTRIES))
torture_fail(tctx, "no trusts");
if (domains.count == 0) {
for (i=0; i<domains.count; i++) {
struct lsa_QueryTrustedDomainInfoBySid q;
+ union lsa_TrustedDomainInfo *info = NULL;
if (domains.domains[i].sid == NULL)
continue;
q.in.handle = handle;
q.in.dom_sid = domains.domains[i].sid;
q.in.level = 6;
- status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q);
- if (!NT_STATUS_IS_OK(status)) continue;
+ q.out.info = &info;
- if ((q.out.info->info_ex.trust_direction & 2) &&
- (q.out.info->info_ex.trust_type == 1)) {
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfoBySid_r(b, tctx, &q),
+ "QueryTrustedDomainInfoBySid failed");
+ if (!NT_STATUS_IS_OK(q.out.result)) continue;
+
+ if ((info->info_ex.trust_direction & 2) &&
+ (info->info_ex.trust_type == 1)) {
*sid = domains.domains[i].sid;
return true;
}
struct dcerpc_pipe *p;
bool ret = true;
struct policy_handle *handle;
- struct dom_sid *dom_sid;
- struct dom_sid *trusted_sid;
+ struct dom_sid *dom_sid = NULL;
+ struct dom_sid *trusted_sid = NULL;
struct dom_sid *sids[NUM_SIDS];
+ struct dcerpc_binding_handle *b;
status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
if (!NT_STATUS_IS_OK(status)) {
torture_fail(torture, "unable to connect to table");
}
+ b = p->binding_handle;
- ret &= open_policy(torture, p, &handle);
+ ret &= open_policy(torture, b, &handle);
if (!ret) return false;
- ret &= get_domainsid(torture, p, handle, &dom_sid);
+ ret &= get_domainsid(torture, b, handle, &dom_sid);
if (!ret) return false;
- ret &= get_downleveltrust(torture, p, handle, &trusted_sid);
+ ret &= get_downleveltrust(torture, b, handle, &trusted_sid);
if (!ret) return false;
torture_comment(torture, "domain sid: %s\n",
sids[6] = dom_sid_dup(torture, trusted_sid);
sids[7] = dom_sid_add_rid(torture, trusted_sid, 512);
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 0,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 0,
NT_STATUS_INVALID_PARAMETER, NULL);
{
SID_NAME_ALIAS, SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 1,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 1,
NT_STATUS_OK, types);
}
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 2,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 2,
STATUS_SOME_UNMAPPED, types);
}
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 3,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 3,
STATUS_SOME_UNMAPPED, types);
}
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 4,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 4,
STATUS_SOME_UNMAPPED, types);
}
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 5,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 5,
NT_STATUS_NONE_MAPPED, NULL);
{
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 6,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 6,
STATUS_SOME_UNMAPPED, types);
}
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 7,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 7,
NT_STATUS_INVALID_PARAMETER, NULL);
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 8,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 8,
NT_STATUS_INVALID_PARAMETER, NULL);
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 9,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 9,
NT_STATUS_INVALID_PARAMETER, NULL);
- ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 10,
+ ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 10,
NT_STATUS_INVALID_PARAMETER, NULL);
return ret;
}
+
+static bool test_LookupSidsReply(struct torture_context *tctx,
+ struct dcerpc_pipe *p)
+{
+ struct policy_handle *handle;
+
+ struct dom_sid **sids;
+ uint32_t num_sids = 1;
+
+ struct lsa_LookupSids r;
+ struct lsa_SidArray sidarray;
+ struct lsa_RefDomainList *domains = NULL;
+ struct lsa_TransNameArray names;
+ uint32_t count = 0;
+
+ uint32_t i;
+ const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333";
+ const char *dom_admin_sid;
+ struct dcerpc_binding_handle *b = p->binding_handle;
+
+ if (!open_policy(tctx, b, &handle)) {
+ return false;
+ }
+
+ dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512);
+
+ sids = talloc_array(tctx, struct dom_sid *, num_sids);
+
+ sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid);
+
+ names.count = 0;
+ names.names = NULL;
+
+ sidarray.num_sids = num_sids;
+ sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids);
+
+ for (i=0; i<num_sids; i++) {
+ sidarray.sids[i].sid = sids[i];
+ }
+
+ r.in.handle = handle;
+ r.in.sids = &sidarray;
+ r.in.names = &names;
+ r.in.level = LSA_LOOKUP_NAMES_ALL;
+ r.in.count = &count;
+ r.out.names = &names;
+ r.out.count = &count;
+ r.out.domains = &domains;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
+ "LookupSids failed");
+
+ torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NONE_MAPPED,
+ "unexpected error code");
+
+ torture_assert_int_equal(tctx, names.count, num_sids,
+ "unexpected names count");
+ torture_assert(tctx, names.names,
+ "unexpected names pointer");
+ torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid,
+ "unexpected names[0].string");
+
+#if 0
+ /* vista sp1 passes, w2k3 sp2 fails */
+ torture_assert_int_equal(tctx, domains->count, num_sids,
+ "unexpected domains count");
+ torture_assert(tctx, domains->domains,
+ "unexpected domains pointer");
+ torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid,
+ "unexpected domain sid");
+#endif
+
+ return true;
+}
+
+/* check for lookup sids results */
+struct torture_suite *torture_rpc_lsa_lookup_sids(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite;
+ struct torture_rpc_tcase *tcase;
+
+ suite = torture_suite_create(mem_ctx, "lsa.lookupsids");
+ tcase = torture_suite_add_rpc_iface_tcase(suite, "lsa",
+ &ndr_table_lsarpc);
+
+ torture_rpc_tcase_add_test(tcase, "LookupSidsReply", test_LookupSidsReply);
+
+ return suite;
+}