diff options
author | Günther Deschner <gd@samba.org> | 2007-11-02 14:50:27 +0100 |
---|---|---|
committer | Stefan Metzmacher <metze@samba.org> | 2007-12-21 05:44:09 +0100 |
commit | a82066794d942f543573e594a2c7db8bf740c429 (patch) | |
tree | e992eab42e2c1703a839e3a071d1565b6800f35f /source4 | |
parent | fb6d99e3449564d4ec82c230efd647c534b09da6 (diff) | |
download | samba-a82066794d942f543573e594a2c7db8bf740c429.tar.gz samba-a82066794d942f543573e594a2c7db8bf740c429.tar.bz2 samba-a82066794d942f543573e594a2c7db8bf740c429.zip |
r25811: Add some security descriptor helper functions.
Guenther
(This used to be commit 8a0cdaeeb090b128746ab36faec8fea7e68287a6)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/rpc/winreg.c | 196 |
1 files changed, 191 insertions, 5 deletions
diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 4bce174f7d..634dcc8cfd 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -344,26 +344,43 @@ static bool test_FlushKey(struct dcerpc_pipe *p, struct torture_context *tctx, return true; } -static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *hive_handle, - const char *keyname, struct policy_handle *key_handle) +static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx, + struct policy_handle *hive_handle, + const char *keyname, uint32_t access_mask, + struct policy_handle *key_handle, + WERROR open_werr, + bool *success) { struct winreg_OpenKey r; r.in.parent_handle = hive_handle; init_winreg_String(&r.in.keyname, keyname); r.in.unknown = 0x00000000; - r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.in.access_mask = access_mask; r.out.handle = key_handle; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r), "OpenKey failed"); - torture_assert_werr_ok(tctx, r.out.result, "OpenKey failed"); + torture_assert_werr_equal(tctx, r.out.result, open_werr, + "OpenKey failed"); + + if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) { + *success = true; + } return true; } +static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx, + struct policy_handle *hive_handle, + const char *keyname, struct policy_handle *key_handle) +{ + return _test_OpenKey(p, tctx, hive_handle, keyname, + SEC_FLAG_MAXIMUM_ALLOWED, key_handle, + WERR_OK, NULL); +} + static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { @@ -447,6 +464,151 @@ static bool test_dacl_trustee_present(struct dcerpc_pipe *p, return false; } +static bool _test_dacl_trustee_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *key, + const struct dom_sid *sid) +{ + struct policy_handle new_handle; + bool ret = true; + + if (!test_OpenKey(p, tctx, handle, key, &new_handle)) { + return false; + } + + ret = test_dacl_trustee_present(p, tctx, &new_handle, sid); + + test_CloseKey(p, tctx, &new_handle); + + return ret; +} + +static bool test_sacl_trustee_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const struct dom_sid *sid) +{ + struct security_descriptor *sd = NULL; + int i; + uint32_t sec_info = SECINFO_SACL; + + if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { + return false; + } + + if (!sd || !sd->sacl) { + return false; + } + + for (i = 0; i < sd->sacl->num_aces; i++) { + if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) { + return true; + } + } + + return false; +} + +static bool _test_sacl_trustee_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *key, + const struct dom_sid *sid) +{ + struct policy_handle new_handle; + bool ret = true; + + if (!_test_OpenKey(p, tctx, handle, key, SEC_FLAG_SYSTEM_SECURITY, + &new_handle, WERR_OK, NULL)) { + return false; + } + + ret = test_sacl_trustee_present(p, tctx, &new_handle, sid); + + test_CloseKey(p, tctx, &new_handle); + + return ret; +} + +static bool test_owner_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const struct dom_sid *sid) +{ + struct security_descriptor *sd = NULL; + uint32_t sec_info = SECINFO_OWNER; + + if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { + return false; + } + + if (!sd || !sd->owner_sid) { + return false; + } + + return dom_sid_equal(sd->owner_sid, sid); +} + +static bool _test_owner_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *key, + const struct dom_sid *sid) +{ + struct policy_handle new_handle; + bool ret = true; + + if (!test_OpenKey(p, tctx, handle, key, &new_handle)) { + return false; + } + + ret = test_owner_present(p, tctx, &new_handle, sid); + + test_CloseKey(p, tctx, &new_handle); + + return ret; +} + +static bool test_group_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const struct dom_sid *sid) +{ + struct security_descriptor *sd = NULL; + uint32_t sec_info = SECINFO_GROUP; + + if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { + return false; + } + + if (!sd || !sd->group_sid) { + return false; + } + + return dom_sid_equal(sd->group_sid, sid); +} + +static bool _test_group_present(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *key, + const struct dom_sid *sid) +{ + struct policy_handle new_handle; + bool ret = true; + + if (!test_OpenKey(p, tctx, handle, key, &new_handle)) { + return false; + } + + ret = test_group_present(p, tctx, &new_handle, sid); + + test_CloseKey(p, tctx, &new_handle); + + return ret; +} + static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, @@ -523,6 +685,30 @@ static bool test_RestoreSecurity(struct dcerpc_pipe *p, return ret; } +static bool test_BackupSecurity(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + const char *key, + struct security_descriptor **sd) +{ + struct policy_handle new_handle; + bool ret = true; + + if (!test_OpenKey(p, tctx, handle, key, &new_handle)) { + return false; + } + + if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) { + ret = false; + } + + if (!test_CloseKey(p, tctx, &new_handle)) { + ret = false; + } + + return ret; +} + static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, |