diff options
-rw-r--r-- | source4/librpc/idl/winreg.idl | 148 | ||||
-rw-r--r-- | source4/torture/rpc/winreg.c | 239 |
2 files changed, 334 insertions, 53 deletions
diff --git a/source4/librpc/idl/winreg.idl b/source4/librpc/idl/winreg.idl index 84250a61a5..f8b47cb819 100644 --- a/source4/librpc/idl/winreg.idl +++ b/source4/librpc/idl/winreg.idl @@ -15,60 +15,72 @@ unistr_noterm *name; } winreg_String; + typedef struct { + uint16 unknown0; + uint16 unknown1; + } winreg_OpenUnknown; + /******************/ /* Function: 0x00 */ - NTSTATUS winreg_OpenHKCR( + WERROR winreg_OpenHKCR( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x01 */ - NTSTATUS winreg_OpenHKCU( + WERROR winreg_OpenHKCU( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); - typedef struct { - uint16 unknown0; - uint16 unknown1; - } winreg_OpenHKLMUnknown; - /******************/ /* Function: 0x02 */ - NTSTATUS winreg_OpenHKLM( - [in] winreg_OpenHKLMUnknown *unknown, + WERROR winreg_OpenHKLM( + [in] winreg_OpenUnknown *unknown, [in] uint32 access_required, [out,ref] policy_handle *handle ); /******************/ /* Function: 0x03 */ - NTSTATUS winreg_OpenHKPD( + WERROR winreg_OpenHKPD( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x04 */ - NTSTATUS winreg_OpenHKU( + WERROR winreg_OpenHKU( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x05 */ - NTSTATUS winreg_CloseKey( + WERROR winreg_CloseKey( [in,out,ref] policy_handle *handle ); /******************/ /* Function: 0x06 */ - NTSTATUS winreg_CreateKey( + WERROR winreg_CreateKey( ); /******************/ /* Function: 0x07 */ - NTSTATUS winreg_DeleteKey( + WERROR winreg_DeleteKey( [in,ref] policy_handle *handle, [in] winreg_String key ); /******************/ /* Function: 0x08 */ - NTSTATUS winreg_DeleteValue( + WERROR winreg_DeleteValue( [in,ref] policy_handle *handle, [in] winreg_String value ); @@ -78,136 +90,190 @@ uint32 high; } winreg_Time; + typedef struct { + uint32 unknown; + winreg_String key_name; + } winreg_EnumKeyNameRequest; + + typedef struct { + uint32 unknown1; + uint32 unknown2; + lstring name; + } winreg_EnumKeyNameResponse; + /******************/ /* Function: 0x09 */ - NTSTATUS winreg_EnumKey( + WERROR winreg_EnumKey( + [in,ref] policy_handle *handle, + [in] uint32 key_index, + [in,out] uint16 key_name_len, + [in,out] uint16 unknown, + [in] winreg_EnumKeyNameRequest *name, + [out] winreg_EnumKeyNameResponse *name, + [in,out] winreg_String *class, + [in,out] winreg_Time *last_changed_time ); /******************/ /* Function: 0x0a */ - NTSTATUS winreg_EnumValue( + WERROR winreg_EnumValue( + [in,ref] policy_handle *handle, + [in] uint32 val_index, + [in,out,ref] winreg_String *name, + [in,out] uint32 *type, + [in,out] unistr *value, + [in,out] uint32 *value1, + [in,out] uint32 *value2 ); /******************/ /* Function: 0x0b */ - NTSTATUS winreg_FlushKey( + WERROR winreg_FlushKey( [in,ref] policy_handle *handle ); /******************/ /* Function: 0x0c */ - NTSTATUS winreg_GetKeySecurity( + WERROR winreg_GetKeySecurity( ); /******************/ /* Function: 0x0d */ - NTSTATUS winreg_LoadKey( + WERROR winreg_LoadKey( ); /******************/ /* Function: 0x0e */ - NTSTATUS winreg_NotifyChangeKeyValue( + WERROR winreg_NotifyChangeKeyValue( ); /******************/ /* Function: 0x0f */ - NTSTATUS winreg_OpenKey( + WERROR winreg_OpenKey( + [in,ref] policy_handle *handle, + [in] winreg_String keyname, + [in] uint32 unknown, + [in] uint32 access_mask, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x10 */ - NTSTATUS winreg_QueryInfoKey( + WERROR winreg_QueryInfoKey( + [in,ref] policy_handle *handle, + [in] winreg_String class, + [out,ref] winreg_String class, + [out] uint32 num_subkeys, + [out] uint32 max_subkeylen, + [out] uint32 max_subkeysize, + [out] uint32 num_values, + [out] uint32 max_valnamelen, + [out] uint32 max_valbufsize, + [out] uint32 secdescsize, + [out] winreg_Time last_changed_time ); /******************/ /* Function: 0x11 */ - NTSTATUS winreg_QueryValue( + WERROR winreg_QueryValue( ); /******************/ /* Function: 0x12 */ - NTSTATUS winreg_ReplaceKey( + WERROR winreg_ReplaceKey( ); /******************/ /* Function: 0x13 */ - NTSTATUS winreg_RestoreKey( + WERROR winreg_RestoreKey( ); /******************/ /* Function: 0x14 */ - NTSTATUS winreg_SaveKey( + WERROR winreg_SaveKey( ); /******************/ /* Function: 0x15 */ - NTSTATUS winreg_SetKeySecurity( + WERROR winreg_SetKeySecurity( ); /******************/ /* Function: 0x16 */ - NTSTATUS winreg_SetValue( + WERROR winreg_SetValue( ); /******************/ /* Function: 0x17 */ - NTSTATUS winreg_UnLoadKey( + WERROR winreg_UnLoadKey( ); /******************/ /* Function: 0x18 */ - NTSTATUS winreg_InitiateSystemShutdown( + WERROR winreg_InitiateSystemShutdown( ); /******************/ /* Function: 0x19 */ - NTSTATUS winreg_AbortSystemShutdown( + WERROR winreg_AbortSystemShutdown( ); /******************/ /* Function: 0x1a */ - NTSTATUS winreg_GetVersion( + WERROR winreg_GetVersion( [in,ref] policy_handle *handle, [out] uint32 version ); /******************/ /* Function: 0x1b */ - NTSTATUS winreg_OpenHKCC( + WERROR winreg_OpenHKCC( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x1c */ - NTSTATUS winreg_OpenHKDD( + WERROR winreg_OpenHKDD( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x1d */ - NTSTATUS winreg_QueryMultipleValues( + WERROR winreg_QueryMultipleValues( ); /******************/ /* Function: 0x1e */ - NTSTATUS winreg_InitiateSystemShutdownEx( + WERROR winreg_InitiateSystemShutdownEx( ); /******************/ /* Function: 0x1f */ - NTSTATUS winreg_SaveKeyEx( + WERROR winreg_SaveKeyEx( ); /******************/ /* Function: 0x20 */ - NTSTATUS winreg_OpenHKPT( + WERROR winreg_OpenHKPT( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x21 */ - NTSTATUS winreg_OpenHKPN( + WERROR winreg_OpenHKPN( + [in] winreg_OpenUnknown *unknown, + [in] uint32 access_required, + [out,ref] policy_handle *handle ); /******************/ /* Function: 0x21 */ - NTSTATUS winreg_QueryMultipleValues2( + WERROR winreg_QueryMultipleValues2( ); } diff --git a/source4/torture/rpc/winreg.c b/source4/torture/rpc/winreg.c index 88a450e52c..7ca63f722e 100644 --- a/source4/torture/rpc/winreg.c +++ b/source4/torture/rpc/winreg.c @@ -88,6 +88,31 @@ static BOOL test_FlushKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return True; } +static BOOL test_OpenKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *hive_handle, + char *keyname, struct policy_handle *key_handle) +{ + NTSTATUS status; + struct winreg_OpenKey r; + + printf("\ntesting OpenKey\n"); + + r.in.handle = hive_handle; + init_winreg_String(&r.in.keyname, keyname); + r.in.unknown = 0x00000000; + r.in.access_mask = 0x02000000; + r.out.handle = key_handle; + + status = dcerpc_winreg_OpenKey(p, mem_ctx, &r); + + if (!W_ERROR_IS_OK(r.out.result)) { + printf("OpenKey failed - %s\n", win_errstr(r.out.result)); + return False; + } + + return True; +} + static BOOL test_DeleteKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, char *key) { @@ -109,12 +134,107 @@ static BOOL test_DeleteKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return True; } -static BOOL test_OpenHKLM(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) +static BOOL test_QueryInfoKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle, char *class) +{ + NTSTATUS status; + struct winreg_QueryInfoKey r; + + printf("\ntesting QueryInfoKey\n"); + + r.in.handle = handle; + init_winreg_String(&r.in.class, class); + + status = dcerpc_winreg_QueryInfoKey(p, mem_ctx, &r); + + if (!W_ERROR_IS_OK(r.out.result)) { + printf("QueryInfoKey failed - %s\n", win_errstr(r.out.result)); + return False; + } + + return True; +} + +static BOOL test_EnumKey(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct winreg_EnumKey r; + struct winreg_EnumKeyNameRequest keyname; + struct winreg_String classname; + struct winreg_Time tm; + + printf("\ntesting EnumKey\n"); + + r.in.handle = handle; + r.in.key_index = 0; + r.in.key_name_len = r.out.key_name_len = 0; + r.in.unknown = r.out.unknown = 0x0414; + keyname.unknown = 0x0000020a; + init_winreg_String(&keyname.key_name, NULL); + init_winreg_String(&classname, NULL); + r.in.name = &keyname; + r.in.class = &classname; + tm.low = tm.high = 0x7fffffff; + r.in.last_changed_time = &tm; + + do { + status = dcerpc_winreg_EnumKey(p, mem_ctx, &r); + r.in.key_index++; + } while (W_ERROR_IS_OK(r.out.result)); + + return True; +} + +static BOOL test_EnumValue(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct winreg_QueryInfoKey qik; + struct winreg_EnumValue r; + struct winreg_String name; + uint32 type; + uint32 value1, value2; + + + printf("\ntesting EnumValue\n"); + + qik.in.handle = handle; + init_winreg_String(&qik.in.class, NULL); + + status = dcerpc_winreg_QueryInfoKey(p, mem_ctx, &qik); + + if (!W_ERROR_IS_OK(r.out.result)) { + printf("QueryInfoKey failed - %s\n", win_errstr(r.out.result)); + return False; + } + + r.in.handle = handle; + r.in.val_index = 0; + init_winreg_String(&name, ""); + r.in.name = &name; + type = 0; + r.in.type = r.out.type = &type; + r.in.value = NULL; + value1 = 0; + value2 = 0; + r.in.value1 = &value1; + r.in.value2 = &value2; + + do { + status = dcerpc_winreg_EnumValue(p, mem_ctx, &r); + r.in.val_index++; + } while (W_ERROR_IS_OK(r.out.result)); + + return True; +} + +static BOOL test_OpenHKLM(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) { NTSTATUS status; struct winreg_OpenHKLM r; - struct winreg_OpenHKLMUnknown unknown; - struct policy_handle handle; + struct winreg_OpenUnknown unknown; BOOL ret = True; printf("\ntesting OpenHKLM\n"); @@ -123,7 +243,7 @@ static BOOL test_OpenHKLM(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) unknown.unknown1 = 0x0000; r.in.unknown = &unknown; r.in.access_required = SEC_RIGHTS_MAXIMUM_ALLOWED; - r.out.handle = &handle; + r.out.handle = handle; status = dcerpc_winreg_OpenHKLM(p, mem_ctx, &r); @@ -132,27 +252,98 @@ static BOOL test_OpenHKLM(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx) return False; } - if (!test_GetVersion(p, mem_ctx, &handle)) { - ret = False; + return ret; +} + +static BOOL test_OpenHKU(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct winreg_OpenHKU r; + struct winreg_OpenUnknown unknown; + BOOL ret = True; + + printf("\ntesting OpenHKU\n"); + + unknown.unknown0 = 0x84e0; + unknown.unknown1 = 0x0000; + r.in.unknown = &unknown; + r.in.access_required = SEC_RIGHTS_MAXIMUM_ALLOWED; + r.out.handle = handle; + + status = dcerpc_winreg_OpenHKU(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("OpenHKU failed - %s\n", nt_errstr(status)); + return False; } - if (!test_DeleteKey(p, mem_ctx, &handle, "spottyfoot")) { - ret = False; + return ret; +} + +static BOOL test_OpenHKCR(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct winreg_OpenHKCR r; + struct winreg_OpenUnknown unknown; + BOOL ret = True; + + printf("\ntesting OpenHKCR\n"); + + unknown.unknown0 = 0x84e0; + unknown.unknown1 = 0x0000; + r.in.unknown = &unknown; + r.in.access_required = SEC_RIGHTS_MAXIMUM_ALLOWED; + r.out.handle = handle; + + status = dcerpc_winreg_OpenHKCR(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("OpenHKCR failed - %s\n", nt_errstr(status)); + return False; } - if (!test_CloseKey(p, mem_ctx, &handle)) { - ret = False; + return ret; +} + +static BOOL test_OpenHKCU(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct winreg_OpenHKCU r; + struct winreg_OpenUnknown unknown; + BOOL ret = True; + + printf("\ntesting OpenHKCU\n"); + + unknown.unknown0 = 0x84e0; + unknown.unknown1 = 0x0000; + r.in.unknown = &unknown; + r.in.access_required = SEC_RIGHTS_MAXIMUM_ALLOWED; + r.out.handle = handle; + + status = dcerpc_winreg_OpenHKCU(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("OpenHKCU failed - %s\n", nt_errstr(status)); + return False; } return ret; } +typedef BOOL (*winreg_open_fn)(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, + struct policy_handle *handle); + BOOL torture_rpc_winreg(int dummy) { NTSTATUS status; struct dcerpc_pipe *p; TALLOC_CTX *mem_ctx; BOOL ret = True; + winreg_open_fn open_fns[] = { test_OpenHKLM }; + int i; mem_ctx = talloc_init("torture_rpc_winreg"); @@ -166,8 +357,32 @@ BOOL torture_rpc_winreg(int dummy) p->flags |= DCERPC_DEBUG_PRINT_BOTH; - if (!test_OpenHKLM(p, mem_ctx)) { - ret = False; + for (i = 0; i < ARRAY_SIZE(open_fns); i++) { + struct policy_handle handle; + + if (!open_fns[i](p, mem_ctx, &handle)) + ret = False; + +#if 0 + if (!test_GetVersion(p, mem_ctx, &handle)) { + ret = False; + } + + if (!test_DeleteKey(p, mem_ctx, &handle, "spottyfoot")) { + ret = False; + } +#endif + if (!test_EnumKey(p, mem_ctx, &handle)) { + ret = False; + } + + if (!test_EnumValue(p, mem_ctx, &handle)) { + ret = False; + } + + if (!test_CloseKey(p, mem_ctx, &handle)) { + ret = False; + } } torture_rpc_close(p); |