diff options
-rw-r--r-- | source4/torture/rpc/forest_trust.c | 102 |
1 files changed, 102 insertions, 0 deletions
diff --git a/source4/torture/rpc/forest_trust.c b/source4/torture/rpc/forest_trust.c index 1c5c177497..ffd8413ea4 100644 --- a/source4/torture/rpc/forest_trust.c +++ b/source4/torture/rpc/forest_trust.c @@ -238,6 +238,103 @@ static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, return ret; } +struct get_set_info { + enum lsa_TrustDomInfoEnum info_level; + NTSTATUS get_result; + NTSTATUS set_result; +}; + +static bool get_and_set_info(struct dcerpc_pipe *p, + struct torture_context *tctx, + const char *name) +{ + struct policy_handle *handle; + NTSTATUS status; + struct lsa_QueryTrustedDomainInfoByName qr; + struct lsa_SetTrustedDomainInfoByName sr; + union lsa_TrustedDomainInfo *info; + struct lsa_Close cr; + struct policy_handle closed_handle; + size_t c; + + struct get_set_info il[] = { + {LSA_TRUSTED_DOMAIN_INFO_NAME, NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER}, + /* {LSA_TRUSTED_DOMAIN_INFO_CONTROLLERS, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + {LSA_TRUSTED_DOMAIN_INFO_POSIX_OFFSET, NT_STATUS_OK, NT_STATUS_OK}, + /* {LSA_TRUSTED_DOMAIN_INFO_PASSWORD, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + /* {LSA_TRUSTED_DOMAIN_INFO_BASIC, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + {LSA_TRUSTED_DOMAIN_INFO_INFO_EX, NT_STATUS_OK, NT_STATUS_OK}, + /* {LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + {LSA_TRUSTED_DOMAIN_INFO_FULL_INFO, NT_STATUS_OK, NT_STATUS_OK}, + /* {LSA_TRUSTED_DOMAIN_INFO_AUTH_INFO_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + /* {LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + /* {LSA_TRUSTED_DOMAIN_INFO_INFO_EX2_INTERNAL, NT_STATUS_INVALID_PARAMETER, NT_STATUS_INVALID_INFO_CLASS}, */ + {LSA_TRUSTED_DOMAIN_INFO_FULL_INFO_2_INTERNAL, NT_STATUS_OK, NT_STATUS_INVALID_PARAMETER}, + {LSA_TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, NT_STATUS_OK, NT_STATUS_OK}, + {-1, NT_STATUS_OK} + }; + + torture_comment(tctx, "\nGetting/Setting dom info\n"); + + if(!test_get_policy_handle(tctx, p, LSA_POLICY_VIEW_LOCAL_INFORMATION, + &handle)) { + return false; + } + + qr.in.handle = handle; + qr.in.trusted_domain = talloc_zero(tctx, struct lsa_String); + qr.in.trusted_domain->string = name; + qr.out.info = &info; + + sr.in.handle = handle; + sr.in.trusted_domain = talloc_zero(tctx, struct lsa_String); + sr.in.trusted_domain->string = name; + sr.in.info = info; + + for (c = 0; il[c].info_level != -1; c++) { + torture_comment(tctx, "\nGetting/Setting dom info [%d]\n",il[c].info_level); + qr.in.level = il[c].info_level; + status = dcerpc_lsa_QueryTrustedDomainInfoByName_r(p->binding_handle, + tctx, &qr); + torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, + "QueryTrustedDomainInfoByName failed"); + if (!NT_STATUS_EQUAL(qr.out.result, il[c].get_result)) { + torture_comment(tctx, "QueryTrustedDomainInfoByName did not return " + "%s but %s\n", + nt_errstr(il[c].get_result), + nt_errstr(qr.out.result)); + return false; + } + + sr.in.level = il[c].info_level; + sr.in.info = info; + status = dcerpc_lsa_SetTrustedDomainInfoByName_r(p->binding_handle, + tctx, &sr); + torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, + "SetTrustedDomainInfoByName failed"); + if (!NT_STATUS_EQUAL(sr.out.result, il[c].set_result)) { + torture_comment(tctx, "SetTrustedDomainInfoByName did not return " + "%s but %s\n", + nt_errstr(il[c].set_result), + nt_errstr(sr.out.result)); + return false; + } + } + + cr.in.handle = handle; + cr.out.handle = &closed_handle; + status = dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr); + torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, + "Close failed"); + if (!NT_STATUS_IS_OK(cr.out.result)) { + torture_comment(tctx, "Close failed - %s\n", + nt_errstr(cr.out.result)); + return false; + } + + return true; +} + static bool check_name(struct dcerpc_pipe *p, struct torture_context *tctx, const char *name) { @@ -283,6 +380,7 @@ static bool check_name(struct dcerpc_pipe *p, struct torture_context *tctx, return true; } + static bool get_lsa_policy_info_dns(struct dcerpc_pipe *p, struct torture_context *tctx, union lsa_PolicyInformation **info) @@ -712,6 +810,10 @@ static bool testcase_ForestTrusts(struct torture_context *tctx, return false; } + if (!get_and_set_info(p, tctx, TEST_DOM)) { + return false; + } + if (!test_validate_trust(tctx, p->binding, dom1_info_dns->dns.name.string, dom1_info_dns->dns.dns_domain.string, |