diff options
-rw-r--r-- | source4/librpc/idl/lsa.idl | 23 | ||||
-rw-r--r-- | source4/torture/rpc/lsa.c | 135 |
2 files changed, 135 insertions, 23 deletions
diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 5e9c1a049b..22701ce019 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -176,6 +176,21 @@ dom_sid2 *sid; } lsa_DnsDomainInfo; + typedef enum { + LSA_POLICY_INFO_AUDIT_LOG=1, + LSA_POLICY_INFO_AUDIT_EVENTS=2, + LSA_POLICY_INFO_DOMAIN=3, + LSA_POLICY_INFO_PD=4, + LSA_POLICY_INFO_ACCOUNT_DOMAIN=5, + LSA_POLICY_INFO_ROLE=6, + LSA_POLICY_INFO_REPLICA=7, + LSA_POLICY_INFO_QUOTA=8, + LSA_POLICY_INFO_DB=9, + LSA_POLICY_INFO_AUDIT_FULL_SET=10, + LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, + LSA_POLICY_INFO_DNS=12 + } lsaPolicyInfo; + typedef union { [case(1)] lsa_AuditLogInfo audit_log; [case(2)] lsa_AuditEventsInfo audit_events; @@ -207,8 +222,12 @@ /******************/ /* Function: 0x0a */ - NTSTATUS lsa_CreateAccount (); - + NTSTATUS lsa_CreateAccount ( + [in,ref] policy_handle *handle, + [in,ref] dom_sid2 *sid, + [in] uint32 access, + [out,ref] policy_handle *acct_handle + ); /******************/ /* Function: 0x0b */ diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index feb7a32140..7f49e4cef6 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -230,6 +230,116 @@ static BOOL test_EnumPrivsAccount(struct dcerpc_pipe *p, return True; } +static BOOL test_Delete(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct lsa_Delete r; + + printf("\ntesting Delete\n"); + + r.in.handle = handle; + status = dcerpc_lsa_Delete(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("Delete failed - %s\n", nt_errstr(status)); + return False; + } + + printf("\n"); + + return True; +} + + +static BOOL find_domain_sid(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle, + struct dom_sid2 **sid) +{ + struct lsa_QueryInfoPolicy r; + NTSTATUS status; + + r.in.handle = handle; + r.in.level = LSA_POLICY_INFO_DOMAIN; + + status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r); + + if (!NT_STATUS_IS_OK(status)) { + printf("LSA_POLICY_INFO_DOMAIN failed - %s\n", nt_errstr(status)); + return False; + } + + *sid = r.out.info->domain.sid; + + return True; +} + +static struct dom_sid *sid_add_auth(TALLOC_CTX *mem_ctx, + const struct dom_sid *sid, + uint32 sub_auth) +{ + struct dom_sid *ret; + + ret = talloc_p(mem_ctx, struct dom_sid); + if (!ret) { + return NULL; + } + + *ret = *sid; + + ret->sub_auths = talloc_array_p(mem_ctx, uint32, ret->num_auths+1); + if (!ret->sub_auths) { + return NULL; + } + + memcpy(ret->sub_auths, sid->sub_auths, + ret->num_auths * sizeof(sid->sub_auths[0])); + ret->sub_auths[ret->num_auths] = sub_auth; + ret->num_auths++; + + return ret; +} + +static BOOL test_CreateAccount(struct dcerpc_pipe *p, + TALLOC_CTX *mem_ctx, + struct policy_handle *handle) +{ + NTSTATUS status; + struct lsa_CreateAccount r; + struct dom_sid2 *domsid, *newsid; + struct policy_handle acct_handle; + + if (!find_domain_sid(p, mem_ctx, handle, &domsid)) { + return False; + } + + newsid = sid_add_auth(mem_ctx, domsid, 0x1234abcd); + if (!newsid) { + printf("Failed to create newsid\n"); + return False; + } + + printf("Testing CreateAccount\n"); + + r.in.handle = handle; + r.in.sid = newsid; + r.in.access = SEC_RIGHTS_MAXIMUM_ALLOWED; + r.out.acct_handle = &acct_handle; + + status = dcerpc_lsa_CreateAccount(p, mem_ctx, &r); + if (!NT_STATUS_IS_OK(status)) { + printf("CreateAccount failed - %s\n", nt_errstr(status)); + return False; + } + + if (!test_Delete(p, mem_ctx, &acct_handle)) { + return False; + } + + return True; +} + static BOOL test_EnumAccountRights(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *acct_handle, @@ -464,27 +574,6 @@ static BOOL test_QueryInfoPolicy(struct dcerpc_pipe *p, return ret; } -static BOOL test_Delete(struct dcerpc_pipe *p, - TALLOC_CTX *mem_ctx, - struct policy_handle *handle) -{ - NTSTATUS status; - struct lsa_Delete r; - - printf("\ntesting Delete - but what does it do?\n"); - - r.in.handle = handle; - status = dcerpc_lsa_Delete(p, mem_ctx, &r); - if (!NT_STATUS_IS_OK(status)) { - printf("Delete failed - %s\n", nt_errstr(status)); - return False; - } - - printf("\n"); - - return True; -} - static BOOL test_Close(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle) @@ -542,6 +631,10 @@ BOOL torture_rpc_lsa(int dummy) ret = False; } + if (!test_CreateAccount(p, mem_ctx, &handle)) { + ret = False; + } + if (!test_EnumAccounts(p, mem_ctx, &handle)) { ret = False; } |