summaryrefslogtreecommitdiff
path: root/source4/torture/rpc/lsa.c
diff options
context:
space:
mode:
Diffstat (limited to 'source4/torture/rpc/lsa.c')
-rw-r--r--source4/torture/rpc/lsa.c278
1 files changed, 170 insertions, 108 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index a13a8d8818..69df965f19 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -29,7 +29,7 @@
#include "libcli/auth/libcli_auth.h"
#include "torture/rpc/rpc.h"
#include "param/param.h"
-#include "lib/crypto/crypto.h"
+#include "../lib/crypto/crypto.h"
#define TEST_MACHINENAME "lsatestmach"
static void init_lsa_String(struct lsa_String *name, const char *s)
@@ -46,7 +46,7 @@ static bool test_OpenPolicy(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
NTSTATUS status;
uint16_t system_name = '\\';
- printf("\ntesting OpenPolicy\n");
+ printf("\nTesting OpenPolicy\n");
qos.len = 0;
qos.impersonation_level = 2;
@@ -88,7 +88,7 @@ bool test_lsa_OpenPolicy2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx,
struct lsa_OpenPolicy2 r;
NTSTATUS status;
- printf("\ntesting OpenPolicy2\n");
+ printf("\nTesting OpenPolicy2\n");
*handle = talloc(mem_ctx, struct policy_handle);
if (!*handle) {
@@ -222,12 +222,13 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p,
NTSTATUS status;
int i;
- struct lsa_TranslatedName name;
+ struct lsa_TranslatedName name[2];
struct lsa_TransNameArray tnames;
- tnames.names = &name;
- tnames.count = 1;
- name.name.string = "NT AUTHORITY\\BOGUS";
+ tnames.names = name;
+ tnames.count = 2;
+ name[0].name.string = "NT AUTHORITY\\BOGUS";
+ name[1].name.string = NULL;
printf("\nTesting LookupNames with bogus names\n");
@@ -337,8 +338,8 @@ static bool test_LookupNames2(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -382,8 +383,8 @@ static bool test_LookupNames3(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -424,8 +425,8 @@ static bool test_LookupNames4(struct dcerpc_pipe *p,
r.in.sids = &sids;
r.in.level = 1;
r.in.count = &count;
- r.in.unknown1 = 0;
- r.in.unknown2 = 0;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
r.out.count = &count;
r.out.sids = &sids;
@@ -780,7 +781,7 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p,
}
static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
struct policy_handle *acct_handle,
struct lsa_LUID *luid)
@@ -790,7 +791,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
struct lsa_PrivilegeSet privs;
bool ret = true;
- printf("Testing RemovePrivilegesFromAccount\n");
+ printf("\nTesting RemovePrivilegesFromAccount\n");
r.in.handle = acct_handle;
r.in.remove_all = 0;
@@ -830,7 +831,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p,
}
static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
struct policy_handle *acct_handle,
struct lsa_LUID *luid)
{
@@ -839,7 +840,7 @@ static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p,
struct lsa_PrivilegeSet privs;
bool ret = true;
- printf("Testing AddPrivilegesToAccount\n");
+ printf("\nTesting AddPrivilegesToAccount\n");
r.in.handle = acct_handle;
r.in.privs = &privs;
@@ -860,7 +861,7 @@ static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p,
}
static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
- TALLOC_CTX *mem_ctx,
+ TALLOC_CTX *mem_ctx,
struct policy_handle *handle,
struct policy_handle *acct_handle)
{
@@ -868,7 +869,7 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
struct lsa_EnumPrivsAccount r;
bool ret = true;
- printf("Testing EnumPrivsAccount\n");
+ printf("\nTesting EnumPrivsAccount\n");
r.in.handle = acct_handle;
@@ -894,6 +895,60 @@ static bool test_EnumPrivsAccount(struct dcerpc_pipe *p,
return ret;
}
+static bool test_GetSystemAccessAccount(struct dcerpc_pipe *p,
+ TALLOC_CTX *mem_ctx,
+ struct policy_handle *handle,
+ struct policy_handle *acct_handle)
+{
+ NTSTATUS status;
+ uint32_t access_mask;
+ struct lsa_GetSystemAccessAccount r;
+
+ printf("\nTesting GetSystemAccessAccount\n");
+
+ r.in.handle = acct_handle;
+ r.out.access_mask = &access_mask;
+
+ status = dcerpc_lsa_GetSystemAccessAccount(p, mem_ctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ printf("GetSystemAccessAccount failed - %s\n", nt_errstr(status));
+ return false;
+ }
+
+ if (r.out.access_mask != NULL) {
+ printf("Rights:");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_INTERACTIVE)
+ printf(" LSA_POLICY_MODE_INTERACTIVE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_NETWORK)
+ printf(" LSA_POLICY_MODE_NETWORK");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_BATCH)
+ printf(" LSA_POLICY_MODE_BATCH");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_SERVICE)
+ printf(" LSA_POLICY_MODE_SERVICE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_PROXY)
+ printf(" LSA_POLICY_MODE_PROXY");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_INTERACTIVE)
+ printf(" LSA_POLICY_MODE_DENY_INTERACTIVE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_NETWORK)
+ printf(" LSA_POLICY_MODE_DENY_NETWORK");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_BATCH)
+ printf(" LSA_POLICY_MODE_DENY_BATCH");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_SERVICE)
+ printf(" LSA_POLICY_MODE_DENY_SERVICE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_REMOTE_INTERACTIVE)
+ printf(" LSA_POLICY_MODE_REMOTE_INTERACTIVE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE)
+ printf(" LSA_POLICY_MODE_DENY_REMOTE_INTERACTIVE");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL)
+ printf(" LSA_POLICY_MODE_ALL");
+ if (*(r.out.access_mask) & LSA_POLICY_MODE_ALL_NT4)
+ printf(" LSA_POLICY_MODE_ALL_NT4");
+ printf("\n");
+ }
+
+ return true;
+}
+
static bool test_Delete(struct dcerpc_pipe *p,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle)
@@ -901,7 +956,7 @@ static bool test_Delete(struct dcerpc_pipe *p,
NTSTATUS status;
struct lsa_Delete r;
- printf("testing Delete\n");
+ printf("\nTesting Delete\n");
r.in.handle = handle;
status = dcerpc_lsa_Delete(p, mem_ctx, &r);
@@ -920,13 +975,13 @@ static bool test_DeleteObject(struct dcerpc_pipe *p,
NTSTATUS status;
struct lsa_DeleteObject r;
- printf("testing DeleteObject\n");
+ printf("\nTesting DeleteObject\n");
r.in.handle = handle;
r.out.handle = handle;
status = dcerpc_lsa_DeleteObject(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("Delete failed - %s\n", nt_errstr(status));
+ printf("DeleteObject failed - %s\n", nt_errstr(status));
return false;
}
@@ -945,7 +1000,7 @@ static bool test_CreateAccount(struct dcerpc_pipe *p,
newsid = dom_sid_parse_talloc(mem_ctx, "S-1-5-12349876-4321-2854");
- printf("Testing CreateAccount\n");
+ printf("\nTesting CreateAccount\n");
r.in.handle = handle;
r.in.sid = newsid;
@@ -997,7 +1052,7 @@ static bool test_DeleteTrustedDomain(struct dcerpc_pipe *p,
status = dcerpc_lsa_OpenTrustedDomainByName(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("lsa_OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
+ printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status));
return false;
}
@@ -1025,7 +1080,7 @@ static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe *p,
status = dcerpc_lsa_DeleteTrustedDomain(p, mem_ctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("lsa_DeleteTrustedDomain failed - %s\n", nt_errstr(status));
+ printf("DeleteTrustedDomain failed - %s\n", nt_errstr(status));
return false;
}
@@ -1071,7 +1126,7 @@ static bool test_CreateSecret(struct dcerpc_pipe *p,
secname[GLOBAL] = talloc_asprintf(mem_ctx, "G$torturesecret-%u", (uint_t)random());
for (i=0; i< 2; i++) {
- printf("Testing CreateSecret of %s\n", secname[i]);
+ printf("\nTesting CreateSecret of %s\n", secname[i]);
init_lsa_String(&r.in.name, secname[i]);
@@ -1383,7 +1438,7 @@ static bool test_EnumAccountRights(struct dcerpc_pipe *p,
struct lsa_EnumAccountRights r;
struct lsa_RightSet rights;
- printf("Testing EnumAccountRights\n");
+ printf("\nTesting EnumAccountRights\n");
r.in.handle = acct_handle;
r.in.sid = sid;
@@ -1409,11 +1464,11 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p,
struct lsa_QuerySecurity r;
if (torture_setting_bool(tctx, "samba4", false)) {
- printf("skipping QuerySecurity test against Samba4\n");
+ printf("\nskipping QuerySecurity test against Samba4\n");
return true;
}
- printf("Testing QuerySecurity\n");
+ printf("\nTesting QuerySecurity\n");
r.in.handle = acct_handle;
r.in.sec_info = 7;
@@ -1436,7 +1491,7 @@ static bool test_OpenAccount(struct dcerpc_pipe *p,
struct lsa_OpenAccount r;
struct policy_handle acct_handle;
- printf("Testing OpenAccount\n");
+ printf("\nTesting OpenAccount\n");
r.in.handle = handle;
r.in.sid = sid;
@@ -1453,6 +1508,10 @@ static bool test_OpenAccount(struct dcerpc_pipe *p,
return false;
}
+ if (!test_GetSystemAccessAccount(p, mem_ctx, handle, &acct_handle)) {
+ return false;
+ }
+
if (!test_QuerySecurity(p, mem_ctx, handle, &acct_handle)) {
return false;
}
@@ -1471,7 +1530,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p,
int i;
bool ret = true;
- printf("\ntesting EnumAccounts\n");
+ printf("\nTesting EnumAccounts\n");
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
@@ -1502,7 +1561,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p,
* be on schannel, or we would not be able to do the
* rest */
- printf("testing all accounts\n");
+ printf("Testing all accounts\n");
for (i=0;i<sids1.num_sids;i++) {
ret &= test_OpenAccount(p, mem_ctx, handle, sids1.sids[i].sid);
ret &= test_EnumAccountRights(p, mem_ctx, handle, sids1.sids[i].sid);
@@ -1514,7 +1573,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p,
return ret;
}
- printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
+ printf("Trying EnumAccounts partial listing (asking for 1 at 2)\n");
resume_handle = 2;
r.in.num_entries = 1;
r.out.sids = &sids2;
@@ -1544,7 +1603,7 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p,
terminals */
uint16_t language_id = (random() % 4) + 0x409;
- printf("testing LookupPrivDisplayName(%s)\n", priv_name->string);
+ printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string);
r.in.handle = handle;
r.in.name = priv_name;
@@ -1575,7 +1634,7 @@ static bool test_EnumAccountsWithUserRight(struct dcerpc_pipe *p,
ZERO_STRUCT(sids);
- printf("testing EnumAccountsWithUserRight(%s)\n", priv_name->string);
+ printf("\nTesting EnumAccountsWithUserRight(%s)\n", priv_name->string);
r.in.handle = handle;
r.in.name = priv_name;
@@ -1608,7 +1667,7 @@ static bool test_EnumPrivs(struct dcerpc_pipe *p,
int i;
bool ret = true;
- printf("\ntesting EnumPrivs\n");
+ printf("\nTesting EnumPrivs\n");
r.in.handle = handle;
r.in.resume_handle = &resume_handle;
@@ -1668,7 +1727,7 @@ static bool test_QueryForestTrustInformation(struct dcerpc_pipe *p,
status = dcerpc_lsa_lsaRQueryForestTrustInformation(p, tctx, &r);
if (!NT_STATUS_IS_OK(status)) {
- printf("lsaRQueryForestTrustInformation failed - %s\n", nt_errstr(status));
+ printf("lsaRQueryForestTrustInformation of %s failed - %s\n", trusted_domain_name, nt_errstr(status));
ret = false;
}
@@ -1898,7 +1957,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
/* NO_MORE_ENTRIES is allowed */
if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) {
- return true;
+ if (domains.count == 0) {
+ return true;
+ }
+ printf("EnumTrustDom failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n");
+ return false;
} else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) {
/* Windows 2003 gets this off by one on the first run */
if (r.out.domains->count < 3 || r.out.domains->count > 4) {
@@ -1949,7 +2012,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p,
/* NO_MORE_ENTRIES is allowed */
if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) {
- return true;
+ if (domains_ex.count == 0) {
+ return true;
+ }
+ printf("EnumTrustDomainsEx failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n");
+ return false;
} else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) {
/* Windows 2003 gets this off by one on the first run */
if (r_ex.out.domains->count < 3 || r_ex.out.domains->count > 4) {
@@ -1990,7 +2057,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p,
struct lsa_QueryTrustedDomainInfo q;
int i;
- printf("Testing CreateTrustedDomain for 12 domains\n");
+ printf("\nTesting CreateTrustedDomain for 12 domains\n");
if (!test_EnumTrustDom(p, mem_ctx, handle)) {
ret = false;
@@ -2077,7 +2144,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
struct lsa_CreateTrustedDomainEx2 r;
struct lsa_TrustDomainInfoInfoEx trustinfo;
struct lsa_TrustDomainInfoAuthInfoInternal authinfo;
- struct trustAuthInAndOutBlob auth_struct;
+ struct trustDomainPasswords auth_struct;
DATA_BLOB auth_blob;
struct dom_sid *domsid[12];
struct policy_handle trustdom_handle[12];
@@ -2086,7 +2153,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
enum ndr_err_code ndr_err;
int i;
- printf("Testing CreateTrustedDomainEx2 for 12 domains\n");
+ printf("\nTesting CreateTrustedDomainEx2 for 12 domains\n");
status = dcerpc_fetch_session_key(p, &session_key);
if (!NT_STATUS_IS_OK(status)) {
@@ -2114,7 +2181,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
/* Try different trust types too */
- /* 1 == downleven (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */
+ /* 1 == downlevel (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */
trustinfo.trust_type = (((i / 3) + 1) % 3) + 1;
trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION;
@@ -2125,9 +2192,9 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
auth_struct.incoming.count = 0;
ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct,
- (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob);
+ (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed");
+ printf("ndr_push_struct_blob of trustDomainPasswords structure failed");
ret = false;
}
@@ -2159,6 +2226,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status));
ret = false;
} else if (!q.out.info) {
+ printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n");
ret = false;
} else {
if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) {
@@ -2187,11 +2255,13 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p,
/* now that we have some domains to look over, we can test the enum calls */
if (!test_EnumTrustDom(p, mem_ctx, handle)) {
+ printf("test_EnumTrustDom failed\n");
ret = false;
}
for (i=0; i<12; i++) {
if (!test_DeleteTrustedDomainBySid(p, mem_ctx, handle, domsid[i])) {
+ printf("test_DeleteTrustedDomainBySid failed\n");
ret = false;
}
}
@@ -2214,7 +2284,7 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
r.in.handle = handle;
r.in.level = i;
- printf("\ntrying QueryDomainInformationPolicy level %d\n", i);
+ printf("\nTrying QueryDomainInformationPolicy level %d\n", i);
status = dcerpc_lsa_QueryDomainInformationPolicy(p, tctx, &r);
@@ -2232,38 +2302,63 @@ static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p,
}
-static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
- struct torture_context *tctx,
- struct policy_handle *handle)
+static bool test_QueryInfoPolicyCalls( bool version2,
+ struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle)
{
struct lsa_QueryInfoPolicy r;
NTSTATUS status;
int i;
bool ret = true;
- printf("\nTesting QueryInfoPolicy\n");
- for (i=1;i<13;i++) {
+ if (version2)
+ printf("\nTesting QueryInfoPolicy2\n");
+ else
+ printf("\nTesting QueryInfoPolicy\n");
+
+ for (i=1;i<=14;i++) {
r.in.handle = handle;
r.in.level = i;
- printf("\ntrying QueryInfoPolicy level %d\n", i);
+ if (version2)
+ printf("\nTrying QueryInfoPolicy2 level %d\n", i);
+ else
+ printf("\nTrying QueryInfoPolicy level %d\n", i);
- status = dcerpc_lsa_QueryInfoPolicy(p, tctx, &r);
+ if (version2)
+ /* We can perform the cast, because both types are
+ structurally equal */
+ status = dcerpc_lsa_QueryInfoPolicy2(p, tctx,
+ (struct lsa_QueryInfoPolicy2*) &r);
+ else
+ status = dcerpc_lsa_QueryInfoPolicy(p, tctx, &r);
switch (i) {
- case LSA_POLICY_INFO_DB:
+ case LSA_POLICY_INFO_MOD:
case LSA_POLICY_INFO_AUDIT_FULL_SET:
case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
- printf("server should have failed level %u: %s\n", i, nt_errstr(status));
+ printf("Server should have failed level %u: %s\n", i, nt_errstr(status));
ret = false;
}
break;
case LSA_POLICY_INFO_DOMAIN:
case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
+ case LSA_POLICY_INFO_L_ACCOUNT_DOMAIN:
+ case LSA_POLICY_INFO_DNS_INT:
case LSA_POLICY_INFO_DNS:
+ case LSA_POLICY_INFO_REPLICA:
+ case LSA_POLICY_INFO_QUOTA:
+ case LSA_POLICY_INFO_ROLE:
+ case LSA_POLICY_INFO_AUDIT_LOG:
+ case LSA_POLICY_INFO_AUDIT_EVENTS:
+ case LSA_POLICY_INFO_PD:
if (!NT_STATUS_IS_OK(status)) {
- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
+ if (version2)
+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
+ else
+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
ret = false;
}
break;
@@ -2271,17 +2366,24 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
if (torture_setting_bool(tctx, "samba4", false)) {
/* Other levels not implemented yet */
if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
+ if (version2)
+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
+ else
+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
ret = false;
}
} else if (!NT_STATUS_IS_OK(status)) {
- printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
+ if (version2)
+ printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
+ else
+ printf("QueryInfoPolicy failed - %s\n", nt_errstr(status));
ret = false;
}
break;
}
- if (NT_STATUS_IS_OK(status) && i == LSA_POLICY_INFO_DNS) {
+ if (NT_STATUS_IS_OK(status) && (i == LSA_POLICY_INFO_DNS
+ || i == LSA_POLICY_INFO_DNS_INT)) {
/* Let's look up some of these names */
struct lsa_TransNameArray tnames;
@@ -2323,56 +2425,18 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
return ret;
}
+static bool test_QueryInfoPolicy(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle)
+{
+ return test_QueryInfoPolicyCalls(false, p, tctx, handle);
+}
+
static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct policy_handle *handle)
{
- struct lsa_QueryInfoPolicy2 r;
- NTSTATUS status;
- int i;
- bool ret = true;
- printf("\nTesting QueryInfoPolicy2\n");
- for (i=1;i<13;i++) {
- r.in.handle = handle;
- r.in.level = i;
-
- printf("\ntrying QueryInfoPolicy2 level %d\n", i);
-
- status = dcerpc_lsa_QueryInfoPolicy2(p, tctx, &r);
-
- switch (i) {
- case LSA_POLICY_INFO_DB:
- case LSA_POLICY_INFO_AUDIT_FULL_SET:
- case LSA_POLICY_INFO_AUDIT_FULL_QUERY:
- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
- printf("server should have failed level %u: %s\n", i, nt_errstr(status));
- ret = false;
- }
- break;
- case LSA_POLICY_INFO_DOMAIN:
- case LSA_POLICY_INFO_ACCOUNT_DOMAIN:
- case LSA_POLICY_INFO_DNS:
- if (!NT_STATUS_IS_OK(status)) {
- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
- ret = false;
- }
- break;
- default:
- if (torture_setting_bool(tctx, "samba4", false)) {
- /* Other levels not implemented yet */
- if (!NT_STATUS_EQUAL(status, NT_STATUS_INVALID_INFO_CLASS)) {
- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
- ret = false;
- }
- } else if (!NT_STATUS_IS_OK(status)) {
- printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status));
- ret = false;
- }
- break;
- }
- }
-
- return ret;
+ return test_QueryInfoPolicyCalls(true, p, tctx, handle);
}
static bool test_GetUserName(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx)
@@ -2407,7 +2471,7 @@ bool test_lsa_Close(struct dcerpc_pipe *p,
struct lsa_Close r;
struct policy_handle handle2;
- printf("\ntesting Close\n");
+ printf("\nTesting Close\n");
r.in.handle = handle;
r.out.handle = &handle2;
@@ -2457,7 +2521,6 @@ bool torture_rpc_lsa(struct torture_context *tctx)
if (!join) {
ret = false;
}
-
if (!test_LookupNames_wellknown(p, tctx, handle)) {
ret = false;
}
@@ -2481,7 +2544,6 @@ bool torture_rpc_lsa(struct torture_context *tctx)
if (!test_CreateSecret(p, tctx, handle)) {
ret = false;
}
-
if (!test_CreateTrustedDomain(p, tctx, handle)) {
ret = false;
}
generated by cgit (git 2.34.1) at 2024-07-26 12:38:27 +0000