diff options
Diffstat (limited to 'source4/torture')
-rw-r--r-- | source4/torture/rpc/lsa.c | 97 |
1 files changed, 74 insertions, 23 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 464ea8df59..2e71c8835c 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -509,8 +509,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b, static bool test_LookupNames4(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct lsa_TransNameArray2 *tnames, - bool check_result, - bool test_fail) /* check if the tests fails! */ + bool check_result) { struct lsa_LookupNames4 r; struct lsa_TransSidArray3 sids; @@ -550,19 +549,10 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b, torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupNames4_r(b, tctx, &r), "LookupNames4 failed"); - if (!NT_STATUS_IS_OK(r.out.result)) { - if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || - NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { - if (test_fail) { - torture_comment(tctx, "not considering %s to be an error\n", - nt_errstr(r.out.result)); - return true; - } - } - torture_comment(tctx, "LookupNames4 failed - %s\n", - nt_errstr(r.out.result)); - return false; - } + + torture_assert_ntstatus_ok(tctx, + r.out.result, + "LookupNames4 failed"); if (check_result) { torture_assert_int_equal(tctx, count, sids.count, @@ -577,6 +567,72 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b, return true; } +static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b, + struct torture_context *tctx) +{ + struct lsa_LookupNames4 r; + struct lsa_TransSidArray3 sids; + struct lsa_RefDomainList *domains = NULL; + struct lsa_String *names; + uint32_t count = 0; + NTSTATUS status; + + torture_comment(tctx, "\nTesting LookupNames4_fail"); + + sids.count = 0; + sids.sids = NULL; + + r.in.num_names = 0; + + r.in.num_names = count; + r.in.names = names; + r.in.sids = &sids; + r.in.level = 1; + r.in.count = &count; + r.in.lookup_options = 0; + r.in.client_revision = 0; + r.out.count = &count; + r.out.sids = &sids; + r.out.domains = &domains; + + status = dcerpc_lsa_LookupNames4_r(b, tctx, &r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + torture_comment(tctx, + "LookupNames4 correctly returned with " + "status: %s\n", + nt_errstr(status)); + return true; + } + + torture_assert_ntstatus_equal(tctx, + status, + NT_STATUS_ACCESS_DENIED, + "LookupNames4 return value should " + "be ACCESS_DENIED"); + return true; + } + + if (!NT_STATUS_IS_OK(r.out.result)) { + if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || + NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { + torture_comment(tctx, + "LookupSids3 correctly returned with " + "result: %s\n", + nt_errstr(r.out.result)); + return true; + } + } + + torture_assert_ntstatus_equal(tctx, + r.out.result, + NT_STATUS_OK, + "LookupNames4 return value should be " + "ACCESS_DENIED"); + + return false; +} + static bool test_LookupSids(struct dcerpc_binding_handle *b, struct torture_context *tctx, @@ -822,15 +878,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, } if (p->binding->transport == NCACN_NP) { - struct lsa_TransNameArray2 names; - - names.count = 0; - names.names = NULL; - if (!test_LookupSids3_fail(b, tctx, &sids)) { return false; } - if (!test_LookupNames4(b, tctx, &names, false, true)) { + if (!test_LookupNames4_fail(b, tctx)) { return false; } } else if (p->binding->transport == NCACN_IP_TCP) { @@ -844,7 +895,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (!test_LookupSids3(b, tctx, &sids)) { return false; } - if (!test_LookupNames4(b, tctx, &names, true, false)) { + if (!test_LookupNames4(b, tctx, &names, true)) { return false; } } else { @@ -855,7 +906,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (!test_LookupSids3_fail(b, tctx, &sids)) { return false; } - if (!test_LookupNames4(b, tctx, &names, false, true)) { + if (!test_LookupNames4_fail(b, tctx)) { return false; } } |