summaryrefslogtreecommitdiff
path: root/source4
diff options
context:
space:
mode:
Diffstat (limited to 'source4')
-rw-r--r--source4/torture/rpc/lsa.c83
1 files changed, 68 insertions, 15 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c
index 8d2f266f40..464ea8df59 100644
--- a/source4/torture/rpc/lsa.c
+++ b/source4/torture/rpc/lsa.c
@@ -671,8 +671,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b,
static bool test_LookupSids3(struct dcerpc_binding_handle *b,
struct torture_context *tctx,
- struct lsa_SidArray *sids,
- bool test_fail) /* check if the tests fails! */
+ struct lsa_SidArray *sids)
{
struct lsa_LookupSids3 r;
struct lsa_TransNameArray2 names;
@@ -696,23 +695,77 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b,
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids3_r(b, tctx, &r),
"LookupSids3 failed");
+
+ torture_assert_ntstatus_ok(tctx,
+ r.out.result,
+ "LookupSids3 failed");
+
+ torture_comment(tctx, "\n");
+
+ return true;
+}
+
+static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b,
+ struct torture_context *tctx,
+ struct lsa_SidArray *sids)
+{
+ struct lsa_LookupSids3 r;
+ struct lsa_TransNameArray2 names;
+ struct lsa_RefDomainList *domains = NULL;
+ uint32_t count = sids->num_sids;
+ NTSTATUS status;
+
+ torture_comment(tctx, "\nTesting LookupSids3\n");
+
+ names.count = 0;
+ names.names = NULL;
+
+ r.in.sids = sids;
+ r.in.names = &names;
+ r.in.level = 1;
+ r.in.count = &count;
+ r.in.lookup_options = 0;
+ r.in.client_revision = 0;
+ r.out.domains = &domains;
+ r.out.count = &count;
+ r.out.names = &names;
+
+ status = dcerpc_lsa_LookupSids3_r(b, tctx, &r);
+ if (!NT_STATUS_IS_OK(status)) {
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ torture_comment(tctx,
+ "LookupSids3 correctly returned with "
+ "status: %s\n",
+ nt_errstr(status));
+ return true;
+ }
+
+ torture_assert_ntstatus_equal(tctx,
+ status,
+ NT_STATUS_ACCESS_DENIED,
+ "LookupSids3 return value should "
+ "be ACCESS_DENIED");
+ return true;
+ }
+
if (!NT_STATUS_IS_OK(r.out.result)) {
if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) ||
NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) {
- if (test_fail) {
- torture_comment(tctx, "not considering %s to be an error\n",
- nt_errstr(r.out.result));
- return true;
- }
+ torture_comment(tctx,
+ "LookupNames4 correctly returned with "
+ "result: %s\n",
+ nt_errstr(r.out.result));
+ return true;
}
- torture_comment(tctx, "LookupSids3 failed - %s - not considered an error\n",
- nt_errstr(r.out.result));
- return false;
}
- torture_comment(tctx, "\n");
+ torture_assert_ntstatus_equal(tctx,
+ r.out.result,
+ NT_STATUS_OK,
+ "LookupSids3 return value should be "
+ "ACCESS_DENIED");
- return true;
+ return false;
}
bool test_many_LookupSids(struct dcerpc_pipe *p,
@@ -774,7 +827,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
names.count = 0;
names.names = NULL;
- if (!test_LookupSids3(b, tctx, &sids, true)) {
+ if (!test_LookupSids3_fail(b, tctx, &sids)) {
return false;
}
if (!test_LookupNames4(b, tctx, &names, false, true)) {
@@ -788,7 +841,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL &&
p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) {
- if (!test_LookupSids3(b, tctx, &sids, false)) {
+ if (!test_LookupSids3(b, tctx, &sids)) {
return false;
}
if (!test_LookupNames4(b, tctx, &names, true, false)) {
@@ -799,7 +852,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p,
* If we don't have a secure channel these tests must
* fail with ACCESS_DENIED.
*/
- if (!test_LookupSids3(b, tctx, &sids, true)) {
+ if (!test_LookupSids3_fail(b, tctx, &sids)) {
return false;
}
if (!test_LookupNames4(b, tctx, &names, false, true)) {