diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/rpc/lsa.c | 384 |
1 files changed, 192 insertions, 192 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 038757e9bf..e10bc77911 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1,20 +1,20 @@ -/* +/* Unix SMB/CIFS implementation. test suite for lsa rpc operations Copyright (C) Andrew Tridgell 2003 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ @@ -148,7 +148,7 @@ static const char *sid_type_lookup(enum lsa_SidType r) return "Invalid sid type\n"; } -static bool test_LookupNames(struct dcerpc_pipe *p, +static bool test_LookupNames(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_TransNameArray *tnames) @@ -183,12 +183,12 @@ static bool test_LookupNames(struct dcerpc_pipe *p, status = dcerpc_lsa_LookupNames(p, tctx, &r); - if (NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || + if (NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)) { for (i=0;i< tnames->count;i++) { if (i < count && sids.sids[i].sid_type == SID_NAME_UNKNOWN) { - printf("LookupName of %s was unmapped\n", - tnames->names[i].name.string); + printf("LookupName of %s was unmapped\n", + tnames->names[i].name.string); } else if (i >=count) { printf("LookupName of %s failed to return a result\n", tnames->names[i].name.string); @@ -200,10 +200,10 @@ static bool test_LookupNames(struct dcerpc_pipe *p, printf("LookupNames failed - %s\n", nt_errstr(status)); return false; } - + for (i=0;i< tnames->count;i++) { if (i < count && sids.sids[i].sid_type != tnames->names[i].sid_type) { - printf("LookupName of %s got unexpected name type: %s\n", + printf("LookupName of %s got unexpected name type: %s\n", tnames->names[i].name.string, sid_type_lookup(sids.sids[i].sid_type)); } else if (i >=count) { printf("LookupName of %s failed to return a result\n", @@ -266,7 +266,7 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p, return true; } -static bool test_LookupNames_wellknown(struct dcerpc_pipe *p, +static bool test_LookupNames_wellknown(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -316,7 +316,7 @@ static bool test_LookupNames_wellknown(struct dcerpc_pipe *p, return ret; } -static bool test_LookupNames2(struct dcerpc_pipe *p, +static bool test_LookupNames2(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_TransNameArray2 *tnames) @@ -363,7 +363,7 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, } -static bool test_LookupNames3(struct dcerpc_pipe *p, +static bool test_LookupNames3(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_TransNameArray2 *tnames) @@ -409,7 +409,7 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, return true; } -static bool test_LookupNames4(struct dcerpc_pipe *p, +static bool test_LookupNames4(struct dcerpc_pipe *p, struct torture_context *tctx, struct lsa_TransNameArray2 *tnames) { @@ -454,7 +454,7 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, } -static bool test_LookupSids(struct dcerpc_pipe *p, +static bool test_LookupSids(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_SidArray *sids) @@ -495,7 +495,7 @@ static bool test_LookupSids(struct dcerpc_pipe *p, } -static bool test_LookupSids2(struct dcerpc_pipe *p, +static bool test_LookupSids2(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_SidArray *sids) @@ -541,7 +541,7 @@ static bool test_LookupSids2(struct dcerpc_pipe *p, return true; } -static bool test_LookupSids3(struct dcerpc_pipe *p, +static bool test_LookupSids3(struct dcerpc_pipe *p, struct torture_context *tctx, struct lsa_SidArray *sids) { @@ -573,7 +573,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, printf("not considering %s to be an error\n", nt_errstr(status)); return true; } - printf("LookupSids3 failed - %s - not considered an error\n", + printf("LookupSids3 failed - %s - not considered an error\n", nt_errstr(status)); return false; } @@ -587,7 +587,7 @@ static bool test_LookupSids3(struct dcerpc_pipe *p, return true; } -bool test_many_LookupSids(struct dcerpc_pipe *p, +bool test_many_LookupSids(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -624,15 +624,15 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.out.count = &count; r.out.names = &names; r.out.domains = &domains; - + status = dcerpc_lsa_LookupSids(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("LookupSids failed - %s\n", nt_errstr(status)); return false; } - + printf("\n"); - + if (!test_LookupNames(p, tctx, handle, &names)) { return false; } @@ -646,7 +646,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, names.names = NULL; printf("\nTesting LookupSids3\n"); - + r.in.sids = &sids; r.in.names = &names; r.in.level = 1; @@ -656,7 +656,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.out.count = &count; r.out.names = &names; r.out.domains = &domains; - + status = dcerpc_lsa_LookupSids3(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) || @@ -664,7 +664,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, printf("not considering %s to be an error\n", nt_errstr(status)); return true; } - printf("LookupSids3 failed - %s\n", + printf("LookupSids3 failed - %s\n", nt_errstr(status)); return false; } @@ -738,7 +738,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, r[i].out.count = &count[i]; r[i].out.names = &names[i]; r[i].out.domains = &domains; - + req[i] = dcerpc_lsa_LookupSids_send(p, req, &r[i]); if (req[i] == NULL) { ret = false; @@ -762,7 +762,7 @@ static bool test_LookupSids_async(struct dcerpc_pipe *p, return ret; } -static bool test_LookupPrivValue(struct dcerpc_pipe *p, +static bool test_LookupPrivValue(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_String *name) @@ -784,7 +784,7 @@ static bool test_LookupPrivValue(struct dcerpc_pipe *p, return true; } -static bool test_LookupPrivName(struct dcerpc_pipe *p, +static bool test_LookupPrivName(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_LUID *luid) @@ -806,7 +806,7 @@ static bool test_LookupPrivName(struct dcerpc_pipe *p, return true; } -static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, +static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct policy_handle *acct_handle, @@ -831,10 +831,10 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, status = dcerpc_lsa_RemovePrivilegesFromAccount(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { - + struct lsa_LookupPrivName r_name; struct lsa_StringLarge *name = NULL; - + r_name.in.handle = handle; r_name.in.luid = luid; r_name.out.name = &name; @@ -849,7 +849,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, return ret; } - printf("RemovePrivilegesFromAccount failed to remove %s - %s\n", + printf("RemovePrivilegesFromAccount failed to remove %s - %s\n", name->string, nt_errstr(status)); return false; @@ -858,7 +858,7 @@ static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe *p, return ret; } -static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, +static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *acct_handle, struct lsa_LUID *luid) @@ -888,7 +888,7 @@ static bool test_AddPrivilegesToAccount(struct dcerpc_pipe *p, return ret; } -static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, +static bool test_EnumPrivsAccount(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct policy_handle *acct_handle) @@ -979,7 +979,7 @@ static bool test_GetSystemAccessAccount(struct dcerpc_pipe *p, return true; } -static bool test_Delete(struct dcerpc_pipe *p, +static bool test_Delete(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -998,7 +998,7 @@ static bool test_Delete(struct dcerpc_pipe *p, return true; } -static bool test_DeleteObject(struct dcerpc_pipe *p, +static bool test_DeleteObject(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -1019,7 +1019,7 @@ static bool test_DeleteObject(struct dcerpc_pipe *p, } -static bool test_CreateAccount(struct dcerpc_pipe *p, +static bool test_CreateAccount(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -1044,7 +1044,7 @@ static bool test_CreateAccount(struct dcerpc_pipe *p, r_o.in.sid = newsid; r_o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r_o.out.acct_handle = &acct_handle; - + status = dcerpc_lsa_OpenAccount(p, tctx, &r_o); if (!NT_STATUS_IS_OK(status)) { printf("OpenAccount failed - %s\n", nt_errstr(status)); @@ -1066,7 +1066,7 @@ static bool test_CreateAccount(struct dcerpc_pipe *p, return true; } -static bool test_DeleteTrustedDomain(struct dcerpc_pipe *p, +static bool test_DeleteTrustedDomain(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct lsa_StringLarge name) @@ -1097,7 +1097,7 @@ static bool test_DeleteTrustedDomain(struct dcerpc_pipe *p, return true; } -static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe *p, +static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct dom_sid *sid) @@ -1118,7 +1118,7 @@ static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe *p, } -static bool test_CreateSecret(struct dcerpc_pipe *p, +static bool test_CreateSecret(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -1157,97 +1157,97 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, for (i=0; i< 2; i++) { printf("\nTesting CreateSecret of %s\n", secname[i]); - + init_lsa_String(&r.in.name, secname[i]); - + r.in.handle = handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.sec_handle = &sec_handle; - + status = dcerpc_lsa_CreateSecret(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { printf("CreateSecret failed - %s\n", nt_errstr(status)); return false; } - + r.in.handle = handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.sec_handle = &sec_handle3; - + status = dcerpc_lsa_CreateSecret(p, tctx, &r); if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { printf("CreateSecret should have failed OBJECT_NAME_COLLISION - %s\n", nt_errstr(status)); return false; } - + r2.in.handle = handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r2.in.name = r.in.name; r2.out.sec_handle = &sec_handle2; - + printf("Testing OpenSecret\n"); - + status = dcerpc_lsa_OpenSecret(p, tctx, &r2); if (!NT_STATUS_IS_OK(status)) { printf("OpenSecret failed - %s\n", nt_errstr(status)); return false; } - + status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status)); return false; } - + enc_key = sess_encrypt_string(secret1, &session_key); - + r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; - + printf("Testing SetSecret\n"); - + status = dcerpc_lsa_SetSecret(p, tctx, &r3); if (!NT_STATUS_IS_OK(status)) { printf("SetSecret failed - %s\n", nt_errstr(status)); return false; } - + r3.in.sec_handle = &sec_handle; r3.in.new_val = &buf1; r3.in.old_val = NULL; r3.in.new_val->data = enc_key.data; r3.in.new_val->length = enc_key.length; r3.in.new_val->size = enc_key.length; - + /* break the encrypted data */ enc_key.data[0]++; printf("Testing SetSecret with broken key\n"); - + status = dcerpc_lsa_SetSecret(p, tctx, &r3); if (!NT_STATUS_EQUAL(status, NT_STATUS_UNKNOWN_REVISION)) { printf("SetSecret should have failed UNKNOWN_REVISION - %s\n", nt_errstr(status)); ret = false; } - + data_blob_free(&enc_key); - + ZERO_STRUCT(new_mtime); ZERO_STRUCT(old_mtime); - + /* fetch the secret back again */ r4.in.sec_handle = &sec_handle; r4.in.new_val = &bufp1; r4.in.new_mtime = &new_mtime; r4.in.old_val = NULL; r4.in.old_mtime = NULL; - + bufp1.buf = NULL; - + printf("Testing QuerySecret\n"); status = dcerpc_lsa_QuerySecret(p, tctx, &r4); if (!NT_STATUS_IS_OK(status)) { @@ -1260,22 +1260,22 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, } else { blob1.data = r4.out.new_val->buf->data; blob1.length = r4.out.new_val->buf->size; - + blob2 = data_blob_talloc(tctx, NULL, blob1.length); - + secret2 = sess_decrypt_string(tctx, &blob1, &session_key); - + if (strcmp(secret1, secret2) != 0) { - printf("Returned secret (r4) '%s' doesn't match '%s'\n", + printf("Returned secret (r4) '%s' doesn't match '%s'\n", secret2, secret1); ret = false; } } } - + enc_key = sess_encrypt_string(secret3, &session_key); - + r5.in.sec_handle = &sec_handle; r5.in.new_val = &buf1; r5.in.old_val = NULL; @@ -1286,28 +1286,28 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, msleep(200); printf("Testing SetSecret (existing value should move to old)\n"); - + status = dcerpc_lsa_SetSecret(p, tctx, &r5); if (!NT_STATUS_IS_OK(status)) { printf("SetSecret failed - %s\n", nt_errstr(status)); ret = false; } - + data_blob_free(&enc_key); - + ZERO_STRUCT(new_mtime); ZERO_STRUCT(old_mtime); - + /* fetch the secret back again */ r6.in.sec_handle = &sec_handle; r6.in.new_val = &bufp1; r6.in.new_mtime = &new_mtime; r6.in.old_val = &bufp2; r6.in.old_mtime = &old_mtime; - + bufp1.buf = NULL; bufp2.buf = NULL; - + status = dcerpc_lsa_QuerySecret(p, tctx, &r6); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecret failed - %s\n", nt_errstr(status)); @@ -1315,7 +1315,7 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, secret4 = NULL; } else { - if (r6.out.new_val->buf == NULL || r6.out.old_val->buf == NULL + if (r6.out.new_val->buf == NULL || r6.out.old_val->buf == NULL || r6.out.new_mtime == NULL || r6.out.old_mtime == NULL) { printf("Both secret buffers and both times not returned\n"); ret = false; @@ -1323,12 +1323,12 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, } else { blob1.data = r6.out.new_val->buf->data; blob1.length = r6.out.new_val->buf->size; - + blob2 = data_blob_talloc(tctx, NULL, blob1.length); - + secret4 = sess_decrypt_string(tctx, &blob1, &session_key); - + if (strcmp(secret3, secret4) != 0) { printf("Returned NEW secret %s doesn't match %s\n", secret4, secret3); ret = false; @@ -1336,19 +1336,19 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, blob1.data = r6.out.old_val->buf->data; blob1.length = r6.out.old_val->buf->length; - + blob2 = data_blob_talloc(tctx, NULL, blob1.length); - + secret2 = sess_decrypt_string(tctx, &blob1, &session_key); - + if (strcmp(secret1, secret2) != 0) { printf("Returned OLD secret %s doesn't match %s\n", secret2, secret1); ret = false; } - + if (*r6.out.new_mtime == *r6.out.old_mtime) { - printf("Returned secret (r6-%d) %s must not have same mtime for both secrets: %s != %s\n", + printf("Returned secret (r6-%d) %s must not have same mtime for both secrets: %s != %s\n", i, secname[i], nt_time_string(tctx, *r6.out.old_mtime), @@ -1359,34 +1359,34 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, } enc_key = sess_encrypt_string(secret5, &session_key); - + r7.in.sec_handle = &sec_handle; r7.in.old_val = &buf1; r7.in.old_val->data = enc_key.data; r7.in.old_val->length = enc_key.length; r7.in.old_val->size = enc_key.length; r7.in.new_val = NULL; - + printf("Testing SetSecret of old Secret only\n"); - + status = dcerpc_lsa_SetSecret(p, tctx, &r7); if (!NT_STATUS_IS_OK(status)) { printf("SetSecret failed - %s\n", nt_errstr(status)); ret = false; } - + data_blob_free(&enc_key); - + /* fetch the secret back again */ r8.in.sec_handle = &sec_handle; r8.in.new_val = &bufp1; r8.in.new_mtime = &new_mtime; r8.in.old_val = &bufp2; r8.in.old_mtime = &old_mtime; - + bufp1.buf = NULL; bufp2.buf = NULL; - + status = dcerpc_lsa_QuerySecret(p, tctx, &r8); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecret failed - %s\n", nt_errstr(status)); @@ -1407,19 +1407,19 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, } else { blob1.data = r8.out.old_val->buf->data; blob1.length = r8.out.old_val->buf->size; - + blob2 = data_blob_talloc(tctx, NULL, blob1.length); - + secret6 = sess_decrypt_string(tctx, &blob1, &session_key); - + if (strcmp(secret5, secret6) != 0) { printf("Returned OLD secret %s doesn't match %s\n", secret5, secret6); ret = false; } - + if (*r8.out.new_mtime != *r8.out.old_mtime) { - printf("Returned secret (r8) %s did not had same mtime for both secrets: %s != %s\n", + printf("Returned secret (r8) %s did not had same mtime for both secrets: %s != %s\n", secname[i], nt_time_string(tctx, *r8.out.old_mtime), nt_time_string(tctx, *r8.out.new_mtime)); @@ -1431,7 +1431,7 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, if (!test_Delete(p, tctx, &sec_handle)) { ret = false; } - + if (!test_DeleteObject(p, tctx, &sec_handle)) { return false; } @@ -1445,21 +1445,21 @@ static bool test_CreateSecret(struct dcerpc_pipe *p, } else { printf("Testing OpenSecret of just-deleted secret\n"); - + status = dcerpc_lsa_OpenSecret(p, tctx, &r2); if (!NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status)); ret = false; } } - + } return ret; } -static bool test_EnumAccountRights(struct dcerpc_pipe *p, +static bool test_EnumAccountRights(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *acct_handle, struct dom_sid *sid) @@ -1476,7 +1476,7 @@ static bool test_EnumAccountRights(struct dcerpc_pipe *p, status = dcerpc_lsa_EnumAccountRights(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("EnumAccountRights of %s failed - %s\n", + printf("EnumAccountRights of %s failed - %s\n", dom_sid_string(tctx, sid), nt_errstr(status)); return false; } @@ -1485,8 +1485,8 @@ static bool test_EnumAccountRights(struct dcerpc_pipe *p, } -static bool test_QuerySecurity(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_QuerySecurity(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle, struct policy_handle *acct_handle) { @@ -1514,7 +1514,7 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, return true; } -static bool test_OpenAccount(struct dcerpc_pipe *p, +static bool test_OpenAccount(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct dom_sid *sid) @@ -1551,7 +1551,7 @@ static bool test_OpenAccount(struct dcerpc_pipe *p, return true; } -static bool test_EnumAccounts(struct dcerpc_pipe *p, +static bool test_EnumAccounts(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -1604,7 +1604,7 @@ static bool test_EnumAccounts(struct dcerpc_pipe *p, if (sids1.num_sids < 3) { return ret; } - + printf("Trying EnumAccounts partial listing (asking for 1 at 2)\n"); resume_handle = 2; r.in.num_entries = 1; @@ -1638,7 +1638,7 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p, struct lsa_StringLarge *disp_name = NULL; printf("\nTesting LookupPrivDisplayName(%s)\n", priv_name->string); - + r.in.handle = handle; r.in.name = priv_name; r.in.language_id = language_id; @@ -1651,7 +1651,7 @@ static bool test_LookupPrivDisplayName(struct dcerpc_pipe *p, printf("LookupPrivDisplayName failed - %s\n", nt_errstr(status)); return false; } - printf("%s -> \"%s\" (language 0x%x/0x%x)\n", + printf("%s -> \"%s\" (language 0x%x/0x%x)\n", priv_name->string, disp_name->string, r.in.language_id, *r.out.returned_language_id); @@ -1668,9 +1668,9 @@ static bool test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, NTSTATUS status; ZERO_STRUCT(sids); - + printf("\nTesting EnumAccountsWithUserRight(%s)\n", priv_name->string); - + r.in.handle = handle; r.in.name = priv_name; r.out.sids = &sids; @@ -1686,7 +1686,7 @@ static bool test_EnumAccountsWithUserRight(struct dcerpc_pipe *p, printf("EnumAccountsWithUserRight failed - %s\n", nt_errstr(status)); return false; } - + return true; } @@ -1728,8 +1728,8 @@ static bool test_EnumPrivs(struct dcerpc_pipe *p, return ret; } -static bool test_QueryForestTrustInformation(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_QueryForestTrustInformation(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle, const char *trusted_domain_name) { @@ -1769,10 +1769,10 @@ static bool test_QueryForestTrustInformation(struct dcerpc_pipe *p, return ret; } -static bool test_query_each_TrustDomEx(struct dcerpc_pipe *p, +static bool test_query_each_TrustDomEx(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle, - struct lsa_DomainListEx *domains) + struct policy_handle *handle, + struct lsa_DomainListEx *domains) { int i; bool ret = true; @@ -1788,15 +1788,15 @@ static bool test_query_each_TrustDomEx(struct dcerpc_pipe *p, return ret; } -static bool test_query_each_TrustDom(struct dcerpc_pipe *p, +static bool test_query_each_TrustDom(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle, - struct lsa_DomainList *domains) + struct policy_handle *handle, + struct lsa_DomainList *domains) { NTSTATUS status; int i,j; bool ret = true; - + printf("\nTesting OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain\n"); for (i=0; i< domains->count; i++) { struct lsa_OpenTrustedDomain trust; @@ -1813,20 +1813,20 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, trust.in.sid = domains->domains[i].sid; trust.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; trust.out.trustdom_handle = &trustdom_handle; - + status = dcerpc_lsa_OpenTrustedDomain(p, tctx, &trust); - + if (!NT_STATUS_IS_OK(status)) { printf("OpenTrustedDomain failed - %s\n", nt_errstr(status)); return false; } - + c.in.handle = &trustdom_handle; c.out.handle = &handle2; - + c_trust.in.handle = &trustdom_handle; c_trust.out.handle = &handle2; - + for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info = NULL; @@ -1835,25 +1835,25 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status) && ok[j]) { - printf("QueryTrustedDomainInfo level %d failed - %s\n", + printf("QueryTrustedDomainInfo level %d failed - %s\n", levels[j], nt_errstr(status)); ret = false; } else if (NT_STATUS_IS_OK(status) && !ok[j]) { - printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n", + printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n", levels[j], nt_errstr(status)); ret = false; } } - + status = dcerpc_lsa_CloseTrustedDomainEx(p, tctx, &c_trust); if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)) { printf("Expected CloseTrustedDomainEx to return NT_STATUS_NOT_IMPLEMENTED, instead - %s\n", nt_errstr(status)); return false; } - + c.in.handle = &trustdom_handle; c.out.handle = &handle2; - + status = dcerpc_lsa_Close(p, tctx, &c); if (!NT_STATUS_IS_OK(status)) { printf("Close of trusted domain failed - %s\n", nt_errstr(status)); @@ -1863,11 +1863,11 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, for (j=0; j < ARRAY_SIZE(levels); j++) { struct lsa_QueryTrustedDomainInfoBySid q; union lsa_TrustedDomainInfo *info = NULL; - + if (!domains->domains[i].sid) { continue; } - + q.in.handle = handle; q.in.dom_sid = domains->domains[i].sid; q.in.level = levels[j]; @@ -1875,11 +1875,11 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q); if (!NT_STATUS_IS_OK(status) && ok[j]) { - printf("QueryTrustedDomainInfoBySid level %d failed - %s\n", + printf("QueryTrustedDomainInfoBySid level %d failed - %s\n", levels[j], nt_errstr(status)); ret = false; } else if (NT_STATUS_IS_OK(status) && !ok[j]) { - printf("QueryTrustedDomainInfoBySid level %d unexpectedly succeeded - %s\n", + printf("QueryTrustedDomainInfoBySid level %d unexpectedly succeeded - %s\n", levels[j], nt_errstr(status)); ret = false; } @@ -1890,9 +1890,9 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, trust_by_name.in.name.string = domains->domains[i].name.string; trust_by_name.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; trust_by_name.out.trustdom_handle = &trustdom_handle; - + status = dcerpc_lsa_OpenTrustedDomainByName(p, tctx, &trust_by_name); - + if (!NT_STATUS_IS_OK(status)) { printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status)); return false; @@ -1906,16 +1906,16 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status) && ok[j]) { - printf("QueryTrustedDomainInfo level %d failed - %s\n", + printf("QueryTrustedDomainInfo level %d failed - %s\n", levels[j], nt_errstr(status)); ret = false; } else if (NT_STATUS_IS_OK(status) && !ok[j]) { - printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n", + printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n", levels[j], nt_errstr(status)); ret = false; } } - + c.in.handle = &trustdom_handle; c.out.handle = &handle2; @@ -1938,11 +1938,11 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, q.out.info = &info; status = dcerpc_lsa_QueryTrustedDomainInfoByName(p, tctx, &q); if (!NT_STATUS_IS_OK(status) && ok[j]) { - printf("QueryTrustedDomainInfoByName level %d failed - %s\n", + printf("QueryTrustedDomainInfoByName level %d failed - %s\n", levels[j], nt_errstr(status)); ret = false; } else if (NT_STATUS_IS_OK(status) && !ok[j]) { - printf("QueryTrustedDomainInfoByName level %d unexpectedly succeeded - %s\n", + printf("QueryTrustedDomainInfoByName level %d unexpectedly succeeded - %s\n", levels[j], nt_errstr(status)); ret = false; } @@ -1951,7 +1951,7 @@ static bool test_query_each_TrustDom(struct dcerpc_pipe *p, return ret; } -static bool test_EnumTrustDom(struct dcerpc_pipe *p, +static bool test_EnumTrustDom(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -1970,9 +1970,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, r.in.max_size = 0; r.out.domains = &domains; r.out.resume_handle = &resume_handle; - + enum_status = dcerpc_lsa_EnumTrustDom(p, tctx, &r); - + if (NT_STATUS_IS_OK(enum_status)) { if (domains.count == 0) { printf("EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n"); @@ -1982,7 +1982,7 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, printf("EnumTrustDom of zero size failed - %s\n", nt_errstr(enum_status)); return false; } - + /* Start from the bottom again */ resume_handle = 0; @@ -1992,9 +1992,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, r.in.max_size = LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3; r.out.domains = &domains; r.out.resume_handle = &resume_handle; - + enum_status = dcerpc_lsa_EnumTrustDom(p, tctx, &r); - + /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { if (domains.count == 0) { @@ -2007,7 +2007,7 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, if (r.out.domains->count < 3 || r.out.domains->count > 4) { printf("EnumTrustDom didn't fill the buffer we " "asked it to (got %d, expected %d / %d == %d entries)\n", - r.out.domains->count, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3, + r.out.domains->count, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER * 3, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER, r.in.max_size); ret = false; } @@ -2015,14 +2015,14 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, printf("EnumTrustDom failed - %s\n", nt_errstr(enum_status)); return false; } - + if (domains.count == 0) { printf("EnumTrustDom failed - should have returned 'NT_STATUS_NO_MORE_ENTRIES' for 0 trusted domains\n"); return false; } ret &= test_query_each_TrustDom(p, tctx, handle, &domains); - + } while ((NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES))); printf("\nTesting EnumTrustedDomainsEx\n"); @@ -2032,14 +2032,14 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, r_ex.in.max_size = LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER * 3; r_ex.out.domains = &domains_ex; r_ex.out.resume_handle = &resume_handle; - + enum_status = dcerpc_lsa_EnumTrustedDomainsEx(p, tctx, &r_ex); - + if (!(NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES))) { printf("EnumTrustedDomainEx of zero size failed - %s\n", nt_errstr(enum_status)); return false; } - + resume_handle = 0; do { r_ex.in.handle = handle; @@ -2047,9 +2047,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, r_ex.in.max_size = LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER * 3; r_ex.out.domains = &domains_ex; r_ex.out.resume_handle = &resume_handle; - + enum_status = dcerpc_lsa_EnumTrustedDomainsEx(p, tctx, &r_ex); - + /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { if (domains_ex.count == 0) { @@ -2062,9 +2062,9 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, if (r_ex.out.domains->count < 3 || r_ex.out.domains->count > 4) { printf("EnumTrustDom didn't fill the buffer we " "asked it to (got %d, expected %d / %d == %d entries)\n", - r_ex.out.domains->count, + r_ex.out.domains->count, r_ex.in.max_size, - LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER, + LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER, r_ex.in.max_size / LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER); } } else if (!NT_STATUS_IS_OK(enum_status)) { @@ -2078,13 +2078,13 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, } ret &= test_query_each_TrustDomEx(p, tctx, handle, &domains_ex); - + } while ((NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES))); return ret; } -static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, +static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -2103,11 +2103,11 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, if (!test_EnumTrustDom(p, tctx, handle)) { ret = false; } - + for (i=0; i< 12; i++) { char *trust_name = talloc_asprintf(tctx, "torturedom%02d", i); char *trust_sid = talloc_asprintf(tctx, "S-1-5-21-97398-379795-100%02d", i); - + domsid[i] = dom_sid_parse_talloc(tctx, trust_sid); trustinfo.sid = domsid[i]; @@ -2117,7 +2117,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, r.in.info = &trustinfo; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.trustdom_handle = &trustdom_handle[i]; - + status = dcerpc_lsa_CreateTrustedDomain(p, tctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_COLLISION)) { test_DeleteTrustedDomain(p, tctx, handle, trustinfo.name); @@ -2127,7 +2127,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, printf("CreateTrustedDomain failed - %s\n", nt_errstr(status)); ret = false; } else { - + q.in.trustdom_handle = &trustdom_handle[i]; q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; q.out.info = &info; @@ -2144,17 +2144,17 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, ret = false; } if (info->info_ex.trust_type != LSA_TRUST_TYPE_DOWNLEVEL) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", trust_name, info->info_ex.trust_type, LSA_TRUST_TYPE_DOWNLEVEL); ret = false; } if (info->info_ex.trust_attributes != 0) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", trust_name, info->info_ex.trust_attributes, 0); ret = false; } if (info->info_ex.trust_direction != LSA_TRUST_DIRECTION_OUTBOUND) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", trust_name, info->info_ex.trust_direction, LSA_TRUST_DIRECTION_OUTBOUND); ret = false; } @@ -2166,7 +2166,7 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, if (!test_EnumTrustDom(p, tctx, handle)) { ret = false; } - + for (i=0; i<12; i++) { if (!test_DeleteTrustedDomainBySid(p, tctx, handle, domsid[i])) { ret = false; @@ -2176,8 +2176,8 @@ static bool test_CreateTrustedDomain(struct dcerpc_pipe *p, return ret; } -static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle) { NTSTATUS status; @@ -2202,7 +2202,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status)); return false; } - + for (i=0; i< 12; i++) { char *trust_name = talloc_asprintf(tctx, "torturedom%02d", i); char *trust_name_dns = talloc_asprintf(tctx, "torturedom%02d.samba.example.com", i); @@ -2260,7 +2260,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("CreateTrustedDomainEx failed2 - %s\n", nt_errstr(status)); ret = false; } else { - + q.in.trustdom_handle = &trustdom_handle[i]; q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; q.out.info = &info; @@ -2278,17 +2278,17 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, ret = false; } if (info->info_ex.trust_type != trustinfo.trust_type) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust type %d != %d\n", trust_name, info->info_ex.trust_type, trustinfo.trust_type); ret = false; } if (info->info_ex.trust_attributes != LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust attributes %d != %d\n", trust_name, info->info_ex.trust_attributes, LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION); ret = false; } if (info->info_ex.trust_direction != trustinfo.trust_direction) { - printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", + printf("QueryTrustedDomainInfo of %s returned incorrect trust direction %d != %d\n", trust_name, info->info_ex.trust_direction, trustinfo.trust_direction); ret = false; } @@ -2301,7 +2301,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("test_EnumTrustDom failed\n"); ret = false; } - + for (i=0; i<12; i++) { if (!test_DeleteTrustedDomainBySid(p, tctx, handle, domsid[i])) { printf("test_DeleteTrustedDomainBySid failed\n"); @@ -2312,8 +2312,8 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, return ret; } -static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle) { struct lsa_QueryDomainInformationPolicy r; @@ -2472,15 +2472,15 @@ static bool test_QueryInfoPolicyCalls( bool version2, return ret; } -static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle) { return test_QueryInfoPolicyCalls(false, p, tctx, handle); } -static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, - struct torture_context *tctx, +static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, + struct torture_context *tctx, struct policy_handle *handle) { return test_QueryInfoPolicyCalls(true, p, tctx, handle); @@ -2524,7 +2524,7 @@ static bool test_GetUserName(struct dcerpc_pipe *p, return ret; } -bool test_lsa_Close(struct dcerpc_pipe *p, +bool test_lsa_Close(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -2584,11 +2584,11 @@ bool torture_rpc_lsa(struct torture_context *tctx) } if (!test_LookupNames_wellknown(p, tctx, handle)) { ret = false; - } + } if (!test_LookupNames_bogus(p, tctx, handle)) { ret = false; - } + } if (!test_LookupSids_async(p, tctx, handle)) { ret = false; @@ -2597,11 +2597,11 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!test_QueryDomainInfoPolicy(p, tctx, handle)) { ret = false; } - + if (!test_CreateAccount(p, tctx, handle)) { ret = false; } - + if (!test_CreateSecret(p, tctx, handle)) { ret = false; } @@ -2616,31 +2616,31 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!test_EnumAccounts(p, tctx, handle)) { ret = false; } - + if (!test_EnumPrivs(p, tctx, handle)) { ret = false; } - + if (!test_QueryInfoPolicy(p, tctx, handle)) { ret = false; } - + if (!test_QueryInfoPolicy2(p, tctx, handle)) { ret = false; } - + if (!test_Delete(p, tctx, handle)) { ret = false; } - + if (!test_many_LookupSids(p, tctx, handle)) { ret = false; } - + if (!test_lsa_Close(p, tctx, handle)) { ret = false; } - + torture_leave_domain(tctx, join); } else { |