diff options
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/rpc/lsa.c | 83 |
1 files changed, 68 insertions, 15 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 8d2f266f40..464ea8df59 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -671,8 +671,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b, static bool test_LookupSids3(struct dcerpc_binding_handle *b, struct torture_context *tctx, - struct lsa_SidArray *sids, - bool test_fail) /* check if the tests fails! */ + struct lsa_SidArray *sids) { struct lsa_LookupSids3 r; struct lsa_TransNameArray2 names; @@ -696,23 +695,77 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b, torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids3_r(b, tctx, &r), "LookupSids3 failed"); + + torture_assert_ntstatus_ok(tctx, + r.out.result, + "LookupSids3 failed"); + + torture_comment(tctx, "\n"); + + return true; +} + +static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b, + struct torture_context *tctx, + struct lsa_SidArray *sids) +{ + struct lsa_LookupSids3 r; + struct lsa_TransNameArray2 names; + struct lsa_RefDomainList *domains = NULL; + uint32_t count = sids->num_sids; + NTSTATUS status; + + torture_comment(tctx, "\nTesting LookupSids3\n"); + + names.count = 0; + names.names = NULL; + + r.in.sids = sids; + r.in.names = &names; + r.in.level = 1; + r.in.count = &count; + r.in.lookup_options = 0; + r.in.client_revision = 0; + r.out.domains = &domains; + r.out.count = &count; + r.out.names = &names; + + status = dcerpc_lsa_LookupSids3_r(b, tctx, &r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + torture_comment(tctx, + "LookupSids3 correctly returned with " + "status: %s\n", + nt_errstr(status)); + return true; + } + + torture_assert_ntstatus_equal(tctx, + status, + NT_STATUS_ACCESS_DENIED, + "LookupSids3 return value should " + "be ACCESS_DENIED"); + return true; + } + if (!NT_STATUS_IS_OK(r.out.result)) { if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_ACCESS_DENIED) || NT_STATUS_EQUAL(r.out.result, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED)) { - if (test_fail) { - torture_comment(tctx, "not considering %s to be an error\n", - nt_errstr(r.out.result)); - return true; - } + torture_comment(tctx, + "LookupNames4 correctly returned with " + "result: %s\n", + nt_errstr(r.out.result)); + return true; } - torture_comment(tctx, "LookupSids3 failed - %s - not considered an error\n", - nt_errstr(r.out.result)); - return false; } - torture_comment(tctx, "\n"); + torture_assert_ntstatus_equal(tctx, + r.out.result, + NT_STATUS_OK, + "LookupSids3 return value should be " + "ACCESS_DENIED"); - return true; + return false; } bool test_many_LookupSids(struct dcerpc_pipe *p, @@ -774,7 +827,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, names.count = 0; names.names = NULL; - if (!test_LookupSids3(b, tctx, &sids, true)) { + if (!test_LookupSids3_fail(b, tctx, &sids)) { return false; } if (!test_LookupNames4(b, tctx, &names, false, true)) { @@ -788,7 +841,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (p->conn->security_state.auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL && p->conn->security_state.auth_info->auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) { - if (!test_LookupSids3(b, tctx, &sids, false)) { + if (!test_LookupSids3(b, tctx, &sids)) { return false; } if (!test_LookupNames4(b, tctx, &names, true, false)) { @@ -799,7 +852,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, * If we don't have a secure channel these tests must * fail with ACCESS_DENIED. */ - if (!test_LookupSids3(b, tctx, &sids, true)) { + if (!test_LookupSids3_fail(b, tctx, &sids)) { return false; } if (!test_LookupNames4(b, tctx, &names, false, true)) { |