/* Unix SMB/CIFS implementation. test suite for winreg rpc operations Copyright (C) Tim Potter 2003 Copyright (C) Jelmer Vernooij 2004-2007 Copyright (C) Günther Deschner 2007,2010 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include "includes.h" #include "librpc/gen_ndr/ndr_winreg_c.h" #include "librpc/gen_ndr/ndr_security.h" #include "libcli/security/security.h" #include "torture/rpc/torture_rpc.h" #include "param/param.h" #include "lib/registry/registry.h" #define TEST_KEY_BASE "winreg_torture_test" #define TEST_KEY1 "spottyfoot" #define TEST_KEY2 "with a SD (#1)" #define TEST_KEY3 "with a subkey" #define TEST_KEY4 "sd_tests" #define TEST_SUBKEY "subkey" #define TEST_SUBKEY_SD "subkey_sd" #define TEST_SUBSUBKEY_SD "subkey_sd\\subsubkey_sd" #define TEST_VALUE "torture_value_name" #define TEST_KEY_VOLATILE "torture_volatile_key" #define TEST_SUBKEY_VOLATILE "torture_volatile_subkey" #define TEST_KEY_SYMLINK "torture_symlink_key" #define TEST_KEY_SYMLINK_DEST "torture_symlink_dest" #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500" static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s) { name->string = s; } static void init_winreg_String(struct winreg_String *name, const char *s) { name->name = s; if (s) { name->name_len = 2 * (strlen_m(s) + 1); name->name_size = name->name_len; } else { name->name_len = 0; name->name_size = 0; } } static bool test_GetVersion(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { struct winreg_GetVersion r; uint32_t v; torture_comment(tctx, "Testing GetVersion\n"); ZERO_STRUCT(r); r.in.handle = handle; r.out.version = &v; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion_r(b, tctx, &r), "GetVersion failed"); torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed"); return true; } static bool test_NotifyChangeKeyValue(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { struct winreg_NotifyChangeKeyValue r; ZERO_STRUCT(r); r.in.handle = handle; r.in.watch_subtree = true; r.in.notify_filter = 0; r.in.unknown = r.in.unknown2 = 0; init_winreg_String(&r.in.string1, NULL); init_winreg_String(&r.in.string2, NULL); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_NotifyChangeKeyValue_r(b, tctx, &r), "NotifyChangeKeyValue failed"); if (!W_ERROR_IS_OK(r.out.result)) { torture_comment(tctx, "NotifyChangeKeyValue failed - %s - not considering\n", win_errstr(r.out.result)); return true; } return true; } static bool test_CreateKey_opts(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, const char *name, const char *kclass, uint32_t options, uint32_t access_mask, struct winreg_SecBuf *secdesc, WERROR expected_result, enum winreg_CreateAction *action_taken_p, struct policy_handle *new_handle_p) { struct winreg_CreateKey r; struct policy_handle newhandle; enum winreg_CreateAction action_taken = 0; torture_comment(tctx, "Testing CreateKey(%s)\n", name); ZERO_STRUCT(r); r.in.handle = handle; init_winreg_String(&r.in.name, name); init_winreg_String(&r.in.keyclass, kclass); r.in.options = options; r.in.access_mask = access_mask; r.in.action_taken = &action_taken; r.in.secdesc = secdesc; r.out.new_handle = &newhandle; r.out.action_taken = &action_taken; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey_r(b, tctx, &r), "CreateKey failed"); torture_assert_werr_equal(tctx, r.out.result, expected_result, "CreateKey failed"); if (new_handle_p) { *new_handle_p = newhandle; } if (action_taken_p) { *action_taken_p = *r.out.action_taken; } return true; } static bool test_CreateKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *name, const char *kclass) { return test_CreateKey_opts(tctx, b, handle, name, kclass, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, /* secdesc */ WERR_OK, NULL, /* action_taken */ NULL /* new_handle */); } /* createkey testing with a SD */ static bool test_CreateKey_sd(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *name, const char *kclass, struct policy_handle *newhandle) { struct winreg_CreateKey r; enum winreg_CreateAction action_taken = 0; struct security_descriptor *sd; DATA_BLOB sdblob; struct winreg_SecBuf secbuf; sd = security_descriptor_dacl_create(tctx, 0, NULL, NULL, SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_ALL, SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); torture_assert_ndr_success(tctx, ndr_push_struct_blob(&sdblob, tctx, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor), "Failed to push security_descriptor ?!\n"); secbuf.sd.data = sdblob.data; secbuf.sd.len = sdblob.length; secbuf.sd.size = sdblob.length; secbuf.length = sdblob.length-10; secbuf.inherit = 0; ZERO_STRUCT(r); r.in.handle = handle; r.out.new_handle = newhandle; init_winreg_String(&r.in.name, name); init_winreg_String(&r.in.keyclass, kclass); r.in.options = 0x0; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.in.action_taken = r.out.action_taken = &action_taken; r.in.secdesc = &secbuf; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey_r(b, tctx, &r), "CreateKey with sd failed"); torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed"); return true; } static bool _test_GetKeySecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, uint32_t *sec_info_ptr, WERROR get_werr, struct security_descriptor **sd_out) { struct winreg_GetKeySecurity r; struct security_descriptor *sd = NULL; uint32_t sec_info; DATA_BLOB sdblob; struct dcerpc_binding_handle *b = p->binding_handle; if (sec_info_ptr) { sec_info = *sec_info_ptr; } else { sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL; } ZERO_STRUCT(r); r.in.handle = handle; r.in.sec_info = sec_info; r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData); r.in.sd->size = 0x1000; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetKeySecurity_r(b, tctx, &r), "GetKeySecurity failed"); torture_assert_werr_equal(tctx, r.out.result, get_werr, "GetKeySecurity failed"); sdblob.data = r.out.sd->data; sdblob.length = r.out.sd->len; sd = talloc_zero(tctx, struct security_descriptor); torture_assert_ndr_success(tctx, ndr_pull_struct_blob(&sdblob, tctx, sd, (ndr_pull_flags_fn_t)ndr_pull_security_descriptor), "pull_security_descriptor failed"); if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) { NDR_PRINT_DEBUG(security_descriptor, sd); } if (sd_out) { *sd_out = sd; } else { talloc_free(sd); } return true; } static bool test_GetKeySecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct security_descriptor **sd_out) { return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out); } static bool _test_SetKeySecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, uint32_t *sec_info_ptr, struct security_descriptor *sd, WERROR werr) { struct winreg_SetKeySecurity r; struct KeySecurityData *sdata = NULL; DATA_BLOB sdblob; uint32_t sec_info; struct dcerpc_binding_handle *b = p->binding_handle; ZERO_STRUCT(r); if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) { NDR_PRINT_DEBUG(security_descriptor, sd); } torture_assert_ndr_success(tctx, ndr_push_struct_blob(&sdblob, tctx, sd, (ndr_push_flags_fn_t)ndr_push_security_descriptor), "push_security_descriptor failed"); sdata = talloc_zero(tctx, struct KeySecurityData); sdata->data = sdblob.data; sdata->size = sdblob.length; sdata->len = sdblob.length; if (sec_info_ptr) { sec_info = *sec_info_ptr; } else { sec_info = SECINFO_UNPROTECTED_SACL | SECINFO_UNPROTECTED_DACL; if (sd->owner_sid) { sec_info |= SECINFO_OWNER; } if (sd->group_sid) { sec_info |= SECINFO_GROUP; } if (sd->sacl) { sec_info |= SECINFO_SACL; } if (sd->dacl) { sec_info |= SECINFO_DACL; } } r.in.handle = handle; r.in.sec_info = sec_info; r.in.sd = sdata; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_SetKeySecurity_r(b, tctx, &r), "SetKeySecurity failed"); torture_assert_werr_equal(tctx, r.out.result, werr, "SetKeySecurity failed"); return true; } static bool test_SetKeySecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, struct security_descriptor *sd) { return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK); } static bool test_CloseKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { struct winreg_CloseKey r; ZERO_STRUCT(r); r.in.handle = r.out.handle = handle; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey_r(b, tctx, &r), "CloseKey failed"); torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed"); return true; } static bool test_FlushKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { struct winreg_FlushKey r; ZERO_STRUCT(r); r.in.handle = handle; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey_r(b, tctx, &r), "FlushKey failed"); torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed"); return true; } static bool test_OpenKey_opts(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *hive_handle, const char *keyname, uint32_t options, uint32_t access_mask, struct policy_handle *key_handle, WERROR expected_result) { struct winreg_OpenKey r; ZERO_STRUCT(r); r.in.parent_handle = hive_handle; init_winreg_String(&r.in.keyname, keyname); r.in.options = options; r.in.access_mask = access_mask; r.out.handle = key_handle; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey_r(b, tctx, &r), "OpenKey failed"); torture_assert_werr_equal(tctx, r.out.result, expected_result, "OpenKey failed"); return true; } static bool test_OpenKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *hive_handle, const char *keyname, struct policy_handle *key_handle) { return test_OpenKey_opts(tctx, b, hive_handle, keyname, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, key_handle, WERR_OK); } static bool test_Cleanup(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *key) { struct winreg_DeleteKey r; ZERO_STRUCT(r); r.in.handle = handle; init_winreg_String(&r.in.key, key); dcerpc_winreg_DeleteKey_r(b, tctx, &r); return true; } static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, WERROR get_werr, WERROR set_werr) { struct security_descriptor *sd = NULL; if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) { return false; } if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) { return false; } return true; } static bool test_SecurityDescriptor(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; torture_comment(tctx, "SecurityDescriptor get & set\n"); if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle, WERR_OK, WERR_OK)) { ret = false; } if (!test_CloseKey(b, tctx, &new_handle)) { return false; } return ret; } static bool _test_SecurityDescriptor(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, uint32_t access_mask, const char *key, WERROR open_werr, WERROR get_werr, WERROR set_werr) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, key, REG_OPTION_NON_VOLATILE, access_mask, &new_handle, open_werr), "failed to open key"); if (!W_ERROR_IS_OK(open_werr)) { return true; } if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle, get_werr, set_werr)) { ret = false; } if (!test_CloseKey(b, tctx, &new_handle)) { return false; } return ret; } static bool test_dacl_trustee_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct dom_sid *sid) { struct security_descriptor *sd = NULL; int i; if (!test_GetKeySecurity(p, tctx, handle, &sd)) { return false; } if (!sd || !sd->dacl) { return false; } for (i = 0; i < sd->dacl->num_aces; i++) { if (dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) { return true; } } return false; } static bool _test_dacl_trustee_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, const struct dom_sid *sid) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } ret = test_dacl_trustee_present(p, tctx, &new_handle, sid); test_CloseKey(b, tctx, &new_handle); return ret; } static bool test_sacl_trustee_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct dom_sid *sid) { struct security_descriptor *sd = NULL; int i; uint32_t sec_info = SECINFO_SACL; if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { return false; } if (!sd || !sd->sacl) { return false; } for (i = 0; i < sd->sacl->num_aces; i++) { if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) { return true; } } return false; } static bool _test_sacl_trustee_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, const struct dom_sid *sid) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, key, REG_OPTION_NON_VOLATILE, SEC_FLAG_SYSTEM_SECURITY, &new_handle, WERR_OK), "failed to open key"); ret = test_sacl_trustee_present(p, tctx, &new_handle, sid); test_CloseKey(b, tctx, &new_handle); return ret; } static bool test_owner_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct dom_sid *sid) { struct security_descriptor *sd = NULL; uint32_t sec_info = SECINFO_OWNER; if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { return false; } if (!sd || !sd->owner_sid) { return false; } return dom_sid_equal(sd->owner_sid, sid); } static bool _test_owner_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, const struct dom_sid *sid) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } ret = test_owner_present(p, tctx, &new_handle, sid); test_CloseKey(b, tctx, &new_handle); return ret; } static bool test_group_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct dom_sid *sid) { struct security_descriptor *sd = NULL; uint32_t sec_info = SECINFO_GROUP; if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) { return false; } if (!sd || !sd->group_sid) { return false; } return dom_sid_equal(sd->group_sid, sid); } static bool _test_group_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, const struct dom_sid *sid) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } ret = test_group_present(p, tctx, &new_handle, sid); test_CloseKey(b, tctx, &new_handle); return ret; } static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct dom_sid *sid, uint8_t flags) { struct security_descriptor *sd = NULL; int i; if (!test_GetKeySecurity(p, tctx, handle, &sd)) { return false; } if (!sd || !sd->dacl) { return false; } for (i = 0; i < sd->dacl->num_aces; i++) { if ((dom_sid_equal(&sd->dacl->aces[i].trustee, sid)) && (sd->dacl->aces[i].flags == flags)) { return true; } } return false; } static bool test_dacl_ace_present(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const struct security_ace *ace) { struct security_descriptor *sd = NULL; int i; if (!test_GetKeySecurity(p, tctx, handle, &sd)) { return false; } if (!sd || !sd->dacl) { return false; } for (i = 0; i < sd->dacl->num_aces; i++) { if (security_ace_equal(&sd->dacl->aces[i], ace)) { return true; } } return false; } static bool test_RestoreSecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, struct security_descriptor *sd) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) { ret = false; } if (!test_CloseKey(b, tctx, &new_handle)) { ret = false; } return ret; } static bool test_BackupSecurity(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, struct security_descriptor **sd) { struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) { ret = false; } if (!test_CloseKey(b, tctx, &new_handle)) { ret = false; } return ret; } static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { /* get sd add ace SEC_ACE_FLAG_CONTAINER_INHERIT set sd get sd check ace add subkey get sd check ace add subsubkey get sd check ace del subsubkey del subkey reset sd */ struct security_descriptor *sd = NULL; struct security_descriptor *sd_orig = NULL; struct security_ace *ace = NULL; struct policy_handle new_handle; bool ret = true; struct dcerpc_binding_handle *b = p->binding_handle; const char *test_subkey_sd; const char *test_subsubkey_sd; torture_comment(tctx, "SecurityDescriptor inheritance\n"); if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) { return false; } sd_orig = security_descriptor_copy(tctx, sd); if (sd_orig == NULL) { return false; } ace = security_ace_create(tctx, TEST_SID, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_STD_REQUIRED, SEC_ACE_FLAG_CONTAINER_INHERIT); torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add ace"); /* FIXME: add further tests for these flags */ sd->type |= SEC_DESC_DACL_AUTO_INHERIT_REQ | SEC_DESC_SACL_AUTO_INHERITED; if (!test_SetKeySecurity(p, tctx, &new_handle, sd)) { return false; } torture_assert(tctx, test_dacl_ace_present(p, tctx, &new_handle, ace), "new ACE not present!"); if (!test_CloseKey(b, tctx, &new_handle)) { return false; } test_subkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBKEY_SD); if (!test_CreateKey(b, tctx, handle, test_subkey_sd, NULL)) { ret = false; goto out; } if (!test_OpenKey(b, tctx, handle, test_subkey_sd, &new_handle)) { ret = false; goto out; } if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { torture_comment(tctx, "inherited ACE not present!\n"); ret = false; goto out; } test_subsubkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBSUBKEY_SD); test_CloseKey(b, tctx, &new_handle); if (!test_CreateKey(b, tctx, handle, test_subsubkey_sd, NULL)) { ret = false; goto out; } if (!test_OpenKey(b, tctx, handle, test_subsubkey_sd, &new_handle)) { ret = false; goto out; } if (!test_dacl_ace_present(p, tctx, &new_handle, ace)) { torture_comment(tctx, "inherited ACE not present!\n"); ret = false; goto out; } out: test_CloseKey(b, tctx, &new_handle); test_Cleanup(b, tctx, handle, test_subkey_sd); test_RestoreSecurity(p, tctx, handle, key, sd_orig); return ret; } static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { /* get sd add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT set sd add subkey/subkey get sd check ace get sd from subkey check ace del subkey/subkey del subkey reset sd */ struct security_descriptor *sd = NULL; struct security_descriptor *sd_orig = NULL; struct security_ace *ace = NULL; struct policy_handle new_handle; struct dom_sid *sid = NULL; bool ret = true; uint8_t ace_flags = 0x0; struct dcerpc_binding_handle *b = p->binding_handle; const char *test_subkey_sd; const char *test_subsubkey_sd; torture_comment(tctx, "SecurityDescriptor inheritance block\n"); if (!test_OpenKey(b, tctx, handle, key, &new_handle)) { return false; } if (!_test_GetKeySecurity(p, tctx, &new_handle, NULL, WERR_OK, &sd)) { return false; } sd_orig = security_descriptor_copy(tctx, sd); if (sd_orig == NULL) { return false; } ace = security_ace_create(tctx, TEST_SID, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_STD_REQUIRED, SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_NO_PROPAGATE_INHERIT); torture_assert_ntstatus_ok(tctx, security_descriptor_dacl_add(sd, ace), "failed to add ace"); if (!_test_SetKeySecurity(p, tctx, &new_handle, NULL, sd, WERR_OK)) { return false; } torture_assert(tctx, test_dacl_ace_present(p, tctx, &new_handle, ace), "new ACE not present!"); if (!test_CloseKey(b, tctx, &new_handle)) { return false; } test_subkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBKEY_SD); test_subsubkey_sd = talloc_asprintf(tctx, "%s\\%s", key, TEST_SUBSUBKEY_SD); if (!test_CreateKey(b, tctx, handle, test_subsubkey_sd, NULL)) { return false; } if (!test_OpenKey(b, tctx, handle, test_subsubkey_sd, &new_handle)) { ret = false; goto out; } if (test_dacl_ace_present(p, tctx, &new_handle, ace)) { torture_comment(tctx, "inherited ACE present but should not!\n"); ret = false; goto out; } sid = dom_sid_parse_talloc(tctx, TEST_SID); if (sid == NULL) { return false; } if (test_dacl_trustee_present(p, tctx, &new_handle, sid)) { torture_comment(tctx, "inherited trustee SID present but should not!\n"); ret = false; goto out; } test_CloseKey(b, tctx, &new_handle); if (!test_OpenKey(b, tctx, handle, test_subkey_sd, &new_handle)) { ret = false; goto out; } if (test_dacl_ace_present(p, tctx, &new_handle, ace)) { torture_comment(tctx, "inherited ACE present but should not!\n"); ret = false; goto out; } if (!test_dacl_trustee_flags_present(p, tctx, &new_handle, sid, ace_flags)) { torture_comment(tctx, "inherited trustee SID with flags 0x%02x not present!\n", ace_flags); ret = false; goto out; } out: test_CloseKey(b, tctx, &new_handle); test_Cleanup(b, tctx, handle, test_subkey_sd); test_RestoreSecurity(p, tctx, handle, key, sd_orig); return ret; } static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { bool ret = true; int i; struct winreg_mask_result_table { uint32_t access_mask; WERROR open_werr; WERROR get_werr; WERROR set_werr; } sd_mask_tests[] = { { 0, WERR_ACCESS_DENIED, WERR_BADFILE, WERR_FOOBAR }, { SEC_FLAG_MAXIMUM_ALLOWED, WERR_OK, WERR_OK, WERR_OK }, { SEC_STD_WRITE_DAC, WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR }, { SEC_FLAG_SYSTEM_SECURITY, WERR_OK, WERR_ACCESS_DENIED, WERR_FOOBAR } }; /* FIXME: before this test can ever run successfully we need a way to * correctly read a NULL security_descritpor in ndr, get the required * length, requery, etc. */ return true; for (i=0; i < ARRAY_SIZE(sd_mask_tests); i++) { torture_comment(tctx, "SecurityDescriptor get & set with access_mask: 0x%08x\n", sd_mask_tests[i].access_mask); torture_comment(tctx, "expecting: open %s, get: %s, set: %s\n", win_errstr(sd_mask_tests[i].open_werr), win_errstr(sd_mask_tests[i].get_werr), win_errstr(sd_mask_tests[i].set_werr)); if (_test_SecurityDescriptor(p, tctx, handle, sd_mask_tests[i].access_mask, key, sd_mask_tests[i].open_werr, sd_mask_tests[i].get_werr, sd_mask_tests[i].set_werr)) { ret = false; } } return ret; } typedef bool (*secinfo_verify_fn)(struct dcerpc_pipe *, struct torture_context *, struct policy_handle *, const char *, const struct dom_sid *); static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key, const char *test, uint32_t access_mask, uint32_t sec_info, struct security_descriptor *sd, WERROR set_werr, bool expect_present, bool (*fn) (struct dcerpc_pipe *, struct torture_context *, struct policy_handle *, const char *, const struct dom_sid *), const struct dom_sid *sid) { struct policy_handle new_handle; struct dcerpc_binding_handle *b = p->binding_handle; torture_comment(tctx, "SecurityDescriptor (%s) sets for secinfo: " "0x%08x, access_mask: 0x%08x\n", test, sec_info, access_mask); torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, key, REG_OPTION_NON_VOLATILE, access_mask, &new_handle, WERR_OK), "failed to open key"); if (!_test_SetKeySecurity(p, tctx, &new_handle, &sec_info, sd, set_werr)) { torture_warning(tctx, "SetKeySecurity with secinfo: 0x%08x has failed\n", sec_info); smb_panic(""); test_CloseKey(b, tctx, &new_handle); return false; } test_CloseKey(b, tctx, &new_handle); if (W_ERROR_IS_OK(set_werr)) { bool present; present = fn(p, tctx, handle, key, sid); if ((expect_present) && (!present)) { torture_warning(tctx, "%s sid is not present!\n", test); return false; } if ((!expect_present) && (present)) { torture_warning(tctx, "%s sid is present but not expected!\n", test); return false; } } return true; } static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { struct security_descriptor *sd_orig = NULL; struct dom_sid *sid = NULL; bool ret = true; int i, a; struct security_descriptor *sd_owner = security_descriptor_dacl_create(tctx, 0, TEST_SID, NULL, NULL); struct security_descriptor *sd_group = security_descriptor_dacl_create(tctx, 0, NULL, TEST_SID, NULL); struct security_descriptor *sd_dacl = security_descriptor_dacl_create(tctx, 0, NULL, NULL, TEST_SID, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_ALL, 0, SID_NT_AUTHENTICATED_USERS, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_GENERIC_ALL, 0, NULL); struct security_descriptor *sd_sacl = security_descriptor_sacl_create(tctx, 0, NULL, NULL, TEST_SID, SEC_ACE_TYPE_SYSTEM_AUDIT, SEC_GENERIC_ALL, SEC_ACE_FLAG_SUCCESSFUL_ACCESS, NULL); struct winreg_secinfo_table { struct security_descriptor *sd; uint32_t sec_info; WERROR set_werr; bool sid_present; secinfo_verify_fn fn; }; struct winreg_secinfo_table sec_info_owner_tests[] = { { sd_owner, 0, WERR_OK, false, (secinfo_verify_fn)_test_owner_present }, { sd_owner, SECINFO_OWNER, WERR_OK, true, (secinfo_verify_fn)_test_owner_present }, { sd_owner, SECINFO_GROUP, WERR_INVALID_PARAM }, { sd_owner, SECINFO_DACL, WERR_OK, true, (secinfo_verify_fn)_test_owner_present }, { sd_owner, SECINFO_SACL, WERR_ACCESS_DENIED }, }; uint32_t sd_owner_good_access_masks[] = { SEC_FLAG_MAXIMUM_ALLOWED, /* SEC_STD_WRITE_OWNER, */ }; struct winreg_secinfo_table sec_info_group_tests[] = { { sd_group, 0, WERR_OK, false, (secinfo_verify_fn)_test_group_present }, { sd_group, SECINFO_OWNER, WERR_INVALID_PARAM }, { sd_group, SECINFO_GROUP, WERR_OK, true, (secinfo_verify_fn)_test_group_present }, { sd_group, SECINFO_DACL, WERR_OK, true, (secinfo_verify_fn)_test_group_present }, { sd_group, SECINFO_SACL, WERR_ACCESS_DENIED }, }; uint32_t sd_group_good_access_masks[] = { SEC_FLAG_MAXIMUM_ALLOWED, }; struct winreg_secinfo_table sec_info_dacl_tests[] = { { sd_dacl, 0, WERR_OK, false, (secinfo_verify_fn)_test_dacl_trustee_present }, { sd_dacl, SECINFO_OWNER, WERR_INVALID_PARAM }, { sd_dacl, SECINFO_GROUP, WERR_INVALID_PARAM }, { sd_dacl, SECINFO_DACL, WERR_OK, true, (secinfo_verify_fn)_test_dacl_trustee_present }, { sd_dacl, SECINFO_SACL, WERR_ACCESS_DENIED }, }; uint32_t sd_dacl_good_access_masks[] = { SEC_FLAG_MAXIMUM_ALLOWED, SEC_STD_WRITE_DAC, }; struct winreg_secinfo_table sec_info_sacl_tests[] = { { sd_sacl, 0, WERR_OK, false, (secinfo_verify_fn)_test_sacl_trustee_present }, { sd_sacl, SECINFO_OWNER, WERR_INVALID_PARAM }, { sd_sacl, SECINFO_GROUP, WERR_INVALID_PARAM }, { sd_sacl, SECINFO_DACL, WERR_OK, false, (secinfo_verify_fn)_test_sacl_trustee_present }, { sd_sacl, SECINFO_SACL, WERR_OK, true, (secinfo_verify_fn)_test_sacl_trustee_present }, }; uint32_t sd_sacl_good_access_masks[] = { SEC_FLAG_MAXIMUM_ALLOWED | SEC_FLAG_SYSTEM_SECURITY, /* SEC_FLAG_SYSTEM_SECURITY, */ }; sid = dom_sid_parse_talloc(tctx, TEST_SID); if (sid == NULL) { return false; } if (!test_BackupSecurity(p, tctx, handle, key, &sd_orig)) { return false; } /* OWNER */ for (i=0; i < ARRAY_SIZE(sec_info_owner_tests); i++) { for (a=0; a < ARRAY_SIZE(sd_owner_good_access_masks); a++) { if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle, key, "OWNER", sd_owner_good_access_masks[a], sec_info_owner_tests[i].sec_info, sec_info_owner_tests[i].sd, sec_info_owner_tests[i].set_werr, sec_info_owner_tests[i].sid_present, sec_info_owner_tests[i].fn, sid)) { torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for OWNER\n"); ret = false; goto out; } } } /* GROUP */ for (i=0; i < ARRAY_SIZE(sec_info_group_tests); i++) { for (a=0; a < ARRAY_SIZE(sd_group_good_access_masks); a++) { if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle, key, "GROUP", sd_group_good_access_masks[a], sec_info_group_tests[i].sec_info, sec_info_group_tests[i].sd, sec_info_group_tests[i].set_werr, sec_info_group_tests[i].sid_present, sec_info_group_tests[i].fn, sid)) { torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for GROUP\n"); ret = false; goto out; } } } /* DACL */ for (i=0; i < ARRAY_SIZE(sec_info_dacl_tests); i++) { for (a=0; a < ARRAY_SIZE(sd_dacl_good_access_masks); a++) { if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle, key, "DACL", sd_dacl_good_access_masks[a], sec_info_dacl_tests[i].sec_info, sec_info_dacl_tests[i].sd, sec_info_dacl_tests[i].set_werr, sec_info_dacl_tests[i].sid_present, sec_info_dacl_tests[i].fn, sid)) { torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for DACL\n"); ret = false; goto out; } } } /* SACL */ for (i=0; i < ARRAY_SIZE(sec_info_sacl_tests); i++) { for (a=0; a < ARRAY_SIZE(sd_sacl_good_access_masks); a++) { if (!test_SetSecurityDescriptor_SecInfo(p, tctx, handle, key, "SACL", sd_sacl_good_access_masks[a], sec_info_sacl_tests[i].sec_info, sec_info_sacl_tests[i].sd, sec_info_sacl_tests[i].set_werr, sec_info_sacl_tests[i].sid_present, sec_info_sacl_tests[i].fn, sid)) { torture_comment(tctx, "test_SetSecurityDescriptor_SecInfo failed for SACL\n"); ret = false; goto out; } } } out: test_RestoreSecurity(p, tctx, handle, key, sd_orig); return ret; } static bool test_SecurityDescriptors(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, const char *key) { bool ret = true; if (!test_SecurityDescriptor(p, tctx, handle, key)) { torture_comment(tctx, "test_SecurityDescriptor failed\n"); ret = false; } if (!test_SecurityDescriptorInheritance(p, tctx, handle, key)) { torture_comment(tctx, "test_SecurityDescriptorInheritance failed\n"); ret = false; } if (!test_SecurityDescriptorBlockInheritance(p, tctx, handle, key)) { torture_comment(tctx, "test_SecurityDescriptorBlockInheritance failed\n"); ret = false; } if (!test_SecurityDescriptorsSecInfo(p, tctx, handle, key)) { torture_comment(tctx, "test_SecurityDescriptorsSecInfo failed\n"); ret = false; } if (!test_SecurityDescriptorsMasks(p, tctx, handle, key)) { torture_comment(tctx, "test_SecurityDescriptorsMasks failed\n"); ret = false; } return ret; } static bool test_DeleteKey_opts(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *key, WERROR expected_result) { struct winreg_DeleteKey r; torture_comment(tctx, "Testing DeleteKey(%s)\n", key); r.in.handle = handle; init_winreg_String(&r.in.key, key); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteKey_r(b, tctx, &r), "Delete Key failed"); torture_assert_werr_equal(tctx, r.out.result, expected_result, "DeleteKey failed"); return true; } static bool test_DeleteKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *key) { return test_DeleteKey_opts(b, tctx, handle, key, WERR_OK); } static bool test_QueryInfoKey(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, char *kclass, uint32_t *pmax_valnamelen, uint32_t *pmax_valbufsize) { struct winreg_QueryInfoKey r; uint32_t num_subkeys, max_subkeylen, max_classlen, num_values, max_valnamelen, max_valbufsize, secdescsize; NTTIME last_changed_time; ZERO_STRUCT(r); r.in.handle = handle; r.out.num_subkeys = &num_subkeys; r.out.max_subkeylen = &max_subkeylen; r.out.max_classlen = &max_classlen; r.out.num_values = &num_values; r.out.max_valnamelen = &max_valnamelen; r.out.max_valbufsize = &max_valbufsize; r.out.secdescsize = &secdescsize; r.out.last_changed_time = &last_changed_time; r.out.classname = talloc(tctx, struct winreg_String); r.in.classname = talloc(tctx, struct winreg_String); init_winreg_String(r.in.classname, kclass); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryInfoKey_r(b, tctx, &r), "QueryInfoKey failed"); torture_assert_werr_ok(tctx, r.out.result, "QueryInfoKey failed"); if (pmax_valnamelen) { *pmax_valnamelen = max_valnamelen; } if (pmax_valbufsize) { *pmax_valbufsize = max_valbufsize; } return true; } static bool test_SetValue(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *value_name, enum winreg_Type type, uint8_t *data, uint32_t size) { struct winreg_SetValue r; struct winreg_String name; torture_comment(tctx, "Testing SetValue(%s), type: %s, offered: 0x%08x)\n", value_name, str_regtype(type), size); init_winreg_String(&name, value_name); r.in.handle = handle; r.in.name = name; r.in.type = type; r.in.data = data; r.in.size = size; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_SetValue_r(b, tctx, &r), "winreg_SetValue failed"); torture_assert_werr_ok(tctx, r.out.result, "winreg_SetValue failed"); return true; } static bool test_DeleteValue(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *value_name) { struct winreg_DeleteValue r; struct winreg_String value; torture_comment(tctx, "Testing DeleteValue(%s)\n", value_name); init_winreg_String(&value, value_name); r.in.handle = handle; r.in.value = value; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_DeleteValue_r(b, tctx, &r), "winreg_DeleteValue failed"); torture_assert_werr_ok(tctx, r.out.result, "winreg_DeleteValue failed"); return true; } static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, int depth, bool test_security); static bool test_EnumKey(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, int depth, bool test_security) { struct winreg_EnumKey r; struct winreg_StringBuf kclass, name; NTSTATUS status; NTTIME t = 0; struct dcerpc_binding_handle *b = p->binding_handle; kclass.name = ""; kclass.size = 1024; ZERO_STRUCT(r); r.in.handle = handle; r.in.enum_index = 0; r.in.name = &name; r.in.keyclass = &kclass; r.out.name = &name; r.in.last_changed_time = &t; do { name.name = NULL; name.size = 1024; status = dcerpc_winreg_EnumKey_r(b, tctx, &r); if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) { struct policy_handle key_handle; torture_comment(tctx, "EnumKey: %d: %s\n", r.in.enum_index, r.out.name->name); if (!test_OpenKey(b, tctx, handle, r.out.name->name, &key_handle)) { } else { test_key(p, tctx, &key_handle, depth + 1, test_security); } } r.in.enum_index++; } while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)); torture_assert_ntstatus_ok(tctx, status, "EnumKey failed"); if (!W_ERROR_IS_OK(r.out.result) && !W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) { torture_fail(tctx, "EnumKey failed"); } return true; } static bool test_QueryMultipleValues(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *valuename) { struct winreg_QueryMultipleValues r; uint32_t bufsize=0; ZERO_STRUCT(r); r.in.key_handle = handle; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 1); r.in.values_in[0].ve_valuename = talloc(tctx, struct winreg_ValNameBuf); r.in.values_in[0].ve_valuename->name = valuename; /* size needs to be set manually for winreg_ValNameBuf */ r.in.values_in[0].ve_valuename->size = strlen_m_term(valuename)*2; r.in.num_values = 1; r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t); *r.in.buffer_size = bufsize; do { *r.in.buffer_size = bufsize; r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.buffer_size); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r), "QueryMultipleValues failed"); talloc_free(r.in.buffer); bufsize += 0x20; } while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)); torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed"); return true; } static bool test_QueryMultipleValues_full(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, uint32_t num_values, const char * const *valuenames, bool existing_value) { struct winreg_QueryMultipleValues r; uint32_t bufsize = 0; int i; torture_comment(tctx, "Testing QueryMultipleValues\n"); ZERO_STRUCT(r); r.in.key_handle = handle; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 0); r.in.buffer_size = r.out.buffer_size = &bufsize; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r), "QueryMultipleValues failed"); torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed"); /* this test crashes w2k8 remote registry */ #if 0 r.in.num_values = num_values; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r), "QueryMultipleValues failed"); torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed"); #endif r.in.num_values = num_values; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values); for (i=0; i < r.in.num_values; i++) { r.in.values_in[i].ve_valuename = talloc_zero(tctx, struct winreg_ValNameBuf); r.in.values_in[i].ve_valuename->name = talloc_strdup(tctx, valuenames[i]); r.in.values_in[i].ve_valuename->size = strlen_m_term(r.in.values_in[i].ve_valuename->name)*2; } torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r), "QueryMultipleValues failed"); torture_assert_werr_equal(tctx, r.out.result, existing_value ? WERR_MORE_DATA : WERR_BADFILE, "QueryMultipleValues failed"); if (W_ERROR_EQUAL(r.out.result, WERR_BADFILE)) { return true; } if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { *r.in.buffer_size = 0xff; r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.buffer_size); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues_r(b, tctx, &r), "QueryMultipleValues failed"); } torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed"); return true; } static bool test_QueryMultipleValues2_full(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, uint32_t num_values, const char * const *valuenames, bool existing_value) { struct winreg_QueryMultipleValues2 r; uint32_t offered = 0, needed; int i; torture_comment(tctx, "Testing QueryMultipleValues2\n"); ZERO_STRUCT(r); r.in.key_handle = handle; r.in.offered = &offered; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 0); r.out.needed = &needed; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues2 failed"); /* this test crashes w2k8 remote registry */ #if 0 r.in.num_values = num_values; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues2 failed"); #endif r.in.num_values = num_values; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, num_values); for (i=0; i < r.in.num_values; i++) { r.in.values_in[i].ve_valuename = talloc_zero(tctx, struct winreg_ValNameBuf); r.in.values_in[i].ve_valuename->name = talloc_strdup(tctx, valuenames[i]); r.in.values_in[i].ve_valuename->size = strlen_m_term(r.in.values_in[i].ve_valuename->name)*2; } torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); torture_assert_werr_equal(tctx, r.out.result, existing_value ? WERR_MORE_DATA : WERR_BADFILE, "QueryMultipleValues2 failed"); if (W_ERROR_EQUAL(r.out.result, WERR_BADFILE)) { return true; } if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { *r.in.offered = *r.out.needed; r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.offered); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); } torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues2 failed"); return true; } static bool test_QueryMultipleValues2(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *valuename) { struct winreg_QueryMultipleValues2 r; uint32_t offered = 0, needed; ZERO_STRUCT(r); r.in.key_handle = handle; r.in.values_in = r.out.values_out = talloc_zero_array(tctx, struct QueryMultipleValue, 1); r.in.values_in[0].ve_valuename = talloc(tctx, struct winreg_ValNameBuf); r.in.values_in[0].ve_valuename->name = valuename; /* size needs to be set manually for winreg_ValNameBuf */ r.in.values_in[0].ve_valuename->size = strlen_m_term(valuename)*2; r.in.num_values = 1; r.in.offered = &offered; r.out.needed = &needed; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { *r.in.offered = *r.out.needed; r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t, *r.in.offered); torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryMultipleValues2_r(b, tctx, &r), "QueryMultipleValues2 failed"); } torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues2 failed"); return true; } static bool test_QueryValue(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *valuename) { struct winreg_QueryValue r; NTSTATUS status; enum winreg_Type zero_type = 0; uint32_t offered = 0xfff; uint32_t zero = 0; ZERO_STRUCT(r); r.in.handle = handle; r.in.data = NULL; r.in.value_name = talloc_zero(tctx, struct winreg_String); r.in.value_name->name = valuename; r.in.type = &zero_type; r.in.data_size = &offered; r.in.data_length = &zero; status = dcerpc_winreg_QueryValue_r(b, tctx, &r); if (NT_STATUS_IS_ERR(status)) { torture_fail(tctx, "QueryValue failed"); } torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed"); return true; } static bool test_QueryValue_full(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, const char *valuename, bool existing_value) { struct winreg_QueryValue r; struct winreg_String value_name; enum winreg_Type type = REG_NONE; uint32_t data_size = 0; uint32_t real_data_size = 0; uint32_t data_length = 0; uint8_t *data = NULL; WERROR expected_error = WERR_BADFILE; const char *errmsg_nonexisting = "expected WERR_BADFILE for nonexisting value"; if (valuename == NULL) { expected_error = WERR_INVALID_PARAM; errmsg_nonexisting = "expected WERR_INVALID_PARAM for NULL valuename"; } ZERO_STRUCT(r); init_winreg_String(&value_name, NULL); torture_comment(tctx, "Testing QueryValue(%s)\n", valuename); r.in.handle = handle; r.in.value_name = &value_name; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "expected WERR_INVALID_PARAM for NULL winreg_String.name"); init_winreg_String(&value_name, valuename); r.in.value_name = &value_name; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "expected WERR_INVALID_PARAM for missing type length and size"); r.in.type = &type; r.out.type = &type; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "expected WERR_INVALID_PARAM for missing length and size"); r.in.data_length = &data_length; r.out.data_length = &data_length; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); torture_assert_werr_equal(tctx, r.out.result, WERR_INVALID_PARAM, "expected WERR_INVALID_PARAM for missing size"); r.in.data_size = &data_size; r.out.data_size = &data_size; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); if (existing_value) { torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed"); } else { torture_assert_werr_equal(tctx, r.out.result, expected_error, errmsg_nonexisting); } real_data_size = *r.out.data_size; data = talloc_zero_array(tctx, uint8_t, 0); r.in.data = data; r.out.data = data; *r.in.data_size = 0; *r.out.data_size = 0; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); if (existing_value) { torture_assert_werr_equal(tctx, r.out.result, WERR_MORE_DATA, "expected WERR_MORE_DATA for query with too small buffer"); } else { torture_assert_werr_equal(tctx, r.out.result, expected_error, errmsg_nonexisting); } data = talloc_zero_array(tctx, uint8_t, real_data_size); r.in.data = data; r.out.data = data; r.in.data_size = &real_data_size; r.out.data_size = &real_data_size; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_QueryValue_r(b, tctx, &r), "QueryValue failed"); if (existing_value) { torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed"); } else { torture_assert_werr_equal(tctx, r.out.result, expected_error, errmsg_nonexisting); } return true; } static bool test_EnumValue(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, int max_valnamelen, int max_valbufsize) { struct winreg_EnumValue r; enum winreg_Type type = 0; uint32_t size = max_valbufsize, zero = 0; bool ret = true; uint8_t *data = NULL; struct winreg_ValNameBuf name; char n = '\0'; ZERO_STRUCT(r); r.in.handle = handle; r.in.enum_index = 0; r.in.name = &name; r.out.name = &name; r.in.type = &type; r.in.length = &zero; r.in.size = &size; do { name.name = &n; name.size = max_valnamelen + 2; name.length = 0; data = NULL; if (size) { data = (uint8_t *) talloc_array(tctx, uint8_t *, size); } r.in.value = data; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_EnumValue_r(b, tctx, &r), "EnumValue failed"); if (W_ERROR_IS_OK(r.out.result)) { ret &= test_QueryValue(b, tctx, handle, r.out.name->name); ret &= test_QueryMultipleValues(b, tctx, handle, r.out.name->name); ret &= test_QueryMultipleValues2(b, tctx, handle, r.out.name->name); } talloc_free(data); r.in.enum_index++; } while (W_ERROR_IS_OK(r.out.result)); torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS, "EnumValue failed"); return ret; } static bool test_AbortSystemShutdown(struct dcerpc_binding_handle *b, struct torture_context *tctx) { struct winreg_AbortSystemShutdown r; uint16_t server = 0x0; ZERO_STRUCT(r); r.in.server = &server; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_AbortSystemShutdown_r(b, tctx, &r), "AbortSystemShutdown failed"); torture_assert_werr_ok(tctx, r.out.result, "AbortSystemShutdown failed"); return true; } static bool test_InitiateSystemShutdown(struct torture_context *tctx, struct dcerpc_pipe *p) { struct winreg_InitiateSystemShutdown r; uint16_t hostname = 0x0; struct dcerpc_binding_handle *b = p->binding_handle; ZERO_STRUCT(r); r.in.hostname = &hostname; r.in.message = talloc(tctx, struct lsa_StringLarge); init_lsa_StringLarge(r.in.message, "spottyfood"); r.in.force_apps = 1; r.in.timeout = 30; r.in.do_reboot = 1; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_InitiateSystemShutdown_r(b, tctx, &r), "InitiateSystemShutdown failed"); torture_assert_werr_ok(tctx, r.out.result, "InitiateSystemShutdown failed"); return test_AbortSystemShutdown(b, tctx); } static bool test_InitiateSystemShutdownEx(struct torture_context *tctx, struct dcerpc_pipe *p) { struct winreg_InitiateSystemShutdownEx r; uint16_t hostname = 0x0; struct dcerpc_binding_handle *b = p->binding_handle; ZERO_STRUCT(r); r.in.hostname = &hostname; r.in.message = talloc(tctx, struct lsa_StringLarge); init_lsa_StringLarge(r.in.message, "spottyfood"); r.in.force_apps = 1; r.in.timeout = 30; r.in.do_reboot = 1; r.in.reason = 0; torture_assert_ntstatus_ok(tctx, dcerpc_winreg_InitiateSystemShutdownEx_r(b, tctx, &r), "InitiateSystemShutdownEx failed"); torture_assert_werr_ok(tctx, r.out.result, "InitiateSystemShutdownEx failed"); return test_AbortSystemShutdown(b, tctx); } #define MAX_DEPTH 2 /* Only go this far down the tree */ static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle, int depth, bool test_security) { struct dcerpc_binding_handle *b = p->binding_handle; uint32_t max_valnamelen = 0; uint32_t max_valbufsize = 0; if (depth == MAX_DEPTH) return true; if (!test_QueryInfoKey(b, tctx, handle, NULL, &max_valnamelen, &max_valbufsize)) { } if (!test_NotifyChangeKeyValue(b, tctx, handle)) { } if (test_security && !test_GetKeySecurity(p, tctx, handle, NULL)) { } if (!test_EnumKey(p, tctx, handle, depth, test_security)) { } if (!test_EnumValue(b, tctx, handle, max_valnamelen, max_valbufsize)) { } if (!test_EnumValue(b, tctx, handle, max_valnamelen, 0xFFFF)) { } test_CloseKey(b, tctx, handle); return true; } static bool test_SetValue_simple(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { const char *value_name = TEST_VALUE; uint32_t value = 0x12345678; uint64_t value2 = 0x12345678; const char *string = "torture"; const char *array[2]; DATA_BLOB blob; enum winreg_Type types[] = { REG_DWORD, REG_DWORD_BIG_ENDIAN, REG_QWORD, REG_BINARY, REG_SZ, REG_MULTI_SZ }; int t; array[0] = "array0"; array[1] = NULL; torture_comment(tctx, "Testing SetValue (standard formats)\n"); for (t=0; t < ARRAY_SIZE(types); t++) { enum winreg_Type w_type; uint32_t w_size, w_length; uint8_t *w_data; switch (types[t]) { case REG_DWORD: case REG_DWORD_BIG_ENDIAN: blob = data_blob_talloc_zero(tctx, 4); SIVAL(blob.data, 0, value); break; case REG_QWORD: blob = data_blob_talloc_zero(tctx, 8); SBVAL(blob.data, 0, value2); break; case REG_BINARY: blob = data_blob_string_const("binary_blob"); break; case REG_SZ: torture_assert(tctx, push_reg_sz(tctx, &blob, string), "failed to push REG_SZ"); break; case REG_MULTI_SZ: torture_assert(tctx, push_reg_multi_sz(tctx, &blob, array), "failed to push REG_MULTI_SZ"); break; default: break; } torture_assert(tctx, test_SetValue(b, tctx, handle, value_name, types[t], blob.data, blob.length), "test_SetValue failed"); torture_assert(tctx, test_QueryValue_full(b, tctx, handle, value_name, true), talloc_asprintf(tctx, "test_QueryValue_full for %s value failed", value_name)); torture_assert(tctx, test_winreg_QueryValue(tctx, b, handle, value_name, &w_type, &w_size, &w_length, &w_data), "test_winreg_QueryValue failed"); torture_assert(tctx, test_DeleteValue(b, tctx, handle, value_name), "test_DeleteValue failed"); torture_assert_int_equal(tctx, w_type, types[t], "winreg type mismatch"); torture_assert_int_equal(tctx, w_size, blob.length, "winreg size mismatch"); torture_assert_int_equal(tctx, w_length, blob.length, "winreg length mismatch"); torture_assert_mem_equal(tctx, w_data, blob.data, blob.length, "winreg buffer mismatch"); } torture_comment(tctx, "Testing SetValue (standard formats) succeeded\n"); return true; } static bool test_SetValue_values(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { DATA_BLOB blob; const char *values[] = { "torture_value", "torture value", "torture,value", "torture;value", "torture/value", "torture\\value", "torture_value_name", "torture value name", "torture,value,name", "torture;value;name", "torture/value/name", "torture\\value\\name", }; int i; torture_comment(tctx, "Testing SetValue (values)\n"); for (i=0; i < ARRAY_SIZE(values); i++) { enum winreg_Type w_type; uint32_t w_size, w_length; uint8_t *w_data; blob = data_blob_talloc(tctx, NULL, 32); generate_random_buffer(blob.data, 32); torture_assert(tctx, test_SetValue(b, tctx, handle, values[i], REG_BINARY, blob.data, blob.length), "test_SetValue failed"); torture_assert(tctx, test_QueryValue_full(b, tctx, handle, values[i], true), talloc_asprintf(tctx, "test_QueryValue_full for %s value failed", values[i])); torture_assert(tctx, test_winreg_QueryValue(tctx, b, handle, values[i], &w_type, &w_size, &w_length, &w_data), "test_winreg_QueryValue failed"); torture_assert(tctx, test_DeleteValue(b, tctx, handle, values[i]), "test_DeleteValue failed"); torture_assert_int_equal(tctx, w_type, REG_BINARY, "winreg type mismatch"); torture_assert_int_equal(tctx, w_size, blob.length, "winreg size mismatch"); torture_assert_int_equal(tctx, w_length, blob.length, "winreg length mismatch"); torture_assert_mem_equal(tctx, w_data, blob.data, blob.length, "winreg buffer mismatch"); } torture_comment(tctx, "Testing SetValue (values) succeeded\n"); return true; } typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_binding_handle *, TALLOC_CTX *, void *); static bool test_SetValue_extended(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { const char *value_name = TEST_VALUE; enum winreg_Type types[] = { REG_NONE, REG_SZ, REG_EXPAND_SZ, REG_BINARY, REG_DWORD, REG_DWORD_BIG_ENDIAN, REG_LINK, REG_MULTI_SZ, REG_RESOURCE_LIST, REG_FULL_RESOURCE_DESCRIPTOR, REG_RESOURCE_REQUIREMENTS_LIST, REG_QWORD, 12, 13, 14, 55, 123456, 653210, __LINE__ }; int t, l; if (torture_setting_bool(tctx, "samba4", false)) { torture_skip(tctx, "skipping extended SetValue test against Samba4"); } torture_comment(tctx, "Testing SetValue (extended formats)\n"); for (t=0; t < ARRAY_SIZE(types); t++) { for (l=0; l < 16; l++) { enum winreg_Type w_type; uint32_t w_size, w_length; uint8_t *w_data; uint32_t size; uint8_t *data; size = l; data = talloc_array(tctx, uint8_t, size); generate_random_buffer(data, size); torture_assert(tctx, test_SetValue(b, tctx, handle, value_name, types[t], data, size), "test_SetValue failed"); torture_assert(tctx, test_winreg_QueryValue(tctx, b, handle, value_name, &w_type, &w_size, &w_length, &w_data), "test_winreg_QueryValue failed"); torture_assert(tctx, test_DeleteValue(b, tctx, handle, value_name), "test_DeleteValue failed"); torture_assert_int_equal(tctx, w_type, types[t], "winreg type mismatch"); torture_assert_int_equal(tctx, w_size, size, "winreg size mismatch"); torture_assert_int_equal(tctx, w_length, size, "winreg length mismatch"); torture_assert_mem_equal(tctx, w_data, data, size, "winreg buffer mismatch"); } } torture_comment(tctx, "Testing SetValue (extended formats) succeeded\n"); return true; } static bool test_create_keynames(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle) { const char *keys[] = { "torture_key", "torture key", "torture,key", "torture/key", "torture\\key", }; int i; for (i=0; i < ARRAY_SIZE(keys); i++) { enum winreg_CreateAction action_taken; struct policy_handle new_handle; char *q, *tmp; torture_assert(tctx, test_CreateKey_opts(tctx, b, handle, keys[i], NULL, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_OK, &action_taken, &new_handle), talloc_asprintf(tctx, "failed to create '%s' key", keys[i])); torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action"); torture_assert(tctx, test_DeleteKey_opts(b, tctx, handle, keys[i], WERR_OK), "failed to delete key"); torture_assert(tctx, test_DeleteKey_opts(b, tctx, handle, keys[i], WERR_BADFILE), "failed 2nd delete key"); tmp = talloc_strdup(tctx, keys[i]); q = strchr(tmp, '\\'); if (q != NULL) { *q = '\0'; q++; torture_assert(tctx, test_DeleteKey_opts(b, tctx, handle, tmp, WERR_OK), "failed to delete key"); torture_assert(tctx, test_DeleteKey_opts(b, tctx, handle, tmp, WERR_BADFILE), "failed 2nd delete key"); } } return true; } #define KEY_CURRENT_VERSION "SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION" #define VALUE_CURRENT_VERSION "CurrentVersion" #define VALUE_SYSTEM_ROOT "SystemRoot" static bool test_HKLM_wellknown(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle) { struct policy_handle newhandle; int i; static const struct { const char *values[3]; uint32_t num_values; bool existing_value; const char *error_message; } multiple_values_tests[] = { { .values[0] = VALUE_CURRENT_VERSION, .values[1] = NULL, .values[2] = NULL, .num_values = 1, .existing_value = true },{ .values[0] = VALUE_SYSTEM_ROOT, .values[1] = NULL, .values[2] = NULL, .num_values = 1, .existing_value = true },{ .values[0] = VALUE_CURRENT_VERSION, .values[1] = VALUE_SYSTEM_ROOT, .values[2] = NULL, .num_values = 2, .existing_value = true },{ .values[0] = VALUE_CURRENT_VERSION, .values[1] = VALUE_SYSTEM_ROOT, .values[2] = VALUE_CURRENT_VERSION, .num_values = 3, .existing_value = true },{ .values[0] = VALUE_CURRENT_VERSION, .values[1] = NULL, .values[2] = VALUE_SYSTEM_ROOT, .num_values = 3, .existing_value = false },{ .values[0] = VALUE_CURRENT_VERSION, .values[1] = "", .values[2] = VALUE_SYSTEM_ROOT, .num_values = 3, .existing_value = false },{ .values[0] = "IDoNotExist", .values[1] = NULL, .values[2] = NULL, .num_values = 1, .existing_value = false },{ .values[0] = "IDoNotExist", .values[1] = VALUE_CURRENT_VERSION, .values[2] = NULL, .num_values = 2, .existing_value = false },{ .values[0] = VALUE_CURRENT_VERSION, .values[1] = "IDoNotExist", .values[2] = NULL, .num_values = 2, .existing_value = false } }; /* FIXME: s3 does not support SEC_FLAG_MAXIMUM_ALLOWED yet */ if (torture_setting_bool(tctx, "samba3", false)) { torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, KEY_CURRENT_VERSION, REG_OPTION_NON_VOLATILE, KEY_QUERY_VALUE, &newhandle, WERR_OK), "failed to open current version key"); } else { torture_assert(tctx, test_OpenKey(b, tctx, handle, KEY_CURRENT_VERSION, &newhandle), "failed to open current version key"); } torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, VALUE_CURRENT_VERSION, true), "failed to query current version"); torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, "IDoNotExist", false), "succeeded to query nonexistent value"); torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, NULL, false), "succeeded to query value with NULL name"); torture_assert(tctx, test_QueryValue_full(b, tctx, &newhandle, "", false), "succeeded to query nonexistent default value (\"\")"); if (torture_setting_bool(tctx, "samba4", false)) { torture_comment(tctx, "skipping QueryMultipleValues{2} tests against Samba4\n"); goto close_key; } for (i=0; i < ARRAY_SIZE(multiple_values_tests); i++) { const char *msg; msg = talloc_asprintf(tctx, "failed to query %d %sexisting values\n", multiple_values_tests[i].num_values, multiple_values_tests[i].existing_value ? "":"non"); torture_assert(tctx, test_QueryMultipleValues_full(b, tctx, &newhandle, multiple_values_tests[i].num_values, multiple_values_tests[i].values, multiple_values_tests[i].existing_value), msg); torture_assert(tctx, test_QueryMultipleValues2_full(b, tctx, &newhandle, multiple_values_tests[i].num_values, multiple_values_tests[i].values, multiple_values_tests[i].existing_value), msg); } close_key: torture_assert(tctx, test_CloseKey(b, tctx, &newhandle), "failed to close current version key"); return true; } static bool test_OpenHive(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, int hkey) { struct winreg_OpenHKLM r; r.in.system_name = 0; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = handle; switch (hkey) { case HKEY_LOCAL_MACHINE: torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenHKLM_r(b, tctx, &r), "failed to open HKLM"); torture_assert_werr_ok(tctx, r.out.result, "failed to open HKLM"); break; case HKEY_CURRENT_USER: torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenHKCU_r(b, tctx, (struct winreg_OpenHKCU *)(void *)&r), "failed to open HKCU"); torture_assert_werr_ok(tctx, r.out.result, "failed to open HKCU"); break; case HKEY_USERS: torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenHKU_r(b, tctx, (struct winreg_OpenHKU *)(void *)&r), "failed to open HKU"); torture_assert_werr_ok(tctx, r.out.result, "failed to open HKU"); break; case HKEY_CLASSES_ROOT: torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenHKCR_r(b, tctx, (struct winreg_OpenHKCR *)(void *)&r), "failed to open HKCR"); torture_assert_werr_ok(tctx, r.out.result, "failed to open HKCR"); break; default: torture_warning(tctx, "unsupported hkey: 0x%08x\n", hkey); return false; } return true; } static bool test_volatile_keys(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, int hkey) { struct policy_handle new_handle, hive_handle; enum winreg_CreateAction action_taken; torture_comment(tctx, "Testing VOLATILE key\n"); test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE); torture_assert(tctx, test_CreateKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, NULL, REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_OK, &action_taken, &new_handle), "failed to create REG_OPTION_VOLATILE type key"); torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action"); torture_assert(tctx, test_CreateKey_opts(tctx, b, &new_handle, TEST_SUBKEY_VOLATILE, NULL, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_CHILD_MUST_BE_VOLATILE, NULL, NULL), "failed to fail create REG_OPTION_VOLATILE type key"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_OK), "failed to open volatile key"); torture_assert(tctx, test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE), "failed to delete key"); torture_assert(tctx, test_CreateKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, NULL, REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_OK, &action_taken, &new_handle), "failed to create REG_OPTION_VOLATILE type key"); torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, TEST_KEY_VOLATILE, REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_OK), "failed to open volatile key"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); torture_assert(tctx, test_OpenHive(tctx, b, &hive_handle, hkey), "failed top open hive"); torture_assert(tctx, test_OpenKey_opts(tctx, b, &hive_handle, TEST_KEY_VOLATILE, REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_BADFILE), "failed to open volatile key"); torture_assert(tctx, test_OpenKey_opts(tctx, b, &hive_handle, TEST_KEY_VOLATILE, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_BADFILE), "failed to open volatile key"); torture_assert(tctx, test_CloseKey(b, tctx, &hive_handle), "failed to close"); torture_assert(tctx, test_DeleteKey(b, tctx, handle, TEST_KEY_VOLATILE), "failed to delete key"); torture_comment(tctx, "Testing VOLATILE key succeeded\n"); return true; } static const char *kernel_mode_registry_path(struct torture_context *tctx, int hkey, const char *sid_string, const char *path) { switch (hkey) { case HKEY_LOCAL_MACHINE: return talloc_asprintf(tctx, "\\Registry\\MACHINE\\%s", path); case HKEY_CURRENT_USER: return talloc_asprintf(tctx, "\\Registry\\USER\\%s\\%s", sid_string, path); case HKEY_USERS: return talloc_asprintf(tctx, "\\Registry\\USER\\%s", path); case HKEY_CLASSES_ROOT: return talloc_asprintf(tctx, "\\Registry\\MACHINE\\Software\\Classes\\%s", path); default: torture_warning(tctx, "unsupported hkey: 0x%08x\n", hkey); return NULL; } } static bool test_symlink_keys(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, const char *key, int hkey) { struct policy_handle new_handle; enum winreg_CreateAction action_taken; DATA_BLOB blob; uint32_t value = 42; const char *test_key_symlink_dest; const char *test_key_symlink; const char *kernel_mode_path; /* disable until we know how to delete a symbolic link */ torture_skip(tctx, "symlink test disabled"); torture_comment(tctx, "Testing REG_OPTION_CREATE_LINK key\n"); /* create destination key with testvalue */ test_key_symlink = talloc_asprintf(tctx, "%s\\%s", key, TEST_KEY_SYMLINK); test_key_symlink_dest = talloc_asprintf(tctx, "%s\\%s", key, TEST_KEY_SYMLINK_DEST); test_DeleteKey(b, tctx, handle, test_key_symlink); torture_assert(tctx, test_CreateKey_opts(tctx, b, handle, test_key_symlink_dest, NULL, 0, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_OK, &action_taken, &new_handle), "failed to create symlink destination"); blob = data_blob_talloc_zero(tctx, 4); SIVAL(blob.data, 0, value); torture_assert(tctx, test_SetValue(b, tctx, &new_handle, "TestValue", REG_DWORD, blob.data, blob.length), "failed to create TestValue"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); /* create symlink */ torture_assert(tctx, test_CreateKey_opts(tctx, b, handle, test_key_symlink, NULL, REG_OPTION_CREATE_LINK | REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, NULL, WERR_OK, &action_taken, &new_handle), "failed to create REG_OPTION_CREATE_LINK type key"); torture_assert_int_equal(tctx, action_taken, REG_CREATED_NEW_KEY, "unexpected action"); kernel_mode_path = kernel_mode_registry_path(tctx, hkey, NULL, test_key_symlink_dest); torture_assert(tctx, convert_string_talloc(tctx, CH_UNIX, CH_UTF16, kernel_mode_path, strlen(kernel_mode_path), /* not NULL terminated */ &blob.data, &blob.length, false), "failed to convert"); torture_assert(tctx, test_SetValue(b, tctx, &new_handle, "SymbolicLinkValue", REG_LINK, blob.data, blob.length), "failed to create SymbolicLinkValue value"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); /* test follow symlink */ torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, test_key_symlink, 0, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_OK), "failed to follow symlink key"); torture_assert(tctx, test_QueryValue(b, tctx, &new_handle, "TestValue"), "failed to query value"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); /* delete link */ torture_assert(tctx, test_OpenKey_opts(tctx, b, handle, test_key_symlink, REG_OPTION_OPEN_LINK | REG_OPTION_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &new_handle, WERR_OK), "failed to open symlink key"); torture_assert(tctx, test_DeleteValue(b, tctx, &new_handle, "SymbolicLinkValue"), "failed to delete value SymbolicLinkValue"); torture_assert(tctx, test_CloseKey(b, tctx, &new_handle), "failed to close"); torture_assert(tctx, test_DeleteKey(b, tctx, handle, test_key_symlink), "failed to delete key"); /* delete destination */ torture_assert(tctx, test_DeleteKey(b, tctx, handle, test_key_symlink_dest), "failed to delete key"); return true; } static bool test_CreateKey_keytypes(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, const char *key, int hkey) { if (torture_setting_bool(tctx, "samba3", false) || torture_setting_bool(tctx, "samba4", false)) { torture_skip(tctx, "skipping CreateKey keytypes test against Samba"); } torture_assert(tctx, test_volatile_keys(tctx, b, handle, hkey), "failed to test volatile keys"); torture_assert(tctx, test_symlink_keys(tctx, b, handle, key, hkey), "failed to test symlink keys"); return true; } static bool test_key_base(struct torture_context *tctx, struct dcerpc_binding_handle *b, struct policy_handle *handle, const char *base_key, int hkey) { struct policy_handle newhandle; bool ret = true, created = false, deleted = false; bool created3 = false; const char *test_key1; const char *test_key3; const char *test_subkey; test_Cleanup(b, tctx, handle, base_key); if (!test_CreateKey(b, tctx, handle, base_key, NULL)) { torture_comment(tctx, "CreateKey(%s) failed\n", base_key); } test_key1 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY1); if (!test_CreateKey(b, tctx, handle, test_key1, NULL)) { torture_comment(tctx, "CreateKey failed - not considering a failure\n"); } else { created = true; } if (created) { if (!test_FlushKey(b, tctx, handle)) { torture_comment(tctx, "FlushKey failed\n"); ret = false; } if (!test_OpenKey(b, tctx, handle, test_key1, &newhandle)) { torture_fail(tctx, "CreateKey failed (OpenKey after Create didn't work)\n"); } if (hkey == HKEY_CURRENT_USER) { torture_assert(tctx, test_SetValue_simple(b, tctx, &newhandle), "simple SetValue test failed"); torture_assert(tctx, test_SetValue_values(b, tctx, &newhandle), "values SetValue test failed"); torture_assert(tctx, test_SetValue_extended(b, tctx, &newhandle), "extended SetValue test failed"); torture_assert(tctx, test_create_keynames(b, tctx, &newhandle), "keyname CreateKey test failed"); } else { torture_assert(tctx, test_CreateKey_keytypes(tctx, b, &newhandle, test_key1, hkey), "keytype test failed"); } if (!test_CloseKey(b, tctx, &newhandle)) { torture_fail(tctx, "CreateKey failed (CloseKey after Open didn't work)\n"); } if (!test_DeleteKey(b, tctx, handle, test_key1)) { torture_comment(tctx, "DeleteKey(%s) failed\n", test_key1); ret = false; } else { deleted = true; } if (!test_FlushKey(b, tctx, handle)) { torture_comment(tctx, "FlushKey failed\n"); ret = false; } if (deleted) { if (!test_OpenKey_opts(tctx, b, handle, test_key1, REG_OPTION_NON_VOLATILE, SEC_FLAG_MAXIMUM_ALLOWED, &newhandle, WERR_BADFILE)) { torture_comment(tctx, "DeleteKey failed (OpenKey after Delete " "did not return WERR_BADFILE)\n"); ret = false; } } test_key3 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY3); if (test_CreateKey(b, tctx, handle, test_key3, NULL)) { created3 = true; } test_subkey = talloc_asprintf(tctx, "%s\\%s", test_key3, TEST_SUBKEY); if (created3) { if (test_CreateKey(b, tctx, handle, test_subkey, NULL)) { if (!test_DeleteKey(b, tctx, handle, test_subkey)) { torture_comment(tctx, "DeleteKey(%s) failed\n", test_subkey); ret = false; } } if (!test_DeleteKey(b, tctx, handle, test_key3)) { torture_comment(tctx, "DeleteKey(%s) failed\n", test_key3); ret = false; } } } test_Cleanup(b, tctx, handle, base_key); return ret; } static bool test_key_base_sd(struct torture_context *tctx, struct dcerpc_pipe *p, struct policy_handle *handle, const char *base_key) { struct policy_handle newhandle; bool ret = true, created2 = false, created4 = false; struct dcerpc_binding_handle *b = p->binding_handle; const char *test_key2; const char *test_key4; torture_skip(tctx, "security descriptor test disabled\n"); if (torture_setting_bool(tctx, "samba3", false) || torture_setting_bool(tctx, "samba4", false)) { torture_skip(tctx, "skipping security descriptor tests against Samba"); } test_Cleanup(b, tctx, handle, base_key); if (!test_CreateKey(b, tctx, handle, base_key, NULL)) { torture_comment(tctx, "CreateKey(%s) failed\n", base_key); } test_key2 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY2); if (test_CreateKey_sd(b, tctx, handle, test_key2, NULL, &newhandle)) { created2 = true; } if (created2 && !test_CloseKey(b, tctx, &newhandle)) { torture_comment(tctx, "CloseKey failed\n"); ret = false; } test_key4 = talloc_asprintf(tctx, "%s\\%s", base_key, TEST_KEY4); if (test_CreateKey_sd(b, tctx, handle, test_key4, NULL, &newhandle)) { created4 = true; } if (created4 && !test_CloseKey(b, tctx, &newhandle)) { torture_comment(tctx, "CloseKey failed\n"); ret = false; } if (created4 && !test_SecurityDescriptors(p, tctx, handle, test_key4)) { ret = false; } if (created4 && !test_DeleteKey(b, tctx, handle, test_key4)) { torture_comment(tctx, "DeleteKey(%s) failed\n", test_key4); ret = false; } if (created2 && !test_DeleteKey(b, tctx, handle, test_key4)) { torture_comment(tctx, "DeleteKey(%s) failed\n", test_key4); ret = false; } test_Cleanup(b, tctx, handle, base_key); return ret; } static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p, void *userdata) { struct policy_handle handle; bool ret = true; struct winreg_OpenHKLM r; struct dcerpc_binding_handle *b = p->binding_handle; const char *torture_base_key; int hkey = 0; winreg_open_fn open_fn = (winreg_open_fn)userdata; r.in.system_name = 0; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; torture_assert_ntstatus_ok(tctx, open_fn(b, tctx, &r), "open"); if (!test_GetVersion(b, tctx, &handle)) { torture_comment(tctx, "GetVersion failed\n"); ret = false; } if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKLM_r) { hkey = HKEY_LOCAL_MACHINE; torture_base_key = "SOFTWARE\\Samba\\" TEST_KEY_BASE; } else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKU_r) { hkey = HKEY_USERS; torture_base_key = TEST_KEY_BASE; } else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKCR_r) { hkey = HKEY_CLASSES_ROOT; torture_base_key = TEST_KEY_BASE; } else if (open_fn == (winreg_open_fn)dcerpc_winreg_OpenHKCU_r) { hkey = HKEY_CURRENT_USER; torture_base_key = TEST_KEY_BASE; } else { torture_fail(tctx, "unsupported hkey"); } if (hkey == HKEY_LOCAL_MACHINE) { torture_assert(tctx, test_HKLM_wellknown(tctx, b, &handle), "failed to test HKLM wellknown keys"); } if (!test_key_base(tctx, b, &handle, torture_base_key, hkey)) { torture_warning(tctx, "failed to test TEST_KEY_BASE(%s)", torture_base_key); ret = false; } if (!test_key_base_sd(tctx, p, &handle, torture_base_key)) { torture_warning(tctx, "failed to test TEST_KEY_BASE(%s) sd", torture_base_key); ret = false; } /* The HKCR hive has a very large fanout */ if (hkey == HKEY_CLASSES_ROOT) { if(!test_key(p, tctx, &handle, MAX_DEPTH - 1, false)) { ret = false; } } else if (hkey == HKEY_LOCAL_MACHINE) { /* FIXME we are not allowed to enum values in the HKLM root */ } else { if (!test_key(p, tctx, &handle, 0, false)) { ret = false; } } return ret; } struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx) { struct torture_rpc_tcase *tcase; struct torture_suite *suite = torture_suite_create(mem_ctx, "WINREG"); struct torture_test *test; tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg", &ndr_table_winreg); test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown", test_InitiateSystemShutdown); test->dangerous = true; test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx", test_InitiateSystemShutdownEx); test->dangerous = true; torture_rpc_tcase_add_test_ex(tcase, "HKLM", test_Open, (void *)dcerpc_winreg_OpenHKLM_r); torture_rpc_tcase_add_test_ex(tcase, "HKU", test_Open, (void *)dcerpc_winreg_OpenHKU_r); torture_rpc_tcase_add_test_ex(tcase, "HKCR", test_Open, (void *)dcerpc_winreg_OpenHKCR_r); torture_rpc_tcase_add_test_ex(tcase, "HKCU", test_Open, (void *)dcerpc_winreg_OpenHKCU_r); return suite; }