search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-smbtorture: fix build warning in test_EnumPrintProcDataTypes.
[Samba.git] / source4 / torture / rpc / lsa_lookup.c
blob0124ce1741ad248753d43b743028f17b8ae571be
1 /*
2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc lookup operations
4
5 Copyright (C) Volker Lendecke 2006
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "torture/torture.h"
23 #include "lib/events/events.h"
24 #include "libnet/libnet_join.h"
25 #include "torture/rpc/rpc.h"
26 #include "librpc/gen_ndr/ndr_lsa_c.h"
27 #include "libcli/security/security.h"
28
29 static bool open_policy(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
30 struct policy_handle **handle)
31 {
32 struct lsa_ObjectAttribute attr;
33 struct lsa_QosInfo qos;
34 struct lsa_OpenPolicy2 r;
35 NTSTATUS status;
36
37 *handle = talloc(mem_ctx, struct policy_handle);
38 if (!*handle) {
39 return false;
40 }
41
42 qos.len = 0;
43 qos.impersonation_level = 2;
44 qos.context_mode = 1;
45 qos.effective_only = 0;
46
47 attr.len = 0;
48 attr.root_dir = NULL;
49 attr.object_name = NULL;
50 attr.attributes = 0;
51 attr.sec_desc = NULL;
52 attr.sec_qos = &qos;
53
54 r.in.system_name = "\\";
55 r.in.attr = &attr;
56 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
57 r.out.handle = *handle;
58
59 status = dcerpc_lsa_OpenPolicy2(p, mem_ctx, &r);
60
61 return NT_STATUS_IS_OK(status);
62 }
63
64 static bool get_domainsid(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
65 struct policy_handle *handle,
66 struct dom_sid **sid)
67 {
68 struct lsa_QueryInfoPolicy r;
69 union lsa_PolicyInformation *info = NULL;
70 NTSTATUS status;
71
72 r.in.level = LSA_POLICY_INFO_DOMAIN;
73 r.in.handle = handle;
74 r.out.info = &info;
75
76 status = dcerpc_lsa_QueryInfoPolicy(p, mem_ctx, &r);
77 if (!NT_STATUS_IS_OK(status)) return false;
78
79 *sid = info->domain.sid;
80 return true;
81 }
82
83 static NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, uint16_t level,
84 struct dcerpc_pipe *p,
85 struct policy_handle *handle,
86 struct dom_sid **sids, uint32_t num_sids,
87 struct lsa_TransNameArray *names)
88 {
89 struct lsa_LookupSids r;
90 struct lsa_SidArray sidarray;
91 uint32_t count = 0;
92 uint32_t i;
93
94 names->count = 0;
95 names->names = NULL;
96
97 sidarray.num_sids = num_sids;
98 sidarray.sids = talloc_array(mem_ctx, struct lsa_SidPtr, num_sids);
99
100 for (i=0; i<num_sids; i++) {
101 sidarray.sids[i].sid = sids[i];
102 }
103
104 r.in.handle = handle;
105 r.in.sids = &sidarray;
106 r.in.names = names;
107 r.in.level = level;
108 r.in.count = &count;
109 r.out.names = names;
110 r.out.count = &count;
111
112 return dcerpc_lsa_LookupSids(p, mem_ctx, &r);
113 }
114
115 static const char *sid_type_lookup(enum lsa_SidType r)
116 {
117 switch (r) {
118 case SID_NAME_USE_NONE: return "SID_NAME_USE_NONE"; break;
119 case SID_NAME_USER: return "SID_NAME_USER"; break;
120 case SID_NAME_DOM_GRP: return "SID_NAME_DOM_GRP"; break;
121 case SID_NAME_DOMAIN: return "SID_NAME_DOMAIN"; break;
122 case SID_NAME_ALIAS: return "SID_NAME_ALIAS"; break;
123 case SID_NAME_WKN_GRP: return "SID_NAME_WKN_GRP"; break;
124 case SID_NAME_DELETED: return "SID_NAME_DELETED"; break;
125 case SID_NAME_INVALID: return "SID_NAME_INVALID"; break;
126 case SID_NAME_UNKNOWN: return "SID_NAME_UNKNOWN"; break;
127 case SID_NAME_COMPUTER: return "SID_NAME_COMPUTER"; break;
128 }
129 return "Invalid sid type\n";
130 }
131
132 static bool test_lookupsids(TALLOC_CTX *mem_ctx, struct dcerpc_pipe *p,
133 struct policy_handle *handle,
134 struct dom_sid **sids, uint32_t num_sids,
135 int level, NTSTATUS expected_result,
136 enum lsa_SidType *types)
137 {
138 struct lsa_TransNameArray names;
139 NTSTATUS status;
140 uint32_t i;
141 bool ret = true;
142
143 status = lookup_sids(mem_ctx, level, p, handle, sids, num_sids,
144 &names);
145 if (!NT_STATUS_EQUAL(status, expected_result)) {
146 printf("For level %d expected %s, got %s\n",
147 level, nt_errstr(expected_result),
148 nt_errstr(status));
149 return false;
150 }
151
152 if (!NT_STATUS_EQUAL(status, NT_STATUS_OK) &&
153 !NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) {
154 return true;
155 }
156
157 for (i=0; i<num_sids; i++) {
158 if (names.names[i].sid_type != types[i]) {
159 printf("In level %d, for sid %s expected %s, "
160 "got %s\n", level,
161 dom_sid_string(mem_ctx, sids[i]),
162 sid_type_lookup(types[i]),
163 sid_type_lookup(names.names[i].sid_type));
164 ret = false;
165 }
166 }
167 return ret;
168 }
169
170 static bool get_downleveltrust(struct torture_context *tctx, struct dcerpc_pipe *p,
171 struct policy_handle *handle,
172 struct dom_sid **sid)
173 {
174 struct lsa_EnumTrustDom r;
175 uint32_t resume_handle = 0;
176 struct lsa_DomainList domains;
177 NTSTATUS status;
178 int i;
179
180 r.in.handle = handle;
181 r.in.resume_handle = &resume_handle;
182 r.in.max_size = 1000;
183 r.out.domains = &domains;
184 r.out.resume_handle = &resume_handle;
185
186 status = dcerpc_lsa_EnumTrustDom(p, tctx, &r);
187
188 if (NT_STATUS_EQUAL(status, NT_STATUS_NO_MORE_ENTRIES))
189 torture_fail(tctx, "no trusts");
190
191 if (domains.count == 0) {
192 torture_fail(tctx, "no trusts");
193 }
194
195 for (i=0; i<domains.count; i++) {
196 struct lsa_QueryTrustedDomainInfoBySid q;
197 union lsa_TrustedDomainInfo *info = NULL;
198
199 if (domains.domains[i].sid == NULL)
200 continue;
201
202 q.in.handle = handle;
203 q.in.dom_sid = domains.domains[i].sid;
204 q.in.level = 6;
205 q.out.info = &info;
206
207 status = dcerpc_lsa_QueryTrustedDomainInfoBySid(p, tctx, &q);
208 if (!NT_STATUS_IS_OK(status)) continue;
209
210 if ((info->info_ex.trust_direction & 2) &&
211 (info->info_ex.trust_type == 1)) {
212 *sid = domains.domains[i].sid;
213 return true;
214 }
215 }
216
217 torture_fail(tctx, "I need a AD DC with an outgoing trust to NT4");
218 }
219
220 #define NUM_SIDS 8
221
222 bool torture_rpc_lsa_lookup(struct torture_context *torture)
223 {
224 NTSTATUS status;
225 struct dcerpc_pipe *p;
226 bool ret = true;
227 struct policy_handle *handle;
228 struct dom_sid *dom_sid;
229 struct dom_sid *trusted_sid;
230 struct dom_sid *sids[NUM_SIDS];
231
232 status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
233 if (!NT_STATUS_IS_OK(status)) {
234 torture_fail(torture, "unable to connect to table");
235 }
236
237 ret &= open_policy(torture, p, &handle);
238 if (!ret) return false;
239
240 ret &= get_domainsid(torture, p, handle, &dom_sid);
241 if (!ret) return false;
242
243 ret &= get_downleveltrust(torture, p, handle, &trusted_sid);
244 if (!ret) return false;
245
246 torture_comment(torture, "domain sid: %s\n",
247 dom_sid_string(torture, dom_sid));
248
249 sids[0] = dom_sid_parse_talloc(torture, "S-1-1-0");
250 sids[1] = dom_sid_parse_talloc(torture, "S-1-5-4");
251 sids[2] = dom_sid_parse_talloc(torture, "S-1-5-32");
252 sids[3] = dom_sid_parse_talloc(torture, "S-1-5-32-545");
253 sids[4] = dom_sid_dup(torture, dom_sid);
254 sids[5] = dom_sid_add_rid(torture, dom_sid, 512);
255 sids[6] = dom_sid_dup(torture, trusted_sid);
256 sids[7] = dom_sid_add_rid(torture, trusted_sid, 512);
257
258 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 0,
259 NT_STATUS_INVALID_PARAMETER, NULL);
260
261 {
262 enum lsa_SidType types[NUM_SIDS] =
263 { SID_NAME_WKN_GRP, SID_NAME_WKN_GRP, SID_NAME_DOMAIN,
264 SID_NAME_ALIAS, SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
265 SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
266
267 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 1,
268 NT_STATUS_OK, types);
269 }
270
271 {
272 enum lsa_SidType types[NUM_SIDS] =
273 { SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
274 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
275 SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
276 SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
277 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 2,
278 STATUS_SOME_UNMAPPED, types);
279 }
280
281 {
282 enum lsa_SidType types[NUM_SIDS] =
283 { SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
284 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
285 SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
286 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
287 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 3,
288 STATUS_SOME_UNMAPPED, types);
289 }
290
291 {
292 enum lsa_SidType types[NUM_SIDS] =
293 { SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
294 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
295 SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
296 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
297 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 4,
298 STATUS_SOME_UNMAPPED, types);
299 }
300
301 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 5,
302 NT_STATUS_NONE_MAPPED, NULL);
303
304 {
305 enum lsa_SidType types[NUM_SIDS] =
306 { SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
307 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
308 SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
309 SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
310 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 6,
311 STATUS_SOME_UNMAPPED, types);
312 }
313
314 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 7,
315 NT_STATUS_INVALID_PARAMETER, NULL);
316 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 8,
317 NT_STATUS_INVALID_PARAMETER, NULL);
318 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 9,
319 NT_STATUS_INVALID_PARAMETER, NULL);
320 ret &= test_lookupsids(torture, p, handle, sids, NUM_SIDS, 10,
321 NT_STATUS_INVALID_PARAMETER, NULL);
322
323 return ret;
324 }
Samba GIT mirror