2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
7 Copyright (C) Günther Deschner 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_winreg_c.h"
25 #include "librpc/gen_ndr/ndr_security.h"
26 #include "libcli/security/security.h"
27 #include "torture/rpc/rpc.h"
29 #define TEST_KEY_BASE "smbtorture test"
30 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
31 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
32 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
33 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
34 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
35 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
36 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
38 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
40 static void init_lsa_StringLarge(struct lsa_StringLarge
*name
, const char *s
)
45 static void init_winreg_String(struct winreg_String
*name
, const char *s
)
49 name
->name_len
= 2 * (strlen_m(s
) + 1);
50 name
->name_size
= name
->name_len
;
57 static bool test_GetVersion(struct dcerpc_pipe
*p
,
58 struct torture_context
*tctx
,
59 struct policy_handle
*handle
)
61 struct winreg_GetVersion r
;
68 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_GetVersion(p
, tctx
, &r
),
71 torture_assert_werr_ok(tctx
, r
.out
.result
, "GetVersion failed");
76 static bool test_NotifyChangeKeyValue(struct dcerpc_pipe
*p
,
77 struct torture_context
*tctx
,
78 struct policy_handle
*handle
)
80 struct winreg_NotifyChangeKeyValue r
;
84 r
.in
.watch_subtree
= true;
85 r
.in
.notify_filter
= 0;
86 r
.in
.unknown
= r
.in
.unknown2
= 0;
87 init_winreg_String(&r
.in
.string1
, NULL
);
88 init_winreg_String(&r
.in
.string2
, NULL
);
90 if (torture_setting_bool(tctx
, "samba3", false)) {
91 torture_skip(tctx
, "skipping NotifyChangeKeyValue test against Samba 3");
94 torture_assert_ntstatus_ok(tctx
,
95 dcerpc_winreg_NotifyChangeKeyValue(p
, tctx
, &r
),
96 "NotifyChangeKeyValue failed");
98 if (!W_ERROR_IS_OK(r
.out
.result
)) {
100 "NotifyChangeKeyValue failed - %s - not considering\n",
101 win_errstr(r
.out
.result
));
108 static bool test_CreateKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
109 struct policy_handle
*handle
, const char *name
,
112 struct winreg_CreateKey r
;
113 struct policy_handle newhandle
;
114 enum winreg_CreateAction action_taken
= 0;
117 r
.in
.handle
= handle
;
118 r
.out
.new_handle
= &newhandle
;
119 init_winreg_String(&r
.in
.name
, name
);
120 init_winreg_String(&r
.in
.keyclass
, kclass
);
122 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
123 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
126 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey(p
, tctx
, &r
),
129 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey failed");
136 createkey testing with a SD
138 static bool test_CreateKey_sd(struct dcerpc_pipe
*p
,
139 struct torture_context
*tctx
,
140 struct policy_handle
*handle
, const char *name
,
142 struct policy_handle
*newhandle
)
144 struct winreg_CreateKey r
;
145 enum winreg_CreateAction action_taken
= 0;
146 struct security_descriptor
*sd
;
148 struct winreg_SecBuf secbuf
;
150 sd
= security_descriptor_dacl_create(tctx
,
153 SID_NT_AUTHENTICATED_USERS
,
154 SEC_ACE_TYPE_ACCESS_ALLOWED
,
156 SEC_ACE_FLAG_OBJECT_INHERIT
|
157 SEC_ACE_FLAG_CONTAINER_INHERIT
,
160 torture_assert_ndr_success(tctx
,
161 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
162 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
163 "Failed to push security_descriptor ?!\n");
165 secbuf
.sd
.data
= sdblob
.data
;
166 secbuf
.sd
.len
= sdblob
.length
;
167 secbuf
.sd
.size
= sdblob
.length
;
168 secbuf
.length
= sdblob
.length
-10;
172 r
.in
.handle
= handle
;
173 r
.out
.new_handle
= newhandle
;
174 init_winreg_String(&r
.in
.name
, name
);
175 init_winreg_String(&r
.in
.keyclass
, kclass
);
177 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
178 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
179 r
.in
.secdesc
= &secbuf
;
181 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey(p
, tctx
, &r
),
182 "CreateKey with sd failed");
184 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey with sd failed");
189 static bool _test_GetKeySecurity(struct dcerpc_pipe
*p
,
190 struct torture_context
*tctx
,
191 struct policy_handle
*handle
,
192 uint32_t *sec_info_ptr
,
194 struct security_descriptor
**sd_out
)
196 struct winreg_GetKeySecurity r
;
197 struct security_descriptor
*sd
= NULL
;
202 sec_info
= *sec_info_ptr
;
204 sec_info
= SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
;
209 r
.in
.handle
= handle
;
210 r
.in
.sec_info
= sec_info
;
211 r
.in
.sd
= r
.out
.sd
= talloc_zero(tctx
, struct KeySecurityData
);
212 r
.in
.sd
->size
= 0x1000;
214 torture_assert_ntstatus_ok(tctx
,
215 dcerpc_winreg_GetKeySecurity(p
, tctx
, &r
),
216 "GetKeySecurity failed");
218 torture_assert_werr_equal(tctx
, r
.out
.result
, get_werr
,
219 "GetKeySecurity failed");
221 sdblob
.data
= r
.out
.sd
->data
;
222 sdblob
.length
= r
.out
.sd
->len
;
224 sd
= talloc_zero(tctx
, struct security_descriptor
);
226 torture_assert_ndr_success(tctx
,
227 ndr_pull_struct_blob(&sdblob
, tctx
, NULL
, sd
,
228 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
),
229 "pull_security_descriptor failed");
231 if (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
) {
232 NDR_PRINT_DEBUG(security_descriptor
, sd
);
244 static bool test_GetKeySecurity(struct dcerpc_pipe
*p
,
245 struct torture_context
*tctx
,
246 struct policy_handle
*handle
,
247 struct security_descriptor
**sd_out
)
249 return _test_GetKeySecurity(p
, tctx
, handle
, NULL
, WERR_OK
, sd_out
);
252 static bool _test_SetKeySecurity(struct dcerpc_pipe
*p
,
253 struct torture_context
*tctx
,
254 struct policy_handle
*handle
,
255 uint32_t *sec_info_ptr
,
256 struct security_descriptor
*sd
,
259 struct winreg_SetKeySecurity r
;
260 struct KeySecurityData
*sdata
= NULL
;
266 if (sd
&& (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
)) {
267 NDR_PRINT_DEBUG(security_descriptor
, sd
);
270 torture_assert_ndr_success(tctx
,
271 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
272 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
273 "push_security_descriptor failed");
275 sdata
= talloc_zero(tctx
, struct KeySecurityData
);
276 sdata
->data
= sdblob
.data
;
277 sdata
->size
= sdblob
.length
;
278 sdata
->len
= sdblob
.length
;
281 sec_info
= *sec_info_ptr
;
283 sec_info
= SECINFO_UNPROTECTED_SACL
|
284 SECINFO_UNPROTECTED_DACL
;
286 sec_info
|= SECINFO_OWNER
;
289 sec_info
|= SECINFO_GROUP
;
292 sec_info
|= SECINFO_SACL
;
295 sec_info
|= SECINFO_DACL
;
299 r
.in
.handle
= handle
;
300 r
.in
.sec_info
= sec_info
;
303 torture_assert_ntstatus_ok(tctx
,
304 dcerpc_winreg_SetKeySecurity(p
, tctx
, &r
),
305 "SetKeySecurity failed");
307 torture_assert_werr_equal(tctx
, r
.out
.result
, werr
,
308 "SetKeySecurity failed");
313 static bool test_SetKeySecurity(struct dcerpc_pipe
*p
,
314 struct torture_context
*tctx
,
315 struct policy_handle
*handle
,
316 struct security_descriptor
*sd
)
318 return _test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, WERR_OK
);
321 static bool test_CloseKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
322 struct policy_handle
*handle
)
324 struct winreg_CloseKey r
;
327 r
.in
.handle
= r
.out
.handle
= handle
;
329 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CloseKey(p
, tctx
, &r
),
332 torture_assert_werr_ok(tctx
, r
.out
.result
, "CloseKey failed");
337 static bool test_FlushKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
338 struct policy_handle
*handle
)
340 struct winreg_FlushKey r
;
343 r
.in
.handle
= handle
;
345 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_FlushKey(p
, tctx
, &r
),
348 torture_assert_werr_ok(tctx
, r
.out
.result
, "FlushKey failed");
353 static bool _test_OpenKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
354 struct policy_handle
*hive_handle
,
355 const char *keyname
, uint32_t access_mask
,
356 struct policy_handle
*key_handle
,
360 struct winreg_OpenKey r
;
363 r
.in
.parent_handle
= hive_handle
;
364 init_winreg_String(&r
.in
.keyname
, keyname
);
365 r
.in
.unknown
= 0x00000000;
366 r
.in
.access_mask
= access_mask
;
367 r
.out
.handle
= key_handle
;
369 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_OpenKey(p
, tctx
, &r
),
372 torture_assert_werr_equal(tctx
, r
.out
.result
, open_werr
,
375 if (success
&& W_ERROR_EQUAL(r
.out
.result
, WERR_OK
)) {
382 static bool test_OpenKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
383 struct policy_handle
*hive_handle
,
384 const char *keyname
, struct policy_handle
*key_handle
)
386 return _test_OpenKey(p
, tctx
, hive_handle
, keyname
,
387 SEC_FLAG_MAXIMUM_ALLOWED
, key_handle
,
391 static bool test_Cleanup(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
392 struct policy_handle
*handle
, const char *key
)
394 struct winreg_DeleteKey r
;
397 r
.in
.handle
= handle
;
399 init_winreg_String(&r
.in
.key
, key
);
400 dcerpc_winreg_DeleteKey(p
, tctx
, &r
);
405 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe
*p
,
406 struct torture_context
*tctx
,
407 struct policy_handle
*handle
,
411 struct security_descriptor
*sd
= NULL
;
413 if (!_test_GetKeySecurity(p
, tctx
, handle
, NULL
, get_werr
, &sd
)) {
417 if (!_test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, set_werr
)) {
424 static bool test_SecurityDescriptor(struct dcerpc_pipe
*p
,
425 struct torture_context
*tctx
,
426 struct policy_handle
*handle
,
429 struct policy_handle new_handle
;
432 torture_comment(tctx
, "SecurityDescriptor get & set\n");
434 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
438 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
443 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
450 static bool _test_SecurityDescriptor(struct dcerpc_pipe
*p
,
451 struct torture_context
*tctx
,
452 struct policy_handle
*handle
,
453 uint32_t access_mask
,
459 struct policy_handle new_handle
;
461 bool got_key
= false;
463 if (!_test_OpenKey(p
, tctx
, handle
, key
, access_mask
, &new_handle
,
464 open_werr
, &got_key
)) {
472 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
473 get_werr
, set_werr
)) {
477 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
484 static bool test_dacl_trustee_present(struct dcerpc_pipe
*p
,
485 struct torture_context
*tctx
,
486 struct policy_handle
*handle
,
487 const struct dom_sid
*sid
)
489 struct security_descriptor
*sd
= NULL
;
492 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
496 if (!sd
|| !sd
->dacl
) {
500 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
501 if (dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) {
509 static bool _test_dacl_trustee_present(struct dcerpc_pipe
*p
,
510 struct torture_context
*tctx
,
511 struct policy_handle
*handle
,
513 const struct dom_sid
*sid
)
515 struct policy_handle new_handle
;
518 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
522 ret
= test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
);
524 test_CloseKey(p
, tctx
, &new_handle
);
529 static bool test_sacl_trustee_present(struct dcerpc_pipe
*p
,
530 struct torture_context
*tctx
,
531 struct policy_handle
*handle
,
532 const struct dom_sid
*sid
)
534 struct security_descriptor
*sd
= NULL
;
536 uint32_t sec_info
= SECINFO_SACL
;
538 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
542 if (!sd
|| !sd
->sacl
) {
546 for (i
= 0; i
< sd
->sacl
->num_aces
; i
++) {
547 if (dom_sid_equal(&sd
->sacl
->aces
[i
].trustee
, sid
)) {
555 static bool _test_sacl_trustee_present(struct dcerpc_pipe
*p
,
556 struct torture_context
*tctx
,
557 struct policy_handle
*handle
,
559 const struct dom_sid
*sid
)
561 struct policy_handle new_handle
;
564 if (!_test_OpenKey(p
, tctx
, handle
, key
, SEC_FLAG_SYSTEM_SECURITY
,
565 &new_handle
, WERR_OK
, NULL
)) {
569 ret
= test_sacl_trustee_present(p
, tctx
, &new_handle
, sid
);
571 test_CloseKey(p
, tctx
, &new_handle
);
576 static bool test_owner_present(struct dcerpc_pipe
*p
,
577 struct torture_context
*tctx
,
578 struct policy_handle
*handle
,
579 const struct dom_sid
*sid
)
581 struct security_descriptor
*sd
= NULL
;
582 uint32_t sec_info
= SECINFO_OWNER
;
584 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
588 if (!sd
|| !sd
->owner_sid
) {
592 return dom_sid_equal(sd
->owner_sid
, sid
);
595 static bool _test_owner_present(struct dcerpc_pipe
*p
,
596 struct torture_context
*tctx
,
597 struct policy_handle
*handle
,
599 const struct dom_sid
*sid
)
601 struct policy_handle new_handle
;
604 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
608 ret
= test_owner_present(p
, tctx
, &new_handle
, sid
);
610 test_CloseKey(p
, tctx
, &new_handle
);
615 static bool test_group_present(struct dcerpc_pipe
*p
,
616 struct torture_context
*tctx
,
617 struct policy_handle
*handle
,
618 const struct dom_sid
*sid
)
620 struct security_descriptor
*sd
= NULL
;
621 uint32_t sec_info
= SECINFO_GROUP
;
623 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
627 if (!sd
|| !sd
->group_sid
) {
631 return dom_sid_equal(sd
->group_sid
, sid
);
634 static bool _test_group_present(struct dcerpc_pipe
*p
,
635 struct torture_context
*tctx
,
636 struct policy_handle
*handle
,
638 const struct dom_sid
*sid
)
640 struct policy_handle new_handle
;
643 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
647 ret
= test_group_present(p
, tctx
, &new_handle
, sid
);
649 test_CloseKey(p
, tctx
, &new_handle
);
654 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe
*p
,
655 struct torture_context
*tctx
,
656 struct policy_handle
*handle
,
657 const struct dom_sid
*sid
,
660 struct security_descriptor
*sd
= NULL
;
663 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
667 if (!sd
|| !sd
->dacl
) {
671 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
672 if ((dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) &&
673 (sd
->dacl
->aces
[i
].flags
== flags
)) {
681 static bool test_dacl_ace_present(struct dcerpc_pipe
*p
,
682 struct torture_context
*tctx
,
683 struct policy_handle
*handle
,
684 const struct security_ace
*ace
)
686 struct security_descriptor
*sd
= NULL
;
689 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
693 if (!sd
|| !sd
->dacl
) {
697 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
698 if (security_ace_equal(&sd
->dacl
->aces
[i
], ace
)) {
706 static bool test_RestoreSecurity(struct dcerpc_pipe
*p
,
707 struct torture_context
*tctx
,
708 struct policy_handle
*handle
,
710 struct security_descriptor
*sd
)
712 struct policy_handle new_handle
;
715 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
719 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
723 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
730 static bool test_BackupSecurity(struct dcerpc_pipe
*p
,
731 struct torture_context
*tctx
,
732 struct policy_handle
*handle
,
734 struct security_descriptor
**sd
)
736 struct policy_handle new_handle
;
739 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
743 if (!test_GetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
747 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
754 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe
*p
,
755 struct torture_context
*tctx
,
756 struct policy_handle
*handle
,
760 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
775 struct security_descriptor
*sd
= NULL
;
776 struct security_descriptor
*sd_orig
= NULL
;
777 struct security_ace
*ace
= NULL
;
778 struct policy_handle new_handle
;
782 torture_comment(tctx
, "SecurityDescriptor inheritance\n");
784 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
788 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
792 sd_orig
= security_descriptor_copy(tctx
, sd
);
793 if (sd_orig
== NULL
) {
797 ace
= security_ace_create(tctx
,
799 SEC_ACE_TYPE_ACCESS_ALLOWED
,
801 SEC_ACE_FLAG_CONTAINER_INHERIT
);
803 status
= security_descriptor_dacl_add(sd
, ace
);
804 if (!NT_STATUS_IS_OK(status
)) {
805 printf("failed to add ace: %s\n", nt_errstr(status
));
809 /* FIXME: add further tests for these flags */
810 sd
->type
|= SEC_DESC_DACL_AUTO_INHERIT_REQ
|
811 SEC_DESC_SACL_AUTO_INHERITED
;
813 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
817 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
818 printf("new ACE not present!\n");
822 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
826 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, NULL
)) {
831 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
836 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
837 printf("inherited ACE not present!\n");
842 test_CloseKey(p
, tctx
, &new_handle
);
843 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
848 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
853 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
854 printf("inherited ACE not present!\n");
860 test_CloseKey(p
, tctx
, &new_handle
);
861 test_Cleanup(p
, tctx
, handle
, TEST_SUBKEY_SD
);
862 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
867 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe
*p
,
868 struct torture_context
*tctx
,
869 struct policy_handle
*handle
,
873 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
885 struct security_descriptor
*sd
= NULL
;
886 struct security_descriptor
*sd_orig
= NULL
;
887 struct security_ace
*ace
= NULL
;
888 struct policy_handle new_handle
;
889 struct dom_sid
*sid
= NULL
;
892 uint8_t ace_flags
= 0x0;
894 torture_comment(tctx
, "SecurityDescriptor inheritance block\n");
896 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
900 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
904 sd_orig
= security_descriptor_copy(tctx
, sd
);
905 if (sd_orig
== NULL
) {
909 ace
= security_ace_create(tctx
,
911 SEC_ACE_TYPE_ACCESS_ALLOWED
,
913 SEC_ACE_FLAG_CONTAINER_INHERIT
|
914 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
);
916 status
= security_descriptor_dacl_add(sd
, ace
);
917 if (!NT_STATUS_IS_OK(status
)) {
918 printf("failed to add ace: %s\n", nt_errstr(status
));
922 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, NULL
, sd
, WERR_OK
)) {
926 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
927 printf("new ACE not present!\n");
931 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
935 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
939 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
944 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
945 printf("inherited ACE present but should not!\n");
950 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
955 if (test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
)) {
956 printf("inherited trustee SID present but should not!\n");
961 test_CloseKey(p
, tctx
, &new_handle
);
963 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
968 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
969 printf("inherited ACE present but should not!\n");
974 if (!test_dacl_trustee_flags_present(p
, tctx
, &new_handle
, sid
, ace_flags
)) {
975 printf("inherited trustee SID with flags 0x%02x not present!\n",
982 test_CloseKey(p
, tctx
, &new_handle
);
983 test_Cleanup(p
, tctx
, handle
, TEST_SUBKEY_SD
);
984 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
989 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe
*p
,
990 struct torture_context
*tctx
,
991 struct policy_handle
*handle
,
997 struct winreg_mask_result_table
{
998 uint32_t access_mask
;
1002 } sd_mask_tests
[] = {
1004 WERR_ACCESS_DENIED
, WERR_BADFILE
, WERR_FOOBAR
},
1005 { SEC_FLAG_MAXIMUM_ALLOWED
,
1006 WERR_OK
, WERR_OK
, WERR_OK
},
1007 { SEC_STD_WRITE_DAC
,
1008 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
},
1009 { SEC_FLAG_SYSTEM_SECURITY
,
1010 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
}
1013 /* FIXME: before this test can ever run successfully we need a way to
1014 * correctly read a NULL security_descritpor in ndr, get the required
1015 * length, requery, etc.
1020 for (i
=0; i
< ARRAY_SIZE(sd_mask_tests
); i
++) {
1022 torture_comment(tctx
,
1023 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1024 sd_mask_tests
[i
].access_mask
);
1025 torture_comment(tctx
,
1026 "expecting: open %s, get: %s, set: %s\n",
1027 win_errstr(sd_mask_tests
[i
].open_werr
),
1028 win_errstr(sd_mask_tests
[i
].get_werr
),
1029 win_errstr(sd_mask_tests
[i
].set_werr
));
1031 if (_test_SecurityDescriptor(p
, tctx
, handle
,
1032 sd_mask_tests
[i
].access_mask
, key
,
1033 sd_mask_tests
[i
].open_werr
,
1034 sd_mask_tests
[i
].get_werr
,
1035 sd_mask_tests
[i
].set_werr
)) {
1043 typedef bool (*secinfo_verify_fn
)(struct dcerpc_pipe
*,
1044 struct torture_context
*,
1045 struct policy_handle
*,
1047 const struct dom_sid
*);
1049 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe
*p
,
1050 struct torture_context
*tctx
,
1051 struct policy_handle
*handle
,
1054 uint32_t access_mask
,
1056 struct security_descriptor
*sd
,
1058 bool expect_present
,
1059 bool (*fn
) (struct dcerpc_pipe
*,
1060 struct torture_context
*,
1061 struct policy_handle
*,
1063 const struct dom_sid
*),
1064 const struct dom_sid
*sid
)
1066 struct policy_handle new_handle
;
1067 bool open_success
= false;
1069 torture_comment(tctx
, "SecurityDescriptor (%s) sets for secinfo: "
1070 "0x%08x, access_mask: 0x%08x\n",
1071 test
, sec_info
, access_mask
);
1073 if (!_test_OpenKey(p
, tctx
, handle
, key
,
1081 if (!open_success
) {
1082 printf("key did not open\n");
1083 test_CloseKey(p
, tctx
, &new_handle
);
1087 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, &sec_info
,
1090 torture_warning(tctx
,
1091 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1094 test_CloseKey(p
, tctx
, &new_handle
);
1098 test_CloseKey(p
, tctx
, &new_handle
);
1100 if (W_ERROR_IS_OK(set_werr
)) {
1102 present
= fn(p
, tctx
, handle
, key
, sid
);
1103 if ((expect_present
) && (!present
)) {
1104 torture_warning(tctx
,
1105 "%s sid is not present!\n",
1109 if ((!expect_present
) && (present
)) {
1110 torture_warning(tctx
,
1111 "%s sid is present but not expected!\n",
1120 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe
*p
,
1121 struct torture_context
*tctx
,
1122 struct policy_handle
*handle
,
1125 struct security_descriptor
*sd_orig
= NULL
;
1126 struct dom_sid
*sid
= NULL
;
1130 struct security_descriptor
*sd_owner
=
1131 security_descriptor_dacl_create(tctx
,
1133 TEST_SID
, NULL
, NULL
);
1135 struct security_descriptor
*sd_group
=
1136 security_descriptor_dacl_create(tctx
,
1138 NULL
, TEST_SID
, NULL
);
1140 struct security_descriptor
*sd_dacl
=
1141 security_descriptor_dacl_create(tctx
,
1145 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1148 SID_NT_AUTHENTICATED_USERS
,
1149 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1154 struct security_descriptor
*sd_sacl
=
1155 security_descriptor_sacl_create(tctx
,
1159 SEC_ACE_TYPE_SYSTEM_AUDIT
,
1161 SEC_ACE_FLAG_SUCCESSFUL_ACCESS
,
1164 struct winreg_secinfo_table
{
1165 struct security_descriptor
*sd
;
1169 secinfo_verify_fn fn
;
1172 struct winreg_secinfo_table sec_info_owner_tests
[] = {
1173 { sd_owner
, 0, WERR_OK
,
1174 false, (secinfo_verify_fn
)_test_owner_present
},
1175 { sd_owner
, SECINFO_OWNER
, WERR_OK
,
1176 true, (secinfo_verify_fn
)_test_owner_present
},
1177 { sd_owner
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1178 { sd_owner
, SECINFO_DACL
, WERR_OK
,
1179 true, (secinfo_verify_fn
)_test_owner_present
},
1180 { sd_owner
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1183 uint32_t sd_owner_good_access_masks
[] = {
1184 SEC_FLAG_MAXIMUM_ALLOWED
,
1185 /* SEC_STD_WRITE_OWNER, */
1188 struct winreg_secinfo_table sec_info_group_tests
[] = {
1189 { sd_group
, 0, WERR_OK
,
1190 false, (secinfo_verify_fn
)_test_group_present
},
1191 { sd_group
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1192 { sd_group
, SECINFO_GROUP
, WERR_OK
,
1193 true, (secinfo_verify_fn
)_test_group_present
},
1194 { sd_group
, SECINFO_DACL
, WERR_OK
,
1195 true, (secinfo_verify_fn
)_test_group_present
},
1196 { sd_group
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1199 uint32_t sd_group_good_access_masks
[] = {
1200 SEC_FLAG_MAXIMUM_ALLOWED
,
1203 struct winreg_secinfo_table sec_info_dacl_tests
[] = {
1204 { sd_dacl
, 0, WERR_OK
,
1205 false, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1206 { sd_dacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1207 { sd_dacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1208 { sd_dacl
, SECINFO_DACL
, WERR_OK
,
1209 true, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1210 { sd_dacl
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1213 uint32_t sd_dacl_good_access_masks
[] = {
1214 SEC_FLAG_MAXIMUM_ALLOWED
,
1218 struct winreg_secinfo_table sec_info_sacl_tests
[] = {
1219 { sd_sacl
, 0, WERR_OK
,
1220 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1221 { sd_sacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1222 { sd_sacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1223 { sd_sacl
, SECINFO_DACL
, WERR_OK
,
1224 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1225 { sd_sacl
, SECINFO_SACL
, WERR_OK
,
1226 true, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1229 uint32_t sd_sacl_good_access_masks
[] = {
1230 SEC_FLAG_MAXIMUM_ALLOWED
| SEC_FLAG_SYSTEM_SECURITY
,
1231 /* SEC_FLAG_SYSTEM_SECURITY, */
1234 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
1239 if (!test_BackupSecurity(p
, tctx
, handle
, key
, &sd_orig
)) {
1245 for (i
=0; i
< ARRAY_SIZE(sec_info_owner_tests
); i
++) {
1247 for (a
=0; a
< ARRAY_SIZE(sd_owner_good_access_masks
); a
++) {
1249 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1252 sd_owner_good_access_masks
[a
],
1253 sec_info_owner_tests
[i
].sec_info
,
1254 sec_info_owner_tests
[i
].sd
,
1255 sec_info_owner_tests
[i
].set_werr
,
1256 sec_info_owner_tests
[i
].sid_present
,
1257 sec_info_owner_tests
[i
].fn
,
1260 printf("test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1269 for (i
=0; i
< ARRAY_SIZE(sec_info_group_tests
); i
++) {
1271 for (a
=0; a
< ARRAY_SIZE(sd_group_good_access_masks
); a
++) {
1273 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1276 sd_group_good_access_masks
[a
],
1277 sec_info_group_tests
[i
].sec_info
,
1278 sec_info_group_tests
[i
].sd
,
1279 sec_info_group_tests
[i
].set_werr
,
1280 sec_info_group_tests
[i
].sid_present
,
1281 sec_info_group_tests
[i
].fn
,
1284 printf("test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1293 for (i
=0; i
< ARRAY_SIZE(sec_info_dacl_tests
); i
++) {
1295 for (a
=0; a
< ARRAY_SIZE(sd_dacl_good_access_masks
); a
++) {
1297 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1300 sd_dacl_good_access_masks
[a
],
1301 sec_info_dacl_tests
[i
].sec_info
,
1302 sec_info_dacl_tests
[i
].sd
,
1303 sec_info_dacl_tests
[i
].set_werr
,
1304 sec_info_dacl_tests
[i
].sid_present
,
1305 sec_info_dacl_tests
[i
].fn
,
1308 printf("test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1317 for (i
=0; i
< ARRAY_SIZE(sec_info_sacl_tests
); i
++) {
1319 for (a
=0; a
< ARRAY_SIZE(sd_sacl_good_access_masks
); a
++) {
1321 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1324 sd_sacl_good_access_masks
[a
],
1325 sec_info_sacl_tests
[i
].sec_info
,
1326 sec_info_sacl_tests
[i
].sd
,
1327 sec_info_sacl_tests
[i
].set_werr
,
1328 sec_info_sacl_tests
[i
].sid_present
,
1329 sec_info_sacl_tests
[i
].fn
,
1332 printf("test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1340 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
1345 static bool test_SecurityDescriptors(struct dcerpc_pipe
*p
,
1346 struct torture_context
*tctx
,
1347 struct policy_handle
*handle
,
1352 if (!test_SecurityDescriptor(p
, tctx
, handle
, key
)) {
1353 printf("test_SecurityDescriptor failed\n");
1357 if (!test_SecurityDescriptorInheritance(p
, tctx
, handle
, key
)) {
1358 printf("test_SecurityDescriptorInheritance failed\n");
1362 if (!test_SecurityDescriptorBlockInheritance(p
, tctx
, handle
, key
)) {
1363 printf("test_SecurityDescriptorBlockInheritance failed\n");
1367 if (!test_SecurityDescriptorsSecInfo(p
, tctx
, handle
, key
)) {
1368 printf("test_SecurityDescriptorsSecInfo failed\n");
1372 if (!test_SecurityDescriptorsMasks(p
, tctx
, handle
, key
)) {
1373 printf("test_SecurityDescriptorsMasks failed\n");
1380 static bool test_DeleteKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1381 struct policy_handle
*handle
, const char *key
)
1384 struct winreg_DeleteKey r
;
1386 r
.in
.handle
= handle
;
1387 init_winreg_String(&r
.in
.key
, key
);
1389 status
= dcerpc_winreg_DeleteKey(p
, tctx
, &r
);
1391 torture_assert_ntstatus_ok(tctx
, status
, "DeleteKey failed");
1392 torture_assert_werr_ok(tctx
, r
.out
.result
, "DeleteKey failed");
1397 static bool test_QueryInfoKey(struct dcerpc_pipe
*p
,
1398 struct torture_context
*tctx
,
1399 struct policy_handle
*handle
, char *kclass
)
1401 struct winreg_QueryInfoKey r
;
1402 uint32_t num_subkeys
, max_subkeylen
, max_classlen
,
1403 num_values
, max_valnamelen
, max_valbufsize
,
1405 NTTIME last_changed_time
;
1408 r
.in
.handle
= handle
;
1409 r
.out
.num_subkeys
= &num_subkeys
;
1410 r
.out
.max_subkeylen
= &max_subkeylen
;
1411 r
.out
.max_classlen
= &max_classlen
;
1412 r
.out
.num_values
= &num_values
;
1413 r
.out
.max_valnamelen
= &max_valnamelen
;
1414 r
.out
.max_valbufsize
= &max_valbufsize
;
1415 r
.out
.secdescsize
= &secdescsize
;
1416 r
.out
.last_changed_time
= &last_changed_time
;
1418 r
.out
.classname
= talloc(tctx
, struct winreg_String
);
1420 r
.in
.classname
= talloc(tctx
, struct winreg_String
);
1421 init_winreg_String(r
.in
.classname
, kclass
);
1423 torture_assert_ntstatus_ok(tctx
,
1424 dcerpc_winreg_QueryInfoKey(p
, tctx
, &r
),
1425 "QueryInfoKey failed");
1427 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryInfoKey failed");
1432 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1433 struct policy_handle
*handle
, int depth
,
1434 bool test_security
);
1436 static bool test_EnumKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1437 struct policy_handle
*handle
, int depth
,
1440 struct winreg_EnumKey r
;
1441 struct winreg_StringBuf kclass
, name
;
1449 r
.in
.handle
= handle
;
1450 r
.in
.enum_index
= 0;
1452 r
.in
.keyclass
= &kclass
;
1454 r
.in
.last_changed_time
= &t
;
1460 status
= dcerpc_winreg_EnumKey(p
, tctx
, &r
);
1462 if (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
)) {
1463 struct policy_handle key_handle
;
1465 torture_comment(tctx
, "EnumKey: %d: %s\n",
1469 if (!test_OpenKey(p
, tctx
, handle
, r
.out
.name
->name
,
1472 test_key(p
, tctx
, &key_handle
,
1473 depth
+ 1, test_security
);
1479 } while (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
));
1481 torture_assert_ntstatus_ok(tctx
, status
, "EnumKey failed");
1483 if (!W_ERROR_IS_OK(r
.out
.result
) &&
1484 !W_ERROR_EQUAL(r
.out
.result
, WERR_NO_MORE_ITEMS
)) {
1485 torture_fail(tctx
, "EnumKey failed");
1491 static bool test_QueryMultipleValues(struct dcerpc_pipe
*p
,
1492 struct torture_context
*tctx
,
1493 struct policy_handle
*handle
,
1494 const char *valuename
)
1496 struct winreg_QueryMultipleValues r
;
1501 r
.in
.key_handle
= handle
;
1502 r
.in
.values
= r
.out
.values
= talloc_array(tctx
, struct QueryMultipleValue
, 1);
1503 r
.in
.values
[0].name
= talloc(tctx
, struct winreg_String
);
1504 r
.in
.values
[0].name
->name
= valuename
;
1505 r
.in
.values
[0].offset
= 0;
1506 r
.in
.values
[0].length
= 0;
1507 r
.in
.values
[0].type
= 0;
1509 r
.in
.num_values
= 1;
1510 r
.in
.buffer_size
= r
.out
.buffer_size
= talloc(tctx
, uint32_t);
1511 *r
.in
.buffer_size
= bufsize
;
1513 *r
.in
.buffer_size
= bufsize
;
1514 r
.in
.buffer
= r
.out
.buffer
= talloc_zero_array(tctx
, uint8_t,
1517 status
= dcerpc_winreg_QueryMultipleValues(p
, tctx
, &r
);
1519 if(NT_STATUS_IS_ERR(status
))
1520 torture_fail(tctx
, "QueryMultipleValues failed");
1522 talloc_free(r
.in
.buffer
);
1524 } while (W_ERROR_EQUAL(r
.out
.result
, WERR_MORE_DATA
));
1526 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryMultipleValues failed");
1531 static bool test_QueryValue(struct dcerpc_pipe
*p
,
1532 struct torture_context
*tctx
,
1533 struct policy_handle
*handle
,
1534 const char *valuename
)
1536 struct winreg_QueryValue r
;
1538 enum winreg_Type zero_type
= 0;
1539 uint32_t offered
= 0xfff;
1543 r
.in
.handle
= handle
;
1545 r
.in
.value_name
= talloc_zero(tctx
, struct winreg_String
);
1546 r
.in
.value_name
->name
= valuename
;
1547 r
.in
.type
= &zero_type
;
1548 r
.in
.data_size
= &offered
;
1549 r
.in
.data_length
= &zero
;
1551 status
= dcerpc_winreg_QueryValue(p
, tctx
, &r
);
1552 if (NT_STATUS_IS_ERR(status
)) {
1553 torture_fail(tctx
, "QueryValue failed");
1556 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryValue failed");
1561 static bool test_EnumValue(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1562 struct policy_handle
*handle
, int max_valnamelen
,
1565 struct winreg_EnumValue r
;
1566 enum winreg_Type type
= 0;
1567 uint32_t size
= max_valbufsize
, zero
= 0;
1570 struct winreg_ValNameBuf name
;
1576 r
.in
.handle
= handle
;
1577 r
.in
.enum_index
= 0;
1582 r
.in
.length
= &zero
;
1586 torture_assert_ntstatus_ok(tctx
,
1587 dcerpc_winreg_EnumValue(p
, tctx
, &r
),
1588 "EnumValue failed");
1590 if (W_ERROR_IS_OK(r
.out
.result
)) {
1591 ret
&= test_QueryValue(p
, tctx
, handle
,
1593 ret
&= test_QueryMultipleValues(p
, tctx
, handle
,
1598 } while (W_ERROR_IS_OK(r
.out
.result
));
1600 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_NO_MORE_ITEMS
,
1601 "EnumValue failed");
1606 static bool test_AbortSystemShutdown(struct dcerpc_pipe
*p
,
1607 struct torture_context
*tctx
)
1609 struct winreg_AbortSystemShutdown r
;
1610 uint16_t server
= 0x0;
1613 r
.in
.server
= &server
;
1615 torture_assert_ntstatus_ok(tctx
,
1616 dcerpc_winreg_AbortSystemShutdown(p
, tctx
, &r
),
1617 "AbortSystemShutdown failed");
1619 torture_assert_werr_ok(tctx
, r
.out
.result
,
1620 "AbortSystemShutdown failed");
1625 static bool test_InitiateSystemShutdown(struct torture_context
*tctx
,
1626 struct dcerpc_pipe
*p
)
1628 struct winreg_InitiateSystemShutdown r
;
1629 uint16_t hostname
= 0x0;
1632 r
.in
.hostname
= &hostname
;
1633 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1634 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1635 r
.in
.force_apps
= 1;
1639 torture_assert_ntstatus_ok(tctx
,
1640 dcerpc_winreg_InitiateSystemShutdown(p
, tctx
, &r
),
1641 "InitiateSystemShutdown failed");
1643 torture_assert_werr_ok(tctx
, r
.out
.result
,
1644 "InitiateSystemShutdown failed");
1646 return test_AbortSystemShutdown(p
, tctx
);
1650 static bool test_InitiateSystemShutdownEx(struct torture_context
*tctx
,
1651 struct dcerpc_pipe
*p
)
1653 struct winreg_InitiateSystemShutdownEx r
;
1654 uint16_t hostname
= 0x0;
1657 r
.in
.hostname
= &hostname
;
1658 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1659 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1660 r
.in
.force_apps
= 1;
1665 torture_assert_ntstatus_ok(tctx
,
1666 dcerpc_winreg_InitiateSystemShutdownEx(p
, tctx
, &r
),
1667 "InitiateSystemShutdownEx failed");
1669 torture_assert_werr_ok(tctx
, r
.out
.result
,
1670 "InitiateSystemShutdownEx failed");
1672 return test_AbortSystemShutdown(p
, tctx
);
1674 #define MAX_DEPTH 2 /* Only go this far down the tree */
1676 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1677 struct policy_handle
*handle
, int depth
,
1680 if (depth
== MAX_DEPTH
)
1683 if (!test_QueryInfoKey(p
, tctx
, handle
, NULL
)) {
1686 if (!test_NotifyChangeKeyValue(p
, tctx
, handle
)) {
1689 if (test_security
&& !test_GetKeySecurity(p
, tctx
, handle
, NULL
)) {
1692 if (!test_EnumKey(p
, tctx
, handle
, depth
, test_security
)) {
1695 if (!test_EnumValue(p
, tctx
, handle
, 0xFF, 0xFFFF)) {
1698 test_CloseKey(p
, tctx
, handle
);
1703 typedef NTSTATUS (*winreg_open_fn
)(struct dcerpc_pipe
*, TALLOC_CTX
*, void *);
1705 static bool test_Open_Security(struct torture_context
*tctx
,
1706 struct dcerpc_pipe
*p
, void *userdata
)
1708 struct policy_handle handle
, newhandle
;
1709 bool ret
= true, created2
= false;
1710 bool created4
= false;
1711 struct winreg_OpenHKLM r
;
1713 winreg_open_fn open_fn
= userdata
;
1716 r
.in
.system_name
= 0;
1717 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1718 r
.out
.handle
= &handle
;
1720 torture_assert_ntstatus_ok(tctx
, open_fn(p
, tctx
, &r
),
1723 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1725 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
1726 torture_comment(tctx
,
1727 "CreateKey (TEST_KEY_BASE) failed\n");
1730 if (test_CreateKey_sd(p
, tctx
, &handle
, TEST_KEY2
,
1731 NULL
, &newhandle
)) {
1735 if (created2
&& !test_CloseKey(p
, tctx
, &newhandle
)) {
1736 printf("CloseKey failed\n");
1740 if (test_CreateKey_sd(p
, tctx
, &handle
, TEST_KEY4
, NULL
, &newhandle
)) {
1744 if (created4
&& !test_CloseKey(p
, tctx
, &newhandle
)) {
1745 printf("CloseKey failed\n");
1749 if (created4
&& !test_SecurityDescriptors(p
, tctx
, &handle
, TEST_KEY4
)) {
1753 if (created4
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY4
)) {
1754 printf("DeleteKey failed\n");
1758 if (created2
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY2
)) {
1759 printf("DeleteKey failed\n");
1763 /* The HKCR hive has a very large fanout */
1764 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR
) {
1765 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, true)) {
1769 if (!test_key(p
, tctx
, &handle
, 0, true)) {
1774 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1779 static bool test_Open(struct torture_context
*tctx
, struct dcerpc_pipe
*p
,
1782 struct policy_handle handle
, newhandle
;
1783 bool ret
= true, created
= false, deleted
= false;
1784 bool created3
= false, created_subkey
= false;
1785 struct winreg_OpenHKLM r
;
1787 winreg_open_fn open_fn
= userdata
;
1790 r
.in
.system_name
= 0;
1791 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1792 r
.out
.handle
= &handle
;
1794 torture_assert_ntstatus_ok(tctx
, open_fn(p
, tctx
, &r
),
1797 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1799 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
1800 torture_comment(tctx
,
1801 "CreateKey (TEST_KEY_BASE) failed\n");
1804 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY1
, NULL
)) {
1805 torture_comment(tctx
,
1806 "CreateKey failed - not considering a failure\n");
1811 if (created
&& !test_FlushKey(p
, tctx
, &handle
)) {
1812 torture_comment(tctx
, "FlushKey failed\n");
1816 if (created
&& !test_OpenKey(p
, tctx
, &handle
, TEST_KEY1
, &newhandle
))
1818 "CreateKey failed (OpenKey after Create didn't work)\n");
1820 if (created
&& !test_CloseKey(p
, tctx
, &newhandle
))
1822 "CreateKey failed (CloseKey after Open didn't work)\n");
1824 if (created
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY1
)) {
1825 torture_comment(tctx
, "DeleteKey failed\n");
1831 if (created
&& !test_FlushKey(p
, tctx
, &handle
)) {
1832 torture_comment(tctx
, "FlushKey failed\n");
1836 if (created
&& deleted
&&
1837 !_test_OpenKey(p
, tctx
, &handle
, TEST_KEY1
,
1838 SEC_FLAG_MAXIMUM_ALLOWED
, &newhandle
,
1839 WERR_BADFILE
, NULL
)) {
1840 torture_comment(tctx
,
1841 "DeleteKey failed (OpenKey after Delete "
1842 "did not return WERR_BADFILE)\n");
1846 if (!test_GetVersion(p
, tctx
, &handle
)) {
1847 torture_comment(tctx
, "GetVersion failed\n");
1851 if (created
&& test_CreateKey(p
, tctx
, &handle
, TEST_KEY3
, NULL
)) {
1856 test_CreateKey(p
, tctx
, &handle
, TEST_SUBKEY
, NULL
)) {
1857 created_subkey
= true;
1860 if (created_subkey
&&
1861 !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY3
)) {
1862 printf("DeleteKey failed\n");
1866 /* The HKCR hive has a very large fanout */
1867 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR
) {
1868 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, false)) {
1872 if (!test_key(p
, tctx
, &handle
, 0, false)) {
1877 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1882 struct torture_suite
*torture_rpc_winreg(TALLOC_CTX
*mem_ctx
)
1884 struct torture_rpc_tcase
*tcase
;
1885 struct torture_suite
*suite
= torture_suite_create(mem_ctx
, "WINREG");
1886 struct torture_test
*test
;
1888 tcase
= torture_suite_add_rpc_iface_tcase(suite
, "winreg",
1891 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdown",
1892 test_InitiateSystemShutdown
);
1893 test
->dangerous
= true;
1895 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdownEx",
1896 test_InitiateSystemShutdownEx
);
1897 test
->dangerous
= true;
1899 /* Basic tests without security descriptors */
1900 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-basic",
1902 (winreg_open_fn
)dcerpc_winreg_OpenHKLM
);
1903 torture_rpc_tcase_add_test_ex(tcase
, "HKU-basic",
1905 (winreg_open_fn
)dcerpc_winreg_OpenHKU
);
1906 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-basic",
1908 (winreg_open_fn
)dcerpc_winreg_OpenHKCR
);
1909 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-basic",
1911 (winreg_open_fn
)dcerpc_winreg_OpenHKCU
);
1913 /* Security descriptor tests */
1914 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-security",
1916 (winreg_open_fn
)dcerpc_winreg_OpenHKLM
);
1917 torture_rpc_tcase_add_test_ex(tcase
, "HKU-security",
1919 (winreg_open_fn
)dcerpc_winreg_OpenHKU
);
1920 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-security",
1922 (winreg_open_fn
)dcerpc_winreg_OpenHKCR
);
1923 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-security",
1925 (winreg_open_fn
)dcerpc_winreg_OpenHKCU
);