2 Unix SMB/CIFS implementation.
3 test suite for lsa rpc operations
5 Copyright (C) Andrew Tridgell 2003
6 Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005
8 This program is free software; you can redistribute it and/or modify
9 it under the terms of the GNU General Public License as published by
10 the Free Software Foundation; either version 3 of the License, or
11 (at your option) any later version.
13 This program is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 GNU General Public License for more details.
18 You should have received a copy of the GNU General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
23 #include "torture/torture.h"
24 #include "librpc/gen_ndr/ndr_lsa_c.h"
25 #include "librpc/gen_ndr/netlogon.h"
26 #include "lib/events/events.h"
27 #include "libcli/security/security.h"
28 #include "libcli/auth/libcli_auth.h"
29 #include "torture/rpc/rpc.h"
30 #include "param/param.h"
32 #define TEST_MACHINENAME "lsatestmach"
34 static void init_lsa_String(struct lsa_String
*name
, const char *s
)
39 static bool test_OpenPolicy(struct dcerpc_pipe
*p
, TALLOC_CTX
*mem_ctx
)
41 struct lsa_ObjectAttribute attr
;
42 struct policy_handle handle
;
43 struct lsa_QosInfo qos
;
44 struct lsa_OpenPolicy r
;
46 uint16_t system_name
= '\\';
48 printf("\ntesting OpenPolicy\n");
51 qos
.impersonation_level
= 2;
53 qos
.effective_only
= 0;
57 attr
.object_name
= NULL
;
62 r
.in
.system_name
= &system_name
;
64 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
65 r
.out
.handle
= &handle
;
67 status
= dcerpc_lsa_OpenPolicy(p
, mem_ctx
, &r
);
68 if (!NT_STATUS_IS_OK(status
)) {
69 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) ||
70 NT_STATUS_EQUAL(status
, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED
)) {
71 printf("not considering %s to be an error\n", nt_errstr(status
));
74 printf("OpenPolicy failed - %s\n", nt_errstr(status
));
82 bool test_lsa_OpenPolicy2(struct dcerpc_pipe
*p
, TALLOC_CTX
*mem_ctx
,
83 struct policy_handle
**handle
)
85 struct lsa_ObjectAttribute attr
;
86 struct lsa_QosInfo qos
;
87 struct lsa_OpenPolicy2 r
;
90 printf("\ntesting OpenPolicy2\n");
92 *handle
= talloc(mem_ctx
, struct policy_handle
);
98 qos
.impersonation_level
= 2;
100 qos
.effective_only
= 0;
103 attr
.root_dir
= NULL
;
104 attr
.object_name
= NULL
;
106 attr
.sec_desc
= NULL
;
109 r
.in
.system_name
= "\\";
111 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
112 r
.out
.handle
= *handle
;
114 status
= dcerpc_lsa_OpenPolicy2(p
, mem_ctx
, &r
);
115 if (!NT_STATUS_IS_OK(status
)) {
116 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) ||
117 NT_STATUS_EQUAL(status
, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED
)) {
118 printf("not considering %s to be an error\n", nt_errstr(status
));
119 talloc_free(*handle
);
123 printf("OpenPolicy2 failed - %s\n", nt_errstr(status
));
131 static const char *sid_type_lookup(enum lsa_SidType r
)
134 case SID_NAME_USE_NONE
: return "SID_NAME_USE_NONE"; break;
135 case SID_NAME_USER
: return "SID_NAME_USER"; break;
136 case SID_NAME_DOM_GRP
: return "SID_NAME_DOM_GRP"; break;
137 case SID_NAME_DOMAIN
: return "SID_NAME_DOMAIN"; break;
138 case SID_NAME_ALIAS
: return "SID_NAME_ALIAS"; break;
139 case SID_NAME_WKN_GRP
: return "SID_NAME_WKN_GRP"; break;
140 case SID_NAME_DELETED
: return "SID_NAME_DELETED"; break;
141 case SID_NAME_INVALID
: return "SID_NAME_INVALID"; break;
142 case SID_NAME_UNKNOWN
: return "SID_NAME_UNKNOWN"; break;
143 case SID_NAME_COMPUTER
: return "SID_NAME_COMPUTER"; break;
145 return "Invalid sid type\n";
148 static bool test_LookupNames(struct dcerpc_pipe
*p
,
150 struct policy_handle
*handle
,
151 struct lsa_TransNameArray
*tnames
)
153 struct lsa_LookupNames r
;
154 struct lsa_TransSidArray sids
;
155 struct lsa_String
*names
;
160 printf("\nTesting LookupNames with %d names\n", tnames
->count
);
165 names
= talloc_array(mem_ctx
, struct lsa_String
, tnames
->count
);
166 for (i
=0;i
<tnames
->count
;i
++) {
167 init_lsa_String(&names
[i
], tnames
->names
[i
].name
.string
);
170 r
.in
.handle
= handle
;
171 r
.in
.num_names
= tnames
->count
;
176 r
.out
.count
= &count
;
179 status
= dcerpc_lsa_LookupNames(p
, mem_ctx
, &r
);
181 if (NT_STATUS_EQUAL(status
, STATUS_SOME_UNMAPPED
) ||
182 NT_STATUS_EQUAL(status
, NT_STATUS_NONE_MAPPED
)) {
183 for (i
=0;i
< tnames
->count
;i
++) {
184 if (i
< count
&& sids
.sids
[i
].sid_type
== SID_NAME_UNKNOWN
) {
185 printf("LookupName of %s was unmapped\n",
186 tnames
->names
[i
].name
.string
);
187 } else if (i
>=count
) {
188 printf("LookupName of %s failed to return a result\n",
189 tnames
->names
[i
].name
.string
);
192 printf("LookupNames failed - %s\n", nt_errstr(status
));
194 } else if (!NT_STATUS_IS_OK(status
)) {
195 printf("LookupNames failed - %s\n", nt_errstr(status
));
199 for (i
=0;i
< tnames
->count
;i
++) {
200 if (i
< count
&& sids
.sids
[i
].sid_type
!= tnames
->names
[i
].sid_type
) {
201 printf("LookupName of %s got unexpected name type: %s\n",
202 tnames
->names
[i
].name
.string
, sid_type_lookup(sids
.sids
[i
].sid_type
));
203 } else if (i
>=count
) {
204 printf("LookupName of %s failed to return a result\n",
205 tnames
->names
[i
].name
.string
);
213 static bool test_LookupNames_bogus(struct dcerpc_pipe
*p
,
215 struct policy_handle
*handle
)
217 struct lsa_LookupNames r
;
218 struct lsa_TransSidArray sids
;
219 struct lsa_String
*names
;
224 struct lsa_TranslatedName name
;
225 struct lsa_TransNameArray tnames
;
227 tnames
.names
= &name
;
229 name
.name
.string
= "NT AUTHORITY\\BOGUS";
231 printf("\nTesting LookupNames with bogus names\n");
236 names
= talloc_array(mem_ctx
, struct lsa_String
, tnames
.count
);
237 for (i
=0;i
<tnames
.count
;i
++) {
238 init_lsa_String(&names
[i
], tnames
.names
[i
].name
.string
);
241 r
.in
.handle
= handle
;
242 r
.in
.num_names
= tnames
.count
;
247 r
.out
.count
= &count
;
250 status
= dcerpc_lsa_LookupNames(p
, mem_ctx
, &r
);
251 if (!NT_STATUS_EQUAL(status
, NT_STATUS_NONE_MAPPED
)) {
252 printf("LookupNames failed - %s\n", nt_errstr(status
));
261 static bool test_LookupNames_wellknown(struct dcerpc_pipe
*p
,
263 struct policy_handle
*handle
)
265 struct lsa_TranslatedName name
;
266 struct lsa_TransNameArray tnames
;
269 printf("Testing LookupNames with well known names\n");
271 tnames
.names
= &name
;
273 name
.name
.string
= "NT AUTHORITY\\SYSTEM";
274 name
.sid_type
= SID_NAME_WKN_GRP
;
275 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
277 name
.name
.string
= "NT AUTHORITY\\ANONYMOUS LOGON";
278 name
.sid_type
= SID_NAME_WKN_GRP
;
279 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
281 name
.name
.string
= "NT AUTHORITY\\Authenticated Users";
282 name
.sid_type
= SID_NAME_WKN_GRP
;
283 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
286 name
.name
.string
= "NT AUTHORITY";
287 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
289 name
.name
.string
= "NT AUTHORITY\\";
290 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
293 name
.name
.string
= "BUILTIN\\";
294 name
.sid_type
= SID_NAME_DOMAIN
;
295 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
297 name
.name
.string
= "BUILTIN\\Administrators";
298 name
.sid_type
= SID_NAME_ALIAS
;
299 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
301 name
.name
.string
= "SYSTEM";
302 name
.sid_type
= SID_NAME_WKN_GRP
;
303 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
305 name
.name
.string
= "Everyone";
306 name
.sid_type
= SID_NAME_WKN_GRP
;
307 ret
&= test_LookupNames(p
, mem_ctx
, handle
, &tnames
);
311 static bool test_LookupNames2(struct dcerpc_pipe
*p
,
313 struct policy_handle
*handle
,
314 struct lsa_TransNameArray2
*tnames
)
316 struct lsa_LookupNames2 r
;
317 struct lsa_TransSidArray2 sids
;
318 struct lsa_String
*names
;
323 printf("\nTesting LookupNames2 with %d names\n", tnames
->count
);
328 names
= talloc_array(mem_ctx
, struct lsa_String
, tnames
->count
);
329 for (i
=0;i
<tnames
->count
;i
++) {
330 init_lsa_String(&names
[i
], tnames
->names
[i
].name
.string
);
333 r
.in
.handle
= handle
;
334 r
.in
.num_names
= tnames
->count
;
341 r
.out
.count
= &count
;
344 status
= dcerpc_lsa_LookupNames2(p
, mem_ctx
, &r
);
345 if (!NT_STATUS_IS_OK(status
)) {
346 printf("LookupNames2 failed - %s\n", nt_errstr(status
));
356 static bool test_LookupNames3(struct dcerpc_pipe
*p
,
358 struct policy_handle
*handle
,
359 struct lsa_TransNameArray2
*tnames
)
361 struct lsa_LookupNames3 r
;
362 struct lsa_TransSidArray3 sids
;
363 struct lsa_String
*names
;
368 printf("\nTesting LookupNames3 with %d names\n", tnames
->count
);
373 names
= talloc_array(mem_ctx
, struct lsa_String
, tnames
->count
);
374 for (i
=0;i
<tnames
->count
;i
++) {
375 init_lsa_String(&names
[i
], tnames
->names
[i
].name
.string
);
378 r
.in
.handle
= handle
;
379 r
.in
.num_names
= tnames
->count
;
386 r
.out
.count
= &count
;
389 status
= dcerpc_lsa_LookupNames3(p
, mem_ctx
, &r
);
390 if (!NT_STATUS_IS_OK(status
)) {
391 printf("LookupNames3 failed - %s\n", nt_errstr(status
));
400 static bool test_LookupNames4(struct dcerpc_pipe
*p
,
402 struct lsa_TransNameArray2
*tnames
)
404 struct lsa_LookupNames4 r
;
405 struct lsa_TransSidArray3 sids
;
406 struct lsa_String
*names
;
411 printf("\nTesting LookupNames4 with %d names\n", tnames
->count
);
416 names
= talloc_array(mem_ctx
, struct lsa_String
, tnames
->count
);
417 for (i
=0;i
<tnames
->count
;i
++) {
418 init_lsa_String(&names
[i
], tnames
->names
[i
].name
.string
);
421 r
.in
.num_names
= tnames
->count
;
428 r
.out
.count
= &count
;
431 status
= dcerpc_lsa_LookupNames4(p
, mem_ctx
, &r
);
432 if (!NT_STATUS_IS_OK(status
)) {
433 printf("LookupNames4 failed - %s\n", nt_errstr(status
));
443 static bool test_LookupSids(struct dcerpc_pipe
*p
,
445 struct policy_handle
*handle
,
446 struct lsa_SidArray
*sids
)
448 struct lsa_LookupSids r
;
449 struct lsa_TransNameArray names
;
450 uint32_t count
= sids
->num_sids
;
453 printf("\nTesting LookupSids\n");
458 r
.in
.handle
= handle
;
463 r
.out
.count
= &count
;
464 r
.out
.names
= &names
;
466 status
= dcerpc_lsa_LookupSids(p
, mem_ctx
, &r
);
467 if (!NT_STATUS_IS_OK(status
)) {
468 printf("LookupSids failed - %s\n", nt_errstr(status
));
474 if (!test_LookupNames(p
, mem_ctx
, handle
, &names
)) {
482 static bool test_LookupSids2(struct dcerpc_pipe
*p
,
484 struct policy_handle
*handle
,
485 struct lsa_SidArray
*sids
)
487 struct lsa_LookupSids2 r
;
488 struct lsa_TransNameArray2 names
;
489 uint32_t count
= sids
->num_sids
;
492 printf("\nTesting LookupSids2\n");
497 r
.in
.handle
= handle
;
504 r
.out
.count
= &count
;
505 r
.out
.names
= &names
;
507 status
= dcerpc_lsa_LookupSids2(p
, mem_ctx
, &r
);
508 if (!NT_STATUS_IS_OK(status
)) {
509 printf("LookupSids2 failed - %s\n", nt_errstr(status
));
515 if (!test_LookupNames2(p
, mem_ctx
, handle
, &names
)) {
519 if (!test_LookupNames3(p
, mem_ctx
, handle
, &names
)) {
526 static bool test_LookupSids3(struct dcerpc_pipe
*p
,
528 struct lsa_SidArray
*sids
)
530 struct lsa_LookupSids3 r
;
531 struct lsa_TransNameArray2 names
;
532 uint32_t count
= sids
->num_sids
;
535 printf("\nTesting LookupSids3\n");
546 r
.out
.count
= &count
;
547 r
.out
.names
= &names
;
549 status
= dcerpc_lsa_LookupSids3(p
, mem_ctx
, &r
);
550 if (!NT_STATUS_IS_OK(status
)) {
551 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) ||
552 NT_STATUS_EQUAL(status
, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED
)) {
553 printf("not considering %s to be an error\n", nt_errstr(status
));
556 printf("LookupSids3 failed - %s - not considered an error\n",
563 if (!test_LookupNames4(p
, mem_ctx
, &names
)) {
570 bool test_many_LookupSids(struct dcerpc_pipe
*p
,
572 struct policy_handle
*handle
)
576 struct lsa_SidArray sids
;
579 printf("\nTesting LookupSids with lots of SIDs\n");
583 sids
.sids
= talloc_array(mem_ctx
, struct lsa_SidPtr
, sids
.num_sids
);
585 for (i
=0; i
<sids
.num_sids
; i
++) {
586 const char *sidstr
= "S-1-5-32-545";
587 sids
.sids
[i
].sid
= dom_sid_parse_talloc(mem_ctx
, sidstr
);
590 count
= sids
.num_sids
;
593 struct lsa_LookupSids r
;
594 struct lsa_TransNameArray names
;
598 r
.in
.handle
= handle
;
602 r
.in
.count
= &names
.count
;
603 r
.out
.count
= &count
;
604 r
.out
.names
= &names
;
606 status
= dcerpc_lsa_LookupSids(p
, mem_ctx
, &r
);
607 if (!NT_STATUS_IS_OK(status
)) {
608 printf("LookupSids failed - %s\n", nt_errstr(status
));
614 if (!test_LookupNames(p
, mem_ctx
, handle
, &names
)) {
618 struct lsa_LookupSids3 r
;
619 struct lsa_TransNameArray2 names
;
624 printf("\nTesting LookupSids3\n");
632 r
.out
.count
= &count
;
633 r
.out
.names
= &names
;
635 status
= dcerpc_lsa_LookupSids3(p
, mem_ctx
, &r
);
636 if (!NT_STATUS_IS_OK(status
)) {
637 if (NT_STATUS_EQUAL(status
, NT_STATUS_ACCESS_DENIED
) ||
638 NT_STATUS_EQUAL(status
, NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED
)) {
639 printf("not considering %s to be an error\n", nt_errstr(status
));
642 printf("LookupSids3 failed - %s\n",
646 if (!test_LookupNames4(p
, mem_ctx
, &names
)) {
658 static void lookupsids_cb(struct rpc_request
*req
)
660 int *replies
= (int *)req
->async
.private_data
;
663 status
= dcerpc_ndr_request_recv(req
);
664 if (!NT_STATUS_IS_OK(status
)) {
665 printf("lookupsids returned %s\n", nt_errstr(status
));
674 static bool test_LookupSids_async(struct dcerpc_pipe
*p
,
676 struct policy_handle
*handle
)
678 struct lsa_SidArray sids
;
679 struct lsa_SidPtr sidptr
;
681 struct lsa_TransNameArray
*names
;
682 struct lsa_LookupSids
*r
;
683 struct rpc_request
**req
;
686 const int num_async_requests
= 50;
688 count
= talloc_array(mem_ctx
, uint32_t, num_async_requests
);
689 names
= talloc_array(mem_ctx
, struct lsa_TransNameArray
, num_async_requests
);
690 r
= talloc_array(mem_ctx
, struct lsa_LookupSids
, num_async_requests
);
692 printf("\nTesting %d async lookupsids request\n", num_async_requests
);
694 req
= talloc_array(mem_ctx
, struct rpc_request
*, num_async_requests
);
698 sidptr
.sid
= dom_sid_parse_talloc(mem_ctx
, "S-1-5-32-545");
702 for (i
=0; i
<num_async_requests
; i
++) {
705 names
[i
].names
= NULL
;
707 r
[i
].in
.handle
= handle
;
708 r
[i
].in
.sids
= &sids
;
709 r
[i
].in
.names
= &names
[i
];
711 r
[i
].in
.count
= &names
[i
].count
;
712 r
[i
].out
.count
= &count
[i
];
713 r
[i
].out
.names
= &names
[i
];
715 req
[i
] = dcerpc_lsa_LookupSids_send(p
, req
, &r
[i
]);
716 if (req
[i
] == NULL
) {
721 req
[i
]->async
.callback
= lookupsids_cb
;
722 req
[i
]->async
.private_data
= &replies
;
725 while (replies
>= 0 && replies
< num_async_requests
) {
726 event_loop_once(p
->conn
->event_ctx
);
738 static bool test_LookupPrivValue(struct dcerpc_pipe
*p
,
740 struct policy_handle
*handle
,
741 struct lsa_String
*name
)
744 struct lsa_LookupPrivValue r
;
745 struct lsa_LUID luid
;
747 r
.in
.handle
= handle
;
751 status
= dcerpc_lsa_LookupPrivValue(p
, mem_ctx
, &r
);
752 if (!NT_STATUS_IS_OK(status
)) {
753 printf("\nLookupPrivValue failed - %s\n", nt_errstr(status
));
760 static bool test_LookupPrivName(struct dcerpc_pipe
*p
,
762 struct policy_handle
*handle
,
763 struct lsa_LUID
*luid
)
766 struct lsa_LookupPrivName r
;
768 r
.in
.handle
= handle
;
771 status
= dcerpc_lsa_LookupPrivName(p
, mem_ctx
, &r
);
772 if (!NT_STATUS_IS_OK(status
)) {
773 printf("\nLookupPrivName failed - %s\n", nt_errstr(status
));
780 static bool test_RemovePrivilegesFromAccount(struct dcerpc_pipe
*p
,
782 struct policy_handle
*acct_handle
,
783 struct lsa_LUID
*luid
)
786 struct lsa_RemovePrivilegesFromAccount r
;
787 struct lsa_PrivilegeSet privs
;
790 printf("Testing RemovePrivilegesFromAccount\n");
792 r
.in
.handle
= acct_handle
;
798 privs
.set
= talloc_array(mem_ctx
, struct lsa_LUIDAttribute
, 1);
799 privs
.set
[0].luid
= *luid
;
800 privs
.set
[0].attribute
= 0;
802 status
= dcerpc_lsa_RemovePrivilegesFromAccount(p
, mem_ctx
, &r
);
803 if (!NT_STATUS_IS_OK(status
)) {
804 printf("RemovePrivilegesFromAccount failed - %s\n", nt_errstr(status
));
811 static bool test_AddPrivilegesToAccount(struct dcerpc_pipe
*p
,
813 struct policy_handle
*acct_handle
,
814 struct lsa_LUID
*luid
)
817 struct lsa_AddPrivilegesToAccount r
;
818 struct lsa_PrivilegeSet privs
;
821 printf("Testing AddPrivilegesToAccount\n");
823 r
.in
.handle
= acct_handle
;
828 privs
.set
= talloc_array(mem_ctx
, struct lsa_LUIDAttribute
, 1);
829 privs
.set
[0].luid
= *luid
;
830 privs
.set
[0].attribute
= 0;
832 status
= dcerpc_lsa_AddPrivilegesToAccount(p
, mem_ctx
, &r
);
833 if (!NT_STATUS_IS_OK(status
)) {
834 printf("AddPrivilegesToAccount failed - %s\n", nt_errstr(status
));
841 static bool test_EnumPrivsAccount(struct dcerpc_pipe
*p
,
843 struct policy_handle
*handle
,
844 struct policy_handle
*acct_handle
)
847 struct lsa_EnumPrivsAccount r
;
850 printf("Testing EnumPrivsAccount\n");
852 r
.in
.handle
= acct_handle
;
854 status
= dcerpc_lsa_EnumPrivsAccount(p
, mem_ctx
, &r
);
855 if (!NT_STATUS_IS_OK(status
)) {
856 printf("EnumPrivsAccount failed - %s\n", nt_errstr(status
));
860 if (r
.out
.privs
&& r
.out
.privs
->count
> 0) {
862 for (i
=0;i
<r
.out
.privs
->count
;i
++) {
863 test_LookupPrivName(p
, mem_ctx
, handle
,
864 &r
.out
.privs
->set
[i
].luid
);
867 ret
&= test_RemovePrivilegesFromAccount(p
, mem_ctx
, acct_handle
,
868 &r
.out
.privs
->set
[0].luid
);
869 ret
&= test_AddPrivilegesToAccount(p
, mem_ctx
, acct_handle
,
870 &r
.out
.privs
->set
[0].luid
);
876 static bool test_Delete(struct dcerpc_pipe
*p
,
878 struct policy_handle
*handle
)
883 printf("testing Delete\n");
885 r
.in
.handle
= handle
;
886 status
= dcerpc_lsa_Delete(p
, mem_ctx
, &r
);
887 if (!NT_STATUS_IS_OK(status
)) {
888 printf("Delete failed - %s\n", nt_errstr(status
));
896 static bool test_CreateAccount(struct dcerpc_pipe
*p
,
898 struct policy_handle
*handle
)
901 struct lsa_CreateAccount r
;
902 struct dom_sid2
*newsid
;
903 struct policy_handle acct_handle
;
905 newsid
= dom_sid_parse_talloc(mem_ctx
, "S-1-5-12349876-4321-2854");
907 printf("Testing CreateAccount\n");
909 r
.in
.handle
= handle
;
911 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
912 r
.out
.acct_handle
= &acct_handle
;
914 status
= dcerpc_lsa_CreateAccount(p
, mem_ctx
, &r
);
915 if (!NT_STATUS_IS_OK(status
)) {
916 printf("CreateAccount failed - %s\n", nt_errstr(status
));
920 if (!test_Delete(p
, mem_ctx
, &acct_handle
)) {
927 static bool test_DeleteTrustedDomain(struct dcerpc_pipe
*p
,
929 struct policy_handle
*handle
,
930 struct lsa_StringLarge name
)
933 struct lsa_OpenTrustedDomainByName r
;
934 struct policy_handle trustdom_handle
;
936 r
.in
.handle
= handle
;
937 r
.in
.name
.string
= name
.string
;
938 r
.in
.access_mask
= SEC_STD_DELETE
;
939 r
.out
.trustdom_handle
= &trustdom_handle
;
941 status
= dcerpc_lsa_OpenTrustedDomainByName(p
, mem_ctx
, &r
);
942 if (!NT_STATUS_IS_OK(status
)) {
943 printf("lsa_OpenTrustedDomainByName failed - %s\n", nt_errstr(status
));
947 if (!test_Delete(p
, mem_ctx
, &trustdom_handle
)) {
954 static bool test_DeleteTrustedDomainBySid(struct dcerpc_pipe
*p
,
956 struct policy_handle
*handle
,
960 struct lsa_DeleteTrustedDomain r
;
962 r
.in
.handle
= handle
;
965 status
= dcerpc_lsa_DeleteTrustedDomain(p
, mem_ctx
, &r
);
966 if (!NT_STATUS_IS_OK(status
)) {
967 printf("lsa_DeleteTrustedDomain failed - %s\n", nt_errstr(status
));
975 static bool test_CreateSecret(struct dcerpc_pipe
*p
,
977 struct policy_handle
*handle
)
980 struct lsa_CreateSecret r
;
981 struct lsa_OpenSecret r2
;
982 struct lsa_SetSecret r3
;
983 struct lsa_QuerySecret r4
;
984 struct lsa_SetSecret r5
;
985 struct lsa_QuerySecret r6
;
986 struct lsa_SetSecret r7
;
987 struct lsa_QuerySecret r8
;
988 struct policy_handle sec_handle
, sec_handle2
, sec_handle3
;
990 struct lsa_DATA_BUF buf1
;
991 struct lsa_DATA_BUF_PTR bufp1
;
992 struct lsa_DATA_BUF_PTR bufp2
;
995 DATA_BLOB session_key
;
996 NTTIME old_mtime
, new_mtime
;
997 DATA_BLOB blob1
, blob2
;
998 const char *secret1
= "abcdef12345699qwerty";
1000 const char *secret3
= "ABCDEF12345699QWERTY";
1002 const char *secret5
= "NEW-SAMBA4-SECRET";
1006 const int LOCAL
= 0;
1007 const int GLOBAL
= 1;
1009 secname
[LOCAL
] = talloc_asprintf(mem_ctx
, "torturesecret-%u", (uint_t
)random());
1010 secname
[GLOBAL
] = talloc_asprintf(mem_ctx
, "G$torturesecret-%u", (uint_t
)random());
1012 for (i
=0; i
< 2; i
++) {
1013 printf("Testing CreateSecret of %s\n", secname
[i
]);
1015 init_lsa_String(&r
.in
.name
, secname
[i
]);
1017 r
.in
.handle
= handle
;
1018 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1019 r
.out
.sec_handle
= &sec_handle
;
1021 status
= dcerpc_lsa_CreateSecret(p
, mem_ctx
, &r
);
1022 if (!NT_STATUS_IS_OK(status
)) {
1023 printf("CreateSecret failed - %s\n", nt_errstr(status
));
1027 r
.in
.handle
= handle
;
1028 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1029 r
.out
.sec_handle
= &sec_handle3
;
1031 status
= dcerpc_lsa_CreateSecret(p
, mem_ctx
, &r
);
1032 if (!NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_COLLISION
)) {
1033 printf("CreateSecret should have failed OBJECT_NAME_COLLISION - %s\n", nt_errstr(status
));
1037 r2
.in
.handle
= handle
;
1038 r2
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1039 r2
.in
.name
= r
.in
.name
;
1040 r2
.out
.sec_handle
= &sec_handle2
;
1042 printf("Testing OpenSecret\n");
1044 status
= dcerpc_lsa_OpenSecret(p
, mem_ctx
, &r2
);
1045 if (!NT_STATUS_IS_OK(status
)) {
1046 printf("OpenSecret failed - %s\n", nt_errstr(status
));
1050 status
= dcerpc_fetch_session_key(p
, &session_key
);
1051 if (!NT_STATUS_IS_OK(status
)) {
1052 printf("dcerpc_fetch_session_key failed - %s\n", nt_errstr(status
));
1056 enc_key
= sess_encrypt_string(secret1
, &session_key
);
1058 r3
.in
.sec_handle
= &sec_handle
;
1059 r3
.in
.new_val
= &buf1
;
1060 r3
.in
.old_val
= NULL
;
1061 r3
.in
.new_val
->data
= enc_key
.data
;
1062 r3
.in
.new_val
->length
= enc_key
.length
;
1063 r3
.in
.new_val
->size
= enc_key
.length
;
1065 printf("Testing SetSecret\n");
1067 status
= dcerpc_lsa_SetSecret(p
, mem_ctx
, &r3
);
1068 if (!NT_STATUS_IS_OK(status
)) {
1069 printf("SetSecret failed - %s\n", nt_errstr(status
));
1073 r3
.in
.sec_handle
= &sec_handle
;
1074 r3
.in
.new_val
= &buf1
;
1075 r3
.in
.old_val
= NULL
;
1076 r3
.in
.new_val
->data
= enc_key
.data
;
1077 r3
.in
.new_val
->length
= enc_key
.length
;
1078 r3
.in
.new_val
->size
= enc_key
.length
;
1080 /* break the encrypted data */
1083 printf("Testing SetSecret with broken key\n");
1085 status
= dcerpc_lsa_SetSecret(p
, mem_ctx
, &r3
);
1086 if (!NT_STATUS_EQUAL(status
, NT_STATUS_UNKNOWN_REVISION
)) {
1087 printf("SetSecret should have failed UNKNOWN_REVISION - %s\n", nt_errstr(status
));
1091 data_blob_free(&enc_key
);
1093 ZERO_STRUCT(new_mtime
);
1094 ZERO_STRUCT(old_mtime
);
1096 /* fetch the secret back again */
1097 r4
.in
.sec_handle
= &sec_handle
;
1098 r4
.in
.new_val
= &bufp1
;
1099 r4
.in
.new_mtime
= &new_mtime
;
1100 r4
.in
.old_val
= NULL
;
1101 r4
.in
.old_mtime
= NULL
;
1105 printf("Testing QuerySecret\n");
1106 status
= dcerpc_lsa_QuerySecret(p
, mem_ctx
, &r4
);
1107 if (!NT_STATUS_IS_OK(status
)) {
1108 printf("QuerySecret failed - %s\n", nt_errstr(status
));
1111 if (r4
.out
.new_val
== NULL
|| r4
.out
.new_val
->buf
== NULL
) {
1112 printf("No secret buffer returned\n");
1115 blob1
.data
= r4
.out
.new_val
->buf
->data
;
1116 blob1
.length
= r4
.out
.new_val
->buf
->size
;
1118 blob2
= data_blob_talloc(mem_ctx
, NULL
, blob1
.length
);
1120 secret2
= sess_decrypt_string(mem_ctx
,
1121 &blob1
, &session_key
);
1123 if (strcmp(secret1
, secret2
) != 0) {
1124 printf("Returned secret '%s' doesn't match '%s'\n",
1131 enc_key
= sess_encrypt_string(secret3
, &session_key
);
1133 r5
.in
.sec_handle
= &sec_handle
;
1134 r5
.in
.new_val
= &buf1
;
1135 r5
.in
.old_val
= NULL
;
1136 r5
.in
.new_val
->data
= enc_key
.data
;
1137 r5
.in
.new_val
->length
= enc_key
.length
;
1138 r5
.in
.new_val
->size
= enc_key
.length
;
1140 printf("Testing SetSecret (existing value should move to old)\n");
1142 status
= dcerpc_lsa_SetSecret(p
, mem_ctx
, &r5
);
1143 if (!NT_STATUS_IS_OK(status
)) {
1144 printf("SetSecret failed - %s\n", nt_errstr(status
));
1148 data_blob_free(&enc_key
);
1150 ZERO_STRUCT(new_mtime
);
1151 ZERO_STRUCT(old_mtime
);
1153 /* fetch the secret back again */
1154 r6
.in
.sec_handle
= &sec_handle
;
1155 r6
.in
.new_val
= &bufp1
;
1156 r6
.in
.new_mtime
= &new_mtime
;
1157 r6
.in
.old_val
= &bufp2
;
1158 r6
.in
.old_mtime
= &old_mtime
;
1163 status
= dcerpc_lsa_QuerySecret(p
, mem_ctx
, &r6
);
1164 if (!NT_STATUS_IS_OK(status
)) {
1165 printf("QuerySecret failed - %s\n", nt_errstr(status
));
1170 if (r6
.out
.new_val
->buf
== NULL
|| r6
.out
.old_val
->buf
== NULL
1171 || r6
.out
.new_mtime
== NULL
|| r6
.out
.old_mtime
== NULL
) {
1172 printf("Both secret buffers and both times not returned\n");
1176 blob1
.data
= r6
.out
.new_val
->buf
->data
;
1177 blob1
.length
= r6
.out
.new_val
->buf
->size
;
1179 blob2
= data_blob_talloc(mem_ctx
, NULL
, blob1
.length
);
1181 secret4
= sess_decrypt_string(mem_ctx
,
1182 &blob1
, &session_key
);
1184 if (strcmp(secret3
, secret4
) != 0) {
1185 printf("Returned NEW secret %s doesn't match %s\n", secret4
, secret3
);
1189 blob1
.data
= r6
.out
.old_val
->buf
->data
;
1190 blob1
.length
= r6
.out
.old_val
->buf
->length
;
1192 blob2
= data_blob_talloc(mem_ctx
, NULL
, blob1
.length
);
1194 secret2
= sess_decrypt_string(mem_ctx
,
1195 &blob1
, &session_key
);
1197 if (strcmp(secret1
, secret2
) != 0) {
1198 printf("Returned OLD secret %s doesn't match %s\n", secret2
, secret1
);
1202 if (*r6
.out
.new_mtime
== *r6
.out
.old_mtime
) {
1203 printf("Returned secret %s had same mtime for both secrets: %s\n",
1205 nt_time_string(mem_ctx
, *r6
.out
.new_mtime
));
1211 enc_key
= sess_encrypt_string(secret5
, &session_key
);
1213 r7
.in
.sec_handle
= &sec_handle
;
1214 r7
.in
.old_val
= &buf1
;
1215 r7
.in
.old_val
->data
= enc_key
.data
;
1216 r7
.in
.old_val
->length
= enc_key
.length
;
1217 r7
.in
.old_val
->size
= enc_key
.length
;
1218 r7
.in
.new_val
= NULL
;
1220 printf("Testing SetSecret of old Secret only\n");
1222 status
= dcerpc_lsa_SetSecret(p
, mem_ctx
, &r7
);
1223 if (!NT_STATUS_IS_OK(status
)) {
1224 printf("SetSecret failed - %s\n", nt_errstr(status
));
1228 data_blob_free(&enc_key
);
1230 /* fetch the secret back again */
1231 r8
.in
.sec_handle
= &sec_handle
;
1232 r8
.in
.new_val
= &bufp1
;
1233 r8
.in
.new_mtime
= &new_mtime
;
1234 r8
.in
.old_val
= &bufp2
;
1235 r8
.in
.old_mtime
= &old_mtime
;
1240 status
= dcerpc_lsa_QuerySecret(p
, mem_ctx
, &r8
);
1241 if (!NT_STATUS_IS_OK(status
)) {
1242 printf("QuerySecret failed - %s\n", nt_errstr(status
));
1245 if (!r8
.out
.new_val
|| !r8
.out
.old_val
) {
1246 printf("in/out pointers not returned, despite being set on in for QuerySecret\n");
1248 } else if (r8
.out
.new_val
->buf
== NULL
) {
1250 printf("NEW secret buffer not returned after GLOBAL OLD set\n");
1253 } else if (r8
.out
.old_val
->buf
== NULL
) {
1254 printf("OLD secret buffer not returned after OLD set\n");
1256 } else if (r8
.out
.new_mtime
== NULL
|| r8
.out
.old_mtime
== NULL
) {
1257 printf("Both times not returned after OLD set\n");
1261 printf("NEW secret buffer should not be returned after LOCAL OLD set\n");
1264 blob1
.data
= r8
.out
.new_val
->buf
->data
;
1265 blob1
.length
= r8
.out
.new_val
->buf
->length
;
1267 blob2
= data_blob_talloc(mem_ctx
, NULL
, blob1
.length
);
1269 secret6
= sess_decrypt_string(mem_ctx
,
1270 &blob1
, &session_key
);
1272 if (strcmp(secret3
, secret4
) != 0) {
1273 printf("Returned NEW secret '%s' doesn't match '%s'\n", secret4
, secret3
);
1277 blob1
.data
= r8
.out
.old_val
->buf
->data
;
1278 blob1
.length
= r8
.out
.old_val
->buf
->size
;
1280 blob2
= data_blob_talloc(mem_ctx
, NULL
, blob1
.length
);
1282 secret6
= sess_decrypt_string(mem_ctx
,
1283 &blob1
, &session_key
);
1285 if (strcmp(secret5
, secret6
) != 0) {
1286 printf("Returned OLD secret %s doesn't match %s\n", secret5
, secret6
);
1290 if (*r8
.out
.new_mtime
== *r8
.out
.old_mtime
) {
1292 printf("Returned secret %s had same mtime for both secrets: %s\n",
1294 nt_time_string(mem_ctx
, *r8
.out
.new_mtime
));
1298 printf("Returned secret %s should have had same mtime for both secrets: %s != %s\n",
1300 nt_time_string(mem_ctx
, *r8
.out
.old_mtime
),
1301 nt_time_string(mem_ctx
, *r8
.out
.new_mtime
));
1307 if (!test_Delete(p
, mem_ctx
, &sec_handle
)) {
1311 d
.in
.handle
= &sec_handle2
;
1312 status
= dcerpc_lsa_Delete(p
, mem_ctx
, &d
);
1313 if (!NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_HANDLE
)) {
1314 printf("Second delete expected INVALID_HANDLE - %s\n", nt_errstr(status
));
1318 printf("Testing OpenSecret of just-deleted secret\n");
1320 status
= dcerpc_lsa_OpenSecret(p
, mem_ctx
, &r2
);
1321 if (!NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_NOT_FOUND
)) {
1322 printf("OpenSecret expected OBJECT_NAME_NOT_FOUND - %s\n", nt_errstr(status
));
1333 static bool test_EnumAccountRights(struct dcerpc_pipe
*p
,
1334 TALLOC_CTX
*mem_ctx
,
1335 struct policy_handle
*acct_handle
,
1336 struct dom_sid
*sid
)
1339 struct lsa_EnumAccountRights r
;
1340 struct lsa_RightSet rights
;
1342 printf("Testing EnumAccountRights\n");
1344 r
.in
.handle
= acct_handle
;
1346 r
.out
.rights
= &rights
;
1348 status
= dcerpc_lsa_EnumAccountRights(p
, mem_ctx
, &r
);
1349 if (!NT_STATUS_IS_OK(status
)) {
1350 printf("EnumAccountRights of %s failed - %s\n",
1351 dom_sid_string(mem_ctx
, sid
), nt_errstr(status
));
1359 static bool test_QuerySecurity(struct dcerpc_pipe
*p
,
1360 struct torture_context
*tctx
,
1361 struct policy_handle
*handle
,
1362 struct policy_handle
*acct_handle
)
1365 struct lsa_QuerySecurity r
;
1367 if (torture_setting_bool(tctx
, "samba4", false)) {
1368 printf("skipping QuerySecurity test against Samba4\n");
1372 printf("Testing QuerySecurity\n");
1374 r
.in
.handle
= acct_handle
;
1377 status
= dcerpc_lsa_QuerySecurity(p
, tctx
, &r
);
1378 if (!NT_STATUS_IS_OK(status
)) {
1379 printf("QuerySecurity failed - %s\n", nt_errstr(status
));
1386 static bool test_OpenAccount(struct dcerpc_pipe
*p
,
1387 TALLOC_CTX
*mem_ctx
,
1388 struct policy_handle
*handle
,
1389 struct dom_sid
*sid
)
1392 struct lsa_OpenAccount r
;
1393 struct policy_handle acct_handle
;
1395 printf("Testing OpenAccount\n");
1397 r
.in
.handle
= handle
;
1399 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1400 r
.out
.acct_handle
= &acct_handle
;
1402 status
= dcerpc_lsa_OpenAccount(p
, mem_ctx
, &r
);
1403 if (!NT_STATUS_IS_OK(status
)) {
1404 printf("OpenAccount failed - %s\n", nt_errstr(status
));
1408 if (!test_EnumPrivsAccount(p
, mem_ctx
, handle
, &acct_handle
)) {
1412 if (!test_QuerySecurity(p
, mem_ctx
, handle
, &acct_handle
)) {
1419 static bool test_EnumAccounts(struct dcerpc_pipe
*p
,
1420 TALLOC_CTX
*mem_ctx
,
1421 struct policy_handle
*handle
)
1424 struct lsa_EnumAccounts r
;
1425 struct lsa_SidArray sids1
, sids2
;
1426 uint32_t resume_handle
= 0;
1430 printf("\ntesting EnumAccounts\n");
1432 r
.in
.handle
= handle
;
1433 r
.in
.resume_handle
= &resume_handle
;
1434 r
.in
.num_entries
= 100;
1435 r
.out
.resume_handle
= &resume_handle
;
1436 r
.out
.sids
= &sids1
;
1440 status
= dcerpc_lsa_EnumAccounts(p
, mem_ctx
, &r
);
1441 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
1444 if (!NT_STATUS_IS_OK(status
)) {
1445 printf("EnumAccounts failed - %s\n", nt_errstr(status
));
1449 if (!test_LookupSids(p
, mem_ctx
, handle
, &sids1
)) {
1453 if (!test_LookupSids2(p
, mem_ctx
, handle
, &sids1
)) {
1457 if (!test_LookupSids3(p
, mem_ctx
, &sids1
)) {
1461 printf("testing all accounts\n");
1462 for (i
=0;i
<sids1
.num_sids
;i
++) {
1463 ret
&= test_OpenAccount(p
, mem_ctx
, handle
, sids1
.sids
[i
].sid
);
1464 ret
&= test_EnumAccountRights(p
, mem_ctx
, handle
, sids1
.sids
[i
].sid
);
1469 if (sids1
.num_sids
< 3) {
1473 printf("trying EnumAccounts partial listing (asking for 1 at 2)\n");
1475 r
.in
.num_entries
= 1;
1476 r
.out
.sids
= &sids2
;
1478 status
= dcerpc_lsa_EnumAccounts(p
, mem_ctx
, &r
);
1479 if (!NT_STATUS_IS_OK(status
)) {
1480 printf("EnumAccounts failed - %s\n", nt_errstr(status
));
1484 if (sids2
.num_sids
!= 1) {
1485 printf("Returned wrong number of entries (%d)\n", sids2
.num_sids
);
1492 static bool test_LookupPrivDisplayName(struct dcerpc_pipe
*p
,
1493 TALLOC_CTX
*mem_ctx
,
1494 struct policy_handle
*handle
,
1495 struct lsa_String
*priv_name
)
1497 struct lsa_LookupPrivDisplayName r
;
1499 /* produce a reasonable range of language output without screwing up
1501 uint16_t language_id
= (random() % 4) + 0x409;
1503 printf("testing LookupPrivDisplayName(%s)\n", priv_name
->string
);
1505 r
.in
.handle
= handle
;
1506 r
.in
.name
= priv_name
;
1507 r
.in
.language_id
= &language_id
;
1508 r
.out
.language_id
= &language_id
;
1511 status
= dcerpc_lsa_LookupPrivDisplayName(p
, mem_ctx
, &r
);
1512 if (!NT_STATUS_IS_OK(status
)) {
1513 printf("LookupPrivDisplayName failed - %s\n", nt_errstr(status
));
1516 printf("%s -> \"%s\" (language 0x%x/0x%x)\n",
1517 priv_name
->string
, r
.out
.disp_name
->string
,
1518 *r
.in
.language_id
, *r
.out
.language_id
);
1523 static bool test_EnumAccountsWithUserRight(struct dcerpc_pipe
*p
,
1524 TALLOC_CTX
*mem_ctx
,
1525 struct policy_handle
*handle
,
1526 struct lsa_String
*priv_name
)
1528 struct lsa_EnumAccountsWithUserRight r
;
1529 struct lsa_SidArray sids
;
1534 printf("testing EnumAccountsWithUserRight(%s)\n", priv_name
->string
);
1536 r
.in
.handle
= handle
;
1537 r
.in
.name
= priv_name
;
1540 status
= dcerpc_lsa_EnumAccountsWithUserRight(p
, mem_ctx
, &r
);
1542 /* NT_STATUS_NO_MORE_ENTRIES means noone has this privilege */
1543 if (NT_STATUS_EQUAL(status
, NT_STATUS_NO_MORE_ENTRIES
)) {
1547 if (!NT_STATUS_IS_OK(status
)) {
1548 printf("EnumAccountsWithUserRight failed - %s\n", nt_errstr(status
));
1556 static bool test_EnumPrivs(struct dcerpc_pipe
*p
,
1557 TALLOC_CTX
*mem_ctx
,
1558 struct policy_handle
*handle
)
1561 struct lsa_EnumPrivs r
;
1562 struct lsa_PrivArray privs1
;
1563 uint32_t resume_handle
= 0;
1567 printf("\ntesting EnumPrivs\n");
1569 r
.in
.handle
= handle
;
1570 r
.in
.resume_handle
= &resume_handle
;
1571 r
.in
.max_count
= 100;
1572 r
.out
.resume_handle
= &resume_handle
;
1573 r
.out
.privs
= &privs1
;
1576 status
= dcerpc_lsa_EnumPrivs(p
, mem_ctx
, &r
);
1577 if (!NT_STATUS_IS_OK(status
)) {
1578 printf("EnumPrivs failed - %s\n", nt_errstr(status
));
1582 for (i
= 0; i
< privs1
.count
; i
++) {
1583 test_LookupPrivDisplayName(p
, mem_ctx
, handle
, (struct lsa_String
*)&privs1
.privs
[i
].name
);
1584 test_LookupPrivValue(p
, mem_ctx
, handle
, (struct lsa_String
*)&privs1
.privs
[i
].name
);
1585 if (!test_EnumAccountsWithUserRight(p
, mem_ctx
, handle
, (struct lsa_String
*)&privs1
.privs
[i
].name
)) {
1593 static bool test_QueryForestTrustInformation(struct dcerpc_pipe
*p
,
1594 struct torture_context
*tctx
,
1595 struct policy_handle
*handle
,
1596 const char *trusted_domain_name
)
1599 struct lsa_lsaRQueryForestTrustInformation r
;
1601 struct lsa_String string
;
1602 struct lsa_ForestTrustInformation info
, *info_ptr
;
1604 printf("\nTesting lsaRQueryForestTrustInformation\n");
1606 if (torture_setting_bool(tctx
, "samba4", false)) {
1607 printf("skipping QueryForestTrustInformation against Samba4\n");
1611 ZERO_STRUCT(string
);
1613 if (trusted_domain_name
) {
1614 init_lsa_String(&string
, trusted_domain_name
);
1619 r
.in
.handle
= handle
;
1620 r
.in
.trusted_domain_name
= &string
;
1622 r
.out
.forest_trust_info
= &info_ptr
;
1624 status
= dcerpc_lsa_lsaRQueryForestTrustInformation(p
, tctx
, &r
);
1626 if (!NT_STATUS_IS_OK(status
)) {
1627 printf("lsaRQueryForestTrustInformation failed - %s\n", nt_errstr(status
));
1634 static bool test_query_each_TrustDomEx(struct dcerpc_pipe
*p
,
1635 TALLOC_CTX
*mem_ctx
,
1636 struct policy_handle
*handle
,
1637 struct lsa_DomainListEx
*domains
)
1642 for (i
=0; i
< domains
->count
; i
++) {
1644 if (domains
->domains
[i
].trust_attributes
& NETR_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
) {
1645 ret
&= test_QueryForestTrustInformation(p
, mem_ctx
, handle
,
1646 domains
->domains
[i
].domain_name
.string
);
1653 static bool test_query_each_TrustDom(struct dcerpc_pipe
*p
,
1654 TALLOC_CTX
*mem_ctx
,
1655 struct policy_handle
*handle
,
1656 struct lsa_DomainList
*domains
)
1662 printf("\nTesting OpenTrustedDomain, OpenTrustedDomainByName and QueryInfoTrustedDomain\n");
1663 for (i
=0; i
< domains
->count
; i
++) {
1664 struct lsa_OpenTrustedDomain trust
;
1665 struct lsa_OpenTrustedDomainByName trust_by_name
;
1666 struct policy_handle trustdom_handle
;
1667 struct policy_handle handle2
;
1669 struct lsa_CloseTrustedDomainEx c_trust
;
1670 int levels
[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12};
1671 int ok
[] = {1, 0, 1, 0, 0, 1, 0, 1, 0, 0, 0, 1};
1673 if (domains
->domains
[i
].sid
) {
1674 trust
.in
.handle
= handle
;
1675 trust
.in
.sid
= domains
->domains
[i
].sid
;
1676 trust
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1677 trust
.out
.trustdom_handle
= &trustdom_handle
;
1679 status
= dcerpc_lsa_OpenTrustedDomain(p
, mem_ctx
, &trust
);
1681 if (!NT_STATUS_IS_OK(status
)) {
1682 printf("OpenTrustedDomain failed - %s\n", nt_errstr(status
));
1686 c
.in
.handle
= &trustdom_handle
;
1687 c
.out
.handle
= &handle2
;
1689 c_trust
.in
.handle
= &trustdom_handle
;
1690 c_trust
.out
.handle
= &handle2
;
1692 for (j
=0; j
< ARRAY_SIZE(levels
); j
++) {
1693 struct lsa_QueryTrustedDomainInfo q
;
1694 union lsa_TrustedDomainInfo info
;
1695 q
.in
.trustdom_handle
= &trustdom_handle
;
1696 q
.in
.level
= levels
[j
];
1698 status
= dcerpc_lsa_QueryTrustedDomainInfo(p
, mem_ctx
, &q
);
1699 if (!NT_STATUS_IS_OK(status
) && ok
[j
]) {
1700 printf("QueryTrustedDomainInfo level %d failed - %s\n",
1701 levels
[j
], nt_errstr(status
));
1703 } else if (NT_STATUS_IS_OK(status
) && !ok
[j
]) {
1704 printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n",
1705 levels
[j
], nt_errstr(status
));
1710 status
= dcerpc_lsa_CloseTrustedDomainEx(p
, mem_ctx
, &c_trust
);
1711 if (!NT_STATUS_EQUAL(status
, NT_STATUS_NOT_IMPLEMENTED
)) {
1712 printf("Expected CloseTrustedDomainEx to return NT_STATUS_NOT_IMPLEMENTED, instead - %s\n", nt_errstr(status
));
1716 c
.in
.handle
= &trustdom_handle
;
1717 c
.out
.handle
= &handle2
;
1719 status
= dcerpc_lsa_Close(p
, mem_ctx
, &c
);
1720 if (!NT_STATUS_IS_OK(status
)) {
1721 printf("Close of trusted domain failed - %s\n", nt_errstr(status
));
1725 for (j
=0; j
< ARRAY_SIZE(levels
); j
++) {
1726 struct lsa_QueryTrustedDomainInfoBySid q
;
1727 union lsa_TrustedDomainInfo info
;
1729 if (!domains
->domains
[i
].sid
) {
1733 q
.in
.handle
= handle
;
1734 q
.in
.dom_sid
= domains
->domains
[i
].sid
;
1735 q
.in
.level
= levels
[j
];
1737 status
= dcerpc_lsa_QueryTrustedDomainInfoBySid(p
, mem_ctx
, &q
);
1738 if (!NT_STATUS_IS_OK(status
) && ok
[j
]) {
1739 printf("QueryTrustedDomainInfoBySid level %d failed - %s\n",
1740 levels
[j
], nt_errstr(status
));
1742 } else if (NT_STATUS_IS_OK(status
) && !ok
[j
]) {
1743 printf("QueryTrustedDomainInfoBySid level %d unexpectedly succeeded - %s\n",
1744 levels
[j
], nt_errstr(status
));
1750 trust_by_name
.in
.handle
= handle
;
1751 trust_by_name
.in
.name
.string
= domains
->domains
[i
].name
.string
;
1752 trust_by_name
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1753 trust_by_name
.out
.trustdom_handle
= &trustdom_handle
;
1755 status
= dcerpc_lsa_OpenTrustedDomainByName(p
, mem_ctx
, &trust_by_name
);
1757 if (!NT_STATUS_IS_OK(status
)) {
1758 printf("OpenTrustedDomainByName failed - %s\n", nt_errstr(status
));
1762 for (j
=0; j
< ARRAY_SIZE(levels
); j
++) {
1763 struct lsa_QueryTrustedDomainInfo q
;
1764 union lsa_TrustedDomainInfo info
;
1765 q
.in
.trustdom_handle
= &trustdom_handle
;
1766 q
.in
.level
= levels
[j
];
1768 status
= dcerpc_lsa_QueryTrustedDomainInfo(p
, mem_ctx
, &q
);
1769 if (!NT_STATUS_IS_OK(status
) && ok
[j
]) {
1770 printf("QueryTrustedDomainInfo level %d failed - %s\n",
1771 levels
[j
], nt_errstr(status
));
1773 } else if (NT_STATUS_IS_OK(status
) && !ok
[j
]) {
1774 printf("QueryTrustedDomainInfo level %d unexpectedly succeeded - %s\n",
1775 levels
[j
], nt_errstr(status
));
1780 c
.in
.handle
= &trustdom_handle
;
1781 c
.out
.handle
= &handle2
;
1783 status
= dcerpc_lsa_Close(p
, mem_ctx
, &c
);
1784 if (!NT_STATUS_IS_OK(status
)) {
1785 printf("Close of trusted domain failed - %s\n", nt_errstr(status
));
1789 for (j
=0; j
< ARRAY_SIZE(levels
); j
++) {
1790 struct lsa_QueryTrustedDomainInfoByName q
;
1791 union lsa_TrustedDomainInfo info
;
1792 q
.in
.handle
= handle
;
1793 q
.in
.trusted_domain
.string
= domains
->domains
[i
].name
.string
;
1794 q
.in
.level
= levels
[j
];
1796 status
= dcerpc_lsa_QueryTrustedDomainInfoByName(p
, mem_ctx
, &q
);
1797 if (!NT_STATUS_IS_OK(status
) && ok
[j
]) {
1798 printf("QueryTrustedDomainInfoByName level %d failed - %s\n",
1799 levels
[j
], nt_errstr(status
));
1801 } else if (NT_STATUS_IS_OK(status
) && !ok
[j
]) {
1802 printf("QueryTrustedDomainInfoByName level %d unexpectedly succeeded - %s\n",
1803 levels
[j
], nt_errstr(status
));
1811 static bool test_EnumTrustDom(struct dcerpc_pipe
*p
,
1812 TALLOC_CTX
*mem_ctx
,
1813 struct policy_handle
*handle
)
1815 struct lsa_EnumTrustDom r
;
1816 struct lsa_EnumTrustedDomainsEx r_ex
;
1817 NTSTATUS enum_status
;
1818 uint32_t resume_handle
= 0;
1819 struct lsa_DomainList domains
;
1820 struct lsa_DomainListEx domains_ex
;
1823 printf("\nTesting EnumTrustDom\n");
1826 r
.in
.handle
= handle
;
1827 r
.in
.resume_handle
= &resume_handle
;
1828 r
.in
.max_size
= LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
* 3;
1829 r
.out
.domains
= &domains
;
1830 r
.out
.resume_handle
= &resume_handle
;
1832 enum_status
= dcerpc_lsa_EnumTrustDom(p
, mem_ctx
, &r
);
1834 /* NO_MORE_ENTRIES is allowed */
1835 if (NT_STATUS_EQUAL(enum_status
, NT_STATUS_NO_MORE_ENTRIES
)) {
1837 } else if (NT_STATUS_EQUAL(enum_status
, STATUS_MORE_ENTRIES
)) {
1838 /* Windows 2003 gets this off by one on the first run */
1839 if (r
.out
.domains
->count
< 3 || r
.out
.domains
->count
> 4) {
1840 printf("EnumTrustDom didn't fill the buffer we "
1841 "asked it to (got %d, expected %d / %d == %d entries)\n",
1842 r
.out
.domains
->count
, LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
* 3,
1843 LSA_ENUM_TRUST_DOMAIN_MULTIPLIER
, r
.in
.max_size
);
1846 } else if (!NT_STATUS_IS_OK(enum_status
)) {
1847 printf("EnumTrustDom failed - %s\n", nt_errstr(enum_status
));
1851 ret
&= test_query_each_TrustDom(p
, mem_ctx
, handle
, &domains
);
1853 } while ((NT_STATUS_EQUAL(enum_status
, STATUS_MORE_ENTRIES
)));
1855 printf("\nTesting EnumTrustedDomainsEx\n");
1859 r_ex
.in
.handle
= handle
;
1860 r_ex
.in
.resume_handle
= &resume_handle
;
1861 r_ex
.in
.max_size
= LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER
* 3;
1862 r_ex
.out
.domains
= &domains_ex
;
1863 r_ex
.out
.resume_handle
= &resume_handle
;
1865 enum_status
= dcerpc_lsa_EnumTrustedDomainsEx(p
, mem_ctx
, &r_ex
);
1867 /* NO_MORE_ENTRIES is allowed */
1868 if (NT_STATUS_EQUAL(enum_status
, NT_STATUS_NO_MORE_ENTRIES
)) {
1870 } else if (NT_STATUS_EQUAL(enum_status
, STATUS_MORE_ENTRIES
)) {
1871 /* Windows 2003 gets this off by one on the first run */
1872 if (r_ex
.out
.domains
->count
< 3 || r_ex
.out
.domains
->count
> 4) {
1873 printf("EnumTrustDom didn't fill the buffer we "
1874 "asked it to (got %d, expected %d / %d == %d entries)\n",
1875 r_ex
.out
.domains
->count
,
1877 LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER
,
1878 r_ex
.in
.max_size
/ LSA_ENUM_TRUST_DOMAIN_EX_MULTIPLIER
);
1882 } else if (!NT_STATUS_IS_OK(enum_status
)) {
1883 printf("EnumTrustedDomainEx failed - %s\n", nt_errstr(enum_status
));
1887 ret
&= test_query_each_TrustDomEx(p
, mem_ctx
, handle
, &domains_ex
);
1889 } while ((NT_STATUS_EQUAL(enum_status
, STATUS_MORE_ENTRIES
)));
1894 static bool test_CreateTrustedDomain(struct dcerpc_pipe
*p
,
1895 TALLOC_CTX
*mem_ctx
,
1896 struct policy_handle
*handle
)
1900 struct lsa_CreateTrustedDomain r
;
1901 struct lsa_DomainInfo trustinfo
;
1902 struct dom_sid
*domsid
[12];
1903 struct policy_handle trustdom_handle
[12];
1904 struct lsa_QueryTrustedDomainInfo q
;
1907 printf("Testing CreateTrustedDomain for 12 domains\n");
1909 for (i
=0; i
< 12; i
++) {
1910 char *trust_name
= talloc_asprintf(mem_ctx
, "torturedom%02d", i
);
1911 char *trust_sid
= talloc_asprintf(mem_ctx
, "S-1-5-21-97398-379795-100%02d", i
);
1913 domsid
[i
] = dom_sid_parse_talloc(mem_ctx
, trust_sid
);
1915 trustinfo
.sid
= domsid
[i
];
1916 init_lsa_String((struct lsa_String
*)&trustinfo
.name
, trust_name
);
1918 r
.in
.handle
= handle
;
1919 r
.in
.info
= &trustinfo
;
1920 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1921 r
.out
.trustdom_handle
= &trustdom_handle
[i
];
1923 status
= dcerpc_lsa_CreateTrustedDomain(p
, mem_ctx
, &r
);
1924 if (NT_STATUS_EQUAL(status
, NT_STATUS_OBJECT_NAME_COLLISION
)) {
1925 test_DeleteTrustedDomain(p
, mem_ctx
, handle
, trustinfo
.name
);
1926 status
= dcerpc_lsa_CreateTrustedDomain(p
, mem_ctx
, &r
);
1928 if (!NT_STATUS_IS_OK(status
)) {
1929 printf("CreateTrustedDomain failed - %s\n", nt_errstr(status
));
1933 q
.in
.trustdom_handle
= &trustdom_handle
[i
];
1934 q
.in
.level
= LSA_TRUSTED_DOMAIN_INFO_NAME
;
1935 status
= dcerpc_lsa_QueryTrustedDomainInfo(p
, mem_ctx
, &q
);
1936 if (!NT_STATUS_IS_OK(status
)) {
1937 printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status
));
1939 } else if (!q
.out
.info
) {
1942 if (strcmp(q
.out
.info
->name
.netbios_name
.string
, trustinfo
.name
.string
) != 0) {
1943 printf("QueryTrustedDomainInfo returned inconsistant short name: %s != %s\n",
1944 q
.out
.info
->name
.netbios_name
.string
, trustinfo
.name
.string
);
1951 /* now that we have some domains to look over, we can test the enum calls */
1952 if (!test_EnumTrustDom(p
, mem_ctx
, handle
)) {
1956 for (i
=0; i
<12; i
++) {
1957 if (!test_DeleteTrustedDomainBySid(p
, mem_ctx
, handle
, domsid
[i
])) {
1965 static bool test_QueryDomainInfoPolicy(struct dcerpc_pipe
*p
,
1966 struct torture_context
*tctx
,
1967 struct policy_handle
*handle
)
1969 struct lsa_QueryDomainInformationPolicy r
;
1973 if (torture_setting_bool(tctx
, "samba4", false)) {
1974 printf("skipping QueryDomainInformationPolicy test against Samba4\n");
1978 printf("\nTesting QueryDomainInformationPolicy\n");
1981 r
.in
.handle
= handle
;
1984 printf("\ntrying QueryDomainInformationPolicy level %d\n", i
);
1986 status
= dcerpc_lsa_QueryDomainInformationPolicy(p
, tctx
, &r
);
1988 if (!NT_STATUS_IS_OK(status
)) {
1989 printf("QueryDomainInformationPolicy failed - %s\n", nt_errstr(status
));
1999 static bool test_QueryInfoPolicy(struct dcerpc_pipe
*p
,
2000 struct torture_context
*tctx
,
2001 struct policy_handle
*handle
)
2003 struct lsa_QueryInfoPolicy r
;
2007 printf("\nTesting QueryInfoPolicy\n");
2009 for (i
=1;i
<13;i
++) {
2010 r
.in
.handle
= handle
;
2013 printf("\ntrying QueryInfoPolicy level %d\n", i
);
2015 status
= dcerpc_lsa_QueryInfoPolicy(p
, tctx
, &r
);
2018 case LSA_POLICY_INFO_DB
:
2019 case LSA_POLICY_INFO_AUDIT_FULL_SET
:
2020 case LSA_POLICY_INFO_AUDIT_FULL_QUERY
:
2021 if (!NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_PARAMETER
)) {
2022 printf("server should have failed level %u: %s\n", i
, nt_errstr(status
));
2026 case LSA_POLICY_INFO_DOMAIN
:
2027 case LSA_POLICY_INFO_ACCOUNT_DOMAIN
:
2028 case LSA_POLICY_INFO_DNS
:
2029 if (!NT_STATUS_IS_OK(status
)) {
2030 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status
));
2035 if (torture_setting_bool(tctx
, "samba4", false)) {
2036 /* Other levels not implemented yet */
2037 if (!NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_INFO_CLASS
)) {
2038 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status
));
2041 } else if (!NT_STATUS_IS_OK(status
)) {
2042 printf("QueryInfoPolicy failed - %s\n", nt_errstr(status
));
2048 if (NT_STATUS_IS_OK(status
) && i
== LSA_POLICY_INFO_DNS
) {
2049 /* Let's look up some of these names */
2051 struct lsa_TransNameArray tnames
;
2053 tnames
.names
= talloc_zero_array(tctx
, struct lsa_TranslatedName
, tnames
.count
);
2054 tnames
.names
[0].name
.string
= r
.out
.info
->dns
.name
.string
;
2055 tnames
.names
[0].sid_type
= SID_NAME_DOMAIN
;
2056 tnames
.names
[1].name
.string
= r
.out
.info
->dns
.dns_domain
.string
;
2057 tnames
.names
[1].sid_type
= SID_NAME_DOMAIN
;
2058 tnames
.names
[2].name
.string
= talloc_asprintf(tctx
, "%s\\", r
.out
.info
->dns
.name
.string
);
2059 tnames
.names
[2].sid_type
= SID_NAME_DOMAIN
;
2060 tnames
.names
[3].name
.string
= talloc_asprintf(tctx
, "%s\\", r
.out
.info
->dns
.dns_domain
.string
);
2061 tnames
.names
[3].sid_type
= SID_NAME_DOMAIN
;
2062 tnames
.names
[4].name
.string
= talloc_asprintf(tctx
, "%s\\guest", r
.out
.info
->dns
.name
.string
);
2063 tnames
.names
[4].sid_type
= SID_NAME_USER
;
2064 tnames
.names
[5].name
.string
= talloc_asprintf(tctx
, "%s\\krbtgt", r
.out
.info
->dns
.name
.string
);
2065 tnames
.names
[5].sid_type
= SID_NAME_USER
;
2066 tnames
.names
[6].name
.string
= talloc_asprintf(tctx
, "%s\\guest", r
.out
.info
->dns
.dns_domain
.string
);
2067 tnames
.names
[6].sid_type
= SID_NAME_USER
;
2068 tnames
.names
[7].name
.string
= talloc_asprintf(tctx
, "%s\\krbtgt", r
.out
.info
->dns
.dns_domain
.string
);
2069 tnames
.names
[7].sid_type
= SID_NAME_USER
;
2070 tnames
.names
[8].name
.string
= talloc_asprintf(tctx
, "krbtgt@%s", r
.out
.info
->dns
.name
.string
);
2071 tnames
.names
[8].sid_type
= SID_NAME_USER
;
2072 tnames
.names
[9].name
.string
= talloc_asprintf(tctx
, "krbtgt@%s", r
.out
.info
->dns
.dns_domain
.string
);
2073 tnames
.names
[9].sid_type
= SID_NAME_USER
;
2074 tnames
.names
[10].name
.string
= talloc_asprintf(tctx
, "%s\\"TEST_MACHINENAME
"$", r
.out
.info
->dns
.name
.string
);
2075 tnames
.names
[10].sid_type
= SID_NAME_USER
;
2076 tnames
.names
[11].name
.string
= talloc_asprintf(tctx
, "%s\\"TEST_MACHINENAME
"$", r
.out
.info
->dns
.dns_domain
.string
);
2077 tnames
.names
[11].sid_type
= SID_NAME_USER
;
2078 tnames
.names
[12].name
.string
= talloc_asprintf(tctx
, TEST_MACHINENAME
"$@%s", r
.out
.info
->dns
.name
.string
);
2079 tnames
.names
[12].sid_type
= SID_NAME_USER
;
2080 tnames
.names
[13].name
.string
= talloc_asprintf(tctx
, TEST_MACHINENAME
"$@%s", r
.out
.info
->dns
.dns_domain
.string
);
2081 tnames
.names
[13].sid_type
= SID_NAME_USER
;
2082 ret
&= test_LookupNames(p
, tctx
, handle
, &tnames
);
2090 static bool test_QueryInfoPolicy2(struct dcerpc_pipe
*p
,
2091 struct torture_context
*tctx
,
2092 struct policy_handle
*handle
)
2094 struct lsa_QueryInfoPolicy2 r
;
2098 printf("\nTesting QueryInfoPolicy2\n");
2099 for (i
=1;i
<13;i
++) {
2100 r
.in
.handle
= handle
;
2103 printf("\ntrying QueryInfoPolicy2 level %d\n", i
);
2105 status
= dcerpc_lsa_QueryInfoPolicy2(p
, tctx
, &r
);
2108 case LSA_POLICY_INFO_DB
:
2109 case LSA_POLICY_INFO_AUDIT_FULL_SET
:
2110 case LSA_POLICY_INFO_AUDIT_FULL_QUERY
:
2111 if (!NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_PARAMETER
)) {
2112 printf("server should have failed level %u: %s\n", i
, nt_errstr(status
));
2116 case LSA_POLICY_INFO_DOMAIN
:
2117 case LSA_POLICY_INFO_ACCOUNT_DOMAIN
:
2118 case LSA_POLICY_INFO_DNS
:
2119 if (!NT_STATUS_IS_OK(status
)) {
2120 printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status
));
2125 if (torture_setting_bool(tctx
, "samba4", false)) {
2126 /* Other levels not implemented yet */
2127 if (!NT_STATUS_EQUAL(status
, NT_STATUS_INVALID_INFO_CLASS
)) {
2128 printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status
));
2131 } else if (!NT_STATUS_IS_OK(status
)) {
2132 printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status
));
2142 static bool test_GetUserName(struct dcerpc_pipe
*p
, TALLOC_CTX
*mem_ctx
)
2144 struct lsa_GetUserName r
;
2147 struct lsa_StringPointer authority_name_p
;
2149 printf("\nTesting GetUserName\n");
2151 r
.in
.system_name
= "\\";
2152 r
.in
.account_name
= NULL
;
2153 r
.in
.authority_name
= &authority_name_p
;
2154 authority_name_p
.string
= NULL
;
2156 status
= dcerpc_lsa_GetUserName(p
, mem_ctx
, &r
);
2158 if (!NT_STATUS_IS_OK(status
)) {
2159 printf("GetUserName failed - %s\n", nt_errstr(status
));
2166 bool test_lsa_Close(struct dcerpc_pipe
*p
,
2167 TALLOC_CTX
*mem_ctx
,
2168 struct policy_handle
*handle
)
2172 struct policy_handle handle2
;
2174 printf("\ntesting Close\n");
2176 r
.in
.handle
= handle
;
2177 r
.out
.handle
= &handle2
;
2179 status
= dcerpc_lsa_Close(p
, mem_ctx
, &r
);
2180 if (!NT_STATUS_IS_OK(status
)) {
2181 printf("Close failed - %s\n", nt_errstr(status
));
2185 status
= dcerpc_lsa_Close(p
, mem_ctx
, &r
);
2186 /* its really a fault - we need a status code for rpc fault */
2187 if (!NT_STATUS_EQUAL(status
, NT_STATUS_NET_WRITE_FAULT
)) {
2188 printf("Close failed - %s\n", nt_errstr(status
));
2197 bool torture_rpc_lsa(struct torture_context
*tctx
)
2200 struct dcerpc_pipe
*p
;
2202 struct policy_handle
*handle
;
2203 struct test_join
*join
= NULL
;
2204 struct cli_credentials
*machine_creds
;
2206 status
= torture_rpc_connection(tctx
, &p
, &ndr_table_lsarpc
);
2207 if (!NT_STATUS_IS_OK(status
)) {
2211 if (!test_OpenPolicy(p
, tctx
)) {
2215 if (!test_lsa_OpenPolicy2(p
, tctx
, &handle
)) {
2220 join
= torture_join_domain(tctx
, TEST_MACHINENAME
, ACB_WSTRUST
, &machine_creds
);
2225 if (!test_LookupNames_wellknown(p
, tctx
, handle
)) {
2229 if (!test_LookupNames_bogus(p
, tctx
, handle
)) {
2233 if (!test_LookupSids_async(p
, tctx
, handle
)) {
2237 if (!test_QueryDomainInfoPolicy(p
, tctx
, handle
)) {
2241 if (!test_CreateAccount(p
, tctx
, handle
)) {
2245 if (!test_CreateSecret(p
, tctx
, handle
)) {
2249 if (!test_CreateTrustedDomain(p
, tctx
, handle
)) {
2253 if (!test_EnumAccounts(p
, tctx
, handle
)) {
2257 if (!test_EnumPrivs(p
, tctx
, handle
)) {
2261 if (!test_QueryInfoPolicy(p
, tctx
, handle
)) {
2265 if (!test_QueryInfoPolicy2(p
, tctx
, handle
)) {
2270 if (!test_Delete(p
, tctx
, handle
)) {
2275 if (!test_many_LookupSids(p
, tctx
, handle
)) {
2279 if (!test_lsa_Close(p
, tctx
, handle
)) {
2283 torture_leave_domain(join
);
2286 if (!test_many_LookupSids(p
, tctx
, handle
)) {
2291 if (!test_GetUserName(p
, tctx
)) {
2298 bool torture_rpc_lsa_get_user(struct torture_context
*torture
)
2301 struct dcerpc_pipe
*p
;
2302 TALLOC_CTX
*mem_ctx
;
2305 mem_ctx
= talloc_init("torture_rpc_lsa_get_user");
2307 status
= torture_rpc_connection(torture
, &p
, &ndr_table_lsarpc
);
2308 if (!NT_STATUS_IS_OK(status
)) {
2309 talloc_free(mem_ctx
);
2313 if (!test_GetUserName(p
, mem_ctx
)) {
2317 talloc_free(mem_ctx
);