search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
s4-smbtorture: make RPC-SPOOLSS-ACCESS more compatible with older samba releases.
[Samba/ekacnet.git] / source4 / torture / rpc / spoolss_access.c
blob812a280e9e0a732ac0d6a178649d76b89f174394
1 /*
2 Unix SMB/CIFS implementation.
3 test suite for spoolss rpc operations
4
5 Copyright (C) Guenther Deschner 2010
6
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 3 of the License, or
10 (at your option) any later version.
11
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
16
17 You should have received a copy of the GNU General Public License
18 along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20
21 #include "includes.h"
22 #include "torture/torture.h"
23 #include "librpc/gen_ndr/ndr_misc.h"
24 #include "librpc/gen_ndr/ndr_spoolss.h"
25 #include "librpc/gen_ndr/ndr_spoolss_c.h"
26 #include "librpc/gen_ndr/ndr_samr_c.h"
27 #include "librpc/gen_ndr/ndr_lsa_c.h"
28 #include "librpc/gen_ndr/ndr_security.h"
29 #include "libcli/security/security.h"
30 #include "torture/rpc/torture_rpc.h"
31 #include "param/param.h"
32 #include "lib/cmdline/popt_common.h"
33
34 #define TORTURE_USER "torture_user"
35 #define TORTURE_USER_ADMINGROUP "torture_user_544"
36 #define TORTURE_USER_PRINTOPGROUP "torture_user_550"
37 #define TORTURE_USER_PRINTOPPRIV "torture_user_priv"
38 #define TORTURE_USER_SD "torture_user_sd"
39
40 struct torture_user {
41 const char *username;
42 void *testuser;
43 uint32_t *builtin_memberships;
44 uint32_t num_builtin_memberships;
45 const char **privs;
46 uint32_t num_privs;
47 bool privs_present;
48 bool sd;
49 };
50
51 struct torture_access_context {
52 struct dcerpc_pipe *spoolss_pipe;
53 const char *printername;
54 struct security_descriptor *sd_orig;
55 struct torture_user user;
56 };
57
58 static bool test_openprinter_handle(struct torture_context *tctx,
59 struct dcerpc_pipe *p,
60 const char *printername,
61 const char *username,
62 uint32_t access_mask,
63 struct policy_handle *handle)
64 {
65 struct spoolss_OpenPrinterEx r;
66 struct spoolss_UserLevel1 level1;
67 struct dcerpc_binding_handle *b = p->binding_handle;
68
69 level1.size = 28;
70 level1.client = talloc_asprintf(tctx, "\\\\%s", "smbtorture");
71 level1.user = username;
72 level1.build = 1381;
73 level1.major = 3;
74 level1.minor = 0;
75 level1.processor= 0;
76
77 r.in.printername = printername;
78 r.in.datatype = NULL;
79 r.in.devmode_ctr.devmode= NULL;
80 r.in.access_mask = access_mask;
81 r.in.level = 1;
82 r.in.userlevel.level1 = &level1;
83 r.out.handle = handle;
84
85 torture_comment(tctx, "Testing OpenPrinterEx(%s) with access_mask 0x%08x\n",
86 r.in.printername, r.in.access_mask);
87
88 torture_assert_ntstatus_ok(tctx,
89 dcerpc_spoolss_OpenPrinterEx_r(b, tctx, &r),
90 "OpenPrinterEx failed");
91 torture_assert_werr_ok(tctx, r.out.result,
92 talloc_asprintf(tctx, "OpenPrinterEx(%s) as '%s' with access_mask: 0x%08x failed",
93 r.in.printername, username, r.in.access_mask));
94
95 return true;
96 }
97
98 static bool test_openprinter_access(struct torture_context *tctx,
99 struct dcerpc_pipe *p,
100 const char *printername,
101 const char *username,
102 uint32_t access_mask)
103 {
104 struct policy_handle handle;
105 struct dcerpc_binding_handle *b = p->binding_handle;
106
107 if (test_openprinter_handle(tctx, p, printername, username, access_mask, &handle)) {
108 test_ClosePrinter(tctx, b, &handle);
109 return true;
110 }
111
112 return false;
113 }
114
115 static bool spoolss_access_setup_membership(struct torture_context *tctx,
116 struct dcerpc_pipe *p,
117 uint32_t num_members,
118 uint32_t *members,
119 struct dom_sid *user_sid)
120 {
121 struct dcerpc_binding_handle *b = p->binding_handle;
122 struct policy_handle connect_handle, domain_handle;
123 int i;
124
125 {
126 struct samr_Connect2 r;
127 r.in.system_name = "";
128 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
129 r.out.connect_handle = &connect_handle;
130
131 torture_assert_ntstatus_ok(tctx,
132 dcerpc_samr_Connect2_r(b, tctx, &r),
133 "samr_Connect2 failed");
134 torture_assert_ntstatus_ok(tctx, r.out.result,
135 "samr_Connect2 failed");
136 }
137
138 {
139 struct samr_OpenDomain r;
140 r.in.connect_handle = &connect_handle;
141 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
142 r.in.sid = dom_sid_parse_talloc(tctx, "S-1-5-32");
143 r.out.domain_handle = &domain_handle;
144
145 torture_assert_ntstatus_ok(tctx,
146 dcerpc_samr_OpenDomain_r(b, tctx, &r),
147 "samr_OpenDomain failed");
148 torture_assert_ntstatus_ok(tctx, r.out.result,
149 "samr_OpenDomain failed");
150 }
151
152 for (i=0; i < num_members; i++) {
153
154 struct policy_handle alias_handle;
155
156 {
157 struct samr_OpenAlias r;
158 r.in.domain_handle = &domain_handle;
159 r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
160 r.in.rid = members[i];
161 r.out.alias_handle = &alias_handle;
162
163 torture_assert_ntstatus_ok(tctx,
164 dcerpc_samr_OpenAlias_r(b, tctx, &r),
165 "samr_OpenAlias failed");
166 torture_assert_ntstatus_ok(tctx, r.out.result,
167 "samr_OpenAlias failed");
168 }
169
170 {
171 struct samr_AddAliasMember r;
172 r.in.alias_handle = &alias_handle;
173 r.in.sid = user_sid;
174
175 torture_assert_ntstatus_ok(tctx,
176 dcerpc_samr_AddAliasMember_r(b, tctx, &r),
177 "samr_AddAliasMember failed");
178 torture_assert_ntstatus_ok(tctx, r.out.result,
179 "samr_AddAliasMember failed");
180 }
181
182 test_samr_handle_Close(b, tctx, &alias_handle);
183 }
184
185 test_samr_handle_Close(b, tctx, &domain_handle);
186 test_samr_handle_Close(b, tctx, &connect_handle);
187
188 return true;
189 }
190
191 static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
192 {
193 name->string = s;
194 }
195 static void init_lsa_String(struct lsa_String *name, const char *s)
196 {
197 name->string = s;
198 }
199
200 static bool spoolss_access_setup_privs(struct torture_context *tctx,
201 struct dcerpc_pipe *p,
202 uint32_t num_privs,
203 const char **privs,
204 struct dom_sid *user_sid,
205 bool *privs_present)
206 {
207 struct dcerpc_binding_handle *b = p->binding_handle;
208 struct policy_handle *handle;
209 int i;
210
211 torture_assert(tctx,
212 test_lsa_OpenPolicy2(b, tctx, &handle),
213 "failed to open policy");
214
215 for (i=0; i < num_privs; i++) {
216 struct lsa_LookupPrivValue r;
217 struct lsa_LUID luid;
218 struct lsa_String name;
219
220 init_lsa_String(&name, privs[i]);
221
222 r.in.handle = handle;
223 r.in.name = &name;
224 r.out.luid = &luid;
225
226 torture_assert_ntstatus_ok(tctx,
227 dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
228 "lsa_LookupPrivValue failed");
229 if (!NT_STATUS_IS_OK(r.out.result)) {
230 torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n",
231 privs[i], nt_errstr(r.out.result));
232 *privs_present = false;
233 return true;
234 }
235 }
236
237 *privs_present = true;
238
239 {
240 struct lsa_AddAccountRights r;
241 struct lsa_RightSet rights;
242
243 rights.count = num_privs;
244 rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count);
245
246 for (i=0; i < rights.count; i++) {
247 init_lsa_StringLarge(&rights.names[i], privs[i]);
248 }
249
250 r.in.handle = handle;
251 r.in.sid = user_sid;
252 r.in.rights = &rights;
253
254 torture_assert_ntstatus_ok(tctx,
255 dcerpc_lsa_AddAccountRights_r(b, tctx, &r),
256 "lsa_AddAccountRights failed");
257 torture_assert_ntstatus_ok(tctx, r.out.result,
258 "lsa_AddAccountRights failed");
259 }
260
261 test_lsa_Close(b, tctx, handle);
262
263 return true;
264 }
265
266 static bool test_SetPrinter(struct torture_context *tctx,
267 struct dcerpc_binding_handle *b,
268 struct policy_handle *handle,
269 struct spoolss_SetPrinterInfoCtr *info_ctr,
270 struct spoolss_DevmodeContainer *devmode_ctr,
271 struct sec_desc_buf *secdesc_ctr,
272 enum spoolss_PrinterControl command)
273 {
274 struct spoolss_SetPrinter r;
275
276 r.in.handle = handle;
277 r.in.info_ctr = info_ctr;
278 r.in.devmode_ctr = devmode_ctr;
279 r.in.secdesc_ctr = secdesc_ctr;
280 r.in.command = command;
281
282 torture_comment(tctx, "Testing SetPrinter level %d\n", r.in.info_ctr->level);
283
284 torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetPrinter_r(b, tctx, &r),
285 "failed to call SetPrinter");
286 torture_assert_werr_ok(tctx, r.out.result,
287 "failed to call SetPrinter");
288
289 return true;
290 }
291
292 static bool spoolss_access_setup_sd(struct torture_context *tctx,
293 struct dcerpc_pipe *p,
294 const char *printername,
295 struct dom_sid *user_sid,
296 struct security_descriptor **sd_orig)
297 {
298 struct dcerpc_binding_handle *b = p->binding_handle;
299 struct policy_handle handle;
300 union spoolss_PrinterInfo info;
301 struct spoolss_SetPrinterInfoCtr info_ctr;
302 struct spoolss_SetPrinterInfo3 info3;
303 struct spoolss_DevmodeContainer devmode_ctr;
304 struct sec_desc_buf secdesc_ctr;
305 struct security_ace *ace;
306 struct security_descriptor *sd;
307
308 torture_assert(tctx,
309 test_openprinter_handle(tctx, p, printername, "", SEC_FLAG_MAXIMUM_ALLOWED, &handle),
310 "failed to open printer");
311
312 torture_assert(tctx,
313 test_GetPrinter_level(tctx, b, &handle, 3, &info),
314 "failed to get sd");
315
316 sd = security_descriptor_copy(tctx, info.info3.secdesc);
317 *sd_orig = security_descriptor_copy(tctx, info.info3.secdesc);
318
319 ace = talloc_zero(tctx, struct security_ace);
320
321 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
322 ace->flags = 0;
323 ace->access_mask = PRINTER_ALL_ACCESS;
324 ace->trustee = *user_sid;
325
326 torture_assert_ntstatus_ok(tctx,
327 security_descriptor_dacl_add(sd, ace),
328 "failed to add new ace");
329
330 ace = talloc_zero(tctx, struct security_ace);
331
332 ace->type = SEC_ACE_TYPE_ACCESS_ALLOWED;
333 ace->flags = SEC_ACE_FLAG_OBJECT_INHERIT |
334 SEC_ACE_FLAG_CONTAINER_INHERIT |
335 SEC_ACE_FLAG_INHERIT_ONLY;
336 ace->access_mask = SEC_GENERIC_ALL;
337 ace->trustee = *user_sid;
338
339 torture_assert_ntstatus_ok(tctx,
340 security_descriptor_dacl_add(sd, ace),
341 "failed to add new ace");
342
343 ZERO_STRUCT(info3);
344 ZERO_STRUCT(info_ctr);
345 ZERO_STRUCT(devmode_ctr);
346 ZERO_STRUCT(secdesc_ctr);
347
348 info_ctr.level = 3;
349 info_ctr.info.info3 = &info3;
350 secdesc_ctr.sd = sd;
351
352 torture_assert(tctx,
353 test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
354 "failed to set sd");
355
356 return true;
357 }
358
359 static bool test_EnumPrinters_findone(struct torture_context *tctx,
360 struct dcerpc_pipe *p,
361 const char **printername)
362 {
363 struct spoolss_EnumPrinters r;
364 uint32_t count;
365 union spoolss_PrinterInfo *info;
366 uint32_t needed;
367 int i;
368 struct dcerpc_binding_handle *b = p->binding_handle;
369
370 *printername = NULL;
371
372 r.in.flags = PRINTER_ENUM_LOCAL;
373 r.in.server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
374 r.in.level = 1;
375 r.in.buffer = NULL;
376 r.in.offered = 0;
377 r.out.count = &count;
378 r.out.info = &info;
379 r.out.needed = &needed;
380
381 torture_assert_ntstatus_ok(tctx,
382 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
383 "failed to enum printers");
384
385 if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) {
386 DATA_BLOB blob = data_blob_talloc_zero(tctx, needed);
387 r.in.buffer = &blob;
388 r.in.offered = needed;
389
390 torture_assert_ntstatus_ok(tctx,
391 dcerpc_spoolss_EnumPrinters_r(b, tctx, &r),
392 "failed to enum printers");
393 }
394
395 torture_assert_werr_ok(tctx, r.out.result,
396 "failed to enum printers");
397
398 for (i=0; i < count; i++) {
399
400 *printername = talloc_strdup(tctx, info[i].info1.name);
401
402 break;
403 }
404
405 return true;
406 }
407
408 static bool torture_rpc_spoolss_access_setup_common(struct torture_context *tctx, struct torture_access_context *t)
409 {
410 void *testuser;
411 const char *testuser_passwd;
412 struct cli_credentials *test_credentials;
413 struct dom_sid *test_sid;
414 struct dcerpc_pipe *p;
415 const char *printername;
416 const char *binding = torture_setting_string(tctx, "binding", NULL);
417
418 testuser = torture_create_testuser_max_pwlen(tctx, t->user.username,
419 torture_setting_string(tctx, "workgroup", NULL),
420 ACB_NORMAL,
421 &testuser_passwd,
422 32);
423 if (!testuser) {
424 torture_fail(tctx, "Failed to create test user");
425 }
426
427 test_credentials = cli_credentials_init(tctx);
428 cli_credentials_set_workstation(test_credentials, "localhost", CRED_SPECIFIED);
429 cli_credentials_set_domain(test_credentials, lp_workgroup(tctx->lp_ctx),
430 CRED_SPECIFIED);
431 cli_credentials_set_username(test_credentials, t->user.username, CRED_SPECIFIED);
432 cli_credentials_set_password(test_credentials, testuser_passwd, CRED_SPECIFIED);
433 test_sid = torture_join_user_sid(testuser);
434
435 if (t->user.num_builtin_memberships) {
436 struct dcerpc_pipe *samr_pipe = torture_join_samr_pipe(testuser);
437
438 torture_assert(tctx,
439 spoolss_access_setup_membership(tctx, samr_pipe,
440 t->user.num_builtin_memberships,
441 t->user.builtin_memberships,
442 test_sid),
443 "failed to setup membership");
444 }
445
446 if (t->user.num_privs) {
447 struct dcerpc_pipe *lsa_pipe;
448
449 torture_assert_ntstatus_ok(tctx,
450 torture_rpc_connection(tctx, &lsa_pipe, &ndr_table_lsarpc),
451 "Error connecting to server");
452
453 torture_assert(tctx,
454 spoolss_access_setup_privs(tctx, lsa_pipe,
455 t->user.num_privs,
456 t->user.privs,
457 test_sid,
458 &t->user.privs_present),
459 "failed to setup privs");
460 talloc_free(lsa_pipe);
461 }
462
463 struct dcerpc_pipe *spoolss_pipe;
464
465 torture_assert_ntstatus_ok(tctx,
466 torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
467 "Error connecting to server");
468
469 torture_assert(tctx,
470 test_EnumPrinters_findone(tctx, spoolss_pipe, &printername),
471 "failed to enumerate printers");
472
473 if (t->user.sd) {
474 torture_assert(tctx,
475 spoolss_access_setup_sd(tctx, spoolss_pipe,
476 printername,
477 test_sid,
478 &t->sd_orig),
479 "failed to setup sd");
480 }
481
482 talloc_free(spoolss_pipe);
483
484 torture_assert_ntstatus_ok(tctx,
485 dcerpc_pipe_connect(tctx, &p, binding, &ndr_table_spoolss,
486 test_credentials, tctx->ev, tctx->lp_ctx),
487 "Error connecting to server");
488
489 t->spoolss_pipe = p;
490 t->printername = printername;
491 t->user.testuser = testuser;
492
493 return true;
494 }
495
496 static bool torture_rpc_spoolss_access_setup(struct torture_context *tctx, void **data)
497 {
498 struct torture_access_context *t;
499
500 *data = t = talloc_zero(tctx, struct torture_access_context);
501
502 t->user.username = talloc_strdup(t, TORTURE_USER);
503
504 return torture_rpc_spoolss_access_setup_common(tctx, t);
505 }
506
507 static bool torture_rpc_spoolss_access_admin_setup(struct torture_context *tctx, void **data)
508 {
509 struct torture_access_context *t;
510
511 *data = t = talloc_zero(tctx, struct torture_access_context);
512
513 t->user.num_builtin_memberships = 1;
514 t->user.builtin_memberships = talloc_zero_array(t, uint32_t, t->user.num_builtin_memberships);
515 t->user.builtin_memberships[0] = BUILTIN_RID_ADMINISTRATORS;
516 t->user.username = talloc_strdup(t, TORTURE_USER_ADMINGROUP);
517
518 return torture_rpc_spoolss_access_setup_common(tctx, t);
519 }
520
521 static bool torture_rpc_spoolss_access_printop_setup(struct torture_context *tctx, void **data)
522 {
523 struct torture_access_context *t;
524
525 *data = t = talloc_zero(tctx, struct torture_access_context);
526
527 t->user.num_builtin_memberships = 1;
528 t->user.builtin_memberships = talloc_zero_array(t, uint32_t, t->user.num_builtin_memberships);
529 t->user.builtin_memberships[0] = BUILTIN_RID_PRINT_OPERATORS;
530 t->user.username = talloc_strdup(t, TORTURE_USER_PRINTOPGROUP);
531
532 return torture_rpc_spoolss_access_setup_common(tctx, t);
533 }
534
535 static bool torture_rpc_spoolss_access_priv_setup(struct torture_context *tctx, void **data)
536 {
537 struct torture_access_context *t;
538
539 *data = t = talloc_zero(tctx, struct torture_access_context);
540
541 t->user.username = talloc_strdup(t, TORTURE_USER_PRINTOPPRIV);
542 t->user.num_privs = 1;
543 t->user.privs = talloc_zero_array(t, const char *, t->user.num_privs);
544 t->user.privs[0] = talloc_strdup(t, "SePrintOperatorPrivilege");
545
546 return torture_rpc_spoolss_access_setup_common(tctx, t);
547 }
548
549 static bool torture_rpc_spoolss_access_sd_setup(struct torture_context *tctx, void **data)
550 {
551 struct torture_access_context *t;
552
553 *data = t = talloc_zero(tctx, struct torture_access_context);
554
555 t->user.username = talloc_strdup(t, TORTURE_USER_SD);
556 t->user.sd = true;
557
558 return torture_rpc_spoolss_access_setup_common(tctx, t);
559 }
560
561 static bool torture_rpc_spoolss_access_teardown_common(struct torture_context *tctx, struct torture_access_context *t)
562 {
563 if (t->user.testuser) {
564 torture_leave_domain(tctx, t->user.testuser);
565 }
566
567 /* remove membership ? */
568 if (t->user.num_builtin_memberships) {
569 }
570
571 /* remove privs ? */
572 if (t->user.num_privs) {
573 }
574
575 /* restore sd */
576 if (t->user.sd) {
577 struct policy_handle handle;
578 struct spoolss_SetPrinterInfoCtr info_ctr;
579 struct spoolss_SetPrinterInfo3 info3;
580 struct spoolss_DevmodeContainer devmode_ctr;
581 struct sec_desc_buf secdesc_ctr;
582 struct dcerpc_pipe *spoolss_pipe;
583 struct dcerpc_binding_handle *b;
584
585 torture_assert_ntstatus_ok(tctx,
586 torture_rpc_connection(tctx, &spoolss_pipe, &ndr_table_spoolss),
587 "Error connecting to server");
588
589 b = spoolss_pipe->binding_handle;
590
591 ZERO_STRUCT(info_ctr);
592 ZERO_STRUCT(info3);
593 ZERO_STRUCT(devmode_ctr);
594 ZERO_STRUCT(secdesc_ctr);
595
596 info_ctr.level = 3;
597 info_ctr.info.info3 = &info3;
598 secdesc_ctr.sd = t->sd_orig;
599
600 torture_assert(tctx,
601 test_openprinter_handle(tctx, spoolss_pipe, t->printername, "", SEC_FLAG_MAXIMUM_ALLOWED, &handle),
602 "failed to open printer");
603
604 torture_assert(tctx,
605 test_SetPrinter(tctx, b, &handle, &info_ctr, &devmode_ctr, &secdesc_ctr, 0),
606 "failed to set sd");
607
608 talloc_free(spoolss_pipe);
609 }
610
611 return true;
612 }
613
614 static bool torture_rpc_spoolss_access_teardown(struct torture_context *tctx, void *data)
615 {
616 struct torture_access_context *t = talloc_get_type(data, struct torture_access_context);
617 bool ret;
618
619 ret = torture_rpc_spoolss_access_teardown_common(tctx, t);
620 talloc_free(t);
621
622 return ret;
623 }
624
625 static bool test_openprinter(struct torture_context *tctx,
626 void *private_data)
627 {
628 struct torture_access_context *t =
629 (struct torture_access_context *)talloc_get_type_abort(private_data, struct torture_access_context);
630 struct dcerpc_pipe *p = t->spoolss_pipe;
631 bool ret = true;
632 const char *printername;
633 const char *username = t->user.username;
634
635 printername = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
636
637 ret &= test_openprinter_access(tctx, p, printername, username, 0);
638 ret &= test_openprinter_access(tctx, p, printername, username, SEC_FLAG_MAXIMUM_ALLOWED);
639 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_ACCESS_ENUMERATE);
640 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_READ);
641
642 if (t->printername == NULL) {
643 return ret;
644 }
645
646 printername = t->printername;
647
648 ret &= test_openprinter_access(tctx, p, printername, username, 0);
649 ret &= test_openprinter_access(tctx, p, printername, username, SEC_FLAG_MAXIMUM_ALLOWED);
650 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_ACCESS_USE);
651 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_READ);
652
653 return ret;
654 }
655
656 static bool test_openprinter_admin(struct torture_context *tctx,
657 void *private_data)
658 {
659 struct torture_access_context *t =
660 (struct torture_access_context *)talloc_get_type_abort(private_data, struct torture_access_context);
661 struct dcerpc_pipe *p = t->spoolss_pipe;
662 bool ret = true;
663 const char *printername;
664 const char *username = t->user.username;
665
666 if (t->user.num_privs && !t->user.privs_present) {
667 torture_skip(tctx, "skipping test as not all required privileges are present on the server\n");
668 }
669
670 if (t->user.sd) {
671 goto try_printer;
672 }
673
674 printername = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
675
676 ret &= test_openprinter_access(tctx, p, printername, username, 0);
677 ret &= test_openprinter_access(tctx, p, printername, username, SEC_FLAG_MAXIMUM_ALLOWED);
678 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_ACCESS_ENUMERATE);
679 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_ACCESS_ADMINISTER);
680 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_READ);
681 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_WRITE);
682 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_EXECUTE);
683 ret &= test_openprinter_access(tctx, p, printername, username, SERVER_ALL_ACCESS);
684
685 try_printer:
686 if (t->printername == NULL) {
687 return ret;
688 }
689
690 printername = t->printername;
691
692 ret &= test_openprinter_access(tctx, p, printername, username, 0);
693 ret &= test_openprinter_access(tctx, p, printername, username, SEC_FLAG_MAXIMUM_ALLOWED);
694 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_ACCESS_USE);
695 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_ACCESS_ADMINISTER);
696 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_READ);
697 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_WRITE);
698 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_EXECUTE);
699 ret &= test_openprinter_access(tctx, p, printername, username, PRINTER_ALL_ACCESS);
700
701 return ret;
702 }
703
704 struct torture_suite *torture_rpc_spoolss_access(TALLOC_CTX *mem_ctx)
705 {
706 struct torture_suite *suite = torture_suite_create(mem_ctx, "SPOOLSS-ACCESS");
707 struct torture_tcase *tcase;
708
709 tcase = torture_suite_add_tcase(suite, "normaluser");
710
711 torture_tcase_set_fixture(tcase,
712 torture_rpc_spoolss_access_setup,
713 torture_rpc_spoolss_access_teardown);
714
715 torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
716
717 tcase = torture_suite_add_tcase(suite, "adminuser");
718
719 torture_tcase_set_fixture(tcase,
720 torture_rpc_spoolss_access_admin_setup,
721 torture_rpc_spoolss_access_teardown);
722
723 torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
724 torture_tcase_add_simple_test(tcase, "openprinter_admin", test_openprinter_admin);
725
726 tcase = torture_suite_add_tcase(suite, "printopuser");
727
728 torture_tcase_set_fixture(tcase,
729 torture_rpc_spoolss_access_printop_setup,
730 torture_rpc_spoolss_access_teardown);
731
732 torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
733 torture_tcase_add_simple_test(tcase, "openprinter_admin", test_openprinter_admin);
734
735 tcase = torture_suite_add_tcase(suite, "printopuserpriv");
736
737 torture_tcase_set_fixture(tcase,
738 torture_rpc_spoolss_access_priv_setup,
739 torture_rpc_spoolss_access_teardown);
740
741 torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
742 torture_tcase_add_simple_test(tcase, "openprinter_admin", test_openprinter_admin);
743
744 tcase = torture_suite_add_tcase(suite, "normaluser_sd");
745
746 torture_tcase_set_fixture(tcase,
747 torture_rpc_spoolss_access_sd_setup,
748 torture_rpc_spoolss_access_teardown);
749
750 torture_tcase_add_simple_test(tcase, "openprinter", test_openprinter);
751 torture_tcase_add_simple_test(tcase, "openprinter_admin", test_openprinter_admin);
752
753 return suite;
754 }