2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
7 Copyright (C) Günther Deschner 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "librpc/gen_ndr/ndr_winreg_c.h"
25 #include "librpc/gen_ndr/ndr_security.h"
26 #include "libcli/security/security.h"
27 #include "torture/rpc/rpc.h"
28 #include "param/param.h"
29 #include "lib/registry/registry.h"
31 #define TEST_KEY_BASE "smbtorture test"
32 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
33 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
34 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
35 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
36 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
37 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
38 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
39 #define TEST_VALUE "torture_value_name"
41 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
43 static void init_lsa_StringLarge(struct lsa_StringLarge
*name
, const char *s
)
48 static void init_winreg_String(struct winreg_String
*name
, const char *s
)
52 name
->name_len
= 2 * (strlen_m(s
) + 1);
53 name
->name_size
= name
->name_len
;
60 static bool test_GetVersion(struct dcerpc_binding_handle
*b
,
61 struct torture_context
*tctx
,
62 struct policy_handle
*handle
)
64 struct winreg_GetVersion r
;
71 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_GetVersion_r(b
, tctx
, &r
),
74 torture_assert_werr_ok(tctx
, r
.out
.result
, "GetVersion failed");
79 static bool test_NotifyChangeKeyValue(struct dcerpc_binding_handle
*b
,
80 struct torture_context
*tctx
,
81 struct policy_handle
*handle
)
83 struct winreg_NotifyChangeKeyValue r
;
87 r
.in
.watch_subtree
= true;
88 r
.in
.notify_filter
= 0;
89 r
.in
.unknown
= r
.in
.unknown2
= 0;
90 init_winreg_String(&r
.in
.string1
, NULL
);
91 init_winreg_String(&r
.in
.string2
, NULL
);
93 torture_assert_ntstatus_ok(tctx
,
94 dcerpc_winreg_NotifyChangeKeyValue_r(b
, tctx
, &r
),
95 "NotifyChangeKeyValue failed");
97 if (!W_ERROR_IS_OK(r
.out
.result
)) {
99 "NotifyChangeKeyValue failed - %s - not considering\n",
100 win_errstr(r
.out
.result
));
107 static bool test_CreateKey(struct dcerpc_binding_handle
*b
,
108 struct torture_context
*tctx
,
109 struct policy_handle
*handle
, const char *name
,
112 struct winreg_CreateKey r
;
113 struct policy_handle newhandle
;
114 enum winreg_CreateAction action_taken
= 0;
117 r
.in
.handle
= handle
;
118 r
.out
.new_handle
= &newhandle
;
119 init_winreg_String(&r
.in
.name
, name
);
120 init_winreg_String(&r
.in
.keyclass
, kclass
);
122 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
123 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
126 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey_r(b
, tctx
, &r
),
129 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey failed");
136 createkey testing with a SD
138 static bool test_CreateKey_sd(struct dcerpc_binding_handle
*b
,
139 struct torture_context
*tctx
,
140 struct policy_handle
*handle
, const char *name
,
142 struct policy_handle
*newhandle
)
144 struct winreg_CreateKey r
;
145 enum winreg_CreateAction action_taken
= 0;
146 struct security_descriptor
*sd
;
148 struct winreg_SecBuf secbuf
;
150 sd
= security_descriptor_dacl_create(tctx
,
153 SID_NT_AUTHENTICATED_USERS
,
154 SEC_ACE_TYPE_ACCESS_ALLOWED
,
156 SEC_ACE_FLAG_OBJECT_INHERIT
|
157 SEC_ACE_FLAG_CONTAINER_INHERIT
,
160 torture_assert_ndr_success(tctx
,
161 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
162 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
163 "Failed to push security_descriptor ?!\n");
165 secbuf
.sd
.data
= sdblob
.data
;
166 secbuf
.sd
.len
= sdblob
.length
;
167 secbuf
.sd
.size
= sdblob
.length
;
168 secbuf
.length
= sdblob
.length
-10;
172 r
.in
.handle
= handle
;
173 r
.out
.new_handle
= newhandle
;
174 init_winreg_String(&r
.in
.name
, name
);
175 init_winreg_String(&r
.in
.keyclass
, kclass
);
177 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
178 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
179 r
.in
.secdesc
= &secbuf
;
181 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey_r(b
, tctx
, &r
),
182 "CreateKey with sd failed");
184 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey with sd failed");
189 static bool _test_GetKeySecurity(struct dcerpc_pipe
*p
,
190 struct torture_context
*tctx
,
191 struct policy_handle
*handle
,
192 uint32_t *sec_info_ptr
,
194 struct security_descriptor
**sd_out
)
196 struct winreg_GetKeySecurity r
;
197 struct security_descriptor
*sd
= NULL
;
200 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
203 sec_info
= *sec_info_ptr
;
205 sec_info
= SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
;
210 r
.in
.handle
= handle
;
211 r
.in
.sec_info
= sec_info
;
212 r
.in
.sd
= r
.out
.sd
= talloc_zero(tctx
, struct KeySecurityData
);
213 r
.in
.sd
->size
= 0x1000;
215 torture_assert_ntstatus_ok(tctx
,
216 dcerpc_winreg_GetKeySecurity_r(b
, tctx
, &r
),
217 "GetKeySecurity failed");
219 torture_assert_werr_equal(tctx
, r
.out
.result
, get_werr
,
220 "GetKeySecurity failed");
222 sdblob
.data
= r
.out
.sd
->data
;
223 sdblob
.length
= r
.out
.sd
->len
;
225 sd
= talloc_zero(tctx
, struct security_descriptor
);
227 torture_assert_ndr_success(tctx
,
228 ndr_pull_struct_blob(&sdblob
, tctx
, NULL
, sd
,
229 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
),
230 "pull_security_descriptor failed");
232 if (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
) {
233 NDR_PRINT_DEBUG(security_descriptor
, sd
);
245 static bool test_GetKeySecurity(struct dcerpc_pipe
*p
,
246 struct torture_context
*tctx
,
247 struct policy_handle
*handle
,
248 struct security_descriptor
**sd_out
)
250 return _test_GetKeySecurity(p
, tctx
, handle
, NULL
, WERR_OK
, sd_out
);
253 static bool _test_SetKeySecurity(struct dcerpc_pipe
*p
,
254 struct torture_context
*tctx
,
255 struct policy_handle
*handle
,
256 uint32_t *sec_info_ptr
,
257 struct security_descriptor
*sd
,
260 struct winreg_SetKeySecurity r
;
261 struct KeySecurityData
*sdata
= NULL
;
264 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
268 if (sd
&& (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
)) {
269 NDR_PRINT_DEBUG(security_descriptor
, sd
);
272 torture_assert_ndr_success(tctx
,
273 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
274 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
275 "push_security_descriptor failed");
277 sdata
= talloc_zero(tctx
, struct KeySecurityData
);
278 sdata
->data
= sdblob
.data
;
279 sdata
->size
= sdblob
.length
;
280 sdata
->len
= sdblob
.length
;
283 sec_info
= *sec_info_ptr
;
285 sec_info
= SECINFO_UNPROTECTED_SACL
|
286 SECINFO_UNPROTECTED_DACL
;
288 sec_info
|= SECINFO_OWNER
;
291 sec_info
|= SECINFO_GROUP
;
294 sec_info
|= SECINFO_SACL
;
297 sec_info
|= SECINFO_DACL
;
301 r
.in
.handle
= handle
;
302 r
.in
.sec_info
= sec_info
;
305 torture_assert_ntstatus_ok(tctx
,
306 dcerpc_winreg_SetKeySecurity_r(b
, tctx
, &r
),
307 "SetKeySecurity failed");
309 torture_assert_werr_equal(tctx
, r
.out
.result
, werr
,
310 "SetKeySecurity failed");
315 static bool test_SetKeySecurity(struct dcerpc_pipe
*p
,
316 struct torture_context
*tctx
,
317 struct policy_handle
*handle
,
318 struct security_descriptor
*sd
)
320 return _test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, WERR_OK
);
323 static bool test_CloseKey(struct dcerpc_binding_handle
*b
,
324 struct torture_context
*tctx
,
325 struct policy_handle
*handle
)
327 struct winreg_CloseKey r
;
330 r
.in
.handle
= r
.out
.handle
= handle
;
332 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CloseKey_r(b
, tctx
, &r
),
335 torture_assert_werr_ok(tctx
, r
.out
.result
, "CloseKey failed");
340 static bool test_FlushKey(struct dcerpc_binding_handle
*b
,
341 struct torture_context
*tctx
,
342 struct policy_handle
*handle
)
344 struct winreg_FlushKey r
;
347 r
.in
.handle
= handle
;
349 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_FlushKey_r(b
, tctx
, &r
),
352 torture_assert_werr_ok(tctx
, r
.out
.result
, "FlushKey failed");
357 static bool _test_OpenKey(struct dcerpc_binding_handle
*b
,
358 struct torture_context
*tctx
,
359 struct policy_handle
*hive_handle
,
360 const char *keyname
, uint32_t access_mask
,
361 struct policy_handle
*key_handle
,
365 struct winreg_OpenKey r
;
368 r
.in
.parent_handle
= hive_handle
;
369 init_winreg_String(&r
.in
.keyname
, keyname
);
370 r
.in
.options
= REG_KEYTYPE_NON_VOLATILE
;
371 r
.in
.access_mask
= access_mask
;
372 r
.out
.handle
= key_handle
;
374 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_OpenKey_r(b
, tctx
, &r
),
377 torture_assert_werr_equal(tctx
, r
.out
.result
, open_werr
,
380 if (success
&& W_ERROR_EQUAL(r
.out
.result
, WERR_OK
)) {
387 static bool test_OpenKey(struct dcerpc_binding_handle
*b
,
388 struct torture_context
*tctx
,
389 struct policy_handle
*hive_handle
,
390 const char *keyname
, struct policy_handle
*key_handle
)
392 return _test_OpenKey(b
, tctx
, hive_handle
, keyname
,
393 SEC_FLAG_MAXIMUM_ALLOWED
, key_handle
,
397 static bool test_Cleanup(struct dcerpc_binding_handle
*b
,
398 struct torture_context
*tctx
,
399 struct policy_handle
*handle
, const char *key
)
401 struct winreg_DeleteKey r
;
404 r
.in
.handle
= handle
;
406 init_winreg_String(&r
.in
.key
, key
);
407 dcerpc_winreg_DeleteKey_r(b
, tctx
, &r
);
412 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe
*p
,
413 struct torture_context
*tctx
,
414 struct policy_handle
*handle
,
418 struct security_descriptor
*sd
= NULL
;
420 if (!_test_GetKeySecurity(p
, tctx
, handle
, NULL
, get_werr
, &sd
)) {
424 if (!_test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, set_werr
)) {
431 static bool test_SecurityDescriptor(struct dcerpc_pipe
*p
,
432 struct torture_context
*tctx
,
433 struct policy_handle
*handle
,
436 struct policy_handle new_handle
;
438 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
440 torture_comment(tctx
, "SecurityDescriptor get & set\n");
442 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
446 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
451 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
458 static bool _test_SecurityDescriptor(struct dcerpc_pipe
*p
,
459 struct torture_context
*tctx
,
460 struct policy_handle
*handle
,
461 uint32_t access_mask
,
467 struct policy_handle new_handle
;
469 bool got_key
= false;
470 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
472 if (!_test_OpenKey(b
, tctx
, handle
, key
, access_mask
, &new_handle
,
473 open_werr
, &got_key
)) {
481 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
482 get_werr
, set_werr
)) {
486 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
493 static bool test_dacl_trustee_present(struct dcerpc_pipe
*p
,
494 struct torture_context
*tctx
,
495 struct policy_handle
*handle
,
496 const struct dom_sid
*sid
)
498 struct security_descriptor
*sd
= NULL
;
501 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
505 if (!sd
|| !sd
->dacl
) {
509 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
510 if (dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) {
518 static bool _test_dacl_trustee_present(struct dcerpc_pipe
*p
,
519 struct torture_context
*tctx
,
520 struct policy_handle
*handle
,
522 const struct dom_sid
*sid
)
524 struct policy_handle new_handle
;
526 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
528 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
532 ret
= test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
);
534 test_CloseKey(b
, tctx
, &new_handle
);
539 static bool test_sacl_trustee_present(struct dcerpc_pipe
*p
,
540 struct torture_context
*tctx
,
541 struct policy_handle
*handle
,
542 const struct dom_sid
*sid
)
544 struct security_descriptor
*sd
= NULL
;
546 uint32_t sec_info
= SECINFO_SACL
;
548 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
552 if (!sd
|| !sd
->sacl
) {
556 for (i
= 0; i
< sd
->sacl
->num_aces
; i
++) {
557 if (dom_sid_equal(&sd
->sacl
->aces
[i
].trustee
, sid
)) {
565 static bool _test_sacl_trustee_present(struct dcerpc_pipe
*p
,
566 struct torture_context
*tctx
,
567 struct policy_handle
*handle
,
569 const struct dom_sid
*sid
)
571 struct policy_handle new_handle
;
573 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
575 if (!_test_OpenKey(b
, tctx
, handle
, key
, SEC_FLAG_SYSTEM_SECURITY
,
576 &new_handle
, WERR_OK
, NULL
)) {
580 ret
= test_sacl_trustee_present(p
, tctx
, &new_handle
, sid
);
582 test_CloseKey(b
, tctx
, &new_handle
);
587 static bool test_owner_present(struct dcerpc_pipe
*p
,
588 struct torture_context
*tctx
,
589 struct policy_handle
*handle
,
590 const struct dom_sid
*sid
)
592 struct security_descriptor
*sd
= NULL
;
593 uint32_t sec_info
= SECINFO_OWNER
;
595 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
599 if (!sd
|| !sd
->owner_sid
) {
603 return dom_sid_equal(sd
->owner_sid
, sid
);
606 static bool _test_owner_present(struct dcerpc_pipe
*p
,
607 struct torture_context
*tctx
,
608 struct policy_handle
*handle
,
610 const struct dom_sid
*sid
)
612 struct policy_handle new_handle
;
614 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
616 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
620 ret
= test_owner_present(p
, tctx
, &new_handle
, sid
);
622 test_CloseKey(b
, tctx
, &new_handle
);
627 static bool test_group_present(struct dcerpc_pipe
*p
,
628 struct torture_context
*tctx
,
629 struct policy_handle
*handle
,
630 const struct dom_sid
*sid
)
632 struct security_descriptor
*sd
= NULL
;
633 uint32_t sec_info
= SECINFO_GROUP
;
635 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
639 if (!sd
|| !sd
->group_sid
) {
643 return dom_sid_equal(sd
->group_sid
, sid
);
646 static bool _test_group_present(struct dcerpc_pipe
*p
,
647 struct torture_context
*tctx
,
648 struct policy_handle
*handle
,
650 const struct dom_sid
*sid
)
652 struct policy_handle new_handle
;
654 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
656 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
660 ret
= test_group_present(p
, tctx
, &new_handle
, sid
);
662 test_CloseKey(b
, tctx
, &new_handle
);
667 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe
*p
,
668 struct torture_context
*tctx
,
669 struct policy_handle
*handle
,
670 const struct dom_sid
*sid
,
673 struct security_descriptor
*sd
= NULL
;
676 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
680 if (!sd
|| !sd
->dacl
) {
684 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
685 if ((dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) &&
686 (sd
->dacl
->aces
[i
].flags
== flags
)) {
694 static bool test_dacl_ace_present(struct dcerpc_pipe
*p
,
695 struct torture_context
*tctx
,
696 struct policy_handle
*handle
,
697 const struct security_ace
*ace
)
699 struct security_descriptor
*sd
= NULL
;
702 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
706 if (!sd
|| !sd
->dacl
) {
710 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
711 if (security_ace_equal(&sd
->dacl
->aces
[i
], ace
)) {
719 static bool test_RestoreSecurity(struct dcerpc_pipe
*p
,
720 struct torture_context
*tctx
,
721 struct policy_handle
*handle
,
723 struct security_descriptor
*sd
)
725 struct policy_handle new_handle
;
727 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
729 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
733 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
737 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
744 static bool test_BackupSecurity(struct dcerpc_pipe
*p
,
745 struct torture_context
*tctx
,
746 struct policy_handle
*handle
,
748 struct security_descriptor
**sd
)
750 struct policy_handle new_handle
;
752 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
754 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
758 if (!test_GetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
762 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
769 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe
*p
,
770 struct torture_context
*tctx
,
771 struct policy_handle
*handle
,
775 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
790 struct security_descriptor
*sd
= NULL
;
791 struct security_descriptor
*sd_orig
= NULL
;
792 struct security_ace
*ace
= NULL
;
793 struct policy_handle new_handle
;
795 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
797 torture_comment(tctx
, "SecurityDescriptor inheritance\n");
799 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
803 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
807 sd_orig
= security_descriptor_copy(tctx
, sd
);
808 if (sd_orig
== NULL
) {
812 ace
= security_ace_create(tctx
,
814 SEC_ACE_TYPE_ACCESS_ALLOWED
,
816 SEC_ACE_FLAG_CONTAINER_INHERIT
);
818 torture_assert_ntstatus_ok(tctx
,
819 security_descriptor_dacl_add(sd
, ace
),
820 "failed to add ace");
822 /* FIXME: add further tests for these flags */
823 sd
->type
|= SEC_DESC_DACL_AUTO_INHERIT_REQ
|
824 SEC_DESC_SACL_AUTO_INHERITED
;
826 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
831 test_dacl_ace_present(p
, tctx
, &new_handle
, ace
),
832 "new ACE not present!");
834 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
838 if (!test_CreateKey(b
, tctx
, handle
, TEST_SUBKEY_SD
, NULL
)) {
843 if (!test_OpenKey(b
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
848 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
849 torture_comment(tctx
, "inherited ACE not present!\n");
854 test_CloseKey(b
, tctx
, &new_handle
);
855 if (!test_CreateKey(b
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
860 if (!test_OpenKey(b
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
865 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
866 torture_comment(tctx
, "inherited ACE not present!\n");
872 test_CloseKey(b
, tctx
, &new_handle
);
873 test_Cleanup(b
, tctx
, handle
, TEST_SUBKEY_SD
);
874 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
879 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe
*p
,
880 struct torture_context
*tctx
,
881 struct policy_handle
*handle
,
885 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
897 struct security_descriptor
*sd
= NULL
;
898 struct security_descriptor
*sd_orig
= NULL
;
899 struct security_ace
*ace
= NULL
;
900 struct policy_handle new_handle
;
901 struct dom_sid
*sid
= NULL
;
903 uint8_t ace_flags
= 0x0;
904 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
906 torture_comment(tctx
, "SecurityDescriptor inheritance block\n");
908 if (!test_OpenKey(b
, tctx
, handle
, key
, &new_handle
)) {
912 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
916 sd_orig
= security_descriptor_copy(tctx
, sd
);
917 if (sd_orig
== NULL
) {
921 ace
= security_ace_create(tctx
,
923 SEC_ACE_TYPE_ACCESS_ALLOWED
,
925 SEC_ACE_FLAG_CONTAINER_INHERIT
|
926 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
);
928 torture_assert_ntstatus_ok(tctx
,
929 security_descriptor_dacl_add(sd
, ace
),
930 "failed to add ace");
932 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, NULL
, sd
, WERR_OK
)) {
937 test_dacl_ace_present(p
, tctx
, &new_handle
, ace
),
938 "new ACE not present!");
940 if (!test_CloseKey(b
, tctx
, &new_handle
)) {
944 if (!test_CreateKey(b
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
948 if (!test_OpenKey(b
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
953 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
954 torture_comment(tctx
, "inherited ACE present but should not!\n");
959 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
964 if (test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
)) {
965 torture_comment(tctx
, "inherited trustee SID present but should not!\n");
970 test_CloseKey(b
, tctx
, &new_handle
);
972 if (!test_OpenKey(b
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
977 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
978 torture_comment(tctx
, "inherited ACE present but should not!\n");
983 if (!test_dacl_trustee_flags_present(p
, tctx
, &new_handle
, sid
, ace_flags
)) {
984 torture_comment(tctx
, "inherited trustee SID with flags 0x%02x not present!\n",
991 test_CloseKey(b
, tctx
, &new_handle
);
992 test_Cleanup(b
, tctx
, handle
, TEST_SUBKEY_SD
);
993 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
998 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe
*p
,
999 struct torture_context
*tctx
,
1000 struct policy_handle
*handle
,
1006 struct winreg_mask_result_table
{
1007 uint32_t access_mask
;
1011 } sd_mask_tests
[] = {
1013 WERR_ACCESS_DENIED
, WERR_BADFILE
, WERR_FOOBAR
},
1014 { SEC_FLAG_MAXIMUM_ALLOWED
,
1015 WERR_OK
, WERR_OK
, WERR_OK
},
1016 { SEC_STD_WRITE_DAC
,
1017 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
},
1018 { SEC_FLAG_SYSTEM_SECURITY
,
1019 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
}
1022 /* FIXME: before this test can ever run successfully we need a way to
1023 * correctly read a NULL security_descritpor in ndr, get the required
1024 * length, requery, etc.
1029 for (i
=0; i
< ARRAY_SIZE(sd_mask_tests
); i
++) {
1031 torture_comment(tctx
,
1032 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1033 sd_mask_tests
[i
].access_mask
);
1034 torture_comment(tctx
,
1035 "expecting: open %s, get: %s, set: %s\n",
1036 win_errstr(sd_mask_tests
[i
].open_werr
),
1037 win_errstr(sd_mask_tests
[i
].get_werr
),
1038 win_errstr(sd_mask_tests
[i
].set_werr
));
1040 if (_test_SecurityDescriptor(p
, tctx
, handle
,
1041 sd_mask_tests
[i
].access_mask
, key
,
1042 sd_mask_tests
[i
].open_werr
,
1043 sd_mask_tests
[i
].get_werr
,
1044 sd_mask_tests
[i
].set_werr
)) {
1052 typedef bool (*secinfo_verify_fn
)(struct dcerpc_pipe
*,
1053 struct torture_context
*,
1054 struct policy_handle
*,
1056 const struct dom_sid
*);
1058 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe
*p
,
1059 struct torture_context
*tctx
,
1060 struct policy_handle
*handle
,
1063 uint32_t access_mask
,
1065 struct security_descriptor
*sd
,
1067 bool expect_present
,
1068 bool (*fn
) (struct dcerpc_pipe
*,
1069 struct torture_context
*,
1070 struct policy_handle
*,
1072 const struct dom_sid
*),
1073 const struct dom_sid
*sid
)
1075 struct policy_handle new_handle
;
1076 bool open_success
= false;
1077 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1079 torture_comment(tctx
, "SecurityDescriptor (%s) sets for secinfo: "
1080 "0x%08x, access_mask: 0x%08x\n",
1081 test
, sec_info
, access_mask
);
1083 if (!_test_OpenKey(b
, tctx
, handle
, key
,
1091 if (!open_success
) {
1092 torture_comment(tctx
, "key did not open\n");
1093 test_CloseKey(b
, tctx
, &new_handle
);
1097 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, &sec_info
,
1100 torture_warning(tctx
,
1101 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1104 test_CloseKey(b
, tctx
, &new_handle
);
1108 test_CloseKey(b
, tctx
, &new_handle
);
1110 if (W_ERROR_IS_OK(set_werr
)) {
1112 present
= fn(p
, tctx
, handle
, key
, sid
);
1113 if ((expect_present
) && (!present
)) {
1114 torture_warning(tctx
,
1115 "%s sid is not present!\n",
1119 if ((!expect_present
) && (present
)) {
1120 torture_warning(tctx
,
1121 "%s sid is present but not expected!\n",
1130 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe
*p
,
1131 struct torture_context
*tctx
,
1132 struct policy_handle
*handle
,
1135 struct security_descriptor
*sd_orig
= NULL
;
1136 struct dom_sid
*sid
= NULL
;
1140 struct security_descriptor
*sd_owner
=
1141 security_descriptor_dacl_create(tctx
,
1143 TEST_SID
, NULL
, NULL
);
1145 struct security_descriptor
*sd_group
=
1146 security_descriptor_dacl_create(tctx
,
1148 NULL
, TEST_SID
, NULL
);
1150 struct security_descriptor
*sd_dacl
=
1151 security_descriptor_dacl_create(tctx
,
1155 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1158 SID_NT_AUTHENTICATED_USERS
,
1159 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1164 struct security_descriptor
*sd_sacl
=
1165 security_descriptor_sacl_create(tctx
,
1169 SEC_ACE_TYPE_SYSTEM_AUDIT
,
1171 SEC_ACE_FLAG_SUCCESSFUL_ACCESS
,
1174 struct winreg_secinfo_table
{
1175 struct security_descriptor
*sd
;
1179 secinfo_verify_fn fn
;
1182 struct winreg_secinfo_table sec_info_owner_tests
[] = {
1183 { sd_owner
, 0, WERR_OK
,
1184 false, (secinfo_verify_fn
)_test_owner_present
},
1185 { sd_owner
, SECINFO_OWNER
, WERR_OK
,
1186 true, (secinfo_verify_fn
)_test_owner_present
},
1187 { sd_owner
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1188 { sd_owner
, SECINFO_DACL
, WERR_OK
,
1189 true, (secinfo_verify_fn
)_test_owner_present
},
1190 { sd_owner
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1193 uint32_t sd_owner_good_access_masks
[] = {
1194 SEC_FLAG_MAXIMUM_ALLOWED
,
1195 /* SEC_STD_WRITE_OWNER, */
1198 struct winreg_secinfo_table sec_info_group_tests
[] = {
1199 { sd_group
, 0, WERR_OK
,
1200 false, (secinfo_verify_fn
)_test_group_present
},
1201 { sd_group
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1202 { sd_group
, SECINFO_GROUP
, WERR_OK
,
1203 true, (secinfo_verify_fn
)_test_group_present
},
1204 { sd_group
, SECINFO_DACL
, WERR_OK
,
1205 true, (secinfo_verify_fn
)_test_group_present
},
1206 { sd_group
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1209 uint32_t sd_group_good_access_masks
[] = {
1210 SEC_FLAG_MAXIMUM_ALLOWED
,
1213 struct winreg_secinfo_table sec_info_dacl_tests
[] = {
1214 { sd_dacl
, 0, WERR_OK
,
1215 false, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1216 { sd_dacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1217 { sd_dacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1218 { sd_dacl
, SECINFO_DACL
, WERR_OK
,
1219 true, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1220 { sd_dacl
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1223 uint32_t sd_dacl_good_access_masks
[] = {
1224 SEC_FLAG_MAXIMUM_ALLOWED
,
1228 struct winreg_secinfo_table sec_info_sacl_tests
[] = {
1229 { sd_sacl
, 0, WERR_OK
,
1230 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1231 { sd_sacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1232 { sd_sacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1233 { sd_sacl
, SECINFO_DACL
, WERR_OK
,
1234 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1235 { sd_sacl
, SECINFO_SACL
, WERR_OK
,
1236 true, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1239 uint32_t sd_sacl_good_access_masks
[] = {
1240 SEC_FLAG_MAXIMUM_ALLOWED
| SEC_FLAG_SYSTEM_SECURITY
,
1241 /* SEC_FLAG_SYSTEM_SECURITY, */
1244 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
1249 if (!test_BackupSecurity(p
, tctx
, handle
, key
, &sd_orig
)) {
1255 for (i
=0; i
< ARRAY_SIZE(sec_info_owner_tests
); i
++) {
1257 for (a
=0; a
< ARRAY_SIZE(sd_owner_good_access_masks
); a
++) {
1259 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1262 sd_owner_good_access_masks
[a
],
1263 sec_info_owner_tests
[i
].sec_info
,
1264 sec_info_owner_tests
[i
].sd
,
1265 sec_info_owner_tests
[i
].set_werr
,
1266 sec_info_owner_tests
[i
].sid_present
,
1267 sec_info_owner_tests
[i
].fn
,
1270 torture_comment(tctx
, "test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1279 for (i
=0; i
< ARRAY_SIZE(sec_info_group_tests
); i
++) {
1281 for (a
=0; a
< ARRAY_SIZE(sd_group_good_access_masks
); a
++) {
1283 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1286 sd_group_good_access_masks
[a
],
1287 sec_info_group_tests
[i
].sec_info
,
1288 sec_info_group_tests
[i
].sd
,
1289 sec_info_group_tests
[i
].set_werr
,
1290 sec_info_group_tests
[i
].sid_present
,
1291 sec_info_group_tests
[i
].fn
,
1294 torture_comment(tctx
, "test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1303 for (i
=0; i
< ARRAY_SIZE(sec_info_dacl_tests
); i
++) {
1305 for (a
=0; a
< ARRAY_SIZE(sd_dacl_good_access_masks
); a
++) {
1307 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1310 sd_dacl_good_access_masks
[a
],
1311 sec_info_dacl_tests
[i
].sec_info
,
1312 sec_info_dacl_tests
[i
].sd
,
1313 sec_info_dacl_tests
[i
].set_werr
,
1314 sec_info_dacl_tests
[i
].sid_present
,
1315 sec_info_dacl_tests
[i
].fn
,
1318 torture_comment(tctx
, "test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1327 for (i
=0; i
< ARRAY_SIZE(sec_info_sacl_tests
); i
++) {
1329 for (a
=0; a
< ARRAY_SIZE(sd_sacl_good_access_masks
); a
++) {
1331 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1334 sd_sacl_good_access_masks
[a
],
1335 sec_info_sacl_tests
[i
].sec_info
,
1336 sec_info_sacl_tests
[i
].sd
,
1337 sec_info_sacl_tests
[i
].set_werr
,
1338 sec_info_sacl_tests
[i
].sid_present
,
1339 sec_info_sacl_tests
[i
].fn
,
1342 torture_comment(tctx
, "test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1350 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
1355 static bool test_SecurityDescriptors(struct dcerpc_pipe
*p
,
1356 struct torture_context
*tctx
,
1357 struct policy_handle
*handle
,
1362 if (!test_SecurityDescriptor(p
, tctx
, handle
, key
)) {
1363 torture_comment(tctx
, "test_SecurityDescriptor failed\n");
1367 if (!test_SecurityDescriptorInheritance(p
, tctx
, handle
, key
)) {
1368 torture_comment(tctx
, "test_SecurityDescriptorInheritance failed\n");
1372 if (!test_SecurityDescriptorBlockInheritance(p
, tctx
, handle
, key
)) {
1373 torture_comment(tctx
, "test_SecurityDescriptorBlockInheritance failed\n");
1377 if (!test_SecurityDescriptorsSecInfo(p
, tctx
, handle
, key
)) {
1378 torture_comment(tctx
, "test_SecurityDescriptorsSecInfo failed\n");
1382 if (!test_SecurityDescriptorsMasks(p
, tctx
, handle
, key
)) {
1383 torture_comment(tctx
, "test_SecurityDescriptorsMasks failed\n");
1390 static bool test_DeleteKey(struct dcerpc_binding_handle
*b
,
1391 struct torture_context
*tctx
,
1392 struct policy_handle
*handle
, const char *key
)
1395 struct winreg_DeleteKey r
;
1397 r
.in
.handle
= handle
;
1398 init_winreg_String(&r
.in
.key
, key
);
1400 status
= dcerpc_winreg_DeleteKey_r(b
, tctx
, &r
);
1402 torture_assert_ntstatus_ok(tctx
, status
, "DeleteKey failed");
1403 torture_assert_werr_ok(tctx
, r
.out
.result
, "DeleteKey failed");
1408 static bool test_QueryInfoKey(struct dcerpc_binding_handle
*b
,
1409 struct torture_context
*tctx
,
1410 struct policy_handle
*handle
, char *kclass
)
1412 struct winreg_QueryInfoKey r
;
1413 uint32_t num_subkeys
, max_subkeylen
, max_classlen
,
1414 num_values
, max_valnamelen
, max_valbufsize
,
1416 NTTIME last_changed_time
;
1419 r
.in
.handle
= handle
;
1420 r
.out
.num_subkeys
= &num_subkeys
;
1421 r
.out
.max_subkeylen
= &max_subkeylen
;
1422 r
.out
.max_classlen
= &max_classlen
;
1423 r
.out
.num_values
= &num_values
;
1424 r
.out
.max_valnamelen
= &max_valnamelen
;
1425 r
.out
.max_valbufsize
= &max_valbufsize
;
1426 r
.out
.secdescsize
= &secdescsize
;
1427 r
.out
.last_changed_time
= &last_changed_time
;
1429 r
.out
.classname
= talloc(tctx
, struct winreg_String
);
1431 r
.in
.classname
= talloc(tctx
, struct winreg_String
);
1432 init_winreg_String(r
.in
.classname
, kclass
);
1434 torture_assert_ntstatus_ok(tctx
,
1435 dcerpc_winreg_QueryInfoKey_r(b
, tctx
, &r
),
1436 "QueryInfoKey failed");
1438 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryInfoKey failed");
1443 static bool test_SetValue(struct dcerpc_binding_handle
*b
,
1444 struct torture_context
*tctx
,
1445 struct policy_handle
*handle
,
1446 const char *value_name
,
1447 enum winreg_Type type
,
1451 struct winreg_SetValue r
;
1452 struct winreg_String name
;
1454 torture_comment(tctx
, "Testing SetValue(%s), type: %s, offered: 0x%08x)\n",
1455 value_name
, str_regtype(type
), size
);
1457 init_winreg_String(&name
, value_name
);
1459 r
.in
.handle
= handle
;
1465 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_SetValue_r(b
, tctx
, &r
),
1466 "winreg_SetValue failed");
1467 torture_assert_werr_ok(tctx
, r
.out
.result
,
1468 "winreg_SetValue failed");
1473 static bool test_DeleteValue(struct dcerpc_binding_handle
*b
,
1474 struct torture_context
*tctx
,
1475 struct policy_handle
*handle
,
1476 const char *value_name
)
1478 struct winreg_DeleteValue r
;
1479 struct winreg_String value
;
1481 torture_comment(tctx
, "Testing DeleteValue(%s)\n", value_name
);
1483 init_winreg_String(&value
, value_name
);
1485 r
.in
.handle
= handle
;
1488 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_DeleteValue_r(b
, tctx
, &r
),
1489 "winreg_DeleteValue failed");
1490 torture_assert_werr_ok(tctx
, r
.out
.result
,
1491 "winreg_DeleteValue failed");
1496 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1497 struct policy_handle
*handle
, int depth
,
1498 bool test_security
);
1500 static bool test_EnumKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1501 struct policy_handle
*handle
, int depth
,
1504 struct winreg_EnumKey r
;
1505 struct winreg_StringBuf kclass
, name
;
1508 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1514 r
.in
.handle
= handle
;
1515 r
.in
.enum_index
= 0;
1517 r
.in
.keyclass
= &kclass
;
1519 r
.in
.last_changed_time
= &t
;
1525 status
= dcerpc_winreg_EnumKey_r(b
, tctx
, &r
);
1527 if (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
)) {
1528 struct policy_handle key_handle
;
1530 torture_comment(tctx
, "EnumKey: %d: %s\n",
1534 if (!test_OpenKey(b
, tctx
, handle
, r
.out
.name
->name
,
1537 test_key(p
, tctx
, &key_handle
,
1538 depth
+ 1, test_security
);
1544 } while (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
));
1546 torture_assert_ntstatus_ok(tctx
, status
, "EnumKey failed");
1548 if (!W_ERROR_IS_OK(r
.out
.result
) &&
1549 !W_ERROR_EQUAL(r
.out
.result
, WERR_NO_MORE_ITEMS
)) {
1550 torture_fail(tctx
, "EnumKey failed");
1556 static bool test_QueryMultipleValues(struct dcerpc_binding_handle
*b
,
1557 struct torture_context
*tctx
,
1558 struct policy_handle
*handle
,
1559 const char *valuename
)
1561 struct winreg_QueryMultipleValues r
;
1566 r
.in
.key_handle
= handle
;
1567 r
.in
.values
= r
.out
.values
= talloc_array(tctx
, struct QueryMultipleValue
, 1);
1568 r
.in
.values
[0].name
= talloc(tctx
, struct winreg_String
);
1569 r
.in
.values
[0].name
->name
= valuename
;
1570 r
.in
.values
[0].offset
= 0;
1571 r
.in
.values
[0].length
= 0;
1572 r
.in
.values
[0].type
= 0;
1574 r
.in
.num_values
= 1;
1575 r
.in
.buffer_size
= r
.out
.buffer_size
= talloc(tctx
, uint32_t);
1576 *r
.in
.buffer_size
= bufsize
;
1578 *r
.in
.buffer_size
= bufsize
;
1579 r
.in
.buffer
= r
.out
.buffer
= talloc_zero_array(tctx
, uint8_t,
1582 status
= dcerpc_winreg_QueryMultipleValues_r(b
, tctx
, &r
);
1584 if(NT_STATUS_IS_ERR(status
))
1585 torture_fail(tctx
, "QueryMultipleValues failed");
1587 talloc_free(r
.in
.buffer
);
1589 } while (W_ERROR_EQUAL(r
.out
.result
, WERR_MORE_DATA
));
1591 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryMultipleValues failed");
1596 static bool test_QueryValue(struct dcerpc_binding_handle
*b
,
1597 struct torture_context
*tctx
,
1598 struct policy_handle
*handle
,
1599 const char *valuename
)
1601 struct winreg_QueryValue r
;
1603 enum winreg_Type zero_type
= 0;
1604 uint32_t offered
= 0xfff;
1608 r
.in
.handle
= handle
;
1610 r
.in
.value_name
= talloc_zero(tctx
, struct winreg_String
);
1611 r
.in
.value_name
->name
= valuename
;
1612 r
.in
.type
= &zero_type
;
1613 r
.in
.data_size
= &offered
;
1614 r
.in
.data_length
= &zero
;
1616 status
= dcerpc_winreg_QueryValue_r(b
, tctx
, &r
);
1617 if (NT_STATUS_IS_ERR(status
)) {
1618 torture_fail(tctx
, "QueryValue failed");
1621 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryValue failed");
1626 static bool test_QueryValue_full(struct dcerpc_binding_handle
*b
,
1627 struct torture_context
*tctx
,
1628 struct policy_handle
*handle
,
1629 const char *valuename
,
1630 bool existing_value
)
1632 struct winreg_QueryValue r
;
1633 struct winreg_String value_name
;
1634 enum winreg_Type type
= REG_NONE
;
1635 uint32_t data_size
= 0;
1636 uint32_t real_data_size
= 0;
1637 uint32_t data_length
= 0;
1638 uint8_t *data
= NULL
;
1639 WERROR expected_error
= WERR_BADFILE
;
1641 if (valuename
== NULL
) {
1642 expected_error
= WERR_INVALID_PARAM
;
1647 init_winreg_String(&value_name
, NULL
);
1649 torture_comment(tctx
, "Testing QueryValue(%s)\n", valuename
);
1651 r
.in
.handle
= handle
;
1652 r
.in
.value_name
= &value_name
;
1654 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
), "QueryValue failed");
1655 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INVALID_PARAM
,
1656 "expected WERR_INVALID_PARAM for NULL winreg_String.name");
1658 init_winreg_String(&value_name
, valuename
);
1659 r
.in
.value_name
= &value_name
;
1661 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1662 "QueryValue failed");
1663 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INVALID_PARAM
,
1664 "QueryValue failed");
1668 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1669 "QueryValue failed");
1670 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INVALID_PARAM
,
1671 "QueryValue failed");
1673 r
.in
.data_length
= &data_length
;
1674 r
.out
.data_length
= &data_length
;
1675 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1676 "QueryValue failed");
1677 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_INVALID_PARAM
,
1678 "QueryValue failed");
1680 r
.in
.data_size
= &data_size
;
1681 r
.out
.data_size
= &data_size
;
1682 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1683 "QueryValue failed");
1684 if (existing_value
) {
1685 torture_assert_werr_ok(tctx
, r
.out
.result
,
1686 "QueryValue failed");
1688 torture_assert_werr_equal(tctx
, r
.out
.result
, expected_error
,
1689 "QueryValue failed");
1692 real_data_size
= *r
.out
.data_size
;
1694 data
= talloc_zero_array(tctx
, uint8_t, 0);
1697 *r
.in
.data_size
= 0;
1698 *r
.out
.data_size
= 0;
1699 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1700 "QueryValue failed");
1701 if (existing_value
) {
1702 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_MORE_DATA
,
1703 "QueryValue failed");
1705 torture_assert_werr_equal(tctx
, r
.out
.result
, expected_error
,
1706 "QueryValue failed");
1709 data
= talloc_zero_array(tctx
, uint8_t, real_data_size
);
1712 r
.in
.data_size
= &real_data_size
;
1713 r
.out
.data_size
= &real_data_size
;
1714 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_QueryValue_r(b
, tctx
, &r
),
1715 "QueryValue failed");
1716 if (existing_value
) {
1717 torture_assert_werr_ok(tctx
, r
.out
.result
,
1718 "QueryValue failed");
1720 torture_assert_werr_equal(tctx
, r
.out
.result
, expected_error
,
1721 "QueryValue failed");
1727 static bool test_EnumValue(struct dcerpc_binding_handle
*b
,
1728 struct torture_context
*tctx
,
1729 struct policy_handle
*handle
, int max_valnamelen
,
1732 struct winreg_EnumValue r
;
1733 enum winreg_Type type
= 0;
1734 uint32_t size
= max_valbufsize
, zero
= 0;
1737 struct winreg_ValNameBuf name
;
1743 r
.in
.handle
= handle
;
1744 r
.in
.enum_index
= 0;
1749 r
.in
.length
= &zero
;
1753 torture_assert_ntstatus_ok(tctx
,
1754 dcerpc_winreg_EnumValue_r(b
, tctx
, &r
),
1755 "EnumValue failed");
1757 if (W_ERROR_IS_OK(r
.out
.result
)) {
1758 ret
&= test_QueryValue(b
, tctx
, handle
,
1760 ret
&= test_QueryMultipleValues(b
, tctx
, handle
,
1765 } while (W_ERROR_IS_OK(r
.out
.result
));
1767 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_NO_MORE_ITEMS
,
1768 "EnumValue failed");
1773 static bool test_AbortSystemShutdown(struct dcerpc_binding_handle
*b
,
1774 struct torture_context
*tctx
)
1776 struct winreg_AbortSystemShutdown r
;
1777 uint16_t server
= 0x0;
1780 r
.in
.server
= &server
;
1782 torture_assert_ntstatus_ok(tctx
,
1783 dcerpc_winreg_AbortSystemShutdown_r(b
, tctx
, &r
),
1784 "AbortSystemShutdown failed");
1786 torture_assert_werr_ok(tctx
, r
.out
.result
,
1787 "AbortSystemShutdown failed");
1792 static bool test_InitiateSystemShutdown(struct torture_context
*tctx
,
1793 struct dcerpc_pipe
*p
)
1795 struct winreg_InitiateSystemShutdown r
;
1796 uint16_t hostname
= 0x0;
1797 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1800 r
.in
.hostname
= &hostname
;
1801 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1802 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1803 r
.in
.force_apps
= 1;
1807 torture_assert_ntstatus_ok(tctx
,
1808 dcerpc_winreg_InitiateSystemShutdown_r(b
, tctx
, &r
),
1809 "InitiateSystemShutdown failed");
1811 torture_assert_werr_ok(tctx
, r
.out
.result
,
1812 "InitiateSystemShutdown failed");
1814 return test_AbortSystemShutdown(b
, tctx
);
1818 static bool test_InitiateSystemShutdownEx(struct torture_context
*tctx
,
1819 struct dcerpc_pipe
*p
)
1821 struct winreg_InitiateSystemShutdownEx r
;
1822 uint16_t hostname
= 0x0;
1823 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1826 r
.in
.hostname
= &hostname
;
1827 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1828 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1829 r
.in
.force_apps
= 1;
1834 torture_assert_ntstatus_ok(tctx
,
1835 dcerpc_winreg_InitiateSystemShutdownEx_r(b
, tctx
, &r
),
1836 "InitiateSystemShutdownEx failed");
1838 torture_assert_werr_ok(tctx
, r
.out
.result
,
1839 "InitiateSystemShutdownEx failed");
1841 return test_AbortSystemShutdown(b
, tctx
);
1843 #define MAX_DEPTH 2 /* Only go this far down the tree */
1845 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1846 struct policy_handle
*handle
, int depth
,
1849 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1851 if (depth
== MAX_DEPTH
)
1854 if (!test_QueryInfoKey(b
, tctx
, handle
, NULL
)) {
1857 if (!test_NotifyChangeKeyValue(b
, tctx
, handle
)) {
1860 if (test_security
&& !test_GetKeySecurity(p
, tctx
, handle
, NULL
)) {
1863 if (!test_EnumKey(p
, tctx
, handle
, depth
, test_security
)) {
1866 if (!test_EnumValue(b
, tctx
, handle
, 0xFF, 0xFFFF)) {
1869 test_CloseKey(b
, tctx
, handle
);
1874 static bool test_SetValue_simple(struct dcerpc_pipe
*p
,
1875 struct torture_context
*tctx
,
1876 struct policy_handle
*handle
)
1878 const char *value_name
= TEST_VALUE
;
1879 uint32_t value
= 0x12345678;
1880 const char *string
= "torture";
1882 enum winreg_Type types
[] = {
1889 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1891 torture_comment(tctx
, "Testing SetValue (standard formats)\n");
1893 for (t
=0; t
< ARRAY_SIZE(types
); t
++) {
1895 enum winreg_Type w_type
;
1896 uint32_t w_size
, w_length
;
1901 blob
= data_blob_talloc_zero(tctx
, 4);
1902 SIVAL(blob
.data
, 0, value
);
1905 blob
= data_blob_string_const("binary_blob");
1908 torture_assert(tctx
,
1909 convert_string_talloc_convenience(tctx
, lp_iconv_convenience(tctx
->lp_ctx
),
1913 (void **)&blob
.data
,
1918 torture_assert(tctx
,
1919 convert_string_talloc_convenience(tctx
, lp_iconv_convenience(tctx
->lp_ctx
),
1923 (void **)&blob
.data
,
1926 torture_assert(tctx
, data_blob_realloc(tctx
, &blob
, blob
.length
+ 2), "");
1927 memset(&blob
.data
[blob
.length
- 2], '\0', 2);
1933 torture_assert(tctx
,
1934 test_SetValue(b
, tctx
, handle
, value_name
, types
[t
], blob
.data
, blob
.length
),
1935 "test_SetValue failed");
1936 torture_assert(tctx
,
1937 test_QueryValue_full(b
, tctx
, handle
, value_name
, true),
1938 talloc_asprintf(tctx
, "test_QueryValue_full for %s value failed", value_name
));
1939 torture_assert(tctx
,
1940 test_winreg_QueryValue(tctx
, b
, handle
, value_name
, &w_type
, &w_size
, &w_length
, &w_data
),
1941 "test_winreg_QueryValue failed");
1942 torture_assert(tctx
,
1943 test_DeleteValue(b
, tctx
, handle
, value_name
),
1944 "test_DeleteValue failed");
1946 torture_assert_int_equal(tctx
, w_type
, types
[t
], "winreg type mismatch");
1947 torture_assert_int_equal(tctx
, w_size
, blob
.length
, "winreg size mismatch");
1948 torture_assert_int_equal(tctx
, w_length
, blob
.length
, "winreg length mismatch");
1949 torture_assert_mem_equal(tctx
, w_data
, blob
.data
, blob
.length
, "winreg buffer mismatch");
1952 torture_comment(tctx
, "Testing SetValue (standard formats) succeeded\n");
1957 typedef NTSTATUS (*winreg_open_fn
)(struct dcerpc_binding_handle
*, TALLOC_CTX
*, void *);
1959 static bool test_Open_Security(struct torture_context
*tctx
,
1960 struct dcerpc_pipe
*p
, void *userdata
)
1962 struct policy_handle handle
, newhandle
;
1963 bool ret
= true, created2
= false;
1964 bool created4
= false;
1965 struct winreg_OpenHKLM r
;
1966 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
1968 winreg_open_fn open_fn
= userdata
;
1971 r
.in
.system_name
= 0;
1972 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1973 r
.out
.handle
= &handle
;
1975 torture_assert_ntstatus_ok(tctx
, open_fn(b
, tctx
, &r
),
1978 test_Cleanup(b
, tctx
, &handle
, TEST_KEY_BASE
);
1980 if (!test_CreateKey(b
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
1981 torture_comment(tctx
,
1982 "CreateKey (TEST_KEY_BASE) failed\n");
1985 if (test_CreateKey_sd(b
, tctx
, &handle
, TEST_KEY2
,
1986 NULL
, &newhandle
)) {
1990 if (created2
&& !test_CloseKey(b
, tctx
, &newhandle
)) {
1991 torture_comment(tctx
, "CloseKey failed\n");
1995 if (test_CreateKey_sd(b
, tctx
, &handle
, TEST_KEY4
, NULL
, &newhandle
)) {
1999 if (created4
&& !test_CloseKey(b
, tctx
, &newhandle
)) {
2000 torture_comment(tctx
, "CloseKey failed\n");
2004 if (created4
&& !test_SecurityDescriptors(p
, tctx
, &handle
, TEST_KEY4
)) {
2008 if (created4
&& !test_DeleteKey(b
, tctx
, &handle
, TEST_KEY4
)) {
2009 torture_comment(tctx
, "DeleteKey failed\n");
2013 if (created2
&& !test_DeleteKey(b
, tctx
, &handle
, TEST_KEY2
)) {
2014 torture_comment(tctx
, "DeleteKey failed\n");
2018 /* The HKCR hive has a very large fanout */
2019 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR_r
) {
2020 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, true)) {
2024 if (!test_key(p
, tctx
, &handle
, 0, true)) {
2029 test_Cleanup(b
, tctx
, &handle
, TEST_KEY_BASE
);
2034 static bool test_SetValue_extended(struct dcerpc_binding_handle
*b
,
2035 struct torture_context
*tctx
,
2036 struct policy_handle
*handle
)
2038 const char *value_name
= TEST_VALUE
;
2039 enum winreg_Type types
[] = {
2045 REG_DWORD_BIG_ENDIAN
,
2049 REG_FULL_RESOURCE_DESCRIPTOR
,
2050 REG_RESOURCE_REQUIREMENTS_LIST
,
2062 if (torture_setting_bool(tctx
, "samba3", false) ||
2063 torture_setting_bool(tctx
, "samba4", false)) {
2064 torture_skip(tctx
, "skipping extended SetValue test against Samba");
2067 torture_comment(tctx
, "Testing SetValue (extended formats)\n");
2069 for (t
=0; t
< ARRAY_SIZE(types
); t
++) {
2070 for (l
=0; l
< 32; l
++) {
2072 enum winreg_Type w_type
;
2073 uint32_t w_size
, w_length
;
2076 const char *string
= generate_random_str(tctx
, l
);
2077 DATA_BLOB blob
= data_blob_string_const(string
);
2079 torture_assert(tctx
,
2080 test_SetValue(b
, tctx
, handle
, value_name
, types
[t
], blob
.data
, blob
.length
),
2081 "test_SetValue failed");
2083 torture_assert(tctx
,
2084 test_winreg_QueryValue(tctx
, b
, handle
, value_name
, &w_type
, &w_size
, &w_length
, &w_data
),
2085 "test_winreg_QueryValue failed");
2087 torture_assert(tctx
,
2088 test_DeleteValue(b
, tctx
, handle
, value_name
),
2089 "test_DeleteValue failed");
2091 torture_assert_int_equal(tctx
, w_type
, types
[t
], "winreg type mismatch");
2092 torture_assert_int_equal(tctx
, w_size
, blob
.length
, "winreg size mismatch");
2093 torture_assert_int_equal(tctx
, w_length
, blob
.length
, "winreg length mismatch");
2094 torture_assert_mem_equal(tctx
, w_data
, blob
.data
, blob
.length
, "winreg buffer mismatch");
2098 torture_comment(tctx
, "Testing SetValue (extended formats) succeeded\n");
2103 #define KEY_CURRENT_VERSION "SOFTWARE\\MICROSOFT\\WINDOWS NT\\CURRENTVERSION"
2104 #define VALUE_CURRENT_VERSION "CurrentVersion"
2106 static bool test_Open(struct torture_context
*tctx
, struct dcerpc_pipe
*p
,
2109 struct policy_handle handle
, newhandle
;
2110 bool ret
= true, created
= false, deleted
= false;
2111 bool created3
= false, created_subkey
= false;
2112 struct winreg_OpenHKLM r
;
2113 struct dcerpc_binding_handle
*b
= p
->binding_handle
;
2115 winreg_open_fn open_fn
= userdata
;
2118 r
.in
.system_name
= 0;
2119 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
2120 r
.out
.handle
= &handle
;
2122 torture_assert_ntstatus_ok(tctx
, open_fn(b
, tctx
, &r
),
2125 if (open_fn
== (void *)dcerpc_winreg_OpenHKLM_r
) {
2127 torture_assert(tctx
, test_OpenKey(p
, tctx
, &handle
, KEY_CURRENT_VERSION
, &newhandle
),
2128 "failed to open current version key");
2130 torture_assert(tctx
, _test_OpenKey(b
, tctx
, &handle
, KEY_CURRENT_VERSION
, KEY_QUERY_VALUE
, &newhandle
, WERR_OK
, NULL
),
2131 "failed to open current version key");
2133 torture_assert(tctx
, test_QueryValue_full(b
, tctx
, &newhandle
, VALUE_CURRENT_VERSION
, true),
2134 "failed to query current version");
2135 torture_assert(tctx
, test_QueryValue_full(b
, tctx
, &newhandle
, "IDoNotExist", false),
2136 "failed to query current version");
2137 torture_assert(tctx
, test_QueryValue_full(b
, tctx
, &newhandle
, NULL
, false),
2138 "test_QueryValue_full for NULL value failed");
2139 torture_assert(tctx
, test_QueryValue_full(b
, tctx
, &newhandle
, "", false),
2140 "test_QueryValue_full for \"\" value failed");
2142 torture_assert(tctx
, test_CloseKey(b
, tctx
, &newhandle
),
2143 "failed to close current version key");
2146 test_Cleanup(b
, tctx
, &handle
, TEST_KEY_BASE
);
2148 if (!test_CreateKey(b
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
2149 torture_comment(tctx
,
2150 "CreateKey (TEST_KEY_BASE) failed\n");
2153 if (!test_CreateKey(b
, tctx
, &handle
, TEST_KEY1
, NULL
)) {
2154 torture_comment(tctx
,
2155 "CreateKey failed - not considering a failure\n");
2160 if (created
&& !test_FlushKey(b
, tctx
, &handle
)) {
2161 torture_comment(tctx
, "FlushKey failed\n");
2165 if (created
&& !test_OpenKey(b
, tctx
, &handle
, TEST_KEY1
, &newhandle
))
2167 "CreateKey failed (OpenKey after Create didn't work)\n");
2170 torture_assert(tctx
, test_SetValue_simple(p
, tctx
, &newhandle
),
2171 "simple SetValue test failed");
2172 torture_assert(tctx
, test_SetValue_extended(b
, tctx
, &newhandle
),
2173 "extended SetValue test failed");
2176 if (created
&& !test_CloseKey(b
, tctx
, &newhandle
))
2178 "CreateKey failed (CloseKey after Open didn't work)\n");
2180 if (created
&& !test_DeleteKey(b
, tctx
, &handle
, TEST_KEY1
)) {
2181 torture_comment(tctx
, "DeleteKey failed\n");
2187 if (created
&& !test_FlushKey(b
, tctx
, &handle
)) {
2188 torture_comment(tctx
, "FlushKey failed\n");
2192 if (created
&& deleted
&&
2193 !_test_OpenKey(b
, tctx
, &handle
, TEST_KEY1
,
2194 SEC_FLAG_MAXIMUM_ALLOWED
, &newhandle
,
2195 WERR_BADFILE
, NULL
)) {
2196 torture_comment(tctx
,
2197 "DeleteKey failed (OpenKey after Delete "
2198 "did not return WERR_BADFILE)\n");
2202 if (!test_GetVersion(b
, tctx
, &handle
)) {
2203 torture_comment(tctx
, "GetVersion failed\n");
2207 if (created
&& test_CreateKey(b
, tctx
, &handle
, TEST_KEY3
, NULL
)) {
2212 test_CreateKey(b
, tctx
, &handle
, TEST_SUBKEY
, NULL
)) {
2213 created_subkey
= true;
2216 if (created_subkey
&&
2217 !test_DeleteKey(b
, tctx
, &handle
, TEST_KEY3
)) {
2218 torture_comment(tctx
, "DeleteKey failed\n");
2222 /* The HKCR hive has a very large fanout */
2223 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR_r
) {
2224 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, false)) {
2228 if (!test_key(p
, tctx
, &handle
, 0, false)) {
2233 test_Cleanup(b
, tctx
, &handle
, TEST_KEY_BASE
);
2238 struct torture_suite
*torture_rpc_winreg(TALLOC_CTX
*mem_ctx
)
2240 struct torture_rpc_tcase
*tcase
;
2241 struct torture_suite
*suite
= torture_suite_create(mem_ctx
, "WINREG");
2242 struct torture_test
*test
;
2244 tcase
= torture_suite_add_rpc_iface_tcase(suite
, "winreg",
2247 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdown",
2248 test_InitiateSystemShutdown
);
2249 test
->dangerous
= true;
2251 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdownEx",
2252 test_InitiateSystemShutdownEx
);
2253 test
->dangerous
= true;
2255 /* Basic tests without security descriptors */
2256 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-basic",
2258 (winreg_open_fn
)dcerpc_winreg_OpenHKLM_r
);
2259 torture_rpc_tcase_add_test_ex(tcase
, "HKU-basic",
2261 (winreg_open_fn
)dcerpc_winreg_OpenHKU_r
);
2262 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-basic",
2264 (winreg_open_fn
)dcerpc_winreg_OpenHKCR_r
);
2265 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-basic",
2267 (winreg_open_fn
)dcerpc_winreg_OpenHKCU_r
);
2269 /* Security descriptor tests */
2270 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-security",
2272 (winreg_open_fn
)dcerpc_winreg_OpenHKLM_r
);
2273 torture_rpc_tcase_add_test_ex(tcase
, "HKU-security",
2275 (winreg_open_fn
)dcerpc_winreg_OpenHKU_r
);
2276 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-security",
2278 (winreg_open_fn
)dcerpc_winreg_OpenHKCR_r
);
2279 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-security",
2281 (winreg_open_fn
)dcerpc_winreg_OpenHKCU_r
);