2 Unix SMB/CIFS implementation.
3 test suite for winreg rpc operations
5 Copyright (C) Tim Potter 2003
6 Copyright (C) Jelmer Vernooij 2004-2007
7 Copyright (C) Günther Deschner 2007
9 This program is free software; you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation; either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
24 #include "torture/torture.h"
25 #include "librpc/gen_ndr/ndr_winreg_c.h"
26 #include "librpc/gen_ndr/ndr_security.h"
27 #include "libcli/security/security.h"
28 #include "torture/rpc/rpc.h"
30 #define TEST_KEY_BASE "smbtorture test"
31 #define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
32 #define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
33 #define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
34 #define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
35 #define TEST_SUBKEY TEST_KEY3 "\\subkey"
36 #define TEST_SUBKEY_SD TEST_KEY4 "\\subkey_sd"
37 #define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"
39 #define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"
41 static void init_lsa_StringLarge(struct lsa_StringLarge
*name
, const char *s
)
46 static void init_winreg_String(struct winreg_String
*name
, const char *s
)
50 name
->name_len
= 2 * (strlen_m(s
) + 1);
51 name
->name_size
= name
->name_len
;
58 static bool test_GetVersion(struct dcerpc_pipe
*p
,
59 struct torture_context
*tctx
,
60 struct policy_handle
*handle
)
62 struct winreg_GetVersion r
;
69 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_GetVersion(p
, tctx
, &r
),
72 torture_assert_werr_ok(tctx
, r
.out
.result
, "GetVersion failed");
77 static bool test_NotifyChangeKeyValue(struct dcerpc_pipe
*p
,
78 struct torture_context
*tctx
,
79 struct policy_handle
*handle
)
81 struct winreg_NotifyChangeKeyValue r
;
84 r
.in
.watch_subtree
= true;
85 r
.in
.notify_filter
= 0;
86 r
.in
.unknown
= r
.in
.unknown2
= 0;
87 init_winreg_String(&r
.in
.string1
, NULL
);
88 init_winreg_String(&r
.in
.string2
, NULL
);
90 torture_assert_ntstatus_ok(tctx
,
91 dcerpc_winreg_NotifyChangeKeyValue(p
, tctx
, &r
),
92 "NotifyChangeKeyValue failed");
94 if (!W_ERROR_IS_OK(r
.out
.result
)) {
96 "NotifyChangeKeyValue failed - %s - not considering\n",
97 win_errstr(r
.out
.result
));
104 static bool test_CreateKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
105 struct policy_handle
*handle
, const char *name
,
108 struct winreg_CreateKey r
;
109 struct policy_handle newhandle
;
110 enum winreg_CreateAction action_taken
= 0;
112 r
.in
.handle
= handle
;
113 r
.out
.new_handle
= &newhandle
;
114 init_winreg_String(&r
.in
.name
, name
);
115 init_winreg_String(&r
.in
.keyclass
, class);
117 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
118 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
121 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey(p
, tctx
, &r
),
124 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey failed");
131 createkey testing with a SD
133 static bool test_CreateKey_sd(struct dcerpc_pipe
*p
,
134 struct torture_context
*tctx
,
135 struct policy_handle
*handle
, const char *name
,
137 struct policy_handle
*newhandle
)
139 struct winreg_CreateKey r
;
140 enum winreg_CreateAction action_taken
= 0;
141 struct security_descriptor
*sd
;
143 struct winreg_SecBuf secbuf
;
145 sd
= security_descriptor_dacl_create(tctx
,
148 SID_NT_AUTHENTICATED_USERS
,
149 SEC_ACE_TYPE_ACCESS_ALLOWED
,
151 SEC_ACE_FLAG_OBJECT_INHERIT
|
152 SEC_ACE_FLAG_CONTAINER_INHERIT
,
155 torture_assert_ndr_success(tctx
,
156 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
157 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
158 "Failed to push security_descriptor ?!\n");
160 secbuf
.sd
.data
= sdblob
.data
;
161 secbuf
.sd
.len
= sdblob
.length
;
162 secbuf
.sd
.size
= sdblob
.length
;
163 secbuf
.length
= sdblob
.length
-10;
166 r
.in
.handle
= handle
;
167 r
.out
.new_handle
= newhandle
;
168 init_winreg_String(&r
.in
.name
, name
);
169 init_winreg_String(&r
.in
.keyclass
, class);
171 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
172 r
.in
.action_taken
= r
.out
.action_taken
= &action_taken
;
173 r
.in
.secdesc
= &secbuf
;
175 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CreateKey(p
, tctx
, &r
),
176 "CreateKey with sd failed");
178 torture_assert_werr_ok(tctx
, r
.out
.result
, "CreateKey with sd failed");
183 static bool _test_GetKeySecurity(struct dcerpc_pipe
*p
,
184 struct torture_context
*tctx
,
185 struct policy_handle
*handle
,
186 uint32_t *sec_info_ptr
,
188 struct security_descriptor
**sd_out
)
190 struct winreg_GetKeySecurity r
;
191 struct security_descriptor
*sd
= NULL
;
196 sec_info
= *sec_info_ptr
;
198 sec_info
= SECINFO_OWNER
| SECINFO_GROUP
| SECINFO_DACL
;
203 r
.in
.handle
= handle
;
204 r
.in
.sec_info
= sec_info
;
205 r
.in
.sd
= r
.out
.sd
= talloc_zero(tctx
, struct KeySecurityData
);
206 r
.in
.sd
->size
= 0x1000;
208 torture_assert_ntstatus_ok(tctx
,
209 dcerpc_winreg_GetKeySecurity(p
, tctx
, &r
),
210 "GetKeySecurity failed");
212 torture_assert_werr_equal(tctx
, r
.out
.result
, get_werr
,
213 "GetKeySecurity failed");
215 sdblob
.data
= r
.out
.sd
->data
;
216 sdblob
.length
= r
.out
.sd
->len
;
218 sd
= talloc_zero(tctx
, struct security_descriptor
);
220 torture_assert_ndr_success(tctx
,
221 ndr_pull_struct_blob(&sdblob
, tctx
, NULL
, sd
,
222 (ndr_pull_flags_fn_t
)ndr_pull_security_descriptor
),
223 "pull_security_descriptor failed");
225 if (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
) {
226 NDR_PRINT_DEBUG(security_descriptor
, sd
);
238 static bool test_GetKeySecurity(struct dcerpc_pipe
*p
,
239 struct torture_context
*tctx
,
240 struct policy_handle
*handle
,
241 struct security_descriptor
**sd_out
)
243 return _test_GetKeySecurity(p
, tctx
, handle
, NULL
, WERR_OK
, sd_out
);
246 static bool _test_SetKeySecurity(struct dcerpc_pipe
*p
,
247 struct torture_context
*tctx
,
248 struct policy_handle
*handle
,
249 uint32_t *sec_info_ptr
,
250 struct security_descriptor
*sd
,
253 struct winreg_SetKeySecurity r
;
254 struct KeySecurityData
*sdata
= NULL
;
260 if (sd
&& (p
->conn
->flags
& DCERPC_DEBUG_PRINT_OUT
)) {
261 NDR_PRINT_DEBUG(security_descriptor
, sd
);
264 torture_assert_ndr_success(tctx
,
265 ndr_push_struct_blob(&sdblob
, tctx
, NULL
, sd
,
266 (ndr_push_flags_fn_t
)ndr_push_security_descriptor
),
267 "push_security_descriptor failed");
269 sdata
= talloc_zero(tctx
, struct KeySecurityData
);
270 sdata
->data
= sdblob
.data
;
271 sdata
->size
= sdblob
.length
;
272 sdata
->len
= sdblob
.length
;
275 sec_info
= *sec_info_ptr
;
277 sec_info
= SECINFO_UNPROTECTED_SACL
|
278 SECINFO_UNPROTECTED_DACL
;
280 sec_info
|= SECINFO_OWNER
;
283 sec_info
|= SECINFO_GROUP
;
286 sec_info
|= SECINFO_SACL
;
289 sec_info
|= SECINFO_DACL
;
293 r
.in
.handle
= handle
;
294 r
.in
.sec_info
= sec_info
;
297 torture_assert_ntstatus_ok(tctx
,
298 dcerpc_winreg_SetKeySecurity(p
, tctx
, &r
),
299 "SetKeySecurity failed");
301 torture_assert_werr_equal(tctx
, r
.out
.result
, werr
,
302 "SetKeySecurity failed");
307 static bool test_SetKeySecurity(struct dcerpc_pipe
*p
,
308 struct torture_context
*tctx
,
309 struct policy_handle
*handle
,
310 struct security_descriptor
*sd
)
312 return _test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, WERR_OK
);
315 static bool test_CloseKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
316 struct policy_handle
*handle
)
318 struct winreg_CloseKey r
;
320 r
.in
.handle
= r
.out
.handle
= handle
;
322 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_CloseKey(p
, tctx
, &r
),
325 torture_assert_werr_ok(tctx
, r
.out
.result
, "CloseKey failed");
330 static bool test_FlushKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
331 struct policy_handle
*handle
)
333 struct winreg_FlushKey r
;
335 r
.in
.handle
= handle
;
337 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_FlushKey(p
, tctx
, &r
),
340 torture_assert_werr_ok(tctx
, r
.out
.result
, "FlushKey failed");
345 static bool _test_OpenKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
346 struct policy_handle
*hive_handle
,
347 const char *keyname
, uint32_t access_mask
,
348 struct policy_handle
*key_handle
,
352 struct winreg_OpenKey r
;
354 r
.in
.parent_handle
= hive_handle
;
355 init_winreg_String(&r
.in
.keyname
, keyname
);
356 r
.in
.unknown
= 0x00000000;
357 r
.in
.access_mask
= access_mask
;
358 r
.out
.handle
= key_handle
;
360 torture_assert_ntstatus_ok(tctx
, dcerpc_winreg_OpenKey(p
, tctx
, &r
),
363 torture_assert_werr_equal(tctx
, r
.out
.result
, open_werr
,
366 if (success
&& W_ERROR_EQUAL(r
.out
.result
, WERR_OK
)) {
373 static bool test_OpenKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
374 struct policy_handle
*hive_handle
,
375 const char *keyname
, struct policy_handle
*key_handle
)
377 return _test_OpenKey(p
, tctx
, hive_handle
, keyname
,
378 SEC_FLAG_MAXIMUM_ALLOWED
, key_handle
,
382 static bool test_Cleanup(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
383 struct policy_handle
*handle
, const char *key
)
385 struct winreg_DeleteKey r
;
387 r
.in
.handle
= handle
;
389 init_winreg_String(&r
.in
.key
, key
);
390 dcerpc_winreg_DeleteKey(p
, tctx
, &r
);
395 static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe
*p
,
396 struct torture_context
*tctx
,
397 struct policy_handle
*handle
,
401 struct security_descriptor
*sd
= NULL
;
403 if (!_test_GetKeySecurity(p
, tctx
, handle
, NULL
, get_werr
, &sd
)) {
407 if (!_test_SetKeySecurity(p
, tctx
, handle
, NULL
, sd
, set_werr
)) {
414 static bool test_SecurityDescriptor(struct dcerpc_pipe
*p
,
415 struct torture_context
*tctx
,
416 struct policy_handle
*handle
,
419 struct policy_handle new_handle
;
422 torture_comment(tctx
, "SecurityDescriptor get & set\n");
424 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
428 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
433 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
440 static bool _test_SecurityDescriptor(struct dcerpc_pipe
*p
,
441 struct torture_context
*tctx
,
442 struct policy_handle
*handle
,
443 uint32_t access_mask
,
449 struct policy_handle new_handle
;
451 bool got_key
= false;
453 if (!_test_OpenKey(p
, tctx
, handle
, key
, access_mask
, &new_handle
,
454 open_werr
, &got_key
)) {
462 if (!_test_GetSetSecurityDescriptor(p
, tctx
, &new_handle
,
463 get_werr
, set_werr
)) {
467 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
474 static bool test_dacl_trustee_present(struct dcerpc_pipe
*p
,
475 struct torture_context
*tctx
,
476 struct policy_handle
*handle
,
477 const struct dom_sid
*sid
)
479 struct security_descriptor
*sd
= NULL
;
482 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
486 if (!sd
|| !sd
->dacl
) {
490 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
491 if (dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) {
499 static bool _test_dacl_trustee_present(struct dcerpc_pipe
*p
,
500 struct torture_context
*tctx
,
501 struct policy_handle
*handle
,
503 const struct dom_sid
*sid
)
505 struct policy_handle new_handle
;
508 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
512 ret
= test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
);
514 test_CloseKey(p
, tctx
, &new_handle
);
519 static bool test_sacl_trustee_present(struct dcerpc_pipe
*p
,
520 struct torture_context
*tctx
,
521 struct policy_handle
*handle
,
522 const struct dom_sid
*sid
)
524 struct security_descriptor
*sd
= NULL
;
526 uint32_t sec_info
= SECINFO_SACL
;
528 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
532 if (!sd
|| !sd
->sacl
) {
536 for (i
= 0; i
< sd
->sacl
->num_aces
; i
++) {
537 if (dom_sid_equal(&sd
->sacl
->aces
[i
].trustee
, sid
)) {
545 static bool _test_sacl_trustee_present(struct dcerpc_pipe
*p
,
546 struct torture_context
*tctx
,
547 struct policy_handle
*handle
,
549 const struct dom_sid
*sid
)
551 struct policy_handle new_handle
;
554 if (!_test_OpenKey(p
, tctx
, handle
, key
, SEC_FLAG_SYSTEM_SECURITY
,
555 &new_handle
, WERR_OK
, NULL
)) {
559 ret
= test_sacl_trustee_present(p
, tctx
, &new_handle
, sid
);
561 test_CloseKey(p
, tctx
, &new_handle
);
566 static bool test_owner_present(struct dcerpc_pipe
*p
,
567 struct torture_context
*tctx
,
568 struct policy_handle
*handle
,
569 const struct dom_sid
*sid
)
571 struct security_descriptor
*sd
= NULL
;
572 uint32_t sec_info
= SECINFO_OWNER
;
574 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
578 if (!sd
|| !sd
->owner_sid
) {
582 return dom_sid_equal(sd
->owner_sid
, sid
);
585 static bool _test_owner_present(struct dcerpc_pipe
*p
,
586 struct torture_context
*tctx
,
587 struct policy_handle
*handle
,
589 const struct dom_sid
*sid
)
591 struct policy_handle new_handle
;
594 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
598 ret
= test_owner_present(p
, tctx
, &new_handle
, sid
);
600 test_CloseKey(p
, tctx
, &new_handle
);
605 static bool test_group_present(struct dcerpc_pipe
*p
,
606 struct torture_context
*tctx
,
607 struct policy_handle
*handle
,
608 const struct dom_sid
*sid
)
610 struct security_descriptor
*sd
= NULL
;
611 uint32_t sec_info
= SECINFO_GROUP
;
613 if (!_test_GetKeySecurity(p
, tctx
, handle
, &sec_info
, WERR_OK
, &sd
)) {
617 if (!sd
|| !sd
->group_sid
) {
621 return dom_sid_equal(sd
->group_sid
, sid
);
624 static bool _test_group_present(struct dcerpc_pipe
*p
,
625 struct torture_context
*tctx
,
626 struct policy_handle
*handle
,
628 const struct dom_sid
*sid
)
630 struct policy_handle new_handle
;
633 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
637 ret
= test_group_present(p
, tctx
, &new_handle
, sid
);
639 test_CloseKey(p
, tctx
, &new_handle
);
644 static bool test_dacl_trustee_flags_present(struct dcerpc_pipe
*p
,
645 struct torture_context
*tctx
,
646 struct policy_handle
*handle
,
647 const struct dom_sid
*sid
,
650 struct security_descriptor
*sd
= NULL
;
653 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
657 if (!sd
|| !sd
->dacl
) {
661 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
662 if ((dom_sid_equal(&sd
->dacl
->aces
[i
].trustee
, sid
)) &&
663 (sd
->dacl
->aces
[i
].flags
== flags
)) {
671 static bool test_dacl_ace_present(struct dcerpc_pipe
*p
,
672 struct torture_context
*tctx
,
673 struct policy_handle
*handle
,
674 const struct security_ace
*ace
)
676 struct security_descriptor
*sd
= NULL
;
679 if (!test_GetKeySecurity(p
, tctx
, handle
, &sd
)) {
683 if (!sd
|| !sd
->dacl
) {
687 for (i
= 0; i
< sd
->dacl
->num_aces
; i
++) {
688 if (security_ace_equal(&sd
->dacl
->aces
[i
], ace
)) {
696 static bool test_RestoreSecurity(struct dcerpc_pipe
*p
,
697 struct torture_context
*tctx
,
698 struct policy_handle
*handle
,
700 struct security_descriptor
*sd
)
702 struct policy_handle new_handle
;
705 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
709 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
713 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
720 static bool test_BackupSecurity(struct dcerpc_pipe
*p
,
721 struct torture_context
*tctx
,
722 struct policy_handle
*handle
,
724 struct security_descriptor
**sd
)
726 struct policy_handle new_handle
;
729 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
733 if (!test_GetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
737 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
744 static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe
*p
,
745 struct torture_context
*tctx
,
746 struct policy_handle
*handle
,
750 add ace SEC_ACE_FLAG_CONTAINER_INHERIT
765 struct security_descriptor
*sd
= NULL
;
766 struct security_descriptor
*sd_orig
= NULL
;
767 struct security_ace
*ace
= NULL
;
768 struct policy_handle new_handle
;
772 torture_comment(tctx
, "SecurityDescriptor inheritance\n");
774 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
778 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
782 sd_orig
= security_descriptor_copy(tctx
, sd
);
783 if (sd_orig
== NULL
) {
787 ace
= security_ace_create(tctx
,
789 SEC_ACE_TYPE_ACCESS_ALLOWED
,
791 SEC_ACE_FLAG_CONTAINER_INHERIT
);
793 status
= security_descriptor_dacl_add(sd
, ace
);
794 if (!NT_STATUS_IS_OK(status
)) {
795 printf("failed to add ace: %s\n", nt_errstr(status
));
799 /* FIXME: add further tests for these flags */
800 sd
->type
|= SEC_DESC_DACL_AUTO_INHERIT_REQ
|
801 SEC_DESC_SACL_AUTO_INHERITED
;
803 if (!test_SetKeySecurity(p
, tctx
, &new_handle
, sd
)) {
807 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
808 printf("new ACE not present!\n");
812 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
816 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, NULL
)) {
821 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
826 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
827 printf("inherited ACE not present!\n");
832 test_CloseKey(p
, tctx
, &new_handle
);
833 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
838 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
843 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
844 printf("inherited ACE not present!\n");
850 test_CloseKey(p
, tctx
, &new_handle
);
851 test_Cleanup(p
, tctx
, handle
, TEST_SUBKEY_SD
);
852 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
857 static bool test_SecurityDescriptorBlockInheritance(struct dcerpc_pipe
*p
,
858 struct torture_context
*tctx
,
859 struct policy_handle
*handle
,
863 add ace SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
875 struct security_descriptor
*sd
= NULL
;
876 struct security_descriptor
*sd_orig
= NULL
;
877 struct security_ace
*ace
= NULL
;
878 struct policy_handle new_handle
;
879 struct dom_sid
*sid
= NULL
;
882 uint8_t ace_flags
= 0x0;
884 torture_comment(tctx
, "SecurityDescriptor inheritance block\n");
886 if (!test_OpenKey(p
, tctx
, handle
, key
, &new_handle
)) {
890 if (!_test_GetKeySecurity(p
, tctx
, &new_handle
, NULL
, WERR_OK
, &sd
)) {
894 sd_orig
= security_descriptor_copy(tctx
, sd
);
895 if (sd_orig
== NULL
) {
899 ace
= security_ace_create(tctx
,
901 SEC_ACE_TYPE_ACCESS_ALLOWED
,
903 SEC_ACE_FLAG_CONTAINER_INHERIT
|
904 SEC_ACE_FLAG_NO_PROPAGATE_INHERIT
);
906 status
= security_descriptor_dacl_add(sd
, ace
);
907 if (!NT_STATUS_IS_OK(status
)) {
908 printf("failed to add ace: %s\n", nt_errstr(status
));
912 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, NULL
, sd
, WERR_OK
)) {
916 if (!test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
917 printf("new ACE not present!\n");
921 if (!test_CloseKey(p
, tctx
, &new_handle
)) {
925 if (!test_CreateKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, NULL
)) {
929 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBSUBKEY_SD
, &new_handle
)) {
934 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
935 printf("inherited ACE present but should not!\n");
940 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
945 if (test_dacl_trustee_present(p
, tctx
, &new_handle
, sid
)) {
946 printf("inherited trustee SID present but should not!\n");
951 test_CloseKey(p
, tctx
, &new_handle
);
953 if (!test_OpenKey(p
, tctx
, handle
, TEST_SUBKEY_SD
, &new_handle
)) {
958 if (test_dacl_ace_present(p
, tctx
, &new_handle
, ace
)) {
959 printf("inherited ACE present but should not!\n");
964 if (!test_dacl_trustee_flags_present(p
, tctx
, &new_handle
, sid
, ace_flags
)) {
965 printf("inherited trustee SID with flags 0x%02x not present!\n",
972 test_CloseKey(p
, tctx
, &new_handle
);
973 test_Cleanup(p
, tctx
, handle
, TEST_SUBKEY_SD
);
974 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
979 static bool test_SecurityDescriptorsMasks(struct dcerpc_pipe
*p
,
980 struct torture_context
*tctx
,
981 struct policy_handle
*handle
,
987 struct winreg_mask_result_table
{
988 uint32_t access_mask
;
992 } sd_mask_tests
[] = {
994 WERR_ACCESS_DENIED
, WERR_BADFILE
, WERR_FOOBAR
},
995 { SEC_FLAG_MAXIMUM_ALLOWED
,
996 WERR_OK
, WERR_OK
, WERR_OK
},
998 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
},
999 { SEC_FLAG_SYSTEM_SECURITY
,
1000 WERR_OK
, WERR_ACCESS_DENIED
, WERR_FOOBAR
}
1003 /* FIXME: before this test can ever run successfully we need a way to
1004 * correctly read a NULL security_descritpor in ndr, get the required
1005 * length, requery, etc.
1010 for (i
=0; i
< ARRAY_SIZE(sd_mask_tests
); i
++) {
1012 torture_comment(tctx
,
1013 "SecurityDescriptor get & set with access_mask: 0x%08x\n",
1014 sd_mask_tests
[i
].access_mask
);
1015 torture_comment(tctx
,
1016 "expecting: open %s, get: %s, set: %s\n",
1017 win_errstr(sd_mask_tests
[i
].open_werr
),
1018 win_errstr(sd_mask_tests
[i
].get_werr
),
1019 win_errstr(sd_mask_tests
[i
].set_werr
));
1021 if (_test_SecurityDescriptor(p
, tctx
, handle
,
1022 sd_mask_tests
[i
].access_mask
, key
,
1023 sd_mask_tests
[i
].open_werr
,
1024 sd_mask_tests
[i
].get_werr
,
1025 sd_mask_tests
[i
].set_werr
)) {
1033 typedef bool (*secinfo_verify_fn
)(struct dcerpc_pipe
*,
1034 struct torture_context
*,
1035 struct policy_handle
*,
1037 const struct dom_sid
*);
1039 static bool test_SetSecurityDescriptor_SecInfo(struct dcerpc_pipe
*p
,
1040 struct torture_context
*tctx
,
1041 struct policy_handle
*handle
,
1044 uint32_t access_mask
,
1046 struct security_descriptor
*sd
,
1048 bool expect_present
,
1049 bool (*fn
) (struct dcerpc_pipe
*,
1050 struct torture_context
*,
1051 struct policy_handle
*,
1053 const struct dom_sid
*),
1054 const struct dom_sid
*sid
)
1056 struct policy_handle new_handle
;
1057 bool open_success
= false;
1059 torture_comment(tctx
, "SecurityDescriptor (%s) sets for secinfo: "
1060 "0x%08x, access_mask: 0x%08x\n",
1061 test
, sec_info
, access_mask
);
1063 if (!_test_OpenKey(p
, tctx
, handle
, key
,
1071 if (!open_success
) {
1072 printf("key did not open\n");
1073 test_CloseKey(p
, tctx
, &new_handle
);
1077 if (!_test_SetKeySecurity(p
, tctx
, &new_handle
, &sec_info
,
1080 torture_warning(tctx
,
1081 "SetKeySecurity with secinfo: 0x%08x has failed\n",
1084 test_CloseKey(p
, tctx
, &new_handle
);
1088 test_CloseKey(p
, tctx
, &new_handle
);
1090 if (W_ERROR_IS_OK(set_werr
)) {
1092 present
= fn(p
, tctx
, handle
, key
, sid
);
1093 if ((expect_present
) && (!present
)) {
1094 torture_warning(tctx
,
1095 "%s sid is not present!\n",
1099 if ((!expect_present
) && (present
)) {
1100 torture_warning(tctx
,
1101 "%s sid is present but not expected!\n",
1110 static bool test_SecurityDescriptorsSecInfo(struct dcerpc_pipe
*p
,
1111 struct torture_context
*tctx
,
1112 struct policy_handle
*handle
,
1115 struct security_descriptor
*sd_orig
= NULL
;
1116 struct dom_sid
*sid
= NULL
;
1120 struct security_descriptor
*sd_owner
=
1121 security_descriptor_dacl_create(tctx
,
1123 TEST_SID
, NULL
, NULL
);
1125 struct security_descriptor
*sd_group
=
1126 security_descriptor_dacl_create(tctx
,
1128 NULL
, TEST_SID
, NULL
);
1130 struct security_descriptor
*sd_dacl
=
1131 security_descriptor_dacl_create(tctx
,
1135 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1138 SID_NT_AUTHENTICATED_USERS
,
1139 SEC_ACE_TYPE_ACCESS_ALLOWED
,
1144 struct security_descriptor
*sd_sacl
=
1145 security_descriptor_sacl_create(tctx
,
1149 SEC_ACE_TYPE_SYSTEM_AUDIT
,
1151 SEC_ACE_FLAG_SUCCESSFUL_ACCESS
,
1154 struct winreg_secinfo_table
{
1155 struct security_descriptor
*sd
;
1159 secinfo_verify_fn fn
;
1162 struct winreg_secinfo_table sec_info_owner_tests
[] = {
1163 { sd_owner
, 0, WERR_OK
,
1164 false, (secinfo_verify_fn
)_test_owner_present
},
1165 { sd_owner
, SECINFO_OWNER
, WERR_OK
,
1166 true, (secinfo_verify_fn
)_test_owner_present
},
1167 { sd_owner
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1168 { sd_owner
, SECINFO_DACL
, WERR_OK
,
1169 true, (secinfo_verify_fn
)_test_owner_present
},
1170 { sd_owner
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1173 uint32_t sd_owner_good_access_masks
[] = {
1174 SEC_FLAG_MAXIMUM_ALLOWED
,
1175 /* SEC_STD_WRITE_OWNER, */
1178 struct winreg_secinfo_table sec_info_group_tests
[] = {
1179 { sd_group
, 0, WERR_OK
,
1180 false, (secinfo_verify_fn
)_test_group_present
},
1181 { sd_group
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1182 { sd_group
, SECINFO_GROUP
, WERR_OK
,
1183 true, (secinfo_verify_fn
)_test_group_present
},
1184 { sd_group
, SECINFO_DACL
, WERR_OK
,
1185 true, (secinfo_verify_fn
)_test_group_present
},
1186 { sd_group
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1189 uint32_t sd_group_good_access_masks
[] = {
1190 SEC_FLAG_MAXIMUM_ALLOWED
,
1193 struct winreg_secinfo_table sec_info_dacl_tests
[] = {
1194 { sd_dacl
, 0, WERR_OK
,
1195 false, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1196 { sd_dacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1197 { sd_dacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1198 { sd_dacl
, SECINFO_DACL
, WERR_OK
,
1199 true, (secinfo_verify_fn
)_test_dacl_trustee_present
},
1200 { sd_dacl
, SECINFO_SACL
, WERR_ACCESS_DENIED
},
1203 uint32_t sd_dacl_good_access_masks
[] = {
1204 SEC_FLAG_MAXIMUM_ALLOWED
,
1208 struct winreg_secinfo_table sec_info_sacl_tests
[] = {
1209 { sd_sacl
, 0, WERR_OK
,
1210 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1211 { sd_sacl
, SECINFO_OWNER
, WERR_INVALID_PARAM
},
1212 { sd_sacl
, SECINFO_GROUP
, WERR_INVALID_PARAM
},
1213 { sd_sacl
, SECINFO_DACL
, WERR_OK
,
1214 false, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1215 { sd_sacl
, SECINFO_SACL
, WERR_OK
,
1216 true, (secinfo_verify_fn
)_test_sacl_trustee_present
},
1219 uint32_t sd_sacl_good_access_masks
[] = {
1220 SEC_FLAG_MAXIMUM_ALLOWED
| SEC_FLAG_SYSTEM_SECURITY
,
1221 /* SEC_FLAG_SYSTEM_SECURITY, */
1224 sid
= dom_sid_parse_talloc(tctx
, TEST_SID
);
1229 if (!test_BackupSecurity(p
, tctx
, handle
, key
, &sd_orig
)) {
1235 for (i
=0; i
< ARRAY_SIZE(sec_info_owner_tests
); i
++) {
1237 for (a
=0; a
< ARRAY_SIZE(sd_owner_good_access_masks
); a
++) {
1239 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1242 sd_owner_good_access_masks
[a
],
1243 sec_info_owner_tests
[i
].sec_info
,
1244 sec_info_owner_tests
[i
].sd
,
1245 sec_info_owner_tests
[i
].set_werr
,
1246 sec_info_owner_tests
[i
].sid_present
,
1247 sec_info_owner_tests
[i
].fn
,
1250 printf("test_SetSecurityDescriptor_SecInfo failed for OWNER\n");
1259 for (i
=0; i
< ARRAY_SIZE(sec_info_group_tests
); i
++) {
1261 for (a
=0; a
< ARRAY_SIZE(sd_group_good_access_masks
); a
++) {
1263 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1266 sd_group_good_access_masks
[a
],
1267 sec_info_group_tests
[i
].sec_info
,
1268 sec_info_group_tests
[i
].sd
,
1269 sec_info_group_tests
[i
].set_werr
,
1270 sec_info_group_tests
[i
].sid_present
,
1271 sec_info_group_tests
[i
].fn
,
1274 printf("test_SetSecurityDescriptor_SecInfo failed for GROUP\n");
1283 for (i
=0; i
< ARRAY_SIZE(sec_info_dacl_tests
); i
++) {
1285 for (a
=0; a
< ARRAY_SIZE(sd_dacl_good_access_masks
); a
++) {
1287 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1290 sd_dacl_good_access_masks
[a
],
1291 sec_info_dacl_tests
[i
].sec_info
,
1292 sec_info_dacl_tests
[i
].sd
,
1293 sec_info_dacl_tests
[i
].set_werr
,
1294 sec_info_dacl_tests
[i
].sid_present
,
1295 sec_info_dacl_tests
[i
].fn
,
1298 printf("test_SetSecurityDescriptor_SecInfo failed for DACL\n");
1307 for (i
=0; i
< ARRAY_SIZE(sec_info_sacl_tests
); i
++) {
1309 for (a
=0; a
< ARRAY_SIZE(sd_sacl_good_access_masks
); a
++) {
1311 if (!test_SetSecurityDescriptor_SecInfo(p
, tctx
, handle
,
1314 sd_sacl_good_access_masks
[a
],
1315 sec_info_sacl_tests
[i
].sec_info
,
1316 sec_info_sacl_tests
[i
].sd
,
1317 sec_info_sacl_tests
[i
].set_werr
,
1318 sec_info_sacl_tests
[i
].sid_present
,
1319 sec_info_sacl_tests
[i
].fn
,
1322 printf("test_SetSecurityDescriptor_SecInfo failed for SACL\n");
1330 test_RestoreSecurity(p
, tctx
, handle
, key
, sd_orig
);
1335 static bool test_SecurityDescriptors(struct dcerpc_pipe
*p
,
1336 struct torture_context
*tctx
,
1337 struct policy_handle
*handle
,
1342 if (!test_SecurityDescriptor(p
, tctx
, handle
, key
)) {
1343 printf("test_SecurityDescriptor failed\n");
1347 if (!test_SecurityDescriptorInheritance(p
, tctx
, handle
, key
)) {
1348 printf("test_SecurityDescriptorInheritance failed\n");
1352 if (!test_SecurityDescriptorBlockInheritance(p
, tctx
, handle
, key
)) {
1353 printf("test_SecurityDescriptorBlockInheritance failed\n");
1357 if (!test_SecurityDescriptorsSecInfo(p
, tctx
, handle
, key
)) {
1358 printf("test_SecurityDescriptorsSecInfo failed\n");
1362 if (!test_SecurityDescriptorsMasks(p
, tctx
, handle
, key
)) {
1363 printf("test_SecurityDescriptorsMasks failed\n");
1370 static bool test_DeleteKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1371 struct policy_handle
*handle
, const char *key
)
1374 struct winreg_DeleteKey r
;
1376 r
.in
.handle
= handle
;
1377 init_winreg_String(&r
.in
.key
, key
);
1379 status
= dcerpc_winreg_DeleteKey(p
, tctx
, &r
);
1381 torture_assert_ntstatus_ok(tctx
, status
, "DeleteKey failed");
1382 torture_assert_werr_ok(tctx
, r
.out
.result
, "DeleteKey failed");
1387 static bool test_QueryInfoKey(struct dcerpc_pipe
*p
,
1388 struct torture_context
*tctx
,
1389 struct policy_handle
*handle
, char *class)
1391 struct winreg_QueryInfoKey r
;
1392 uint32_t num_subkeys
, max_subkeylen
, max_subkeysize
,
1393 num_values
, max_valnamelen
, max_valbufsize
,
1395 NTTIME last_changed_time
;
1398 r
.in
.handle
= handle
;
1399 r
.out
.num_subkeys
= &num_subkeys
;
1400 r
.out
.max_subkeylen
= &max_subkeylen
;
1401 r
.out
.max_subkeysize
= &max_subkeysize
;
1402 r
.out
.num_values
= &num_values
;
1403 r
.out
.max_valnamelen
= &max_valnamelen
;
1404 r
.out
.max_valbufsize
= &max_valbufsize
;
1405 r
.out
.secdescsize
= &secdescsize
;
1406 r
.out
.last_changed_time
= &last_changed_time
;
1408 r
.out
.classname
= talloc(tctx
, struct winreg_String
);
1410 r
.in
.classname
= talloc(tctx
, struct winreg_String
);
1411 init_winreg_String(r
.in
.classname
, class);
1413 torture_assert_ntstatus_ok(tctx
,
1414 dcerpc_winreg_QueryInfoKey(p
, tctx
, &r
),
1415 "QueryInfoKey failed");
1417 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryInfoKey failed");
1422 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1423 struct policy_handle
*handle
, int depth
,
1424 bool test_security
);
1426 static bool test_EnumKey(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1427 struct policy_handle
*handle
, int depth
,
1430 struct winreg_EnumKey r
;
1431 struct winreg_StringBuf
class, name
;
1438 r
.in
.handle
= handle
;
1439 r
.in
.enum_index
= 0;
1441 r
.in
.keyclass
= &class;
1443 r
.in
.last_changed_time
= &t
;
1449 status
= dcerpc_winreg_EnumKey(p
, tctx
, &r
);
1451 if (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
)) {
1452 struct policy_handle key_handle
;
1454 torture_comment(tctx
, "EnumKey: %d: %s\n",
1458 if (!test_OpenKey(p
, tctx
, handle
, r
.out
.name
->name
,
1461 test_key(p
, tctx
, &key_handle
,
1462 depth
+ 1, test_security
);
1468 } while (NT_STATUS_IS_OK(status
) && W_ERROR_IS_OK(r
.out
.result
));
1470 torture_assert_ntstatus_ok(tctx
, status
, "EnumKey failed");
1472 if (!W_ERROR_IS_OK(r
.out
.result
) &&
1473 !W_ERROR_EQUAL(r
.out
.result
, WERR_NO_MORE_ITEMS
)) {
1474 torture_fail(tctx
, "EnumKey failed");
1480 static bool test_QueryMultipleValues(struct dcerpc_pipe
*p
,
1481 struct torture_context
*tctx
,
1482 struct policy_handle
*handle
,
1483 const char *valuename
)
1485 struct winreg_QueryMultipleValues r
;
1489 r
.in
.key_handle
= handle
;
1490 r
.in
.values
= r
.out
.values
= talloc_array(tctx
, struct QueryMultipleValue
, 1);
1491 r
.in
.values
[0].name
= talloc(tctx
, struct winreg_String
);
1492 r
.in
.values
[0].name
->name
= valuename
;
1493 r
.in
.values
[0].offset
= 0;
1494 r
.in
.values
[0].length
= 0;
1495 r
.in
.values
[0].type
= 0;
1497 r
.in
.num_values
= 1;
1498 r
.in
.buffer_size
= r
.out
.buffer_size
= talloc(tctx
, uint32_t);
1499 *r
.in
.buffer_size
= bufsize
;
1501 *r
.in
.buffer_size
= bufsize
;
1502 r
.in
.buffer
= r
.out
.buffer
= talloc_zero_array(tctx
, uint8_t,
1505 status
= dcerpc_winreg_QueryMultipleValues(p
, tctx
, &r
);
1507 if(NT_STATUS_IS_ERR(status
))
1508 torture_fail(tctx
, "QueryMultipleValues failed");
1510 talloc_free(r
.in
.buffer
);
1512 } while (W_ERROR_EQUAL(r
.out
.result
, WERR_MORE_DATA
));
1514 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryMultipleValues failed");
1519 static bool test_QueryValue(struct dcerpc_pipe
*p
,
1520 struct torture_context
*tctx
,
1521 struct policy_handle
*handle
,
1522 const char *valuename
)
1524 struct winreg_QueryValue r
;
1526 enum winreg_Type zero_type
= 0;
1527 uint32_t offered
= 0xfff;
1530 r
.in
.handle
= handle
;
1532 r
.in
.value_name
.name
= valuename
;
1533 r
.in
.type
= &zero_type
;
1534 r
.in
.size
= &offered
;
1535 r
.in
.length
= &zero
;
1537 status
= dcerpc_winreg_QueryValue(p
, tctx
, &r
);
1538 if (NT_STATUS_IS_ERR(status
)) {
1539 torture_fail(tctx
, "QueryValue failed");
1542 torture_assert_werr_ok(tctx
, r
.out
.result
, "QueryValue failed");
1547 static bool test_EnumValue(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1548 struct policy_handle
*handle
, int max_valnamelen
,
1551 struct winreg_EnumValue r
;
1552 enum winreg_Type type
= 0;
1553 uint32_t size
= max_valbufsize
, zero
= 0;
1556 struct winreg_StringBuf name
;
1561 r
.in
.handle
= handle
;
1562 r
.in
.enum_index
= 0;
1567 r
.in
.length
= &zero
;
1571 torture_assert_ntstatus_ok(tctx
,
1572 dcerpc_winreg_EnumValue(p
, tctx
, &r
),
1573 "EnumValue failed");
1575 if (W_ERROR_IS_OK(r
.out
.result
)) {
1576 ret
&= test_QueryValue(p
, tctx
, handle
,
1578 ret
&= test_QueryMultipleValues(p
, tctx
, handle
,
1583 } while (W_ERROR_IS_OK(r
.out
.result
));
1585 torture_assert_werr_equal(tctx
, r
.out
.result
, WERR_NO_MORE_ITEMS
,
1586 "EnumValue failed");
1591 static bool test_AbortSystemShutdown(struct dcerpc_pipe
*p
,
1592 struct torture_context
*tctx
)
1594 struct winreg_AbortSystemShutdown r
;
1595 uint16_t server
= 0x0;
1597 r
.in
.server
= &server
;
1599 torture_assert_ntstatus_ok(tctx
,
1600 dcerpc_winreg_AbortSystemShutdown(p
, tctx
, &r
),
1601 "AbortSystemShutdown failed");
1603 torture_assert_werr_ok(tctx
, r
.out
.result
,
1604 "AbortSystemShutdown failed");
1609 static bool test_InitiateSystemShutdown(struct torture_context
*tctx
,
1610 struct dcerpc_pipe
*p
)
1612 struct winreg_InitiateSystemShutdown r
;
1613 uint16_t hostname
= 0x0;
1615 r
.in
.hostname
= &hostname
;
1616 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1617 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1618 r
.in
.force_apps
= 1;
1622 torture_assert_ntstatus_ok(tctx
,
1623 dcerpc_winreg_InitiateSystemShutdown(p
, tctx
, &r
),
1624 "InitiateSystemShutdown failed");
1626 torture_assert_werr_ok(tctx
, r
.out
.result
,
1627 "InitiateSystemShutdown failed");
1629 return test_AbortSystemShutdown(p
, tctx
);
1633 static bool test_InitiateSystemShutdownEx(struct torture_context
*tctx
,
1634 struct dcerpc_pipe
*p
)
1636 struct winreg_InitiateSystemShutdownEx r
;
1637 uint16_t hostname
= 0x0;
1639 r
.in
.hostname
= &hostname
;
1640 r
.in
.message
= talloc(tctx
, struct lsa_StringLarge
);
1641 init_lsa_StringLarge(r
.in
.message
, "spottyfood");
1642 r
.in
.force_apps
= 1;
1647 torture_assert_ntstatus_ok(tctx
,
1648 dcerpc_winreg_InitiateSystemShutdownEx(p
, tctx
, &r
),
1649 "InitiateSystemShutdownEx failed");
1651 torture_assert_werr_ok(tctx
, r
.out
.result
,
1652 "InitiateSystemShutdownEx failed");
1654 return test_AbortSystemShutdown(p
, tctx
);
1656 #define MAX_DEPTH 2 /* Only go this far down the tree */
1658 static bool test_key(struct dcerpc_pipe
*p
, struct torture_context
*tctx
,
1659 struct policy_handle
*handle
, int depth
,
1662 if (depth
== MAX_DEPTH
)
1665 if (!test_QueryInfoKey(p
, tctx
, handle
, NULL
)) {
1668 if (!test_NotifyChangeKeyValue(p
, tctx
, handle
)) {
1671 if (test_security
&& !test_GetKeySecurity(p
, tctx
, handle
, NULL
)) {
1674 if (!test_EnumKey(p
, tctx
, handle
, depth
, test_security
)) {
1677 if (!test_EnumValue(p
, tctx
, handle
, 0xFF, 0xFFFF)) {
1680 test_CloseKey(p
, tctx
, handle
);
1685 typedef NTSTATUS (*winreg_open_fn
)(struct dcerpc_pipe
*, TALLOC_CTX
*, void *);
1687 static bool test_Open_Security(struct torture_context
*tctx
,
1688 struct dcerpc_pipe
*p
, void *userdata
)
1690 struct policy_handle handle
, newhandle
;
1691 bool ret
= true, created2
= false;
1692 bool created4
= false;
1693 struct winreg_OpenHKLM r
;
1695 winreg_open_fn open_fn
= userdata
;
1697 r
.in
.system_name
= 0;
1698 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1699 r
.out
.handle
= &handle
;
1701 torture_assert_ntstatus_ok(tctx
, open_fn(p
, tctx
, &r
),
1704 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1706 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
1707 torture_comment(tctx
,
1708 "CreateKey (TEST_KEY_BASE) failed\n");
1711 if (test_CreateKey_sd(p
, tctx
, &handle
, TEST_KEY2
,
1712 NULL
, &newhandle
)) {
1716 if (created2
&& !test_CloseKey(p
, tctx
, &newhandle
)) {
1717 printf("CloseKey failed\n");
1721 if (test_CreateKey_sd(p
, tctx
, &handle
, TEST_KEY4
, NULL
, &newhandle
)) {
1725 if (created4
&& !test_CloseKey(p
, tctx
, &newhandle
)) {
1726 printf("CloseKey failed\n");
1730 if (created4
&& !test_SecurityDescriptors(p
, tctx
, &handle
, TEST_KEY4
)) {
1734 if (created4
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY4
)) {
1735 printf("DeleteKey failed\n");
1739 if (created2
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY2
)) {
1740 printf("DeleteKey failed\n");
1744 /* The HKCR hive has a very large fanout */
1745 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR
) {
1746 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, true)) {
1750 if (!test_key(p
, tctx
, &handle
, 0, true)) {
1755 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1760 static bool test_Open(struct torture_context
*tctx
, struct dcerpc_pipe
*p
,
1763 struct policy_handle handle
, newhandle
;
1764 bool ret
= true, created
= false, deleted
= false;
1765 bool created3
= false, created_subkey
= false;
1766 struct winreg_OpenHKLM r
;
1768 winreg_open_fn open_fn
= userdata
;
1770 r
.in
.system_name
= 0;
1771 r
.in
.access_mask
= SEC_FLAG_MAXIMUM_ALLOWED
;
1772 r
.out
.handle
= &handle
;
1774 torture_assert_ntstatus_ok(tctx
, open_fn(p
, tctx
, &r
),
1777 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1779 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY_BASE
, NULL
)) {
1780 torture_comment(tctx
,
1781 "CreateKey (TEST_KEY_BASE) failed\n");
1784 if (!test_CreateKey(p
, tctx
, &handle
, TEST_KEY1
, NULL
)) {
1785 torture_comment(tctx
,
1786 "CreateKey failed - not considering a failure\n");
1791 if (created
&& !test_FlushKey(p
, tctx
, &handle
)) {
1792 torture_comment(tctx
, "FlushKey failed\n");
1796 if (created
&& !test_OpenKey(p
, tctx
, &handle
, TEST_KEY1
, &newhandle
))
1798 "CreateKey failed (OpenKey after Create didn't work)\n");
1800 if (created
&& !test_CloseKey(p
, tctx
, &newhandle
))
1802 "CreateKey failed (CloseKey after Open didn't work)\n");
1804 if (created
&& !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY1
)) {
1805 torture_comment(tctx
, "DeleteKey failed\n");
1811 if (created
&& !test_FlushKey(p
, tctx
, &handle
)) {
1812 torture_comment(tctx
, "FlushKey failed\n");
1816 if (created
&& deleted
&&
1817 !_test_OpenKey(p
, tctx
, &handle
, TEST_KEY1
,
1818 SEC_FLAG_MAXIMUM_ALLOWED
, &newhandle
,
1819 WERR_BADFILE
, NULL
)) {
1820 torture_comment(tctx
,
1821 "DeleteKey failed (OpenKey after Delete "
1822 "did not return WERR_BADFILE)\n");
1826 if (!test_GetVersion(p
, tctx
, &handle
)) {
1827 torture_comment(tctx
, "GetVersion failed\n");
1831 if (created
&& test_CreateKey(p
, tctx
, &handle
, TEST_KEY3
, NULL
)) {
1836 test_CreateKey(p
, tctx
, &handle
, TEST_SUBKEY
, NULL
)) {
1837 created_subkey
= true;
1840 if (created_subkey
&&
1841 !test_DeleteKey(p
, tctx
, &handle
, TEST_KEY3
)) {
1842 printf("DeleteKey failed\n");
1846 /* The HKCR hive has a very large fanout */
1847 if (open_fn
== (void *)dcerpc_winreg_OpenHKCR
) {
1848 if(!test_key(p
, tctx
, &handle
, MAX_DEPTH
- 1, false)) {
1852 if (!test_key(p
, tctx
, &handle
, 0, false)) {
1857 test_Cleanup(p
, tctx
, &handle
, TEST_KEY_BASE
);
1862 struct torture_suite
*torture_rpc_winreg(TALLOC_CTX
*mem_ctx
)
1864 struct torture_rpc_tcase
*tcase
;
1865 struct torture_suite
*suite
= torture_suite_create(mem_ctx
, "WINREG");
1866 struct torture_test
*test
;
1868 tcase
= torture_suite_add_rpc_iface_tcase(suite
, "winreg",
1871 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdown",
1872 test_InitiateSystemShutdown
);
1873 test
->dangerous
= true;
1875 test
= torture_rpc_tcase_add_test(tcase
, "InitiateSystemShutdownEx",
1876 test_InitiateSystemShutdownEx
);
1877 test
->dangerous
= true;
1879 /* Basic tests without security descriptors */
1880 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-basic",
1882 (winreg_open_fn
)dcerpc_winreg_OpenHKLM
);
1883 torture_rpc_tcase_add_test_ex(tcase
, "HKU-basic",
1885 (winreg_open_fn
)dcerpc_winreg_OpenHKU
);
1886 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-basic",
1888 (winreg_open_fn
)dcerpc_winreg_OpenHKCR
);
1889 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-basic",
1891 (winreg_open_fn
)dcerpc_winreg_OpenHKCU
);
1893 /* Security descriptor tests */
1894 torture_rpc_tcase_add_test_ex(tcase
, "HKLM-security",
1896 (winreg_open_fn
)dcerpc_winreg_OpenHKLM
);
1897 torture_rpc_tcase_add_test_ex(tcase
, "HKU-security",
1899 (winreg_open_fn
)dcerpc_winreg_OpenHKU
);
1900 torture_rpc_tcase_add_test_ex(tcase
, "HKCR-security",
1902 (winreg_open_fn
)dcerpc_winreg_OpenHKCR
);
1903 torture_rpc_tcase_add_test_ex(tcase
, "HKCU-security",
1905 (winreg_open_fn
)dcerpc_winreg_OpenHKCU
);