static bool test_hive_security(struct torture_context *tctx, const void *_data)
{
struct hive_key *subkey = NULL;
const struct hive_key *root = _data;
WERROR error;
struct security_descriptor *osd, *nsd;
osd = security_descriptor_dacl_create(tctx,
0,
NULL, NULL,
SID_NT_AUTHENTICATED_USERS,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_GENERIC_ALL,
SEC_ACE_FLAG_OBJECT_INHERIT,
NULL);
error = hive_key_add_name(tctx, root, "SecurityKey", NULL,
osd, &subkey);
torture_assert_werr_ok(tctx, error, "hive_key_add_name");
error = hive_get_sec_desc(tctx, subkey, &nsd);
torture_assert_werr_ok (tctx, error, "getting security descriptor");
torture_assert(tctx, security_descriptor_equal(osd, nsd),
"security descriptor changed!");
/* Create a fresh security descriptor */
talloc_free(osd);
osd = security_descriptor_dacl_create(tctx,
0,
NULL, NULL,
SID_NT_AUTHENTICATED_USERS,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_GENERIC_ALL,
SEC_ACE_FLAG_OBJECT_INHERIT,
NULL);
error = hive_set_sec_desc(subkey, osd);
torture_assert_werr_ok(tctx, error, "setting security descriptor");
error = hive_get_sec_desc(tctx, subkey, &nsd);
torture_assert_werr_ok (tctx, error, "getting security descriptor");
torture_assert(tctx, security_descriptor_equal(osd, nsd),
"security descriptor changed!");
return true;
}
/*
test one SDDL example
*/
static bool test_sddl(struct torture_context *tctx,
const void *test_data)
{
struct security_descriptor *sd, *sd2;
struct dom_sid *domain;
const char *sddl = (const char *)test_data;
const char *sddl2;
TALLOC_CTX *mem_ctx = tctx;
domain = dom_sid_parse_talloc(mem_ctx, "S-1-2-3-4");
sd = sddl_decode(mem_ctx, sddl, domain);
torture_assert(tctx, sd != NULL, talloc_asprintf(tctx,
"Failed to decode '%s'\n", sddl));
sddl2 = sddl_encode(mem_ctx, sd, domain);
torture_assert(tctx, sddl2 != NULL, talloc_asprintf(tctx,
"Failed to re-encode '%s'\n", sddl));
sd2 = sddl_decode(mem_ctx, sddl2, domain);
torture_assert(tctx, sd2 != NULL, talloc_asprintf(tctx,
"Failed to decode2 '%s'\n", sddl2));
torture_assert(tctx, security_descriptor_equal(sd, sd2),
talloc_asprintf(tctx, "Failed equality test for '%s'\n", sddl));
#if 0
/* flags don't have a canonical order ... */
if (strcmp(sddl, sddl2) != 0) {
printf("Failed sddl equality test\norig: %s\n new: %s\n", sddl, sddl2);
}
#endif
if (DEBUGLVL(2)) {
NDR_PRINT_DEBUG(security_descriptor, sd);
}
talloc_free(sd);
talloc_free(domain);
return true;
}
