bool torture_setup_privs(struct torture_context *tctx,
struct dcerpc_pipe *p,
uint32_t num_privs,
const char **privs,
const struct dom_sid *user_sid)
{
struct dcerpc_binding_handle *b = p->binding_handle;
struct policy_handle *handle;
int i;
torture_assert(tctx,
test_lsa_OpenPolicy2(b, tctx, &handle),
"failed to open policy");
for (i=0; i < num_privs; i++) {
struct lsa_LookupPrivValue r;
struct lsa_LUID luid;
struct lsa_String name;
init_lsa_String(&name, privs[i]);
r.in.handle = handle;
r.in.name = &name;
r.out.luid = &luid;
torture_assert_ntstatus_ok(tctx,
dcerpc_lsa_LookupPrivValue_r(b, tctx, &r),
"lsa_LookupPrivValue failed");
if (!NT_STATUS_IS_OK(r.out.result)) {
torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n",
privs[i], nt_errstr(r.out.result));
return false;
}
}
{
struct lsa_AddAccountRights r;
struct lsa_RightSet rights;
rights.count = num_privs;
rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count);
for (i=0; i < rights.count; i++) {
init_lsa_StringLarge(&rights.names[i], privs[i]);
}
r.in.handle = handle;
r.in.sid = discard_const_p(struct dom_sid, user_sid);
r.in.rights = &rights;
torture_assert_ntstatus_ok(tctx,
dcerpc_lsa_AddAccountRights_r(b, tctx, &r),
"lsa_AddAccountRights failed");
torture_assert_ntstatus_ok(tctx, r.out.result,
"lsa_AddAccountRights failed");
}
test_lsa_Close(b, tctx, handle);
return true;
}
static bool test_openpolicy(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct dcerpc_binding_handle *b = p->binding_handle;
struct policy_handle *handle;
torture_assert(tctx,
test_lsa_OpenPolicy2(b, tctx, &handle),
"failed to open policy");
torture_assert(tctx,
test_lsa_Close(b, tctx, handle),
"failed to close policy");
return true;
}
bool torture_rpc_alter_context(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p, *p2, *p3;
struct policy_handle *handle;
struct ndr_interface_table tmptbl;
bool ret = true;
torture_comment(torture, "opening LSA connection\n");
status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
torture_assert_ntstatus_ok(torture, status, "connecting");
torture_comment(torture, "Testing change of primary context\n");
status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
if (!test_lsa_OpenPolicy2(p->binding_handle, torture, &handle)) {
ret = false;
}
torture_comment(torture, "Testing change of primary context\n");
status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
torture_comment(torture, "Opening secondary DSSETUP context\n");
status = dcerpc_secondary_context(p, &p2, &ndr_table_dssetup);
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
torture_comment(torture, "Testing change of primary context\n");
status = dcerpc_alter_context(p2, torture, &p2->syntax, &p2->transfer_syntax);
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
tmptbl = ndr_table_dssetup;
tmptbl.syntax_id.if_version += 100;
torture_comment(torture, "Opening bad secondary connection\n");
status = dcerpc_secondary_context(p, &p3, &tmptbl);
torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX,
"dcerpc_alter_context with wrong version should fail");
torture_comment(torture, "Testing DSSETUP pipe operations\n");
ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2);
if (handle) {
ret &= test_lsa_Close(p->binding_handle, torture, handle);
}
torture_comment(torture, "Testing change of primary context\n");
status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax);
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle);
if (handle) {
ret &= test_lsa_Close(p->binding_handle, torture, handle);
}
torture_comment(torture, "Testing change of primary context\n");
status = dcerpc_alter_context(p, torture, &p2->syntax, &p2->transfer_syntax);
if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) {
ret &= test_lsa_OpenPolicy2_ex(p->binding_handle, torture, &handle,
NT_STATUS_IO_DEVICE_ERROR);
torture_assert(torture, !dcerpc_binding_handle_is_connected(p->binding_handle),
"dcerpc disonnected");
return ret;
}
torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed");
torture_comment(torture, "Testing DSSETUP pipe operations - should fault\n");
ret &= test_DsRoleGetPrimaryDomainInformation_ext(torture, p, NT_STATUS_RPC_BAD_STUB_DATA);
ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle);
if (handle) {
ret &= test_lsa_Close(p->binding_handle, torture, handle);
}
torture_comment(torture, "Testing DSSETUP pipe operations\n");
ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2);
return ret;
}
BOOL torture_rpc_alter_context(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p, *p2;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
struct policy_handle *handle;
struct dcerpc_interface_table tmptbl;
struct dcerpc_syntax_id syntax;
struct dcerpc_syntax_id transfer_syntax;
mem_ctx = talloc_init("torture_rpc_alter_context");
printf("opening LSA connection\n");
status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_lsarpc);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return False;
}
if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) {
ret = False;
}
printf("Opening secondary DSSETUP context\n");
status = dcerpc_secondary_context(p, &p2, &dcerpc_table_dssetup);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
printf("dcerpc_alter_context failed - %s\n", nt_errstr(status));
return False;
}
tmptbl = dcerpc_table_dssetup;
tmptbl.syntax_id.if_version += 100;
printf("Opening bad secondary connection\n");
status = dcerpc_secondary_context(p, &p2, &tmptbl);
if (NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
printf("dcerpc_alter_context with wrong version should fail\n");
return False;
}
printf("testing DSSETUP pipe operations\n");
ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx);
if (handle) {
if (!test_lsa_Close(p, mem_ctx, handle)) {
ret = False;
}
}
syntax = p->syntax;
transfer_syntax = p->transfer_syntax;
printf("Testing change of primary context\n");
status = dcerpc_alter_context(p, mem_ctx, &p2->syntax, &p2->transfer_syntax);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
printf("dcerpc_alter_context failed - %s\n", nt_errstr(status));
return False;
}
printf("testing DSSETUP pipe operations - should fault\n");
if (test_DsRoleGetPrimaryDomainInformation(p, mem_ctx)) {
ret = False;
}
if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) {
ret = False;
}
if (handle) {
if (!test_lsa_Close(p, mem_ctx, handle)) {
ret = False;
}
}
printf("testing DSSETUP pipe operations\n");
ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx);
talloc_free(mem_ctx);
return ret;
}
