bool torture_domain_open_lsa(struct torture_context *torture) { NTSTATUS status; bool ret = true; struct libnet_context *ctx; struct libnet_DomainOpen r; struct lsa_Close lsa_close; struct policy_handle h; const char *domain_name; /* we're accessing domain controller so the domain name should be passed (it's going to be resolved to dc name and address) instead of specific server name. */ domain_name = lpcfg_workgroup(torture->lp_ctx); ctx = libnet_context_init(torture->ev, torture->lp_ctx); if (ctx == NULL) { torture_comment(torture, "failed to create libnet context\n"); return false; } ctx->cred = cmdline_credentials; ZERO_STRUCT(r); r.in.type = DOMAIN_LSA; r.in.domain_name = domain_name; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; status = libnet_DomainOpen(ctx, torture, &r); if (!NT_STATUS_IS_OK(status)) { torture_comment(torture, "failed to open domain on lsa service: %s\n", nt_errstr(status)); ret = false; goto done; } ZERO_STRUCT(lsa_close); lsa_close.in.handle = &ctx->lsa.handle; lsa_close.out.handle = &h; torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(ctx->lsa.pipe->binding_handle, ctx, &lsa_close), "failed to close domain on lsa service"); torture_assert_ntstatus_ok(torture, lsa_close.out.result, "failed to close domain on lsa service"); done: talloc_free(ctx); return ret; }
/** * Closes LSA handle obtained from Connect, Open Group, etc */ bool test_lsa_close_handle(struct torture_context *tctx, struct dcerpc_binding_handle *b, TALLOC_CTX *mem_ctx, struct policy_handle *lsa_handle) { struct lsa_Close r; r.in.handle = lsa_handle; r.out.handle = lsa_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(b, mem_ctx, &r), "Close LSA handle RPC call failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "Close LSA handle failed"); return true; }
static bool test_handles_mixed_shared(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5, *p6; struct dcerpc_binding_handle *b1, *b2; struct policy_handle handle; struct policy_handle handle2; struct samr_Connect r; struct lsa_Close lc; struct samr_Close sc; TALLOC_CTX *mem_ctx = talloc_new(torture); enum dcerpc_transport_t transport; uint32_t assoc_group_id; torture_comment(torture, "RPC-HANDLE-MIXED-SHARED\n"); torture_comment(torture, "connect samr pipe1\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_samr); torture_assert_ntstatus_ok(torture, status, "opening samr pipe1"); b1 = p1->binding_handle; transport = p1->conn->transport.transport; assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding); torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id); torture_comment(torture, "connect lsa pipe2\n"); status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2"); b2 = p2->binding_handle; torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", dcerpc_binding_get_assoc_group_id(p2->binding)); r.in.system_name = 0; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.connect_handle = &handle; torture_comment(torture, "samr_Connect to open a policy handle on samr p1\n"); torture_assert_ntstatus_ok(torture, dcerpc_samr_Connect_r(b1, mem_ctx, &r), "Connect failed"); torture_assert_ntstatus_ok(torture, r.out.result, "opening policy handle on p1"); lc.in.handle = &handle; lc.out.handle = &handle2; sc.in.handle = &handle; sc.out.handle = &handle2; torture_comment(torture, "use policy handle on lsa p2 - should fail\n"); status = dcerpc_lsa_Close_r(b2, mem_ctx, &lc); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing handle on lsa p2"); torture_comment(torture, "closing policy handle on samr p1\n"); torture_assert_ntstatus_ok(torture, dcerpc_samr_Close_r(b1, mem_ctx, &sc), "Close failed"); torture_assert_ntstatus_ok(torture, sc.out.result, "closing policy handle on p1"); talloc_free(p1); talloc_free(p2); smb_msleep(10); torture_comment(torture, "connect samr pipe3 - should fail\n"); status = torture_rpc_connection_transport(torture, &p3, &ndr_table_samr, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening samr pipe3"); torture_comment(torture, "connect lsa pipe4 - should fail\n"); status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe4"); /* * We use ~assoc_group_id instead of p1->assoc_group_id, because * this way we are less likely to use an id which is already in use. */ assoc_group_id = ~assoc_group_id; torture_comment(torture, "connect samr pipe5 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id); status = torture_rpc_connection_transport(torture, &p5, &ndr_table_samr, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening samr pipe5"); torture_comment(torture, "connect lsa pipe6 with assoc_group_id[0x%08X]- should fail\n", ++assoc_group_id); status = torture_rpc_connection_transport(torture, &p6, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe6"); talloc_free(mem_ctx); return true; }
static bool test_handles_lsa(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2; struct dcerpc_binding_handle *b1, *b2; struct policy_handle handle; struct policy_handle handle2; struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy r; struct lsa_Close c; uint16_t system_name = '\\'; TALLOC_CTX *mem_ctx = talloc_new(torture); torture_comment(torture, "RPC-HANDLE-LSARPC\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); b1 = p1->binding_handle; status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); b2 = p2->binding_handle; qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; attr.len = 0; attr.root_dir = NULL; attr.object_name = NULL; attr.attributes = 0; attr.sec_desc = NULL; attr.sec_qos = &qos; r.in.system_name = &system_name; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r), "OpenPolicy failed"); if (!NT_STATUS_IS_OK(r.out.result)) { torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n"); talloc_free(mem_ctx); return true; } c.in.handle = &handle; c.out.handle = &handle2; status = dcerpc_lsa_Close_r(b2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p2"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b1, mem_ctx, &c), "Close failed"); torture_assert_ntstatus_ok(torture, c.out.result, "closing policy handle on p1"); status = dcerpc_lsa_Close_r(b1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p1 again"); talloc_free(mem_ctx); return true; }
static bool test_handles_lsa_shared(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p1, *p2, *p3, *p4, *p5; struct dcerpc_binding_handle *b1, *b2, *b3, *b4; struct policy_handle handle; struct policy_handle handle2; struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy r; struct lsa_Close c; struct lsa_QuerySecurity qsec; struct sec_desc_buf *sdbuf = NULL; uint16_t system_name = '\\'; TALLOC_CTX *mem_ctx = talloc_new(torture); enum dcerpc_transport_t transport; uint32_t assoc_group_id; torture_comment(torture, "RPC-HANDLE-LSARPC-SHARED\n"); torture_comment(torture, "connect lsa pipe1\n"); status = torture_rpc_connection(torture, &p1, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); b1 = p1->binding_handle; transport = p1->conn->transport.transport; assoc_group_id = dcerpc_binding_get_assoc_group_id(p1->binding); torture_comment(torture, "use assoc_group_id[0x%08X] for new connections\n", assoc_group_id); torture_comment(torture, "connect lsa pipe2\n"); status = torture_rpc_connection_transport(torture, &p2, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe2"); b2 = p2->binding_handle; torture_comment(torture, "got assoc_group_id[0x%08X] for p2\n", dcerpc_binding_get_assoc_group_id(p2->binding)); qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; attr.len = 0; attr.root_dir = NULL; attr.object_name = NULL; attr.attributes = 0; attr.sec_desc = NULL; attr.sec_qos = &qos; r.in.system_name = &system_name; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; torture_comment(torture, "open lsa policy handle\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r), "OpenPolicy failed"); if (!NT_STATUS_IS_OK(r.out.result)) { torture_comment(torture, "lsa_OpenPolicy not supported - skipping\n"); talloc_free(mem_ctx); return true; } /* * connect p3 after the policy handle is opened */ torture_comment(torture, "connect lsa pipe3 after the policy handle is opened\n"); status = torture_rpc_connection_transport(torture, &p3, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe3"); b3 = p3->binding_handle; qsec.in.handle = &handle; qsec.in.sec_info = 0; qsec.out.sdbuf = &sdbuf; c.in.handle = &handle; c.out.handle = &handle2; /* * use policy handle on all 3 connections */ torture_comment(torture, "use the policy handle on p1,p2,p3\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "use policy handle on p1"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "use policy handle on p2"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "use policy handle on p3"); /* * close policy handle on connection 2 and the others get a fault */ torture_comment(torture, "close the policy handle on p2 others get a fault\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c), "Close failed"); torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK, "closing policy handle on p2"); status = dcerpc_lsa_Close_r(b1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p1 again"); status = dcerpc_lsa_Close_r(b3, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p3"); status = dcerpc_lsa_Close_r(b2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p2 again"); /* * open a new policy handle on p3 */ torture_comment(torture, "open a new policy handle on p3\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b3, mem_ctx, &r), "OpenPolicy failed"); torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK, "open policy handle on p3"); /* * use policy handle on all 3 connections */ torture_comment(torture, "use the policy handle on p1,p2,p3\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec), "Query Security failed"); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p1"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec), "Query Security failed"); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p2"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec), "Query Security failed"); torture_assert_ntstatus_equal(torture, status, NT_STATUS_OK, "use policy handle on p3"); /* * close policy handle on connection 2 and the others get a fault */ torture_comment(torture, "close the policy handle on p2 others get a fault\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_Close_r(b2, mem_ctx, &c), "Close failed"); torture_assert_ntstatus_equal(torture, c.out.result, NT_STATUS_OK, "closing policy handle on p2"); status = dcerpc_lsa_Close_r(b1, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p1 again"); status = dcerpc_lsa_Close_r(b3, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p3"); status = dcerpc_lsa_Close_r(b2, mem_ctx, &c); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_SS_CONTEXT_MISMATCH, "closing policy handle on p2 again"); /* * open a new policy handle */ torture_comment(torture, "open a new policy handle on p1 and use it\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_OpenPolicy_r(b1, mem_ctx, &r), "OpenPolicy failed"); torture_assert_ntstatus_equal(torture, r.out.result, NT_STATUS_OK, "open 2nd policy handle on p1"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b1, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "QuerySecurity handle on p1"); /* close first connection */ torture_comment(torture, "disconnect p1\n"); talloc_free(p1); smb_msleep(5); /* * and it's still available on p2,p3 */ torture_comment(torture, "use policy handle on p2,p3\n"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b2, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "QuerySecurity handle on p2 after p1 was disconnected"); torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b3, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "QuerySecurity handle on p3 after p1 was disconnected"); /* * now open p4 * and use the handle on it */ torture_comment(torture, "connect lsa pipe4 and use policy handle\n"); status = torture_rpc_connection_transport(torture, &p4, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_ok(torture, status, "opening lsa pipe4"); b4 = p4->binding_handle; torture_assert_ntstatus_ok(torture, dcerpc_lsa_QuerySecurity_r(b4, mem_ctx, &qsec), "QuerySecurity failed"); torture_assert_ntstatus_equal(torture, qsec.out.result, NT_STATUS_OK, "using policy handle on p4"); /* * now close p2,p3,p4 * without closing the policy handle */ torture_comment(torture, "disconnect p2,p3,p4\n"); talloc_free(p2); talloc_free(p3); talloc_free(p4); smb_msleep(10); /* * now open p5 */ torture_comment(torture, "connect lsa pipe5 - should fail\n"); status = torture_rpc_connection_transport(torture, &p5, &ndr_table_lsarpc, transport, assoc_group_id); torture_assert_ntstatus_equal(torture, status, NT_STATUS_UNSUCCESSFUL, "opening lsa pipe5"); talloc_free(mem_ctx); return true; }
/* Get the SID from a user */ static const struct dom_sid *get_user_sid(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, const char *user) { struct lsa_ObjectAttribute attr; struct lsa_QosInfo qos; struct lsa_OpenPolicy2 r; struct lsa_Close c; NTSTATUS status; struct policy_handle handle; struct lsa_LookupNames l; struct lsa_TransSidArray sids; struct lsa_RefDomainList *domains = NULL; struct lsa_String lsa_name; uint32_t count = 0; struct dom_sid *result; TALLOC_CTX *tmp_ctx; struct dcerpc_pipe *p2; struct dcerpc_binding_handle *b; const char *domain = cli_credentials_get_domain(cmdline_credentials); torture_assert_ntstatus_ok(tctx, torture_rpc_connection(tctx, &p2, &ndr_table_lsarpc), "could not open lsarpc pipe"); b = p2->binding_handle; if (!(tmp_ctx = talloc_new(mem_ctx))) { return NULL; } qos.len = 0; qos.impersonation_level = 2; qos.context_mode = 1; qos.effective_only = 0; attr.len = 0; attr.root_dir = NULL; attr.object_name = NULL; attr.attributes = 0; attr.sec_desc = NULL; attr.sec_qos = &qos; r.in.system_name = "\\"; r.in.attr = &attr; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = &handle; status = dcerpc_lsa_OpenPolicy2_r(b, tmp_ctx, &r); if (!NT_STATUS_IS_OK(status)) { torture_comment(tctx, "OpenPolicy2 failed - %s\n", nt_errstr(status)); talloc_free(tmp_ctx); return NULL; } if (!NT_STATUS_IS_OK(r.out.result)) { torture_comment(tctx, "OpenPolicy2_ failed - %s\n", nt_errstr(r.out.result)); talloc_free(tmp_ctx); return NULL; } sids.count = 0; sids.sids = NULL; lsa_name.string = talloc_asprintf(tmp_ctx, "%s\\%s", domain, user); l.in.handle = &handle; l.in.num_names = 1; l.in.names = &lsa_name; l.in.sids = &sids; l.in.level = 1; l.in.count = &count; l.out.count = &count; l.out.sids = &sids; l.out.domains = &domains; status = dcerpc_lsa_LookupNames_r(b, tmp_ctx, &l); if (!NT_STATUS_IS_OK(status)) { torture_comment(tctx, "LookupNames of %s failed - %s\n", lsa_name.string, nt_errstr(status)); talloc_free(tmp_ctx); return NULL; } if (domains->count == 0) { return NULL; } result = dom_sid_add_rid(mem_ctx, domains->domains[0].sid, l.out.sids->sids[0].rid); c.in.handle = &handle; c.out.handle = &handle; status = dcerpc_lsa_Close_r(b, tmp_ctx, &c); if (!NT_STATUS_IS_OK(status)) { torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(status)); talloc_free(tmp_ctx); return NULL; } if (!NT_STATUS_IS_OK(c.out.result)) { torture_comment(tctx, "dcerpc_lsa_Close failed - %s\n", nt_errstr(c.out.result)); talloc_free(tmp_ctx); return NULL; } talloc_free(tmp_ctx); talloc_free(p2); torture_comment(tctx, "Get_user_sid finished\n"); return result; }
torture_comment(tctx, "\nTesting SetForestTrustInformation\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti), "lsaRSetForestTrustInformation failed"); if (!NT_STATUS_IS_OK(fti.out.result)) { torture_comment(tctx, "lsaRSetForestTrustInformation failed - %s\n", nt_errstr(fti.out.result)); ret = false; } } cr.in.handle = handle; cr.out.handle = &closed_handle; status = dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr); torture_assert_ntstatus_equal(tctx, status, NT_STATUS_OK, "Close failed"); if (!NT_STATUS_IS_OK(cr.out.result)) { torture_comment(tctx, "Close failed - %s\n", nt_errstr(cr.out.result)); ret = false; } return ret; } struct get_set_info { enum lsa_TrustDomInfoEnum info_level; NTSTATUS get_result; NTSTATUS set_result;
static bool test_create_trust_and_set_info(struct dcerpc_pipe *p, struct torture_context *tctx, const char *trust_name, const char *trust_name_dns, struct dom_sid *domsid, struct lsa_TrustDomainInfoAuthInfoInternal *authinfo) { struct policy_handle *handle; struct lsa_lsaRSetForestTrustInformation fti; struct lsa_ForestTrustCollisionInfo *collision_info = NULL; struct lsa_Close cr; struct policy_handle closed_handle; struct lsa_CreateTrustedDomainEx2 r; struct lsa_TrustDomainInfoInfoEx trustinfo; struct policy_handle trustdom_handle; struct lsa_QueryTrustedDomainInfo q; union lsa_TrustedDomainInfo *info = NULL; if (!test_get_policy_handle(tctx, p, (LSA_POLICY_VIEW_LOCAL_INFORMATION | LSA_POLICY_TRUST_ADMIN | LSA_POLICY_CREATE_SECRET), &handle)) { return false; } torture_comment(tctx, "\nTesting CreateTrustedDomainEx2\n"); trustinfo.sid = domsid; trustinfo.netbios_name.string = trust_name; trustinfo.domain_name.string = trust_name_dns; trustinfo.trust_direction = LSA_TRUST_DIRECTION_INBOUND | LSA_TRUST_DIRECTION_OUTBOUND; trustinfo.trust_type = LSA_TRUST_TYPE_UPLEVEL; /* * MS-LSAD: Section 3.1.4.7.10 makes it clear that Win2k3 * functional level and above return * NT_STATUS_INVALID_DOMAIN_STATE if * TRUST_ATTRIBUTE_FOREST_TRANSITIVE or * TRUST_ATTRIBUTE_CROSS_ORGANIZATION is set here. * * But we really want to test forest trusts here. */ trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE; r.in.policy_handle = handle; r.in.info = &trustinfo; r.in.auth_info_internal = authinfo; /* LSA_TRUSTED_QUERY_DOMAIN_NAME is needed for for following * QueryTrustedDomainInfo call, although it seems that Windows does not * expect this */ r.in.access_mask = LSA_TRUSTED_SET_POSIX | LSA_TRUSTED_SET_AUTH | LSA_TRUSTED_QUERY_DOMAIN_NAME; r.out.trustdom_handle = &trustdom_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_CreateTrustedDomainEx2_r(p->binding_handle, tctx, &r), "CreateTrustedDomainEx2 failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "CreateTrustedDomainEx2 failed"); q.in.trustdom_handle = &trustdom_handle; q.in.level = LSA_TRUSTED_DOMAIN_INFO_INFO_EX; q.out.info = &info; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_QueryTrustedDomainInfo_r(p->binding_handle, tctx, &q), "QueryTrustedDomainInfo failed"); torture_assert_ntstatus_ok(tctx, q.out.result, "QueryTrustedDomainInfo level 1"); torture_assert(tctx, q.out.info != NULL, "QueryTrustedDomainInfo level 1 failed to return an info pointer"); torture_assert_str_equal(tctx, info->info_ex.netbios_name.string, trustinfo.netbios_name.string, "QueryTrustedDomainInfo returned inconsistent short name"); torture_assert_int_equal(tctx, info->info_ex.trust_type, trustinfo.trust_type, "QueryTrustedDomainInfo returned incorrect trust type"); torture_assert_int_equal(tctx, info->info_ex.trust_attributes, trustinfo.trust_attributes, "QueryTrustedDomainInfo of returned incorrect trust attributes"); torture_assert_int_equal(tctx, info->info_ex.trust_direction, trustinfo.trust_direction, "QueryTrustedDomainInfo of returned incorrect trust direction"); fti.in.handle = handle; fti.in.trusted_domain_name = talloc_zero(tctx, struct lsa_StringLarge); fti.in.trusted_domain_name->string = trust_name_dns; fti.in.highest_record_type = 2; fti.in.forest_trust_info = talloc_zero(tctx, struct lsa_ForestTrustInformation); fti.in.forest_trust_info->count = 2; fti.in.forest_trust_info->entries = talloc_array(tctx, struct lsa_ForestTrustRecord *, 2); fti.in.forest_trust_info->entries[0] = talloc_zero(tctx, struct lsa_ForestTrustRecord); fti.in.forest_trust_info->entries[0]->flags = 0; fti.in.forest_trust_info->entries[0]->type = LSA_FOREST_TRUST_TOP_LEVEL_NAME; fti.in.forest_trust_info->entries[0]->time = 0; fti.in.forest_trust_info->entries[0]->forest_trust_data.top_level_name.string = trust_name_dns; fti.in.forest_trust_info->entries[1] = talloc_zero(tctx, struct lsa_ForestTrustRecord); fti.in.forest_trust_info->entries[1]->flags = 0; fti.in.forest_trust_info->entries[1]->type = LSA_FOREST_TRUST_DOMAIN_INFO; fti.in.forest_trust_info->entries[1]->time = 0; fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.domain_sid = domsid; fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.dns_domain_name.string = trust_name_dns; fti.in.forest_trust_info->entries[1]->forest_trust_data.domain_info.netbios_domain_name.string = trust_name; fti.in.check_only = 0; fti.out.collision_info = &collision_info; torture_comment(tctx, "\nTesting SetForestTrustInformation\n"); torture_assert_ntstatus_ok(tctx, dcerpc_lsa_lsaRSetForestTrustInformation_r(p->binding_handle, tctx, &fti), "lsaRSetForestTrustInformation failed"); torture_assert_ntstatus_ok(tctx, fti.out.result, "lsaRSetForestTrustInformation failed"); cr.in.handle = handle; cr.out.handle = &closed_handle; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_Close_r(p->binding_handle, tctx, &cr), "Close failed"); torture_assert_ntstatus_ok(tctx, cr.out.result, "Close failed"); return true; }