static bool test_FlushEventLog(struct torture_context *tctx, struct dcerpc_pipe *p) { struct eventlog_FlushEventLog r; struct eventlog_CloseEventLog cr; struct policy_handle handle; if (!get_policy_handle(tctx, p, &handle)) return false; r.in.handle = &handle; /* Huh? Does this RPC always return access denied? */ torture_assert_ntstatus_equal(tctx, dcerpc_eventlog_FlushEventLog(p, tctx, &r), NT_STATUS_ACCESS_DENIED, "FlushEventLog failed"); cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }
static void test_scan_call(struct torture_context *tctx, const struct ndr_interface_table *iface, int opnum) { DATA_BLOB stub_in, stub_out; int i; NTSTATUS status; struct dcerpc_pipe *p = NULL; struct policy_handle handle; reopen(tctx, &p, iface); get_policy_handle(p, tctx, &handle); /* work out the minimum amount of input data */ for (i=0;i<2000;i++) { stub_in = data_blob(NULL, i); data_blob_clear(&stub_in); status = dcerpc_request(p, NULL, opnum, tctx, &stub_in, &stub_out); if (NT_STATUS_IS_OK(status)) { printf("opnum %d min_input %d - output %d\n", opnum, (int)stub_in.length, (int)stub_out.length); dump_data(0, stub_out.data, stub_out.length); talloc_free(p); test_ptr_scan(tctx, iface, opnum, &stub_in, 0, stub_in.length, 0); return; } fill_blob_handle(&stub_in, tctx, &handle); status = dcerpc_request(p, NULL, opnum, tctx, &stub_in, &stub_out); if (NT_STATUS_IS_OK(status)) { printf("opnum %d min_input %d - output %d (with handle)\n", opnum, (int)stub_in.length, (int)stub_out.length); dump_data(0, stub_out.data, stub_out.length); talloc_free(p); test_ptr_scan(tctx, iface, opnum, &stub_in, 0, stub_in.length, 0); return; } if (NT_STATUS_EQUAL(status, NT_STATUS_NET_WRITE_FAULT)) { printf("opnum %d size %d fault %s\n", opnum, i, dcerpc_errstr(tctx, p->last_fault_code)); if (p->last_fault_code == 5) { reopen(tctx, &p, iface); } continue; } printf("opnum %d size %d error %s\n", opnum, i, nt_errstr(status)); } printf("opnum %d minimum not found!?\n", opnum); talloc_free(p); }
static bool test_OpenEventLog(struct torture_context *tctx, struct dcerpc_pipe *p) { struct policy_handle handle; struct eventlog_CloseEventLog cr; if (!get_policy_handle(tctx, p, &handle)) return false; cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }
static bool test_GetNumRecords(struct torture_context *tctx, struct dcerpc_pipe *p) { struct eventlog_GetNumRecords r; struct eventlog_CloseEventLog cr; struct policy_handle handle; if (!get_policy_handle(tctx, p, &handle)) return false; r.in.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_GetNumRecords(p, tctx, &r), "GetNumRecords failed"); torture_comment(tctx, talloc_asprintf(tctx, "%d records\n", *r.out.number)); cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }
static bool test_ClearEventLog(struct dcerpc_pipe *p, TALLOC_CTX *tctx) { struct eventlog_ClearEventLogW r; struct eventlog_CloseEventLog cr; struct policy_handle handle; if (!get_policy_handle(tctx, p, &handle)) return false; r.in.handle = &handle; r.in.unknown = NULL; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_ClearEventLogW(p, tctx, &r), "ClearEventLog failed"); cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }
static bool test_ReadEventLog(struct torture_context *tctx, struct dcerpc_pipe *p) { NTSTATUS status; struct eventlog_ReadEventLogW r; struct eventlog_CloseEventLog cr; struct policy_handle handle; if (!get_policy_handle(tctx, p, &handle)) return false; r.in.offset = 0; r.in.handle = &handle; r.in.flags = EVENTLOG_BACKWARDS_READ|EVENTLOG_SEQUENTIAL_READ; while (1) { DATA_BLOB blob; struct eventlog_Record rec; struct ndr_pull *ndr; /* Read first for number of bytes in record */ r.in.number_of_bytes = 0; r.out.data = NULL; status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r); if (NT_STATUS_EQUAL(r.out.result, NT_STATUS_END_OF_FILE)) { break; } torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed"); torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_BUFFER_TOO_SMALL, "ReadEventLog failed"); /* Now read the actual record */ r.in.number_of_bytes = *r.out.real_size; r.out.data = talloc_size(tctx, r.in.number_of_bytes); status = dcerpc_eventlog_ReadEventLogW(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed"); /* Decode a user-marshalled record */ blob.length = *r.out.sent_size; blob.data = talloc_steal(tctx, r.out.data); ndr = ndr_pull_init_blob(&blob, tctx); status = ndr_pull_eventlog_Record( ndr, NDR_SCALARS|NDR_BUFFERS, &rec); NDR_PRINT_DEBUG(eventlog_Record, &rec); torture_assert_ntstatus_ok(tctx, status, "ReadEventLog failed parsing event log record"); r.in.offset++; } cr.in.handle = cr.out.handle = &handle; torture_assert_ntstatus_ok(tctx, dcerpc_eventlog_CloseEventLog(p, tctx, &cr), "CloseEventLog failed"); return true; }