static char *find_in_policy(struct sts_id *id,
const char *header)
{
char *p;
open_policy(id);
while ((p=next_policy_field()) != 0)
{
if (strcmp(p, header) == 0)
{
return strtok(NULL, " \n");
}
}
return NULL;
}
int sts_mx_validate(struct sts_id *id, const char *domainname)
{
char *field;
open_policy(id);
while ((field=next_policy_field(id)) != 0)
{
if (strcmp(field, "mx"))
continue;
field=strtok(NULL, " \r\n");
if (strncmp(field, "*.", 2) == 0)
++field; /* config_domaincmp convention */
if (config_domaincmp(domainname, field, strlen(field)) == 0)
return 0;
}
return -1;
}
bool torture_rpc_lsa_lookup(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
bool ret = true;
struct policy_handle *handle;
struct dom_sid *dom_sid = NULL;
struct dom_sid *trusted_sid = NULL;
struct dom_sid *sids[NUM_SIDS];
struct dcerpc_binding_handle *b;
status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc);
if (!NT_STATUS_IS_OK(status)) {
torture_fail(torture, "unable to connect to table");
}
b = p->binding_handle;
if (p->binding->transport != NCACN_NP &&
p->binding->transport != NCALRPC) {
torture_comment(torture,
"torture_rpc_lsa_lookup is only available "
"over NCACN_NP or NCALRPC");
return true;
}
ret &= open_policy(torture, b, &handle);
if (!ret) return false;
ret &= get_domainsid(torture, b, handle, &dom_sid);
if (!ret) return false;
ret &= get_downleveltrust(torture, b, handle, &trusted_sid);
if (!ret) return false;
torture_comment(torture, "domain sid: %s\n",
dom_sid_string(torture, dom_sid));
sids[0] = dom_sid_parse_talloc(torture, "S-1-1-0");
sids[1] = dom_sid_parse_talloc(torture, "S-1-5-4");
sids[2] = dom_sid_parse_talloc(torture, "S-1-5-32");
sids[3] = dom_sid_parse_talloc(torture, "S-1-5-32-545");
sids[4] = dom_sid_dup(torture, dom_sid);
sids[5] = dom_sid_add_rid(torture, dom_sid, 512);
sids[6] = dom_sid_dup(torture, trusted_sid);
sids[7] = dom_sid_add_rid(torture, trusted_sid, 512);
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 0,
NT_STATUS_INVALID_PARAMETER, NULL);
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_WKN_GRP, SID_NAME_WKN_GRP, SID_NAME_DOMAIN,
SID_NAME_ALIAS, SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 1,
NT_STATUS_OK, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 2,
STATUS_SOME_UNMAPPED, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 3,
STATUS_SOME_UNMAPPED, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 4,
STATUS_SOME_UNMAPPED, types);
}
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 5,
NT_STATUS_NONE_MAPPED, NULL);
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 6,
STATUS_SOME_UNMAPPED, types);
}
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 7,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 8,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 9,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(torture, b, handle, sids, NUM_SIDS, 10,
NT_STATUS_INVALID_PARAMETER, NULL);
return ret;
}
static bool test_LookupSidsReply(struct torture_context *tctx,
struct dcerpc_pipe *p)
{
struct policy_handle *handle;
struct dom_sid **sids;
uint32_t num_sids = 1;
struct lsa_LookupSids r;
struct lsa_SidArray sidarray;
struct lsa_RefDomainList *domains = NULL;
struct lsa_TransNameArray names;
uint32_t count = 0;
uint32_t i;
const char *dom_sid = "S-1-5-21-1111111111-2222222222-3333333333";
const char *dom_admin_sid;
struct dcerpc_binding_handle *b = p->binding_handle;
if (p->binding->transport != NCACN_NP &&
p->binding->transport != NCALRPC) {
torture_comment(tctx,
"test_LookupSidsReply is only available "
"over NCACN_NP or NCALRPC");
return true;
}
if (!open_policy(tctx, b, &handle)) {
return false;
}
dom_admin_sid = talloc_asprintf(tctx, "%s-%d", dom_sid, 512);
sids = talloc_array(tctx, struct dom_sid *, num_sids);
sids[0] = dom_sid_parse_talloc(tctx, dom_admin_sid);
names.count = 0;
names.names = NULL;
sidarray.num_sids = num_sids;
sidarray.sids = talloc_array(tctx, struct lsa_SidPtr, num_sids);
for (i=0; i<num_sids; i++) {
sidarray.sids[i].sid = sids[i];
}
r.in.handle = handle;
r.in.sids = &sidarray;
r.in.names = &names;
r.in.level = LSA_LOOKUP_NAMES_ALL;
r.in.count = &count;
r.out.names = &names;
r.out.count = &count;
r.out.domains = &domains;
torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupSids_r(b, tctx, &r),
"LookupSids failed");
torture_assert_ntstatus_equal(tctx, r.out.result, NT_STATUS_NONE_MAPPED,
"unexpected error code");
torture_assert_int_equal(tctx, names.count, num_sids,
"unexpected names count");
torture_assert(tctx, names.names,
"unexpected names pointer");
torture_assert_str_equal(tctx, names.names[0].name.string, dom_admin_sid,
"unexpected names[0].string");
#if 0
/* vista sp1 passes, w2k3 sp2 fails */
torture_assert_int_equal(tctx, domains->count, num_sids,
"unexpected domains count");
torture_assert(tctx, domains->domains,
"unexpected domains pointer");
torture_assert_str_equal(tctx, dom_sid_string(tctx, domains->domains[0].sid), dom_sid,
"unexpected domain sid");
#endif
return true;
}
BOOL torture_rpc_lsa_lookup(struct torture_context *torture)
{
NTSTATUS status;
struct dcerpc_pipe *p;
TALLOC_CTX *mem_ctx;
BOOL ret = True;
struct policy_handle *handle;
struct dom_sid *dom_sid;
struct dom_sid *trusted_sid;
struct dom_sid *sids[NUM_SIDS];
mem_ctx = talloc_init("torture_rpc_lsa");
status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_lsarpc);
if (!NT_STATUS_IS_OK(status)) {
ret = False;
goto done;
}
ret &= open_policy(mem_ctx, p, &handle);
if (!ret) goto done;
ret &= get_domainsid(mem_ctx, p, handle, &dom_sid);
if (!ret) goto done;
ret &= get_downleveltrust(mem_ctx, p, handle, &trusted_sid);
if (!ret) goto done;
printf("domain sid: %s\n", dom_sid_string(mem_ctx, dom_sid));
sids[0] = dom_sid_parse_talloc(mem_ctx, "S-1-1-0");
sids[1] = dom_sid_parse_talloc(mem_ctx, "S-1-5-4");
sids[2] = dom_sid_parse_talloc(mem_ctx, "S-1-5-32");
sids[3] = dom_sid_parse_talloc(mem_ctx, "S-1-5-32-545");
sids[4] = dom_sid_dup(mem_ctx, dom_sid);
sids[5] = dom_sid_add_rid(mem_ctx, dom_sid, 512);
sids[6] = dom_sid_dup(mem_ctx, trusted_sid);
sids[7] = dom_sid_add_rid(mem_ctx, trusted_sid, 512);
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 0,
NT_STATUS_INVALID_PARAMETER, NULL);
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_WKN_GRP, SID_NAME_WKN_GRP, SID_NAME_DOMAIN,
SID_NAME_ALIAS, SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 1,
NT_STATUS_OK, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP };
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 2,
STATUS_SOME_UNMAPPED, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 3,
STATUS_SOME_UNMAPPED, types);
}
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 4,
STATUS_SOME_UNMAPPED, types);
}
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 5,
NT_STATUS_NONE_MAPPED, NULL);
{
enum lsa_SidType types[NUM_SIDS] =
{ SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN,
SID_NAME_DOMAIN, SID_NAME_DOM_GRP,
SID_NAME_UNKNOWN, SID_NAME_UNKNOWN };
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 6,
STATUS_SOME_UNMAPPED, types);
}
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 7,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 8,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 9,
NT_STATUS_INVALID_PARAMETER, NULL);
ret &= test_lookupsids(mem_ctx, p, handle, sids, NUM_SIDS, 10,
NT_STATUS_INVALID_PARAMETER, NULL);
done:
talloc_free(mem_ctx);
return ret;
}