bool torture_setup_privs(struct torture_context *tctx, struct dcerpc_pipe *p, uint32_t num_privs, const char **privs, const struct dom_sid *user_sid) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle *handle; int i; torture_assert(tctx, test_lsa_OpenPolicy2(b, tctx, &handle), "failed to open policy"); for (i=0; i < num_privs; i++) { struct lsa_LookupPrivValue r; struct lsa_LUID luid; struct lsa_String name; init_lsa_String(&name, privs[i]); r.in.handle = handle; r.in.name = &name; r.out.luid = &luid; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_LookupPrivValue_r(b, tctx, &r), "lsa_LookupPrivValue failed"); if (!NT_STATUS_IS_OK(r.out.result)) { torture_comment(tctx, "lsa_LookupPrivValue failed for '%s' with %s\n", privs[i], nt_errstr(r.out.result)); return false; } } { struct lsa_AddAccountRights r; struct lsa_RightSet rights; rights.count = num_privs; rights.names = talloc_zero_array(tctx, struct lsa_StringLarge, rights.count); for (i=0; i < rights.count; i++) { init_lsa_StringLarge(&rights.names[i], privs[i]); } r.in.handle = handle; r.in.sid = discard_const_p(struct dom_sid, user_sid); r.in.rights = &rights; torture_assert_ntstatus_ok(tctx, dcerpc_lsa_AddAccountRights_r(b, tctx, &r), "lsa_AddAccountRights failed"); torture_assert_ntstatus_ok(tctx, r.out.result, "lsa_AddAccountRights failed"); } test_lsa_Close(b, tctx, handle); return true; }
static bool test_openpolicy(struct torture_context *tctx, struct dcerpc_pipe *p) { struct dcerpc_binding_handle *b = p->binding_handle; struct policy_handle *handle; torture_assert(tctx, test_lsa_OpenPolicy2(b, tctx, &handle), "failed to open policy"); torture_assert(tctx, test_lsa_Close(b, tctx, handle), "failed to close policy"); return true; }
bool torture_rpc_alter_context(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p, *p2, *p3; struct policy_handle *handle; struct ndr_interface_table tmptbl; bool ret = true; torture_comment(torture, "opening LSA connection\n"); status = torture_rpc_connection(torture, &p, &ndr_table_lsarpc); torture_assert_ntstatus_ok(torture, status, "connecting"); torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); if (!test_lsa_OpenPolicy2(p->binding_handle, torture, &handle)) { ret = false; } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Opening secondary DSSETUP context\n"); status = dcerpc_secondary_context(p, &p2, &ndr_table_dssetup); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p2, torture, &p2->syntax, &p2->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); tmptbl = ndr_table_dssetup; tmptbl.syntax_id.if_version += 100; torture_comment(torture, "Opening bad secondary connection\n"); status = dcerpc_secondary_context(p, &p3, &tmptbl); torture_assert_ntstatus_equal(torture, status, NT_STATUS_RPC_UNSUPPORTED_NAME_SYNTAX, "dcerpc_alter_context with wrong version should fail"); torture_comment(torture, "Testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p->syntax, &p->transfer_syntax); torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing change of primary context\n"); status = dcerpc_alter_context(p, torture, &p2->syntax, &p2->transfer_syntax); if (NT_STATUS_EQUAL(status, NT_STATUS_RPC_PROTOCOL_ERROR)) { ret &= test_lsa_OpenPolicy2_ex(p->binding_handle, torture, &handle, NT_STATUS_IO_DEVICE_ERROR); torture_assert(torture, !dcerpc_binding_handle_is_connected(p->binding_handle), "dcerpc disonnected"); return ret; } torture_assert_ntstatus_ok(torture, status, "dcerpc_alter_context failed"); torture_comment(torture, "Testing DSSETUP pipe operations - should fault\n"); ret &= test_DsRoleGetPrimaryDomainInformation_ext(torture, p, NT_STATUS_RPC_BAD_STUB_DATA); ret &= test_lsa_OpenPolicy2(p->binding_handle, torture, &handle); if (handle) { ret &= test_lsa_Close(p->binding_handle, torture, handle); } torture_comment(torture, "Testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(torture, p2); return ret; }
BOOL torture_rpc_alter_context(struct torture_context *torture) { NTSTATUS status; struct dcerpc_pipe *p, *p2; TALLOC_CTX *mem_ctx; BOOL ret = True; struct policy_handle *handle; struct dcerpc_interface_table tmptbl; struct dcerpc_syntax_id syntax; struct dcerpc_syntax_id transfer_syntax; mem_ctx = talloc_init("torture_rpc_alter_context"); printf("opening LSA connection\n"); status = torture_rpc_connection(mem_ctx, &p, &dcerpc_table_lsarpc); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); return False; } if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) { ret = False; } printf("Opening secondary DSSETUP context\n"); status = dcerpc_secondary_context(p, &p2, &dcerpc_table_dssetup); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); printf("dcerpc_alter_context failed - %s\n", nt_errstr(status)); return False; } tmptbl = dcerpc_table_dssetup; tmptbl.syntax_id.if_version += 100; printf("Opening bad secondary connection\n"); status = dcerpc_secondary_context(p, &p2, &tmptbl); if (NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); printf("dcerpc_alter_context with wrong version should fail\n"); return False; } printf("testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx); if (handle) { if (!test_lsa_Close(p, mem_ctx, handle)) { ret = False; } } syntax = p->syntax; transfer_syntax = p->transfer_syntax; printf("Testing change of primary context\n"); status = dcerpc_alter_context(p, mem_ctx, &p2->syntax, &p2->transfer_syntax); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); printf("dcerpc_alter_context failed - %s\n", nt_errstr(status)); return False; } printf("testing DSSETUP pipe operations - should fault\n"); if (test_DsRoleGetPrimaryDomainInformation(p, mem_ctx)) { ret = False; } if (!test_lsa_OpenPolicy2(p, mem_ctx, &handle)) { ret = False; } if (handle) { if (!test_lsa_Close(p, mem_ctx, handle)) { ret = False; } } printf("testing DSSETUP pipe operations\n"); ret &= test_DsRoleGetPrimaryDomainInformation(p2, mem_ctx); talloc_free(mem_ctx); return ret; }