diff options
author | Alexander Bokovoy <ab@samba.org> | 2019-08-01 21:08:52 +0300 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2019-08-19 11:20:15 +0000 |
commit | 8dfa63d9f7236a534fb454e50e6dff41d07ae89c (patch) | |
tree | ac98219022652d468de18ae7b3e787a66679480b /source4 | |
parent | 428ecb5f4e2bb399e90f50dcd56054062bbaf85a (diff) | |
download | samba-8dfa63d9f7236a534fb454e50e6dff41d07ae89c.tar.gz |
torture/rpc/lsa: allow testing different lookup levels
Convert torture/rpc/lsa LookupNames/LookupSids code to allow testing
different LSA_LOOKUP_NAMES_* levels. Keep existing level 1
(LSA_LOOKUP_NAMES_ALL) for the current set of tests.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 317bc6a7342edfa2c503f5932142bf5883485cc9)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/torture/rpc/lsa.c | 118 | ||||
-rw-r--r-- | source4/torture/rpc/schannel.c | 2 |
2 files changed, 67 insertions, 53 deletions
diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 5b16ed9a014..fdbfcbffc16 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -281,6 +281,7 @@ static bool test_OpenPolicy2_fail(struct dcerpc_binding_handle *b, static bool test_LookupNames(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, + enum lsa_LookupNamesLevel level, struct lsa_TransNameArray *tnames) { struct lsa_LookupNames r; @@ -313,7 +314,7 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b, r.in.handle = handle; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.out.count = &count; r.out.sids = &sids; @@ -369,7 +370,8 @@ static bool test_LookupNames(struct dcerpc_binding_handle *b, static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + enum lsa_LookupNamesLevel level) { struct lsa_LookupNames r; struct lsa_TransSidArray sids; @@ -388,7 +390,7 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b, r.in.num_names = 1; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.out.count = &count; r.out.sids = &sids; @@ -409,7 +411,8 @@ static bool test_LookupNames_bogus(struct dcerpc_binding_handle *b, static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + enum lsa_LookupNamesLevel level) { struct lsa_LookupNames r; struct lsa_TransSidArray sids; @@ -428,7 +431,7 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b, r.in.num_names = 1; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.out.count = &count; r.out.sids = &sids; @@ -453,7 +456,8 @@ static bool test_LookupNames_NULL(struct dcerpc_binding_handle *b, static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + enum lsa_LookupNamesLevel level) { struct lsa_TranslatedName name; struct lsa_TransNameArray tnames; @@ -465,45 +469,46 @@ static bool test_LookupNames_wellknown(struct dcerpc_binding_handle *b, tnames.count = 1; name.name.string = "NT AUTHORITY\\SYSTEM"; name.sid_type = SID_NAME_WKN_GRP; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "NT AUTHORITY\\ANONYMOUS LOGON"; name.sid_type = SID_NAME_WKN_GRP; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "NT AUTHORITY\\Authenticated Users"; name.sid_type = SID_NAME_WKN_GRP; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); #if 0 name.name.string = "NT AUTHORITY"; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "NT AUTHORITY\\"; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); #endif name.name.string = "BUILTIN\\"; name.sid_type = SID_NAME_DOMAIN; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "BUILTIN\\Administrators"; name.sid_type = SID_NAME_ALIAS; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "SYSTEM"; name.sid_type = SID_NAME_WKN_GRP; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); name.name.string = "Everyone"; name.sid_type = SID_NAME_WKN_GRP; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, level, &tnames); return ret; } static bool test_LookupNames2(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, + enum lsa_LookupNamesLevel level, struct lsa_TransNameArray2 *tnames, bool check_result) { @@ -536,7 +541,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b, r.in.handle = handle; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -565,6 +570,7 @@ static bool test_LookupNames2(struct dcerpc_binding_handle *b, static bool test_LookupNames3(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, + enum lsa_LookupNamesLevel level, struct lsa_TransNameArray2 *tnames, bool check_result) { @@ -596,7 +602,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b, r.in.handle = handle; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -624,6 +630,7 @@ static bool test_LookupNames3(struct dcerpc_binding_handle *b, static bool test_LookupNames4(struct dcerpc_binding_handle *b, struct torture_context *tctx, + enum lsa_LookupNamesLevel level, struct lsa_TransNameArray2 *tnames, bool check_result) { @@ -655,7 +662,7 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b, r.in.num_names = tnames->count; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -693,7 +700,8 @@ static bool test_LookupNames4(struct dcerpc_binding_handle *b, } static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b, - struct torture_context *tctx) + struct torture_context *tctx, + enum lsa_LookupNamesLevel level) { struct lsa_LookupNames4 r; struct lsa_TransSidArray3 sids; @@ -712,7 +720,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b, r.in.num_names = count; r.in.names = names; r.in.sids = &sids; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -760,6 +768,7 @@ static bool test_LookupNames4_fail(struct dcerpc_binding_handle *b, static bool test_LookupSids(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, + enum lsa_LookupNamesLevel level, struct lsa_SidArray *sids) { struct lsa_LookupSids r; @@ -775,7 +784,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b, r.in.handle = handle; r.in.sids = sids; r.in.names = &names; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.out.count = &count; r.out.names = &names; @@ -790,7 +799,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b, torture_comment(tctx, "\n"); - if (!test_LookupNames(b, tctx, handle, &names)) { + if (!test_LookupNames(b, tctx, handle, level, &names)) { return false; } @@ -801,6 +810,7 @@ static bool test_LookupSids(struct dcerpc_binding_handle *b, static bool test_LookupSids2(struct dcerpc_binding_handle *b, struct torture_context *tctx, struct policy_handle *handle, + enum lsa_LookupNamesLevel level, struct lsa_SidArray *sids) { struct lsa_LookupSids2 r; @@ -816,7 +826,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b, r.in.handle = handle; r.in.sids = sids; r.in.names = &names; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -835,11 +845,11 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b, torture_comment(tctx, "\n"); - if (!test_LookupNames2(b, tctx, handle, &names, false)) { + if (!test_LookupNames2(b, tctx, handle, level, &names, false)) { return false; } - if (!test_LookupNames3(b, tctx, handle, &names, false)) { + if (!test_LookupNames3(b, tctx, handle, level, &names, false)) { return false; } @@ -848,6 +858,7 @@ static bool test_LookupSids2(struct dcerpc_binding_handle *b, static bool test_LookupSids3(struct dcerpc_binding_handle *b, struct torture_context *tctx, + enum lsa_LookupNamesLevel level, struct lsa_SidArray *sids) { struct lsa_LookupSids3 r; @@ -862,7 +873,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b, r.in.sids = sids; r.in.names = &names; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -891,7 +902,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b, torture_comment(tctx, "\n"); - if (!test_LookupNames4(b, tctx, &names, true)) { + if (!test_LookupNames4(b, tctx, level, &names, true)) { return false; } @@ -900,6 +911,7 @@ static bool test_LookupSids3(struct dcerpc_binding_handle *b, static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b, struct torture_context *tctx, + enum lsa_LookupNamesLevel level, struct lsa_SidArray *sids) { struct lsa_LookupSids3 r; @@ -915,7 +927,7 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b, r.in.sids = sids; r.in.names = &names; - r.in.level = 1; + r.in.level = level; r.in.count = &count; r.in.lookup_options = 0; r.in.client_revision = 0; @@ -959,7 +971,8 @@ static bool test_LookupSids3_fail(struct dcerpc_binding_handle *b, bool test_many_LookupSids(struct dcerpc_pipe *p, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + enum lsa_LookupNamesLevel level) { uint32_t count; struct lsa_SidArray sids; @@ -990,7 +1003,7 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, r.in.handle = handle; r.in.sids = &sids; r.in.names = &names; - r.in.level = 1; + r.in.level = level; r.in.count = &names.count; r.out.count = &count; r.out.names = &names; @@ -1006,16 +1019,16 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, torture_comment(tctx, "\n"); - if (!test_LookupNames(b, tctx, handle, &names)) { + if (!test_LookupNames(b, tctx, handle, level, &names)) { return false; } } if (transport == NCACN_NP) { - if (!test_LookupSids3_fail(b, tctx, &sids)) { + if (!test_LookupSids3_fail(b, tctx, level, &sids)) { return false; } - if (!test_LookupNames4_fail(b, tctx)) { + if (!test_LookupNames4_fail(b, tctx, level)) { return false; } } else if (transport == NCACN_IP_TCP) { @@ -1031,10 +1044,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, if (auth_type == DCERPC_AUTH_TYPE_SCHANNEL && auth_level >= DCERPC_AUTH_LEVEL_INTEGRITY) { - if (!test_LookupSids3(b, tctx, &sids)) { + if (!test_LookupSids3(b, tctx, level, &sids)) { return false; } - if (!test_LookupNames4(b, tctx, &names, true)) { + if (!test_LookupNames4(b, tctx, level, &names, true)) { return false; } } else { @@ -1042,10 +1055,10 @@ bool test_many_LookupSids(struct dcerpc_pipe *p, * If we don't have a secure channel these tests must * fail with ACCESS_DENIED. */ - if (!test_LookupSids3_fail(b, tctx, &sids)) { + if (!test_LookupSids3_fail(b, tctx, level, &sids)) { return false; } - if (!test_LookupNames4_fail(b, tctx)) { + if (!test_LookupNames4_fail(b, tctx, level)) { return false; } } @@ -1077,7 +1090,8 @@ static void lookupsids_cb(struct tevent_req *subreq) static bool test_LookupSids_async(struct dcerpc_binding_handle *b, struct torture_context *tctx, - struct policy_handle *handle) + struct policy_handle *handle, + enum lsa_LookupNamesLevel level) { struct lsa_SidArray sids; struct lsa_SidPtr sidptr; @@ -1112,7 +1126,7 @@ static bool test_LookupSids_async(struct dcerpc_binding_handle *b, r[i].in.handle = handle; r[i].in.sids = &sids; r[i].in.names = &names[i]; - r[i].in.level = 1; + r[i].in.level = level; r[i].in.count = &names[i].count; r[i].out.count = &count[i]; r[i].out.names = &names[i]; @@ -1923,11 +1937,11 @@ static bool test_EnumAccounts(struct dcerpc_binding_handle *b, torture_assert_ntstatus_ok(tctx, r.out.result, "EnumAccounts failed"); - if (!test_LookupSids(b, tctx, handle, &sids1)) { + if (!test_LookupSids(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) { return false; } - if (!test_LookupSids2(b, tctx, handle, &sids1)) { + if (!test_LookupSids2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &sids1)) { return false; } @@ -4836,7 +4850,7 @@ static bool test_QueryInfoPolicyCalls( bool version2, tnames.names[12].sid_type = SID_NAME_USER; tnames.names[13].name.string = talloc_asprintf(tctx, TEST_MACHINENAME "$@%s", info->dns.dns_domain.string); tnames.names[13].sid_type = SID_NAME_USER; - ret &= test_LookupNames(b, tctx, handle, &tnames); + ret &= test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames); } } @@ -5002,7 +5016,7 @@ bool torture_rpc_lsa(struct torture_context *tctx) ret = false; } - if (!test_many_LookupSids(p, tctx, handle)) { + if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } @@ -5023,7 +5037,7 @@ bool torture_rpc_lsa(struct torture_context *tctx) ret = false; } - if (!test_LookupSids_async(b, tctx, handle)) { + if (!test_LookupSids_async(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } @@ -5047,7 +5061,7 @@ bool torture_rpc_lsa(struct torture_context *tctx) ret = false; } - if (!test_many_LookupSids(p, tctx, handle)) { + if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } @@ -5058,7 +5072,7 @@ bool torture_rpc_lsa(struct torture_context *tctx) torture_leave_domain(tctx, join); } else { - if (!test_many_LookupSids(p, tctx, handle)) { + if (!test_many_LookupSids(p, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } } @@ -5133,7 +5147,7 @@ static bool testcase_LookupNames(struct torture_context *tctx, tnames.names[0].name.string = "BUILTIN"; tnames.names[0].sid_type = SID_NAME_DOMAIN; - if (!test_LookupNames(b, tctx, handle, &tnames)) { + if (!test_LookupNames(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames)) { ret = false; } @@ -5143,23 +5157,23 @@ static bool testcase_LookupNames(struct torture_context *tctx, tnames2.names[0].name.string = "BUILTIN"; tnames2.names[0].sid_type = SID_NAME_DOMAIN; - if (!test_LookupNames2(b, tctx, handle, &tnames2, true)) { + if (!test_LookupNames2(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) { ret = false; } - if (!test_LookupNames3(b, tctx, handle, &tnames2, true)) { + if (!test_LookupNames3(b, tctx, handle, LSA_LOOKUP_NAMES_ALL, &tnames2, true)) { ret = false; } - if (!test_LookupNames_wellknown(b, tctx, handle)) { + if (!test_LookupNames_wellknown(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } - if (!test_LookupNames_NULL(b, tctx, handle)) { + if (!test_LookupNames_NULL(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } - if (!test_LookupNames_bogus(b, tctx, handle)) { + if (!test_LookupNames_bogus(b, tctx, handle, LSA_LOOKUP_NAMES_ALL)) { ret = false; } diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index 5b40af216a5..fff0b1aacbd 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -470,7 +470,7 @@ static bool test_schannel(struct torture_context *tctx, "failed to connect lsarpc with schannel"); torture_assert(tctx, - test_many_LookupSids(p_lsa, tctx, NULL), + test_many_LookupSids(p_lsa, tctx, NULL, LSA_LOOKUP_NAMES_ALL), "LsaLookupSids3 failed!\n"); status = dcerpc_binding_set_transport(b, transport); |