winreg.c

来自「samba最新软件」· C语言 代码 · 共 1,909 行 · 第 1/4 页

/*
   Unix SMB/CIFS implementation.
   test suite for winreg rpc operations

   Copyright (C) Tim Potter 2003
   Copyright (C) Jelmer Vernooij 2004-2007
   Copyright (C) Günther Deschner 2007

   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include "includes.h"
#include "torture/torture.h"
#include "librpc/gen_ndr/ndr_winreg_c.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "libcli/security/security.h"
#include "torture/rpc/rpc.h"

#define TEST_KEY_BASE "smbtorture test"
#define TEST_KEY1 TEST_KEY_BASE "\\spottyfoot"
#define TEST_KEY2 TEST_KEY_BASE "\\with a SD (#1)"
#define TEST_KEY3 TEST_KEY_BASE "\\with a subkey"
#define TEST_KEY4 TEST_KEY_BASE "\\sd_tests"
#define TEST_SUBKEY TEST_KEY3 "\\subkey"
#define TEST_SUBKEY_SD  TEST_KEY4 "\\subkey_sd"
#define TEST_SUBSUBKEY_SD TEST_KEY4 "\\subkey_sd\\subsubkey_sd"

#define TEST_SID "S-1-5-21-1234567890-1234567890-1234567890-500"

static void init_lsa_StringLarge(struct lsa_StringLarge *name, const char *s)
{
	name->string = s;
}

static void init_winreg_String(struct winreg_String *name, const char *s)
{
	name->name = s;
	if (s) {
		name->name_len = 2 * (strlen_m(s) + 1);
		name->name_size = name->name_len;
	} else {
		name->name_len = 0;
		name->name_size = 0;
	}
}

static bool test_GetVersion(struct dcerpc_pipe *p,
			    struct torture_context *tctx,
			    struct policy_handle *handle)
{
	struct winreg_GetVersion r;
	uint32_t v;

	ZERO_STRUCT(r);
	r.in.handle = handle;
	r.out.version = &v;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_GetVersion(p, tctx, &r),
				   "GetVersion failed");

	torture_assert_werr_ok(tctx, r.out.result, "GetVersion failed");

	return true;
}

static bool test_NotifyChangeKeyValue(struct dcerpc_pipe *p,
				      struct torture_context *tctx,
				      struct policy_handle *handle)
{
	struct winreg_NotifyChangeKeyValue r;

	r.in.handle = handle;
	r.in.watch_subtree = true;
	r.in.notify_filter = 0;
	r.in.unknown = r.in.unknown2 = 0;
	init_winreg_String(&r.in.string1, NULL);
	init_winreg_String(&r.in.string2, NULL);

	torture_assert_ntstatus_ok(tctx,
				   dcerpc_winreg_NotifyChangeKeyValue(p, tctx, &r),
				   "NotifyChangeKeyValue failed");

	if (!W_ERROR_IS_OK(r.out.result)) {
		torture_comment(tctx,
				"NotifyChangeKeyValue failed - %s - not considering\n",
				win_errstr(r.out.result));
		return true;
	}

	return true;
}

static bool test_CreateKey(struct dcerpc_pipe *p, struct torture_context *tctx,
			   struct policy_handle *handle, const char *name,
			   const char *class)
{
	struct winreg_CreateKey r;
	struct policy_handle newhandle;
	enum winreg_CreateAction action_taken = 0;

	r.in.handle = handle;
	r.out.new_handle = &newhandle;
	init_winreg_String(&r.in.name, name);
	init_winreg_String(&r.in.keyclass, class);
	r.in.options = 0x0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.in.action_taken = r.out.action_taken = &action_taken;
	r.in.secdesc = NULL;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
				   "CreateKey failed");

	torture_assert_werr_ok(tctx,  r.out.result, "CreateKey failed");

	return true;
}


/*
  createkey testing with a SD
*/
static bool test_CreateKey_sd(struct dcerpc_pipe *p,
			      struct torture_context *tctx,
			      struct policy_handle *handle, const char *name,
			      const char *class,
			      struct policy_handle *newhandle)
{
	struct winreg_CreateKey r;
	enum winreg_CreateAction action_taken = 0;
	struct security_descriptor *sd;
	DATA_BLOB sdblob;
	struct winreg_SecBuf secbuf;

	sd = security_descriptor_dacl_create(tctx,
					0,
					NULL, NULL,
					SID_NT_AUTHENTICATED_USERS,
					SEC_ACE_TYPE_ACCESS_ALLOWED,
					SEC_GENERIC_ALL,
					SEC_ACE_FLAG_OBJECT_INHERIT |
					SEC_ACE_FLAG_CONTAINER_INHERIT,
					NULL);

	torture_assert_ndr_success(tctx,
		ndr_push_struct_blob(&sdblob, tctx, NULL, sd,
				     (ndr_push_flags_fn_t)ndr_push_security_descriptor),
				     "Failed to push security_descriptor ?!\n");

	secbuf.sd.data = sdblob.data;
	secbuf.sd.len = sdblob.length;
	secbuf.sd.size = sdblob.length;
	secbuf.length = sdblob.length-10;
	secbuf.inherit = 0;

	r.in.handle = handle;
	r.out.new_handle = newhandle;
	init_winreg_String(&r.in.name, name);
	init_winreg_String(&r.in.keyclass, class);
	r.in.options = 0x0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.in.action_taken = r.out.action_taken = &action_taken;
	r.in.secdesc = &secbuf;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CreateKey(p, tctx, &r),
				   "CreateKey with sd failed");

	torture_assert_werr_ok(tctx, r.out.result, "CreateKey with sd failed");

	return true;
}

static bool _test_GetKeySecurity(struct dcerpc_pipe *p,
				 struct torture_context *tctx,
				 struct policy_handle *handle,
				 uint32_t *sec_info_ptr,
				 WERROR get_werr,
				 struct security_descriptor **sd_out)
{
	struct winreg_GetKeySecurity r;
	struct security_descriptor *sd = NULL;
	uint32_t sec_info;
	DATA_BLOB sdblob;

	if (sec_info_ptr) {
		sec_info = *sec_info_ptr;
	} else {
		sec_info = SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL;
	}

	ZERO_STRUCT(r);

	r.in.handle = handle;
	r.in.sec_info = sec_info;
	r.in.sd = r.out.sd = talloc_zero(tctx, struct KeySecurityData);
	r.in.sd->size = 0x1000;

	torture_assert_ntstatus_ok(tctx,
				   dcerpc_winreg_GetKeySecurity(p, tctx, &r),
				   "GetKeySecurity failed");

	torture_assert_werr_equal(tctx, r.out.result, get_werr,
				  "GetKeySecurity failed");

	sdblob.data = r.out.sd->data;
	sdblob.length = r.out.sd->len;

	sd = talloc_zero(tctx, struct security_descriptor);

	torture_assert_ndr_success(tctx,
		ndr_pull_struct_blob(&sdblob, tctx, NULL, sd,
				     (ndr_pull_flags_fn_t)ndr_pull_security_descriptor),
				     "pull_security_descriptor failed");

	if (p->conn->flags & DCERPC_DEBUG_PRINT_OUT) {
		NDR_PRINT_DEBUG(security_descriptor, sd);
	}

	if (sd_out) {
		*sd_out = sd;
	} else {
		talloc_free(sd);
	}

	return true;
}

static bool test_GetKeySecurity(struct dcerpc_pipe *p,
				struct torture_context *tctx,
				struct policy_handle *handle,
				struct security_descriptor **sd_out)
{
	return _test_GetKeySecurity(p, tctx, handle, NULL, WERR_OK, sd_out);
}

static bool _test_SetKeySecurity(struct dcerpc_pipe *p,
				 struct torture_context *tctx,
				 struct policy_handle *handle,
				 uint32_t *sec_info_ptr,
				 struct security_descriptor *sd,
				 WERROR werr)
{
	struct winreg_SetKeySecurity r;
	struct KeySecurityData *sdata = NULL;
	DATA_BLOB sdblob;
	uint32_t sec_info;

	ZERO_STRUCT(r);

	if (sd && (p->conn->flags & DCERPC_DEBUG_PRINT_OUT)) {
		NDR_PRINT_DEBUG(security_descriptor, sd);
	}

	torture_assert_ndr_success(tctx,
		ndr_push_struct_blob(&sdblob, tctx, NULL, sd,
				     (ndr_push_flags_fn_t)ndr_push_security_descriptor),
				     "push_security_descriptor failed");

	sdata = talloc_zero(tctx, struct KeySecurityData);
	sdata->data = sdblob.data;
	sdata->size = sdblob.length;
	sdata->len = sdblob.length;

	if (sec_info_ptr) {
		sec_info = *sec_info_ptr;
	} else {
		sec_info = SECINFO_UNPROTECTED_SACL |
			   SECINFO_UNPROTECTED_DACL;
		if (sd->owner_sid) {
			sec_info |= SECINFO_OWNER;
		}
		if (sd->group_sid) {
			sec_info |= SECINFO_GROUP;
		}
		if (sd->sacl) {
			sec_info |= SECINFO_SACL;
		}
		if (sd->dacl) {
			sec_info |= SECINFO_DACL;
		}
	}

	r.in.handle = handle;
	r.in.sec_info = sec_info;
	r.in.sd = sdata;

	torture_assert_ntstatus_ok(tctx,
				   dcerpc_winreg_SetKeySecurity(p, tctx, &r),
				   "SetKeySecurity failed");

	torture_assert_werr_equal(tctx, r.out.result, werr,
				  "SetKeySecurity failed");

	return true;
}

static bool test_SetKeySecurity(struct dcerpc_pipe *p,
				struct torture_context *tctx,
				struct policy_handle *handle,
				struct security_descriptor *sd)
{
	return _test_SetKeySecurity(p, tctx, handle, NULL, sd, WERR_OK);
}

static bool test_CloseKey(struct dcerpc_pipe *p, struct torture_context *tctx,
			  struct policy_handle *handle)
{
	struct winreg_CloseKey r;

	r.in.handle = r.out.handle = handle;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_CloseKey(p, tctx, &r),
				   "CloseKey failed");

	torture_assert_werr_ok(tctx, r.out.result, "CloseKey failed");

	return true;
}

static bool test_FlushKey(struct dcerpc_pipe *p, struct torture_context *tctx,
			  struct policy_handle *handle)
{
	struct winreg_FlushKey r;

	r.in.handle = handle;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_FlushKey(p, tctx, &r),
				   "FlushKey failed");

	torture_assert_werr_ok(tctx, r.out.result, "FlushKey failed");

	return true;
}

static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
			  struct policy_handle *hive_handle,
			  const char *keyname, uint32_t access_mask,
			  struct policy_handle *key_handle,
			  WERROR open_werr,
			  bool *success)
{
	struct winreg_OpenKey r;

	r.in.parent_handle = hive_handle;
	init_winreg_String(&r.in.keyname, keyname);
	r.in.unknown = 0x00000000;
	r.in.access_mask = access_mask;
	r.out.handle = key_handle;

	torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r),
				   "OpenKey failed");

	torture_assert_werr_equal(tctx, r.out.result, open_werr,
				  "OpenKey failed");

	if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) {
		*success = true;
	}

	return true;
}

static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
			 struct policy_handle *hive_handle,
			 const char *keyname, struct policy_handle *key_handle)
{
	return _test_OpenKey(p, tctx, hive_handle, keyname,
			     SEC_FLAG_MAXIMUM_ALLOWED, key_handle,
			     WERR_OK, NULL);
}

static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx,
			 struct policy_handle *handle, const char *key)
{
	struct winreg_DeleteKey r;

	r.in.handle = handle;

	init_winreg_String(&r.in.key, key);
	dcerpc_winreg_DeleteKey(p, tctx, &r);

	return true;
}

static bool _test_GetSetSecurityDescriptor(struct dcerpc_pipe *p,
					   struct torture_context *tctx,
					   struct policy_handle *handle,
					   WERROR get_werr,
					   WERROR set_werr)
{
	struct security_descriptor *sd = NULL;

	if (!_test_GetKeySecurity(p, tctx, handle, NULL, get_werr, &sd)) {
		return false;
	}

	if (!_test_SetKeySecurity(p, tctx, handle, NULL, sd, set_werr)) {
		return false;
	}

	return true;
}

static bool test_SecurityDescriptor(struct dcerpc_pipe *p,
				    struct torture_context *tctx,
				    struct policy_handle *handle,
				    const char *key)
{
	struct policy_handle new_handle;
	bool ret = true;

	torture_comment(tctx, "SecurityDescriptor get & set\n");

	if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
		return false;
	}

	if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
					    WERR_OK, WERR_OK)) {
		ret = false;
	}

	if (!test_CloseKey(p, tctx, &new_handle)) {
		return false;
	}

	return ret;
}

static bool _test_SecurityDescriptor(struct dcerpc_pipe *p,
				     struct torture_context *tctx,
				     struct policy_handle *handle,
				     uint32_t access_mask,
				     const char *key,
				     WERROR open_werr,
				     WERROR get_werr,
				     WERROR set_werr)
{
	struct policy_handle new_handle;
	bool ret = true;
	bool got_key = false;

	if (!_test_OpenKey(p, tctx, handle, key, access_mask, &new_handle,
			   open_werr, &got_key)) {
		return false;
	}

	if (!got_key) {
		return true;
	}

	if (!_test_GetSetSecurityDescriptor(p, tctx, &new_handle,
					    get_werr, set_werr)) {
		ret = false;
	}

	if (!test_CloseKey(p, tctx, &new_handle)) {
		return false;
	}

	return ret;
}

static bool test_dacl_trustee_present(struct dcerpc_pipe *p,
				      struct torture_context *tctx,
				      struct policy_handle *handle,
				      const struct dom_sid *sid)
{