winreg.c

来自「samba最新软件」· C语言 代码 · 共 1,909 行 · 第 1/4 页

	class.name   = "";
	class.size   = 1024;

	r.in.handle = handle;
	r.in.enum_index = 0;
	r.in.name = &name;
	r.in.keyclass = &class;
	r.out.name = &name;
	r.in.last_changed_time = &t;

	do {
		name.name   = NULL;
		name.size   = 1024;

		status = dcerpc_winreg_EnumKey(p, tctx, &r);

		if (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result)) {
			struct policy_handle key_handle;

			torture_comment(tctx, "EnumKey: %d: %s\n",
					r.in.enum_index,
					r.out.name->name);

			if (!test_OpenKey(p, tctx, handle, r.out.name->name,
					  &key_handle)) {
			} else {
				test_key(p, tctx, &key_handle,
					 depth + 1, test_security);
			}
		}

		r.in.enum_index++;

	} while (NT_STATUS_IS_OK(status) && W_ERROR_IS_OK(r.out.result));

	torture_assert_ntstatus_ok(tctx, status, "EnumKey failed");

	if (!W_ERROR_IS_OK(r.out.result) &&
		!W_ERROR_EQUAL(r.out.result, WERR_NO_MORE_ITEMS)) {
		torture_fail(tctx, "EnumKey failed");
	}

	return true;
}

static bool test_QueryMultipleValues(struct dcerpc_pipe *p,
				     struct torture_context *tctx,
				     struct policy_handle *handle,
				     const char *valuename)
{
	struct winreg_QueryMultipleValues r;
	NTSTATUS status;
	uint32_t bufsize=0;

	r.in.key_handle = handle;
	r.in.values = r.out.values = talloc_array(tctx, struct QueryMultipleValue, 1);
	r.in.values[0].name = talloc(tctx, struct winreg_String);
	r.in.values[0].name->name = valuename;
	r.in.values[0].offset = 0;
	r.in.values[0].length = 0;
	r.in.values[0].type = 0;

	r.in.num_values = 1;
	r.in.buffer_size = r.out.buffer_size = talloc(tctx, uint32_t);
	*r.in.buffer_size = bufsize;
	do {
		*r.in.buffer_size = bufsize;
		r.in.buffer = r.out.buffer = talloc_zero_array(tctx, uint8_t,
							       *r.in.buffer_size);

		status = dcerpc_winreg_QueryMultipleValues(p, tctx, &r);

		if(NT_STATUS_IS_ERR(status))
			torture_fail(tctx, "QueryMultipleValues failed");

		talloc_free(r.in.buffer);
		bufsize += 0x20;
	} while (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA));

	torture_assert_werr_ok(tctx, r.out.result, "QueryMultipleValues failed");

	return true;
}

static bool test_QueryValue(struct dcerpc_pipe *p,
			    struct torture_context *tctx,
			    struct policy_handle *handle,
			    const char *valuename)
{
	struct winreg_QueryValue r;
	NTSTATUS status;
	enum winreg_Type zero_type = 0;
	uint32_t offered = 0xfff;
	uint32_t zero = 0;

	r.in.handle = handle;
	r.in.data = NULL;
	r.in.value_name.name = valuename;
	r.in.type = &zero_type;
	r.in.size = &offered;
	r.in.length = &zero;

	status = dcerpc_winreg_QueryValue(p, tctx, &r);
	if (NT_STATUS_IS_ERR(status)) {
		torture_fail(tctx, "QueryValue failed");
	}

	torture_assert_werr_ok(tctx, r.out.result, "QueryValue failed");

	return true;
}

static bool test_EnumValue(struct dcerpc_pipe *p, struct torture_context *tctx,
			   struct policy_handle *handle, int max_valnamelen,
			   int max_valbufsize)
{
	struct winreg_EnumValue r;
	enum winreg_Type type = 0;
	uint32_t size = max_valbufsize, zero = 0;
	bool ret = true;
	uint8_t buf8;
	struct winreg_StringBuf name;

	name.name   = "";
	name.size   = 1024;

	r.in.handle = handle;
	r.in.enum_index = 0;
	r.in.name = &name;
	r.out.name = &name;
	r.in.type = &type;
	r.in.value = &buf8;
	r.in.length = &zero;
	r.in.size = &size;

	do {
		torture_assert_ntstatus_ok(tctx,
					   dcerpc_winreg_EnumValue(p, tctx, &r),
					   "EnumValue failed");

		if (W_ERROR_IS_OK(r.out.result)) {
			ret &= test_QueryValue(p, tctx, handle,
					       r.out.name->name);
			ret &= test_QueryMultipleValues(p, tctx, handle,
							r.out.name->name);
		}

		r.in.enum_index++;
	} while (W_ERROR_IS_OK(r.out.result));

	torture_assert_werr_equal(tctx, r.out.result, WERR_NO_MORE_ITEMS,
				  "EnumValue failed");

	return ret;
}

static bool test_AbortSystemShutdown(struct dcerpc_pipe *p,
				     struct torture_context *tctx)
{
	struct winreg_AbortSystemShutdown r;
	uint16_t server = 0x0;

	r.in.server = &server;

	torture_assert_ntstatus_ok(tctx,
				   dcerpc_winreg_AbortSystemShutdown(p, tctx, &r),
				   "AbortSystemShutdown failed");

	torture_assert_werr_ok(tctx, r.out.result,
			       "AbortSystemShutdown failed");

	return true;
}

static bool test_InitiateSystemShutdown(struct torture_context *tctx,
					struct dcerpc_pipe *p)
{
	struct winreg_InitiateSystemShutdown r;
	uint16_t hostname = 0x0;

	r.in.hostname = &hostname;
	r.in.message = talloc(tctx, struct lsa_StringLarge);
	init_lsa_StringLarge(r.in.message, "spottyfood");
	r.in.force_apps = 1;
	r.in.timeout = 30;
	r.in.reboot = 1;

	torture_assert_ntstatus_ok(tctx,
				   dcerpc_winreg_InitiateSystemShutdown(p, tctx, &r),
				   "InitiateSystemShutdown failed");

	torture_assert_werr_ok(tctx, r.out.result,
			       "InitiateSystemShutdown failed");

	return test_AbortSystemShutdown(p, tctx);
}


static bool test_InitiateSystemShutdownEx(struct torture_context *tctx,
					  struct dcerpc_pipe *p)
{
	struct winreg_InitiateSystemShutdownEx r;
	uint16_t hostname = 0x0;

	r.in.hostname = &hostname;
	r.in.message = talloc(tctx, struct lsa_StringLarge);
	init_lsa_StringLarge(r.in.message, "spottyfood");
	r.in.force_apps = 1;
	r.in.timeout = 30;
	r.in.reboot = 1;
	r.in.reason = 0;

	torture_assert_ntstatus_ok(tctx,
		dcerpc_winreg_InitiateSystemShutdownEx(p, tctx, &r),
		"InitiateSystemShutdownEx failed");

	torture_assert_werr_ok(tctx, r.out.result,
			       "InitiateSystemShutdownEx failed");

	return test_AbortSystemShutdown(p, tctx);
}
#define MAX_DEPTH 2		/* Only go this far down the tree */

static bool test_key(struct dcerpc_pipe *p, struct torture_context *tctx,
		     struct policy_handle *handle, int depth,
		     bool test_security)
{
	if (depth == MAX_DEPTH)
		return true;

	if (!test_QueryInfoKey(p, tctx, handle, NULL)) {
	}

	if (!test_NotifyChangeKeyValue(p, tctx, handle)) {
	}

	if (test_security && !test_GetKeySecurity(p, tctx, handle, NULL)) {
	}

	if (!test_EnumKey(p, tctx, handle, depth, test_security)) {
	}

	if (!test_EnumValue(p, tctx, handle, 0xFF, 0xFFFF)) {
	}

	test_CloseKey(p, tctx, handle);

	return true;
}

typedef NTSTATUS (*winreg_open_fn)(struct dcerpc_pipe *, TALLOC_CTX *, void *);

static bool test_Open_Security(struct torture_context *tctx,
			       struct dcerpc_pipe *p, void *userdata)
{
	struct policy_handle handle, newhandle;
	bool ret = true, created2 = false;
	bool created4 = false;
	struct winreg_OpenHKLM r;

	winreg_open_fn open_fn = userdata;

	r.in.system_name = 0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.handle = &handle;

	torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, &r),
				   "open");

	test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);

	if (!test_CreateKey(p, tctx, &handle, TEST_KEY_BASE, NULL)) {
		torture_comment(tctx,
				"CreateKey (TEST_KEY_BASE) failed\n");
	}

	if (test_CreateKey_sd(p, tctx, &handle, TEST_KEY2,
			      NULL, &newhandle)) {
		created2 = true;
	}

	if (created2 && !test_CloseKey(p, tctx, &newhandle)) {
		printf("CloseKey failed\n");
		ret = false;
	}

	if (test_CreateKey_sd(p, tctx, &handle, TEST_KEY4, NULL, &newhandle)) {
		created4 = true;
	}

	if (created4 && !test_CloseKey(p, tctx, &newhandle)) {
		printf("CloseKey failed\n");
		ret = false;
	}

	if (created4 && !test_SecurityDescriptors(p, tctx, &handle, TEST_KEY4)) {
		ret = false;
	}

	if (created4 && !test_DeleteKey(p, tctx, &handle, TEST_KEY4)) {
		printf("DeleteKey failed\n");
		ret = false;
	}

	if (created2 && !test_DeleteKey(p, tctx, &handle, TEST_KEY2)) {
		printf("DeleteKey failed\n");
		ret = false;
	}

	/* The HKCR hive has a very large fanout */
	if (open_fn == (void *)dcerpc_winreg_OpenHKCR) {
		if(!test_key(p, tctx, &handle, MAX_DEPTH - 1, true)) {
			ret = false;
		}
	} else {
		if (!test_key(p, tctx, &handle, 0, true)) {
			ret = false;
		}
	}

	test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);

	return ret;
}

static bool test_Open(struct torture_context *tctx, struct dcerpc_pipe *p,
		      void *userdata)
{
	struct policy_handle handle, newhandle;
	bool ret = true, created = false, deleted = false;
	bool created3 = false, created_subkey = false;
	struct winreg_OpenHKLM r;

	winreg_open_fn open_fn = userdata;

	r.in.system_name = 0;
	r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
	r.out.handle = &handle;

	torture_assert_ntstatus_ok(tctx, open_fn(p, tctx, &r),
				   "open");

	test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);

	if (!test_CreateKey(p, tctx, &handle, TEST_KEY_BASE, NULL)) {
		torture_comment(tctx,
				"CreateKey (TEST_KEY_BASE) failed\n");
	}

	if (!test_CreateKey(p, tctx, &handle, TEST_KEY1, NULL)) {
		torture_comment(tctx,
				"CreateKey failed - not considering a failure\n");
	} else {
		created = true;
	}

	if (created && !test_FlushKey(p, tctx, &handle)) {
		torture_comment(tctx, "FlushKey failed\n");
		ret = false;
	}

	if (created && !test_OpenKey(p, tctx, &handle, TEST_KEY1, &newhandle))
		torture_fail(tctx,
			     "CreateKey failed (OpenKey after Create didn't work)\n");

	if (created && !test_CloseKey(p, tctx, &newhandle))
		torture_fail(tctx,
			     "CreateKey failed (CloseKey after Open didn't work)\n");

	if (created && !test_DeleteKey(p, tctx, &handle, TEST_KEY1)) {
		torture_comment(tctx, "DeleteKey failed\n");
		ret = false;
	} else {
		deleted = true;
	}

	if (created && !test_FlushKey(p, tctx, &handle)) {
		torture_comment(tctx, "FlushKey failed\n");
		ret = false;
	}

	if (created && deleted &&
	    !_test_OpenKey(p, tctx, &handle, TEST_KEY1,
			   SEC_FLAG_MAXIMUM_ALLOWED, &newhandle,
			   WERR_BADFILE, NULL)) {
		torture_comment(tctx,
				"DeleteKey failed (OpenKey after Delete "
				"did not return WERR_BADFILE)\n");
		ret = false;
	}

	if (!test_GetVersion(p, tctx, &handle)) {
		torture_comment(tctx, "GetVersion failed\n");
		ret = false;
	}

	if (created && test_CreateKey(p, tctx, &handle, TEST_KEY3, NULL)) {
		created3 = true;
	}

	if (created3 &&
	    test_CreateKey(p, tctx, &handle, TEST_SUBKEY, NULL)) {
		created_subkey = true;
	}

	if (created_subkey &&
	    !test_DeleteKey(p, tctx, &handle, TEST_KEY3)) {
		printf("DeleteKey failed\n");
		ret = false;
	}

	/* The HKCR hive has a very large fanout */
	if (open_fn == (void *)dcerpc_winreg_OpenHKCR) {
		if(!test_key(p, tctx, &handle, MAX_DEPTH - 1, false)) {
			ret = false;
		}
	} else {
		if (!test_key(p, tctx, &handle, 0, false)) {
			ret = false;
		}
	}

	test_Cleanup(p, tctx, &handle, TEST_KEY_BASE);

	return ret;
}

struct torture_suite *torture_rpc_winreg(TALLOC_CTX *mem_ctx)
{
	struct torture_rpc_tcase *tcase;
	struct torture_suite *suite = torture_suite_create(mem_ctx, "WINREG");
	struct torture_test *test;

	tcase = torture_suite_add_rpc_iface_tcase(suite, "winreg",
						  &ndr_table_winreg);

	test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdown",
					  test_InitiateSystemShutdown);
	test->dangerous = true;

	test = torture_rpc_tcase_add_test(tcase, "InitiateSystemShutdownEx",
					  test_InitiateSystemShutdownEx);
	test->dangerous = true;

	/* Basic tests without security descriptors */
	torture_rpc_tcase_add_test_ex(tcase, "HKLM-basic",
				      test_Open,
				      (winreg_open_fn)dcerpc_winreg_OpenHKLM);
	torture_rpc_tcase_add_test_ex(tcase, "HKU-basic",
				      test_Open,
				      (winreg_open_fn)dcerpc_winreg_OpenHKU);
	torture_rpc_tcase_add_test_ex(tcase, "HKCR-basic",
				      test_Open,
				      (winreg_open_fn)dcerpc_winreg_OpenHKCR);
	torture_rpc_tcase_add_test_ex(tcase, "HKCU-basic",
				      test_Open,
				      (winreg_open_fn)dcerpc_winreg_OpenHKCU);

	/* Security descriptor tests */
	torture_rpc_tcase_add_test_ex(tcase, "HKLM-security",
				      test_Open_Security,
				      (winreg_open_fn)dcerpc_winreg_OpenHKLM);
	torture_rpc_tcase_add_test_ex(tcase, "HKU-security",
				      test_Open_Security,
				      (winreg_open_fn)dcerpc_winreg_OpenHKU);
	torture_rpc_tcase_add_test_ex(tcase, "HKCR-security",
				      test_Open_Security,
				      (winreg_open_fn)dcerpc_winreg_OpenHKCR);
	torture_rpc_tcase_add_test_ex(tcase, "HKCU-security",
				      test_Open_Security,
				      (winreg_open_fn)dcerpc_winreg_OpenHKCU);

	return suite;
}