svn commit: samba r25811 - in
branches/SAMBA_4_0/source/torture/rpc: .
gd at samba.org
gd at samba.org
Fri Nov 2 14:50:28 GMT 2007
Author: gd
Date: 2007-11-02 14:50:27 +0000 (Fri, 02 Nov 2007)
New Revision: 25811
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=25811
Log:
Add some security descriptor helper functions.
Guenther
Modified:
branches/SAMBA_4_0/source/torture/rpc/winreg.c
Changeset:
Modified: branches/SAMBA_4_0/source/torture/rpc/winreg.c
===================================================================
--- branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-11-02 14:43:11 UTC (rev 25810)
+++ branches/SAMBA_4_0/source/torture/rpc/winreg.c 2007-11-02 14:50:27 UTC (rev 25811)
@@ -344,26 +344,43 @@
return true;
}
-static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
- struct policy_handle *hive_handle,
- const char *keyname, struct policy_handle *key_handle)
+static bool _test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct policy_handle *hive_handle,
+ const char *keyname, uint32_t access_mask,
+ struct policy_handle *key_handle,
+ WERROR open_werr,
+ bool *success)
{
struct winreg_OpenKey r;
r.in.parent_handle = hive_handle;
init_winreg_String(&r.in.keyname, keyname);
r.in.unknown = 0x00000000;
- r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED;
+ r.in.access_mask = access_mask;
r.out.handle = key_handle;
torture_assert_ntstatus_ok(tctx, dcerpc_winreg_OpenKey(p, tctx, &r),
"OpenKey failed");
- torture_assert_werr_ok(tctx, r.out.result, "OpenKey failed");
+ torture_assert_werr_equal(tctx, r.out.result, open_werr,
+ "OpenKey failed");
+ if (success && W_ERROR_EQUAL(r.out.result, WERR_OK)) {
+ *success = true;
+ }
+
return true;
}
+static bool test_OpenKey(struct dcerpc_pipe *p, struct torture_context *tctx,
+ struct policy_handle *hive_handle,
+ const char *keyname, struct policy_handle *key_handle)
+{
+ return _test_OpenKey(p, tctx, hive_handle, keyname,
+ SEC_FLAG_MAXIMUM_ALLOWED, key_handle,
+ WERR_OK, NULL);
+}
+
static bool test_Cleanup(struct dcerpc_pipe *p, struct torture_context *tctx,
struct policy_handle *handle, const char *key)
{
@@ -447,6 +464,151 @@
return false;
}
+static bool _test_dacl_trustee_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *key,
+ const struct dom_sid *sid)
+{
+ struct policy_handle new_handle;
+ bool ret = true;
+
+ if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
+ return false;
+ }
+
+ ret = test_dacl_trustee_present(p, tctx, &new_handle, sid);
+
+ test_CloseKey(p, tctx, &new_handle);
+
+ return ret;
+}
+
+static bool test_sacl_trustee_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const struct dom_sid *sid)
+{
+ struct security_descriptor *sd = NULL;
+ int i;
+ uint32_t sec_info = SECINFO_SACL;
+
+ if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+ return false;
+ }
+
+ if (!sd || !sd->sacl) {
+ return false;
+ }
+
+ for (i = 0; i < sd->sacl->num_aces; i++) {
+ if (dom_sid_equal(&sd->sacl->aces[i].trustee, sid)) {
+ return true;
+ }
+ }
+
+ return false;
+}
+
+static bool _test_sacl_trustee_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *key,
+ const struct dom_sid *sid)
+{
+ struct policy_handle new_handle;
+ bool ret = true;
+
+ if (!_test_OpenKey(p, tctx, handle, key, SEC_FLAG_SYSTEM_SECURITY,
+ &new_handle, WERR_OK, NULL)) {
+ return false;
+ }
+
+ ret = test_sacl_trustee_present(p, tctx, &new_handle, sid);
+
+ test_CloseKey(p, tctx, &new_handle);
+
+ return ret;
+}
+
+static bool test_owner_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const struct dom_sid *sid)
+{
+ struct security_descriptor *sd = NULL;
+ uint32_t sec_info = SECINFO_OWNER;
+
+ if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+ return false;
+ }
+
+ if (!sd || !sd->owner_sid) {
+ return false;
+ }
+
+ return dom_sid_equal(sd->owner_sid, sid);
+}
+
+static bool _test_owner_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *key,
+ const struct dom_sid *sid)
+{
+ struct policy_handle new_handle;
+ bool ret = true;
+
+ if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
+ return false;
+ }
+
+ ret = test_owner_present(p, tctx, &new_handle, sid);
+
+ test_CloseKey(p, tctx, &new_handle);
+
+ return ret;
+}
+
+static bool test_group_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const struct dom_sid *sid)
+{
+ struct security_descriptor *sd = NULL;
+ uint32_t sec_info = SECINFO_GROUP;
+
+ if (!_test_GetKeySecurity(p, tctx, handle, &sec_info, WERR_OK, &sd)) {
+ return false;
+ }
+
+ if (!sd || !sd->group_sid) {
+ return false;
+ }
+
+ return dom_sid_equal(sd->group_sid, sid);
+}
+
+static bool _test_group_present(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *key,
+ const struct dom_sid *sid)
+{
+ struct policy_handle new_handle;
+ bool ret = true;
+
+ if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
+ return false;
+ }
+
+ ret = test_group_present(p, tctx, &new_handle, sid);
+
+ test_CloseKey(p, tctx, &new_handle);
+
+ return ret;
+}
+
static bool test_dacl_trustee_flags_present(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct policy_handle *handle,
@@ -523,6 +685,30 @@
return ret;
}
+static bool test_BackupSecurity(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ const char *key,
+ struct security_descriptor **sd)
+{
+ struct policy_handle new_handle;
+ bool ret = true;
+
+ if (!test_OpenKey(p, tctx, handle, key, &new_handle)) {
+ return false;
+ }
+
+ if (!test_GetKeySecurity(p, tctx, &new_handle, sd)) {
+ ret = false;
+ }
+
+ if (!test_CloseKey(p, tctx, &new_handle)) {
+ ret = false;
+ }
+
+ return ret;
+}
+
static bool test_SecurityDescriptorInheritance(struct dcerpc_pipe *p,
struct torture_context *tctx,
struct policy_handle *handle,
More information about the samba-cvs
mailing list