2 * Unit tests for lsa functions
4 * Copyright (c) 2006 Robert Reif
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
25 #define WIN32_NO_STATUS
34 #include "wine/test.h"
36 DEFINE_GUID(GUID_NULL
,0,0,0,0,0,0,0,0,0,0,0);
38 static HMODULE hadvapi32
;
39 static NTSTATUS (WINAPI
*pLsaClose
)(LSA_HANDLE
);
40 static NTSTATUS (WINAPI
*pLsaEnumerateAccountRights
)(LSA_HANDLE
,PSID
,PLSA_UNICODE_STRING
*,PULONG
);
41 static NTSTATUS (WINAPI
*pLsaFreeMemory
)(PVOID
);
42 static NTSTATUS (WINAPI
*pLsaOpenPolicy
)(PLSA_UNICODE_STRING
,PLSA_OBJECT_ATTRIBUTES
,ACCESS_MASK
,PLSA_HANDLE
);
43 static NTSTATUS (WINAPI
*pLsaQueryInformationPolicy
)(LSA_HANDLE
,POLICY_INFORMATION_CLASS
,PVOID
*);
44 static BOOL (WINAPI
*pConvertSidToStringSidA
)(PSID
,LPSTR
*);
45 static NTSTATUS (WINAPI
*pLsaLookupNames2
)(LSA_HANDLE
,ULONG
,ULONG
,PLSA_UNICODE_STRING
,PLSA_REFERENCED_DOMAIN_LIST
*,PLSA_TRANSLATED_SID2
*);
47 static BOOL
init(void)
49 hadvapi32
= GetModuleHandle("advapi32.dll");
51 pLsaClose
= (void*)GetProcAddress(hadvapi32
, "LsaClose");
52 pLsaEnumerateAccountRights
= (void*)GetProcAddress(hadvapi32
, "LsaEnumerateAccountRights");
53 pLsaFreeMemory
= (void*)GetProcAddress(hadvapi32
, "LsaFreeMemory");
54 pLsaOpenPolicy
= (void*)GetProcAddress(hadvapi32
, "LsaOpenPolicy");
55 pLsaQueryInformationPolicy
= (void*)GetProcAddress(hadvapi32
, "LsaQueryInformationPolicy");
56 pConvertSidToStringSidA
= (void*)GetProcAddress(hadvapi32
, "ConvertSidToStringSidA");
57 pLsaLookupNames2
= (void*)GetProcAddress(hadvapi32
, "LsaLookupNames2");
59 if (pLsaClose
&& pLsaEnumerateAccountRights
&& pLsaFreeMemory
&& pLsaOpenPolicy
&& pLsaQueryInformationPolicy
&& pConvertSidToStringSidA
)
65 static void test_lsa(void)
69 LSA_OBJECT_ATTRIBUTES object_attributes
;
71 ZeroMemory(&object_attributes
, sizeof(object_attributes
));
72 object_attributes
.Length
= sizeof(object_attributes
);
74 status
= pLsaOpenPolicy( NULL
, &object_attributes
, POLICY_ALL_ACCESS
, &handle
);
75 ok(status
== STATUS_SUCCESS
|| status
== STATUS_ACCESS_DENIED
,
76 "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status
);
78 /* try a more restricted access mask if necessary */
79 if (status
== STATUS_ACCESS_DENIED
) {
80 trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES\n");
81 status
= pLsaOpenPolicy( NULL
, &object_attributes
, POLICY_VIEW_LOCAL_INFORMATION
|POLICY_LOOKUP_NAMES
, &handle
);
82 ok(status
== STATUS_SUCCESS
, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES) returned 0x%08x\n", status
);
85 if (status
== STATUS_SUCCESS
) {
86 PPOLICY_AUDIT_EVENTS_INFO audit_events_info
;
87 PPOLICY_PRIMARY_DOMAIN_INFO primary_domain_info
;
88 PPOLICY_ACCOUNT_DOMAIN_INFO account_domain_info
;
89 PPOLICY_DNS_DOMAIN_INFO dns_domain_info
;
93 status
= pLsaQueryInformationPolicy(handle
, PolicyAuditEventsInformation
, (PVOID
*)&audit_events_info
);
94 if (status
== STATUS_ACCESS_DENIED
)
95 skip("Not enough rights to retrieve PolicyAuditEventsInformation\n");
97 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyAuditEventsInformation) failed, returned 0x%08x\n", status
);
98 if (status
== STATUS_SUCCESS
) {
99 pLsaFreeMemory((LPVOID
)audit_events_info
);
102 status
= pLsaQueryInformationPolicy(handle
, PolicyPrimaryDomainInformation
, (PVOID
*)&primary_domain_info
);
103 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyPrimaryDomainInformation) failed, returned 0x%08x\n", status
);
104 if (status
== STATUS_SUCCESS
) {
105 if (primary_domain_info
->Sid
) {
107 if (pConvertSidToStringSidA(primary_domain_info
->Sid
, &strsid
))
109 if (primary_domain_info
->Name
.Buffer
) {
112 len
= WideCharToMultiByte( CP_ACP
, 0, primary_domain_info
->Name
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
113 name
= LocalAlloc( 0, len
);
114 WideCharToMultiByte( CP_ACP
, 0, primary_domain_info
->Name
.Buffer
, -1, name
, len
, NULL
, NULL
);
115 trace(" name: %s sid: %s\n", name
, strsid
);
118 trace(" name: NULL sid: %s\n", strsid
);
122 trace("invalid sid\n");
125 trace("Running on a standalone system.\n");
126 pLsaFreeMemory((LPVOID
)primary_domain_info
);
129 status
= pLsaQueryInformationPolicy(handle
, PolicyAccountDomainInformation
, (PVOID
*)&account_domain_info
);
130 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) failed, returned 0x%08x\n", status
);
131 if (status
== STATUS_SUCCESS
) {
132 pLsaFreeMemory((LPVOID
)account_domain_info
);
135 /* This isn't supported in NT4 */
136 status
= pLsaQueryInformationPolicy(handle
, PolicyDnsDomainInformation
, (PVOID
*)&dns_domain_info
);
137 ok(status
== STATUS_SUCCESS
|| status
== STATUS_INVALID_PARAMETER
,
138 "LsaQueryInformationPolicy(PolicyDnsDomainInformation) failed, returned 0x%08x\n", status
);
139 if (status
== STATUS_SUCCESS
) {
140 if (dns_domain_info
->Sid
|| !IsEqualGUID(&dns_domain_info
->DomainGuid
, &GUID_NULL
)) {
145 LPSTR guidstr
= NULL
;
149 pConvertSidToStringSidA(dns_domain_info
->Sid
, &strsid
);
150 StringFromGUID2(&dns_domain_info
->DomainGuid
, guidstrW
, sizeof(guidstrW
)/sizeof(WCHAR
));
151 len
= WideCharToMultiByte( CP_ACP
, 0, guidstrW
, -1, NULL
, 0, NULL
, NULL
);
152 guidstr
= LocalAlloc( 0, len
);
153 WideCharToMultiByte( CP_ACP
, 0, guidstrW
, -1, guidstr
, len
, NULL
, NULL
);
154 if (dns_domain_info
->Name
.Buffer
) {
155 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->Name
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
156 name
= LocalAlloc( 0, len
);
157 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->Name
.Buffer
, -1, name
, len
, NULL
, NULL
);
159 if (dns_domain_info
->DnsDomainName
.Buffer
) {
160 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsDomainName
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
161 domain
= LocalAlloc( 0, len
);
162 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsDomainName
.Buffer
, -1, domain
, len
, NULL
, NULL
);
164 if (dns_domain_info
->DnsForestName
.Buffer
) {
165 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsForestName
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
166 forest
= LocalAlloc( 0, len
);
167 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsForestName
.Buffer
, -1, forest
, len
, NULL
, NULL
);
169 trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n",
170 name
? name
: "NULL", domain
? domain
: "NULL",
171 forest
? forest
: "NULL", guidstr
, strsid
? strsid
: "NULL");
175 LocalFree( guidstr
);
179 trace("Running on a standalone system.\n");
180 pLsaFreeMemory((LPVOID
)dns_domain_info
);
183 /* We need a valid SID to pass to LsaEnumerateAccountRights */
184 ret
= OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY
, &token
);
185 ok(ret
, "Unable to obtain process token, error %u\n", GetLastError( ));
189 TOKEN_USER
*token_user
= (TOKEN_USER
*) buffer
;
190 ret
= GetTokenInformation( token
, TokenUser
, (LPVOID
) token_user
, sizeof(buffer
), &len
);
191 ok(ret
|| GetLastError( ) == ERROR_INSUFFICIENT_BUFFER
, "Unable to obtain token information, error %u\n", GetLastError( ));
192 if (! ret
&& GetLastError( ) == ERROR_INSUFFICIENT_BUFFER
) {
193 trace("Resizing buffer to %u.\n", len
);
194 token_user
= LocalAlloc( 0, len
);
195 if (token_user
!= NULL
)
196 ret
= GetTokenInformation( token
, TokenUser
, (LPVOID
) token_user
, len
, &len
);
200 PLSA_UNICODE_STRING rights
;
202 rights
= (PLSA_UNICODE_STRING
) 0xdeadbeaf;
203 rights_count
= 0xcafecafe;
204 status
= pLsaEnumerateAccountRights(handle
, token_user
->User
.Sid
, &rights
, &rights_count
);
205 ok(status
== STATUS_SUCCESS
|| status
== STATUS_OBJECT_NAME_NOT_FOUND
, "Unexpected status 0x%x\n", status
);
206 if (status
== STATUS_SUCCESS
)
207 pLsaFreeMemory( rights
);
209 ok(rights
== NULL
&& rights_count
== 0, "Expected rights and rights_count to be set to 0 on failure\n");
211 if (token_user
!= NULL
&& token_user
!= (TOKEN_USER
*) buffer
)
212 LocalFree( token_user
);
213 CloseHandle( token
);
216 status
= pLsaClose(handle
);
217 ok(status
== STATUS_SUCCESS
, "LsaClose() failed, returned 0x%08x\n", status
);
221 static void get_sid_info(PSID psid
, LPSTR
*user
, LPSTR
*dom
)
223 static char account
[257], domain
[257];
224 DWORD user_size
, dom_size
;
231 user_size
= dom_size
= 257;
232 account
[0] = domain
[0] = 0;
233 ret
= LookupAccountSidA(NULL
, psid
, account
, &user_size
, domain
, &dom_size
, &use
);
234 ok(ret
, "LookupAccountSidA failed %u\n", GetLastError());
237 static void test_LsaLookupNames2(void)
239 static const WCHAR n1
[] = {'L','O','C','A','L',' ','S','E','R','V','I','C','E'};
240 static const WCHAR n2
[] = {'N','T',' ','A','U','T','H','O','R','I','T','Y','\\','L','o','c','a','l','S','e','r','v','i','c','e'};
244 LSA_OBJECT_ATTRIBUTES attrs
;
245 PLSA_REFERENCED_DOMAIN_LIST domains
;
246 PLSA_TRANSLATED_SID2 sids
;
247 LSA_UNICODE_STRING name
[3];
248 LPSTR account
, sid_dom
;
250 if (!pLsaLookupNames2
)
252 win_skip("LsaLookupNames2 not available\n");
256 if (PRIMARYLANGID(LANGIDFROMLCID(GetThreadLocale())) != LANG_ENGLISH
)
258 skip("Non-english locale (skipping LsaLookupNames2 tests)\n");
262 memset(&attrs
, 0, sizeof(attrs
));
263 attrs
.Length
= sizeof(attrs
);
265 status
= pLsaOpenPolicy(NULL
, &attrs
, POLICY_ALL_ACCESS
, &handle
);
266 ok(status
== STATUS_SUCCESS
|| status
== STATUS_ACCESS_DENIED
,
267 "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status
);
269 /* try a more restricted access mask if necessary */
270 if (status
== STATUS_ACCESS_DENIED
)
272 trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION\n");
273 status
= pLsaOpenPolicy(NULL
, &attrs
, POLICY_LOOKUP_NAMES
, &handle
);
274 ok(status
== STATUS_SUCCESS
, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION) returned 0x%08x\n", status
);
276 if (status
!= STATUS_SUCCESS
)
278 skip("Cannot acquire policy handle\n");
282 name
[0].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n1
));
283 name
[0].Length
= name
[0].MaximumLength
= sizeof(n1
);
284 memcpy(name
[0].Buffer
, n1
, sizeof(n1
));
286 name
[1].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n1
));
287 name
[1].Length
= name
[1].MaximumLength
= sizeof(n1
) - sizeof(WCHAR
);
288 memcpy(name
[1].Buffer
, n1
, sizeof(n1
) - sizeof(WCHAR
));
290 name
[2].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n2
));
291 name
[2].Length
= name
[2].MaximumLength
= sizeof(n2
);
292 memcpy(name
[2].Buffer
, n2
, sizeof(n2
));
294 /* account name only */
297 status
= pLsaLookupNames2(handle
, 0, 1, &name
[0], &domains
, &sids
);
298 ok(status
== STATUS_SUCCESS
, "expected STATUS_SUCCESS, got %x)\n", status
);
299 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
300 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
301 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
302 get_sid_info(sids
[0].Sid
, &account
, &sid_dom
);
303 ok(!strcmp(account
, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account
);
304 ok(!strcmp(sid_dom
, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom
);
305 pLsaFreeMemory(sids
);
306 pLsaFreeMemory(domains
);
308 /* unknown account name */
311 status
= pLsaLookupNames2(handle
, 0, 1, &name
[1], &domains
, &sids
);
312 ok(status
== STATUS_NONE_MAPPED
, "expected STATUS_NONE_MAPPED, got %x)\n", status
);
313 ok(sids
[0].Use
== SidTypeUnknown
, "expected SidTypeUnknown, got %u\n", sids
[0].Use
);
314 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
315 ok(domains
->Entries
== 0, "expected 0, got %u\n", domains
->Entries
);
316 pLsaFreeMemory(sids
);
317 pLsaFreeMemory(domains
);
319 /* account + domain */
322 status
= pLsaLookupNames2(handle
, 0, 1, &name
[2], &domains
, &sids
);
323 ok(status
== STATUS_SUCCESS
, "expected STATUS_SUCCESS, got %x)\n", status
);
324 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
325 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
326 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
327 get_sid_info(sids
[0].Sid
, &account
, &sid_dom
);
328 ok(!strcmp(account
, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account
);
329 ok(!strcmp(sid_dom
, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom
);
330 pLsaFreeMemory(sids
);
331 pLsaFreeMemory(domains
);
336 status
= pLsaLookupNames2(handle
, 0, 3, name
, &domains
, &sids
);
337 ok(status
== STATUS_SOME_NOT_MAPPED
, "expected STATUS_SOME_NOT_MAPPED, got %x)\n", status
);
338 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
339 ok(sids
[1].Use
== SidTypeUnknown
, "expected SidTypeUnknown, got %u\n", sids
[0].Use
);
340 ok(sids
[2].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
341 ok(sids
[0].DomainIndex
== 0, "expected 0, got %u\n", sids
[0].DomainIndex
);
342 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
343 pLsaFreeMemory(sids
);
344 pLsaFreeMemory(domains
);
346 HeapFree(GetProcessHeap(), 0, name
[0].Buffer
);
347 HeapFree(GetProcessHeap(), 0, name
[1].Buffer
);
348 HeapFree(GetProcessHeap(), 0, name
[2].Buffer
);
350 status
= pLsaClose(handle
);
351 ok(status
== STATUS_SUCCESS
, "LsaClose() failed, returned 0x%08x\n", status
);
357 win_skip("Needed functions are not available\n");
362 test_LsaLookupNames2();