dlls/advapi32/tests/lsa.c

   1 /*
   2  * Unit tests for lsa functions
   3  *
   4  * Copyright (c) 2006 Robert Reif
   5  *
   6  * This library is free software; you can redistribute it and/or
   7  * modify it under the terms of the GNU Lesser General Public
   8  * License as published by the Free Software Foundation; either
   9  * version 2.1 of the License, or (at your option) any later version.
  10  *
  11  * This library is distributed in the hope that it will be useful,
  12  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  14  * Lesser General Public License for more details.
  15  *
  16  * You should have received a copy of the GNU Lesser General Public
  17  * License along with this library; if not, write to the Free Software
  18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
  19  */
  20
  21 #include <stdarg.h>
  22 #include <stdio.h>
  23
  24 #include "ntstatus.h"
  25 #define WIN32_NO_STATUS
  26 #include "windef.h"
  27 #include "winbase.h"
  28 #include "winreg.h"
  29 #include "ntsecapi.h"
  30 #include "sddl.h"
  31 #include "winnls.h"
  32 #include "objbase.h"
  33 #include "initguid.h"
  34 #include "wine/test.h"
  35
  36 DEFINE_GUID(GUID_NULL,0,0,0,0,0,0,0,0,0,0,0);
  37
  38 static HMODULE hadvapi32;
  39 static NTSTATUS (WINAPI *pLsaClose)(LSA_HANDLE);
  40 static NTSTATUS (WINAPI *pLsaEnumerateAccountRights)(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG);
  41 static NTSTATUS (WINAPI *pLsaFreeMemory)(PVOID);
  42 static NTSTATUS (WINAPI *pLsaOpenPolicy)(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,ACCESS_MASK,PLSA_HANDLE);
  43 static NTSTATUS (WINAPI *pLsaQueryInformationPolicy)(LSA_HANDLE,POLICY_INFORMATION_CLASS,PVOID*);
  44 static BOOL     (WINAPI *pConvertSidToStringSidA)(PSID,LPSTR*);
  45 static NTSTATUS (WINAPI *pLsaLookupNames2)(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
  46
  47 static BOOL init(void)
  48 {
  49     hadvapi32 = GetModuleHandle("advapi32.dll");
  50
  51     pLsaClose = (void*)GetProcAddress(hadvapi32, "LsaClose");
  52     pLsaEnumerateAccountRights = (void*)GetProcAddress(hadvapi32, "LsaEnumerateAccountRights");
  53     pLsaFreeMemory = (void*)GetProcAddress(hadvapi32, "LsaFreeMemory");
  54     pLsaOpenPolicy = (void*)GetProcAddress(hadvapi32, "LsaOpenPolicy");
  55     pLsaQueryInformationPolicy = (void*)GetProcAddress(hadvapi32, "LsaQueryInformationPolicy");
  56     pConvertSidToStringSidA = (void*)GetProcAddress(hadvapi32, "ConvertSidToStringSidA");
  57     pLsaLookupNames2 = (void*)GetProcAddress(hadvapi32, "LsaLookupNames2");
  58
  59     if (pLsaClose && pLsaEnumerateAccountRights && pLsaFreeMemory && pLsaOpenPolicy && pLsaQueryInformationPolicy && pConvertSidToStringSidA)
  60         return TRUE;
  61
  62     return FALSE;
  63 }
  64
  65 static void test_lsa(void)
  66 {
  67     NTSTATUS status;
  68     LSA_HANDLE handle;
  69     LSA_OBJECT_ATTRIBUTES object_attributes;
  70
  71     ZeroMemory(&object_attributes, sizeof(object_attributes));
  72     object_attributes.Length = sizeof(object_attributes);
  73
  74     status = pLsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
  75     ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
  76        "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
  77
  78     /* try a more restricted access mask if necessary */
  79     if (status == STATUS_ACCESS_DENIED) {
  80         trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES\n");
  81         status = pLsaOpenPolicy( NULL, &object_attributes, POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES, &handle);
  82         ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES) returned 0x%08x\n", status);
  83     }
  84
  85     if (status == STATUS_SUCCESS) {
  86         PPOLICY_AUDIT_EVENTS_INFO audit_events_info;
  87         PPOLICY_PRIMARY_DOMAIN_INFO primary_domain_info;
  88         PPOLICY_ACCOUNT_DOMAIN_INFO account_domain_info;
  89         PPOLICY_DNS_DOMAIN_INFO dns_domain_info;
  90         HANDLE token;
  91         BOOL ret;
  92
  93         status = pLsaQueryInformationPolicy(handle, PolicyAuditEventsInformation, (PVOID*)&audit_events_info);
  94         if (status == STATUS_ACCESS_DENIED)
  95             skip("Not enough rights to retrieve PolicyAuditEventsInformation\n");
  96         else
  97             ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAuditEventsInformation) failed, returned 0x%08x\n", status);
  98         if (status == STATUS_SUCCESS) {
  99             pLsaFreeMemory((LPVOID)audit_events_info);
 100         }
 101
 102         status = pLsaQueryInformationPolicy(handle, PolicyPrimaryDomainInformation, (PVOID*)&primary_domain_info);
 103         ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyPrimaryDomainInformation) failed, returned 0x%08x\n", status);
 104         if (status == STATUS_SUCCESS) {
 105             if (primary_domain_info->Sid) {
 106                 LPSTR strsid;
 107                 if (pConvertSidToStringSidA(primary_domain_info->Sid, &strsid))
 108                 {
 109                     if (primary_domain_info->Name.Buffer) {
 110                         LPSTR name = NULL;
 111                         UINT len;
 112                         len = WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
 113                         name = LocalAlloc( 0, len );
 114                         WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
 115                         trace("  name: %s sid: %s\n", name, strsid);
 116                         LocalFree( name );
 117                     } else
 118                         trace("  name: NULL sid: %s\n", strsid);
 119                     LocalFree( strsid );
 120                 }
 121                 else
 122                     trace("invalid sid\n");
 123             }
 124             else
 125                 trace("Running on a standalone system.\n");
 126             pLsaFreeMemory((LPVOID)primary_domain_info);
 127         }
 128
 129         status = pLsaQueryInformationPolicy(handle, PolicyAccountDomainInformation, (PVOID*)&account_domain_info);
 130         ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) failed, returned 0x%08x\n", status);
 131         if (status == STATUS_SUCCESS) {
 132             pLsaFreeMemory((LPVOID)account_domain_info);
 133         }
 134
 135         /* This isn't supported in NT4 */
 136         status = pLsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, (PVOID*)&dns_domain_info);
 137         ok(status == STATUS_SUCCESS || status == STATUS_INVALID_PARAMETER,
 138            "LsaQueryInformationPolicy(PolicyDnsDomainInformation) failed, returned 0x%08x\n", status);
 139         if (status == STATUS_SUCCESS) {
 140             if (dns_domain_info->Sid || !IsEqualGUID(&dns_domain_info->DomainGuid, &GUID_NULL)) {
 141                 LPSTR strsid = NULL;
 142                 LPSTR name = NULL;
 143                 LPSTR domain = NULL;
 144                 LPSTR forest = NULL;
 145                 LPSTR guidstr = NULL;
 146                 WCHAR guidstrW[64];
 147                 UINT len;
 148                 guidstrW[0] = '\0';
 149                 pConvertSidToStringSidA(dns_domain_info->Sid, &strsid);
 150                 StringFromGUID2(&dns_domain_info->DomainGuid, guidstrW, sizeof(guidstrW)/sizeof(WCHAR));
 151                 len = WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, NULL, 0, NULL, NULL );
 152                 guidstr = LocalAlloc( 0, len );
 153                 WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, guidstr, len, NULL, NULL );
 154                 if (dns_domain_info->Name.Buffer) {
 155                     len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
 156                     name = LocalAlloc( 0, len );
 157                     WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
 158                 }
 159                 if (dns_domain_info->DnsDomainName.Buffer) {
 160                     len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, NULL, 0, NULL, NULL );
 161                     domain = LocalAlloc( 0, len );
 162                     WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, domain, len, NULL, NULL );
 163                 }
 164                 if (dns_domain_info->DnsForestName.Buffer) {
 165                     len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, NULL, 0, NULL, NULL );
 166                     forest = LocalAlloc( 0, len );
 167                     WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, forest, len, NULL, NULL );
 168                 }
 169                 trace("  name: %s domain: %s forest: %s guid: %s sid: %s\n",
 170                       name ? name : "NULL", domain ? domain : "NULL",
 171                       forest ? forest : "NULL", guidstr, strsid ? strsid : "NULL");
 172                 LocalFree( name );
 173                 LocalFree( forest );
 174                 LocalFree( domain );
 175                 LocalFree( guidstr );
 176                 LocalFree( strsid );
 177             }
 178             else
 179                 trace("Running on a standalone system.\n");
 180             pLsaFreeMemory((LPVOID)dns_domain_info);
 181         }
 182
 183         /* We need a valid SID to pass to LsaEnumerateAccountRights */
 184         ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token );
 185         ok(ret, "Unable to obtain process token, error %u\n", GetLastError( ));
 186         if (ret) {
 187             char buffer[64];
 188             DWORD len;
 189             TOKEN_USER *token_user = (TOKEN_USER *) buffer;
 190             ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, sizeof(buffer), &len );
 191             ok(ret || GetLastError( ) == ERROR_INSUFFICIENT_BUFFER, "Unable to obtain token information, error %u\n", GetLastError( ));
 192             if (! ret && GetLastError( ) == ERROR_INSUFFICIENT_BUFFER) {
 193                 trace("Resizing buffer to %u.\n", len);
 194                 token_user = LocalAlloc( 0, len );
 195                 if (token_user != NULL)
 196                     ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, len, &len );
 197             }
 198
 199             if (ret) {
 200                 PLSA_UNICODE_STRING rights;
 201                 ULONG rights_count;
 202                 rights = (PLSA_UNICODE_STRING) 0xdeadbeaf;
 203                 rights_count = 0xcafecafe;
 204                 status = pLsaEnumerateAccountRights(handle, token_user->User.Sid, &rights, &rights_count);
 205                 ok(status == STATUS_SUCCESS || status == STATUS_OBJECT_NAME_NOT_FOUND, "Unexpected status 0x%x\n", status);
 206                 if (status == STATUS_SUCCESS)
 207                     pLsaFreeMemory( rights );
 208                 else
 209                     ok(rights == NULL && rights_count == 0, "Expected rights and rights_count to be set to 0 on failure\n");
 210             }
 211             if (token_user != NULL && token_user != (TOKEN_USER *) buffer)
 212                 LocalFree( token_user );
 213             CloseHandle( token );
 214         }
 215
 216         status = pLsaClose(handle);
 217         ok(status == STATUS_SUCCESS, "LsaClose() failed, returned 0x%08x\n", status);
 218     }
 219 }
 220
 221 static void get_sid_info(PSID psid, LPSTR *user, LPSTR *dom)
 222 {
 223     static char account[257], domain[257];
 224     DWORD user_size, dom_size;
 225     SID_NAME_USE use;
 226     BOOL ret;
 227
 228     *user = account;
 229     *dom = domain;
 230
 231     user_size = dom_size = 257;
 232     account[0] = domain[0] = 0;
 233     ret = LookupAccountSidA(NULL, psid, account, &user_size, domain, &dom_size, &use);
 234     ok(ret, "LookupAccountSidA failed %u\n", GetLastError());
 235 }
 236
 237 static void test_LsaLookupNames2(void)
 238 {
 239     static const WCHAR n1[] = {'L','O','C','A','L',' ','S','E','R','V','I','C','E'};
 240     static const WCHAR n2[] = {'N','T',' ','A','U','T','H','O','R','I','T','Y','\\','L','o','c','a','l','S','e','r','v','i','c','e'};
 241
 242     NTSTATUS status;
 243     LSA_HANDLE handle;
 244     LSA_OBJECT_ATTRIBUTES attrs;
 245     PLSA_REFERENCED_DOMAIN_LIST domains;
 246     PLSA_TRANSLATED_SID2 sids;
 247     LSA_UNICODE_STRING name[3];
 248     LPSTR account, sid_dom;
 249
 250     if (!pLsaLookupNames2)
 251     {
 252         win_skip("LsaLookupNames2 not avaliable\n");
 253         return;
 254     }
 255
 256     if (PRIMARYLANGID(LANGIDFROMLCID(GetThreadLocale())) != LANG_ENGLISH)
 257     {
 258         skip("Non-english locale (skipping LsaLookupNames2 tests)\n");
 259         return;
 260     }
 261
 262     memset(&attrs, 0, sizeof(attrs));
 263     attrs.Length = sizeof(attrs);
 264
 265     status = pLsaOpenPolicy(NULL, &attrs, POLICY_ALL_ACCESS, &handle);
 266     ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
 267        "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
 268
 269     /* try a more restricted access mask if necessary */
 270     if (status == STATUS_ACCESS_DENIED)
 271     {
 272         trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION\n");
 273         status = pLsaOpenPolicy(NULL, &attrs, POLICY_LOOKUP_NAMES, &handle);
 274         ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION) returned 0x%08x\n", status);
 275     }
 276     if (status != STATUS_SUCCESS)
 277     {
 278         skip("Cannot acquire policy handle\n");
 279         return;
 280     }
 281
 282     name[0].Buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(n1));
 283     name[0].Length = name[0].MaximumLength = sizeof(n1);
 284     memcpy(name[0].Buffer, n1, sizeof(n1));
 285
 286     name[1].Buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(n1));
 287     name[1].Length = name[1].MaximumLength = sizeof(n1) - sizeof(WCHAR);
 288     memcpy(name[1].Buffer, n1, sizeof(n1) - sizeof(WCHAR));
 289
 290     name[2].Buffer = HeapAlloc(GetProcessHeap(), 0, sizeof(n2));
 291     name[2].Length = name[2].MaximumLength = sizeof(n2);
 292     memcpy(name[2].Buffer, n2, sizeof(n2));
 293
 294     /* account name only */
 295     sids = NULL;
 296     domains = NULL;
 297     status = pLsaLookupNames2(handle, 0, 1, &name[0], &domains, &sids);
 298     ok(status == STATUS_SUCCESS, "expected STATUS_SUCCESS, got %x)\n", status);
 299     ok(sids[0].Use == SidTypeWellKnownGroup, "expected SidTypeWellKnownGroup, got %u\n", sids[0].Use);
 300     ok(sids[0].Flags == 0, "expected 0, got 0x%08x\n", sids[0].Flags);
 301     ok(domains->Entries == 1, "expected 1, got %u\n", domains->Entries);
 302     get_sid_info(sids[0].Sid, &account, &sid_dom);
 303     ok(!strcmp(account, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account);
 304     ok(!strcmp(sid_dom, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom);
 305     pLsaFreeMemory(sids);
 306     pLsaFreeMemory(domains);
 307
 308     /* unknown account name */
 309     sids = NULL;
 310     domains = NULL;
 311     status = pLsaLookupNames2(handle, 0, 1, &name[1], &domains, &sids);
 312     ok(status == STATUS_NONE_MAPPED, "expected STATUS_NONE_MAPPED, got %x)\n", status);
 313     ok(sids[0].Use == SidTypeUnknown, "expected SidTypeUnknown, got %u\n", sids[0].Use);
 314     ok(sids[0].Flags == 0, "expected 0, got 0x%08x\n", sids[0].Flags);
 315     ok(domains->Entries == 0, "expected 0, got %u\n", domains->Entries);
 316     pLsaFreeMemory(sids);
 317     pLsaFreeMemory(domains);
 318
 319     /* account + domain */
 320     sids = NULL;
 321     domains = NULL;
 322     status = pLsaLookupNames2(handle, 0, 1, &name[2], &domains, &sids);
 323     ok(status == STATUS_SUCCESS, "expected STATUS_SUCCESS, got %x)\n", status);
 324     ok(sids[0].Use == SidTypeWellKnownGroup, "expected SidTypeWellKnownGroup, got %u\n", sids[0].Use);
 325     ok(sids[0].Flags == 0, "expected 0, got 0x%08x\n", sids[0].Flags);
 326     ok(domains->Entries == 1, "expected 1, got %u\n", domains->Entries);
 327     get_sid_info(sids[0].Sid, &account, &sid_dom);
 328     ok(!strcmp(account, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account);
 329     ok(!strcmp(sid_dom, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom);
 330     pLsaFreeMemory(sids);
 331     pLsaFreeMemory(domains);
 332
 333     /* all three */
 334     sids = NULL;
 335     domains = NULL;
 336     status = pLsaLookupNames2(handle, 0, 3, name, &domains, &sids);
 337     ok(status == STATUS_SOME_NOT_MAPPED, "expected STATUS_SOME_NOT_MAPPED, got %x)\n", status);
 338     ok(sids[0].Use == SidTypeWellKnownGroup, "expected SidTypeWellKnownGroup, got %u\n", sids[0].Use);
 339     ok(sids[1].Use == SidTypeUnknown, "expected SidTypeUnknown, got %u\n", sids[0].Use);
 340     ok(sids[2].Use == SidTypeWellKnownGroup, "expected SidTypeWellKnownGroup, got %u\n", sids[0].Use);
 341     ok(sids[0].DomainIndex == 0, "expected 0, got %u\n", sids[0].DomainIndex);
 342     ok(domains->Entries == 1, "expected 1, got %u\n", domains->Entries);
 343     pLsaFreeMemory(sids);
 344     pLsaFreeMemory(domains);
 345
 346     HeapFree(GetProcessHeap(), 0, name[0].Buffer);
 347     HeapFree(GetProcessHeap(), 0, name[1].Buffer);
 348     HeapFree(GetProcessHeap(), 0, name[2].Buffer);
 349
 350     status = pLsaClose(handle);
 351     ok(status == STATUS_SUCCESS, "LsaClose() failed, returned 0x%08x\n", status);
 352 }
 353
 354 START_TEST(lsa)
 355 {
 356     if (!init()) {
 357         win_skip("Needed functions are not available\n");
 358         return;
 359     }
 360
 361     test_lsa();
 362     test_LsaLookupNames2();
 363 }