2 * Unit tests for lsa functions
4 * Copyright (c) 2006 Robert Reif
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
25 #define WIN32_NO_STATUS
27 #define COM_NO_WINDOWS_H
36 #include "wine/test.h"
38 DEFINE_GUID(GUID_NULL
,0,0,0,0,0,0,0,0,0,0,0);
40 static HMODULE hadvapi32
;
41 static NTSTATUS (WINAPI
*pLsaClose
)(LSA_HANDLE
);
42 static NTSTATUS (WINAPI
*pLsaEnumerateAccountRights
)(LSA_HANDLE
,PSID
,PLSA_UNICODE_STRING
*,PULONG
);
43 static NTSTATUS (WINAPI
*pLsaFreeMemory
)(PVOID
);
44 static NTSTATUS (WINAPI
*pLsaOpenPolicy
)(PLSA_UNICODE_STRING
,PLSA_OBJECT_ATTRIBUTES
,ACCESS_MASK
,PLSA_HANDLE
);
45 static NTSTATUS (WINAPI
*pLsaQueryInformationPolicy
)(LSA_HANDLE
,POLICY_INFORMATION_CLASS
,PVOID
*);
46 static BOOL (WINAPI
*pConvertSidToStringSidA
)(PSID
,LPSTR
*);
47 static NTSTATUS (WINAPI
*pLsaLookupNames2
)(LSA_HANDLE
,ULONG
,ULONG
,PLSA_UNICODE_STRING
,PLSA_REFERENCED_DOMAIN_LIST
*,PLSA_TRANSLATED_SID2
*);
48 static NTSTATUS (WINAPI
*pLsaLookupSids
)(LSA_HANDLE
,ULONG
,PSID
*,LSA_REFERENCED_DOMAIN_LIST
**,LSA_TRANSLATED_NAME
**);
50 static BOOL
init(void)
52 hadvapi32
= GetModuleHandleA("advapi32.dll");
54 pLsaClose
= (void*)GetProcAddress(hadvapi32
, "LsaClose");
55 pLsaEnumerateAccountRights
= (void*)GetProcAddress(hadvapi32
, "LsaEnumerateAccountRights");
56 pLsaFreeMemory
= (void*)GetProcAddress(hadvapi32
, "LsaFreeMemory");
57 pLsaOpenPolicy
= (void*)GetProcAddress(hadvapi32
, "LsaOpenPolicy");
58 pLsaQueryInformationPolicy
= (void*)GetProcAddress(hadvapi32
, "LsaQueryInformationPolicy");
59 pConvertSidToStringSidA
= (void*)GetProcAddress(hadvapi32
, "ConvertSidToStringSidA");
60 pLsaLookupNames2
= (void*)GetProcAddress(hadvapi32
, "LsaLookupNames2");
61 pLsaLookupSids
= (void*)GetProcAddress(hadvapi32
, "LsaLookupSids");
63 if (pLsaClose
&& pLsaEnumerateAccountRights
&& pLsaFreeMemory
&& pLsaOpenPolicy
&& pLsaQueryInformationPolicy
&& pConvertSidToStringSidA
)
69 static void test_lsa(void)
73 LSA_OBJECT_ATTRIBUTES object_attributes
;
75 ZeroMemory(&object_attributes
, sizeof(object_attributes
));
76 object_attributes
.Length
= sizeof(object_attributes
);
78 status
= pLsaOpenPolicy( NULL
, &object_attributes
, POLICY_ALL_ACCESS
, &handle
);
79 ok(status
== STATUS_SUCCESS
|| status
== STATUS_ACCESS_DENIED
,
80 "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status
);
82 /* try a more restricted access mask if necessary */
83 if (status
== STATUS_ACCESS_DENIED
) {
84 trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES\n");
85 status
= pLsaOpenPolicy( NULL
, &object_attributes
, POLICY_VIEW_LOCAL_INFORMATION
|POLICY_LOOKUP_NAMES
, &handle
);
86 ok(status
== STATUS_SUCCESS
, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES) returned 0x%08x\n", status
);
89 if (status
== STATUS_SUCCESS
) {
90 PPOLICY_AUDIT_EVENTS_INFO audit_events_info
;
91 PPOLICY_PRIMARY_DOMAIN_INFO primary_domain_info
;
92 PPOLICY_ACCOUNT_DOMAIN_INFO account_domain_info
;
93 PPOLICY_DNS_DOMAIN_INFO dns_domain_info
;
97 status
= pLsaQueryInformationPolicy(handle
, PolicyAuditEventsInformation
, (PVOID
*)&audit_events_info
);
98 if (status
== STATUS_ACCESS_DENIED
)
99 skip("Not enough rights to retrieve PolicyAuditEventsInformation\n");
101 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyAuditEventsInformation) failed, returned 0x%08x\n", status
);
102 if (status
== STATUS_SUCCESS
) {
103 pLsaFreeMemory((LPVOID
)audit_events_info
);
106 status
= pLsaQueryInformationPolicy(handle
, PolicyPrimaryDomainInformation
, (PVOID
*)&primary_domain_info
);
107 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyPrimaryDomainInformation) failed, returned 0x%08x\n", status
);
108 if (status
== STATUS_SUCCESS
) {
109 if (primary_domain_info
->Sid
) {
111 if (pConvertSidToStringSidA(primary_domain_info
->Sid
, &strsid
))
113 if (primary_domain_info
->Name
.Buffer
) {
116 len
= WideCharToMultiByte( CP_ACP
, 0, primary_domain_info
->Name
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
117 name
= LocalAlloc( 0, len
);
118 WideCharToMultiByte( CP_ACP
, 0, primary_domain_info
->Name
.Buffer
, -1, name
, len
, NULL
, NULL
);
119 trace(" name: %s sid: %s\n", name
, strsid
);
122 trace(" name: NULL sid: %s\n", strsid
);
126 trace("invalid sid\n");
129 trace("Running on a standalone system.\n");
130 pLsaFreeMemory((LPVOID
)primary_domain_info
);
133 status
= pLsaQueryInformationPolicy(handle
, PolicyAccountDomainInformation
, (PVOID
*)&account_domain_info
);
134 ok(status
== STATUS_SUCCESS
, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) failed, returned 0x%08x\n", status
);
135 if (status
== STATUS_SUCCESS
) {
136 pLsaFreeMemory((LPVOID
)account_domain_info
);
139 /* This isn't supported in NT4 */
140 status
= pLsaQueryInformationPolicy(handle
, PolicyDnsDomainInformation
, (PVOID
*)&dns_domain_info
);
141 ok(status
== STATUS_SUCCESS
|| status
== STATUS_INVALID_PARAMETER
,
142 "LsaQueryInformationPolicy(PolicyDnsDomainInformation) failed, returned 0x%08x\n", status
);
143 if (status
== STATUS_SUCCESS
) {
144 if (dns_domain_info
->Sid
|| !IsEqualGUID(&dns_domain_info
->DomainGuid
, &GUID_NULL
)) {
149 LPSTR guidstr
= NULL
;
153 pConvertSidToStringSidA(dns_domain_info
->Sid
, &strsid
);
154 StringFromGUID2(&dns_domain_info
->DomainGuid
, guidstrW
, sizeof(guidstrW
)/sizeof(WCHAR
));
155 len
= WideCharToMultiByte( CP_ACP
, 0, guidstrW
, -1, NULL
, 0, NULL
, NULL
);
156 guidstr
= LocalAlloc( 0, len
);
157 WideCharToMultiByte( CP_ACP
, 0, guidstrW
, -1, guidstr
, len
, NULL
, NULL
);
158 if (dns_domain_info
->Name
.Buffer
) {
159 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->Name
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
160 name
= LocalAlloc( 0, len
);
161 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->Name
.Buffer
, -1, name
, len
, NULL
, NULL
);
163 if (dns_domain_info
->DnsDomainName
.Buffer
) {
164 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsDomainName
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
165 domain
= LocalAlloc( 0, len
);
166 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsDomainName
.Buffer
, -1, domain
, len
, NULL
, NULL
);
168 if (dns_domain_info
->DnsForestName
.Buffer
) {
169 len
= WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsForestName
.Buffer
, -1, NULL
, 0, NULL
, NULL
);
170 forest
= LocalAlloc( 0, len
);
171 WideCharToMultiByte( CP_ACP
, 0, dns_domain_info
->DnsForestName
.Buffer
, -1, forest
, len
, NULL
, NULL
);
173 trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n",
174 name
? name
: "NULL", domain
? domain
: "NULL",
175 forest
? forest
: "NULL", guidstr
, strsid
? strsid
: "NULL");
179 LocalFree( guidstr
);
183 trace("Running on a standalone system.\n");
184 pLsaFreeMemory((LPVOID
)dns_domain_info
);
187 /* We need a valid SID to pass to LsaEnumerateAccountRights */
188 ret
= OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY
, &token
);
189 ok(ret
, "Unable to obtain process token, error %u\n", GetLastError( ));
193 TOKEN_USER
*token_user
= (TOKEN_USER
*) buffer
;
194 ret
= GetTokenInformation( token
, TokenUser
, (LPVOID
) token_user
, sizeof(buffer
), &len
);
195 ok(ret
|| GetLastError( ) == ERROR_INSUFFICIENT_BUFFER
, "Unable to obtain token information, error %u\n", GetLastError( ));
196 if (! ret
&& GetLastError( ) == ERROR_INSUFFICIENT_BUFFER
) {
197 trace("Resizing buffer to %u.\n", len
);
198 token_user
= LocalAlloc( 0, len
);
199 if (token_user
!= NULL
)
200 ret
= GetTokenInformation( token
, TokenUser
, (LPVOID
) token_user
, len
, &len
);
204 PLSA_UNICODE_STRING rights
;
206 rights
= (PLSA_UNICODE_STRING
) 0xdeadbeaf;
207 rights_count
= 0xcafecafe;
208 status
= pLsaEnumerateAccountRights(handle
, token_user
->User
.Sid
, &rights
, &rights_count
);
209 ok(status
== STATUS_SUCCESS
|| status
== STATUS_OBJECT_NAME_NOT_FOUND
, "Unexpected status 0x%x\n", status
);
210 if (status
== STATUS_SUCCESS
)
211 pLsaFreeMemory( rights
);
213 ok(rights
== NULL
&& rights_count
== 0, "Expected rights and rights_count to be set to 0 on failure\n");
215 if (token_user
!= NULL
&& token_user
!= (TOKEN_USER
*) buffer
)
216 LocalFree( token_user
);
217 CloseHandle( token
);
220 status
= pLsaClose(handle
);
221 ok(status
== STATUS_SUCCESS
, "LsaClose() failed, returned 0x%08x\n", status
);
225 static void get_sid_info(PSID psid
, LPSTR
*user
, LPSTR
*dom
)
227 static char account
[257], domain
[257];
228 DWORD user_size
, dom_size
;
235 user_size
= dom_size
= 257;
236 account
[0] = domain
[0] = 0;
237 ret
= LookupAccountSidA(NULL
, psid
, account
, &user_size
, domain
, &dom_size
, &use
);
238 ok(ret
, "LookupAccountSidA failed %u\n", GetLastError());
241 static void test_LsaLookupNames2(void)
243 static const WCHAR n1
[] = {'L','O','C','A','L',' ','S','E','R','V','I','C','E'};
244 static const WCHAR n2
[] = {'N','T',' ','A','U','T','H','O','R','I','T','Y','\\','L','o','c','a','l','S','e','r','v','i','c','e'};
248 LSA_OBJECT_ATTRIBUTES attrs
;
249 PLSA_REFERENCED_DOMAIN_LIST domains
;
250 PLSA_TRANSLATED_SID2 sids
;
251 LSA_UNICODE_STRING name
[3];
252 LPSTR account
, sid_dom
;
254 if (!pLsaLookupNames2
)
256 win_skip("LsaLookupNames2 not available\n");
260 if ((PRIMARYLANGID(LANGIDFROMLCID(GetSystemDefaultLCID())) != LANG_ENGLISH
) ||
261 (PRIMARYLANGID(LANGIDFROMLCID(GetThreadLocale())) != LANG_ENGLISH
))
263 skip("Non-English locale (skipping LsaLookupNames2 tests)\n");
267 memset(&attrs
, 0, sizeof(attrs
));
268 attrs
.Length
= sizeof(attrs
);
270 status
= pLsaOpenPolicy(NULL
, &attrs
, POLICY_ALL_ACCESS
, &handle
);
271 ok(status
== STATUS_SUCCESS
|| status
== STATUS_ACCESS_DENIED
,
272 "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status
);
274 /* try a more restricted access mask if necessary */
275 if (status
== STATUS_ACCESS_DENIED
)
277 trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION\n");
278 status
= pLsaOpenPolicy(NULL
, &attrs
, POLICY_LOOKUP_NAMES
, &handle
);
279 ok(status
== STATUS_SUCCESS
, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION) returned 0x%08x\n", status
);
281 if (status
!= STATUS_SUCCESS
)
283 skip("Cannot acquire policy handle\n");
287 name
[0].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n1
));
288 name
[0].Length
= name
[0].MaximumLength
= sizeof(n1
);
289 memcpy(name
[0].Buffer
, n1
, sizeof(n1
));
291 name
[1].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n1
));
292 name
[1].Length
= name
[1].MaximumLength
= sizeof(n1
) - sizeof(WCHAR
);
293 memcpy(name
[1].Buffer
, n1
, sizeof(n1
) - sizeof(WCHAR
));
295 name
[2].Buffer
= HeapAlloc(GetProcessHeap(), 0, sizeof(n2
));
296 name
[2].Length
= name
[2].MaximumLength
= sizeof(n2
);
297 memcpy(name
[2].Buffer
, n2
, sizeof(n2
));
299 /* account name only */
302 status
= pLsaLookupNames2(handle
, 0, 1, &name
[0], &domains
, &sids
);
303 ok(status
== STATUS_SUCCESS
, "expected STATUS_SUCCESS, got %x)\n", status
);
304 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
305 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
306 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
307 get_sid_info(sids
[0].Sid
, &account
, &sid_dom
);
308 ok(!strcmp(account
, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account
);
309 ok(!strcmp(sid_dom
, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom
);
310 pLsaFreeMemory(sids
);
311 pLsaFreeMemory(domains
);
313 /* unknown account name */
316 status
= pLsaLookupNames2(handle
, 0, 1, &name
[1], &domains
, &sids
);
317 ok(status
== STATUS_NONE_MAPPED
, "expected STATUS_NONE_MAPPED, got %x)\n", status
);
318 ok(sids
[0].Use
== SidTypeUnknown
, "expected SidTypeUnknown, got %u\n", sids
[0].Use
);
319 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
320 ok(domains
->Entries
== 0, "expected 0, got %u\n", domains
->Entries
);
321 pLsaFreeMemory(sids
);
322 pLsaFreeMemory(domains
);
324 /* account + domain */
327 status
= pLsaLookupNames2(handle
, 0, 1, &name
[2], &domains
, &sids
);
328 ok(status
== STATUS_SUCCESS
, "expected STATUS_SUCCESS, got %x)\n", status
);
329 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
330 ok(sids
[0].Flags
== 0, "expected 0, got 0x%08x\n", sids
[0].Flags
);
331 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
332 get_sid_info(sids
[0].Sid
, &account
, &sid_dom
);
333 ok(!strcmp(account
, "LOCAL SERVICE"), "expected \"LOCAL SERVICE\", got \"%s\"\n", account
);
334 ok(!strcmp(sid_dom
, "NT AUTHORITY"), "expected \"NT AUTHORITY\", got \"%s\"\n", sid_dom
);
335 pLsaFreeMemory(sids
);
336 pLsaFreeMemory(domains
);
341 status
= pLsaLookupNames2(handle
, 0, 3, name
, &domains
, &sids
);
342 ok(status
== STATUS_SOME_NOT_MAPPED
, "expected STATUS_SOME_NOT_MAPPED, got %x)\n", status
);
343 ok(sids
[0].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[0].Use
);
344 ok(sids
[1].Use
== SidTypeUnknown
, "expected SidTypeUnknown, got %u\n", sids
[1].Use
);
345 ok(sids
[2].Use
== SidTypeWellKnownGroup
, "expected SidTypeWellKnownGroup, got %u\n", sids
[2].Use
);
346 ok(sids
[0].DomainIndex
== 0, "expected 0, got %u\n", sids
[0].DomainIndex
);
347 ok(domains
->Entries
== 1, "expected 1, got %u\n", domains
->Entries
);
348 pLsaFreeMemory(sids
);
349 pLsaFreeMemory(domains
);
351 HeapFree(GetProcessHeap(), 0, name
[0].Buffer
);
352 HeapFree(GetProcessHeap(), 0, name
[1].Buffer
);
353 HeapFree(GetProcessHeap(), 0, name
[2].Buffer
);
355 status
= pLsaClose(handle
);
356 ok(status
== STATUS_SUCCESS
, "LsaClose() failed, returned 0x%08x\n", status
);
359 static void test_LsaLookupSids(void)
361 LSA_REFERENCED_DOMAIN_LIST
*list
;
362 LSA_OBJECT_ATTRIBUTES attrs
;
363 LSA_TRANSLATED_NAME
*names
;
371 memset(&attrs
, 0, sizeof(attrs
));
372 attrs
.Length
= sizeof(attrs
);
374 status
= pLsaOpenPolicy(NULL
, &attrs
, POLICY_LOOKUP_NAMES
, &policy
);
375 ok(status
== STATUS_SUCCESS
, "got 0x%08x\n", status
);
377 ret
= OpenProcessToken(GetCurrentProcess(), MAXIMUM_ALLOWED
, &token
);
378 ok(ret
, "got %d\n", ret
);
380 ret
= GetTokenInformation(token
, TokenUser
, NULL
, 0, &size
);
381 ok(!ret
, "got %d\n", ret
);
383 user
= HeapAlloc(GetProcessHeap(), 0, size
);
384 ret
= GetTokenInformation(token
, TokenUser
, user
, size
, &size
);
385 ok(ret
, "got %d\n", ret
);
387 status
= pLsaLookupSids(policy
, 1, &user
->User
.Sid
, &list
, &names
);
388 ok(status
== STATUS_SUCCESS
, "got 0x%08x\n", status
);
390 ok(list
->Entries
> 0, "got %d\n", list
->Entries
);
393 ok((char*)list
->Domains
- (char*)list
> 0, "%p, %p\n", list
, list
->Domains
);
394 ok((char*)list
->Domains
[0].Sid
- (char*)list
->Domains
> 0, "%p, %p\n", list
->Domains
, list
->Domains
[0].Sid
);
395 ok(list
->Domains
[0].Name
.MaximumLength
> list
->Domains
[0].Name
.Length
, "got %d, %d\n", list
->Domains
[0].Name
.MaximumLength
,
396 list
->Domains
[0].Name
.Length
);
399 pLsaFreeMemory(names
);
400 pLsaFreeMemory(list
);
402 HeapFree(GetProcessHeap(), 0, user
);
406 status
= pLsaClose(policy
);
407 ok(status
== STATUS_SUCCESS
, "got 0x%08x\n", status
);
413 win_skip("Needed functions are not available\n");
418 test_LsaLookupNames2();
419 test_LsaLookupSids();