in TestSuites/ADFamily/src/Adapter/MS-LSAD/PolicyObjects.cs [529:1407]
public ErrorStatus SetInformationPolicy2(int handleInput, InformationClass informationType)
{
InformationClass policyInformationClass2 = new InformationClass();
_LSAPR_POLICY_INFORMATION policyInfoinServer = new _LSAPR_POLICY_INFORMATION();
this.Invalidhandlle = false;
this.invalidParam = false;
#region CheckforInvalidParameter
// Setting flag true for Information class which return Invalid Parameter
if ((informationType == InformationClass.PolicyAuditFullQueryInformation)
|| (informationType == InformationClass.PolicyAuditFullSetInformation)
|| ((informationType == InformationClass.PolicyAccountDomainInformation) && (isDC == true))
|| (informationType == InformationClass.PolicyPdAccountInformation)
|| (informationType == InformationClass.PolicyModificationInformation)
|| (informationType == InformationClass.Invalid))
{
this.invalidParam = true;
}
#endregion CheckforInvalidParameter
#region CheckforInvalidHandleCase
// Only check InvalidHandle in case of NOT InvalidParam
if (stPolicyInformation.PHandle != handleInput && !this.invalidParam)
{
// CreateAnInvalidHandle() will create invalid handle to check requirement of Invalid Handle
objSecretHandle = utilities.CreateAnInvalidHandle(false);
this.InvalidPolicyHandle = objSecretHandle;
PolicyHandle = this.InvalidPolicyHandle;
this.Invalidhandlle = true;
}
else
{
PolicyHandle = this.ValidPolicyHandle;
this.Invalidhandlle = false;
}
#endregion CheckforInvalidHandleCase
#region checkInformationClassvalues
// Passing Input to set Information as per Information class and setting intCheckInfoClass to return status
switch (informationType)
{
case InformationClass.PolicyAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyAccountDomainInformation;
if (isDC == true)
{
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
}
else
{
policyInfoinServer.PolicyAccountDomainInfo = new _LSAPR_POLICY_ACCOUNT_DOM_INFO();
policyInfoinServer.PolicyAccountDomainInfo.DomainName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyAccountDomainInfo.DomainName.Buffer =
utilities.ConversionfromStringtoushortArray(domain);
policyInfoinServer.PolicyAccountDomainInfo.DomainName.Length =
(ushort)(2 * (policyInfoinServer.PolicyAccountDomainInfo.DomainName.Buffer.Length));
policyInfoinServer.PolicyAccountDomainInfo.DomainName.MaximumLength =
(ushort)((policyInfoinServer.PolicyAccountDomainInfo.DomainName.Length)+2);
policyInfoinServer.PolicyAccountDomainInfo.DomainSid =
utilities.GetSid(DomainSid.Valid, GetAccountDomainSidNonDC);
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyPrimaryDomainInformation:
policyInformationClass2 = InformationClass.PolicyPrimaryDomainInformation;
policyInfoinServer.PolicyPrimaryDomainInfo = new _LSAPR_POLICY_PRIMARY_DOM_INFO();
policyInfoinServer.PolicyPrimaryDomainInfo.Name = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyPrimaryDomainInfo.Name.Buffer =
utilities.ConversionfromStringtoushortArray(domain);
policyInfoinServer.PolicyPrimaryDomainInfo.Name.Length =
(ushort)(2 * policyInfoinServer.PolicyPrimaryDomainInfo.Name.Buffer.Length);
policyInfoinServer.PolicyPrimaryDomainInfo.Name.MaximumLength =
(ushort)((policyInfoinServer.PolicyPrimaryDomainInfo.Name.Length)+2);
policyInfoinServer.PolicyPrimaryDomainInfo.Sid =
utilities.GetSid(DomainSid.Valid, this.PrimaryDomainSID);
if (policyInfoinServer.PolicyPrimaryDomainInfo.Name.Length <= 30)
{
#region MS-LSAD_R894
Site.CaptureRequirement(
"MS-LSAD",
894,
@"For LSAPR_POLICY_PRIMARY_DOM_INFO, Name.Length MUST be less than or equal 30.");
#endregion
}
if ((this.uintAccessMask & ACCESS_MASK.POLICY_TRUST_ADMIN) != ACCESS_MASK.POLICY_TRUST_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditEventsInformation:
policyInformationClass2 = InformationClass.PolicyAuditEventsInformation;
policyInfoinServer.PolicyAuditEventsInfo = new _LSAPR_POLICY_AUDIT_EVENTS_INFO();
policyInfoinServer.PolicyAuditEventsInfo.AuditingMode = (byte)AuditingMode;
policyInfoinServer.PolicyAuditEventsInfo.EventAuditingOptions = new EventAuditingOptions_Values[1];
policyInfoinServer.PolicyAuditEventsInfo.EventAuditingOptions[0] =
EventAuditingOptions_Values.POLICY_AUDIT_EVENT_SUCCESS;
policyInfoinServer.PolicyAuditEventsInfo.MaximumAuditEventCount = MaximumAuditEventCount;
if (MaximumAuditEventCount != 0)
{
#region MS-LSAD_R60
Site.CaptureRequirementIfIsNotNull(
policyInfoinServer.PolicyAuditEventsInfo.EventAuditingOptions,
"MS-LSAD",
60,
@"If the ""MaximumAuditingEventCount"" field of the
LSAPR_POLICY_AUDIT_EVENTS_INFO structure has a value other than 0, the
""EventAuditingOptions"" field MUST NOT be NULL.");
#endregion
#region MS-LSAD_R888
Site.CaptureRequirementIfAreNotEqual<uint>(
0,
policyInfoinServer.PolicyAuditEventsInfo.MaximumAuditEventCount,
"MS-LSAD",
888,
@"For LSAPR_POLICY_AUDIT_EVENTS_INFO, MaximumAuditEventCount MUST NOT be 0.");
#endregion
#region MS-LSAD_R890
Site.CaptureRequirementIfIsNotNull(
policyInfoinServer.PolicyAuditEventsInfo.EventAuditingOptions,
"MS-LSAD",
890,
@"For LSAPR_POLICY_AUDIT_EVENTS_INFO, EventAuditingOptions MUST NOT be NULL.");
#endregion
}
if (policyInfoinServer.PolicyAuditEventsInfo.MaximumAuditEventCount <= 8)
{
#region MS-LSAD_R889
Site.CaptureRequirement(
"MS-LSAD",
889,
@"For LSAPR_POLICY_AUDIT_EVENTS_INFO, MaximumAuditEventCount
MUST be less than or equal to 8.");
#endregion
}
if ((this.uintAccessMask & ACCESS_MASK.POLICY_SET_AUDIT_REQUIREMENTS) !=
ACCESS_MASK.POLICY_SET_AUDIT_REQUIREMENTS)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditFullQueryInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullQueryInformation;
policyInfoinServer.PolicyAuditFullQueryInfo = new _POLICY_AUDIT_FULL_QUERY_INFO();
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyAuditFullSetInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullSetInformation;
policyInfoinServer.PolicyAuditFullSetInfo = new _POLICY_AUDIT_FULL_SET_INFO();
if (this.isWindows)
{
if (PDCOSVersion >= ServerVersion.Win2003)
{
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
}
}
else if ((this.uintAccessMask & ACCESS_MASK.POLICY_AUDIT_LOG_ADMIN) !=
ACCESS_MASK.POLICY_AUDIT_LOG_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
break;
case InformationClass.PolicyAuditLogInformation:
policyInformationClass2 = InformationClass.PolicyAuditLogInformation;
policyInfoinServer.PolicyAuditLogInfo = new _POLICY_AUDIT_LOG_INFO();
if ((this.uintAccessMask & ACCESS_MASK.POLICY_AUDIT_LOG_ADMIN) !=
ACCESS_MASK.POLICY_AUDIT_LOG_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnNotSupported;
}
break;
case InformationClass.PolicyDnsDomainInformation:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformation;
policyInfoinServer.PolicyDnsDomainInfo = new _LSAPR_POLICY_DNS_DOMAIN_INFO();
if ((this.uintAccessMask & ACCESS_MASK.POLICY_TRUST_ADMIN) != ACCESS_MASK.POLICY_TRUST_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
policyInfoinServer.PolicyDnsDomainInfo.Name = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfo.Name.Buffer =
utilities.ConversionfromStringtoushortArray(domain);
policyInfoinServer.PolicyDnsDomainInfo.Name.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfo.Name.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfo.Name.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfo.Name.Length)+2);
policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName.Buffer =
utilities.ConversionfromStringtoushortArray(fullDomain);
policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfo.DnsDomainName.Length)+2);
policyInfoinServer.PolicyDnsDomainInfo.DnsForestName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfo.DnsForestName.Buffer =
utilities.ConversionfromStringtoushortArray(fullDomain);
policyInfoinServer.PolicyDnsDomainInfo.DnsForestName.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfo.DnsForestName.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfo.DnsForestName.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfo.DnsForestName.Length)+2);
policyInfoinServer.PolicyDnsDomainInfo.DomainGuid =
new Guid(DomainGUID);
policyInfoinServer.PolicyDnsDomainInfo.Sid =
utilities.GetSid(DomainSid.Valid, this.PrimaryDomainSID);
#region MS-LSAD_R897
Site.CaptureRequirementIfIsTrue(
(policyInfoinServer.PolicyDnsDomainInfo.Name.Length <= 30),
"MS-LSAD",
897,
@"For LSAPR_POLICY_DNS_DOMAIN_INFO, Name.Length MUST be less than or equal to 30.");
#endregion
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDnsDomainInformationInt:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformationInt;
policyInfoinServer.PolicyDnsDomainInfoInt = new _LSAPR_POLICY_DNS_DOMAIN_INFO();
if ((this.uintAccessMask & ACCESS_MASK.POLICY_TRUST_ADMIN) != ACCESS_MASK.POLICY_TRUST_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
policyInfoinServer.PolicyDnsDomainInfoInt.Name = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfoInt.Name.Buffer =
utilities.ConversionfromStringtoushortArray(domain);
policyInfoinServer.PolicyDnsDomainInfoInt.Name.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfoInt.Name.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfoInt.Name.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfoInt.Name.Length)+2);
policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName.Buffer =
utilities.ConversionfromStringtoushortArray(fullDomain);
policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfoInt.DnsDomainName.Length)+2);
policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName.Buffer =
utilities.ConversionfromStringtoushortArray(fullDomain);
policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName.Length =
(ushort)(2 * (policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName.Buffer.Length));
policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName.MaximumLength =
(ushort)((policyInfoinServer.PolicyDnsDomainInfoInt.DnsForestName.Length)+2);
policyInfoinServer.PolicyDnsDomainInfoInt.DomainGuid =
new Guid(DomainGUID);
policyInfoinServer.PolicyDnsDomainInfoInt.Sid =
utilities.GetSid(DomainSid.Valid, this.PrimaryDomainSID);
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyLocalAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyLocalAccountDomainInformation;
policyInfoinServer.PolicyLocalAccountDomainInfo = new _LSAPR_POLICY_ACCOUNT_DOM_INFO();
policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName.Buffer =
utilities.ConversionfromStringtoushortArray(domain);
policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName.Length =
(ushort)(2 * policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName.Buffer.Length);
policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName.MaximumLength =
(ushort)((policyInfoinServer.PolicyLocalAccountDomainInfo.DomainName.Length)+2);
policyInfoinServer.PolicyLocalAccountDomainInfo.DomainSid =
utilities.GetSid(DomainSid.Valid, GetLocalAccountDomainSid);
if (this.serverPlatform == Server.Windows2k8)
{
if ((this.uintAccessMask & ACCESS_MASK.POLICY_TRUST_ADMIN) != ACCESS_MASK.POLICY_TRUST_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
}
break;
case InformationClass.PolicyLsaServerRoleInformation:
policyInformationClass2 = InformationClass.PolicyLsaServerRoleInformation;
policyInfoinServer.PolicyServerRoleInfo = new _POLICY_LSA_SERVER_ROLE_INFO();
if (GetIntProperty(propertyGroup + "ServerRoleSelected") == 3)
{
policyInfoinServer.PolicyServerRoleInfo.LsaServerRole =
_POLICY_LSA_SERVER_ROLE.PolicyServerRolePrimary;
}
if (GetIntProperty(propertyGroup + "ServerRoleSelected") == 2)
{
policyInfoinServer.PolicyServerRoleInfo.LsaServerRole =
_POLICY_LSA_SERVER_ROLE.PolicyServerRoleBackup;
}
#region MS-LSAD_R902
Site.CaptureRequirementIfIsTrue(
(((uint)policyInfoinServer.PolicyServerRoleInfo.LsaServerRole == 2)
|| ((uint)policyInfoinServer.PolicyServerRoleInfo.LsaServerRole == 3)),
"MS-LSAD",
902,
"For POLICY_LSA_SERVER_ROLE_INFO, LsaServerRole MUST be 2 OR 3.");
#endregion
if ((this.uintAccessMask & ACCESS_MASK.POLICY_SERVER_ADMIN) != ACCESS_MASK.POLICY_SERVER_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyModificationInformation:
policyInformationClass2 = InformationClass.PolicyModificationInformation;
policyInfoinServer.PolicyModificationInfo = new _POLICY_MODIFICATION_INFO();
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyPdAccountInformation:
policyInformationClass2 = InformationClass.PolicyPdAccountInformation;
policyInfoinServer.PolicyPdAccountInfo = new _LSAPR_POLICY_PD_ACCOUNT_INFO();
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyReplicaSourceInformation:
policyInformationClass2 = InformationClass.PolicyReplicaSourceInformation;
policyInfoinServer.PolicyReplicaSourceInfo = new _LSAPR_POLICY_REPLICA_SRCE_INFO();
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName.Buffer =
utilities.ConversionfromStringtoushortArray(ReplicasourceName);
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName.Length =
(ushort)(2 * policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName.Buffer.Length);
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName.MaximumLength =
(ushort)((policyInfoinServer.PolicyReplicaSourceInfo.ReplicaAccountName.Length)+2);
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource = new _RPC_UNICODE_STRING();
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource.Buffer =
utilities.ConversionfromStringtoushortArray(ReplicaAccountName);
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource.Length =
(ushort)(2 * policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource.Buffer.Length);
policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource.MaximumLength =
(ushort)((policyInfoinServer.PolicyReplicaSourceInfo.ReplicaSource.Length)+2);
if ((this.uintAccessMask & ACCESS_MASK.POLICY_SERVER_ADMIN) != ACCESS_MASK.POLICY_SERVER_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyMachineAccountInformation:
policyInformationClass2 = InformationClass.PolicyMachineAccountInformation;
policyInfoinServer.PolicyMachineAccountInfo = new _LSAPR_POLICY_MACHINE_ACCT_INFO();
policyInfoinServer.PolicyMachineAccountInfo.Rid = 0;
policyInfoinServer.PolicyMachineAccountInfo.Sid = utilities.GetSid(DomainSid.Valid, GetLocalAccountDomainSid);
if ((this.uintAccessMask & ACCESS_MASK.POLICY_SERVER_ADMIN) != ACCESS_MASK.POLICY_SERVER_ADMIN)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
default:
#region invalidenumcheck
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
#endregion
break;
}
#endregion checkInformationClassvalues
uintMethodStatus = lsadClientStack.LsarSetInformationPolicy2(
PolicyHandle.Value,
(_POLICY_INFORMATION_CLASS)policyInformationClass2,
policyInfoinServer);
//Capturing Invalid Parameter Requirements based on different Information class
if (this.invalidParam == true)
{
if (informationType == InformationClass.PolicyAccountDomainInformation)
{
#region MS-LSAD_R336
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
336,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyAccountDomainInformation
then the request MUST fail with STATUS_INVALID_PARAMETER.");
#endregion
////For domain Controller
if (isDC == true)
{
#region MS-LSAD_R351
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
351,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2 is
PolicyAccountDomainInformation then on domain controller, server MUST fail the
request with STATUS_INVALID_PARAMETER.");
#endregion
}
}
if (informationType == InformationClass.PolicyAuditFullQueryInformation)
{
#region MS-LSAD_R342
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
342,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyAuditFullQueryInformation
then the request MUST fail with STATUS_INVALID_PARAMETER.");
#endregion
#region MS-LSAD_R358
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
358,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2 is
PolicyAuditFullQueryInformation then Server MUST return STATUS_INVALID_PARAMETER
because this is not a policy element that can be set.");
#endregion
}
if (informationType == InformationClass.PolicyModificationInformation)
{
#region MS-LSAD_R340
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
340,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyModificationInformation
then the request MUST fail with STATUS_INVALID_PARAMETER.");
#endregion
#region MS-LSAD_R356
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
356,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2 is
PolicyModificationInformation then Server MUST return STATUS_INVALID_PARAMETER
because this is not a policy element that can be set.");
#endregion
}
if (informationType == InformationClass.PolicyPdAccountInformation)
{
#region MS-LSAD_R335
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
335,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyPdAccountInformation then
the request MUST fail with STATUS_InvalidParameter.");
#endregion
#region MS-LSAD_R350
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
350,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2 is
PolicyPdAccountInformation then Server MUST return STATUS_InvalidParameter
because this is not a policy element that can be set.");
#endregion
}
////Capturing Invalid Handle Requirements
if (informationType == InformationClass.PolicyAuditFullSetInformation)
{
#region MS-LSAD_R357
if (PDCOSVersion >= ServerVersion.Win2003)
{
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
357,
@"[If InformationClass value of LsarSetInformationPolicy is PolicyAuditFullSetInformation]
<54> Section 3.1.4.4.5: Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008,
Windows 7, and Windows Server 2008 R2 return STATUS_INVALID_PARAMETER for this information
class.");
}
#endregion
//// Add the comment information including the location information.
Site.Log.Add(
LogEntryKind.Comment,
@"Verify MS-LSAD_R1039: The Expect value is 0, The Actual value is :{0}.",
policyInfoinServer.PolicyAuditFullSetInfo.ShutDownOnFull);
#region MS-LSAD_R1039
// Verify requirement 1039
Site.CaptureRequirementIfAreEqual<byte>(
0,
policyInfoinServer.PolicyAuditFullSetInfo.ShutDownOnFull,
"MS-LSAD",
1039,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2
is PolicyAuditFullSetInformation then server MUST update its abstract data model
as ShutDownOnFull field of Audit Full Information.<54>");
#endregion
}
}
else if (this.Invalidhandlle == true)
{
utilities.CreateAnInvalidHandle(true);
#region MS-LSAD_R330
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidHandle),
(uint)uintMethodStatus,
"MS-LSAD",
330,
@"If PolicyHandle of LsarSetInformationPolicy2 is not a valid context handle,
the server MUST return STATUS_INVALID_HANDLE.");
#endregion
}
//Validating Requirement for Success, Not Implemented and Access Denied Status
if (!this.Invalidhandlle)
{
#region Capturing_Requirement for Status other than Invalid Handle
switch (intCheckInfoClass)
{
////Validating Success Requirements
case 0:
#region MS-LSAD_R326
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.Success,
(uint)uintMethodStatus,
"MS-LSAD",
326,
@"The LsarSetInformationPolicy2 implementation MUST return STATUS_SUCCESS(0x00000000)
when the request was successfully completed.");
#endregion
#region MS-LSAD_R329
Site.CaptureRequirementIfIsTrue(
((PolicyHandle != IntPtr.Zero) && (uintMethodStatus != NtStatus.STATUS_ACCESS_DENIED)),
"MS-LSAD",
329,
@"PolicyHandle parameter of LsarSetInformationPolicy2 MUST reference a context that was
granted an access commensurate with the InformationClass value requested.");
#endregion
break;
////Capturing Requirement for general Invalid Parameter case
case 1:
#region MS-LSAD_R327
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
327,
@"The LsarSetInformationPolicy2 implementation MUST return
STATUS_InvalidParameter(oxC000000D) when one of the parameters is incorrect.
For instance, this can happen if InformationClass is not supported or some of
the supplied policy data is inValid.");
#endregion
break;
////Capturing Requirement for Not_Implemented status
case 2:
#region MS-LSAD_R347
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.NotImplemented),
(uint)uintMethodStatus,
"MS-LSAD",
347,
@"If the Value of InformationClass parameter in LsarSetInformationPolicy2 is
PolicyAuditLogInformation then Server MUST return the STATUS_NOT_IMPLEMENTED error code
because this is not a policy element that can be set.");
#endregion
#region MS-LSAD_R328
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.NotImplemented),
(uint)uintMethodStatus,
"MS-LSAD",
328,
@"The LsarSetInformationPolicy2 implementation MUST return
STATUS_NOT_IMPLEMENTED(0xC0000002) when PolicyAuditLogInformation
information class cannot be set.");
#endregion
break;
////Capturing Requirement for Access denied status
case 3:
if (informationType == InformationClass.PolicyPrimaryDomainInformation)
{
#region MS-LSAD_R334
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
334,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyPrimaryDomainInformation then type of access required
MUST be POLICY_TRUST_ADMIN");
#endregion
}
if (informationType == InformationClass.PolicyAuditEventsInformation)
{
#region MS-LSAD_R333
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
333,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyAuditEventsInformation then type of access required MUST
be POLICY_SET_AUDIT_REQUIREMENTS");
#endregion
}
if (informationType == InformationClass.PolicyAuditFullSetInformation)
{
#region MS-LSAD_R341
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
341,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyAuditFullSetInformation then type of access required MUST
be POLICY_AUDIT_LOG_ADMIN");
#endregion
}
if (informationType == InformationClass.PolicyAuditLogInformation)
{
#region MS-LSAD_R332
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
332,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyAuditLogInformation
then type of access required MUST be POLICY_AUDIT_LOG_ADMIN");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformation)
{
#region MS-LSAD_R343
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
343,
@"If InformationClass value of LsarSetInformationPolicy2 is PolicyDnsDomainInformation
then type of access required MUST be POLICY_TRUST_ADMIN.");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformationInt)
{
#region MS-LSAD_R344
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
344,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyDnsDomainInformationInt then type of access required MUST
be POLICY_TRUST_ADMIN.");
#endregion
}
if (informationType == InformationClass.PolicyLocalAccountDomainInformation)
{
if (this.serverPlatform == Server.Windows2k8)
{
#region MS-LSAD_R345
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
345,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyLocalAccountDomainInformation then type of access required MUST
be POLICY_TRUST_ADMIN.");
#endregion
}
}
if (informationType == InformationClass.PolicyLsaServerRoleInformation)
{
#region MS-LSAD_R337
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
337,
@"If InformationClass value of LsarSetInformationPolicy2 is
PolicyLsaServerRoleInformation then type of access required MUST
be POLICY_SERVER_ADMIN");
#endregion
}
#region MS-LSAD_R331
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
331,
@"If the context of LsarSetInformationPolicy2 does not have sufficient access,
the server MUST return STATUS_AccessDenied.");
#endregion
break;
default:
break;
}
#endregion Capturing_Requirement for Status other than Invalid Handle
}
return (ErrorStatus)uintMethodStatus;
}