in TestSuites/ADFamily/src/Adapter/MS-LSAD/PolicyObjects.cs [2265:3139]
public ErrorStatus QueryInformationPolicy2(
int handleInput,
InformationClass informationType,
out PolicyInformation policyInformation)
{
InformationClass policyInformationClass2 = new InformationClass();
_LSAPR_POLICY_INFORMATION? policyInfoinServer = new _LSAPR_POLICY_INFORMATION();
this.Invalidhandlle = false;
this.invalidParam = false;
#region CheckingInvalidParameter
////Setting invalidParam flag to true for Information class which will return Invalid Parameter
if ((informationType == InformationClass.PolicyModificationInformation)
|| (informationType == InformationClass.PolicyAuditFullQueryInformation)
|| (informationType == InformationClass.PolicyAuditFullSetInformation)
|| (informationType == InformationClass.Invalid))
{
this.invalidParam = true;
}
#endregion CheckingInvalidParameter
#region CreatingInvalidHandle
if (stPolicyInformation.PHandle != handleInput)
{
////CreateAnInvalidHandle() will create invalid handle to check requirement of Invalid Handle
objSecretHandle = utilities.CreateAnInvalidHandle(false);
this.InvalidPolicyHandle = objSecretHandle;
PolicyHandle = this.InvalidPolicyHandle;
this.Invalidhandlle = true;
}
else
{
PolicyHandle = this.ValidPolicyHandle;
this.Invalidhandlle = false;
}
#endregion CreatingInvalidHandle
#region checkInfovalues
////Setting intCheckInfoClass with return status for capturing requirement
switch (informationType)
{
case InformationClass.PolicyAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyAccountDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditEventsInformation:
policyInformationClass2 = InformationClass.PolicyAuditEventsInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditFullQueryInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullQueryInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
if (this.isWindows)
{
if (PDCOSVersion >= ServerVersion.Win2003)
{
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
}
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditFullSetInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullSetInformation;
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyAuditLogInformation:
policyInformationClass2 = InformationClass.PolicyAuditLogInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDefaultQuotaInformation:
policyInformationClass2 = InformationClass.PolicyDefaultQuotaInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDnsDomainInformation:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDnsDomainInformationInt:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformationInt;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyLocalAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyLocalAccountDomainInformation;
if (this.serverPlatform == Server.Windows2k8)
{
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
}
break;
case InformationClass.PolicyLsaServerRoleInformation:
policyInformationClass2 = InformationClass.PolicyLsaServerRoleInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyModificationInformation:
policyInformationClass2 = InformationClass.PolicyModificationInformation;
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyPdAccountInformation:
policyInformationClass2 = InformationClass.PolicyPdAccountInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_GET_PRIVATE_INFORMATION) !=
ACCESS_MASK.POLICY_GET_PRIVATE_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyPrimaryDomainInformation:
policyInformationClass2 = InformationClass.PolicyPrimaryDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyReplicaSourceInformation:
policyInformationClass2 = InformationClass.PolicyReplicaSourceInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyMachineAccountInformation:
policyInformationClass2 = InformationClass.PolicyMachineAccountInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) != ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
default:
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
}
#endregion
uintMethodStatus = lsadClientStack.LsarQueryInformationPolicy2(
PolicyHandle.Value,
(_POLICY_INFORMATION_CLASS)policyInformationClass2,
out policyInfoinServer);
////Capturing requirements for Invalid Parameter status
if (this.invalidParam == true)
{
if (informationType == InformationClass.PolicyModificationInformation)
{
#region MS-LSAD_R267
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
267,
@"If InformationClass value of LsarQueryInformationPolicy2 is PolicyModificationInformation
then Type of access required cannot be queried.The request MUST fail with
STATUS_InvalidParameter(0xC000000D)");
#endregion
#region MS-LSAD_R282
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
282,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyModificationInformation then Information returned to caller from abstract
data model MUST return STATUS_InvalidParameter");
#endregion
}
if (informationType == InformationClass.PolicyAuditFullSetInformation)
{
#region MS-LSAD_R872
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
872,
@"LsarQueryInformationPolicy2 MUST return STATUS_INVALID_PARAMETER
for AuditFullSet Information class");
#endregion
}
////Capturing requirement for Invalid Handle Case
if ((informationType == InformationClass.PolicyAuditFullQueryInformation)
&& this.serverPlatform >= Server.Windows2k3)
{
#region MS-LSAD_R287
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
287,
@"<52> Section 3.1.4.4.3: Windows XP, Windows Server 2003, Windows Vista, and
Windows Server 2008, Windows 7, and Windows Server 2008 R2 return STATUS_INVALID_PARAMETER
for PolicyAuditFullQueryInformationinformation class in LsarQueryInformationPolicy2.");
#endregion
}
}
else if (this.Invalidhandlle == true)
{
#region MS-LSAD_R255
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.InvalidHandle,
(uint)uintMethodStatus,
"MS-LSAD",
255,
@"LsarQueryInformationPolicy2 returns STATUS_InvalidHandle(0xC0000008),
if the handle is not a Valid policy object handle");
#endregion
}
////Capturing requirements for other return status
if (!this.Invalidhandlle)
{
#region checkinfoclasss
switch (intCheckInfoClass)
{
////Capturing requirements for Success state
case 0:
if (informationType == InformationClass.PolicyAuditLogInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryauditLogInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
if (this.isWindows)
{
#region MS-LSAD_R273
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus ==
(uint)ErrorStatus.Success) && this.validPolicyInfoquery == true),
"MS-LSAD",
273,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyAuditLogInformation then Information returned to caller from abstract data
model MUST be Auditing Log Information");
#endregion
}
}
if (informationType == InformationClass.PolicyAuditEventsInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryauditeventsInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R274
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
274,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyAuditEventsInformation then Information returned to caller from abstract
data model MUST be Event Auditing Options");
#endregion
}
if (informationType == InformationClass.PolicyPrimaryDomainInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryPrimarydomainInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R275
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
275,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyPrimaryDomainInformation then Information returned to caller from abstract
data model MUST be Primary Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyAccountDomainInformation)
{
if (isDC == false)
{
this.validPolicyInfoquery = utilities.ifQueryAccountdomInfofornondc(
(_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R277
Site.CaptureRequirementIfIsTrue(
((uint)uintMethodStatus ==
(uint)ErrorStatus.Success && this.validPolicyInfoquery == true),
"MS-LSAD",
277,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2
is PolicyAccountDomainInformation then Information returned to caller from
abstract data model on non-domain controllers MUST be Account Domain");
#endregion
}
else
{
this.validPolicyInfoquery =
utilities.ifQueryAccountdomInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R969
Site.CaptureRequirementIfIsTrue(
((uint)uintMethodStatus ==
(uint)ErrorStatus.Success && this.validPolicyInfoquery == true),
"MS-LSAD",
969,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyAccountDomainInformation then Information returned to caller from abstract
data model on domain controller MUST return Primary Domain Information");
#endregion
}
}
if (informationType == InformationClass.PolicyLsaServerRoleInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryLsaSrvrroleInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
if (isDC == true)
{
#region MS-LSAD_R278
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus ==
(uint)ErrorStatus.Success) && this.validPolicyInfoquery == true),
"MS-LSAD",
278,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2
is PolicyLsaServerRoleInformation then Information returned to caller from
abstract data model on domain controller MUST be Primary Domain Information");
#endregion
}
#region MS-LSAD_R279
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
279,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyLsaServerRoleInformation then Information returned to caller from abstract
data model MUST be Server Role Information");
#endregion
}
if (informationType == InformationClass.PolicyReplicaSourceInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryReplicaSrcInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R280
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
280,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyReplicaSourceInformation then Information returned to caller from abstract
data model MUST be Replica Source Information");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryDnsDomInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R284
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
284,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyDnsDomainInformation then Information returned to caller from abstract data
model MUST be DNS Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformationInt)
{
this.validPolicyInfoquery =
utilities.ifQueryDnsDomIntInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R285
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
285,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyDnsDomainInformationInt then Information returned to caller from abstract
data model MUST be DNS Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyLocalAccountDomainInformation)
{
if (this.serverPlatform == Server.Windows2k8)
{
this.validPolicyInfoquery =
utilities.ifQueryLocalaccountInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R286
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus ==
(uint)ErrorStatus.Success) && this.validPolicyInfoquery == true),
"MS-LSAD",
286,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2
is PolicyLocalAccountDomainInformation then Information returned to caller
from abstract data model MUST be AccountDomainInformation");
#endregion
}
}
if (informationType == InformationClass.PolicyPdAccountInformation)
{
this.validPolicyInfoquery =
utilities.ifQueryPdaccountInfo((_LSAPR_POLICY_INFORMATION)policyInfoinServer);
#region MS-LSAD_R276
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
276,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2 is
PolicyPdAccountInformation then Information returned to caller from abstract data
model MUST return an LSAPR_POLICY_PD_ACCOUNT_INFO information structure initialized
with zeros");
#endregion
}
#region MS-LSAD_R252
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.Success,
(uint)uintMethodStatus,
"MS-LSAD",
252,
@"The return Values for Opnum LsarQueryInformationPolicy2 that an implementation MUST
return when the request was successfully completed isSTATUS_Success(0x00000000)");
#endregion
#region MS-LSAD_R256
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success) && PolicyHandle != IntPtr.Zero),
"MS-LSAD",
256,
@"PolicyHandle parameter of LsarQueryInformationPolicy2 MUST be a handle to an open
policy object");
#endregion
#region MS-LSAD_R257
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success) && PolicyHandle != IntPtr.Zero),
"MS-LSAD",
257,
@"PolicyHandle parameter of LsarQueryInformationPolicy2 MUST reference a context that was
granted an access commensurate with the InformationClass value requested.");
#endregion
break;
////Capturing Requirement for general Invalid Parameter status
case 1:
#region MS-LSAD_R254
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
254,
@"The return Values of Opnum LsarQueryInformationPolicy2 that an implementation MUST
return when one of the parameters is incorrect is STATUS_InvalidParameter
(0xC000000D) . For instance, this can happen if InformationClass is out of range or if
PolicyInformation is Null.");
#endregion
break;
////Capturing Requirement for Access denied status
case 3:
if (informationType == InformationClass.PolicyAuditFullQueryInformation)
{
#region MS-LSAD_R268
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
268,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyAuditFullQueryInformation then Type of access required MUST
be POLICY_VIEW_AUDIT_INFORMATION");
#endregion
}
if (informationType == InformationClass.PolicyAuditLogInformation)
{
#region MS-LSAD_R259
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
259,
@"If InformationClass value of LsarQueryInformationPolicy2 is PolicyAuditLogInformation
then Type of access required MUST be POLICY_VIEW_AUDIT_INFORMATION(0x00000002)");
#endregion
}
if (informationType == InformationClass.PolicyAuditEventsInformation)
{
#region MS-LSAD_R260
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
260,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyAuditEventsInformation then Type of access required MUST
be POLICY_VIEW_AUDIT_INFORMATION(0x00000002)");
#endregion
}
if (informationType == InformationClass.PolicyPrimaryDomainInformation)
{
#region MS-LSAD_R261
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
261,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyPrimaryDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION((0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyAccountDomainInformation)
{
#region MS-LSAD_R263
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
263,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyAccountDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION");
#endregion
}
if (informationType == InformationClass.PolicyLsaServerRoleInformation)
{
#region MS-LSAD_R264
@Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
264,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyLsaServerRoleInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION(0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyReplicaSourceInformation)
{
#region MS-LSAD_R265
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
265,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyReplicaSourceInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION(0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformation)
{
#region MS-LSAD_R269
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
269,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyDnsDomainInformation then Type of access required MUST be
POLICY_VIEW_LOCAL_INFORMATION");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformationInt)
{
#region MS-LSAD_R270
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
270,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyDnsDomainInformationInt then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION (0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyLocalAccountDomainInformation)
{
if (this.serverPlatform == Server.Windows2k8)
{
#region MS-LSAD_R271
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
271,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyLocalAccountDomainInformation then Type of access required
MUST be POLICY_VIEW_LOCAL_INFORMATION");
#endregion
}
}
if (informationType == InformationClass.PolicyPdAccountInformation)
{
#region MS-LSAD_R262
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
262,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyPdAccountInformation then Type of access required MUST
be POLICY_GET_PRIVATE_INFORMATION(0x00000004)");
#endregion
}
#region MS-LSAD_R258
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
258,
@"If the context PolicyHandle parameter of LsarQueryInformationPolicy2 does not have
sufficient access, the server MUST return STATUS_ACCESS_DENIED(0xC0000022).");
#endregion
break;
default:
break;
}
#endregion
}
policyInformation = (((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true)
? PolicyInformation.Valid : PolicyInformation.Invalid;
return (ErrorStatus)uintMethodStatus;
}