in TestSuites/ADFamily/src/Adapter/MS-LSAD/PolicyObjects.cs [3163:4026]
public ErrorStatus QueryInformationPolicy(
int handleInput,
InformationClass informationType,
out PolicyInformation policyInformation)
{
InformationClass policyInformationClass2 = new InformationClass();
_LSAPR_POLICY_INFORMATION? policyInfoinServer = new _LSAPR_POLICY_INFORMATION();
this.Invalidhandlle = false;
this.invalidParam = false;
#region CheckingInvalidParameter
////Setting invalidParam flag for Information class which will return Invalid Parameter
if ((informationType == InformationClass.PolicyModificationInformation)
|| (informationType == InformationClass.PolicyAuditFullQueryInformation)
|| (informationType == InformationClass.PolicyAuditFullSetInformation)
|| (informationType == InformationClass.Invalid))
{
this.invalidParam = true;
}
#endregion CheckingInvalidParameter
#region CreatingInvalidHandle
if (stPolicyInformation.PHandle != handleInput)
{
////CreateAnInvalidHandle() will create invalid handle to check requirement of Invalid Handle
objSecretHandle = utilities.CreateAnInvalidHandle(false);
this.InvalidPolicyHandle = objSecretHandle;
PolicyHandle = this.InvalidPolicyHandle;
this.Invalidhandlle = true;
}
else
{
PolicyHandle = this.ValidPolicyHandle;
this.Invalidhandlle = false;
}
#endregion CreatingInvalidHandle
#region checkInfovalues
////Setting intCheckInfoClass with return status for capturing requirement
switch (informationType)
{
case InformationClass.PolicyAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyAccountDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditEventsInformation:
policyInformationClass2 = InformationClass.PolicyAuditEventsInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditFullQueryInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullQueryInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
if (this.isWindows)
{
if (PDCOSVersion >= ServerVersion.Win2003)
{
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
}
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyAuditFullSetInformation:
policyInformationClass2 = InformationClass.PolicyAuditFullSetInformation;
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyAuditLogInformation:
policyInformationClass2 = InformationClass.PolicyAuditLogInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDefaultQuotaInformation:
policyInformationClass2 = InformationClass.PolicyDefaultQuotaInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDnsDomainInformation:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyDnsDomainInformationInt:
policyInformationClass2 = InformationClass.PolicyDnsDomainInformationInt;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyLocalAccountDomainInformation:
policyInformationClass2 = InformationClass.PolicyLocalAccountDomainInformation;
if (this.serverPlatform == Server.Windows2k8)
{
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
}
break;
case InformationClass.PolicyLsaServerRoleInformation:
policyInformationClass2 = InformationClass.PolicyLsaServerRoleInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyModificationInformation:
policyInformationClass2 = InformationClass.PolicyModificationInformation;
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
case InformationClass.PolicyPdAccountInformation:
policyInformationClass2 = InformationClass.PolicyPdAccountInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_GET_PRIVATE_INFORMATION) !=
ACCESS_MASK.POLICY_GET_PRIVATE_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyPrimaryDomainInformation:
policyInformationClass2 = InformationClass.PolicyPrimaryDomainInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyReplicaSourceInformation:
policyInformationClass2 = InformationClass.PolicyReplicaSourceInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION) !=
ACCESS_MASK.POLICY_VIEW_LOCAL_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
case InformationClass.PolicyMachineAccountInformation:
policyInformationClass2 = InformationClass.PolicyMachineAccountInformation;
if ((this.uintAccessMask & ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION) != ACCESS_MASK.POLICY_VIEW_AUDIT_INFORMATION)
{
intCheckInfoClass = LsadUtilities.ReturnAccessDenied;
}
else
{
intCheckInfoClass = LsadUtilities.ReturnSuccess;
}
break;
default:
intCheckInfoClass = LsadUtilities.ReturnInvalidParameter;
break;
}
#endregion
uintMethodStatus = lsadClientStack.LsarQueryInformationPolicy(
PolicyHandle.Value,
(_POLICY_INFORMATION_CLASS)policyInformationClass2,
out policyInfoinServer);
////Capturing Requirements for Invalid Parameter status
if (this.invalidParam == true)
{
if (informationType == InformationClass.PolicyModificationInformation)
{
#region MS-LSAD_R321
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
321,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyModificationInformation then Information returned to caller from abstract
data model MUST return STATUS_InvalidParameter");
#endregion
#region MS-LSAD_R305
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
305,
@"If InformationClass value of LsarQueryInformationPolicy is PolicyModificationInformation
then Type of access required cannot be queried.The request MUST fail with
STATUS_INVALID_PARAMETER.");
#endregion
}
if (informationType == InformationClass.PolicyAuditFullSetInformation)
{
#region MS-LSAD_R306
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
306,
@"If InformationClass value of LsarQueryInformationPolicy is PolicyAuditFullSetInformation
then Type of access required cannot be queried. The request MUST fail with
STATUS_InvalidParameter");
#endregion
}
////Capturing requirement for Invalid Handle status
if (informationType == InformationClass.PolicyAuditFullQueryInformation)
{
if (this.isWindows)
{
if (PDCOSVersion >= ServerVersion.Win2003)
{
#region MS-LSAD-322
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.InvalidParameter,
(uint)uintMethodStatus,
"MS-LSAD",
322,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyAuditFullQueryInformation then Windows XP, Windows Server 2003,
Windows Vista, and Windows Server 2008 return STATUS_INVALID_PARAMETER for
this information class");
#endregion
}
}
}
}
else if (this.Invalidhandlle == true)
{
utilities.CreateAnInvalidHandle(true);
#region MS-LSAD_R294
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.InvalidHandle,
(uint)uintMethodStatus,
"MS-LSAD",
294,
@"LsarQueryInformationPolicy returns STATUS_InvalidHandle(0xC0000008),
if the handle is not a Valid policy object handle");
#endregion
}
////Capturing requirements for other return status
if (!this.Invalidhandlle)
{
#region checkinfoclasss
switch (intCheckInfoClass)
{
////Capturing requirements for Success status
case 0:
if (informationType == InformationClass.PolicyAuditLogInformation)
{
this.validPolicyInfoquery = utilities.ifQueryauditLogInfo(policyInfoinServer.Value);
if (this.isWindows)
{
#region MS-LSAD_R312
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
312,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyAuditLogInformation then Information returned to caller from abstract data
model MUST be Auditing Log Information");
#endregion
}
}
if (informationType == InformationClass.PolicyAuditEventsInformation)
{
this.validPolicyInfoquery = utilities.ifQueryauditeventsInfo(policyInfoinServer.Value);
#region MS-LSAD_R313
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& (this.validPolicyInfoquery == true)),
"MS-LSAD",
313,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyAuditEventsInformation then Information returned to caller from abstract
data model MUST be Event Auditing Options");
#endregion
}
if (informationType == InformationClass.PolicyPrimaryDomainInformation)
{
this.validPolicyInfoquery = utilities.ifQueryPrimarydomainInfo(policyInfoinServer.Value);
#region MS-LSAD_R314
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
314,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy2
is PolicyPrimaryDomainInformation then Information returned to caller from
abstract data model MUST be Primary Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyAccountDomainInformation)
{
if (isDC == false)
{
this.validPolicyInfoquery =
utilities.ifQueryAccountdomInfofornondc(policyInfoinServer.Value);
#region MS-LSAD_R316
Site.CaptureRequirementIfIsTrue(
((uint)uintMethodStatus ==
(uint)ErrorStatus.Success && this.validPolicyInfoquery == true),
"MS-LSAD",
316,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyAccountDomainInformation then Information returned to caller from abstract
data model on non-domain controllers MUST be Account Domain");
#endregion
}
else
{
this.validPolicyInfoquery = utilities.ifQueryAccountdomInfo(policyInfoinServer.Value);
#region MS-LSAD_R873
Site.CaptureRequirementIfIsTrue(
((uint)uintMethodStatus ==
(uint)ErrorStatus.Success && this.validPolicyInfoquery == true),
"MS-LSAD",
873,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyAccountDomainInformation then Information returned to caller from abstract
data model on domain controller MUST return Primary Domain Information");
#endregion
}
}
if (informationType == InformationClass.PolicyLsaServerRoleInformation)
{
this.validPolicyInfoquery = utilities.ifQueryLsaSrvrroleInfo(policyInfoinServer.Value);
if (isDC == true)
{
#region MS-LSAD_R317
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus ==
(uint)ErrorStatus.Success) && this.validPolicyInfoquery == true),
"MS-LSAD",
317,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyLsaServerRoleInformation then Information returned to caller from abstract
data model on domain controller MUST be Primary Domain Information");
#endregion
}
#region MS-LSAD_R318
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
318,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyLsaServerRoleInformation then Information returned to caller from abstract
data model MUST be Server Role Information");
#endregion
}
if (informationType == InformationClass.PolicyReplicaSourceInformation)
{
this.validPolicyInfoquery = utilities.ifQueryReplicaSrcInfo(policyInfoinServer.Value);
#region MS-LSAD_R319
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
319,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyReplicaSourceInformation then Information returned to caller from abstract
data model MUST be Replica Source Information");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformation)
{
this.validPolicyInfoquery = utilities.ifQueryDnsDomInfo(policyInfoinServer.Value);
#region MS-LSAD_R323
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
323,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyDnsDomainInformation then Information returned to caller from abstract data
model MUST be DNS Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformationInt)
{
this.validPolicyInfoquery = utilities.ifQueryDnsDomIntInfo(policyInfoinServer.Value);
#region MS-LSAD_R324
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus ==
(uint)ErrorStatus.Success) && this.validPolicyInfoquery == true),
"MS-LSAD",
324,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyDnsDomainInformationInt then Information returned to caller from abstract
data model MUST be DNS Domain Information");
#endregion
}
if (informationType == InformationClass.PolicyLocalAccountDomainInformation)
{
if (this.serverPlatform == Server.Windows2k8)
{
this.validPolicyInfoquery = utilities.ifQueryLocalaccountInfo(policyInfoinServer.Value);
#region MS-LSAD_R325
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
325,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyLocalAccountDomainInformation then Information returned to caller from
abstract data model MUST be AccountDomainInformation");
#endregion
}
}
if (informationType == InformationClass.PolicyPdAccountInformation)
{
_LSAPR_POLICY_INFORMATION policyInfoinServer1 = policyInfoinServer.Value;
policyInfoinServer1.PolicyPdAccountInfo.Name = new _RPC_UNICODE_STRING();
this.validPolicyInfoquery = utilities.ifQueryPdaccountInfo(policyInfoinServer.Value);
#region MS-LSAD_R315
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true),
"MS-LSAD",
315,
@"If the value of InformationClass parameter in LsarQueryInformationPolicy is
PolicyPdAccountInformation then Information returned to caller from abstract data
model MUST return an LSAPR_POLICY_PD_ACCOUNT_INFO information structure initialized
with zeros");
#endregion
}
#region MS-LSAD_R289
Site.CaptureRequirementIfAreEqual<uint>(
(uint)ErrorStatus.Success,
(uint)uintMethodStatus,
"MS-LSAD",
289,
@"The return Values for Opnum LsarQueryInformationPolicy that an implementation MUST
return when the request was successfully completed isSTATUS_Success(0x00000000)");
#endregion
#region MS-LSAD_R293
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success) && PolicyHandle != IntPtr.Zero),
"MS-LSAD",
293,
@"PolicyHandle parameter of LsarQueryInformationPolicy MUST be a handle to an open
policy object");
#endregion
#region MS-LSAD_R295
Site.CaptureRequirementIfIsTrue(
(((uint)uintMethodStatus == (uint)ErrorStatus.Success) && PolicyHandle != IntPtr.Zero),
"MS-LSAD",
295,
@"PolicyHandle parameter of LsarQueryInformationPolicy MUST reference a context that was
granted an access commensurate with the InformationClass value requested.");
#endregion
break;
////Capturing Requirements for general Invalid Parameter status
case 1:
#region MS-LSAD_R291
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.InvalidParameter),
(uint)uintMethodStatus,
"MS-LSAD",
291,
@"The return Values of Opnum LsarQueryInformationPolicy that an implementation MUST
return when one of the parameters is incorrect is STATUS_InvalidParameter(0xC000000D).
For instance, this can happen if InformationClass is out of range or if PolicyInformation
is Null.");
#endregion
break;
////Capturing requirements for Access Denied status
case 3:
if (informationType == InformationClass.PolicyAuditFullQueryInformation)
{
#region MS-LSAD_R307
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
307,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyAuditFullQueryInformation then Type of access required MUST
be POLICY_VIEW_AUDIT_INFORMATION");
#endregion
}
if (informationType == InformationClass.PolicyAuditLogInformation)
{
#region MS-LSAD_R297
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
297,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyAuditLogInformation then Type of access required MUST
be POLICY_VIEW_AUDIT_INFORMATION(0x00000002)");
#endregion
}
if (informationType == InformationClass.PolicyAuditEventsInformation)
{
#region MS-LSAD_R298
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
298,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyAuditEventsInformation then Type of access required MUST
be POLICY_VIEW_AUDIT_INFORMATION(0x00000002)");
#endregion
}
if (informationType == InformationClass.PolicyPrimaryDomainInformation)
{
#region MS-LSAD_R299
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
299,
@"If InformationClass value of LsarQueryInformationPolicy2 is
PolicyPrimaryDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION((0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyAccountDomainInformation)
{
#region MS-LSAD_R301
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
301,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyAccountDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION((0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyLsaServerRoleInformation)
{
#region MS-LSAD_R302
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
302,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyLsaServerRoleInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION(0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyReplicaSourceInformation)
{
#region MS-LSAD_R303
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
303,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyReplicaSourceInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION(0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformation)
{
#region MS-LSAD_R308
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
308,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyDnsDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION(0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyDnsDomainInformationInt)
{
#region MS-LSAD_R309
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
309,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyDnsDomainInformationInt then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION (0x00000001)");
#endregion
}
if (informationType == InformationClass.PolicyLocalAccountDomainInformation)
{
if (this.serverPlatform == Server.Windows2k8)
{
#region MS-LSAD_R310
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
310,
@"If InformationClass value of LsarQueryInformationPolicy is
PolicyLocalAccountDomainInformation then Type of access required MUST
be POLICY_VIEW_LOCAL_INFORMATION (0x00000001)");
#endregion
}
}
if (informationType == InformationClass.PolicyPdAccountInformation)
{
#region MS-LSAD_R300
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
300,
@"If InformationClass value of LsarQueryInformationPolicy is PolicyPdAccountInformation
then Type of access required MUST be POLICY_GET_PRIVATE_INFORMATION(0x00000004)");
#endregion
}
#region MS-LSAD_R296
Site.CaptureRequirementIfAreEqual<uint>(
((uint)ErrorStatus.AccessDenied),
(uint)uintMethodStatus,
"MS-LSAD",
296,
@"If the context PolicyHandle parameter of LsarQueryInformationPolicy does not have
sufficient access, the server MUST return STATUS_ACCESS_DENIED(0xC0000022).");
#endregion
break;
default:
break;
}
#endregion
}
policyInformation = (((uint)uintMethodStatus == (uint)ErrorStatus.Success)
&& this.validPolicyInfoquery == true)
? PolicyInformation.Valid : PolicyInformation.Invalid;
return (ErrorStatus)uintMethodStatus;
}