ruby_smb 3.3.7 → 3.3.8

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request_spec.rb

@@ -0,0 +1,40 @@
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarCloseHandleRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_CLOSE_HANDLE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_CLOSE_HANDLE)
+    end
+  end
+  it 'reads itself' do
+    new_packet = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    )
+    expected_output = {
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    }
+    expect(packet.read(new_packet.to_binary_s)).to eq(expected_output)
+  end
+end
+
+

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response_spec.rb

@@ -0,0 +1,46 @@
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarCloseHandleResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is a LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_CLOSE_HANDLE constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_CLOSE_HANDLE)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: '2ef54a87-e29e-4d24-90e9-9da49b94449e'
+      },
+      error_status: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      {
+        policy_handle: {
+          context_handle_attributes: 0,
+          context_handle_uuid: '2ef54a87-e29e-4d24-90e9-9da49b94449e'
+        },
+        error_status: 0
+      })
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request_spec.rb

@@ -0,0 +1,69 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarLookupSidsRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :sid_enum_buffer }
+  it { is_expected.to respond_to :translated_names }
+  it { is_expected.to respond_to :lookup_level }
+  it { is_expected.to respond_to :mapped_count }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#sid_enum_buffer' do
+    it 'is an LsaprSidEnumBuffer structure' do
+      expect(packet.sid_enum_buffer).to be_a RubySMB::Dcerpc::Lsarpc::LsaprSidEnumBuffer
+    end
+  end
+  describe '#translated_names' do
+    it 'is an LsaprTranslatedNames structure' do
+      expect(packet.translated_names).to be_a RubySMB::Dcerpc::Lsarpc::LsaprTranslatedNames
+    end
+  end
+  describe '#lookup_level' do
+    it 'is an NdrUint16' do
+      expect(packet.lookup_level).to be_a RubySMB::Dcerpc::Ndr::NdrUint16
+    end
+  end
+  describe '#mapped_count' do
+    it 'is an NdrUint32' do
+      expect(packet.mapped_count).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_LOOKUP_SIDS constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_LOOKUP_SIDS)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      sid_enum_buffer: { num_entries: 1, sid_info: [ { sid: 'S-1-5-21-2181772609-2124839192-2039643012-500' } ] },
+      lookup_level: 0,
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      sid_enum_buffer: { num_entries: 1, sid_info: [ { sid: 'S-1-5-21-2181772609-2124839192-2039643012-500' } ] },
+      translated_names: { num_entries: 0, names: :null },
+      lookup_level: 0,
+      mapped_count: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response_spec.rb

@@ -0,0 +1,56 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarLookupSidsResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :referenced_domains }
+  it { is_expected.to respond_to :translated_names }
+  it { is_expected.to respond_to :mapped_count }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#referenced_domains' do
+    it 'is an LsaprReferencedDomainListPtr structure' do
+      expect(packet.referenced_domains).to be_a RubySMB::Dcerpc::Lsarpc::LsaprReferencedDomainListPtr
+    end
+  end
+  describe '#translated_names' do
+    it 'is an LsaprTranslatedNames structure' do
+      expect(packet.translated_names).to be_a RubySMB::Dcerpc::Lsarpc::LsaprTranslatedNames
+    end
+  end
+  describe '#mapped_count' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.mapped_count).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#error_status' do
+    it 'is an NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_LOOKUP_SIDS constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_LOOKUP_SIDS)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      translated_names: { num_entries: 1, names: [ { use: 0, name: 'Administrator', domain_index: 0 }] },
+      mapped_count: 1,
+      error_status: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      referenced_domains: :null,
+      translated_names: { num_entries: 1, names: [ { use: 0, name: { buffer_length: 26, maximum_length: 26, buffer: 'Administrator'.encode('UTF-16LE') }, domain_index: 0 } ] },
+      mapped_count: 1,
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb

@@ -0,0 +1,68 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicy2Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :system_name }
+  it { is_expected.to respond_to :object_attributes }
+  it { is_expected.to respond_to :access_mask }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#system_name' do
+    it 'is an NdrWideStringzPtr structure' do
+      expect(packet.system_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringzPtr
+    end
+  end
+  describe '#object_attributes' do
+    it 'is an LsaprObjectAttributes structure' do
+      expect(packet.object_attributes).to be_a RubySMB::Dcerpc::Lsarpc::LsaprObjectAttributes
+    end
+  end
+  describe '#access_mask' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.access_mask).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      system_name: 'Example_System',
+      object_attributes: {
+        security_quality_of_service: {
+          impersonation_level: 0,
+          security_context_tracking_mode: 0
+        }
+      },
+      access_mask: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      {
+        system_name: 'Example_System'.encode('UTF-16LE'),
+        object_attributes: {
+          len: 24,
+          root_directory: :null,
+          object_name: :null,
+          attributes: 0,
+          security_descriptor: :null,
+          security_quality_of_service: {
+            len: 12,
+            impersonation_level: 0,
+            security_context_tracking_mode: 0,
+            effective_only: 0
+          }
+        },
+      access_mask: 0
+      }
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb

@@ -0,0 +1,46 @@
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicy2Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb

@@ -0,0 +1,68 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :system_name }
+  it { is_expected.to respond_to :object_attributes }
+  it { is_expected.to respond_to :access_mask }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#system_name' do
+    it 'is an NdrWideStringPtr structure' do
+      expect(packet.system_name).to be_a RubySMB::Dcerpc::Ndr::NdrWideStringPtr
+    end
+  end
+  describe '#object_attributes' do
+    it 'is an LsaprObjectAttributes structure' do
+      expect(packet.object_attributes).to be_a RubySMB::Dcerpc::Lsarpc::LsaprObjectAttributes
+    end
+  end
+  describe '#access_mask' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.access_mask).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      system_name: 'Example_System',
+      object_attributes: {
+        security_quality_of_service: {
+          impersonation_level: 0,
+          security_context_tracking_mode: 0
+        }
+      },
+      access_mask: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      {
+        system_name: 'Example_System'.encode('UTF-16LE'),
+        object_attributes: {
+          len: 24,
+          root_directory: :null,
+          object_name: :null,
+          attributes: 0,
+          security_descriptor: :null,
+          security_quality_of_service: {
+            len: 12,
+            impersonation_level: 0,
+            security_context_tracking_mode: 0,
+            effective_only: 0
+          }
+        },
+        access_mask: 0
+      }
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb

@@ -0,0 +1,45 @@
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarOpenPolicyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_OPEN_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_OPEN_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb

@@ -0,0 +1,47 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicy2Request do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :information_class }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#information_class' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.information_class).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb

@@ -0,0 +1,54 @@
+require 'ruby_smb/dcerpc/ndr'
+require 'ruby_smb/dcerpc/lsarpc'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicy2Response do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_information }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_information' do
+    it 'is an LsaprPolicyInformationPtr structure' do
+      expect(packet.policy_information).to be_a RubySMB::Dcerpc::Lsarpc::LsaprPolicyInformationPtr
+    end
+  end
+  describe '#error_status' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY2 constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY2)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {}
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {
+          audit_log_percent_full: 0,
+          maximum_log_size: 0,
+          audit_retention_period: 0,
+          audit_log_full_shutdown_in_progress: 0,
+          time_to_shutdown: 0,
+          next_audit_record_id: 0
+        }
+      },
+      error_status: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb

@@ -0,0 +1,46 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicyRequest do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_handle }
+  it { is_expected.to respond_to :information_class }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_handle' do
+    it 'is an LsaprHandle structure' do
+      expect(packet.policy_handle).to be_a RubySMB::Dcerpc::Lsarpc::LsaprHandle
+    end
+  end
+  describe '#information_class' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.information_class).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_handle: {
+        context_handle_attributes: 0,
+        context_handle_uuid: "fc873b90-d9a9-46a4-b9ea-f44bb1c272a7"
+      },
+      information_class: 0
+    )
+  end
+end

data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb

@@ -0,0 +1,53 @@
+require 'ruby_smb/dcerpc/ndr'
+
+RSpec.describe RubySMB::Dcerpc::Lsarpc::LsarQueryInformationPolicyResponse do
+  subject(:packet) { described_class.new }
+
+  it { is_expected.to respond_to :policy_information }
+  it { is_expected.to respond_to :error_status }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#policy_information' do
+    it 'is an LsaprPolicyInformationPtr structure' do
+      expect(packet.policy_information).to be_a RubySMB::Dcerpc::Lsarpc::LsaprPolicyInformationPtr
+    end
+  end
+  describe '#error_status' do
+    it 'is an NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to LSAR_QUERY_INFORMATION_POLICY constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Lsarpc::LSAR_QUERY_INFORMATION_POLICY)
+    end
+  end
+  it 'reads itself' do
+    new_class = described_class.new(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {}
+      }
+    )
+    expect(packet.read(new_class.to_binary_s)).to eq(
+      policy_information: {
+        policy_information_class: 1,
+        policy_information: {
+          audit_log_percent_full: 0,
+          maximum_log_size: 0,
+          audit_retention_period: 0,
+          audit_log_full_shutdown_in_progress: 0,
+          time_to_shutdown: 0,
+          next_audit_record_id: 0
+        }
+      },
+      error_status: 0
+    )
+  end
+end