ReactOS 0.4.16-dev-106-g10b08aa
NtQueryInformationToken.c File Reference
#include "precomp.h"
Include dependency graph for NtQueryInformationToken.c:

Go to the source code of this file.

Functions

static HANDLE OpenCurrentToken (VOID)
 
static VOID QueryTokenUserTests (_In_ HANDLE Token)
 
static VOID QueryTokenGroupsTests (_In_ HANDLE Token)
 
static VOID QueryTokenPrivilegesTests (_In_ HANDLE Token)
 
static VOID QueryTokenOwnerTests (_In_ HANDLE Token)
 
static VOID QueryTokenPrimaryGroupTests (_In_ HANDLE Token)
 
static VOID QueryTokenDefaultDaclTests (_In_ HANDLE Token)
 
static VOID QueryTokenSourceTests (_In_ HANDLE Token)
 
static VOID QueryTokenTypeTests (_In_ HANDLE Token)
 
static VOID QueryTokenImpersonationTests (_In_ HANDLE Token)
 
static VOID QueryTokenStatisticsTests (_In_ HANDLE Token)
 
static VOID QueryTokenPrivilegesAndGroupsTests (_In_ HANDLE Token)
 
static VOID QueryTokenRestrictedSidsTest (_In_ HANDLE Token)
 
static VOID QueryTokenSessionIdTests (_In_ HANDLE Token)
 
static VOID QueryTokenIsSandboxInert (_In_ HANDLE Token)
 
static VOID QueryTokenOriginTests (_In_ HANDLE Token)
 
 START_TEST (NtQueryInformationToken)
 

Function Documentation

◆ OpenCurrentToken()

static HANDLE OpenCurrentToken ( VOID  )
static

Definition at line 12 of file NtQueryInformationToken.c.

13{
16
19 &Token);
20 if (!Success)
21 {
22 ok(FALSE, "OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
23 return NULL;
24 }
25
26 return Token;
27}
#define ok(value,...)
Definition: atltest.h:57
#define NULL
Definition: types.h:112
#define FALSE
Definition: types.h:117
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
#define GetCurrentProcess()
Definition: compat.h:759
@ Success
Definition: eventcreate.c:712
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define TOKEN_QUERY_SOURCE
Definition: setypes.h:929
#define TOKEN_DUPLICATE
Definition: setypes.h:926
#define TOKEN_READ
Definition: setypes.h:951

Referenced by START_TEST().

◆ QueryTokenDefaultDaclTests()

static VOID QueryTokenDefaultDaclTests ( _In_ HANDLE  Token)
static

Definition at line 261 of file NtQueryInformationToken.c.

263{
267
268 /*
269 * Query the exact buffer length to hold
270 * our stuff, STATUS_BUFFER_TOO_SMALL must
271 * be expected here.
272 */
275 NULL,
276 0,
277 &BufferLength);
279
280 /* Allocate the buffer based on the size we got */
281 Dacl = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
282 if (!Dacl)
283 {
284 ok(FALSE, "Failed to allocate from heap for token default DACL (required buffer length %lu)!\n", BufferLength);
285 return;
286 }
287
288 /*
289 * Now do the actual query and validate the
290 * ACL revision and number count of ACEs.
291 */
294 Dacl,
296 &BufferLength);
298 ok(Dacl->DefaultDacl->AclRevision == 2, "The ACL revision of token default DACL must be 2 (current revision %u)!\n", Dacl->DefaultDacl->AclRevision);
299 ok(Dacl->DefaultDacl->AceCount == 2, "The ACL's ACE count must be 2 (current ACE count %u)!\n", Dacl->DefaultDacl->AceCount);
300
301 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
302}
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
LONG NTSTATUS
Definition: precomp.h:26
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
Status
Definition: gdiplustypes.h:25
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1605
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
uint32_t ULONG
Definition: typedefs.h:59
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
@ TokenDefaultDacl
Definition: setypes.h:971

Referenced by START_TEST().

◆ QueryTokenGroupsTests()

static VOID QueryTokenGroupsTests ( _In_ HANDLE  Token)
static

Definition at line 78 of file NtQueryInformationToken.c.

80{
82 PTOKEN_GROUPS Groups;
84
85 /*
86 * Query the exact buffer length to hold
87 * our stuff, STATUS_BUFFER_TOO_SMALL must
88 * be expected here.
89 */
92 NULL,
93 0,
96
97 /* Allocate the buffer based on the size we got */
98 Groups = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
99 if (!Groups)
100 {
101 ok(FALSE, "Failed to allocate from heap for token groups (required buffer length %lu)!\n", BufferLength);
102 return;
103 }
104
105 /*
106 * Now do the actual query and validate the
107 * number of groups.
108 */
111 Groups,
113 &BufferLength);
115 ok(Groups->GroupCount == 10, "The number of groups must be 10 (current number %lu)!\n", Groups->GroupCount);
116
117 RtlFreeHeap(RtlGetProcessHeap(), 0, Groups);
118}
$ULONG GroupCount
Definition: setypes.h:1014
@ TokenGroups
Definition: setypes.h:967

Referenced by START_TEST().

◆ QueryTokenImpersonationTests()

static VOID QueryTokenImpersonationTests ( _In_ HANDLE  Token)
static

Definition at line 387 of file NtQueryInformationToken.c.

389{
393 HANDLE DupToken;
395
396 /*
397 * Windows throws STATUS_INVALID_INFO_CLASS here
398 * because one cannot simply query the impersonation
399 * level of a primary token.
400 */
403 &Level,
405 &BufferLength);
407
408 /*
409 * Initialize the object attribute and duplicate
410 * the token into an actual impersonation one.
411 */
413 NULL,
414 0,
415 NULL,
416 NULL);
417
421 FALSE,
423 &DupToken);
424 if (!NT_SUCCESS(Status))
425 {
426 ok(FALSE, "Failed to duplicate token (Status code %lx)!\n", Status);
427 return;
428 }
429
430 /* Now do the actual query */
433 &Level,
435 &BufferLength);
437 ok(Level == SecurityAnonymous, "The current token impersonation level is not anonymous!\n");
438 NtClose(DupToken);
439}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
@ SecurityAnonymous
Definition: lsa.idl:55
@ TokenImpersonation
Definition: imports.h:274
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
_IRQL_requires_same_ typedef _In_ ULONG _In_ UCHAR Level
Definition: wmitypes.h:56
#define TOKEN_QUERY
Definition: setypes.h:928
@ TokenImpersonationLevel
Definition: setypes.h:974

Referenced by START_TEST().

◆ QueryTokenIsSandboxInert()

static VOID QueryTokenIsSandboxInert ( _In_ HANDLE  Token)
static

Definition at line 712 of file NtQueryInformationToken.c.

714{
716 ULONG IsTokenInert;
718 HANDLE FilteredToken;
719
720 /*
721 * Query the sandbox inert token information,
722 * it must not be inert.
723 */
726 &IsTokenInert,
727 sizeof(ULONG),
728 &BufferLength);
730 ok(IsTokenInert == FALSE, "The token must not be a sandbox inert one!\n");
731
732 /*
733 * Try to turn the token into an inert
734 * one by filtering it.
735 */
738 NULL,
739 NULL,
740 NULL,
741 &FilteredToken);
742 if (!NT_SUCCESS(Status))
743 {
744 ok(FALSE, "Failed to filter the current token (Status code %lx)!\n", Status);
745 return;
746 }
747
748 /*
749 * Now do a query again, this time
750 * the token should be inert.
751 */
752 Status = NtQueryInformationToken(FilteredToken,
754 &IsTokenInert,
755 sizeof(ULONG),
756 &BufferLength);
758 ok(IsTokenInert == TRUE, "The token must be a sandbox inert one after filtering!\n");
759
760 NtClose(FilteredToken);
761}
#define TRUE
Definition: types.h:120
#define SANDBOX_INERT
Definition: setypes.h:115
NTSTATUS NTAPI NtFilterToken(_In_ HANDLE ExistingTokenHandle, _In_ ULONG Flags, _In_opt_ PTOKEN_GROUPS SidsToDisable, _In_opt_ PTOKEN_PRIVILEGES PrivilegesToDelete, _In_opt_ PTOKEN_GROUPS RestrictedSids, _Out_ PHANDLE NewTokenHandle)
Creates an access token in a restricted form from the original existing token, that is,...
Definition: tokenlif.c:2075
@ TokenSandBoxInert
Definition: setypes.h:980

Referenced by START_TEST().

◆ QueryTokenOriginTests()

static VOID QueryTokenOriginTests ( _In_ HANDLE  Token)
static

Definition at line 765 of file NtQueryInformationToken.c.

767{
769 TOKEN_ORIGIN Origin;
771
772 /* Query the token origin */
775 &Origin,
776 sizeof(TOKEN_ORIGIN),
777 &BufferLength);
779 ok(Origin.OriginatingLogonSession.LowPart == 0x3e7, "The LowPart field of the originating logon session must be SYSTEM_LUID (current value %lu)!\n",
781 ok(Origin.OriginatingLogonSession.HighPart == 0x0, "The HighPart field of the logon session must be 0 (current value %lu)!\n",
783}
LONG HighPart
DWORD LowPart
LUID OriginatingLogonSession
Definition: setypes.h:1107
@ TokenOrigin
Definition: setypes.h:982

Referenced by START_TEST().

◆ QueryTokenOwnerTests()

static VOID QueryTokenOwnerTests ( _In_ HANDLE  Token)
static

Definition at line 166 of file NtQueryInformationToken.c.

168{
172 UNICODE_STRING SidString;
173
174 /*
175 * Query the exact buffer length to hold
176 * our stuff, STATUS_BUFFER_TOO_SMALL must
177 * be expected here.
178 */
181 NULL,
182 0,
183 &BufferLength);
185
186 /* Allocate the buffer based on the size we got */
187 Owner = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
188 if (!Owner)
189 {
190 ok(FALSE, "Failed to allocate from heap for token owner (required buffer length %lu)!\n", BufferLength);
191 return;
192 }
193
194 /*
195 * Now do the actual query and validate the
196 * token owner (must be the local admin).
197 */
200 Owner,
202 &BufferLength);
204
206 ok_wstr(SidString.Buffer, L"S-1-5-32-544");
207 RtlFreeUnicodeString(&SidString);
208
209 RtlFreeHeap(RtlGetProcessHeap(), 0, Owner);
210}
#define ok_wstr(x, y)
Definition: atltest.h:130
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1609
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
#define L(x)
Definition: ntvdm.h:50
@ TokenOwner
Definition: setypes.h:969

Referenced by START_TEST().

◆ QueryTokenPrimaryGroupTests()

static VOID QueryTokenPrimaryGroupTests ( _In_ HANDLE  Token)
static

Definition at line 214 of file NtQueryInformationToken.c.

216{
220 UNICODE_STRING SidString;
221
222 /*
223 * Query the exact buffer length to hold
224 * our stuff, STATUS_BUFFER_TOO_SMALL must
225 * be expected here.
226 */
229 NULL,
230 0,
231 &BufferLength);
233
234 /* Allocate the buffer based on the size we got */
235 PrimaryGroup = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
236 if (!PrimaryGroup)
237 {
238 ok(FALSE, "Failed to allocate from heap for token primary group (required buffer length %lu)!\n", BufferLength);
239 return;
240 }
241
242 /* Now do the actual query */
247 &BufferLength);
249
250 RtlConvertSidToUnicodeString(&SidString, PrimaryGroup->PrimaryGroup, TRUE);
251 trace("=============== TokenPrimaryGroup ===============\n");
252 trace("The primary group SID of current token is: %s\n", wine_dbgstr_w(SidString.Buffer));
253 trace("=========================================\n\n");
254 RtlFreeUnicodeString(&SidString);
255
256 RtlFreeHeap(RtlGetProcessHeap(), 0, PrimaryGroup);
257}
#define trace
Definition: atltest.h:70
#define wine_dbgstr_w
Definition: kernel32.h:34
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1611
@ TokenPrimaryGroup
Definition: setypes.h:970

Referenced by START_TEST().

◆ QueryTokenPrivilegesAndGroupsTests()

static VOID QueryTokenPrivilegesAndGroupsTests ( _In_ HANDLE  Token)
static

Definition at line 491 of file NtQueryInformationToken.c.

493{
495 PTOKEN_GROUPS_AND_PRIVILEGES PrivsAndGroups;
496 TOKEN_GROUPS SidToRestrict;
497 HANDLE FilteredToken;
501
502 /*
503 * Create a World SID and filter the token
504 * by adding a restricted SID.
505 */
507 1,
509 0, 0, 0, 0, 0, 0, 0,
510 &WorldSid);
511 if (!NT_SUCCESS(Status))
512 {
513 ok(FALSE, "Failed to allocate World SID (Status code %lx)!\n", Status);
514 return;
515 }
516
517 SidToRestrict.GroupCount = 1;
518 SidToRestrict.Groups[0].Attributes = 0;
519 SidToRestrict.Groups[0].Sid = WorldSid;
520
522 0,
523 NULL,
524 NULL,
525 &SidToRestrict,
526 &FilteredToken);
527 if (!NT_SUCCESS(Status))
528 {
529 ok(FALSE, "Failed to filter the current token (Status code %lx)!\n", Status);
530 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
531 return;
532 }
533
534 /*
535 * Query the exact buffer length to hold
536 * our stuff, STATUS_BUFFER_TOO_SMALL must
537 * be expected here.
538 */
539 Status = NtQueryInformationToken(FilteredToken,
541 NULL,
542 0,
543 &BufferLength);
545
546 /* Allocate the buffer based on the size we got */
547 PrivsAndGroups = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
548 if (!PrivsAndGroups)
549 {
550 ok(FALSE, "Failed to allocate from heap for token privileges and groups (required buffer length %lu)!\n", BufferLength);
551 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
552 NtClose(FilteredToken);
553 return;
554 }
555
556 /* Do the actual query */
557 Status = NtQueryInformationToken(FilteredToken,
559 PrivsAndGroups,
561 &BufferLength);
563
564 trace("=============== TokenGroupsAndPrivileges ===============\n");
565 trace("SID count: %lu\n", PrivsAndGroups->SidCount);
566 trace("SID length: %lu\n", PrivsAndGroups->SidLength);
567 trace("Restricted SID count: %lu\n", PrivsAndGroups->RestrictedSidCount);
568 trace("Restricted SID length: %lu\n", PrivsAndGroups->RestrictedSidLength);
569 trace("Privilege count: %lu\n", PrivsAndGroups->PrivilegeCount);
570 trace("Privilege length: %lu\n", PrivsAndGroups->PrivilegeLength);
571 trace("Authentication ID: %lu %lu\n", PrivsAndGroups->AuthenticationId.LowPart, PrivsAndGroups->AuthenticationId.HighPart);
572 trace("=========================================\n\n");
573
574 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivsAndGroups);
575 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
576 NtClose(FilteredToken);
577}
PSID WorldSid
Definition: globals.c:15
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:1018
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define SECURITY_WORLD_RID
Definition: setypes.h:541
@ TokenGroupsAndPrivileges
Definition: setypes.h:978

Referenced by START_TEST().

◆ QueryTokenPrivilegesTests()

static VOID QueryTokenPrivilegesTests ( _In_ HANDLE  Token)
static

Definition at line 122 of file NtQueryInformationToken.c.

124{
128
129 /*
130 * Query the exact buffer length to hold
131 * our stuff, STATUS_BUFFER_TOO_SMALL must
132 * be expected here.
133 */
136 NULL,
137 0,
138 &BufferLength);
140
141 /* Allocate the buffer based on the size we got */
142 Privileges = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
143 if (!Privileges)
144 {
145 ok(FALSE, "Failed to allocate from heap for token privileges (required buffer length %lu)!\n", BufferLength);
146 return;
147 }
148
149 /*
150 * Now do the actual query and validate the
151 * number of privileges.
152 */
157 &BufferLength);
159 ok(Privileges->PrivilegeCount == 20, "The number of privileges must be 20 (current number %lu)!\n", Privileges->PrivilegeCount);
160
161 RtlFreeHeap(RtlGetProcessHeap(), 0, Privileges);
162}
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
@ TokenPrivileges
Definition: setypes.h:968

Referenced by START_TEST().

◆ QueryTokenRestrictedSidsTest()

static VOID QueryTokenRestrictedSidsTest ( _In_ HANDLE  Token)
static

Definition at line 581 of file NtQueryInformationToken.c.

583{
585 PTOKEN_GROUPS RestrictedGroups;
586 TOKEN_GROUPS SidToRestrict;
588 HANDLE FilteredToken;
591
592 /*
593 * Query the exact buffer length to hold
594 * our stuff, STATUS_BUFFER_TOO_SMALL must
595 * be expected here.
596 */
599 NULL,
600 0,
601 &BufferLength);
603
604 /* Allocate the buffer based on the size we got */
605 RestrictedGroups = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
606 if (!RestrictedGroups)
607 {
608 ok(FALSE, "Failed to allocate from heap for restricted SIDs (required buffer length %lu)!\n", BufferLength);
609 return;
610 }
611
612 /*
613 * Query the number of restricted SIDs. Originally the token
614 * doesn't have any restricted SIDs inserted.
615 */
618 RestrictedGroups,
620 &BufferLength);
622 ok(RestrictedGroups->GroupCount == 0, "There mustn't be any restricted SIDs before filtering (number of restricted SIDs %lu)!\n", RestrictedGroups->GroupCount);
623
624 RtlFreeHeap(RtlGetProcessHeap(), 0, RestrictedGroups);
625 RestrictedGroups = NULL;
626
628 1,
630 0, 0, 0, 0, 0, 0, 0,
631 &WorldSid);
632 if (!NT_SUCCESS(Status))
633 {
634 ok(FALSE, "Failed to allocate World SID (Status code %lx)!\n", Status);
635 return;
636 }
637
638 SidToRestrict.GroupCount = 1;
639 SidToRestrict.Groups[0].Attributes = 0;
640 SidToRestrict.Groups[0].Sid = WorldSid;
641
643 0,
644 NULL,
645 NULL,
646 &SidToRestrict,
647 &FilteredToken);
648 if (!NT_SUCCESS(Status))
649 {
650 ok(FALSE, "Failed to filter the current token (Status code %lx)!\n", Status);
651 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
652 return;
653 }
654
655 Status = NtQueryInformationToken(FilteredToken,
657 NULL,
658 0,
659 &BufferLength);
661
662 RestrictedGroups = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
663 if (!RestrictedGroups)
664 {
665 ok(FALSE, "Failed to allocate from heap for restricted SIDs (required buffer length %lu)!\n", BufferLength);
666 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
667 return;
668 }
669
670 /*
671 * Do a query again, this time we must have a
672 * restricted SID inserted into the token.
673 */
674 Status = NtQueryInformationToken(FilteredToken,
676 RestrictedGroups,
678 &BufferLength);
680 ok(RestrictedGroups->GroupCount == 1, "There must be only one restricted SID added in token (number of restricted SIDs %lu)!\n", RestrictedGroups->GroupCount);
681
682 RtlFreeHeap(RtlGetProcessHeap(), 0, RestrictedGroups);
683 RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
684 NtClose(FilteredToken);
685}
@ TokenRestrictedSids
Definition: setypes.h:976

Referenced by START_TEST().

◆ QueryTokenSessionIdTests()

static VOID QueryTokenSessionIdTests ( _In_ HANDLE  Token)
static

Definition at line 689 of file NtQueryInformationToken.c.

691{
695
696 /*
697 * Query the session ID. Generally the current
698 * process token is not under any terminal service
699 * so the ID must be 0.
700 */
703 &SessionId,
704 sizeof(ULONG),
705 &BufferLength);
707 ok(SessionId == 0, "The session ID of current token must be 0 (current session %lu)!\n", SessionId);
708}
ULONG SessionId
Definition: dllmain.c:28
@ TokenSessionId
Definition: setypes.h:977

Referenced by START_TEST().

◆ QueryTokenSourceTests()

static VOID QueryTokenSourceTests ( _In_ HANDLE  Token)
static

Definition at line 306 of file NtQueryInformationToken.c.

308{
312 CHAR SourceName[8];
313
314 /*
315 * Query the exact buffer length to hold
316 * our stuff, STATUS_BUFFER_TOO_SMALL must
317 * be expected here.
318 */
321 NULL,
322 0,
323 &BufferLength);
325
326 /* Allocate the buffer based on the size we got */
327 Source = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
328 if (!Source)
329 {
330 ok(FALSE, "Failed to allocate from heap for token source (required buffer length %lu)!\n", BufferLength);
331 return;
332 }
333
334 /* Now do the actual query */
337 Source,
339 &BufferLength);
341
342 /*
343 * Subtract the source name from the queried buffer
344 * and compare it. The source name in question must be
345 * "User32" as the primary token of the current calling
346 * process is generated when the user has successfully
347 * logged in and he's into the desktop.
348 */
349 SourceName[0] = Source->SourceName[0];
350 SourceName[1] = Source->SourceName[1];
351 SourceName[2] = Source->SourceName[2];
352 SourceName[3] = Source->SourceName[3];
353 SourceName[4] = Source->SourceName[4];
354 SourceName[5] = Source->SourceName[5];
355 SourceName[6] = '\0';
356 ok_str(SourceName, "User32");
357
358 RtlFreeHeap(RtlGetProcessHeap(), 0, Source);
359}
WCHAR SourceName[256]
Definition: arping.c:28
#define ok_str(x, y)
Definition: atltest.h:127
_In_ UINT _In_ UINT _In_ PNDIS_PACKET Source
Definition: ndis.h:3169
@ TokenSource
Definition: setypes.h:972
char CHAR
Definition: xmlstorage.h:175

Referenced by START_TEST().

◆ QueryTokenStatisticsTests()

static VOID QueryTokenStatisticsTests ( _In_ HANDLE  Token)
static

Definition at line 443 of file NtQueryInformationToken.c.

445{
447 PTOKEN_STATISTICS Statistics;
449
450 /*
451 * Query the exact buffer length to hold
452 * our stuff, STATUS_BUFFER_TOO_SMALL must
453 * be expected here.
454 */
457 NULL,
458 0,
459 &BufferLength);
461
462 /* Allocate the buffer based on the size we got */
463 Statistics = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
464 if (!Statistics)
465 {
466 ok(FALSE, "Failed to allocate from heap for token statistics (required buffer length %lu)!\n", BufferLength);
467 return;
468 }
469
470 /* Do the actual query */
473 Statistics,
475 &BufferLength);
477
478 trace("=============== TokenStatistics ===============\n");
479 trace("Token ID: %lu %lu\n", Statistics->TokenId.LowPart, Statistics->TokenId.HighPart);
480 trace("Authentication ID: %lu %lu\n", Statistics->AuthenticationId.LowPart, Statistics->AuthenticationId.HighPart);
481 trace("Dynamic Charged: %lu\n", Statistics->DynamicCharged);
482 trace("Dynamic Available: %lu\n", Statistics->DynamicAvailable);
483 trace("Modified ID: %lu %lu\n", Statistics->ModifiedId.LowPart, Statistics->ModifiedId.HighPart);
484 trace("=========================================\n\n");
485
486 RtlFreeHeap(RtlGetProcessHeap(), 0, Statistics);
487}
LUID AuthenticationId
Definition: setypes.h:1087
$ULONG DynamicAvailable
Definition: setypes.h:1092
$ULONG DynamicCharged
Definition: setypes.h:1091
@ TokenStatistics
Definition: setypes.h:975

Referenced by START_TEST().

◆ QueryTokenTypeTests()

static VOID QueryTokenTypeTests ( _In_ HANDLE  Token)
static

Definition at line 363 of file NtQueryInformationToken.c.

365{
369
370 /*
371 * Query the token type. The token of the
372 * current calling process must be primary
373 * since we aren't impersonating the security
374 * context of a client.
375 */
377 TokenType,
378 &Type,
379 sizeof(TOKEN_TYPE),
380 &BufferLength);
382 ok(Type == TokenPrimary, "The current token is not primary!\n");
383}
Type
Definition: Type.h:7
TOKEN_TYPE
Definition: asmpp.cpp:29
@ TokenPrimary
Definition: imports.h:273
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411

Referenced by START_TEST().

◆ QueryTokenUserTests()

static VOID QueryTokenUserTests ( _In_ HANDLE  Token)
static

Definition at line 31 of file NtQueryInformationToken.c.

33{
35 PTOKEN_USER UserToken;
37 UNICODE_STRING SidString;
38
39 /*
40 * Query the exact buffer length to hold
41 * our stuff, STATUS_BUFFER_TOO_SMALL must
42 * be expected here.
43 */
46 NULL,
47 0,
50
51 /* Allocate the buffer based on the size we got */
52 UserToken = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
53 if (!UserToken)
54 {
55 ok(FALSE, "Failed to allocate from heap for token user (required buffer length %lu)!\n", BufferLength);
56 return;
57 }
58
59 /* Now do the actual query */
62 UserToken,
66
67 RtlConvertSidToUnicodeString(&SidString, UserToken->User.Sid, TRUE);
68 trace("=============== TokenUser ===============\n");
69 trace("The SID of current token user is: %s\n", wine_dbgstr_w(SidString.Buffer));
70 trace("=========================================\n\n");
71 RtlFreeUnicodeString(&SidString);
72
73 RtlFreeHeap(RtlGetProcessHeap(), 0, UserToken);
74}
SID_AND_ATTRIBUTES User
Definition: setypes.h:1010
@ TokenUser
Definition: setypes.h:966

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( NtQueryInformationToken  )

Definition at line 785 of file NtQueryInformationToken.c.

786{
789 PVOID Dummy;
790 ULONG DummyReturnLength;
791
792 /* ReturnLength is NULL */
794 TokenUser,
795 NULL,
796 0,
797 NULL);
799
800 /* We don't give any token here */
802 TokenUser,
803 &Dummy,
804 0,
805 &DummyReturnLength);
807
809
810 /* Class 0 is unused on Windows */
812 0,
813 &Dummy,
814 0,
815 &DummyReturnLength);
817
818 /* We give a bogus info class */
820 0xa0a,
821 &Dummy,
822 0,
823 &DummyReturnLength);
825
826 /* Now perform tests for each class */
842
843 NtClose(Token);
844}
static VOID QueryTokenImpersonationTests(_In_ HANDLE Token)
static VOID QueryTokenDefaultDaclTests(_In_ HANDLE Token)
static VOID QueryTokenSessionIdTests(_In_ HANDLE Token)
static VOID QueryTokenStatisticsTests(_In_ HANDLE Token)
static VOID QueryTokenOwnerTests(_In_ HANDLE Token)
static VOID QueryTokenOriginTests(_In_ HANDLE Token)
static VOID QueryTokenPrivilegesTests(_In_ HANDLE Token)
static VOID QueryTokenPrimaryGroupTests(_In_ HANDLE Token)
static VOID QueryTokenSourceTests(_In_ HANDLE Token)
static VOID QueryTokenTypeTests(_In_ HANDLE Token)
static VOID QueryTokenUserTests(_In_ HANDLE Token)
static VOID QueryTokenGroupsTests(_In_ HANDLE Token)
static VOID QueryTokenRestrictedSidsTest(_In_ HANDLE Token)
static HANDLE OpenCurrentToken(VOID)
static VOID QueryTokenIsSandboxInert(_In_ HANDLE Token)
static VOID QueryTokenPrivilegesAndGroupsTests(_In_ HANDLE Token)
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242