ReactOS 0.4.15-dev-8222-g9164419
SeHelpers.c File Reference
#include <kmt_test.h>
#include "se.h"
Include dependency graph for SeHelpers.c:

Go to the source code of this file.

Functions

NTSTATUS RtlxAddAuditAccessAceEx (_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
 
NTSTATUS RtlxAddMandatoryLabelAceEx (_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
 
VOID CheckSid__ (_In_ PSID Sid, _In_ ULONG SidSize, _In_ PISID ExpectedSid, _In_ PCSTR FileAndLine)
 
VOID VCheckAcl__ (_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine, _In_ va_list Arguments)
 
VOID CheckAcl__ (_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine,...)
 

Function Documentation

◆ CheckAcl__()

VOID CheckAcl__ ( _In_ PACL  Acl,
_In_ ULONG  AceCount,
_In_ PCSTR  FileAndLine,
  ... 
)

Definition at line 219 of file SeHelpers.c.

224{
225 va_list Arguments;
226
227 va_start(Arguments, FileAndLine);
228 VCheckAcl__(Acl, AceCount, FileAndLine, Arguments);
229 va_end(Arguments);
230}
VOID VCheckAcl__(_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine, _In_ va_list Arguments)
Definition: SeHelpers.c:128
char * va_list
Definition: acmsvcex.h:78
#define va_end(ap)
Definition: acmsvcex.h:90
#define va_start(ap, A)
Definition: acmsvcex.h:91

◆ CheckSid__()

VOID CheckSid__ ( _In_ PSID  Sid,
_In_ ULONG  SidSize,
_In_ PISID  ExpectedSid,
_In_ PCSTR  FileAndLine 
)

Definition at line 89 of file SeHelpers.c.

94{
95 BOOLEAN Okay;
97
98 KmtOk(Sid != NULL, FileAndLine, "Sid is NULL\n");
99 if (KmtSkip(Sid != NULL, FileAndLine, "No Sid\n"))
100 return;
101 if (KmtSkip(SidSize >= sizeof(ULONG), FileAndLine, "Sid too small: %lu\n", SidSize))
102 return;
103 Okay = RtlValidSid(Sid);
104 KmtOk(Okay == TRUE, FileAndLine, "Invalid Sid\n");
105 if (KmtSkip(Okay, FileAndLine, "Invalid Sid\n"))
106 return;
107
109 KmtOk(SidSize >= Length, FileAndLine, "SidSize %lu too small, need %lu\n", SidSize, Length);
110 if (KmtSkip(SidSize >= Length, FileAndLine, "Sid too small\n"))
111 return;
112 Okay = RtlEqualSid(Sid, ExpectedSid);
113 KmtOk(Okay, FileAndLine, "Sids %p and %p not equal\n", Sid, ExpectedSid);
114 if (!Okay)
115 {
116 WCHAR Buffer1[128];
117 WCHAR Buffer2[128];
118 UNICODE_STRING SidString1, SidString2;
119 RtlInitEmptyUnicodeString(&SidString1, Buffer1, sizeof(Buffer1));
120 RtlInitEmptyUnicodeString(&SidString2, Buffer2, sizeof(Buffer2));
122 (void)RtlConvertSidToUnicodeString(&SidString2, ExpectedSid, FALSE);
123 KmtOk(0, FileAndLine, "Got %wZ, expected %wZ\n", &SidString1, &SidString2);
124 }
125}
unsigned char BOOLEAN
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
BOOLEAN BOOLEAN KmtOk(INT Condition, PCSTR FileAndLine, PCSTR Format,...) KMT_FORMAT(ms_printf
BOOLEAN BOOLEAN VOID VOID BOOLEAN BOOLEAN KmtSkip(INT Condition, PCSTR FileAndLine, PCSTR Format,...) KMT_FORMAT(ms_printf
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
uint32_t ULONG
Definition: typedefs.h:59
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by CheckDirectorySecurity__(), and VCheckAcl__().

◆ RtlxAddAuditAccessAceEx()

NTSTATUS RtlxAddAuditAccessAceEx ( _Inout_ PACL  Acl,
_In_ ULONG  Revision,
_In_ ULONG  Flags,
_In_ ACCESS_MASK  AccessMask,
_In_ PSID  Sid,
_In_ BOOLEAN  Success,
_In_ BOOLEAN  Failure 
)

Definition at line 12 of file SeHelpers.c.

20{
22 USHORT AceSize;
24
26 if (Failure) Flags |= FAILED_ACCESS_ACE_FLAG;
27
28 AceSize = FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart) + RtlLengthSid(Sid);
29 Ace = ExAllocatePoolWithTag(PagedPool, AceSize, 'cAmK');
30 if (!Ace)
32 Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
33 Ace->Header.AceFlags = Flags;
34 Ace->Header.AceSize = AceSize;
35 Ace->Mask = AccessMask;
36 Status = RtlCopySid(AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart),
37 (PSID)&Ace->SidStart,
38 Sid);
40 if (NT_SUCCESS(Status))
41 {
42 Status = RtlAddAce(Acl,
45 Ace,
46 AceSize);
47 }
48 ExFreePoolWithTag(Ace, 'cAmK');
49 return Status;
50}
LONG NTSTATUS
Definition: precomp.h:26
@ Ace
Definition: card.h:12
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PagedPool
Definition: env_spec_w32.h:308
@ Success
Definition: eventcreate.c:712
Status
Definition: gdiplustypes.h:25
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
#define ASSERT(a)
Definition: mode.c:44
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
unsigned short USHORT
Definition: pedump.c:61
#define MAXULONG
Definition: typedefs.h:251
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by TestSeAssignSecurity().

◆ RtlxAddMandatoryLabelAceEx()

NTSTATUS RtlxAddMandatoryLabelAceEx ( _Inout_ PACL  Acl,
_In_ ULONG  Revision,
_In_ ULONG  Flags,
_In_ ACCESS_MASK  AccessMask,
_In_ PSID  Sid 
)

Definition at line 53 of file SeHelpers.c.

59{
61 USHORT AceSize;
63
65 Ace = ExAllocatePoolWithTag(PagedPool, AceSize, 'cAmK');
66 if (!Ace)
68 Ace->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
69 Ace->Header.AceFlags = Flags;
70 Ace->Header.AceSize = AceSize;
71 Ace->Mask = AccessMask;
73 (PSID)&Ace->SidStart,
74 Sid);
76 if (NT_SUCCESS(Status))
77 {
78 Status = RtlAddAce(Acl,
81 Ace,
82 AceSize);
83 }
84 ExFreePoolWithTag(Ace, 'cAmK');
85 return Status;
86}
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741

Referenced by TestSeAssignSecurity().

◆ VCheckAcl__()

VOID VCheckAcl__ ( _In_ PACL  Acl,
_In_ ULONG  AceCount,
_In_ PCSTR  FileAndLine,
_In_ va_list  Arguments 
)

Definition at line 128 of file SeHelpers.c.

133{
134 ULONG i;
136 PACE_HEADER AceHeader;
137 INT AceType;
140 PISID Sid;
141 PACCESS_ALLOWED_ACE AllowedAce;
142 PACCESS_DENIED_ACE DeniedAce;
143 PSYSTEM_AUDIT_ACE AuditAce;
144
145 KmtOk(Acl != NULL, FileAndLine, "Acl is NULL\n");
146 if (KmtSkip(Acl != NULL, FileAndLine, "No ACL\n"))
147 return;
148 KmtOk((ULONG_PTR)Acl % sizeof(ULONG) == 0, FileAndLine, "Unaligned ACL %p\n", Acl);
149 KmtOk(Acl->AclRevision == ACL_REVISION, FileAndLine, "AclRevision is %u\n", Acl->AclRevision);
150 KmtOk(Acl->Sbz1 == 0, FileAndLine, "Sbz1 is %u\n", Acl->Sbz1);
151 KmtOk(Acl->Sbz2 == 0, FileAndLine, "Sbz2 is %u\n", Acl->Sbz2);
152 KmtOk(Acl->AclSize >= sizeof(*Acl), FileAndLine, "AclSize too small: %u\n", Acl->AclSize);
153 KmtOk(Acl->AceCount == AceCount, FileAndLine, "AceCount is %u, expected %lu\n", Acl->AceCount, AceCount);
154 Offset = sizeof(*Acl);
155 for (i = 0; i < Acl->AceCount; i++)
156 {
157 KmtOk(Acl->AclSize >= Offset + sizeof(*AceHeader), FileAndLine, "AclSize too small (%u) at Offset %lu, ACE #%lu\n", Acl->AclSize, Offset, i);
158 if (Acl->AclSize < Offset + sizeof(*AceHeader))
159 break;
160 AceHeader = (PACE_HEADER)((PUCHAR)Acl + Offset);
161 KmtOk((ULONG_PTR)AceHeader % sizeof(ULONG) == 0, FileAndLine, "[%lu] Unaligned ACE %p\n", i, AceHeader);
162 KmtOk(AceHeader->AceSize % sizeof(ULONG) == 0, FileAndLine, "[%lu] Unaligned ACE size %u\n", i, AceHeader->AceSize);
163 KmtOk(Acl->AclSize >= Offset + AceHeader->AceSize, FileAndLine, "[%lu] AclSize too small (%u) at Offset %lu\n", i, Acl->AclSize, Offset);
164 if (Acl->AclSize < Offset + AceHeader->AceSize)
165 break;
166 Offset += AceHeader->AceSize;
167 if (i >= AceCount)
168 continue;
169 AceType = va_arg(Arguments, INT);
170 AceFlags = va_arg(Arguments, INT);
171 KmtOk(AceHeader->AceType == AceType, FileAndLine, "[%lu] AceType is %u, expected %u\n", i, AceHeader->AceType, AceType);
172 KmtOk(AceHeader->AceFlags == AceFlags, FileAndLine, "[%lu] AceFlags is 0x%x, expected 0x%x\n", i, AceHeader->AceFlags, AceFlags);
174 {
175 Sid = va_arg(Arguments, PSID);
176 Mask = va_arg(Arguments, INT);
177 KmtOk(AceHeader->AceSize >= sizeof(*AllowedAce), FileAndLine, "[%lu] AllowedAce AceSize too small: %u\n", i, AceHeader->AceSize);
178 if (AceHeader->AceSize < sizeof(*AllowedAce))
179 continue;
180 AllowedAce = (PACCESS_ALLOWED_ACE)AceHeader;
181 KmtOk(AllowedAce->Mask == Mask, FileAndLine, "[%lu] AllowedAce Mask is 0x%lx, expected 0x%lx\n", i, AllowedAce->Mask, Mask);
182 CheckSid__((PSID)&AllowedAce->SidStart,
183 AceHeader->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
184 Sid,
185 FileAndLine);
186 }
188 {
189 Sid = va_arg(Arguments, PSID);
190 Mask = va_arg(Arguments, INT);
191 KmtOk(AceHeader->AceSize >= sizeof(*DeniedAce), FileAndLine, "[%lu] DeniedAce AceSize too small: %u\n", i, AceHeader->AceSize);
192 if (AceHeader->AceSize < sizeof(*DeniedAce))
193 continue;
194 DeniedAce = (PACCESS_DENIED_ACE)AceHeader;
195 KmtOk(DeniedAce->Mask == Mask, FileAndLine, "[%lu] DeniedAce Mask is 0x%lx, expected 0x%lx\n", i, DeniedAce->Mask, Mask);
196 CheckSid__((PSID)&DeniedAce->SidStart,
197 AceHeader->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart),
198 Sid,
199 FileAndLine);
200 }
201 else if (AceType == SYSTEM_AUDIT_ACE_TYPE)
202 {
203 Sid = va_arg(Arguments, PSID);
204 Mask = va_arg(Arguments, INT);
205 KmtOk(AceHeader->AceSize >= sizeof(*AuditAce), FileAndLine, "[%lu] AuditAce AceSize too small: %u\n", i, AceHeader->AceSize);
206 if (AceHeader->AceSize < sizeof(*AuditAce))
207 continue;
208 AuditAce = (PSYSTEM_AUDIT_ACE)AceHeader;
209 KmtOk(AuditAce->Mask == Mask, FileAndLine, "[%lu] AuditAce Mask is 0x%lx, expected 0x%lx\n", i, AuditAce->Mask, Mask);
210 CheckSid__((PSID)&AuditAce->SidStart,
211 AceHeader->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart),
212 Sid,
213 FileAndLine);
214 }
215 }
216}
VOID CheckSid__(_In_ PSID Sid, _In_ ULONG SidSize, _In_ PISID ExpectedSid, _In_ PCSTR FileAndLine)
Definition: SeHelpers.c:89
#define va_arg(ap, T)
Definition: acmsvcex.h:89
static const ACEFLAG AceFlags[]
Definition: security.c:2624
static const ACEFLAG AceType[]
Definition: security.c:2583
unsigned int Mask
Definition: fpcontrol.c:82
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct _SYSTEM_AUDIT_ACE * PSYSTEM_AUDIT_ACE
struct _ACCESS_DENIED_ACE * PACCESS_DENIED_ACE
struct _ACE_HEADER * PACE_HEADER
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
ULONG ACCESS_MASK
Definition: nt_native.h:40
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
ACCESS_MASK Mask
Definition: ms-dtyp.idl:232
USHORT AceSize
Definition: ms-dtyp.idl:212
UCHAR AceFlags
Definition: ms-dtyp.idl:211
UCHAR AceType
Definition: ms-dtyp.idl:210
ACCESS_MASK Mask
Definition: ms-dtyp.idl:268
int32_t INT
Definition: typedefs.h:58
uint32_t ULONG_PTR
Definition: typedefs.h:65
unsigned char * PUCHAR
Definition: typedefs.h:53
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
#define ACL_REVISION
Definition: setypes.h:39

Referenced by CheckAcl__(), CheckDirectorySecurity__(), and CheckKeySecurity__().