ReactOS 0.4.15-dev-5664-g3bf4ef6
SeHelpers.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS kernel-mode tests
3 * LICENSE: LGPLv2.1+ - See COPYING.LIB in the top level directory
4 * PURPOSE: Kernel-Mode Test Suite Helper functions for Se tests
5 * PROGRAMMER: Thomas Faber <thomas.faber@reactos.org>
6 */
7
8#include <kmt_test.h>
9#include "se.h"
10
11NTSTATUS
12RtlxAddAuditAccessAceEx(
13 _Inout_ PACL Acl,
14 _In_ ULONG Revision,
15 _In_ ULONG Flags,
16 _In_ ACCESS_MASK AccessMask,
17 _In_ PSID Sid,
18 _In_ BOOLEAN Success,
19 _In_ BOOLEAN Failure)
20{
21 NTSTATUS Status;
22 USHORT AceSize;
23 PSYSTEM_AUDIT_ACE Ace;
24
25 if (Success) Flags |= SUCCESSFUL_ACCESS_ACE_FLAG;
26 if (Failure) Flags |= FAILED_ACCESS_ACE_FLAG;
27
28 AceSize = FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart) + RtlLengthSid(Sid);
29 Ace = ExAllocatePoolWithTag(PagedPool, AceSize, 'cAmK');
30 if (!Ace)
31 return STATUS_INSUFFICIENT_RESOURCES;
32 Ace->Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
33 Ace->Header.AceFlags = Flags;
34 Ace->Header.AceSize = AceSize;
35 Ace->Mask = AccessMask;
36 Status = RtlCopySid(AceSize - FIELD_OFFSET(SYSTEM_AUDIT_ACE, SidStart),
37 (PSID)&Ace->SidStart,
38 Sid);
39 ASSERT(NT_SUCCESS(Status));
40 if (NT_SUCCESS(Status))
41 {
42 Status = RtlAddAce(Acl,
43 Revision,
44 MAXULONG,
45 Ace,
46 AceSize);
47 }
48 ExFreePoolWithTag(Ace, 'cAmK');
49 return Status;
50}
51
52NTSTATUS
53RtlxAddMandatoryLabelAceEx(
54 _Inout_ PACL Acl,
55 _In_ ULONG Revision,
56 _In_ ULONG Flags,
57 _In_ ACCESS_MASK AccessMask,
58 _In_ PSID Sid)
59{
60 NTSTATUS Status;
61 USHORT AceSize;
62 PSYSTEM_MANDATORY_LABEL_ACE Ace;
63
64 AceSize = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart) + RtlLengthSid(Sid);
65 Ace = ExAllocatePoolWithTag(PagedPool, AceSize, 'cAmK');
66 if (!Ace)
67 return STATUS_INSUFFICIENT_RESOURCES;
68 Ace->Header.AceType = SYSTEM_MANDATORY_LABEL_ACE_TYPE;
69 Ace->Header.AceFlags = Flags;
70 Ace->Header.AceSize = AceSize;
71 Ace->Mask = AccessMask;
72 Status = RtlCopySid(AceSize - FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE, SidStart),
73 (PSID)&Ace->SidStart,
74 Sid);
75 ASSERT(NT_SUCCESS(Status));
76 if (NT_SUCCESS(Status))
77 {
78 Status = RtlAddAce(Acl,
79 Revision,
80 MAXULONG,
81 Ace,
82 AceSize);
83 }
84 ExFreePoolWithTag(Ace, 'cAmK');
85 return Status;
86}
87
88VOID
89CheckSid__(
90 _In_ PSID Sid,
91 _In_ ULONG SidSize,
92 _In_ PISID ExpectedSid,
93 _In_ PCSTR FileAndLine)
94{
95 BOOLEAN Okay;
96 ULONG Length;
97
98 KmtOk(Sid != NULL, FileAndLine, "Sid is NULL\n");
99 if (KmtSkip(Sid != NULL, FileAndLine, "No Sid\n"))
100 return;
101 if (KmtSkip(SidSize >= sizeof(ULONG), FileAndLine, "Sid too small: %lu\n", SidSize))
102 return;
103 Okay = RtlValidSid(Sid);
104 KmtOk(Okay == TRUE, FileAndLine, "Invalid Sid\n");
105 if (KmtSkip(Okay, FileAndLine, "Invalid Sid\n"))
106 return;
107
108 Length = RtlLengthSid(Sid);
109 KmtOk(SidSize >= Length, FileAndLine, "SidSize %lu too small, need %lu\n", SidSize, Length);
110 if (KmtSkip(SidSize >= Length, FileAndLine, "Sid too small\n"))
111 return;
112 Okay = RtlEqualSid(Sid, ExpectedSid);
113 KmtOk(Okay, FileAndLine, "Sids %p and %p not equal\n", Sid, ExpectedSid);
114 if (!Okay)
115 {
116 WCHAR Buffer1[128];
117 WCHAR Buffer2[128];
118 UNICODE_STRING SidString1, SidString2;
119 RtlInitEmptyUnicodeString(&SidString1, Buffer1, sizeof(Buffer1));
120 RtlInitEmptyUnicodeString(&SidString2, Buffer2, sizeof(Buffer2));
121 (void)RtlConvertSidToUnicodeString(&SidString1, Sid, FALSE);
122 (void)RtlConvertSidToUnicodeString(&SidString2, ExpectedSid, FALSE);
123 KmtOk(0, FileAndLine, "Got %wZ, expected %wZ\n", &SidString1, &SidString2);
124 }
125}
126
127VOID
128VCheckAcl__(
129 _In_ PACL Acl,
130 _In_ ULONG AceCount,
131 _In_ PCSTR FileAndLine,
132 _In_ va_list Arguments)
133{
134 ULONG i;
135 ULONG Offset;
136 PACE_HEADER AceHeader;
137 INT AceType;
138 INT AceFlags;
139 ACCESS_MASK Mask;
140 PISID Sid;
141 PACCESS_ALLOWED_ACE AllowedAce;
142 PACCESS_DENIED_ACE DeniedAce;
143 PSYSTEM_AUDIT_ACE AuditAce;
144
145 KmtOk(Acl != NULL, FileAndLine, "Acl is NULL\n");
146 if (KmtSkip(Acl != NULL, FileAndLine, "No ACL\n"))
147 return;
148 KmtOk((ULONG_PTR)Acl % sizeof(ULONG) == 0, FileAndLine, "Unaligned ACL %p\n", Acl);
149 KmtOk(Acl->AclRevision == ACL_REVISION, FileAndLine, "AclRevision is %u\n", Acl->AclRevision);
150 KmtOk(Acl->Sbz1 == 0, FileAndLine, "Sbz1 is %u\n", Acl->Sbz1);
151 KmtOk(Acl->Sbz2 == 0, FileAndLine, "Sbz2 is %u\n", Acl->Sbz2);
152 KmtOk(Acl->AclSize >= sizeof(*Acl), FileAndLine, "AclSize too small: %u\n", Acl->AclSize);
153 KmtOk(Acl->AceCount == AceCount, FileAndLine, "AceCount is %u, expected %lu\n", Acl->AceCount, AceCount);
154 Offset = sizeof(*Acl);
155 for (i = 0; i < Acl->AceCount; i++)
156 {
157 KmtOk(Acl->AclSize >= Offset + sizeof(*AceHeader), FileAndLine, "AclSize too small (%u) at Offset %lu, ACE #%lu\n", Acl->AclSize, Offset, i);
158 if (Acl->AclSize < Offset + sizeof(*AceHeader))
159 break;
160 AceHeader = (PACE_HEADER)((PUCHAR)Acl + Offset);
161 KmtOk((ULONG_PTR)AceHeader % sizeof(ULONG) == 0, FileAndLine, "[%lu] Unaligned ACE %p\n", i, AceHeader);
162 KmtOk(AceHeader->AceSize % sizeof(ULONG) == 0, FileAndLine, "[%lu] Unaligned ACE size %u\n", i, AceHeader->AceSize);
163 KmtOk(Acl->AclSize >= Offset + AceHeader->AceSize, FileAndLine, "[%lu] AclSize too small (%u) at Offset %lu\n", i, Acl->AclSize, Offset);
164 if (Acl->AclSize < Offset + AceHeader->AceSize)
165 break;
166 Offset += AceHeader->AceSize;
167 if (i >= AceCount)
168 continue;
169 AceType = va_arg(Arguments, INT);
170 AceFlags = va_arg(Arguments, INT);
171 KmtOk(AceHeader->AceType == AceType, FileAndLine, "[%lu] AceType is %u, expected %u\n", i, AceHeader->AceType, AceType);
172 KmtOk(AceHeader->AceFlags == AceFlags, FileAndLine, "[%lu] AceFlags is 0x%x, expected 0x%x\n", i, AceHeader->AceFlags, AceFlags);
173 if (AceType == ACCESS_ALLOWED_ACE_TYPE)
174 {
175 Sid = va_arg(Arguments, PSID);
176 Mask = va_arg(Arguments, INT);
177 KmtOk(AceHeader->AceSize >= sizeof(*AllowedAce), FileAndLine, "[%lu] AllowedAce AceSize too small: %u\n", i, AceHeader->AceSize);
178 if (AceHeader->AceSize < sizeof(*AllowedAce))
179 continue;
180 AllowedAce = (PACCESS_ALLOWED_ACE)AceHeader;
181 KmtOk(AllowedAce->Mask == Mask, FileAndLine, "[%lu] AllowedAce Mask is 0x%lx, expected 0x%lx\n", i, AllowedAce->Mask, Mask);
182 CheckSid__((PSID)&AllowedAce->SidStart,
183 AceHeader->AceSize - FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart),
184 Sid,
185 FileAndLine);
186 }
187 else if (AceType == ACCESS_DENIED_ACE_TYPE)
188 {
189 Sid = va_arg(Arguments, PSID);
190 Mask = va_arg(Arguments, INT);
191 KmtOk(AceHeader->AceSize >= sizeof(*DeniedAce), FileAndLine, "[%lu] DeniedAce AceSize too small: %u\n", i, AceHeader->AceSize);
192 if (AceHeader->AceSize < sizeof(*DeniedAce))
193 continue;
194 DeniedAce = (PACCESS_DENIED_ACE)AceHeader;
195 KmtOk(DeniedAce->Mask == Mask, FileAndLine, "[%lu] DeniedAce Mask is 0x%lx, expected 0x%lx\n", i, DeniedAce->Mask, Mask);
196 CheckSid__((PSID)&DeniedAce->SidStart,
197 AceHeader->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart),
198 Sid,
199 FileAndLine);
200 }
201 else if (AceType == SYSTEM_AUDIT_ACE_TYPE)
202 {
203 Sid = va_arg(Arguments, PSID);
204 Mask = va_arg(Arguments, INT);
205 KmtOk(AceHeader->AceSize >= sizeof(*AuditAce), FileAndLine, "[%lu] AuditAce AceSize too small: %u\n", i, AceHeader->AceSize);
206 if (AceHeader->AceSize < sizeof(*AuditAce))
207 continue;
208 AuditAce = (PSYSTEM_AUDIT_ACE)AceHeader;
209 KmtOk(AuditAce->Mask == Mask, FileAndLine, "[%lu] AuditAce Mask is 0x%lx, expected 0x%lx\n", i, AuditAce->Mask, Mask);
210 CheckSid__((PSID)&AuditAce->SidStart,
211 AceHeader->AceSize - FIELD_OFFSET(ACCESS_DENIED_ACE, SidStart),
212 Sid,
213 FileAndLine);
214 }
215 }
216}
217
218VOID
219CheckAcl__(
220 _In_ PACL Acl,
221 _In_ ULONG AceCount,
222 _In_ PCSTR FileAndLine,
223 ...)
224{
225 va_list Arguments;
226
227 va_start(Arguments, FileAndLine);
228 VCheckAcl__(Acl, AceCount, FileAndLine, Arguments);
229 va_end(Arguments);
230}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
VCheckAcl__
VOID VCheckAcl__(_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine, _In_ va_list Arguments)
Definition: SeHelpers.c:128
CheckSid__
VOID CheckSid__(_In_ PSID Sid, _In_ ULONG SidSize, _In_ PISID ExpectedSid, _In_ PCSTR FileAndLine)
Definition: SeHelpers.c:89
CheckAcl__
VOID CheckAcl__(_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine,...)
Definition: SeHelpers.c:219
RtlxAddAuditAccessAceEx
NTSTATUS RtlxAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
Definition: SeHelpers.c:12
RtlxAddMandatoryLabelAceEx
NTSTATUS RtlxAddMandatoryLabelAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
Definition: SeHelpers.c:53
va_list
char * va_list
Definition: acmsvcex.h:78
va_end
#define va_end(ap)
Definition: acmsvcex.h:90
va_start
#define va_start(ap, A)
Definition: acmsvcex.h:91
va_arg
#define va_arg(ap, T)
Definition: acmsvcex.h:89
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Ace
@ Ace
Definition: card.h:12
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
AceFlags
static const ACEFLAG AceFlags[]
Definition: security.c:2423
AceType
static const ACEFLAG AceType[]
Definition: security.c:2382
ExAllocatePoolWithTag
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
PagedPool
#define PagedPool
Definition: env_spec_w32.h:308
Success
@ Success
Definition: eventcreate.c:712
Mask
unsigned int Mask
Definition: fpcontrol.c:82
Status
Status
Definition: gdiplustypes.h:25
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RtlCopySid
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD, PSID, PSID)
kmt_test.h
KmtOk
BOOLEAN BOOLEAN KmtOk(INT Condition, PCSTR FileAndLine, PCSTR Format,...) KMT_FORMAT(ms_printf
KmtSkip
BOOLEAN BOOLEAN VOID VOID BOOLEAN BOOLEAN KmtSkip(INT Condition, PCSTR FileAndLine, PCSTR Format,...) KMT_FORMAT(ms_printf
PUCHAR
unsigned char * PUCHAR
Definition: retypes.h:3
ULONG
unsigned int ULONG
Definition: retypes.h:1
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ExFreePoolWithTag
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
PSYSTEM_AUDIT_ACE
struct _SYSTEM_AUDIT_ACE * PSYSTEM_AUDIT_ACE
PACCESS_DENIED_ACE
struct _ACCESS_DENIED_ACE * PACCESS_DENIED_ACE
PACE_HEADER
struct _ACE_HEADER * PACE_HEADER
PACCESS_ALLOWED_ACE
struct _ACCESS_ALLOWED_ACE * PACCESS_ALLOWED_ACE
_Inout_
#define _Inout_
Definition: ms_sal.h:378
_In_
#define _In_
Definition: ms_sal.h:308
AccessMask
_In_ ACCESS_MASK AccessMask
Definition: exfuncs.h:186
RtlAddAce
NTSYSAPI NTSTATUS NTAPI RtlAddAce(_Inout_ PACL Acl, _In_ ULONG AceRevision, _In_ ULONG StartingAceIndex, _In_reads_bytes_(AceListLength) PVOID AceList, _In_ ULONG AceListLength)
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
RtlValidSid
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
Revision
_In_ ULONG Revision
Definition: rtlfuncs.h:1130
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
Offset
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
RtlConvertSidToUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
USHORT
unsigned short USHORT
Definition: pedump.c:61
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACCESS_ALLOWED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:218
_ACCESS_ALLOWED_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:217
_ACCESS_DENIED_ACE
Definition: ms-dtyp.idl:230
_ACCESS_DENIED_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:233
_ACCESS_DENIED_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:232
_ACE_HEADER
Definition: ms-dtyp.idl:209
_ACE_HEADER::AceSize
USHORT AceSize
Definition: ms-dtyp.idl:212
_ACE_HEADER::AceFlags
UCHAR AceFlags
Definition: ms-dtyp.idl:211
_ACE_HEADER::AceType
UCHAR AceType
Definition: ms-dtyp.idl:210
_ACL
Definition: ms-dtyp.idl:293
_SID
Definition: ms-dtyp.idl:198
_SYSTEM_AUDIT_ACE
Definition: ms-dtyp.idl:266
_SYSTEM_AUDIT_ACE::SidStart
DWORD SidStart
Definition: ms-dtyp.idl:269
_SYSTEM_AUDIT_ACE::Mask
ACCESS_MASK Mask
Definition: ms-dtyp.idl:268
_SYSTEM_MANDATORY_LABEL_ACE
Definition: ms-dtyp.idl:278
_UNICODE_STRING
Definition: env_spec_w32.h:368
MAXULONG
#define MAXULONG
Definition: typedefs.h:251
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
INT
int32_t INT
Definition: typedefs.h:58
PCSTR
const char * PCSTR
Definition: typedefs.h:52
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Flags
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
SYSTEM_AUDIT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180