53 #define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl) \ 54 SecurityDescriptor = NULL; \ 55 Status = SeAssignSecurity (Parent, \ 57 &SecurityDescriptor, \ 64 ok_eq_hex(Status, STATUS_SUCCESS); \ 65 if (!skip(NT_SUCCESS(Status), "No security\n")) \ 70 BOOLEAN DaclDefaulted, SaclDefaulted; \ 71 BOOLEAN OwnerDefaulted, GroupDefaulted; \ 72 Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, \ 76 ok_eq_hex(Status, STATUS_SUCCESS); \ 77 ok_eq_uint(Present, GotDacl); \ 78 if (!NT_SUCCESS(Status) || !Present) \ 80 Status = RtlGetSaclSecurityDescriptor(SecurityDescriptor, \ 84 ok_eq_hex(Status, STATUS_SUCCESS); \ 85 ok_eq_uint(Present, GotSacl); \ 86 if (!NT_SUCCESS(Status) || !Present) \ 88 Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, \ 91 ok_eq_hex(Status, STATUS_SUCCESS); \ 92 if (skip(NT_SUCCESS(Status), "No owner\n")) \ 94 Status = RtlGetGroupSecurityDescriptor(SecurityDescriptor, \ 97 ok_eq_hex(Status, STATUS_SUCCESS); \ 98 if (skip(NT_SUCCESS(Status), "No group\n")) \ 101 #define EndTestAssign() \ 102 SeDeassignSecurity(&SecurityDescriptor); \ 104 #define StartTestAssignLoop(Parent, Explicit) \ 107 BOOLEAN UsingParent; \ 108 BOOLEAN UsingExplicit; \ 109 for (IsDir = FALSE; IsDir <= TRUE; IsDir++) \ 111 for (UsingParent = FALSE; UsingParent <= TRUE; UsingParent++) \ 113 for (UsingExplicit = FALSE; UsingExplicit <= TRUE; UsingExplicit++) \ 115 StartTestAssign(UsingParent ? Parent : NULL, \ 116 UsingExplicit ? Explicit : NULL, \ 120 #define EndTestAssignLoop() \ 126 #define TestAssignExpectDefault(Parent, Explicit, IsDir) \ 127 StartTestAssign(Parent, Explicit, IsDir, TRUE, FALSE) \ 128 ok_eq_uint(DaclDefaulted, FALSE); \ 129 CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, STANDARD_RIGHTS_ALL | 0x800F, \ 130 ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, STANDARD_RIGHTS_READ | 0x0005); \ 131 ok_eq_uint(OwnerDefaulted, FALSE); \ 132 CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid); \ 133 ok_eq_uint(GroupDefaulted, FALSE); \ 134 CheckSid(Group, NO_SIZE, Token->PrimaryGroup); \ 136 #define TestAssignExpectDefaultAll() \ 137 TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE) \ 138 TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE) \ 139 TestAssignExpectDefault(NULL, &ExplicitDescriptor, FALSE) \ 140 TestAssignExpectDefault(NULL, &ExplicitDescriptor, TRUE) \ 141 TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, FALSE) \ 142 TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, TRUE) 157 for (UsingDefault =
FALSE; UsingDefault <=
TRUE; UsingDefault++)
189 for (UsingDefault =
FALSE; UsingDefault <=
TRUE; UsingDefault++)
225 if (
skip(Acl !=
NULL,
"Out of memory\n"))
229 if (
skip(Acl2 !=
NULL,
"Out of memory\n"))
236 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
272 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
291 if (UsingExplicit && (!UsingParent || !
FlagOn(UsingDefault, 2)))
295 else if (UsingParent)
312 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
331 if (UsingExplicit || (UsingParent && IsDir))
348 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
367 if (UsingExplicit && (!UsingParent || !
FlagOn(UsingDefault, 2)))
371 else if (UsingParent)
388 for (Access = 0; Access <= 1; Access++)
410 for (CanInherit = 0; CanInherit <= 255; CanInherit++)
412 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
421 AceFlags2 = CanInherit >> 4;
437 ParentUsable = UsingParent;
439 ParentUsable =
FALSE;
442 ParentUsable =
FALSE;
444 if (UsingExplicit && (!
FlagOn(UsingDefault, 2) || !ParentUsable))
448 else if (ParentUsable)
542 OldOwner =
Token->UserAndGroups[
Token->DefaultOwnerIndex].Sid;
557 Token->UserAndGroups[
Token->DefaultOwnerIndex].
Sid = OldOwner;
565 OldGroup =
Token->PrimaryGroup;
588 OldDacl =
Token->DefaultDacl;
598 Token->DefaultDacl = OldDacl;
654 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
682 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
710 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
742 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
784 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
816 for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
#define CheckSid(Sid, SidSize, ExpectedSid)
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTSTATUS RtlxAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
#define KmtInvalidPointer
_In_opt_ PSID _In_opt_ BOOLEAN OwnerDefaulted
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
_In_ BOOLEAN _In_opt_ PACL _In_opt_ BOOLEAN DaclDefaulted
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define BooleanFlagOn(F, SF)
#define EndTestAssignLoop()
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define ok_eq_pointer(value, expected)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define KmtEndSeh(ExpectedStatus)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define NO_PROPAGATE_INHERIT_ACE
#define STANDARD_RIGHTS_EXECUTE
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define ok_bool_false(value, desc)
#define SECURITY_DESCRIPTOR_REVISION
#define ok_bool_true(value, desc)
#define SUCCESSFUL_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
#define SEF_DEFAULT_GROUP_FROM_PARENT
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
#define StartTestAssignLoop(Parent, Explicit)
NTSTATUS RtlxAddMandatoryLabelAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
#define CONTAINER_INHERIT_ACE
#define STATUS_INVALID_PRIMARY_GROUP
#define ACCESS_ALLOWED_ACE_TYPE
#define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl)
#define ExAllocatePoolWithTag(hernya, size, tag)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
#define STANDARD_RIGHTS_READ
BOOLEAN NTAPI KeAreApcsDisabled(VOID)
static GENERIC_MAPPING GenericMapping
#define KeLeaveCriticalRegion()
#define STANDARD_RIGHTS_ALL
#define TestAssignExpectDefaultAll()
#define STATUS_ACCESS_VIOLATION
#define FIELD_OFFSET(t, f)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
#define STATUS_INVALID_OWNER
#define TestAssignExpectDefault(Parent, Explicit, IsDir)
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
#define SYSTEM_AUDIT_ACE_TYPE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
#define ok_eq_hex(value, expected)
#define ok_eq_uint(value, expected)
#define ExFreePoolWithTag(_P, _T)
_Out_ PBOOLEAN _Out_ PACL _Out_ PBOOLEAN SaclDefaulted
_In_opt_ PSID _In_opt_ BOOLEAN GroupDefaulted
#define SEF_DEFAULT_OWNER_FROM_PARENT
#define OBJECT_INHERIT_ACE
static const ACEFLAG AceFlags[]
#define CheckAcl(Acl, AceCount,...)