ReactOS  0.4.14-dev-55-g2da92ac
SeInheritance.c File Reference
#include <kmt_test.h>
#include "se.h"
Include dependency graph for SeInheritance.c:

Go to the source code of this file.

Macros

#define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl)
 
#define EndTestAssign()
 
#define StartTestAssignLoop(Parent, Explicit)
 
#define EndTestAssignLoop()
 
#define TestAssignExpectDefault(Parent, Explicit, IsDir)
 
#define TestAssignExpectDefaultAll()
 

Functions

static VOID TestSeAssignSecurity (_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
 
static VOID NTAPI SystemThread (_In_ PVOID Context)
 
static VOID TestObRootSecurity (VOID)
 
 START_TEST (SeInheritance)
 

Variables

static GENERIC_MAPPING GenericMapping
 

Macro Definition Documentation

◆ EndTestAssign

#define EndTestAssign ( )
Value:
SeDeassignSecurity(&SecurityDescriptor); \
}
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182

◆ EndTestAssignLoop

#define EndTestAssignLoop ( )
Value:
} \
} \
} \
}
#define EndTestAssign()

◆ StartTestAssign

#define StartTestAssign (   Parent,
  Explicit,
  IsDir,
  GotDacl,
  GotSacl 
)

◆ StartTestAssignLoop

#define StartTestAssignLoop (   Parent,
  Explicit 
)
Value:
{ \
BOOLEAN IsDir; \
BOOLEAN UsingParent; \
BOOLEAN UsingExplicit; \
for (IsDir = FALSE; IsDir <= TRUE; IsDir++) \
{ \
for (UsingParent = FALSE; UsingParent <= TRUE; UsingParent++) \
{ \
for (UsingExplicit = FALSE; UsingExplicit <= TRUE; UsingExplicit++) \
{ \
StartTestAssign(UsingParent ? Parent : NULL, \
UsingExplicit ? Explicit : NULL, \
IsDir, \
TRUE, \
#define TRUE
Definition: types.h:120
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:722
smooth NULL
Definition: ftsmooth.c:416

◆ TestAssignExpectDefault

#define TestAssignExpectDefault (   Parent,
  Explicit,
  IsDir 
)
Value:
StartTestAssign(Parent, Explicit, IsDir, TRUE, FALSE) \
ok_eq_uint(DaclDefaulted, FALSE); \
ok_eq_uint(OwnerDefaulted, FALSE); \
CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid); \
ok_eq_uint(GroupDefaulted, FALSE); \
CheckSid(Group, NO_SIZE, Token->PrimaryGroup); \
EndTestAssign()
PSID SeAliasAdminsSid
Definition: setypes.h:1175
_In_opt_ PSID _In_opt_ BOOLEAN OwnerDefaulted
Definition: rtlfuncs.h:1630
#define TRUE
Definition: types.h:120
_In_ BOOLEAN _In_opt_ PACL _In_opt_ BOOLEAN DaclDefaulted
Definition: rtlfuncs.h:1595
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
ACPI_PHYSICAL_ADDRESS ACPI_SIZE BOOLEAN Warn BOOLEAN Physical UINT32 ACPI_TABLE_HEADER *OutTableHeader ACPI_TABLE_HEADER **OutTable ACPI_HANDLE UINT32 ACPI_WALK_CALLBACK ACPI_WALK_CALLBACK void void **ReturnValue UINT32 ACPI_BUFFER *RetPathPtr ACPI_OBJECT_HANDLER void *Data ACPI_OBJECT_HANDLER void **Data ACPI_STRING ACPI_OBJECT_LIST ACPI_BUFFER *ReturnObjectBuffer ACPI_DEVICE_INFO **ReturnBuffer ACPI_HANDLE Parent
Definition: acpixf.h:722
PSE_EXPORTS SeExports
Definition: semgr.c:18
Definition: trio.c:380
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
#define STANDARD_RIGHTS_READ
Definition: nt_native.h:65
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
_In_opt_ PSID _In_opt_ BOOLEAN GroupDefaulted
Definition: rtlfuncs.h:1606
PSID SeLocalSystemSid
Definition: setypes.h:1174

◆ TestAssignExpectDefaultAll

#define TestAssignExpectDefaultAll ( )
Value:
TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE) \
TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE) \
TestAssignExpectDefault(NULL, &ExplicitDescriptor, FALSE) \
TestAssignExpectDefault(NULL, &ExplicitDescriptor, TRUE) \
TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, FALSE) \
TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, TRUE)
#define TRUE
Definition: types.h:120
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
Definition: sefuncs.h:29
smooth NULL
Definition: ftsmooth.c:416
#define TestAssignExpectDefault(Parent, Explicit, IsDir)

Function Documentation

◆ START_TEST()

START_TEST ( SeInheritance  )

Definition at line 948 of file SeInheritance.c.

949 {
951 
955 }
PKTHREAD KmtStartThread(IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext OPTIONAL)
static VOID NTAPI SystemThread(_In_ PVOID Context)
smooth NULL
Definition: ftsmooth.c:416
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
static VOID TestObRootSecurity(VOID)
VOID KmtFinishThread(IN PKTHREAD Thread OPTIONAL, IN PKEVENT Event OPTIONAL)

◆ SystemThread()

static VOID NTAPI SystemThread ( _In_ PVOID  Context)
static

Definition at line 870 of file SeInheritance.c.

872 {
875 
878  /* TODO: Test SeSetSecurityDescrptorInfo[Ex] */
880 }
VOID NTAPI SeCaptureSubjectContext(OUT PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:301
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
VOID NTAPI SeReleaseSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:360
#define ok_eq_pointer(value, expected)
static VOID TestSeAssignSecurity(_In_ PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: SeInheritance.c:21
smooth NULL
Definition: ftsmooth.c:416

Referenced by START_TEST().

◆ TestObRootSecurity()

static VOID TestObRootSecurity ( VOID  )
static

Definition at line 884 of file SeInheritance.c.

885 {
887  UNICODE_STRING ObjectPath = RTL_CONSTANT_STRING(L"\\");
889  HANDLE Handle;
893  PACL Acl;
894  BOOLEAN Present;
895  BOOLEAN Defaulted;
896 
898  &ObjectPath,
900  NULL,
901  NULL);
903  0,
906  if (skip(NT_SUCCESS(Status), "No handle\n"))
907  return;
909  0,
910  NULL,
911  KernelMode,
912  &RootDirectory,
913  NULL);
916  if (skip(NT_SUCCESS(Status), "No object\n"))
917  return;
920  &MemoryAllocated);
923  if (skip(NT_SUCCESS(Status), "No security\n"))
924  return;
926  &Present,
927  &Acl,
928  &Defaulted);
930  ok_eq_uint(Present, TRUE);
931  if (!skip(NT_SUCCESS(Status) && Present, "No DACL\n"))
932  {
933  ok_eq_uint(Defaulted, FALSE);
938  }
940  &Present,
941  &Acl,
942  &Defaulted);
944  ok_eq_uint(Present, FALSE);
946 }
PSID SeAliasAdminsSid
Definition: setypes.h:1175
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define TRUE
Definition: types.h:120
WCHAR RootDirectory[MAX_PATH]
Definition: format.c:74
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_Out_ PSECURITY_DESCRIPTOR _Out_ PBOOLEAN MemoryAllocated
Definition: obfuncs.h:23
LONG NTSTATUS
Definition: precomp.h:26
NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject(_Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes)
VOID NTAPI ObDereferenceObject(IN PVOID Object)
Definition: obref.c:375
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
NTSTATUS NTAPI ObReferenceObjectByHandle(IN HANDLE Handle, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, OUT PVOID *Object, OUT POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL)
Definition: obref.c:496
PSE_EXPORTS SeExports
Definition: semgr.c:18
VOID NTAPI ObReleaseObjectSecurity(IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN MemoryAllocated)
Definition: obsecure.c:709
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI ObGetObjectSecurity(IN PVOID Object, OUT PSECURITY_DESCRIPTOR *SecurityDescriptor, OUT PBOOLEAN MemoryAllocated)
Definition: obsecure.c:611
#define DIRECTORY_TRAVERSE
Definition: nt_native.h:1255
_In_ HANDLE Handle
Definition: extypes.h:390
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3376
static const WCHAR L[]
Definition: oid.c:1250
#define STANDARD_RIGHTS_READ
Definition: nt_native.h:65
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
#define DIRECTORY_ALL_ACCESS
Definition: nt_native.h:1259
#define skip(...)
Definition: atltest.h:64
PSID SeRestrictedSid
Definition: setypes.h:1184
#define DIRECTORY_QUERY
Definition: nt_native.h:1254
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
PSID SeWorldSid
Definition: setypes.h:1165
#define ok_eq_hex(value, expected)
#define ok_eq_uint(value, expected)
Definition: kmt_test.h:239
return STATUS_SUCCESS
Definition: btrfs.c:2966
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
PSID SeLocalSystemSid
Definition: setypes.h:1174
#define CheckAcl(Acl, AceCount,...)
Definition: se.h:62
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

Referenced by START_TEST().

◆ TestSeAssignSecurity()

static VOID TestSeAssignSecurity ( _In_ PSECURITY_SUBJECT_CONTEXT  SubjectContext)
static

Definition at line 21 of file SeInheritance.c.

23 {
25  PTOKEN Token;
27  SECURITY_DESCRIPTOR ParentDescriptor;
29  ACL EmptyAcl;
30  PACL Acl;
31  PACL Acl2;
32  ULONG AclSize;
33  ULONG UsingDefault;
34  ULONG CanInherit;
36  ULONG AceFlags2;
37  ULONG Access;
38  PSID GenericSid;
39  PSID GenericSid2;
40  ACCESS_MASK GenericMask;
41  ACCESS_MASK GenericMask2;
42  PSID SpecificSid;
43  ACCESS_MASK SpecificMask;
44  ACCESS_MASK SpecificMask2;
45  BOOLEAN ParentUsable;
46 
47  Token = SubjectContext->PrimaryToken;
50  CheckSid(Token->UserAndGroups[Token->DefaultOwnerIndex].Sid, NO_SIZE, SeExports->SeAliasAdminsSid);
52 // Flags with no effect on current tests: SEF_SACL_AUTO_INHERIT, SEF_DEFAULT_DESCRIPTOR_FOR_OBJECT
53 #define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl) \
54  SecurityDescriptor = NULL; \
55  Status = SeAssignSecurity (Parent, \
56  Explicit, \
57  &SecurityDescriptor, \
58  /*NULL,*/ \
59  IsDir, \
60  /*0,*/ \
61  SubjectContext, \
62  &GenericMapping, \
63  PagedPool); \
64  ok_eq_hex(Status, STATUS_SUCCESS); \
65  if (!skip(NT_SUCCESS(Status), "No security\n")) \
66  { \
67  PACL Dacl, Sacl; \
68  PSID Owner, Group; \
69  BOOLEAN Present; \
70  BOOLEAN DaclDefaulted, SaclDefaulted; \
71  BOOLEAN OwnerDefaulted, GroupDefaulted; \
72  Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, \
73  &Present, \
74  &Dacl, \
75  &DaclDefaulted); \
76  ok_eq_hex(Status, STATUS_SUCCESS); \
77  ok_eq_uint(Present, GotDacl); \
78  if (!NT_SUCCESS(Status) || !Present) \
79  Dacl = NULL; \
80  Status = RtlGetSaclSecurityDescriptor(SecurityDescriptor, \
81  &Present, \
82  &Sacl, \
83  &SaclDefaulted); \
84  ok_eq_hex(Status, STATUS_SUCCESS); \
85  ok_eq_uint(Present, GotSacl); \
86  if (!NT_SUCCESS(Status) || !Present) \
87  Sacl = NULL; \
88  Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, \
89  &Owner, \
90  &OwnerDefaulted); \
91  ok_eq_hex(Status, STATUS_SUCCESS); \
92  if (skip(NT_SUCCESS(Status), "No owner\n")) \
93  Owner = NULL; \
94  Status = RtlGetGroupSecurityDescriptor(SecurityDescriptor, \
95  &Group, \
96  &GroupDefaulted); \
97  ok_eq_hex(Status, STATUS_SUCCESS); \
98  if (skip(NT_SUCCESS(Status), "No group\n")) \
99  Group = NULL;
100 
101 #define EndTestAssign() \
102  SeDeassignSecurity(&SecurityDescriptor); \
103  }
104 #define StartTestAssignLoop(Parent, Explicit) \
105  { \
106  BOOLEAN IsDir; \
107  BOOLEAN UsingParent; \
108  BOOLEAN UsingExplicit; \
109  for (IsDir = FALSE; IsDir <= TRUE; IsDir++) \
110  { \
111  for (UsingParent = FALSE; UsingParent <= TRUE; UsingParent++) \
112  { \
113  for (UsingExplicit = FALSE; UsingExplicit <= TRUE; UsingExplicit++) \
114  { \
115  StartTestAssign(UsingParent ? Parent : NULL, \
116  UsingExplicit ? Explicit : NULL, \
117  IsDir, \
118  TRUE, \
119  FALSE)
120 #define EndTestAssignLoop() \
121  EndTestAssign() \
122  } \
123  } \
124  } \
125  }
126 #define TestAssignExpectDefault(Parent, Explicit, IsDir) \
127  StartTestAssign(Parent, Explicit, IsDir, TRUE, FALSE) \
128  ok_eq_uint(DaclDefaulted, FALSE); \
129  CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, STANDARD_RIGHTS_ALL | 0x800F, \
130  ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, STANDARD_RIGHTS_READ | 0x0005); \
131  ok_eq_uint(OwnerDefaulted, FALSE); \
132  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid); \
133  ok_eq_uint(GroupDefaulted, FALSE); \
134  CheckSid(Group, NO_SIZE, Token->PrimaryGroup); \
135  EndTestAssign()
136 #define TestAssignExpectDefaultAll() \
137  TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE) \
138  TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE) \
139  TestAssignExpectDefault(NULL, &ExplicitDescriptor, FALSE) \
140  TestAssignExpectDefault(NULL, &ExplicitDescriptor, TRUE) \
141  TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, FALSE) \
142  TestAssignExpectDefault(&ParentDescriptor, &ExplicitDescriptor, TRUE)
143 
146 
147  /* Empty parent/explicit descriptors */
148  Status = RtlCreateSecurityDescriptor(&ParentDescriptor,
155 
156  /* NULL DACL in parent/explicit descriptor */
157  for (UsingDefault = FALSE; UsingDefault <= TRUE; UsingDefault++)
158  {
159  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
160  TRUE,
161  NULL,
162  UsingDefault);
165  TRUE,
166  NULL,
167  UsingDefault);
169  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
170  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
172  if (UsingExplicit)
173  {
174  ok(Dacl == NULL, "Dacl = %p\n", Dacl);
175  }
176  else
177  {
180  }
186  }
187 
188  /* Empty default DACL in parent/explicit descriptor */
189  for (UsingDefault = FALSE; UsingDefault <= TRUE; UsingDefault++)
190  {
191  Status = RtlCreateAcl(&EmptyAcl, sizeof(EmptyAcl), ACL_REVISION);
193  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
194  TRUE,
195  &EmptyAcl,
196  UsingDefault);
199  TRUE,
200  &EmptyAcl,
201  UsingDefault);
203  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
204  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
206  if (UsingExplicit)
207  {
208  CheckAcl(Dacl, 0);
209  }
210  else
211  {
214  }
220  }
221 
222 
223  AclSize = sizeof(ACL) + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + RtlLengthSid(SeExports->SeWorldSid);
224  Acl = ExAllocatePoolWithTag(PagedPool, AclSize, 'ASmK');
225  if (skip(Acl != NULL, "Out of memory\n"))
226  return;
227 
228  Acl2 = ExAllocatePoolWithTag(PagedPool, AclSize, 'ASmK');
229  if (skip(Acl2 != NULL, "Out of memory\n"))
230  {
231  ExFreePoolWithTag(Acl, 'ASmK');
232  return;
233  }
234 
235  /* Simple DACL in parent/explicit descriptor */
236  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
237  {
238  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
242  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
243  TRUE,
244  Acl,
245  BooleanFlagOn(UsingDefault, 1));
248  TRUE,
249  Acl,
250  BooleanFlagOn(UsingDefault, 2));
252  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
253  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
255  if (UsingExplicit)
256  {
258  }
259  else
260  {
263  }
269  }
270 
271  /* Object-inheritable DACL in parent/explicit descriptor */
272  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
273  {
274  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
278  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
279  TRUE,
280  Acl,
281  BooleanFlagOn(UsingDefault, 1));
284  TRUE,
285  Acl,
286  BooleanFlagOn(UsingDefault, 2));
288  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
289  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
291  if (UsingExplicit && (!UsingParent || !FlagOn(UsingDefault, 2)))
292  {
294  }
295  else if (UsingParent)
296  {
298  }
299  else
300  {
303  }
309  }
310 
311  /* Container-inheritable DACL in parent/explicit descriptor */
312  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
313  {
314  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
318  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
319  TRUE,
320  Acl,
321  BooleanFlagOn(UsingDefault, 1));
324  TRUE,
325  Acl,
326  BooleanFlagOn(UsingDefault, 2));
328  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
329  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
331  if (UsingExplicit || (UsingParent && IsDir))
332  {
334  }
335  else
336  {
339  }
345  }
346 
347  /* Fully inheritable DACL in parent/explicit descriptor */
348  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
349  {
350  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
354  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
355  TRUE,
356  Acl,
357  BooleanFlagOn(UsingDefault, 1));
360  TRUE,
361  Acl,
362  BooleanFlagOn(UsingDefault, 2));
364  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
365  //trace("Explicit %u, Parent %u, Dir %u, Default %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault);
367  if (UsingExplicit && (!UsingParent || !FlagOn(UsingDefault, 2)))
368  {
370  }
371  else if (UsingParent)
372  {
374  }
375  else
376  {
379  }
385  }
386 
387  /* Different DACLs in parent and explicit descriptors */
388  for (Access = 0; Access <= 1; Access++)
389  {
390  if (Access == 1)
391  {
392  GenericSid = SeExports->SeCreatorOwnerSid;
393  SpecificSid = SeExports->SeAliasAdminsSid;
394  GenericMask = GENERIC_READ;
395  SpecificMask = STANDARD_RIGHTS_READ | 0x0001;
396  GenericSid2 = SeExports->SeCreatorGroupSid;
397  GenericMask2 = GENERIC_EXECUTE;
398  SpecificMask2 = STANDARD_RIGHTS_EXECUTE | 0x0004;
399  }
400  else
401  {
402  GenericSid = SeExports->SeWorldSid;
403  SpecificSid = SeExports->SeWorldSid;
404  GenericMask = READ_CONTROL;
405  SpecificMask = READ_CONTROL;
406  GenericSid2 = SeExports->SeLocalSystemSid;
407  GenericMask2 = SYNCHRONIZE;
408  SpecificMask2 = SYNCHRONIZE;
409  }
410  for (CanInherit = 0; CanInherit <= 255; CanInherit++)
411  {
412  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
413  {
414  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
416  AceFlags = CanInherit & 0xf;
417  Status = RtlAddAccessAllowedAceEx(Acl, ACL_REVISION, AceFlags, GenericMask, GenericSid);
419  Status = RtlCreateAcl(Acl2, AclSize, ACL_REVISION);
421  AceFlags2 = CanInherit >> 4;
422  Status = RtlAddAccessAllowedAceEx(Acl2, ACL_REVISION, AceFlags2, GenericMask2, GenericSid2);
424  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
425  TRUE,
426  Acl,
427  BooleanFlagOn(UsingDefault, 1));
430  TRUE,
431  Acl2,
432  BooleanFlagOn(UsingDefault, 2));
434  StartTestAssignLoop(&ParentDescriptor, &ExplicitDescriptor)
435  //trace("Explicit %u, Parent %u, Dir %u, Default %u, Inherit %u, Access %u\n", UsingExplicit, UsingParent, IsDir, UsingDefault, CanInherit, Access);
437  ParentUsable = UsingParent;
438  if (!IsDir && !FlagOn(AceFlags, OBJECT_INHERIT_ACE))
439  ParentUsable = FALSE;
440  else if (IsDir && !FlagOn(AceFlags, CONTAINER_INHERIT_ACE) &&
442  ParentUsable = FALSE;
443 
444  if (UsingExplicit && (!FlagOn(UsingDefault, 2) || !ParentUsable))
445  {
446  CheckAcl(Dacl, 1, ACCESS_ALLOWED_ACE_TYPE, AceFlags2, GenericSid2, FlagOn(AceFlags2, INHERIT_ONLY_ACE) ? GenericMask2 : SpecificMask2);
447  }
448  else if (ParentUsable)
449  {
450  if (IsDir && !FlagOn(AceFlags, NO_PROPAGATE_INHERIT_ACE))
451  {
452  if (FlagOn(AceFlags, CONTAINER_INHERIT_ACE) && (SpecificMask != GenericMask || SpecificSid != GenericSid))
453  CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SpecificSid, SpecificMask,
455  else
457  (AceFlags & (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE)), GenericSid, GenericMask);
458  }
459  else
460  CheckAcl(Dacl, 1, ACCESS_ALLOWED_ACE_TYPE, 0, SpecificSid, SpecificMask);
461  }
462  else
463  {
466  }
472  }
473  }
474  }
475 
476  /* NULL parameters */
477  ok_bool_false(KeAreApcsDisabled(), "KeAreApcsDisabled returned");
478  KmtStartSeh()
479  Status = SeAssignSecurity(NULL,
480  NULL,
481  NULL,
482  FALSE,
485  PagedPool);
488 
490  KmtStartSeh()
491  Status = SeAssignSecurity(NULL,
492  NULL,
494  FALSE,
495  NULL,
497  PagedPool);
502 
504  KmtStartSeh()
505  Status = SeAssignSecurity(NULL,
506  NULL,
507  NULL,
508  FALSE,
509  NULL,
511  PagedPool);
514 
515  /* Test with Token == NULL */
516  if (1)
517  {
518  /* Crash in SeLockSubjectContext while holding a critical region */
519  SubjectContext->PrimaryToken = NULL;
520  KmtStartSeh()
522  Status = SeAssignSecurity(NULL,
523  NULL,
525  FALSE,
528  PagedPool);
533  SubjectContext->PrimaryToken = Token;
534  }
536 
537  /* Test with NULL owner in Token */
538  if (1)
539  {
540  /* Crash after locking the subject context */
541  PSID OldOwner;
542  OldOwner = Token->UserAndGroups[Token->DefaultOwnerIndex].Sid;
543  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid = NULL;
544  KmtStartSeh()
546  Status = SeAssignSecurity(NULL,
547  NULL,
549  FALSE,
552  PagedPool);
557  Token->UserAndGroups[Token->DefaultOwnerIndex].Sid = OldOwner;
558  }
560 
561  /* Test with NULL group in Token */
562  if (1)
563  {
564  PSID OldGroup;
565  OldGroup = Token->PrimaryGroup;
566  Token->PrimaryGroup = NULL;
567  KmtStartSeh()
569  Status = SeAssignSecurity(NULL,
570  NULL,
572  FALSE,
575  PagedPool);
578  SeDeassignSecurity(&SecurityDescriptor);
580  Token->PrimaryGroup = OldGroup;
581  }
583 
584  /* Test with NULL DACL in Token */
585  if (1)
586  {
587  PACL OldDacl;
588  OldDacl = Token->DefaultDacl;
589  Token->DefaultDacl = NULL;
590  KmtStartSeh()
593  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
596  EndTestAssign()
598  Token->DefaultDacl = OldDacl;
599  }
601 
602  /* SEF_DEFAULT_OWNER_FROM_PARENT/SEF_DEFAULT_GROUP_FROM_PARENT */
605  NULL,
607  NULL,
608  FALSE,
612  PagedPool);
615  SeDeassignSecurity(&SecurityDescriptor);
618  NULL,
620  NULL,
621  FALSE,
625  PagedPool);
628  SeDeassignSecurity(&SecurityDescriptor);
631  NULL,
633  NULL,
634  FALSE,
638  PagedPool);
641  SeDeassignSecurity(&SecurityDescriptor);
642 
643  /* Quick test whether inheritance for SACLs behaves the same as DACLs */
644  Status = RtlSetDaclSecurityDescriptor(&ParentDescriptor,
645  FALSE,
646  NULL,
647  FALSE);
650  FALSE,
651  NULL,
652  FALSE);
654  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
655  {
656  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
657  TRUE,
658  NULL,
659  BooleanFlagOn(UsingDefault, 1));
662  TRUE,
663  NULL,
664  BooleanFlagOn(UsingDefault, 2));
666 
667  TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
668  TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
676  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
678  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
679  EndTestAssign()
680  }
681 
682  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
683  {
684  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
685  TRUE,
686  &EmptyAcl,
687  BooleanFlagOn(UsingDefault, 1));
690  TRUE,
691  &EmptyAcl,
692  BooleanFlagOn(UsingDefault, 2));
694 
695  TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
696  TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
702  CheckAcl(Sacl, 0);
704  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
706  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
707  EndTestAssign()
708  }
709 
710  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
711  {
712  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
716  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
717  TRUE,
718  Acl,
719  BooleanFlagOn(UsingDefault, 1));
722  TRUE,
723  Acl,
724  BooleanFlagOn(UsingDefault, 2));
726 
727  TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
728  TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
736  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
738  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
739  EndTestAssign()
740  }
741 
742  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
743  {
744  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
748  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
749  TRUE,
750  Acl,
751  BooleanFlagOn(UsingDefault, 1));
754  TRUE,
755  Acl,
756  BooleanFlagOn(UsingDefault, 2));
758 
759  StartTestAssign(&ParentDescriptor, NULL, FALSE, TRUE, TRUE)
766  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
768  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
769  EndTestAssign()
777  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
780  EndTestAssign()
781  }
782 
783  /* ACE type that Win2003 doesn't know about (> ACCESS_MAX_MS_ACE_TYPE) */
784  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
785  {
786  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
790  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
791  TRUE,
792  Acl,
793  BooleanFlagOn(UsingDefault, 1));
796  TRUE,
797  Acl,
798  BooleanFlagOn(UsingDefault, 2));
800 
801  TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
802  TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
810  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
812  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
813  EndTestAssign()
814  }
815 
816  for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
817  {
818  Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
822  Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
823  TRUE,
824  Acl,
825  BooleanFlagOn(UsingDefault, 1));
828  TRUE,
829  Acl,
830  BooleanFlagOn(UsingDefault, 2));
832 
833  StartTestAssign(&ParentDescriptor, NULL, FALSE, TRUE, TRUE)
838  CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
840  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
842  CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
843  EndTestAssign()
851  CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
854  EndTestAssign()
855  }
856 
857  /* TODO: Test object/compound ACEs */
858  /* TODO: Test duplicate ACEs */
859  /* TODO: Test INHERITED_ACE flag */
860  /* TODO: Test invalid ACE flags */
861  /* TODO: Test more AutoInheritFlags values */
862 
863  ExFreePoolWithTag(Acl2, 'ASmK');
864  ExFreePoolWithTag(Acl, 'ASmK');
865 }
PSID SeAliasAdminsSid
Definition: setypes.h:1175
#define CheckSid(Sid, SidSize, ExpectedSid)
Definition: se.h:46
NTKERNELAPI NTSTATUS NTAPI SeAssignSecurityEx(_In_opt_ PSECURITY_DESCRIPTOR ParentDescriptor, _In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor, _Out_ PSECURITY_DESCRIPTOR *NewDescriptor, _In_opt_ GUID *ObjectType, _In_ BOOLEAN IsDirectoryObject, _In_ ULONG AutoInheritFlags, _In_ PSECURITY_SUBJECT_CONTEXT SubjectContext, _In_ PGENERIC_MAPPING GenericMapping, _In_ POOL_TYPE PoolType)
NTSTATUS RtlxAddAuditAccessAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
Definition: SeHelpers.c:12
_Inout_ PLIST_ENTRY _In_ PVOID _In_ PSTRING _In_ BOOLEAN _In_ BOOLEAN _In_ ULONG _In_ PFLT_CALLBACK_DATA _In_opt_ PCHECK_FOR_TRAVERSE_ACCESS _In_opt_ PSECURITY_SUBJECT_CONTEXT SubjectContext
Definition: fltkernel.h:2239
#define KmtInvalidPointer
Definition: kmt_test.h:275
#define GENERIC_ALL
Definition: nt_native.h:92
_In_opt_ PSID _In_opt_ BOOLEAN OwnerDefaulted
Definition: rtlfuncs.h:1630
#define TRUE
Definition: types.h:120
_In_opt_ PSECURITY_DESCRIPTOR ExplicitDescriptor
Definition: sefuncs.h:29
VOID NTAPI SeUnlockSubjectContext(IN PSECURITY_SUBJECT_CONTEXT SubjectContext)
Definition: access.c:336
_In_ BOOLEAN _In_opt_ PACL _In_opt_ BOOLEAN DaclDefaulted
Definition: rtlfuncs.h:1595
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define BooleanFlagOn(F, SF)
Definition: ext2fs.h:183
#define EndTestAssignLoop()
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
#define ok_eq_pointer(value, expected)
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
#define KmtEndSeh(ExpectedStatus)
Definition: kmt_test.h:283
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:716
#define STANDARD_RIGHTS_EXECUTE
Definition: nt_native.h:67
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define ok_bool_false(value, desc)
Definition: kmt_test.h:257
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define ok_bool_true(value, desc)
Definition: kmt_test.h:256
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:721
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:722
PSE_EXPORTS SeExports
Definition: semgr.c:18
#define SEF_DEFAULT_GROUP_FROM_PARENT
Definition: se.h:18
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL, DWORD, DWORD, DWORD, PSID)
unsigned char BOOLEAN
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
Definition: trio.c:380
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
#define StartTestAssignLoop(Parent, Explicit)
NTSTATUS RtlxAddMandatoryLabelAceEx(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ULONG Flags, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid)
Definition: SeHelpers.c:53
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1559
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
#define STATUS_INVALID_PRIMARY_GROUP
Definition: ntstatus.h:313
if(!(yy_init))
Definition: macro.lex.yy.c:714
#define for
Definition: utility.h:88
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define StartTestAssign(Parent, Explicit, IsDir, GotDacl, GotSacl)
#define STATUS_NO_TOKEN
Definition: ntstatus.h:346
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
PSID SeAliasAdminsSid
Definition: sid.c:47
PSID SeCreatorOwnerSid
Definition: sid.c:33
#define GENERIC_READ
Definition: compat.h:124
#define FlagOn(_F, _SF)
Definition: ext2fs.h:179
#define STANDARD_RIGHTS_READ
Definition: nt_native.h:65
#define SYNCHRONIZE
Definition: nt_native.h:61
#define KmtStartSeh()
Definition: kmt_test.h:277
Status
Definition: gdiplustypes.h:24
BOOLEAN NTAPI KeAreApcsDisabled(VOID)
Definition: apc.c:958
static GENERIC_MAPPING GenericMapping
Definition: SeInheritance.c:11
#define EndTestAssign()
#define KeLeaveCriticalRegion()
Definition: ke_x.h:114
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define TestAssignExpectDefaultAll()
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:228
PSID SeCreatorOwnerSid
Definition: setypes.h:1167
#define ok(value,...)
Definition: atltest.h:57
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
#define STATUS_INVALID_OWNER
Definition: ntstatus.h:312
#define skip(...)
Definition: atltest.h:64
#define ACL_REVISION
Definition: setypes.h:39
#define TestAssignExpectDefault(Parent, Explicit, IsDir)
PSID SeLocalSystemSid
Definition: sid.c:44
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:754
unsigned int ULONG
Definition: retypes.h:1
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:687
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
PSID SeWorldSid
Definition: setypes.h:1165
#define ok_eq_hex(value, expected)
#define ok_eq_uint(value, expected)
Definition: kmt_test.h:239
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
_Out_ PBOOLEAN _Out_ PACL _Out_ PBOOLEAN SaclDefaulted
Definition: rtlfuncs.h:2415
#define GENERIC_EXECUTE
Definition: nt_native.h:91
_In_opt_ PSID _In_opt_ BOOLEAN GroupDefaulted
Definition: rtlfuncs.h:1606
return STATUS_SUCCESS
Definition: btrfs.c:2966
PSID SeCreatorGroupSid
Definition: setypes.h:1168
#define SEF_DEFAULT_OWNER_FROM_PARENT
Definition: se.h:17
#define OBJECT_INHERIT_ACE
Definition: setypes.h:714
ULONG ACCESS_MASK
Definition: nt_native.h:40
static const ACEFLAG AceFlags[]
Definition: security.c:2300
PSID SeLocalSystemSid
Definition: setypes.h:1174
#define CheckAcl(Acl, AceCount,...)
Definition: se.h:62

Referenced by SystemThread().

Variable Documentation

◆ GenericMapping

GENERIC_MAPPING GenericMapping
static
Initial value:
=
{
}
#define STANDARD_RIGHTS_WRITE
Definition: nt_native.h:66
#define STANDARD_RIGHTS_EXECUTE
Definition: nt_native.h:67
#define STANDARD_RIGHTS_READ
Definition: nt_native.h:65
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69

Definition at line 11 of file SeInheritance.c.

Referenced by AccessCheck(), AccessCheckAndAuditAlarmA(), AccessCheckAndAuditAlarmW(), CheckTokenMembership(), CmpSecurityMethod(), CreatePrivateObjectSecurity(), CreatePrivateObjectSecurityWithMultipleInheritance(), IopGetSetSecurityObject(), IopSetDeviceSecurityDescriptor(), IopSetDeviceSecurityDescriptors(), NtAccessCheck(), NtAccessCheckAndAuditAlarm(), NtAccessCheckByTypeAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarmByHandle(), ObOpenObjectByName(), ObSetSecurityDescriptorInfo(), RtlConvertToAutoInheritSecurityObject(), RtlCreateUserSecurityObject(), RtlMapGenericMask(), RtlNewInstanceSecurityObject(), RtlNewSecurityGrantedAccess(), RtlNewSecurityObject(), RtlNewSecurityObjectEx(), RtlNewSecurityObjectWithMultipleInheritance(), RtlSetSecurityObject(), RtlSetSecurityObjectEx(), SeAccessCheck(), SeCreateAccessState(), SeCreateAccessStateEx(), SeDefaultObjectMethod(), SepAccessCheck(), SepAccessCheckAndAuditAlarm(), SepPropagateAcl(), SepSelectAcl(), SeSetAccessStateGenericMapping(), SetPrivateObjectSecurity(), START_TEST(), TestSeAssignSecurity(), and WmipSecurityMethod().