434{
439 ULONG PrivilegeSetLength;
447 GUID ChildObjectType2 = {0x34578901, 0x3456, 0x7896, {0x3, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00}};
448 GUID ChildObjectType3 = {0x45678901, 0x4567, 0x1122, {0x4, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x01}};
449 GUID ChildObjectType4 = {0x56788901, 0x1111, 0x2222, {0x5, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x02}};
450 GUID ChildObjectType5 = {0x67901234, 0x2222, 0x3333, {0x4, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x03}};
451
452
454 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
455 if (PrivilegeSet ==
NULL)
456 {
457 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
458 return;
459 }
460
462 1,
464 0,
465 0,
466 0,
467 0,
468 0,
469 0,
470 0,
471 &EveryoneSid);
473 {
474 skip(
"Failed to create Everyone SID, skipping tests\n");
475 goto Quit;
476 }
477
479 2,
482 0,
483 0,
484 0,
485 0,
486 0,
487 0,
490 {
491 skip(
"Failed to create Admins SID, skipping tests\n");
492 goto Quit;
493 }
494
496 2,
499 0,
500 0,
501 0,
502 0,
503 0,
504 0,
505 &UsersSid);
507 {
508 skip(
"Failed to create User SID, skipping tests\n");
509 goto Quit;
510 }
511
514 {
515 skip(
"Failed to get token, skipping tests\n");
516 goto Quit;
517 }
518
521 {
522 skip(
"Failed to create a security descriptor, skipping tests\n");
523 goto Quit;
524 }
525
534 {
535 skip(
"Failed to allocate memory for DACL, skipping tests\n");
536 goto Quit;
537 }
538
543 {
544 skip(
"Failed to create DACL, skipping tests\n");
545 goto Quit;
546 }
547
548
549
550
551
554 0,
560 {
561 skip(
"Failed to add deny object ACE for Admins SID, skipping tests\n");
562 goto Quit;
563 }
564
567 0,
571 EveryoneSid);
573 {
574 skip(
"Failed to add deny object ACE for Everyone SID, skipping tests\n");
575 goto Quit;
576 }
577
578
582
583
585 ObjTypeList[0].
Sbz = 0;
587
589 ObjTypeList[1].
Sbz = 0;
591
593 ObjTypeList[2].
Sbz = 0;
594 ObjTypeList[2].
ObjectType = &ChildObjectType2;
595
597 ObjTypeList[3].
Sbz = 0;
598 ObjTypeList[3].
ObjectType = &ChildObjectType3;
599
601 ObjTypeList[4].
Sbz = 0;
602 ObjTypeList[4].
ObjectType = &ChildObjectType4;
603
605 ObjTypeList[5].
Sbz = 0;
606 ObjTypeList[5].
ObjectType = &ChildObjectType5;
607
608
609
610
611
612
613
618 ObjTypeList,
621 PrivilegeSet,
622 &PrivilegeSetLength,
626
629 {
632 }
633
634
639 ObjTypeList,
642 PrivilegeSet,
643 &PrivilegeSetLength,
647
650 {
653 }
654
655Quit:
657 {
659 }
660
662 {
664 }
665
666 if (UsersSid)
667 {
669 }
670
672 {
674 }
675
676 if (EveryoneSid)
677 {
679 }
680
681 if (PrivilegeSet)
682 {
684 }
685}
static SID_IDENTIFIER_AUTHORITY WorldAuthority
static VOID PrintAccessStatusAndGrantedAccess(_In_ PNTSTATUS AccessStatus, _In_ PACCESS_MASK GrantedAccess, _In_ ULONG ObjectTypeListLength)
static HANDLE GetTokenProcess(_In_ BOOLEAN WantImpersonateLevel, _In_ BOOLEAN WantImpersonateType)
static SID_IDENTIFIER_AUTHORITY NtAuthority
static GENERIC_MAPPING RegMapping
static GUID ChildObjectType
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
#define NT_SUCCESS(StatCode)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _ACCESS_ALLOWED_OBJECT_ACE ACCESS_ALLOWED_OBJECT_ACE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
#define FIELD_OFFSET(t, f)
#define STATUS_ACCESS_DENIED
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define DOMAIN_ALIAS_RID_USERS
#define SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_WORLD_RID
#define SECURITY_DESCRIPTOR_REVISION
struct _ACCESS_DENIED_OBJECT_ACE ACCESS_DENIED_OBJECT_ACE
#define ACCESS_PROPERTY_SET_GUID
#define DOMAIN_ALIAS_RID_ADMINS
#define ACCESS_OBJECT_GUID
#define ACCESS_PROPERTY_GUID