11static GUID ObjectType = {0x12345678, 0x1234, 0x5678, {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}};
12static GUID ChildObjectType = {0x23456789, 0x2345, 0x6786, {0x2, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99}};
33 trace(
"Failed to get current process token (Status 0x%08lx)\n",
Status);
57 trace(
"Failed to duplicate token (Status 0x%08lx)\n",
Status);
62 return DuplicatedToken;
73 ULONG PrivilegeSetLength;
78 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
79 if (PrivilegeSet ==
NULL)
81 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
88 skip(
"Failed to get token, skipping tests\n");
95 skip(
"Failed to create a security descriptor, skipping tests\n");
138 trace(
"===== OBJECT ACCESS & STATUS LIST =====\n");
139 for (
i = 0;
i < ObjectTypeListLength;
i++)
154 ULONG PrivilegeSetLength;
162 GUID ChildObjectType2 = {0x34578901, 0x3456, 0x7896, {0x3, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00}};
163 GUID ChildObjectType3 = {0x45678901, 0x4567, 0x1122, {0x4, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x01}};
164 GUID ChildObjectType4 = {0x56788901, 0x1111, 0x2222, {0x5, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x02}};
165 GUID ChildObjectType5 = {0x67901234, 0x2222, 0x3333, {0x4, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x03}};
169 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
170 if (PrivilegeSet ==
NULL)
172 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
189 skip(
"Failed to create Everyone SID, skipping tests\n");
206 skip(
"Failed to create Admins SID, skipping tests\n");
223 skip(
"Failed to create User SID, skipping tests\n");
230 skip(
"Failed to get token, skipping tests\n");
237 skip(
"Failed to create a security descriptor, skipping tests\n");
250 skip(
"Failed to allocate memory for DACL, skipping tests\n");
259 skip(
"Failed to create DACL, skipping tests\n");
276 skip(
"Failed to add allowed object ACE for Admins SID, skipping tests\n");
289 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
302 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
313 ObjTypeList[0].
Sbz = 0;
317 ObjTypeList[1].
Sbz = 0;
321 ObjTypeList[2].
Sbz = 0;
322 ObjTypeList[2].
ObjectType = &ChildObjectType2;
325 ObjTypeList[3].
Sbz = 0;
326 ObjTypeList[3].
ObjectType = &ChildObjectType3;
329 ObjTypeList[4].
Sbz = 0;
330 ObjTypeList[4].
ObjectType = &ChildObjectType4;
333 ObjTypeList[5].
Sbz = 0;
334 ObjTypeList[5].
ObjectType = &ChildObjectType5;
439 ULONG PrivilegeSetLength;
447 GUID ChildObjectType2 = {0x34578901, 0x3456, 0x7896, {0x3, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00}};
448 GUID ChildObjectType3 = {0x45678901, 0x4567, 0x1122, {0x4, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x01}};
449 GUID ChildObjectType4 = {0x56788901, 0x1111, 0x2222, {0x5, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x02}};
450 GUID ChildObjectType5 = {0x67901234, 0x2222, 0x3333, {0x4, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x03}};
454 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
455 if (PrivilegeSet ==
NULL)
457 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
474 skip(
"Failed to create Everyone SID, skipping tests\n");
491 skip(
"Failed to create Admins SID, skipping tests\n");
508 skip(
"Failed to create User SID, skipping tests\n");
515 skip(
"Failed to get token, skipping tests\n");
522 skip(
"Failed to create a security descriptor, skipping tests\n");
535 skip(
"Failed to allocate memory for DACL, skipping tests\n");
544 skip(
"Failed to create DACL, skipping tests\n");
561 skip(
"Failed to add deny object ACE for Admins SID, skipping tests\n");
574 skip(
"Failed to add deny object ACE for Everyone SID, skipping tests\n");
585 ObjTypeList[0].
Sbz = 0;
589 ObjTypeList[1].
Sbz = 0;
593 ObjTypeList[2].
Sbz = 0;
594 ObjTypeList[2].
ObjectType = &ChildObjectType2;
597 ObjTypeList[3].
Sbz = 0;
598 ObjTypeList[3].
ObjectType = &ChildObjectType3;
601 ObjTypeList[4].
Sbz = 0;
602 ObjTypeList[4].
ObjectType = &ChildObjectType4;
605 ObjTypeList[5].
Sbz = 0;
606 ObjTypeList[5].
ObjectType = &ChildObjectType5;
static SID_IDENTIFIER_AUTHORITY WorldAuthority
static VOID PrintAccessStatusAndGrantedAccess(_In_ PNTSTATUS AccessStatus, _In_ PACCESS_MASK GrantedAccess, _In_ ULONG ObjectTypeListLength)
static VOID DenyAccessTests(VOID)
static HANDLE GetTokenProcess(_In_ BOOLEAN WantImpersonateLevel, _In_ BOOLEAN WantImpersonateType)
static SID_IDENTIFIER_AUTHORITY NtAuthority
static GENERIC_MAPPING RegMapping
static VOID ParamValidationNoObjsList(VOID)
static GUID ChildObjectType
static VOID GrantedAccessTests(VOID)
NTSTATUS NTAPI NtAccessCheckByTypeResultList(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_writes_(ObjectTypeListLength) PACCESS_MASK GrantedAccess, _Out_writes_(ObjectTypeListLength) PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define NT_SUCCESS(StatCode)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
#define InitializeObjectAttributes(p, n, a, r, s)
struct _ACCESS_ALLOWED_OBJECT_ACE ACCESS_ALLOWED_OBJECT_ACE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
ACCESS_MASK * PACCESS_MASK
#define NtCurrentProcess()
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
#define FIELD_OFFSET(t, f)
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define DOMAIN_ALIAS_RID_USERS
#define SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_RID
#define SECURITY_NT_AUTHORITY
#define SECURITY_DESCRIPTOR_REVISION
struct _ACCESS_DENIED_OBJECT_ACE ACCESS_DENIED_OBJECT_ACE
#define ACCESS_PROPERTY_SET_GUID
#define DOMAIN_ALIAS_RID_ADMINS
#define ACCESS_OBJECT_GUID
#define ACCESS_PROPERTY_GUID