ReactOS  0.4.14-dev-593-g1793dcc
security.c File Reference
#include <stdarg.h>
#include <stdio.h>
#include "ntstatus.h"
#include "windef.h"
#include "winbase.h"
#include "winerror.h"
#include "winternl.h"
#include "aclapi.h"
#include "winnt.h"
#include "sddl.h"
#include "ntsecapi.h"
#include "lmcons.h"
#include "wine/test.h"
Include dependency graph for security.c:

Go to the source code of this file.

Classes

struct  NameToLUID
 
union  _MAX_SID
 
struct  well_known_sid_value
 

Macros

#define WIN32_NO_STATUS
 
#define GetCurrentProcessToken()   ((HANDLE)~(ULONG_PTR)3)
 
#define GetCurrentThreadToken()   ((HANDLE)~(ULONG_PTR)4)
 
#define GetCurrentThreadEffectiveToken()   ((HANDLE)~(ULONG_PTR)5)
 
#define PROCESS_QUERY_LIMITED_INFORMATION   0x1000
 
#define PROCESS_ALL_ACCESS_NT4   (PROCESS_ALL_ACCESS & ~0xf000)
 
#define PROCESS_ALL_ACCESS_VISTA   (PROCESS_ALL_ACCESS | 0xf000)
 
#define EVENT_QUERY_STATE   0x0001
 
#define SEMAPHORE_QUERY_STATE   0x0001
 
#define THREAD_SET_LIMITED_INFORMATION   0x0400
 
#define THREAD_QUERY_LIMITED_INFORMATION   0x0800
 
#define THREAD_ALL_ACCESS_NT4   (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)
 
#define THREAD_ALL_ACCESS_VISTA   (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)
 
#define expect_eq(expr, value, type, format)   { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); }
 
#define SID_SLOTS   4
 
#define SE_MIN_WELL_KNOWN_PRIVILEGE   2L
 
#define SE_CREATE_TOKEN_PRIVILEGE   2L
 
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE   3L
 
#define SE_LOCK_MEMORY_PRIVILEGE   4L
 
#define SE_INCREASE_QUOTA_PRIVILEGE   5L
 
#define SE_MACHINE_ACCOUNT_PRIVILEGE   6L
 
#define SE_TCB_PRIVILEGE   7L
 
#define SE_SECURITY_PRIVILEGE   8L
 
#define SE_TAKE_OWNERSHIP_PRIVILEGE   9L
 
#define SE_LOAD_DRIVER_PRIVILEGE   10L
 
#define SE_SYSTEM_PROFILE_PRIVILEGE   11L
 
#define SE_SYSTEMTIME_PRIVILEGE   12L
 
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE   13L
 
#define SE_INC_BASE_PRIORITY_PRIVILEGE   14L
 
#define SE_CREATE_PAGEFILE_PRIVILEGE   15L
 
#define SE_CREATE_PERMANENT_PRIVILEGE   16L
 
#define SE_BACKUP_PRIVILEGE   17L
 
#define SE_RESTORE_PRIVILEGE   18L
 
#define SE_SHUTDOWN_PRIVILEGE   19L
 
#define SE_DEBUG_PRIVILEGE   20L
 
#define SE_AUDIT_PRIVILEGE   21L
 
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE   22L
 
#define SE_CHANGE_NOTIFY_PRIVILEGE   23L
 
#define SE_REMOTE_SHUTDOWN_PRIVILEGE   24L
 
#define SE_UNDOCK_PRIVILEGE   25L
 
#define SE_SYNC_AGENT_PRIVILEGE   26L
 
#define SE_ENABLE_DELEGATION_PRIVILEGE   27L
 
#define SE_MANAGE_VOLUME_PRIVILEGE   28L
 
#define SE_IMPERSONATE_PRIVILEGE   29L
 
#define SE_CREATE_GLOBAL_PRIVILEGE   30L
 
#define SE_MAX_WELL_KNOWN_PRIVILEGE   SE_CREATE_GLOBAL_PRIVILEGE
 
#define TEST_GRANTED_ACCESS(a, b)   test_granted_access(a,b,0,__LINE__)
 
#define TEST_GRANTED_ACCESS2(a, b, c)   test_granted_access(a,b,c,__LINE__)
 
#define CHECK_SET_SECURITY(o, i, e)
 
#define CHECK_RESULT_AND_FREE(exp_str)
 
#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2)
 
#define WINE_TEST_PIPE   "\\\\.\\pipe\\WineTestPipe"
 

Typedefs

typedef union _MAX_SID MAX_SID
 

Functions

static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL
 
static VOID (WINAPI *pBuildTrusteeWithSidA)(PTRUSTEEA pTrustee
 
static LPSTR (WINAPI *pGetTrusteeNameA)(PTRUSTEEA pTrustee)
 
static DWORD (WINAPI *pGetNamedSecurityInfoA)(LPSTR
 
static PDWORD (WINAPI *pGetSidSubAuthority)(PSID
 
static PUCHAR (WINAPI *pGetSidSubAuthorityCount)(PSID)
 
static NTSTATUS (WINAPI *pLsaQueryInformationPolicy)(LSA_HANDLE
 
static DWORD *static void (WINAPI *pRtlInitAnsiString)(PANSI_STRING
 
static PSID_IDENTIFIER_AUTHORITY (WINAPI *pGetSidIdentifierAuthority)(PSID)
 
static const chardebugstr_sid (PSID sid)
 
static void init (void)
 
static SECURITY_DESCRIPTORtest_get_security_descriptor (HANDLE handle, int line)
 
static void test_owner_equal (HANDLE Handle, PSID expected, int line)
 
static void test_group_equal (HANDLE Handle, PSID expected, int line)
 
static void test_sid (void)
 
static void test_trustee (void)
 
static void test_allocateLuid (void)
 
static void test_lookupPrivilegeName (void)
 
static void test_lookupPrivilegeValue (void)
 
static void test_luid (void)
 
static void test_FileSecurity (void)
 
static void test_AccessCheck (void)
 
static void test_token_attr (void)
 
static void test_GetTokenInformation (void)
 
static void test_sid_str (PSID *sid)
 
static void test_CreateWellKnownSid (void)
 
static void test_LookupAccountSid (void)
 
static BOOL get_sid_info (PSID psid, LPSTR *user, LPSTR *dom)
 
static void check_wellknown_name (const char *name, WELL_KNOWN_SID_TYPE result)
 
static void test_LookupAccountName (void)
 
static void test_security_descriptor (void)
 
static void test_granted_access (HANDLE handle, ACCESS_MASK access, ACCESS_MASK alt, int line)
 
static void test_process_security (void)
 
static void test_process_security_child (void)
 
static void test_impersonation_level (void)
 
static void test_SetEntriesInAclW (void)
 
static void test_SetEntriesInAclA (void)
 
static void get_nt_pathW (const char *name, UNICODE_STRING *nameW)
 
static void test_inherited_dacl (PACL dacl, PSID admin_sid, PSID user_sid, DWORD flags, DWORD mask, BOOL todo_count, BOOL todo_sid, BOOL todo_flags, int line)
 
static void test_CreateDirectoryA (void)
 
static void test_GetNamedSecurityInfoA (void)
 
static void test_ConvertStringSecurityDescriptor (void)
 
static void test_ConvertSecurityDescriptorToString (void)
 
static void test_SetSecurityDescriptorControl (PSECURITY_DESCRIPTOR sec)
 
static void test_PrivateObjectSecurity (void)
 
static void test_acls (void)
 
static void test_GetSecurityInfo (void)
 
static void test_GetSidSubAuthority (void)
 
static void test_CheckTokenMembership (void)
 
static void test_EqualSid (void)
 
static void test_GetUserNameA (void)
 
static void test_GetUserNameW (void)
 
static void test_CreateRestrictedToken (void)
 
static void validate_default_security_descriptor (SECURITY_DESCRIPTOR *sd)
 
static void test_default_handle_security (HANDLE token, HANDLE handle, GENERIC_MAPPING *mapping)
 
static ACCESS_MASK get_obj_access (HANDLE obj)
 
static void test_mutex_security (HANDLE token)
 
static void test_event_security (HANDLE token)
 
static void test_semaphore_security (HANDLE token)
 
static void test_named_pipe_security (HANDLE token)
 
static void test_file_security (HANDLE token)
 
static void test_filemap_security (void)
 
static void test_thread_security (void)
 
static void test_process_access (void)
 
static BOOL validate_impersonation_token (HANDLE token, DWORD *token_type)
 
static void test_kernel_objects_security (void)
 
static void test_TokenIntegrityLevel (void)
 
static void test_default_dacl_owner_sid (void)
 
static void test_AdjustTokenPrivileges (void)
 
static void test_AddAce (void)
 
static void test_AddMandatoryAce (void)
 
static void test_system_security_access (void)
 
static void test_GetWindowsAccountDomainSid (void)
 
static void test_GetSidIdentifierAuthority (void)
 
static void test_pseudo_tokens (void)
 
static void test_maximum_allowed (void)
 
static void test_token_label (void)
 
static void test_token_security_descriptor (void)
 
static void test_child_token_sd (void)
 
static void test_child_token_sd_restricted (void)
 
static void test_child_token_sd_medium (void)
 
static void test_GetExplicitEntriesFromAclW (void)
 
static void test_BuildSecurityDescriptorW (void)
 
 START_TEST (security)
 

Variables

static DWORD
 
static PSID
 
static BOOL
 
static PSID pSid
 
static LPSTR pName
 
static POBJECTS_AND_NAME_A pObjName
 
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE ObjectType
 
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
 
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
 
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR Name
 
static POBJECTS_AND_SID pObjSid
 
static POBJECTS_AND_SID GUIDpObjectGuid
 
static POBJECTS_AND_SID GUID GUIDpInheritedObjectGuid
 
static PSECURITY_DESCRIPTOR
 
static LPDWORD
 
static PBOOL
 
static PSECURITY_DESCRIPTOR PULONG
 
static SECURITY_INFORMATION
 
static SE_OBJECT_TYPE
 
static PSID PSID PACL PACL PSECURITY_DESCRIPTOR *static PACL
 
static BOOLEAN
 
static PBOOLEAN
 
static DWORD *static LPSECURITY_ATTRIBUTES
 
static DWORD *static SECURITY_IMPERSONATION_LEVEL
 
static DWORD *static TOKEN_TYPE
 
static DWORD *static PHANDLE
 
static POLICY_INFORMATION_CLASS
 
static PLSA_OBJECT_ATTRIBUTES
 
static ACCESS_MASK
 
static PLSA_HANDLE
 
static OBJECT_INFORMATION_CLASS
 
static PVOID
 
static ULONG
 
static PEXPLICIT_ACCESSW
 
static PACL *static PEXPLICIT_ACCESSA
 
static PACL *static PACL *static SECURITY_DESCRIPTOR_CONTROL
 
static HANDLE
 
static PGENERIC_MAPPING
 
static PPRIVILEGE_SET
 
static NTSTATUS *static PSID_AND_ATTRIBUTES
 
static NTSTATUS *static PLUID_AND_ATTRIBUTES
 
static LPVOID
 
static ACL_INFORMATION_CLASS
 
static POBJECT_ATTRIBUTES
 
static PIO_STATUS_BLOCK
 
static PLARGE_INTEGER
 
static PUNICODE_STRING
 
static PWSTR CURDIR *static PCANSI_STRING
 
static DWORD *static PCSZ
 
static PEXPLICIT_ACCESSW *static HMODULE hmod
 
static int myARGC
 
static char ** myARGV
 
static char debugsid_str [SID_SLOTS][256]
 
static int debugsid_index = 0
 
static const struct well_known_sid_value well_known_sid_values []
 

Macro Definition Documentation

◆ CHECK_ONE_OF_AND_FREE

#define CHECK_ONE_OF_AND_FREE (   exp_str1,
  exp_str2 
)
Value:
ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %d)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
LocalFree(string);
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
GLenum GLsizei len
Definition: glext.h:6722
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
#define ok(value,...)
Definition: atltest.h:57
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469

◆ CHECK_RESULT_AND_FREE

#define CHECK_RESULT_AND_FREE (   exp_str)
Value:
ok(strcmp(string, (exp_str)) == 0, "String mismatch (expected \"%s\", got \"%s\")\n", (exp_str), string); \
ok(len >= (strlen(exp_str) + 1), "Length mismatch (expected %d, got %d)\n", lstrlenA(exp_str) + 1, len); \
LocalFree(string);
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
GLenum GLsizei len
Definition: glext.h:6722
int WINAPI lstrlenA(LPCSTR lpString)
Definition: lstring.c:145
#define ok(value,...)
Definition: atltest.h:57
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469

◆ CHECK_SET_SECURITY

#define CHECK_SET_SECURITY (   o,
  i,
  e 
)
Value:
do{ \
BOOL res_; \
DWORD err; \
SetLastError( 0xdeadbeef ); \
err = GetLastError(); \
if (e == ERROR_SUCCESS) \
ok(res_, "SetKernelObjectSecurity failed with %d\n", err); \
ok(!res_ && err == e, "SetKernelObjectSecurity should have failed " \
"with %s, instead of %d\n", #e, err); \
}while(0)
#define ERROR_SUCCESS
Definition: deptool.c:10
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define e
Definition: ke_i.h:82
#define err(...)
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1604
#define ok(value,...)
Definition: atltest.h:57

Definition at line 2895 of file security.c.

◆ EVENT_QUERY_STATE

#define EVENT_QUERY_STATE   0x0001

Definition at line 53 of file security.c.

◆ expect_eq

#define expect_eq (   expr,
  value,
  type,
  format 
)    { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); }

Definition at line 68 of file security.c.

◆ GetCurrentProcessToken

#define GetCurrentProcessToken ( )    ((HANDLE)~(ULONG_PTR)3)

Definition at line 40 of file security.c.

◆ GetCurrentThreadEffectiveToken

#define GetCurrentThreadEffectiveToken ( )    ((HANDLE)~(ULONG_PTR)5)

Definition at line 42 of file security.c.

◆ GetCurrentThreadToken

#define GetCurrentThreadToken ( )    ((HANDLE)~(ULONG_PTR)4)

Definition at line 41 of file security.c.

◆ PROCESS_ALL_ACCESS_NT4

#define PROCESS_ALL_ACCESS_NT4   (PROCESS_ALL_ACCESS & ~0xf000)

Definition at line 49 of file security.c.

◆ PROCESS_ALL_ACCESS_VISTA

#define PROCESS_ALL_ACCESS_VISTA   (PROCESS_ALL_ACCESS | 0xf000)

Definition at line 50 of file security.c.

◆ PROCESS_QUERY_LIMITED_INFORMATION

#define PROCESS_QUERY_LIMITED_INFORMATION   0x1000

Definition at line 45 of file security.c.

◆ SE_ASSIGNPRIMARYTOKEN_PRIVILEGE

#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE   3L

Definition at line 657 of file security.c.

◆ SE_AUDIT_PRIVILEGE

#define SE_AUDIT_PRIVILEGE   21L

Definition at line 675 of file security.c.

◆ SE_BACKUP_PRIVILEGE

#define SE_BACKUP_PRIVILEGE   17L

Definition at line 671 of file security.c.

◆ SE_CHANGE_NOTIFY_PRIVILEGE

#define SE_CHANGE_NOTIFY_PRIVILEGE   23L

Definition at line 677 of file security.c.

◆ SE_CREATE_GLOBAL_PRIVILEGE

#define SE_CREATE_GLOBAL_PRIVILEGE   30L

Definition at line 684 of file security.c.

◆ SE_CREATE_PAGEFILE_PRIVILEGE

#define SE_CREATE_PAGEFILE_PRIVILEGE   15L

Definition at line 669 of file security.c.

◆ SE_CREATE_PERMANENT_PRIVILEGE

#define SE_CREATE_PERMANENT_PRIVILEGE   16L

Definition at line 670 of file security.c.

◆ SE_CREATE_TOKEN_PRIVILEGE

#define SE_CREATE_TOKEN_PRIVILEGE   2L

Definition at line 656 of file security.c.

◆ SE_DEBUG_PRIVILEGE

#define SE_DEBUG_PRIVILEGE   20L

Definition at line 674 of file security.c.

◆ SE_ENABLE_DELEGATION_PRIVILEGE

#define SE_ENABLE_DELEGATION_PRIVILEGE   27L

Definition at line 681 of file security.c.

◆ SE_IMPERSONATE_PRIVILEGE

#define SE_IMPERSONATE_PRIVILEGE   29L

Definition at line 683 of file security.c.

◆ SE_INC_BASE_PRIORITY_PRIVILEGE

#define SE_INC_BASE_PRIORITY_PRIVILEGE   14L

Definition at line 668 of file security.c.

◆ SE_INCREASE_QUOTA_PRIVILEGE

#define SE_INCREASE_QUOTA_PRIVILEGE   5L

Definition at line 659 of file security.c.

◆ SE_LOAD_DRIVER_PRIVILEGE

#define SE_LOAD_DRIVER_PRIVILEGE   10L

Definition at line 664 of file security.c.

◆ SE_LOCK_MEMORY_PRIVILEGE

#define SE_LOCK_MEMORY_PRIVILEGE   4L

Definition at line 658 of file security.c.

◆ SE_MACHINE_ACCOUNT_PRIVILEGE

#define SE_MACHINE_ACCOUNT_PRIVILEGE   6L

Definition at line 660 of file security.c.

◆ SE_MANAGE_VOLUME_PRIVILEGE

#define SE_MANAGE_VOLUME_PRIVILEGE   28L

Definition at line 682 of file security.c.

◆ SE_MAX_WELL_KNOWN_PRIVILEGE

#define SE_MAX_WELL_KNOWN_PRIVILEGE   SE_CREATE_GLOBAL_PRIVILEGE

Definition at line 685 of file security.c.

◆ SE_MIN_WELL_KNOWN_PRIVILEGE

#define SE_MIN_WELL_KNOWN_PRIVILEGE   2L

Definition at line 655 of file security.c.

◆ SE_PROF_SINGLE_PROCESS_PRIVILEGE

#define SE_PROF_SINGLE_PROCESS_PRIVILEGE   13L

Definition at line 667 of file security.c.

◆ SE_REMOTE_SHUTDOWN_PRIVILEGE

#define SE_REMOTE_SHUTDOWN_PRIVILEGE   24L

Definition at line 678 of file security.c.

◆ SE_RESTORE_PRIVILEGE

#define SE_RESTORE_PRIVILEGE   18L

Definition at line 672 of file security.c.

◆ SE_SECURITY_PRIVILEGE

#define SE_SECURITY_PRIVILEGE   8L

Definition at line 662 of file security.c.

◆ SE_SHUTDOWN_PRIVILEGE

#define SE_SHUTDOWN_PRIVILEGE   19L

Definition at line 673 of file security.c.

◆ SE_SYNC_AGENT_PRIVILEGE

#define SE_SYNC_AGENT_PRIVILEGE   26L

Definition at line 680 of file security.c.

◆ SE_SYSTEM_ENVIRONMENT_PRIVILEGE

#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE   22L

Definition at line 676 of file security.c.

◆ SE_SYSTEM_PROFILE_PRIVILEGE

#define SE_SYSTEM_PROFILE_PRIVILEGE   11L

Definition at line 665 of file security.c.

◆ SE_SYSTEMTIME_PRIVILEGE

#define SE_SYSTEMTIME_PRIVILEGE   12L

Definition at line 666 of file security.c.

◆ SE_TAKE_OWNERSHIP_PRIVILEGE

#define SE_TAKE_OWNERSHIP_PRIVILEGE   9L

Definition at line 663 of file security.c.

◆ SE_TCB_PRIVILEGE

#define SE_TCB_PRIVILEGE   7L

Definition at line 661 of file security.c.

◆ SE_UNDOCK_PRIVILEGE

#define SE_UNDOCK_PRIVILEGE   25L

Definition at line 679 of file security.c.

◆ SEMAPHORE_QUERY_STATE

#define SEMAPHORE_QUERY_STATE   0x0001

Definition at line 57 of file security.c.

◆ SID_SLOTS

#define SID_SLOTS   4

Definition at line 147 of file security.c.

◆ TEST_GRANTED_ACCESS

#define TEST_GRANTED_ACCESS (   a,
  b 
)    test_granted_access(a,b,0,__LINE__)

Definition at line 2869 of file security.c.

◆ TEST_GRANTED_ACCESS2

#define TEST_GRANTED_ACCESS2 (   a,
  b,
  c 
)    test_granted_access(a,b,c,__LINE__)

Definition at line 2870 of file security.c.

◆ THREAD_ALL_ACCESS_NT4

#define THREAD_ALL_ACCESS_NT4   (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)

Definition at line 65 of file security.c.

◆ THREAD_ALL_ACCESS_VISTA

#define THREAD_ALL_ACCESS_VISTA   (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)

Definition at line 66 of file security.c.

◆ THREAD_QUERY_LIMITED_INFORMATION

#define THREAD_QUERY_LIMITED_INFORMATION   0x0800

Definition at line 62 of file security.c.

◆ THREAD_SET_LIMITED_INFORMATION

#define THREAD_SET_LIMITED_INFORMATION   0x0400

Definition at line 61 of file security.c.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 26 of file security.c.

◆ WINE_TEST_PIPE

#define WINE_TEST_PIPE   "\\\\.\\pipe\\WineTestPipe"

Definition at line 5867 of file security.c.

Typedef Documentation

◆ MAX_SID

typedef union _MAX_SID MAX_SID

Function Documentation

◆ BOOL()

static BOOL ( WINAPI pAddAccessAllowedAceEx)
static

◆ check_wellknown_name()

static void check_wellknown_name ( const char name,
WELL_KNOWN_SID_TYPE  result 
)
static

Definition at line 2490 of file security.c.

2491 {
2493  PSID domainsid = NULL;
2494  char wk_sid[SECURITY_MAX_SID_SIZE];
2495  DWORD cb;
2496 
2497  DWORD sid_size, domain_size;
2498  SID_NAME_USE sid_use;
2499  LPSTR domain, account, sid_domain, wk_domain, wk_account;
2500  PSID psid;
2501  BOOL ret ,ret2;
2502 
2503  sid_size = 0;
2504  domain_size = 0;
2505  ret = LookupAccountNameA(NULL, name, NULL, &sid_size, NULL, &domain_size, &sid_use);
2506  ok(!ret, " %s Should have failed to lookup account name\n", name);
2507  psid = HeapAlloc(GetProcessHeap(),0,sid_size);
2508  domain = HeapAlloc(GetProcessHeap(),0,domain_size);
2509  ret = LookupAccountNameA(NULL, name, psid, &sid_size, domain, &domain_size, &sid_use);
2510 
2511  if (!result)
2512  {
2513  ok(!ret, " %s Should have failed to lookup account name\n",name);
2514  goto cleanup;
2515  }
2516 
2517  AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2518  cb = sizeof(wk_sid);
2519  if (!pCreateWellKnownSid(result, domainsid, wk_sid, &cb))
2520  {
2521  win_skip("SID %i is not available on the system\n",result);
2522  goto cleanup;
2523  }
2524 
2525  ret2 = get_sid_info(wk_sid, &wk_account, &wk_domain);
2526  if (!ret2 && GetLastError() == ERROR_NONE_MAPPED)
2527  {
2528  win_skip("CreateWellKnownSid() succeeded but the account '%s' is not present (W2K)\n", name);
2529  goto cleanup;
2530  }
2531 
2532  get_sid_info(psid, &account, &sid_domain);
2533 
2534  ok(ret, "Failed to lookup account name %s\n",name);
2535  ok(sid_size != 0, "sid_size was zero\n");
2536 
2537  ok(EqualSid(psid,wk_sid),"%s Sid %s fails to match well known sid %s!\n",
2538  name, debugstr_sid(psid), debugstr_sid(wk_sid));
2539 
2540  ok(!lstrcmpA(account, wk_account), "Expected %s , got %s\n", account, wk_account);
2541  ok(!lstrcmpA(domain, wk_domain), "Expected %s, got %s\n", wk_domain, domain);
2542  ok(sid_use == SidTypeWellKnownGroup , "Expected Use (5), got %d\n", sid_use);
2543 
2544 cleanup:
2545  FreeSid(domainsid);
2546  HeapFree(GetProcessHeap(),0,psid);
2548 }
void account(int argc, const char *argv[])
Definition: cmds.c:1690
enum _SID_NAME_USE SID_NAME_USE
#define SECURITY_MAX_SID_SIZE
Definition: setypes.h:458
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:1688
#define ERROR_NONE_MAPPED
Definition: winerror.h:814
int WINAPI lstrcmpA(LPCSTR lpString1, LPCSTR lpString2)
Definition: lstring.c:18
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
static const char * debugstr_sid(PSID sid)
Definition: security.c:150
char * LPSTR
Definition: xmlstorage.h:182
Definition: cookie.c:41
unsigned int BOOL
Definition: ntddk_ex.h:94
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:577
smooth NULL
Definition: ftsmooth.c:416
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
_In_ ULONG _In_ ULONG_PTR ident
Definition: winddi.h:3993
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
unsigned long DWORD
Definition: ntddk_ex.h:95
int ret
#define ok(value,...)
Definition: atltest.h:57
static HMODULE MODULEINFO DWORD cb
Definition: module.c:32
Definition: name.c:38
char * cleanup(char *str)
Definition: wpickclick.c:99
static BOOL get_sid_info(PSID psid, LPSTR *user, LPSTR *dom)
Definition: security.c:2473
GLuint64EXT * result
Definition: glext.h:11304
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:549
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:553

Referenced by test_LookupAccountName().

◆ debugstr_sid()

static const char* debugstr_sid ( PSID  sid)
static

Definition at line 150 of file security.c.

151 {
152  LPSTR sidstr;
153  DWORD le = GetLastError();
156 
157  if (!ConvertSidToStringSidA(sid, &sidstr))
158  sprintf(res, "ConvertSidToStringSidA failed le=%u", GetLastError());
159  else if (strlen(sidstr) > sizeof(*debugsid_str) - 1)
160  {
161  memcpy(res, sidstr, sizeof(*debugsid_str) - 4);
162  strcpy(res + sizeof(*debugsid_str) - 4, "...");
163  LocalFree(sidstr);
164  }
165  else
166  {
167  strcpy(res, sidstr);
168  LocalFree(sidstr);
169  }
170  /* Restore the last error in case ConvertSidToStringSidA() modified it */
171  SetLastError(le);
172  return res;
173 }
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
static char debugsid_str[SID_SLOTS][256]
Definition: security.c:148
FT_UInt sid
Definition: cffcmap.c:139
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
char * LPSTR
Definition: xmlstorage.h:182
#define sprintf(buf, format,...)
Definition: sprintf.c:55
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:417
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3313
#define SID_SLOTS
Definition: security.c:147
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
static int debugsid_index
Definition: security.c:149
GLuint res
Definition: glext.h:9613
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388

Referenced by check_wellknown_name(), test_EqualSid(), test_GetNamedSecurityInfoA(), test_GetSecurityInfo(), test_GetWindowsAccountDomainSid(), test_group_equal(), test_inherited_dacl(), test_owner_equal(), and test_TokenIntegrityLevel().

◆ DWORD()

static DWORD ( WINAPI pGetNamedSecurityInfoA)
static

◆ get_nt_pathW()

static void get_nt_pathW ( const char name,
UNICODE_STRING nameW 
)
static

Definition at line 3548 of file security.c.

3549 {
3551  ANSI_STRING str;
3552  NTSTATUS status;
3553  BOOLEAN ret;
3554 
3555  pRtlInitAnsiString(&str, name);
3556 
3557  status = pRtlAnsiStringToUnicodeString(&strW, &str, TRUE);
3558  ok(!status, "RtlAnsiStringToUnicodeString failed with %08x\n", status);
3559 
3560  ret = pRtlDosPathNameToNtPathName_U(strW.Buffer, nameW, NULL, NULL);
3561  ok(ret, "RtlDosPathNameToNtPathName_U failed\n");
3562 
3563  pRtlFreeUnicodeString(&strW);
3564 }
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
WCHAR strW[12]
Definition: clipboard.c:2029
const WCHAR * str
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
static const WCHAR nameW[]
Definition: main.c:46
int ret
#define ok(value,...)
Definition: atltest.h:57
Definition: name.c:38
static SERVICE_STATUS status
Definition: service.c:31
Definition: ps.c:97

Referenced by test_CreateDirectoryA().

◆ get_obj_access()

static ACCESS_MASK get_obj_access ( HANDLE  obj)
static

Definition at line 5690 of file security.c.

5691 {
5693  NTSTATUS status;
5694 
5695  if (!pNtQueryObject) return 0;
5696 
5697  status = pNtQueryObject(obj, ObjectBasicInformation, &info, sizeof(info), NULL);
5698  ok(!status, "NtQueryObject error %#x\n", status);
5699 
5700  return info.GrantedAccess;
5701 }
LONG NTSTATUS
Definition: precomp.h:26
struct _test_info info[]
Definition: SetCursorPos.c:19
smooth NULL
Definition: ftsmooth.c:416
#define ok(value,...)
Definition: atltest.h:57
static SERVICE_STATUS status
Definition: service.c:31
Definition: ps.c:97

Referenced by test_event_security(), test_file_security(), test_filemap_security(), test_maximum_allowed(), test_mutex_security(), test_named_pipe_security(), test_process_access(), test_semaphore_security(), and test_thread_security().

◆ get_sid_info()

static BOOL get_sid_info ( PSID  psid,
LPSTR user,
LPSTR dom 
)
static

Definition at line 2473 of file security.c.

2474 {
2475  static CHAR account[UNLEN + 1];
2476  static CHAR domain[UNLEN + 1];
2477  DWORD size, dom_size;
2478  SID_NAME_USE use;
2479 
2480  *user = account;
2481  *dom = domain;
2482 
2483  size = dom_size = UNLEN + 1;
2484  account[0] = '\0';
2485  domain[0] = '\0';
2486  SetLastError(0xdeadbeef);
2487  return LookupAccountSidA(NULL, psid, account, &size, domain, &dom_size, &use);
2488 }
void account(int argc, const char *argv[])
Definition: cmds.c:1690
enum _SID_NAME_USE SID_NAME_USE
char CHAR
Definition: xmlstorage.h:175
Definition: cookie.c:41
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:417
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:405
#define UNLEN
Definition: sspi.c:28
void user(int argc, const char *argv[])
Definition: cmds.c:1350

Referenced by check_wellknown_name(), and test_LookupAccountName().

◆ init()

static void init ( void  )
static

Definition at line 175 of file security.c.

176 {
177  HMODULE hntdll;
178 
179  hntdll = GetModuleHandleA("ntdll.dll");
180  pNtQueryObject = (void *)GetProcAddress( hntdll, "NtQueryObject" );
181  pNtAccessCheck = (void *)GetProcAddress( hntdll, "NtAccessCheck" );
182  pNtSetSecurityObject = (void *)GetProcAddress(hntdll, "NtSetSecurityObject");
183  pNtCreateFile = (void *)GetProcAddress(hntdll, "NtCreateFile");
184  pRtlDosPathNameToNtPathName_U = (void *)GetProcAddress(hntdll, "RtlDosPathNameToNtPathName_U");
185  pRtlAnsiStringToUnicodeString = (void *)GetProcAddress(hntdll, "RtlAnsiStringToUnicodeString");
186  pRtlInitAnsiString = (void *)GetProcAddress(hntdll, "RtlInitAnsiString");
187  pRtlFreeUnicodeString = (void *)GetProcAddress(hntdll, "RtlFreeUnicodeString");
188 
189  hmod = GetModuleHandleA("advapi32.dll");
190  pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
191  pAddAccessDeniedAceEx = (void *)GetProcAddress(hmod, "AddAccessDeniedAceEx");
192  pAddAuditAccessAceEx = (void *)GetProcAddress(hmod, "AddAuditAccessAceEx");
193  pAddMandatoryAce = (void *)GetProcAddress(hmod, "AddMandatoryAce");
194  pCheckTokenMembership = (void *)GetProcAddress(hmod, "CheckTokenMembership");
195  pConvertStringSecurityDescriptorToSecurityDescriptorA =
196  (void *)GetProcAddress(hmod, "ConvertStringSecurityDescriptorToSecurityDescriptorA" );
197  pConvertStringSecurityDescriptorToSecurityDescriptorW =
198  (void *)GetProcAddress(hmod, "ConvertStringSecurityDescriptorToSecurityDescriptorW" );
199  pConvertSecurityDescriptorToStringSecurityDescriptorA =
200  (void *)GetProcAddress(hmod, "ConvertSecurityDescriptorToStringSecurityDescriptorA" );
201  pGetFileSecurityA = (void *)GetProcAddress(hmod, "GetFileSecurityA" );
202  pSetFileSecurityA = (void *)GetProcAddress(hmod, "SetFileSecurityA" );
203  pCreateWellKnownSid = (void *)GetProcAddress( hmod, "CreateWellKnownSid" );
204  pGetNamedSecurityInfoA = (void *)GetProcAddress(hmod, "GetNamedSecurityInfoA");
205  pSetNamedSecurityInfoA = (void *)GetProcAddress(hmod, "SetNamedSecurityInfoA");
206  pGetSidSubAuthority = (void *)GetProcAddress(hmod, "GetSidSubAuthority");
207  pGetSidSubAuthorityCount = (void *)GetProcAddress(hmod, "GetSidSubAuthorityCount");
208  pIsValidSid = (void *)GetProcAddress(hmod, "IsValidSid");
209  pMakeSelfRelativeSD = (void *)GetProcAddress(hmod, "MakeSelfRelativeSD");
210  pSetEntriesInAclW = (void *)GetProcAddress(hmod, "SetEntriesInAclW");
211  pSetEntriesInAclA = (void *)GetProcAddress(hmod, "SetEntriesInAclA");
212  pSetSecurityDescriptorControl = (void *)GetProcAddress(hmod, "SetSecurityDescriptorControl");
213  pGetSecurityInfo = (void *)GetProcAddress(hmod, "GetSecurityInfo");
214  pSetSecurityInfo = (void *)GetProcAddress(hmod, "SetSecurityInfo");
215  pCreateRestrictedToken = (void *)GetProcAddress(hmod, "CreateRestrictedToken");
216  pConvertStringSidToSidA = (void *)GetProcAddress(hmod, "ConvertStringSidToSidA");
217  pGetAclInformation = (void *)GetProcAddress(hmod, "GetAclInformation");
218  pGetAce = (void *)GetProcAddress(hmod, "GetAce");
219  pGetWindowsAccountDomainSid = (void *)GetProcAddress(hmod, "GetWindowsAccountDomainSid");
220  pGetSidIdentifierAuthority = (void *)GetProcAddress(hmod, "GetSidIdentifierAuthority");
221  pDuplicateTokenEx = (void *)GetProcAddress(hmod, "DuplicateTokenEx");
222  pGetExplicitEntriesFromAclW = (void *)GetProcAddress(hmod, "GetExplicitEntriesFromAclW");
223 
225 }
static char ** myARGV
Definition: security.c:145
int winetest_get_mainargs(char ***pargv)
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:821
static PEXPLICIT_ACCESSW *static HMODULE hmod
Definition: security.c:141
static int myARGC
Definition: security.c:144
static HINSTANCE hntdll
Definition: process.c:66
#define GetProcAddress(x, y)
Definition: compat.h:418

Referenced by START_TEST().

◆ LPSTR()

◆ NTSTATUS()

static NTSTATUS ( WINAPI pLsaQueryInformationPolicy)
static

◆ PDWORD()

static PDWORD ( WINAPI pGetSidSubAuthority)
static

◆ PSID_IDENTIFIER_AUTHORITY()

static PSID_IDENTIFIER_AUTHORITY ( WINAPI pGetSidIdentifierAuthority)
static

◆ PUCHAR()

static PUCHAR ( WINAPI pGetSidSubAuthorityCount)
static

Referenced by RtlpSetSecurityObject().

◆ START_TEST()

START_TEST ( security  )

Definition at line 8135 of file security.c.

8136 {
8137  init();
8138  if (!hmod) return;
8139 
8140  if (myARGC >= 3)
8141  {
8142  if (!strcmp(myARGV[2], "test_token_sd"))
8144  else if (!strcmp(myARGV[2], "test_token_sd_restricted"))
8146  else if (!strcmp(myARGV[2], "test_token_sd_medium"))
8148  else
8150  return;
8151  }
8153  test_sid();
8154  test_trustee();
8155  test_luid();
8158  test_AccessCheck();
8159  test_token_attr();
8173  test_acls();
8178  test_EqualSid();
8185  test_AddAce();
8191  test_token_label();
8194 
8195  /* Must be the last test, modifies process token */
8197 }
static void test_kernel_objects_security(void)
Definition: security.c:6440
static void test_FileSecurity(void)
Definition: security.c:870
static void test_child_token_sd(void)
Definition: security.c:7768
static void test_luid(void)
Definition: security.c:863
static void test_CreateRestrictedToken(void)
Definition: security.c:5397
static void test_ConvertSecurityDescriptorToString(void)
Definition: security.c:4527
static void test_LookupAccountName(void)
Definition: security.c:2550
static void test_AccessCheck(void)
Definition: security.c:1228
static void test_GetSidSubAuthority(void)
Definition: security.c:5094
static void test_GetUserNameW(void)
Definition: security.c:5327
static char ** myARGV
Definition: security.c:145
static void test_system_security_access(void)
Definition: security.c:6919
static void test_AddAce(void)
Definition: security.c:6612
static void init(void)
Definition: security.c:175
static void test_maximum_allowed(void)
Definition: security.c:7179
static void test_GetUserNameA(void)
Definition: security.c:5254
static void test_token_attr(void)
Definition: security.c:1782
static void test_CreateDirectoryA(void)
Definition: security.c:3619
static void test_GetTokenInformation(void)
Definition: security.c:1997
static void test_security_descriptor(void)
Definition: security.c:2782
static void test_ConvertStringSecurityDescriptor(void)
Definition: security.c:4380
static void test_acls(void)
Definition: security.c:4822
static void test_sid(void)
Definition: security.c:291
static void test_process_security_child(void)
Definition: security.c:3110
static void test_child_token_sd_restricted(void)
Definition: security.c:7848
static void test_SetEntriesInAclW(void)
Definition: security.c:3285
static void test_GetSecurityInfo(void)
Definition: security.c:4875
static void test_GetSidIdentifierAuthority(void)
Definition: security.c:7100
static void test_token_security_descriptor(void)
Definition: security.c:7298
static void test_SetEntriesInAclA(void)
Definition: security.c:3416
static void test_PrivateObjectSecurity(void)
Definition: security.c:4729
static void test_impersonation_level(void)
Definition: security.c:3174
static void test_AddMandatoryAce(void)
Definition: security.c:6657
static void test_child_token_sd_medium(void)
Definition: security.c:7903
static void test_CheckTokenMembership(void)
Definition: security.c:5122
static void test_AdjustTokenPrivileges(void)
Definition: security.c:6576
static void test_CreateWellKnownSid(void)
Definition: security.c:2089
static void test_GetWindowsAccountDomainSid(void)
Definition: security.c:7020
static PEXPLICIT_ACCESSW *static HMODULE hmod
Definition: security.c:141
static void test_default_dacl_owner_sid(void)
Definition: security.c:6518
static int myARGC
Definition: security.c:144
static void test_token_label(void)
Definition: security.c:7217
static void test_pseudo_tokens(void)
Definition: security.c:7128
static void test_LookupAccountSid(void)
Definition: security.c:2165
static void test_GetExplicitEntriesFromAclW(void)
Definition: security.c:7958
static void test_trustee(void)
Definition: security.c:505
int strcmp(const char *String1, const char *String2)
Definition: utclib.c:469
static void test_TokenIntegrityLevel(void)
Definition: security.c:6473
static void test_EqualSid(void)
Definition: security.c:5188
static void test_process_security(void)
Definition: security.c:2909
static void test_BuildSecurityDescriptorW(void)
Definition: security.c:8097
static void test_GetNamedSecurityInfoA(void)
Definition: security.c:3988

◆ test_AccessCheck()

static void test_AccessCheck ( void  )
static

Definition at line 1228 of file security.c.

1229 {
1230  PSID EveryoneSid = NULL, AdminSid = NULL, UsersSid = NULL;
1231  PACL Acl = NULL;
1236  ACCESS_MASK Access;
1238  HANDLE Token;
1239  HANDLE ProcessToken;
1240  BOOL ret;
1241  DWORD PrivSetLen;
1242  PRIVILEGE_SET *PrivSet;
1243  BOOL res;
1244  HMODULE NtDllModule;
1245  BOOLEAN Enabled;
1246  DWORD err;
1247  NTSTATUS ntret, ntAccessStatus;
1248 
1249  NtDllModule = GetModuleHandleA("ntdll.dll");
1250  if (!NtDllModule)
1251  {
1252  skip("not running on NT, skipping test\n");
1253  return;
1254  }
1255  pRtlAdjustPrivilege = (void *)GetProcAddress(NtDllModule, "RtlAdjustPrivilege");
1256  if (!pRtlAdjustPrivilege)
1257  {
1258  win_skip("missing RtlAdjustPrivilege, skipping test\n");
1259  return;
1260  }
1261 
1262  Acl = HeapAlloc(GetProcessHeap(), 0, 256);
1263  res = InitializeAcl(Acl, 256, ACL_REVISION);
1265  {
1266  skip("ACLs not implemented - skipping tests\n");
1267  HeapFree(GetProcessHeap(), 0, Acl);
1268  return;
1269  }
1270  ok(res, "InitializeAcl failed with error %d\n", GetLastError());
1271 
1272  res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
1273  ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
1274 
1276  DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdminSid);
1277  ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
1278 
1280  DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
1281  ok(res, "AllocateAndInitializeSid failed with error %d\n", GetLastError());
1282 
1284 
1286  ok(res, "InitializeSecurityDescriptor failed with error %d\n", GetLastError());
1287 
1289  ok(res, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
1290 
1291  PrivSetLen = FIELD_OFFSET(PRIVILEGE_SET, Privilege[16]);
1292  PrivSet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PrivSetLen);
1293  PrivSet->PrivilegeCount = 16;
1294 
1296  ok(res, "OpenProcessToken failed with error %d\n", GetLastError());
1297 
1298  pRtlAdjustPrivilege(SE_SECURITY_PRIVILEGE, FALSE, TRUE, &Enabled);
1299 
1300  res = DuplicateToken(ProcessToken, SecurityImpersonation, &Token);
1301  ok(res, "DuplicateToken failed with error %d\n", GetLastError());
1302 
1303  /* SD without owner/group */
1304  SetLastError(0xdeadbeef);
1305  Access = AccessStatus = 0x1abe11ed;
1307  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1308  err = GetLastError();
1309  ok(!ret && err == ERROR_INVALID_SECURITY_DESCR, "AccessCheck should have "
1310  "failed with ERROR_INVALID_SECURITY_DESCR, instead of %d\n", err);
1311  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1312  "Access and/or AccessStatus were changed!\n");
1313 
1314  /* Set owner and group */
1316  ok(res, "SetSecurityDescriptorOwner failed with error %d\n", GetLastError());
1318  ok(res, "SetSecurityDescriptorGroup failed with error %d\n", GetLastError());
1319 
1320  /* Generic access mask */
1321  SetLastError(0xdeadbeef);
1322  Access = AccessStatus = 0x1abe11ed;
1324  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1325  err = GetLastError();
1326  ok(!ret && err == ERROR_GENERIC_NOT_MAPPED, "AccessCheck should have failed "
1327  "with ERROR_GENERIC_NOT_MAPPED, instead of %d\n", err);
1328  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1329  "Access and/or AccessStatus were changed!\n");
1330 
1331  /* Generic access mask - no privilegeset buffer */
1332  SetLastError(0xdeadbeef);
1333  Access = AccessStatus = 0x1abe11ed;
1335  NULL, &PrivSetLen, &Access, &AccessStatus);
1336  err = GetLastError();
1337  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have failed "
1338  "with ERROR_NOACCESS, instead of %d\n", err);
1339  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1340  "Access and/or AccessStatus were changed!\n");
1341 
1342  /* Generic access mask - no returnlength */
1343  SetLastError(0xdeadbeef);
1344  Access = AccessStatus = 0x1abe11ed;
1346  PrivSet, NULL, &Access, &AccessStatus);
1347  err = GetLastError();
1348  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have failed "
1349  "with ERROR_NOACCESS, instead of %d\n", err);
1350  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1351  "Access and/or AccessStatus were changed!\n");
1352 
1353  /* Generic access mask - no privilegeset buffer, no returnlength */
1354  SetLastError(0xdeadbeef);
1355  Access = AccessStatus = 0x1abe11ed;
1357  NULL, NULL, &Access, &AccessStatus);
1358  err = GetLastError();
1359  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have failed "
1360  "with ERROR_NOACCESS, instead of %d\n", err);
1361  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1362  "Access and/or AccessStatus were changed!\n");
1363 
1364  /* sd with no dacl present */
1365  Access = AccessStatus = 0x1abe11ed;
1367  ok(ret, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
1369  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1370  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1371  ok(AccessStatus && (Access == KEY_READ),
1372  "AccessCheck failed to grant access with error %d\n",
1373  GetLastError());
1374 
1375  /* sd with no dacl present - no privilegeset buffer */
1376  SetLastError(0xdeadbeef);
1377  Access = AccessStatus = 0x1abe11ed;
1379  NULL, &PrivSetLen, &Access, &AccessStatus);
1380  err = GetLastError();
1381  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have failed "
1382  "with ERROR_NOACCESS, instead of %d\n", err);
1383  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1384  "Access and/or AccessStatus were changed!\n");
1385 
1386  if(pNtAccessCheck)
1387  {
1388  /* Generic access mask - no privilegeset buffer */
1389  SetLastError(0xdeadbeef);
1390  Access = ntAccessStatus = 0x1abe11ed;
1391  ntret = pNtAccessCheck(SecurityDescriptor, Token, GENERIC_READ, &Mapping,
1392  NULL, &PrivSetLen, &Access, &ntAccessStatus);
1393  err = GetLastError();
1394  ok(ntret == STATUS_ACCESS_VIOLATION,
1395  "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %x\n", ntret);
1396  ok(err == 0xdeadbeef,
1397  "NtAccessCheck shouldn't set last error, got %d\n", err);
1398  ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1399  "Access and/or AccessStatus were changed!\n");
1400 
1401  /* Generic access mask - no returnlength */
1402  SetLastError(0xdeadbeef);
1403  Access = ntAccessStatus = 0x1abe11ed;
1404  ntret = pNtAccessCheck(SecurityDescriptor, Token, GENERIC_READ, &Mapping,
1405  PrivSet, NULL, &Access, &ntAccessStatus);
1406  err = GetLastError();
1407  ok(ntret == STATUS_ACCESS_VIOLATION,
1408  "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %x\n", ntret);
1409  ok(err == 0xdeadbeef,
1410  "NtAccessCheck shouldn't set last error, got %d\n", err);
1411  ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1412  "Access and/or AccessStatus were changed!\n");
1413 
1414  /* Generic access mask - no privilegeset buffer, no returnlength */
1415  SetLastError(0xdeadbeef);
1416  Access = ntAccessStatus = 0x1abe11ed;
1417  ntret = pNtAccessCheck(SecurityDescriptor, Token, GENERIC_READ, &Mapping,
1418  NULL, NULL, &Access, &ntAccessStatus);
1419  err = GetLastError();
1420  ok(ntret == STATUS_ACCESS_VIOLATION,
1421  "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %x\n", ntret);
1422  ok(err == 0xdeadbeef,
1423  "NtAccessCheck shouldn't set last error, got %d\n", err);
1424  ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1425  "Access and/or AccessStatus were changed!\n");
1426  }
1427  else
1428  win_skip("NtAccessCheck unavailable. Skipping.\n");
1429 
1430  /* sd with NULL dacl */
1431  Access = AccessStatus = 0x1abe11ed;
1433  ok(ret, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
1435  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1436  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1437  ok(AccessStatus && (Access == KEY_READ),
1438  "AccessCheck failed to grant access with error %d\n",
1439  GetLastError());
1441  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1442  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1443  ok(AccessStatus && (Access == KEY_ALL_ACCESS),
1444  "AccessCheck failed to grant access with error %d\n",
1445  GetLastError());
1446 
1447  /* sd with blank dacl */
1449  ok(ret, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
1451  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1452  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1453  err = GetLastError();
1454  ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
1455  "with ERROR_ACCESS_DENIED, instead of %d\n", err);
1456  ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);
1457 
1458  res = AddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, EveryoneSid);
1459  ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
1460 
1462  ok(res, "AddAccessDeniedAce failed with error %d\n", GetLastError());
1463 
1464  /* sd with dacl */
1465  Access = AccessStatus = 0x1abe11ed;
1467  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1468  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1469  ok(AccessStatus && (Access == KEY_READ),
1470  "AccessCheck failed to grant access with error %d\n",
1471  GetLastError());
1472 
1474  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1475  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1476  ok(AccessStatus,
1477  "AccessCheck failed to grant any access with error %d\n",
1478  GetLastError());
1479  trace("AccessCheck with MAXIMUM_ALLOWED got Access 0x%08x\n", Access);
1480 
1481  /* Null PrivSet with null PrivSetLen pointer */
1482  SetLastError(0xdeadbeef);
1483  Access = AccessStatus = 0x1abe11ed;
1485  NULL, NULL, &Access, &AccessStatus);
1486  err = GetLastError();
1487  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
1488  "failed with ERROR_NOACCESS, instead of %d\n", err);
1489  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1490  "Access and/or AccessStatus were changed!\n");
1491 
1492  /* Null PrivSet with zero PrivSetLen */
1493  SetLastError(0xdeadbeef);
1494  Access = AccessStatus = 0x1abe11ed;
1495  PrivSetLen = 0;
1497  0, &PrivSetLen, &Access, &AccessStatus);
1498  err = GetLastError();
1499  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1500  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1501  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1502  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1503  "Access and/or AccessStatus were changed!\n");
1504 
1505  /* Null PrivSet with insufficient PrivSetLen */
1506  SetLastError(0xdeadbeef);
1507  Access = AccessStatus = 0x1abe11ed;
1508  PrivSetLen = 1;
1510  0, &PrivSetLen, &Access, &AccessStatus);
1511  err = GetLastError();
1512  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
1513  "failed with ERROR_NOACCESS, instead of %d\n", err);
1514  ok(PrivSetLen == 1, "PrivSetLen returns %d\n", PrivSetLen);
1515  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1516  "Access and/or AccessStatus were changed!\n");
1517 
1518  /* Null PrivSet with insufficient PrivSetLen */
1519  SetLastError(0xdeadbeef);
1520  Access = AccessStatus = 0x1abe11ed;
1521  PrivSetLen = sizeof(PRIVILEGE_SET) - 1;
1523  0, &PrivSetLen, &Access, &AccessStatus);
1524  err = GetLastError();
1525  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
1526  "failed with ERROR_NOACCESS, instead of %d\n", err);
1527  ok(PrivSetLen == sizeof(PRIVILEGE_SET) - 1, "PrivSetLen returns %d\n", PrivSetLen);
1528  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1529  "Access and/or AccessStatus were changed!\n");
1530 
1531  /* Null PrivSet with minimal sufficient PrivSetLen */
1532  SetLastError(0xdeadbeef);
1533  Access = AccessStatus = 0x1abe11ed;
1534  PrivSetLen = sizeof(PRIVILEGE_SET);
1536  0, &PrivSetLen, &Access, &AccessStatus);
1537  err = GetLastError();
1538  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
1539  "failed with ERROR_NOACCESS, instead of %d\n", err);
1540  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1541  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1542  "Access and/or AccessStatus were changed!\n");
1543 
1544  /* Valid PrivSet with zero PrivSetLen */
1545  SetLastError(0xdeadbeef);
1546  Access = AccessStatus = 0x1abe11ed;
1547  PrivSetLen = 0;
1549  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1550  err = GetLastError();
1551  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1552  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1553  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1554  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1555  "Access and/or AccessStatus were changed!\n");
1556 
1557  /* Valid PrivSet with insufficient PrivSetLen */
1558  SetLastError(0xdeadbeef);
1559  Access = AccessStatus = 0x1abe11ed;
1560  PrivSetLen = 1;
1562  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1563  err = GetLastError();
1564 todo_wine
1565  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1566  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1567 todo_wine
1568  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1569  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1570  "Access and/or AccessStatus were changed!\n");
1571 
1572  /* Valid PrivSet with insufficient PrivSetLen */
1573  SetLastError(0xdeadbeef);
1574  Access = AccessStatus = 0x1abe11ed;
1575  PrivSetLen = sizeof(PRIVILEGE_SET) - 1;
1577  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1578  err = GetLastError();
1579 todo_wine
1580  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1581  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1582 todo_wine
1583  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1584 todo_wine
1585  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1586  "Access and/or AccessStatus were changed!\n");
1587 
1588  /* Valid PrivSet with minimal sufficient PrivSetLen */
1589  SetLastError(0xdeadbeef);
1590  Access = AccessStatus = 0x1abe11ed;
1591  PrivSetLen = sizeof(PRIVILEGE_SET);
1592  memset(PrivSet, 0xcc, PrivSetLen);
1594  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1595  err = GetLastError();
1596  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1597 todo_wine
1598  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1599  ok(AccessStatus && (Access == KEY_READ),
1600  "AccessCheck failed to grant access with error %d\n", GetLastError());
1601  ok(PrivSet->PrivilegeCount == 0, "PrivilegeCount returns %d, expects 0\n",
1602  PrivSet->PrivilegeCount);
1603 
1604  /* Valid PrivSet with sufficient PrivSetLen */
1605  SetLastError(0xdeadbeef);
1606  Access = AccessStatus = 0x1abe11ed;
1607  PrivSetLen = sizeof(PRIVILEGE_SET) + 1;
1608  memset(PrivSet, 0xcc, PrivSetLen);
1610  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1611  err = GetLastError();
1612  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1613 todo_wine
1614  ok(PrivSetLen == sizeof(PRIVILEGE_SET) + 1, "PrivSetLen returns %d\n", PrivSetLen);
1615  ok(AccessStatus && (Access == KEY_READ),
1616  "AccessCheck failed to grant access with error %d\n", GetLastError());
1617  ok(PrivSet->PrivilegeCount == 0, "PrivilegeCount returns %d, expects 0\n",
1618  PrivSet->PrivilegeCount);
1619 
1620  PrivSetLen = FIELD_OFFSET(PRIVILEGE_SET, Privilege[16]);
1621 
1622  /* Null PrivSet with valid PrivSetLen */
1623  SetLastError(0xdeadbeef);
1624  Access = AccessStatus = 0x1abe11ed;
1626  0, &PrivSetLen, &Access, &AccessStatus);
1627  err = GetLastError();
1628  ok(!ret && err == ERROR_NOACCESS, "AccessCheck should have "
1629  "failed with ERROR_NOACCESS, instead of %d\n", err);
1630  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1631  "Access and/or AccessStatus were changed!\n");
1632 
1633  /* Access denied by SD */
1634  SetLastError(0xdeadbeef);
1635  Access = AccessStatus = 0x1abe11ed;
1637  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1638  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1639  err = GetLastError();
1640  ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
1641  "with ERROR_ACCESS_DENIED, instead of %d\n", err);
1642  ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);
1643 
1644  SetLastError(0xdeadbeef);
1645  PrivSet->PrivilegeCount = 16;
1647  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1649  "AccessCheck should have failed with ERROR_PRIVILEGE_NOT_HELD, instead of %d\n",
1650  GetLastError());
1651 
1653  ok(ret, "ImpersonateLoggedOnUser failed with error %d\n", GetLastError());
1654  ret = pRtlAdjustPrivilege(SE_SECURITY_PRIVILEGE, TRUE, TRUE, &Enabled);
1655  if (!ret)
1656  {
1657  /* Valid PrivSet with zero PrivSetLen */
1658  SetLastError(0xdeadbeef);
1659  Access = AccessStatus = 0x1abe11ed;
1660  PrivSetLen = 0;
1662  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1663  err = GetLastError();
1664  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1665  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1666  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1667  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1668  "Access and/or AccessStatus were changed!\n");
1669 
1670  /* Valid PrivSet with insufficient PrivSetLen */
1671  SetLastError(0xdeadbeef);
1672  Access = AccessStatus = 0x1abe11ed;
1673  PrivSetLen = sizeof(PRIVILEGE_SET) - 1;
1675  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1676  err = GetLastError();
1677  todo_wine
1678  ok(!ret && err == ERROR_INSUFFICIENT_BUFFER, "AccessCheck should have "
1679  "failed with ERROR_INSUFFICIENT_BUFFER, instead of %d\n", err);
1680  todo_wine
1681  ok(PrivSetLen == sizeof(PRIVILEGE_SET), "PrivSetLen returns %d\n", PrivSetLen);
1682  todo_wine
1683  ok(Access == 0x1abe11ed && AccessStatus == 0x1abe11ed,
1684  "Access and/or AccessStatus were changed!\n");
1685 
1686  /* Valid PrivSet with minimal sufficient PrivSetLen */
1687  SetLastError(0xdeadbeef);
1688  Access = AccessStatus = 0x1abe11ed;
1689  PrivSetLen = sizeof(PRIVILEGE_SET);
1690  memset(PrivSet, 0xcc, PrivSetLen);
1692  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1693  ok(ret && AccessStatus && GetLastError() == 0xdeadbeef,
1694  "AccessCheck should have succeeded, error %d\n",
1695  GetLastError());
1696  ok(Access == ACCESS_SYSTEM_SECURITY,
1697  "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08x\n",
1698  Access);
1699  ok(PrivSet->PrivilegeCount == 1, "PrivilegeCount returns %d, expects 1\n",
1700  PrivSet->PrivilegeCount);
1701 
1702  /* Valid PrivSet with large PrivSetLen */
1703  SetLastError(0xdeadbeef);
1704  Access = AccessStatus = 0x1abe11ed;
1705  PrivSetLen = FIELD_OFFSET(PRIVILEGE_SET, Privilege[16]);
1706  memset(PrivSet, 0xcc, PrivSetLen);
1708  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1709  ok(ret && AccessStatus && GetLastError() == 0xdeadbeef,
1710  "AccessCheck should have succeeded, error %d\n",
1711  GetLastError());
1712  ok(Access == ACCESS_SYSTEM_SECURITY,
1713  "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08x\n",
1714  Access);
1715  ok(PrivSet->PrivilegeCount == 1, "PrivilegeCount returns %d, expects 1\n",
1716  PrivSet->PrivilegeCount);
1717  }
1718  else
1719  trace("Couldn't get SE_SECURITY_PRIVILEGE (0x%08x), skipping ACCESS_SYSTEM_SECURITY test\n",
1720  ret);
1721  ret = RevertToSelf();
1722  ok(ret, "RevertToSelf failed with error %d\n", GetLastError());
1723 
1724  /* test INHERIT_ONLY_ACE */
1725  ret = InitializeAcl(Acl, 256, ACL_REVISION);
1726  ok(ret, "InitializeAcl failed with error %d\n", GetLastError());
1727 
1728  /* NT doesn't have AddAccessAllowedAceEx. Skipping this call/test doesn't influence
1729  * the next ones.
1730  */
1731  if (pAddAccessAllowedAceEx)
1732  {
1733  ret = pAddAccessAllowedAceEx(Acl, ACL_REVISION, INHERIT_ONLY_ACE, KEY_READ, EveryoneSid);
1734  ok(ret, "AddAccessAllowedAceEx failed with error %d\n", GetLastError());
1735  }
1736  else
1737  win_skip("AddAccessAllowedAceEx is not available\n");
1738 
1740  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1741  ok(ret, "AccessCheck failed with error %d\n", GetLastError());
1742  err = GetLastError();
1743  ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
1744  "with ERROR_ACCESS_DENIED, instead of %d\n", err);
1745  ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);
1746 
1747  CloseHandle(Token);
1748 
1749  res = DuplicateToken(ProcessToken, SecurityAnonymous, &Token);
1750  ok(res, "DuplicateToken failed with error %d\n", GetLastError());
1751 
1752  SetLastError(0xdeadbeef);
1754  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1755  err = GetLastError();
1756  ok(!ret && err == ERROR_BAD_IMPERSONATION_LEVEL, "AccessCheck should have failed "
1757  "with ERROR_BAD_IMPERSONATION_LEVEL, instead of %d\n", err);
1758 
1759  CloseHandle(Token);
1760 
1761  SetLastError(0xdeadbeef);
1762  ret = AccessCheck(SecurityDescriptor, ProcessToken, KEY_READ, &Mapping,
1763  PrivSet, &PrivSetLen, &Access, &AccessStatus);
1764  err = GetLastError();
1765  ok(!ret && err == ERROR_NO_IMPERSONATION_TOKEN, "AccessCheck should have failed "
1766  "with ERROR_NO_IMPERSONATION_TOKEN, instead of %d\n", err);
1767 
1768  CloseHandle(ProcessToken);
1769 
1770  if (EveryoneSid)
1771  FreeSid(EveryoneSid);
1772  if (AdminSid)
1773  FreeSid(AdminSid);
1774  if (UsersSid)
1775  FreeSid(UsersSid);
1776  HeapFree(GetProcessHeap(), 0, Acl);
1778  HeapFree(GetProcessHeap(), 0, PrivSet);
1779 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:406
struct _PRIVILEGE_SET PRIVILEGE_SET
#define KEY_SET_VALUE
Definition: nt_native.h:1017
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define ERROR_PRIVILEGE_NOT_HELD
Definition: winerror.h:796
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:885
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:13
static PSID AdminSid
Definition: msgina.c:39
#define KEY_READ
Definition: nt_native.h:1023
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1487
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:808
static PVOID Mapping[EMS_PHYSICAL_PAGES]
Definition: emsdrv.c:41
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:918
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define ERROR_NOACCESS
Definition: winerror.h:578
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:791
#define ERROR_ACCESS_DENIED
Definition: compat.h:87
unsigned int BOOL
Definition: ntddk_ex.h:94
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:577
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE hToken)
Definition: misc.c:152
#define ERROR_GENERIC_NOT_MAPPED
Definition: winerror.h:841
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
$ULONG PrivilegeCount
Definition: setypes.h:86
#define KEY_WRITE
Definition: nt_native.h:1031
#define SE_SECURITY_PRIVILEGE
Definition: security.c:662
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:969
#define GetProcessHeap()
Definition: compat.h:403
#define trace
Definition: atltest.h:70
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define TOKEN_QUERY
Definition: setypes.h:874
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3454
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1529
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:417
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define TOKEN_DUPLICATE
Definition: setypes.h:872
int ret
#define todo_wine
Definition: test.h:163
#define ERROR_INVALID_SECURITY_DESCR
Definition: winerror.h:820
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:821
#define GENERIC_READ
Definition: compat.h:124
#define err(...)
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:228
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define ok(value,...)
Definition: atltest.h:57
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:254
#define KEY_EXECUTE
Definition: nt_native.h:1037
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define skip(...)
Definition: atltest.h:64
#define ACL_REVISION
Definition: setypes.h:39
GLuint res
Definition: glext.h:9613
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:92
#define GetProcAddress(x, y)
Definition: compat.h:418
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288
#define ERROR_BAD_IMPERSONATION_LEVEL
Definition: winerror.h:827
#define memset(x, y, z)
Definition: compat.h:39
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
ULONG ACCESS_MASK
Definition: nt_native.h:40
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:553
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_acls()

static void test_acls ( void  )
static

Definition at line 4822 of file security.c.

4823 {
4824  char buffer[256];
4825  PACL pAcl = (PACL)buffer;
4826  BOOL ret;
4827 
4828  SetLastError(0xdeadbeef);
4829  ret = InitializeAcl(pAcl, sizeof(ACL) - 1, ACL_REVISION);
4831  {
4832  win_skip("InitializeAcl is not implemented\n");
4833  return;
4834  }
4835 
4836  ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, "InitializeAcl with too small a buffer should have failed with ERROR_INSUFFICIENT_BUFFER instead of %d\n", GetLastError());
4837 
4838  SetLastError(0xdeadbeef);
4839  ret = InitializeAcl(pAcl, 0xffffffff, ACL_REVISION);
4840  ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl with too large a buffer should have failed with ERROR_INVALID_PARAMETER instead of %d\n", GetLastError());
4841 
4842  SetLastError(0xdeadbeef);
4843  ret = InitializeAcl(pAcl, sizeof(buffer), ACL_REVISION1);
4844  ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(ACL_REVISION1) should have failed with ERROR_INVALID_PARAMETER instead of %d\n", GetLastError());
4845 
4846  ret = InitializeAcl(pAcl, sizeof(buffer), ACL_REVISION2);
4847  ok(ret, "InitializeAcl(ACL_REVISION2) failed with error %d\n", GetLastError());
4848 
4849  ret = IsValidAcl(pAcl);
4850  ok(ret, "IsValidAcl failed with error %d\n", GetLastError());
4851 
4852  ret = InitializeAcl(pAcl, sizeof(buffer), ACL_REVISION3);
4853  ok(ret, "InitializeAcl(ACL_REVISION3) failed with error %d\n", GetLastError());
4854 
4855  ret = IsValidAcl(pAcl);
4856  ok(ret, "IsValidAcl failed with error %d\n", GetLastError());
4857 
4858  SetLastError(0xdeadbeef);
4859  ret = InitializeAcl(pAcl, sizeof(buffer), ACL_REVISION4);
4861  {
4862  ok(ret, "InitializeAcl(ACL_REVISION4) failed with error %d\n", GetLastError());
4863 
4864  ret = IsValidAcl(pAcl);
4865  ok(ret, "IsValidAcl failed with error %d\n", GetLastError());
4866  }
4867  else
4868  win_skip("ACL_REVISION4 is not implemented on NT4\n");
4869 
4870  SetLastError(0xdeadbeef);
4871  ret = InitializeAcl(pAcl, sizeof(buffer), -1);
4872  ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(-1) failed with error %d\n", GetLastError());
4873 }
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
#define ACL_REVISION1
Definition: setypes.h:42
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:885
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
GLuint buffer
Definition: glext.h:5915
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1088
#define ACL_REVISION4
Definition: setypes.h:45
unsigned int BOOL
Definition: ntddk_ex.h:94
#define ACL_REVISION2
Definition: setypes.h:43
#define ACL_REVISION3
Definition: setypes.h:44
#define SetLastError(x)
Definition: compat.h:417
int ret
#define ok(value,...)
Definition: atltest.h:57
#define ACL_REVISION
Definition: setypes.h:39
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:92
static PSID PSID PACL PACL PSECURITY_DESCRIPTOR *static PACL
Definition: security.c:104
#define win_skip
Definition: test.h:150
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_AddAce()

static void test_AddAce ( void  )
static

Definition at line 6612 of file security.c.

6613 {
6615 
6616  char acl_buf[1024], ace_buf[256];
6617  ACCESS_ALLOWED_ACE *ace = (ACCESS_ALLOWED_ACE*)ace_buf;
6618  PACL acl = (PACL)acl_buf;
6619  BOOL ret;
6620 
6621  memset(ace, 0, sizeof(ace_buf));
6623  ace->Header.AceSize = sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD)+sizeof(SID);
6624  memcpy(&ace->SidStart, &sidWorld, sizeof(sidWorld));
6625 
6626  ret = InitializeAcl(acl, sizeof(acl_buf), ACL_REVISION2);
6627  ok(ret, "InitializeAcl failed: %d\n", GetLastError());
6628 
6629  ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
6630  ok(ret, "AddAce failed: %d\n", GetLastError());
6631  ret = AddAce(acl, ACL_REVISION2, MAXDWORD, ace, ace->Header.AceSize);
6632  ok(ret, "AddAce failed: %d\n", GetLastError());
6633  ret = AddAce(acl, ACL_REVISION3, MAXDWORD, ace, ace->Header.AceSize);
6634  ok(ret, "AddAce failed: %d\n", GetLastError());
6635  ok(acl->AclRevision == ACL_REVISION3, "acl->AclRevision = %d\n", acl->AclRevision);
6636  ret = AddAce(acl, ACL_REVISION4, MAXDWORD, ace, ace->Header.AceSize);
6637  ok(ret, "AddAce failed: %d\n", GetLastError());
6638  ok(acl->AclRevision == ACL_REVISION4, "acl->AclRevision = %d\n", acl->AclRevision);
6639  ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
6640  ok(ret, "AddAce failed: %d\n", GetLastError());
6641  ok(acl->AclRevision == ACL_REVISION4, "acl->AclRevision = %d\n", acl->AclRevision);
6642  ret = AddAce(acl, ACL_REVISION2, MAXDWORD, ace, ace->Header.AceSize);
6643  ok(ret, "AddAce failed: %d\n", GetLastError());
6644 
6645  ret = AddAce(acl, MIN_ACL_REVISION-1, MAXDWORD, ace, ace->Header.AceSize);
6646  ok(ret, "AddAce failed: %d\n", GetLastError());
6647  /* next test succeededs but corrupts ACL */
6648  ret = AddAce(acl, MAX_ACL_REVISION+1, MAXDWORD, ace, ace->Header.AceSize);
6649  ok(ret, "AddAce failed: %d\n", GetLastError());
6650  ok(acl->AclRevision == MAX_ACL_REVISION+1, "acl->AclRevision = %d\n", acl->AclRevision);
6651  SetLastError(0xdeadbeef);
6652  ret = AddAce(acl, ACL_REVISION1, MAXDWORD, ace, ace->Header.AceSize);
6653  ok(!ret, "AddAce succeeded\n");
6654  ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
6655 }
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
#define ACL_REVISION1
Definition: setypes.h:42
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:885
struct _SID SID
#define MAX_ACL_REVISION
Definition: setypes.h:47
#define SID_REVISION
Definition: setypes.h:453
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
ACE_HEADER Header
Definition: ms-dtyp.idl:216
static const SID sidWorld
Definition: security.c:128
USHORT AceSize
Definition: ms-dtyp.idl:212
#define ACL_REVISION4
Definition: setypes.h:45
unsigned int BOOL
Definition: ntddk_ex.h:94
#define ACL_REVISION2
Definition: setypes.h:43
#define MAXDWORD
#define ACL_REVISION3
Definition: setypes.h:44
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
#define MIN_ACL_REVISION
Definition: setypes.h:46
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define SetLastError(x)
Definition: compat.h:417
#define SECURITY_WORLD_RID
Definition: setypes.h:513
int ret
UCHAR AceType
Definition: ms-dtyp.idl:210
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
UCHAR AclRevision
Definition: ms-dtyp.idl:294
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1020
static PSID PSID PACL PACL PSECURITY_DESCRIPTOR *static PACL
Definition: security.c:104
#define memset(x, y, z)
Definition: compat.h:39

Referenced by START_TEST().

◆ test_AddMandatoryAce()

static void test_AddMandatoryAce ( void  )
static

Definition at line 6657 of file security.c.

6658 {
6659  static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
6661  static SID medium_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
6664  char buffer_sd[SECURITY_DESCRIPTOR_MIN_LENGTH];
6665  SECURITY_DESCRIPTOR *sd2, *sd = (SECURITY_DESCRIPTOR *)&buffer_sd;
6666  BOOL defaulted, present, ret, found, found2;
6667  ACL_SIZE_INFORMATION acl_size_info;
6669  char buffer_acl[256];
6670  ACL *acl = (ACL *)&buffer_acl;
6672  DWORD index, size;
6673  HANDLE handle;
6674  SID *everyone;
6675  ACL *sacl;
6676 
6677  if (!pAddMandatoryAce)
6678  {
6679  win_skip("AddMandatoryAce not supported, skipping test\n");
6680  return;
6681  }
6682 
6684  ok(ret, "InitializeSecurityDescriptor failed with error %u\n", GetLastError());
6685 
6686  sa.nLength = sizeof(sa);
6687  sa.lpSecurityDescriptor = sd;
6688  sa.bInheritHandle = FALSE;
6689 
6690  handle = CreateEventA(&sa, TRUE, TRUE, "test_event");
6691  ok(handle != NULL, "CreateEventA failed with error %u\n", GetLastError());
6692 
6695  "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
6696 
6697  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6699  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6700 
6701  sacl = (void *)0xdeadbeef;
6702  present = TRUE;
6703  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6704  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6705  ok(!present, "SACL is present\n");
6706  ok(sacl == (void *)0xdeadbeef, "SACL is set\n");
6707 
6708  HeapFree(GetProcessHeap(), 0, sd2);
6710 
6711  memset(buffer_acl, 0, sizeof(buffer_acl));
6712  ret = InitializeAcl(acl, 256, ACL_REVISION);
6713  ok(ret, "InitializeAcl failed with %u\n", GetLastError());
6714 
6715  SetLastError(0xdeadbeef);
6716  ret = pAddMandatoryAce(acl, ACL_REVISION, 0, 0x1234, &low_level);
6717  ok(!ret, "AddMandatoryAce succeeded\n");
6719  "Expected ERROR_INVALID_PARAMETER got %u\n", GetLastError());
6720 
6721  ret = pAddMandatoryAce(acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_level);
6722  ok(ret, "AddMandatoryAce failed with %u\n", GetLastError());
6723 
6724  index = 0;
6725  found = FALSE;
6726  while (pGetAce(acl, index++, (void **)&ace))
6727  {
6728  if (ace->Header.AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
6729  ok(ace->Header.AceFlags == 0, "Expected flags 0, got %x\n", ace->Header.AceFlags);
6731  "Expected mask SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, got %x\n", ace->Mask);
6732  ok(EqualSid(&ace->SidStart, &low_level), "Expected low integrity level\n");
6733  found = TRUE;
6734  }
6735  ok(found, "Could not find mandatory label ace\n");
6736 
6738  ok(ret, "SetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6739 
6740  handle = CreateEventA(&sa, TRUE, TRUE, "test_event");
6741  ok(handle != NULL, "CreateEventA failed with error %u\n", GetLastError());
6742 
6745  "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
6746 
6747  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6749  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6750 
6751  sacl = (void *)0xdeadbeef;
6752  present = FALSE;
6753  defaulted = TRUE;
6754  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6755  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6756  ok(present, "SACL not present\n");
6757  ok(sacl != (void *)0xdeadbeef, "SACL not set\n");
6758  ok(!defaulted, "SACL defaulted\n");
6759  ret = pGetAclInformation(sacl, &acl_size_info, sizeof(acl_size_info), AclSizeInformation);
6760  ok(ret, "GetAclInformation failed with error %u\n", GetLastError());
6761  ok(acl_size_info.AceCount == 1, "SACL contains an unexpected ACE count %u\n", acl_size_info.AceCount);
6762 
6763  ret = pGetAce(sacl, 0, (void **)&ace);
6764  ok(ret, "GetAce failed with error %u\n", GetLastError());
6765  ok (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "Unexpected ACE type %#x\n", ace->Header.AceType);
6766  ok(!ace->Header.AceFlags, "Unexpected ACE flags %#x\n", ace->Header.AceFlags);
6767  ok(ace->Mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, "Unexpected ACE mask %#x\n", ace->Mask);
6768  ok(EqualSid(&ace->SidStart, &low_level), "Expected low integrity level\n");
6769 
6770  HeapFree(GetProcessHeap(), 0, sd2);
6771 
6772  ret = pAddMandatoryAce(acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6773  ok(ret, "AddMandatoryAce failed with error %u\n", GetLastError());
6774 
6776  ok(ret, "SetKernelObjectSecurity failed with error %u\n", GetLastError());
6777 
6780  "Unexpected GetKernelObjectSecurity return value %u, error %u\n", ret, GetLastError());
6781 
6782  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6784  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6785 
6786  sacl = (void *)0xdeadbeef;
6787  present = FALSE;
6788  defaulted = TRUE;
6789  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6790  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6791  ok(present, "SACL not present\n");
6792  ok(sacl != (void *)0xdeadbeef, "SACL not set\n");
6793  ok(sacl->AceCount == 2, "Expected 2 ACEs, got %d\n", sacl->AceCount);
6794  ok(!defaulted, "SACL defaulted\n");
6795 
6796  index = 0;
6797  found = found2 = FALSE;
6798  while (pGetAce(sacl, index++, (void **)&ace))
6799  {
6800  if (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE)
6801  {
6802  if (EqualSid(&ace->SidStart, &low_level))
6803  {
6804  found = TRUE;
6805  ok(!ace->Header.AceFlags, "Expected 0 as flags, got %#x\n", ace->Header.AceFlags);
6807  "Expected SYSTEM_MANDATORY_LABEL_NO_WRITE_UP as mask, got %#x\n", ace->Mask);
6808  }
6809  if (EqualSid(&ace->SidStart, &medium_level))
6810  {
6811  found2 = TRUE;
6812  ok(!ace->Header.AceFlags, "Expected 0 as flags, got %#x\n", ace->Header.AceFlags);
6814  "Expected SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP as mask, got %#x\n", ace->Mask);
6815  }
6816  }
6817  }
6818  ok(found, "Could not find low mandatory label\n");
6819  ok(found2, "Could not find medium mandatory label\n");
6820 
6821  HeapFree(GetProcessHeap(), 0, sd2);
6822 
6824  ok(ret, "SetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6825 
6827  ok(ret, "SetKernelObjectSecurity failed with error %u\n", GetLastError());
6828 
6831  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
6832 
6833  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6835  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6836 
6837  sacl = (void *)0xdeadbeef;
6838  present = FALSE;
6839  defaulted = TRUE;
6840  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6841  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6842  ok(present, "SACL not present\n");
6843  ok(sacl && sacl != (void *)0xdeadbeef, "SACL not set\n");
6844  ok(!defaulted, "SACL defaulted\n");
6845  ok(!sacl->AceCount, "SACL contains an unexpected ACE count %u\n", sacl->AceCount);
6846 
6847  HeapFree(GetProcessHeap(), 0, sd2);
6848 
6849  ret = InitializeAcl(acl, 256, ACL_REVISION);
6850  ok(ret, "InitializeAcl failed with error %u\n", GetLastError());
6851 
6852  ret = pAddMandatoryAce(acl, ACL_REVISION3, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6853  ok(ret, "AddMandatoryAce failed with error %u\n", GetLastError());
6854 
6856  ok(ret, "SetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6857 
6859  ok(ret, "SetKernelObjectSecurity failed with error %u\n", GetLastError());
6860 
6863  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
6864 
6865  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6867  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6868 
6869  sacl = (void *)0xdeadbeef;
6870  present = FALSE;
6871  defaulted = TRUE;
6872  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6873  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6874  ok(present, "SACL not present\n");
6875  ok(sacl != (void *)0xdeadbeef, "SACL not set\n");
6876  ok(sacl->AclRevision == ACL_REVISION3, "Expected revision 3, got %d\n", sacl->AclRevision);
6877  ok(!defaulted, "SACL defaulted\n");
6878 
6879  HeapFree(GetProcessHeap(), 0, sd2);
6880 
6881  ret = InitializeAcl(acl, 256, ACL_REVISION);
6882  ok(ret, "InitializeAcl failed with error %u\n", GetLastError());
6883 
6884  ret = AllocateAndInitializeSid(&sia_world, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, (void **)&everyone);
6885  ok(ret, "AllocateAndInitializeSid failed with error %u\n", GetLastError());
6886 
6887  ret = AddAccessAllowedAce(acl, ACL_REVISION, KEY_READ, everyone);
6888  ok(ret, "AddAccessAllowedAce failed with error %u\n", GetLastError());
6889 
6891  ok(ret, "SetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6892 
6894  ok(ret, "SetKernelObjectSecurity failed with error %u\n", GetLastError());
6895 
6898  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
6899 
6900  sd2 = HeapAlloc(GetProcessHeap(), 0, size);
6902  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
6903 
6904  sacl = (void *)0xdeadbeef;
6905  present = FALSE;
6906  defaulted = TRUE;
6907  ret = GetSecurityDescriptorSacl(sd2, &present, &sacl, &defaulted);
6908  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
6909  ok(present, "SACL not present\n");
6910  ok(sacl && sacl != (void *)0xdeadbeef, "SACL not set\n");
6911  ok(!defaulted, "SACL defaulted\n");
6912  ok(!sacl->AceCount, "SACL contains an unexpected ACE count %u\n", sacl->AceCount);
6913 
6914  FreeSid(everyone);
6915  HeapFree(GetProcessHeap(), 0, sd2);
6917 }
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
namespace GUID const ADDRINFOEXW ADDRINFOEXW struct timeval OVERLAPPED LPLOOKUPSERVICE_COMPLETION_ROUTINE HANDLE * handle
Definition: sock.c:82
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:406
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:756
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:885
#define SECURITY_DESCRIPTOR_MIN_LENGTH
Definition: setypes.h:761
#define KEY_READ
Definition: nt_native.h:1023
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:808
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define SID_REVISION
Definition: setypes.h:453
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:918
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:657
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
USHORT AceCount
Definition: ms-dtyp.idl:297
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
unsigned int BOOL
Definition: ntddk_ex.h:94
PVOID WINAPI FreeSid(PSID pSid)
Definition: security.c:577
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
smooth NULL
Definition: ftsmooth.c:416
#define ACL_REVISION3
Definition: setypes.h:44
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventA(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCSTR lpName OPTIONAL)
Definition: synch.c:637
GLuint index
Definition: glext.h:6031
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
unsigned long DWORD
Definition: ntddk_ex.h:95
#define LABEL_SECURITY_INFORMATION
Definition: setypes.h:127
#define SetLastError(x)
Definition: compat.h:417
#define SECURITY_WORLD_RID
Definition: setypes.h:513
static const WCHAR sd[]
Definition: suminfo.c:287
int ret
#define index(s, c)
Definition: various.h:29
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:866
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1604
UCHAR AclRevision
Definition: ms-dtyp.idl:294
#define SECURITY_MANDATORY_LOW_RID
Definition: setypes.h:656
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
#define ACL_REVISION
Definition: setypes.h:39
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:754
#define memset(x, y, z)
Definition: compat.h:39
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
static struct sockaddr_in sa
Definition: adnsresfilter.c:69
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:553
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted)
Definition: sec.c:351
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_AdjustTokenPrivileges()

static void test_AdjustTokenPrivileges ( void  )
static

Definition at line 6576 of file security.c.

6577 {
6579  HANDLE token;
6580  DWORD len;
6581  LUID luid;
6582  BOOL ret;
6583 
6585  return;
6586 
6588  {
6589  CloseHandle(token);
6590  return;
6591  }
6592 
6593  tp.PrivilegeCount = 1;
6594  tp.Privileges[0].Luid = luid;
6595  tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
6596 
6597  len = 0xdeadbeef;
6599  ok(ret, "got %d\n", ret);
6600  ok(len == 0xdeadbeef, "got length %d\n", len);
6601 
6602  /* revert */
6603  tp.PrivilegeCount = 1;
6604  tp.Privileges[0].Luid = luid;
6605  tp.Privileges[0].Attributes = 0;
6607  ok(ret, "got %d\n", ret);
6608 
6609  CloseHandle(token);
6610 }
#define CloseHandle
Definition: compat.h:406
#define SE_BACKUP_NAME
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
smooth NULL
Definition: ftsmooth.c:416
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
Definition: btrfs.c:2855
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
unsigned long DWORD
Definition: ntddk_ex.h:95
int ret
GLenum GLsizei len
Definition: glext.h:6722
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
Definition: misc.c:732

Referenced by START_TEST().

◆ test_allocateLuid()

static void test_allocateLuid ( void  )
static

Definition at line 688 of file security.c.

689 {
690  BOOL (WINAPI *pAllocateLocallyUniqueId)(PLUID);
691  LUID luid1, luid2;
692  BOOL ret;
693 
694  pAllocateLocallyUniqueId = (void*)GetProcAddress(hmod, "AllocateLocallyUniqueId");
695  if (!pAllocateLocallyUniqueId) return;
696 
697  ret = pAllocateLocallyUniqueId(&luid1);
699  return;
700 
701  ok(ret,
702  "AllocateLocallyUniqueId failed: %d\n", GetLastError());
703  ret = pAllocateLocallyUniqueId(&luid2);
704  ok( ret,
705  "AllocateLocallyUniqueId failed: %d\n", GetLastError());
706  ok(luid1.LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE || luid1.HighPart != 0,
707  "AllocateLocallyUniqueId returned a well-known LUID\n");
708  ok(luid1.LowPart != luid2.LowPart || luid1.HighPart != luid2.HighPart,
709  "AllocateLocallyUniqueId returned non-unique LUIDs\n");
710  ret = pAllocateLocallyUniqueId(NULL);
711  ok( !ret && GetLastError() == ERROR_NOACCESS,
712  "AllocateLocallyUniqueId(NULL) didn't return ERROR_NOACCESS: %d\n",
713  GetLastError());
714 }
struct _LUID * PLUID
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
static BOOL
Definition: security.c:72
#define ERROR_NOACCESS
Definition: winerror.h:578
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
#define SE_MAX_WELL_KNOWN_PRIVILEGE
Definition: security.c:685
DWORD LowPart
#define WINAPI
Definition: msvc.h:6
int ret
LONG HighPart
static PEXPLICIT_ACCESSW *static HMODULE hmod
Definition: security.c:141
#define ok(value,...)
Definition: atltest.h:57
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:92
#define GetProcAddress(x, y)
Definition: compat.h:418

Referenced by test_luid().

◆ test_BuildSecurityDescriptorW()

static void test_BuildSecurityDescriptorW ( void  )
static

Definition at line 8097 of file security.c.

8098 {
8099  SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
8100  ULONG new_sd_size;
8101  DWORD buf_size;
8102  char buf[1024];
8103  BOOL success;
8104  DWORD ret;
8105 
8107 
8108  buf_size = sizeof(buf);
8109  rel_sd = (SECURITY_DESCRIPTOR *)buf;
8110  success = MakeSelfRelativeSD(&old_sd, rel_sd, &buf_size);
8111  ok(success, "MakeSelfRelativeSD failed with %u\n", GetLastError());
8112 
8113  new_sd = NULL;
8114  new_sd_size = 0;
8115  ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
8116  ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
8117  ok(new_sd != NULL, "expected new_sd != NULL\n");
8118  ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
8119  LocalFree(new_sd);
8120 
8121  new_sd = (void *)0xdeadbeef;
8122  ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
8123  ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %u\n", ret);
8124  ok(new_sd == (void *)0xdeadbeef, "expected new_sd == 0xdeadbeef, got %p\n", new_sd);
8125 
8126  new_sd = NULL;
8127  new_sd_size = 0;
8128  ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
8129  ok(ret == ERROR_SUCCESS, "BuildSecurityDescriptor failed with %u\n", ret);
8130  ok(new_sd != NULL, "expected new_sd != NULL\n");
8131  ok(new_sd_size == sizeof(old_sd), "expected new_sd_size == sizeof(old_sd), got %u\n", new_sd_size);
8132  LocalFree(new_sd);
8133 }
#define ERROR_SUCCESS
Definition: deptool.c:10
GLenum GLuint GLenum GLsizei const GLchar * buf
Definition: glext.h:7751
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:808
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
DWORD WINAPI BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL, IN PTRUSTEE_W pGroup OPTIONAL, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL, IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR *pNewSD)
Definition: sec.c:436
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
unsigned long DWORD
Definition: ntddk_ex.h:95
#define success(from, fromstr, to, tostr)
int ret
#define ERROR_INVALID_SECURITY_DESCR
Definition: winerror.h:820
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
unsigned int ULONG
Definition: retypes.h:1

Referenced by START_TEST().

◆ test_CheckTokenMembership()

static void test_CheckTokenMembership ( void  )
static

Definition at line 5122 of file security.c.

5123 {
5124  PTOKEN_GROUPS token_groups;
5125  DWORD size;
5126  HANDLE process_token, token;
5127  BOOL is_member;
5128  BOOL ret;
5129  DWORD i;
5130 
5131  if (!pCheckTokenMembership)
5132  {
5133  win_skip("CheckTokenMembership is not available\n");
5134  return;
5135  }
5137  ok(ret, "OpenProcessToken failed with error %d\n", GetLastError());
5138 
5139  ret = DuplicateToken(process_token, SecurityImpersonation, &token);
5140  ok(ret, "DuplicateToken failed with error %d\n", GetLastError());
5141 
5142  /* groups */
5145  "GetTokenInformation(TokenGroups) %s with error %d\n",
5146  ret ? "succeeded" : "failed", GetLastError());
5147  token_groups = HeapAlloc(GetProcessHeap(), 0, size);
5148  ret = GetTokenInformation(token, TokenGroups, token_groups, size, &size);
5149  ok(ret, "GetTokenInformation(TokenGroups) failed with error %d\n", GetLastError());
5150 
5151  for (i = 0; i < token_groups->GroupCount; i++)
5152  {
5153  if (token_groups->Groups[i].Attributes & SE_GROUP_ENABLED)
5154  break;
5155  }
5156 
5157  if (i == token_groups->GroupCount)
5158  {
5159  HeapFree(GetProcessHeap(), 0, token_groups);
5160  CloseHandle(token);
5161  skip("user not a member of any group\n");
5162  return;
5163  }
5164 
5165  is_member = FALSE;
5166  ret = pCheckTokenMembership(token, token_groups->Groups[i].Sid, &is_member);
5167  ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
5168  ok(is_member, "CheckTokenMembership should have detected sid as member\n");
5169 
5170  is_member = FALSE;
5171  ret = pCheckTokenMembership(NULL, token_groups->Groups[i].Sid, &is_member);
5172  ok(ret, "CheckTokenMembership failed with error %d\n", GetLastError());
5173  ok(is_member, "CheckTokenMembership should have detected sid as member\n");
5174 
5175  is_member = TRUE;
5176  SetLastError(0xdeadbeef);
5177  ret = pCheckTokenMembership(process_token, token_groups->Groups[i].Sid, &is_member);
5179  "CheckTokenMembership with process token %s with error %d\n",
5180  ret ? "succeeded" : "failed", GetLastError());
5181  ok(!is_member, "CheckTokenMembership should have cleared is_member\n");
5182 
5183  HeapFree(GetProcessHeap(), 0, token_groups);
5184  CloseHandle(token);
5185  CloseHandle(process_token);
5186 }
#define TRUE
Definition: types.h:120
#define CloseHandle
Definition: compat.h:406
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define ERROR_NO_IMPERSONATION_TOKEN
Definition: winerror.h:791
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
#define TOKEN_QUERY
Definition: setypes.h:874
#define SE_GROUP_ENABLED
Definition: setypes.h:92
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3454
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:417
#define TOKEN_DUPLICATE
Definition: setypes.h:872
int ret
#define ok(value,...)
Definition: atltest.h:57
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
#define skip(...)
Definition: atltest.h:64
$ULONG GroupCount
Definition: setypes.h:960
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_child_token_sd()

static void test_child_token_sd ( void  )
static

Definition at line 7768 of file security.c.

7769 {
7770  static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
7772  SYSTEM_MANDATORY_LABEL_ACE *ace_label;
7773  BOOL ret, present, defaulted;
7774  ACCESS_ALLOWED_ACE *acc_ace;
7776  DWORD size, i;
7777  HANDLE token;
7778  PSID psid;
7779  ACL *acl;
7780 
7781  ret = pConvertStringSidToSidA("S-1-5-6", &psid);
7782  ok(ret, "ConvertStringSidToSidA failed with error %u\n", GetLastError());
7783 
7785  ok(ret, "OpenProcessToken failed with error %u\n", GetLastError());
7786 
7789  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
7790 
7791  sd = HeapAlloc(GetProcessHeap(), 0, size);
7793  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
7794 
7795  acl = NULL;
7796  present = FALSE;
7797  defaulted = TRUE;
7798  ret = GetSecurityDescriptorDacl(sd, &present, &acl, &defaulted);
7799  ok(ret, "GetSecurityDescriptorDacl failed with error %u\n", GetLastError());
7800  ok(present, "DACL not present\n");
7801  ok(acl && acl != (void *)0xdeadbeef, "Got invalid DACL\n");
7802  ok(!defaulted, "DACL defaulted\n");
7803 
7804  ok(acl->AceCount, "Expected at least one ACE\n");
7805  for (i = 0; i < acl->AceCount; i++)
7806  {
7807  ok(pGetAce(acl, i, (void **)&acc_ace), "GetAce failed with error %u\n", GetLastError());
7808  ok(acc_ace->Header.AceType != ACCESS_ALLOWED_ACE_TYPE || !EqualSid(&acc_ace->SidStart, psid),
7809  "ACE inherited from the parent\n");
7810  }
7811 
7812  LocalFree(psid);
7813  HeapFree(GetProcessHeap(), 0, sd);
7814 
7815  if (!pAddMandatoryAce)
7816  {
7817  win_skip("SYSTEM_MANDATORY_LABEL not supported\n");
7818  return;
7819  }
7820 
7823  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
7824 
7825  sd = HeapAlloc(GetProcessHeap(), 0, size);
7827  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
7828 
7829  acl = NULL;
7830  present = FALSE;
7831  defaulted = TRUE;
7832  ret = GetSecurityDescriptorSacl(sd, &present, &acl, &defaulted);
7833  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
7834  ok(present, "SACL not present\n");
7835  ok(acl && acl != (void *)0xdeadbeef, "Got invalid SACL\n");
7836  ok(!defaulted, "SACL defaulted\n");
7837  ok(acl->AceCount == 1, "Expected exactly one ACE\n");
7838  ret = pGetAce(acl, 0, (void **)&ace_label);
7839  ok(ret, "GetAce failed with error %u\n", GetLastError());
7841  "Unexpected ACE type %#x\n", ace_label->Header.AceType);
7842  ok(!EqualSid(&ace_label->SidStart, &low_level),
7843  "Low integrity level should not have been inherited\n");
7844 
7845  HeapFree(GetProcessHeap(), 0, sd);
7846 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define TRUE
Definition: types.h:120
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define SID_REVISION
Definition: setypes.h:453
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
USHORT AceCount
Definition: ms-dtyp.idl:297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
unsigned long DWORD
Definition: ntddk_ex.h:95
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define LABEL_SECURITY_INFORMATION
Definition: setypes.h:127
static const WCHAR sd[]
Definition: suminfo.c:287
int ret
UCHAR AceType
Definition: ms-dtyp.idl:210
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:866
#define SECURITY_MANDATORY_LOW_RID
Definition: setypes.h:656
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_child_token_sd_medium()

static void test_child_token_sd_medium ( void  )
static

Definition at line 7903 of file security.c.

7904 {
7905  static SID medium_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
7907  SYSTEM_MANDATORY_LABEL_ACE *ace_label;
7908  BOOL ret, present, defaulted;
7909  TOKEN_MANDATORY_LABEL *tml;
7910  BYTE buffer_integrity[64];
7912  HANDLE token;
7913  DWORD size;
7914  ACL *acl;
7915 
7916  if (!pAddMandatoryAce)
7917  {
7918  win_skip("SYSTEM_MANDATORY_LABEL not supported\n");
7919  return;
7920  }
7921 
7923  ok(ret, "OpenProcessToken failed with error %u\n", GetLastError());
7924 
7927  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
7928 
7929  sd = HeapAlloc(GetProcessHeap(), 0, size);
7931  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
7932 
7933  acl = NULL;
7934  present = FALSE;
7935  defaulted = TRUE;
7936  ret = GetSecurityDescriptorSacl(sd, &present, &acl, &defaulted);
7937  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
7938  ok(present, "SACL not present\n");
7939  ok(acl && acl != (void *)0xdeadbeef, "Got invalid SACL\n");
7940  ok(!defaulted, "SACL defaulted\n");
7941  ok(acl->AceCount == 1, "Expected exactly one ACE\n");
7942  ret = pGetAce(acl, 0, (void **)&ace_label);
7943  ok(ret, "GetAce failed with error %u\n", GetLastError());
7945  "Unexpected ACE type %#x\n", ace_label->Header.AceType);
7946  ok(EqualSid(&ace_label->SidStart, &medium_level),
7947  "Expected medium integrity level\n");
7948 
7949  memset(buffer_integrity, 0, sizeof(buffer_integrity));
7950  ret = GetTokenInformation(token, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
7951  ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
7952  tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
7953  ok(EqualSid(tml->Label.Sid, &medium_level), "Expected medium integrity level\n");
7954 
7955  HeapFree(GetProcessHeap(), 0, sd);
7956 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define TRUE
Definition: types.h:120
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define SID_REVISION
Definition: setypes.h:453
#define SECURITY_MANDATORY_MEDIUM_RID
Definition: setypes.h:657
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
USHORT AceCount
Definition: ms-dtyp.idl:297
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
SID_AND_ATTRIBUTES Label
Definition: setypes.h:1007
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
unsigned long DWORD
Definition: ntddk_ex.h:95
#define LABEL_SECURITY_INFORMATION
Definition: setypes.h:127
static const WCHAR sd[]
Definition: suminfo.c:287
int ret
UCHAR AceType
Definition: ms-dtyp.idl:210
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:866
unsigned char BYTE
Definition: mem.h:68
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
#define memset(x, y, z)
Definition: compat.h:39
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_child_token_sd_restricted()

static void test_child_token_sd_restricted ( void  )
static

Definition at line 7848 of file security.c.

7849 {
7850  static SID high_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
7852  SYSTEM_MANDATORY_LABEL_ACE *ace_label;
7853  BOOL ret, present, defaulted;
7854  TOKEN_MANDATORY_LABEL *tml;
7855  BYTE buffer_integrity[64];
7857  HANDLE token;
7858  DWORD size;
7859  ACL *acl;
7860 
7861  if (!pAddMandatoryAce)
7862  {
7863  win_skip("SYSTEM_MANDATORY_LABEL not supported\n");
7864  return;
7865  }
7866 
7868  ok(ret, "OpenProcessToken failed with error %u\n", GetLastError());
7869 
7872  "Unexpected GetKernelObjectSecurity return value %d, error %u\n", ret, GetLastError());
7873 
7874  sd = HeapAlloc(GetProcessHeap(), 0, size);
7876  ok(ret, "GetKernelObjectSecurity failed with error %u\n", GetLastError());
7877 
7878  acl = NULL;
7879  present = FALSE;
7880  defaulted = TRUE;
7881  ret = GetSecurityDescriptorSacl(sd, &present, &acl, &defaulted);
7882  ok(ret, "GetSecurityDescriptorSacl failed with error %u\n", GetLastError());
7883  ok(present, "SACL not present\n");
7884  ok(acl && acl != (void *)0xdeadbeef, "Got invalid SACL\n");
7885  ok(!defaulted, "SACL defaulted\n");
7886  ok(acl->AceCount == 1, "Expected exactly one ACE\n");
7887  ret = pGetAce(acl, 0, (void **)&ace_label);
7888  ok(ret, "GetAce failed with error %u\n", GetLastError());
7890  "Unexpected ACE type %#x\n", ace_label->Header.AceType);
7891  ok(EqualSid(&ace_label->SidStart, &high_level),
7892  "Expected high integrity level\n");
7893 
7894  memset(buffer_integrity, 0, sizeof(buffer_integrity));
7895  ret = GetTokenInformation(token, TokenIntegrityLevel, buffer_integrity, sizeof(buffer_integrity), &size);
7896  ok(ret, "GetTokenInformation failed with error %u\n", GetLastError());
7897  tml = (TOKEN_MANDATORY_LABEL *)buffer_integrity;
7898  ok(EqualSid(tml->Label.Sid, &high_level), "Expected high integrity level\n");
7899 
7900  HeapFree(GetProcessHeap(), 0, sd);
7901 }
#define MAXIMUM_ALLOWED
Definition: nt_native.h:83
#define TRUE
Definition: types.h:120
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:709
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
#define SID_REVISION
Definition: setypes.h:453
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
USHORT AceCount
Definition: ms-dtyp.idl:297
unsigned int BOOL
Definition: ntddk_ex.h:94
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:654
SID_AND_ATTRIBUTES Label
Definition: setypes.h:1007
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
#define GetProcessHeap()
Definition: compat.h:403
PVOID WINAPI HeapAlloc(HANDLE, DWORD, SIZE_T)
HANDLE WINAPI GetCurrentProcess(VOID)
Definition: proc.c:1138
unsigned long DWORD
Definition: ntddk_ex.h:95
#define LABEL_SECURITY_INFORMATION
Definition: setypes.h:127
static const WCHAR sd[]
Definition: suminfo.c:287
int ret
UCHAR AceType
Definition: ms-dtyp.idl:210
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:866
unsigned char BYTE
Definition: mem.h:68
#define SECURITY_MANDATORY_HIGH_RID
Definition: setypes.h:658
#define ok(value,...)
Definition: atltest.h:57
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
#define memset(x, y, z)
Definition: compat.h:39
#define win_skip
Definition: test.h:150
#define HeapFree(x, y, z)
Definition: compat.h:402
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

Referenced by START_TEST().

◆ test_ConvertSecurityDescriptorToString()

static void test_ConvertSecurityDescriptorToString ( void  )
static

Definition at line 4527 of file security.c.

4528 {
4531  LPSTR string;
4532  DWORD size;
4533  PSID psid, psid2;
4534  PACL pacl;
4535  char sid_buf[256];
4536  char acl_buf[8192];
4537  ULONG len;
4538 
4539  if (!pConvertSecurityDescriptorToStringSecurityDescriptorA)
4540  {
4541  win_skip("ConvertSecurityDescriptorToStringSecurityDescriptor is not available\n");
4542  return;
4543  }
4544  if (!pCreateWellKnownSid)
4545  {
4546  win_skip("CreateWellKnownSid is not available\n");
4547  return;
4548  }
4549 
4550 /* It seems Windows XP adds an extra character to the length of the string for each ACE in an ACL. We
4551  * don't replicate this feature so we only test len >= strlen+1. */
4552 #define CHECK_RESULT_AND_FREE(exp_str) \
4553  ok(strcmp(string, (exp_str)) == 0, "String mismatch (expected \"%s\", got \"%s\")\n", (exp_str), string); \
4554  ok(len >= (strlen(exp_str) + 1), "Length mismatch (expected %d, got %d)\n", lstrlenA(exp_str) + 1, len); \
4555  LocalFree(string);
4556 
4557 #define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2) \
4558  ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
4559  ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %d)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
4560  LocalFree(string);
4561 
4563  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4565 
4566  size = 4096;
4567  pCreateWellKnownSid(WinLocalSid, NULL, sid_buf, &size);
4569  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4570  CHECK_RESULT_AND_FREE("O:S-1-2-0");
4571 
4572  SetSecurityDescriptorOwner(&desc, sid_buf, TRUE);
4573  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4574  CHECK_RESULT_AND_FREE("O:S-1-2-0");
4575 
4576  size = sizeof(sid_buf);
4577  pCreateWellKnownSid(WinLocalSystemSid, NULL, sid_buf, &size);
4578  SetSecurityDescriptorOwner(&desc, sid_buf, TRUE);
4579  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4580  CHECK_RESULT_AND_FREE("O:SY");
4581 
4582  pConvertStringSidToSidA("S-1-5-21-93476-23408-4576", &psid);
4584  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4585  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576");
4586 
4587  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, GROUP_SECURITY_INFORMATION, &string, &len), "Conversion failed\n");
4588  CHECK_RESULT_AND_FREE("G:S-1-5-21-93476-23408-4576");
4589 
4590  pacl = (PACL)acl_buf;
4591  InitializeAcl(pacl, sizeof(acl_buf), ACL_REVISION);
4593  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4594  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:");
4595 
4597  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4598  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:");
4599 
4600  pConvertStringSidToSidA("S-1-5-6", &psid2);
4601  pAddAccessAllowedAceEx(pacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE, 0xf0000000, psid2);
4602  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4603  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)");
4604 
4605  pAddAccessAllowedAceEx(pacl, ACL_REVISION, INHERIT_ONLY_ACE|INHERITED_ACE, 0x00000003, psid2);
4606  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4607  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)");
4608 
4609  pAddAccessDeniedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE, 0xffffffff, psid);
4610  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4611  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
4612 
4613 
4614  pacl = (PACL)acl_buf;
4615  InitializeAcl(pacl, sizeof(acl_buf), ACL_REVISION);
4617  ok(pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4618  CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:");
4619 
4620  /* fails in win2k */
4622  pAddAuditAccessAceEx(pacl, ACL_REVISION, VALID_INHERIT_FLAGS, KEY_READ|KEY_WRITE, psid2, TRUE, TRUE);
4623  if (pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len))
4624  {
4625  CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)", /* XP */
4626  "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)" /* Vista */);
4627  }
4628 
4629  /* fails in win2k */
4631  if (pConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len))
4632  {
4633  CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", /* XP */
4634  "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)" /* Vista */);
4635  }
4636 
4637  LocalFree(psid2);
4638  LocalFree(psid);
4639 }
#define FILE_GENERIC_READ
Definition: nt_native.h:653
#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2)
#define TRUE
Definition: types.h:120
#define VALID_INHERIT_FLAGS
Definition: setypes.h:719
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:885
#define KEY_READ
Definition: nt_native.h:1023
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:808
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:716
char * LPSTR
Definition: xmlstorage.h:182
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
static const WCHAR desc[]
Definition: protectdata.c:36
smooth NULL
Definition: ftsmooth.c:416
#define KEY_WRITE
Definition: nt_native.h:1031
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
GLsizeiptr size
Definition: glext.h:5919
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
unsigned long DWORD
Definition: ntddk_ex.h:95
GLenum GLsizei len
Definition: glext.h:6722
char string[160]
Definition: util.h:11
#define FILE_GENERIC_WRITE
Definition: nt_native.h:660
#define CHECK_RESULT_AND_FREE(exp_str)
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define ok(value,...)
Definition: atltest.h:57
#define INHERITED_ACE
Definition: ph.h:47
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
static PSID PSID PACL PACL PSECURITY_DESCRIPTOR *static PACL
Definition: security.c:104
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288
#define win_skip
Definition: test.h:150
#define OBJECT_INHERIT_ACE
Definition: setypes.h:714
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SDDL_REVISION_1
Definition: sddl.h:30
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bSaclPresent, PACL pSacl, BOOL bSaclDefaulted)
Definition: sec.c:351

Referenced by START_TEST().

◆ test_ConvertStringSecurityDescriptor()

static void test_ConvertStringSecurityDescriptor ( void  )
static

Definition at line 4380 of file security.c.

4381 {
4382  BOOL ret;
4384  static const WCHAR Blank[] = { 0 };
4385  unsigned int i;
4386  ULONG size;
4387  ACL *acl;
4388  static const struct
4389  {
4390  const char *sidstring;
4391  DWORD revision;
4392  BOOL ret;
4393  DWORD GLE;
4394  DWORD altGLE;
4395  } cssd[] =
4396  {
4397  { "D:(A;;GA;;;WD)", 0xdeadbeef, FALSE, ERROR_UNKNOWN_REVISION },
4398  /* test ACE string type */
4399  { "D:(A;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4400  { "D:(D;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4401  { "ERROR:(D;;GA;;;WD)", SDDL_REVISION_1, FALSE, ERROR_INVALID_PARAMETER },
4402  /* test ACE string with spaces */
4403  { " D:(D;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4404  { "D: (D;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4405  { "D:( D;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4406  { "D:(D ;;GA;;;WD)", SDDL_REVISION_1, FALSE, RPC_S_INVALID_STRING_UUID, ERROR_INVALID_ACL }, /* Vista+ */
4407  { "D:(D; ;GA;;;WD)", SDDL_REVISION_1, TRUE },
4408  { "D:(D;; GA;;;WD)", SDDL_REVISION_1, TRUE },
4409  { "D:(D;;GA ;;;WD)", SDDL_REVISION_1, FALSE, ERROR_INVALID_ACL },
4410  { "D:(D;;GA; ;;WD)", SDDL_REVISION_1, TRUE },
4411  { "D:(D;;GA;; ;WD)", SDDL_REVISION_1, TRUE },
4412  { "D:(D;;GA;;; WD)", SDDL_REVISION_1, TRUE },
4413  { "D:(D;;GA;;;WD )", SDDL_REVISION_1, TRUE },
4414  /* test ACE string access rights */
4415  { "D:(A;;GA;;;WD)", SDDL_REVISION_1, TRUE },
4416  { "D:(A;;GRGWGX;;;WD)", SDDL_REVISION_1, TRUE },
4417  { "D:(A;;RCSDWDWO;;;WD)", SDDL_REVISION_1, TRUE },
4418  { "D:(A;;RPWPCCDCLCSWLODTCR;;;WD)", SDDL_REVISION_1, TRUE },
4419  { "D:(A;;FAFRFWFX;;;WD)", SDDL_REVISION_1, TRUE },
4420  { "D:(A;;KAKRKWKX;;;WD)", SDDL_REVISION_1, TRUE },
4421  { "D:(A;;0xFFFFFFFF;;;WD)", SDDL_REVISION_1, TRUE },
4422  { "S:(AU;;0xFFFFFFFF;;;WD)", SDDL_REVISION_1, TRUE },
4423  /* test ACE string access right error case */
4424  { "D:(A;;ROB;;;WD)", SDDL_REVISION_1, FALSE, ERROR_INVALID_ACL },
4425  /* test behaviour with empty strings */
4426  { "", SDDL_REVISION_1, TRUE },
4427  /* test ACE string SID */
4428  { "D:(D;;GA;;;S-1-0-0)", SDDL_REVISION_1, TRUE },
4429  { "D:(D;;GA;;;Nonexistent account)", SDDL_REVISION_1, FALSE, ERROR_INVALID_ACL, ERROR_INVALID_SID } /* W2K */
4430  };
4431 
4432  if (!pConvertStringSecurityDescriptorToSecurityDescriptorA)
4433  {
4434  win_skip("ConvertStringSecurityDescriptorToSecurityDescriptor is not available\n");
4435  return;
4436  }
4437 
4438  for (i = 0; i < sizeof(cssd)/sizeof(cssd[0]); i++)
4439  {
4440  DWORD GLE;
4441 
4442  SetLastError(0xdeadbeef);
4443  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
4444  cssd[i].sidstring, cssd[i].revision, &pSD, NULL);
4445  GLE = GetLastError();
4446  ok(ret == cssd[i].ret, "(%02u) Expected %s (%d)\n", i, cssd[i].ret ? "success" : "failure", GLE);
4447  if (!cssd[i].ret)
4448  ok(GLE == cssd[i].GLE ||
4449  (cssd[i].altGLE && GLE == cssd[i].altGLE),
4450  "(%02u) Unexpected last error %d\n", i, GLE);
4451  if (ret)
4452  LocalFree(pSD);
4453  }
4454 
4455  /* test behaviour with NULL parameters */
4456  SetLastError(0xdeadbeef);
4457  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
4458  NULL, 0xdeadbeef, &pSD, NULL);
4459  todo_wine
4461  "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %d\n",
4462  GetLastError());
4463 
4464  SetLastError(0xdeadbeef);
4465  ret = pConvertStringSecurityDescriptorToSecurityDescriptorW(
4466  NULL, 0xdeadbeef, &pSD, NULL);
4468  "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %d\n",
4469  GetLastError());
4470 
4471  SetLastError(0xdeadbeef);
4472  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
4473  "D:(A;;ROB;;;WD)", 0xdeadbeef, NULL, NULL);
4475  "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %d\n",
4476  GetLastError());
4477 
4478  SetLastError(0xdeadbeef);
4479  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
4480  "D:(A;;ROB;;;WD)", SDDL_REVISION_1, NULL, NULL);
4482  "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %d\n",
4483  GetLastError());
4484 
4485  /* test behaviour with empty strings */
4486  SetLastError(0xdeadbeef);
4487  ret = pConvertStringSecurityDescriptorToSecurityDescriptorW(
4488  Blank, SDDL_REVISION_1, &pSD, NULL);
4489  ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %d\n", GetLastError());
4490  LocalFree(pSD);
4491 
4492  SetLastError(0xdeadbeef);
4493  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA(
4494  "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
4495  ok(ret || broken(!ret && GetLastError() == ERROR_INVALID_DATATYPE) /* win2k */,
4496  "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %u\n", GetLastError());
4497  if (ret) LocalFree(pSD);
4498 
4499  /* empty DACL */
4500  size = 0;
4501  SetLastError(0xdeadbeef);
4502  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA("D:", SDDL_REVISION_1, &pSD, &size);
4503  ok(ret, "unexpected error %u\n", GetLastError());
4504  ok(size == sizeof(SECURITY_DESCRIPTOR_RELATIVE) + sizeof(ACL), "got %u\n", size);
4505  acl = (ACL *)((char *)pSD + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
4506  ok(acl->AclRevision == ACL_REVISION, "got %u\n", acl->AclRevision);
4507  ok(!acl->Sbz1, "got %u\n", acl->Sbz1);
4508  ok(acl->AclSize == sizeof(*acl), "got %u\n", acl->AclSize);
4509  ok(!acl->AceCount, "got %u\n", acl->AceCount);
4510  ok(!acl->Sbz2, "got %u\n", acl->Sbz2);
4511  LocalFree(pSD);
4512 
4513  /* empty SACL */
4514  size = 0;
4515  SetLastError(0xdeadbeef);
4516  ret = pConvertStringSecurityDescriptorToSecurityDescriptorA("S:", SDDL_REVISION_1, &pSD, &size);
4517  ok(ret, "unexpected error %u\n", GetLastError());
4518  ok(size == sizeof(SECURITY_DESCRIPTOR_RELATIVE) + sizeof(ACL), "got %u\n", size);
4519  acl = (ACL *)((char *)pSD + sizeof(SECURITY_DESCRIPTOR_RELATIVE));
4520  ok(!acl->Sbz1, "got %u\n", acl->Sbz1);
4521  ok(acl->AclSize == sizeof(*acl), "got %u\n", acl->AclSize);
4522  ok(!acl->AceCount, "got %u\n", acl->AceCount);
4523  ok(!acl->Sbz2, "got %u\n", acl->Sbz2);
4524  LocalFree(pSD);
4525 }
#define ERROR_INVALID_DATATYPE
Definition: winerror.h:1111
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
#define TRUE
Definition: types.h:120
USHORT AclSize
Definition: ms-dtyp.idl:296
#define ERROR_INVALID_SID
Definition: winerror.h:819
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
USHORT AceCount
Definition: ms-dtyp.idl:297
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
GLsizeiptr size
Definition: glext.h:5919
__wchar_t WCHAR
Definition: xmlstorage.h:180
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SetLastError(x)
Definition: compat.h:417
#define RPC_S_INVALID_STRING_UUID
Definition: winerror.h:1016
int ret
#define todo_wine
Definition: test.h:163
USHORT Sbz2
Definition: ms-dtyp.idl:298
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define broken(x)
Definition: _sntprintf.h:21
UCHAR Sbz1
Definition: ms-dtyp.idl:295
UCHAR AclRevision
Definition: ms-dtyp.idl:294
#define ERROR_UNKNOWN_REVISION
Definition: winerror.h:787
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define ok(value,...)
Definition: atltest.h:57
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
#define win_skip
Definition: test.h:150
#define SDDL_REVISION_1
Definition: sddl.h:30
#define ERROR_INVALID_ACL
Definition: winerror.h:818
static DWORD GLE
Definition: registry.c:38

Referenced by START_TEST().

◆ test_CreateDirectoryA()

static void test_CreateDirectoryA ( void  )
static

Definition at line 3619 of file security.c.

3620 {
3621  char admin_ptr[sizeof(SID)+sizeof(ULONG)*SID_MAX_SUB_AUTHORITIES], *user;
3622  DWORD sid_size = sizeof(admin_ptr), user_size;
3623  PSID admin_sid = (PSID) admin_ptr, user_sid;
3625  PSECURITY_DESCRIPTOR pSD = &sd;
3626  ACL_SIZE_INFORMATION acl_size;