#include <stdarg.h>#include <stdio.h>#include "ntstatus.h"#include "windef.h"#include "winbase.h"#include "winerror.h"#include "winternl.h"#include "aclapi.h"#include "winnt.h"#include "sddl.h"#include "ntsecapi.h"#include "lmcons.h"#include "wine/test.h"
Include dependency graph for security.c:
Go to the source code of this file.
Classes | |
| struct | sidRef |
| struct | NameToLUID |
| union | _MAX_SID |
| struct | well_known_sid_value |
Typedefs | |
| typedef union _MAX_SID | MAX_SID |
Variables | |
| static | DWORD |
| static | PSID |
| static PSID | pSid |
| static LPSTR | pName |
| static POBJECTS_AND_NAME_A | pObjName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE | ObjectType |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR | ObjectTypeName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR | InheritedObjectTypeName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR | Name |
| static POBJECTS_AND_SID | pObjSid |
| static POBJECTS_AND_SID GUID * | pObjectGuid |
| static POBJECTS_AND_SID GUID GUID * | pInheritedObjectGuid |
| static | BOOLEAN |
| static | PBOOLEAN |
| static | HANDLE |
| static | ACCESS_MASK |
| static | PGENERIC_MAPPING |
| static | PPRIVILEGE_SET |
| static | PULONG |
| static NTSTATUS *static | PUNICODE_STRING |
| static NTSTATUS *static PWSTR CURDIR *static HMODULE | hmod |
| static int | myARGC |
| static char ** | myARGV |
| static const struct well_known_sid_value | well_known_sid_values [] |
Macro Definition Documentation
◆ CHECK_ONE_OF_AND_FREE
| #define CHECK_ONE_OF_AND_FREE | ( | exp_str1, | |
| exp_str2 | |||
| ) |
Value:
ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %ld)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
LocalFree(string);
◆ CHECK_RESULT_AND_FREE
| #define CHECK_RESULT_AND_FREE | ( | exp_str | ) |
◆ CHECK_SET_SECURITY
Value:
do{ \
BOOL res_; \
SetLastError( 0xdeadbeef ); \
err = GetLastError(); \
if (e == ERROR_SUCCESS) \
ok(res_, "SetKernelObjectSecurity failed with %ld\n", err); \
else \
}while(0)
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1928
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Definition at line 2910 of file security.c.
◆ EVENT_QUERY_STATE
| #define EVENT_QUERY_STATE 0x0001 |
Definition at line 97 of file security.c.
◆ expect_eq
| #define expect_eq | ( | expr, | |
| value, | |||
| type, | |||
| format | |||
| ) | { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); } |
Definition at line 112 of file security.c.
◆ join_process
| #define join_process | ( | a | ) | join_process_(__LINE__, a) |
Definition at line 8043 of file security.c.
◆ PROCESS_ALL_ACCESS_NT4
| #define PROCESS_ALL_ACCESS_NT4 (PROCESS_ALL_ACCESS & ~0xf000) |
Definition at line 93 of file security.c.
◆ PROCESS_ALL_ACCESS_VISTA
| #define PROCESS_ALL_ACCESS_VISTA (PROCESS_ALL_ACCESS | 0xf000) |
Definition at line 94 of file security.c.
◆ PROCESS_QUERY_LIMITED_INFORMATION
| #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 |
Definition at line 89 of file security.c.
◆ SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition at line 587 of file security.c.
◆ SE_AUDIT_PRIVILEGE
Definition at line 605 of file security.c.
◆ SE_BACKUP_PRIVILEGE
Definition at line 601 of file security.c.
◆ SE_CHANGE_NOTIFY_PRIVILEGE
Definition at line 607 of file security.c.
◆ SE_CREATE_GLOBAL_PRIVILEGE
| #define SE_CREATE_GLOBAL_PRIVILEGE 30L |
Definition at line 614 of file security.c.
◆ SE_CREATE_PAGEFILE_PRIVILEGE
Definition at line 599 of file security.c.
◆ SE_CREATE_PERMANENT_PRIVILEGE
Definition at line 600 of file security.c.
◆ SE_CREATE_TOKEN_PRIVILEGE
Definition at line 586 of file security.c.
◆ SE_DEBUG_PRIVILEGE
| #define SE_DEBUG_PRIVILEGE 20L |
Definition at line 604 of file security.c.
◆ SE_ENABLE_DELEGATION_PRIVILEGE
Definition at line 611 of file security.c.
◆ SE_IMPERSONATE_PRIVILEGE
Definition at line 613 of file security.c.
◆ SE_INC_BASE_PRIORITY_PRIVILEGE
Definition at line 598 of file security.c.
◆ SE_INCREASE_QUOTA_PRIVILEGE
Definition at line 589 of file security.c.
◆ SE_LOAD_DRIVER_PRIVILEGE
| #define SE_LOAD_DRIVER_PRIVILEGE 10L |
Definition at line 594 of file security.c.
◆ SE_LOCK_MEMORY_PRIVILEGE
Definition at line 588 of file security.c.
◆ SE_MACHINE_ACCOUNT_PRIVILEGE
Definition at line 590 of file security.c.
◆ SE_MANAGE_VOLUME_PRIVILEGE
Definition at line 612 of file security.c.
◆ SE_MAX_WELL_KNOWN_PRIVILEGE
| #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE |
Definition at line 615 of file security.c.
◆ SE_MIN_WELL_KNOWN_PRIVILEGE
Definition at line 585 of file security.c.
◆ SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition at line 597 of file security.c.
◆ SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition at line 608 of file security.c.
◆ SE_RESTORE_PRIVILEGE
Definition at line 602 of file security.c.
◆ SE_SECURITY_PRIVILEGE
Definition at line 592 of file security.c.
◆ SE_SHUTDOWN_PRIVILEGE
Definition at line 603 of file security.c.
◆ SE_SYNC_AGENT_PRIVILEGE
Definition at line 610 of file security.c.
◆ SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition at line 606 of file security.c.
◆ SE_SYSTEM_PROFILE_PRIVILEGE
Definition at line 595 of file security.c.
◆ SE_SYSTEMTIME_PRIVILEGE
Definition at line 596 of file security.c.
◆ SE_TAKE_OWNERSHIP_PRIVILEGE
Definition at line 593 of file security.c.
◆ SE_TCB_PRIVILEGE
Definition at line 591 of file security.c.
◆ SE_UNDOCK_PRIVILEGE
Definition at line 609 of file security.c.
◆ SEMAPHORE_QUERY_STATE
| #define SEMAPHORE_QUERY_STATE 0x0001 |
Definition at line 101 of file security.c.
◆ TEST_GRANTED_ACCESS
Definition at line 2890 of file security.c.
◆ TEST_GRANTED_ACCESS2
Definition at line 2891 of file security.c.
◆ THREAD_ALL_ACCESS_NT4
| #define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff) |
Definition at line 109 of file security.c.
◆ THREAD_ALL_ACCESS_VISTA
| #define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff) |
Definition at line 110 of file security.c.
◆ THREAD_QUERY_LIMITED_INFORMATION
| #define THREAD_QUERY_LIMITED_INFORMATION 0x0800 |
Definition at line 106 of file security.c.
◆ THREAD_SET_LIMITED_INFORMATION
| #define THREAD_SET_LIMITED_INFORMATION 0x0400 |
Definition at line 105 of file security.c.
◆ WIN32_NO_STATUS
| #define WIN32_NO_STATUS |
Definition at line 26 of file security.c.
◆ WINE_TEST_PIPE
| #define WINE_TEST_PIPE "\\\\.\\pipe\\WineTestPipe" |
Definition at line 5760 of file security.c.
Typedef Documentation
◆ MAX_SID
Function Documentation
◆ BOOL()
◆ check_different_token()
Definition at line 8443 of file security.c.
8444{
8445 TOKEN_STATISTICS stats1, stats2;
8448
8453
8455}
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
Definition: devicetopology.idl:137
Definition: setypes.h:1097
Referenced by test_elevation().
◆ check_token_label()
Definition at line 7153 of file security.c.
7154{
7156 {SECURITY_MANDATORY_MEDIUM_RID}};
7158 {SECURITY_MANDATORY_HIGH_RID}};
7160 SYSTEM_MANDATORY_LABEL_ACE *ace;
7167
7171
7175
7178 if (sacl_inherited)
7181 else
7185
7187 defaulted = TRUE;
7192
7194 defaulted = TRUE;
7199
7206
7209
7215
7221
7225
7227}
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:987
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3637
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
Definition: ms-dtyp.idl:293
Definition: ms-dtyp.idl:301
Definition: ms-dtyp.idl:198
Definition: ms-dtyp.idl:278
Definition: dialog.c:52
Definition: security.c:35
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:682
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:820
Referenced by test_token_label().
◆ check_wellknown_name()
|
static |
Definition at line 2520 of file security.c.
2521{
2526
2527 DWORD sid_size, domain_size;
2528 SID_NAME_USE sid_use;
2530 PSID psid;
2532
2533 sid_size = 0;
2534 domain_size = 0;
2537 psid = malloc(sid_size);
2540
2542 {
2545 }
2546
2547 AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2550 {
2553 }
2554
2555 ret2 = get_sid_info(wk_sid, &wk_account, &wk_domain);
2557 {
2560 }
2561
2563
2566
2567#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, Win8.1, and Win10 1607.
2570#endif
2571
2575
2576cleanup:
2577 FreeSid(domainsid);
2578 free(psid);
2580}
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:2012
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:674
BOOL WINAPI CreateWellKnownSid(WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size)
Definition: security.c:429
enum _SID_NAME_USE SID_NAME_USE
Definition: ms-dtyp.idl:194
Definition: cookie.c:42
Referenced by test_LookupAccountName().
◆ debugstr_sid()
Definition at line 138 of file security.c.
139{
140 LPSTR sidstr;
143
146 else
147 {
148 res = __wine_dbg_strdup(sidstr);
149 LocalFree(sidstr);
150 }
151 /* Restore the last error in case ConvertSidToStringSidA() modified it */
152 SetLastError(le);
154}
◆ duplicate_handle_access_thread()
Definition at line 7853 of file security.c.
7854{
7857
7860 CloseHandle(event2);
7861
7864 CloseHandle(event2);
7865
7869 CloseHandle(event2);
7870
7871 return 0;
7872}
BOOL WINAPI DuplicateHandle(IN HANDLE hSourceProcessHandle, IN HANDLE hSourceHandle, IN HANDLE hTargetProcessHandle, OUT LPHANDLE lpTargetHandle, IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwOptions)
Definition: handle.c:149
Definition: nsiface.idl:2307
HANDLE WINAPI DECLSPEC_HOTPATCH OpenEventA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synch.c:605
Referenced by test_duplicate_handle_access().
◆ DWORD()
◆ find_privilege()
|
static |
Definition at line 8224 of file security.c.
8225{
8227
8229 {
8232 }
8233
8235}
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1036
Referenced by test_duplicate_token().
◆ get_alloc_token_owner()
|
static |
Definition at line 1775 of file security.c.
1776{
1777 TOKEN_OWNER *token_owner;
1780
1785
1789
1790 return token_owner;
1791}
Definition: setypes.h:1039
Referenced by test_default_dacl_owner_group_sid().
◆ get_alloc_token_primary_group()
|
static |
Definition at line 1793 of file security.c.
1794{
1795 TOKEN_PRIMARY_GROUP *token_primary_group;
1798
1803
1807
1808 return token_primary_group;
1809}
Definition: setypes.h:1043
Referenced by test_default_dacl_owner_group_sid().
◆ get_alloc_token_user()
|
static |
Definition at line 1757 of file security.c.
1758{
1759 TOKEN_USER *token_user;
1762
1767
1771
1772 return token_user;
1773}
Definition: setypes.h:1021
Referenced by test_default_dacl_owner_group_sid().
◆ get_nt_pathW()
|
static |
Definition at line 3549 of file security.c.
3550{
3555
3557
3560
3563
3565}
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
Definition: env_spec_w32.h:375
Definition: env_spec_w32.h:368
Referenced by test_CreateDirectoryA().
◆ get_obj_access()
|
static |
Definition at line 5585 of file security.c.
5586{
5589
5592
5594}
EXTERN_C NTSTATUS WINAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG)
Definition: winternl.h:2678
Definition: notification.c:61
Definition: usrmarshal.c:1272
Referenced by test_event_security(), test_file_security(), test_filemap_security(), test_maximum_allowed(), test_mutex_security(), test_named_pipe_security(), test_process_access(), test_semaphore_security(), and test_thread_security().
◆ get_sid_info()
Definition at line 2503 of file security.c.
2504{
2508 SID_NAME_USE use;
2509
2511 *dom = domain;
2512
2516 SetLastError(0xdeadbeef);
2518}
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:405
Referenced by check_wellknown_name(), and test_LookupAccountName().
◆ init()
Definition at line 162 of file security.c.
163{
165
169
172
174}
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:812
int winetest_get_mainargs(char ***pargv)
Referenced by START_TEST().
◆ join_process_()
|
static |
Definition at line 8044 of file security.c.
8045{
8050}
Definition: parser.c:49
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
◆ LPSTR()
◆ NTSTATUS()
◆ START_TEST()
| START_TEST | ( | security | ) |
Definition at line 8848 of file security.c.
8849{
8850 init();
8852
8854 {
8856 test_child_token_sd();
8858 test_process_security_child();
8862 test_create_process_token_child();
8863 return;
8864 }
8865 test_kernel_objects_security();
8866 test_ConvertStringSidToSid();
8867 test_trustee();
8868 test_allocateLuid();
8869 test_lookupPrivilegeName();
8870 test_lookupPrivilegeValue();
8871 test_CreateWellKnownSid();
8872 test_FileSecurity();
8873 test_AccessCheck();
8874 test_token_attr();
8875 test_GetTokenInformation();
8876 test_LookupAccountSid();
8877 test_LookupAccountName();
8878 test_security_descriptor();
8879 test_process_security();
8880 test_impersonation_level();
8881 test_SetEntriesInAclW();
8882 test_SetEntriesInAclA();
8883 test_CreateDirectoryA();
8884 test_GetNamedSecurityInfoA();
8887 test_PrivateObjectSecurity();
8888 test_InitializeAcl();
8889 test_GetWindowsAccountDomainSid();
8890 test_EqualDomainSid();
8891 test_GetSecurityInfo();
8892 test_GetSidSubAuthority();
8893 test_CheckTokenMembership();
8894 test_EqualSid();
8895 test_GetUserNameA();
8896 test_GetUserNameW();
8897 test_CreateRestrictedToken();
8898 test_TokenIntegrityLevel();
8900 test_AdjustTokenPrivileges();
8901 test_AddAce();
8902 test_AddMandatoryAce();
8903 test_system_security_access();
8904 test_GetSidIdentifierAuthority();
8905 test_pseudo_tokens();
8906 test_maximum_allowed();
8907 test_token_label();
8908 test_GetExplicitEntriesFromAclW();
8909 test_BuildSecurityDescriptorW();
8910 test_duplicate_handle_access();
8911 test_create_process_token();
8912 test_pseudo_handle_security();
8913 test_duplicate_token();
8914 test_GetKernelObjectSecurity();
8915 test_elevation();
8916 test_group_as_file_owner();
8917 test_IsValidSecurityDescriptor();
8918 test_window_security();
8919
8920 /* Must be the last test, modifies process token */
8921 test_token_security_descriptor();
8922}
static void test_GetSidIdentifierAuthority(void)
Definition: security.c:7042
static void test_duplicate_handle_access_child(void)
Definition: security.c:7995
static void test_GetExplicitEntriesFromAclW(void)
Definition: security.c:7599
static void test_kernel_objects_security(void)
Definition: security.c:6343
static void test_create_process_token_child(void)
Definition: security.c:8145
static void test_duplicate_handle_access(void)
Definition: security.c:7874
static void test_default_dacl_owner_group_sid(void)
Definition: security.c:6424
static void test_IsValidSecurityDescriptor(void)
Definition: security.c:8798
static void test_GetWindowsAccountDomainSid(void)
Definition: security.c:6959
static void test_ConvertStringSecurityDescriptor(void)
Definition: security.c:4236
static void test_token_security_descriptor(void)
Definition: security.c:7327
static void test_ConvertSecurityDescriptorToString(void)
Definition: security.c:4399
static void test_BuildSecurityDescriptorW(void)
Definition: security.c:7754
static void test_GetKernelObjectSecurity(void)
Definition: security.c:8354
◆ test_AccessCheck()
Definition at line 1154 of file security.c.
1155{
1162 ACCESS_MASK Access;
1165 HANDLE ProcessToken;
1167 DWORD PrivSetLen;
1168 PRIVILEGE_SET *PrivSet;
1170 HMODULE NtDllModule;
1173 NTSTATUS ntret, ntAccessStatus;
1174
1176 if (!NtDllModule)
1177 {
1179 return;
1180 }
1182 if (!pRtlAdjustPrivilege)
1183 {
1185 return;
1186 }
1187
1188 Acl = malloc(256);
1191 {
1193 free(Acl);
1194 return;
1195 }
1197
1198 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
1200
1204
1206 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
1208
1210
1213
1216
1218 PrivSet = calloc(1, PrivSetLen);
1219 PrivSet->PrivilegeCount = 16;
1220
1223
1225
1228
1229 /* SD without owner/group */
1230 SetLastError(0xdeadbeef);
1231 Access = AccessStatus = 0x1abe11ed;
1233 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1238 "Access and/or AccessStatus were changed!\n");
1239
1240 /* Set owner and group */
1245
1246 /* Generic access mask */
1247 SetLastError(0xdeadbeef);
1248 Access = AccessStatus = 0x1abe11ed;
1250 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1255 "Access and/or AccessStatus were changed!\n");
1256
1257 /* Generic access mask - no privilegeset buffer */
1258 SetLastError(0xdeadbeef);
1259 Access = AccessStatus = 0x1abe11ed;
1266 "Access and/or AccessStatus were changed!\n");
1267
1268 /* Generic access mask - no returnlength */
1269 SetLastError(0xdeadbeef);
1270 Access = AccessStatus = 0x1abe11ed;
1277 "Access and/or AccessStatus were changed!\n");
1278
1279 /* Generic access mask - no privilegeset buffer, no returnlength */
1280 SetLastError(0xdeadbeef);
1281 Access = AccessStatus = 0x1abe11ed;
1288 "Access and/or AccessStatus were changed!\n");
1289
1290 /* sd with no dacl present */
1291 Access = AccessStatus = 0x1abe11ed;
1295 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1298 "AccessCheck failed to grant access with error %ld\n",
1299 GetLastError());
1300
1301 /* sd with no dacl present - no privilegeset buffer */
1302 SetLastError(0xdeadbeef);
1303 Access = AccessStatus = 0x1abe11ed;
1310 "Access and/or AccessStatus were changed!\n");
1311
1312 if(pNtAccessCheck)
1313 {
1315
1316 /* Generic access mask - no privilegeset buffer */
1317 SetLastError(0xdeadbeef);
1318 Access = ntAccessStatus = 0x1abe11ed;
1320 NULL, &ntPrivSetLen, &Access, &ntAccessStatus);
1323 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1326 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1327 "Access and/or AccessStatus were changed!\n");
1329
1330 /* Generic access mask - no returnlength */
1331 SetLastError(0xdeadbeef);
1332 Access = ntAccessStatus = 0x1abe11ed;
1334 PrivSet, NULL, &Access, &ntAccessStatus);
1337 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1340 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1341 "Access and/or AccessStatus were changed!\n");
1342
1343 /* Generic access mask - no privilegeset buffer, no returnlength */
1344 SetLastError(0xdeadbeef);
1345 Access = ntAccessStatus = 0x1abe11ed;
1350 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1353 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1354 "Access and/or AccessStatus were changed!\n");
1355
1356 /* Generic access mask - zero returnlength */
1357 SetLastError(0xdeadbeef);
1358 Access = ntAccessStatus = 0x1abe11ed;
1359 ntPrivSetLen = 0;
1361 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1364 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1367 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1368 "Access and/or AccessStatus were changed!\n");
1370
1371 /* Generic access mask - insufficient returnlength */
1372 SetLastError(0xdeadbeef);
1373 Access = ntAccessStatus = 0x1abe11ed;
1376 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1379 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1382 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1383 "Access and/or AccessStatus were changed!\n");
1385
1386 /* Key access mask - zero returnlength */
1387 SetLastError(0xdeadbeef);
1388 Access = ntAccessStatus = 0x1abe11ed;
1389 ntPrivSetLen = 0;
1391 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1394 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1397 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1398 "Access and/or AccessStatus were changed!\n");
1400
1401 /* Key access mask - insufficient returnlength */
1402 SetLastError(0xdeadbeef);
1403 Access = ntAccessStatus = 0x1abe11ed;
1406 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1409 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1412 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1413 "Access and/or AccessStatus were changed!\n");
1415 }
1416 else
1418
1419 /* sd with NULL dacl */
1420 Access = AccessStatus = 0x1abe11ed;
1424 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1427 "AccessCheck failed to grant access with error %ld\n",
1428 GetLastError());
1430 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1433 "AccessCheck failed to grant access with error %ld\n",
1434 GetLastError());
1435
1436 /* sd with blank dacl */
1440 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1446
1449
1452
1453 /* sd with dacl */
1454 Access = AccessStatus = 0x1abe11ed;
1456 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1459 "AccessCheck failed to grant access with error %ld\n",
1460 GetLastError());
1461
1463 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1466 "AccessCheck failed to grant any access with error %ld\n",
1467 GetLastError());
1469
1470 /* Null PrivSet with null PrivSetLen pointer */
1471 SetLastError(0xdeadbeef);
1472 Access = AccessStatus = 0x1abe11ed;
1479 "Access and/or AccessStatus were changed!\n");
1480
1481 /* Null PrivSet with zero PrivSetLen */
1482 SetLastError(0xdeadbeef);
1483 Access = AccessStatus = 0x1abe11ed;
1484 PrivSetLen = 0;
1486 0, &PrivSetLen, &Access, &AccessStatus);
1488 todo_wine
1491 todo_wine
1494 "Access and/or AccessStatus were changed!\n");
1495
1496 /* Null PrivSet with insufficient PrivSetLen */
1497 SetLastError(0xdeadbeef);
1498 Access = AccessStatus = 0x1abe11ed;
1499 PrivSetLen = 1;
1501 0, &PrivSetLen, &Access, &AccessStatus);
1507 "Access and/or AccessStatus were changed!\n");
1508
1509 /* Null PrivSet with insufficient PrivSetLen */
1510 SetLastError(0xdeadbeef);
1511 Access = AccessStatus = 0x1abe11ed;
1514 0, &PrivSetLen, &Access, &AccessStatus);
1520 "Access and/or AccessStatus were changed!\n");
1521
1522 /* Null PrivSet with minimal sufficient PrivSetLen */
1523 SetLastError(0xdeadbeef);
1524 Access = AccessStatus = 0x1abe11ed;
1527 0, &PrivSetLen, &Access, &AccessStatus);
1533 "Access and/or AccessStatus were changed!\n");
1534
1535 /* Valid PrivSet with zero PrivSetLen */
1536 SetLastError(0xdeadbeef);
1537 Access = AccessStatus = 0x1abe11ed;
1538 PrivSetLen = 0;
1540 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1546 "Access and/or AccessStatus were changed!\n");
1547
1548 /* Valid PrivSet with insufficient PrivSetLen */
1549 SetLastError(0xdeadbeef);
1550 Access = AccessStatus = 0x1abe11ed;
1551 PrivSetLen = 1;
1553 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1559 "Access and/or AccessStatus were changed!\n");
1560
1561 /* Valid PrivSet with insufficient PrivSetLen */
1562 SetLastError(0xdeadbeef);
1563 Access = AccessStatus = 0x1abe11ed;
1565 PrivSet->PrivilegeCount = 0xdeadbeef;
1567 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1573 "Access and/or AccessStatus were changed!\n");
1575
1576 /* Valid PrivSet with minimal sufficient PrivSetLen */
1577 SetLastError(0xdeadbeef);
1578 Access = AccessStatus = 0x1abe11ed;
1580 memset(PrivSet, 0xcc, PrivSetLen);
1582 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1589 PrivSet->PrivilegeCount);
1590
1591 /* Valid PrivSet with sufficient PrivSetLen */
1592 SetLastError(0xdeadbeef);
1593 Access = AccessStatus = 0x1abe11ed;
1595 memset(PrivSet, 0xcc, PrivSetLen);
1597 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1600 todo_wine
1605 PrivSet->PrivilegeCount);
1606
1608
1609 /* Null PrivSet with valid PrivSetLen */
1610 SetLastError(0xdeadbeef);
1611 Access = AccessStatus = 0x1abe11ed;
1613 0, &PrivSetLen, &Access, &AccessStatus);
1618 "Access and/or AccessStatus were changed!\n");
1619
1620 /* Access denied by SD */
1621 SetLastError(0xdeadbeef);
1622 Access = AccessStatus = 0x1abe11ed;
1624 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1630
1631 SetLastError(0xdeadbeef);
1632 PrivSet->PrivilegeCount = 16;
1634 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1636 "AccessCheck should have failed with ERROR_PRIVILEGE_NOT_HELD, instead of %ld\n",
1637 GetLastError());
1638
1643 {
1644 /* Valid PrivSet with zero PrivSetLen */
1645 SetLastError(0xdeadbeef);
1646 Access = AccessStatus = 0x1abe11ed;
1647 PrivSetLen = 0;
1649 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1655 "Access and/or AccessStatus were changed!\n");
1656
1657 /* Valid PrivSet with insufficient PrivSetLen */
1658 SetLastError(0xdeadbeef);
1659 Access = AccessStatus = 0x1abe11ed;
1662 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1668 "Access and/or AccessStatus were changed!\n");
1669
1670 /* Valid PrivSet with minimal sufficient PrivSetLen */
1671 SetLastError(0xdeadbeef);
1672 Access = AccessStatus = 0x1abe11ed;
1674 memset(PrivSet, 0xcc, PrivSetLen);
1676 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1678 "AccessCheck should have succeeded, error %ld\n",
1679 GetLastError());
1681 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1682 Access);
1684 PrivSet->PrivilegeCount);
1685
1686 /* Valid PrivSet with large PrivSetLen */
1687 SetLastError(0xdeadbeef);
1688 Access = AccessStatus = 0x1abe11ed;
1690 memset(PrivSet, 0xcc, PrivSetLen);
1692 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1694 "AccessCheck should have succeeded, error %ld\n",
1695 GetLastError());
1697 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1698 Access);
1700 PrivSet->PrivilegeCount);
1701 }
1702 else
1704 ret);
1707
1708 /* test INHERIT_ONLY_ACE */
1711
1714
1716 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1722
1724
1727
1728 SetLastError(0xdeadbeef);
1730 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1734
1736
1737 SetLastError(0xdeadbeef);
1739 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1743
1744 CloseHandle(ProcessToken);
1745
1746 if (EveryoneSid)
1747 FreeSid(EveryoneSid);
1750 if (UsersSid)
1751 FreeSid(UsersSid);
1752 free(Acl);
1754 free(PrivSet);
1755}
Definition: tokenizer.hpp:28
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1006
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1039
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1063
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1650
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1090
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
Definition: security.c:1218
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
Definition: security.c:1226
BOOL WINAPI DuplicateToken(HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret)
Definition: security.c:675
BOOL WINAPI OpenProcessToken(HANDLE process, DWORD access, HANDLE *handle)
Definition: security.c:828
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
Definition: nt_native.h:564
Definition: setypes.h:85
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
struct _PRIVILEGE_SET PRIVILEGE_SET
Referenced by START_TEST().
◆ test_AddAce()
Definition at line 6558 of file security.c.
6559{
6560 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
6561
6562 char acl_buf[1024], ace_buf[256];
6566
6571
6574
6590
6593 /* next test succeededs but corrupts ACL */
6597 SetLastError(0xdeadbeef);
6601}
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1141
struct _SID SID
struct _ACL * PACL
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
#define MAXDWORD
Definition: ms-dtyp.idl:215
Referenced by START_TEST().
◆ test_AddMandatoryAce()
Definition at line 6603 of file security.c.
6604{
6606 {SECURITY_MANDATORY_LOW_RID}};
6608 {SECURITY_MANDATORY_MEDIUM_RID}};
6613 ACL_SIZE_INFORMATION acl_size_info;
6614 SYSTEM_MANDATORY_LABEL_ACE *ace;
6615 char buffer_acl[256];
6620 SID *everyone;
6621 ACL *sacl;
6622
6623 if (!pAddMandatoryAce)
6624 {
6626 return;
6627 }
6628
6631
6635
6638
6642
6646
6647 sacl = (void *)0xdeadbeef;
6648 present = TRUE;
6653
6654 free(sd2);
6656
6660
6661 SetLastError(0xdeadbeef);
6666
6669
6672 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6676
6677 SetLastError(0xdeadbeef);
6681
6684
6687
6691
6695
6696 sacl = (void *)0xdeadbeef;
6697 present = FALSE;
6698 defaulted = TRUE;
6706 ok(acl_size_info.AceCount == 1, "SACL contains an unexpected ACE count %lu\n", acl_size_info.AceCount);
6707
6710 ok (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "Unexpected ACE type %#x\n", ace->Header.AceType);
6714
6715 free(sd2);
6716
6717 ret = pAddMandatoryAce(acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6719
6722
6726
6730
6731 sacl = (void *)0xdeadbeef;
6732 present = FALSE;
6733 defaulted = TRUE;
6740
6743 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6747
6750 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6754
6755 SetLastError(0xdeadbeef);
6759
6760 free(sd2);
6761
6764
6767
6771
6775
6776 sacl = (void *)0xdeadbeef;
6777 present = FALSE;
6778 defaulted = TRUE;
6785
6786 free(sd2);
6787
6790
6791 ret = pAddMandatoryAce(acl, ACL_REVISION3, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6793
6796
6799
6803
6807
6808 sacl = (void *)0xdeadbeef;
6809 present = FALSE;
6810 defaulted = TRUE;
6817
6818 free(sd2);
6819
6822
6823 ret = AllocateAndInitializeSid(&sia_world, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, (void **)&everyone);
6825
6828
6831
6834
6838
6842
6843 sacl = (void *)0xdeadbeef;
6844 present = FALSE;
6845 defaulted = TRUE;
6852
6853 FreeSid(everyone);
6854 free(sd2);
6856}
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1194
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
Definition: security.c:1234
Definition: winnt_old.h:1191
Definition: compat.h:191
Definition: rpc_generic.c:61
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventA(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCSTR lpName OPTIONAL)
Definition: synch.c:573
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:822
Referenced by START_TEST().
◆ test_AdjustTokenPrivileges()
Definition at line 6522 of file security.c.
6523{
6527 LUID luid;
6529
6531 return;
6532
6534 {
6536 return;
6537 }
6538
6539 tp.PrivilegeCount = 1;
6540 tp.Privileges[0].Luid = luid;
6542
6543 len = 0xdeadbeef;
6547
6548 /* revert */
6549 tp.PrivilegeCount = 1;
6550 tp.Privileges[0].Luid = luid;
6551 tp.Privileges[0].Attributes = 0;
6554
6556}
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
Definition: misc.c:732
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:374
Definition: setypes.h:1034
Referenced by START_TEST().
◆ test_allocateLuid()
Definition at line 618 of file security.c.
619{
621 LUID luid1, luid2;
623
625 if (!pAllocateLocallyUniqueId) return;
626
627 ret = pAllocateLocallyUniqueId(&luid1);
629 return;
630
633 ret = pAllocateLocallyUniqueId(&luid2);
637 "AllocateLocallyUniqueId returned a well-known LUID\n");
639 "AllocateLocallyUniqueId returned non-unique LUIDs\n");
642 "AllocateLocallyUniqueId(NULL) didn't return ERROR_NOACCESS: %ld\n",
643 GetLastError());
644}
Referenced by START_TEST().
◆ test_BuildSecurityDescriptorW()
Definition at line 7754 of file security.c.
7755{
7756 SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
7757 ULONG new_sd_size;
7758 DWORD buf_size;
7762
7764
7769
7770 new_sd = NULL;
7771 new_sd_size = 0;
7772 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
7775 LocalFree(new_sd);
7776
7777 new_sd = (void *)0xdeadbeef;
7778 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
7779 ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %lu\n", ret);
7781
7782 new_sd = NULL;
7783 new_sd_size = 0;
7784 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
7787 LocalFree(new_sd);
7788}
DWORD WINAPI BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL, IN PTRUSTEE_W pGroup OPTIONAL, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL, IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR *pNewSD)
Definition: sec.c:436
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
Referenced by START_TEST().
◆ test_CheckTokenMembership()
Definition at line 5048 of file security.c.
5049{
5050 PTOKEN_GROUPS token_groups;
5053 BOOL is_member;
5056
5059
5062
5063 /* groups */
5066 "GetTokenInformation(TokenGroups) %s with error %ld\n",
5071
5073 {
5075 break;
5076 }
5077
5079 {
5080 free(token_groups);
5083 return;
5084 }
5085
5086 is_member = FALSE;
5090
5091 is_member = FALSE;
5095
5096 is_member = TRUE;
5097 SetLastError(0xdeadbeef);
5100 "CheckTokenMembership with process token %s with error %ld\n",
5103
5104 free(token_groups);
5106 CloseHandle(process_token);
5107}
BOOL WINAPI CheckTokenMembership(IN HANDLE ExistingTokenHandle, IN PSID SidToCheck, OUT PBOOL IsMember)
Definition: token.c:21
Definition: setypes.h:1025
Referenced by START_TEST().
◆ test_child_token_sd()
Definition at line 7518 of file security.c.
7519{
7521 {SECURITY_MANDATORY_LOW_RID}};
7522 SYSTEM_MANDATORY_LABEL_ACE *ace_label;
7524 ACCESS_ALLOWED_ACE *acc_ace;
7528 PSID psid;
7529 ACL *acl;
7530
7533
7536
7540
7544
7545 acl = NULL;
7546 present = FALSE;
7547 defaulted = TRUE;
7553
7556 {
7560 "ACE inherited from the parent\n");
7561 }
7562
7563 LocalFree(psid);
7565
7566 if (!pAddMandatoryAce)
7567 {
7569 return;
7570 }
7571
7575
7579
7580 acl = NULL;
7581 present = FALSE;
7582 defaulted = TRUE;
7594 "Low integrity level should not have been inherited\n");
7595
7597}
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3560
Referenced by START_TEST().
◆ test_ConvertSecurityDescriptorToString()
Definition at line 4399 of file security.c.
4400{
4402 SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
4405 PSID psid, psid2;
4406 PACL pacl;
4407 char sid_buf[256];
4408 char acl_buf[8192];
4410
4411/* It seems Windows XP adds an extra character to the length of the string for each ACE in an ACL. We
4412 * don't replicate this feature so we only test len >= strlen+1. */
4413#define CHECK_RESULT_AND_FREE(exp_str) \
4414 ok(strcmp(string, (exp_str)) == 0, "String mismatch (expected \"%s\", got \"%s\")\n", (exp_str), string); \
4415 ok(len >= (strlen(exp_str) + 1), "Length mismatch (expected %d, got %ld)\n", lstrlenA(exp_str) + 1, len); \
4416 LocalFree(string);
4417
4418#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2) \
4419 ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
4420 ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %ld)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
4421 LocalFree(string);
4422
4424 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4426
4427 size = 4096;
4430 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4432
4434 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4436
4440 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4442
4445 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4447
4448 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, GROUP_SECURITY_INFORMATION, &string, &len), "Conversion failed\n");
4450
4451 pacl = (PACL)acl_buf;
4454 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4456
4458 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4460
4463 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4465
4467 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4468 CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)");
4469
4470 AddAccessDeniedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE, 0xffffffff, psid);
4471 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4472 CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
4473
4474
4475 pacl = (PACL)acl_buf;
4478 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4480
4481 /* fails in win2k */
4483 AddAuditAccessAceEx(pacl, ACL_REVISION, VALID_INHERIT_FLAGS, KEY_READ|KEY_WRITE, psid2, TRUE, TRUE);
4484 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4485 CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)", /* XP */
4486 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)" /* Vista */);
4487
4488 /* fails in win2k */
4489 AddAuditAccessAceEx(pacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE, FILE_GENERIC_READ|FILE_GENERIC_WRITE, psid2, TRUE, FALSE);
4490 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4491 CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", /* XP */
4492 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)" /* Vista */);
4493
4494 LocalFree(psid2);
4495 LocalFree(psid);
4496}
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3499
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1114
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1979
#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2)
#define CHECK_RESULT_AND_FREE(exp_str)
Referenced by START_TEST().
◆ test_ConvertStringSecurityDescriptor()
Definition at line 4236 of file security.c.
4237{
4239 PSECURITY_DESCRIPTOR pSD;
4243 ACL *acl;
4244 static const struct
4245 {
4246 const char *sidstring;
4250 DWORD altGLE;
4251 DWORD ace_Mask;
4252 } cssd[] =
4253 {
4255 /* test ACE string type */
4259 /* test ACE string with spaces */
4263 { "D:(D ;;GA;;;WD)", SDDL_REVISION_1, FALSE, RPC_S_INVALID_STRING_UUID, ERROR_INVALID_ACL }, /* Vista+ */
4271 /* test ACE string access rights */
4276 { "D:(A;;GRGWGX;;;WD)", SDDL_REVISION_1, TRUE, 0, 0, GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE },
4277 { "D:(A;;RCSDWDWO;;;WD)", SDDL_REVISION_1, TRUE, 0, 0, READ_CONTROL | DELETE | WRITE_DAC | WRITE_OWNER },
4287 /* test ACE string access right error case */
4289 /* test behaviour with empty strings */
4291 /* test ACE string SID */
4294 { "D:(D;;GA;;;Nonexistent account)", SDDL_REVISION_1, FALSE, ERROR_INVALID_ACL, ERROR_INVALID_SID }, /* W2K */
4295 };
4296
4298 {
4300
4301 SetLastError(0xdeadbeef);
4305 ok(ret == cssd[i].ret, "(%02u) Expected %s (%ld)\n", i, cssd[i].ret ? "success" : "failure", GLE);
4311 {
4313 {
4314 ACCESS_ALLOWED_ACE *ace;
4315
4318
4319 ace = (ACCESS_ALLOWED_ACE *)(acl + 1);
4322 }
4323 LocalFree(pSD);
4324 }
4325 }
4326
4327 /* test behaviour with NULL parameters */
4328 SetLastError(0xdeadbeef);
4331 todo_wine
4333 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4334 GetLastError());
4335
4336 SetLastError(0xdeadbeef);
4340 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4341 GetLastError());
4342
4343 SetLastError(0xdeadbeef);
4347 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4348 GetLastError());
4349
4350 SetLastError(0xdeadbeef);
4354 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4355 GetLastError());
4356
4357 /* test behaviour with empty strings */
4358 SetLastError(0xdeadbeef);
4361 ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %ld\n", GetLastError());
4362 LocalFree(pSD);
4363
4364 SetLastError(0xdeadbeef);
4366 "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
4368 "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %lu\n", GetLastError());
4370
4371 /* empty DACL */
4372 size = 0;
4373 SetLastError(0xdeadbeef);
4374 ret = ConvertStringSecurityDescriptorToSecurityDescriptorA("D:", SDDL_REVISION_1, &pSD, &size);
4383 LocalFree(pSD);
4384
4385 /* empty SACL */
4386 size = 0;
4387 SetLastError(0xdeadbeef);
4388 ret = ConvertStringSecurityDescriptorToSecurityDescriptorA("S:", SDDL_REVISION_1, &pSD, &size);
4396 LocalFree(pSD);
4397}
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3032
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3062
Definition: setypes.h:848
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
Referenced by START_TEST().
◆ test_ConvertStringSidToSid()
Definition at line 248 of file security.c.
249{
251 { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
252 { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1" },
253 { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1" },
254 { { {0x00,0x00,0x00,0x00,0x01,0x02} }, "S-1-258-1" },
255 { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1" },
256 { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1" },
257 };
258 static const struct
259 {
263 }
264 str_to_sid_tests[] =
265 {
266 { "WD", "S-1-1-0" },
267 { "wD", "S-1-1-0" },
268 { "CO", "S-1-3-0" },
269 { "CG", "S-1-3-1" },
270 { "OW", "S-1-3-4", 1 }, /* Vista+ */
271 { "NU", "S-1-5-2" },
272 { "IU", "S-1-5-4" },
273 { "SU", "S-1-5-6" },
274 { "AN", "S-1-5-7" },
275 { "ED", "S-1-5-9" },
276 { "PS", "S-1-5-10" },
277 { "AU", "S-1-5-11" },
278 { "RC", "S-1-5-12" },
279 { "SY", "S-1-5-18" },
280 { "LS", "S-1-5-19" },
281 { "NS", "S-1-5-20" },
282 { "LA", "S-1-5-21-*-*-*-500" },
283 { "LG", "S-1-5-21-*-*-*-501" },
284 { "BO", "S-1-5-32-551" },
285 { "BA", "S-1-5-32-544" },
286 { "BU", "S-1-5-32-545" },
287 { "BG", "S-1-5-32-546" },
288 { "PU", "S-1-5-32-547" },
289 { "AO", "S-1-5-32-548" },
290 { "SO", "S-1-5-32-549" },
291 { "PO", "S-1-5-32-550" },
292 { "RE", "S-1-5-32-552" },
293 { "RU", "S-1-5-32-554" },
294 { "RD", "S-1-5-32-555" },
295 { "NO", "S-1-5-32-556" },
296 { "AC", "S-1-15-2-1", 1 }, /* Win8+ */
297 { "CA", "", 1 },
298 { "DA", "", 1 },
299 { "DC", "", 1 },
300 { "DD", "", 1 },
301 { "DG", "", 1 },
302 { "DU", "", 1 },
303 { "EA", "", 1 },
304 { "PA", "", 1 },
305 { "RS", "", 1 },
306 { "SA", "", 1 },
307#ifdef __REACTOS__
308 { "s-1-12-1", "S-1-12-1", 1 }, /* Crashes on ReactOS if not optional. ROSTESTS-418 */
309 { "S-0x1-0XC-0x1a", "S-1-12-26", 1 }, /* Crashes on ReactOS if not optional. ROSTESTS-418 */
310#else
311 { "s-1-12-1", "S-1-12-1" },
312 { "S-0x1-0XC-0x1a", "S-1-12-26" },
313#endif
314 };
315
316 const char noSubAuthStr[] = "S-1-5";
319 SID *pisid;
322
326 return;
328 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
329 GetLastError() );
330
333 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
334 GetLastError() );
335
338 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
339 GetLastError() );
340
343 "expected failure with no sub authorities\n" );
345 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
346 GetLastError() );
347
350 "expected failure with too many characters\n" );
352 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
353 GetLastError() );
354
357 "expected failure with too many characters\n" );
359 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
360 GetLastError() );
361
362 ok(ConvertStringSidToSidA("S-1-5-21-93476-23408-4576", &psid), "ConvertStringSidToSidA failed\n");
363 pisid = psid;
364 ok(pisid->SubAuthorityCount == 4, "Invalid sub authority count - expected 4, got %d\n", pisid->SubAuthorityCount);
365 ok(pisid->SubAuthority[0] == 21, "Invalid subauthority 0 - expected 21, got %ld\n", pisid->SubAuthority[0]);
366 ok(pisid->SubAuthority[3] == 4576, "Invalid subauthority 0 - expected 4576, got %ld\n", pisid->SubAuthority[3]);
368 LocalFree(psid);
369
371 {
373 &psid );
378 {
382 }
383 if( psid )
384 FreeSid( psid );
385
388 pisid = psid;
389 ok( pisid &&
392 "string sid %s didn't parse to expected value\n"
393 "(got 0x%04x%08lx, expected 0x%04x%08lx)\n",
394 refs[i].refStr,
404 if( psid )
405 LocalFree( psid );
406 }
407
409 {
411
414 {
416 continue;
417 }
419
422 {
423 LocalFree(psid);
424 continue;
425 }
426
430 LocalFree(psid);
432 }
433}
Definition: security.c:157
Referenced by START_TEST().
◆ test_create_process_token()
Definition at line 8052 of file security.c.
8053{
8058 SID_AND_ATTRIBUTES sid_attr;
8065
8079
8081
8082#ifdef __REACTOS__
8083 /* This block creates test failures on WS03 */
8085#endif
8089#ifdef __REACTOS__
8090 }
8091#endif
8092
8093 ret = CreateProcessAsUserA(GetCurrentProcessToken(), NULL, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
8097
8101 ok(ret || broken(GetLastError() == ERROR_ACCESS_DENIED) /* < 7 */, "got error %lu\n", GetLastError());
8104
8111
8118
8119 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE, &token);
8121
8126 ok(ret || broken(GetLastError() == ERROR_BAD_TOKEN_TYPE) /* < 7 */, "got error %lu\n", GetLastError());
8128 CloseHandle(token2);
8129
8132 sid_attr.Attributes = 0;
8138 CloseHandle(token2);
8139
8141
8143}
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessAsUserA(_In_opt_ HANDLE hToken, _In_opt_ LPCSTR lpApplicationName, _Inout_opt_ LPSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCSTR lpCurrentDirectory, _In_ LPSTARTUPINFOA lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
Definition: logon.c:939
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:533
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
Definition: processthreadsapi.h:65
Definition: setypes.h:502
Definition: processthreadsapi.h:15
Referenced by START_TEST().
◆ test_create_process_token_child()
Definition at line 8145 of file security.c.
Referenced by START_TEST().
◆ test_CreateDirectoryA()
Definition at line 3620 of file security.c.
3621{
3627 ACL_SIZE_INFORMATION acl_size;
3628 UNICODE_STRING tmpfileW;
3639 PACL pDacl;
3640
3642 {
3645 }
3646 if (!bret)
3647 {
3649 return;
3650 }
3659
3661 sa.lpSecurityDescriptor = pSD;
3665 pDacl = calloc(1, 100);
3669 GENERIC_ALL, user_sid);
3672 GENERIC_ALL, admin_sid);
3676
3681 free(pDacl);
3682
3683#ifdef __REACTOS__
3684 /* The rest of this test crashes on WS03, Vista, Win7, and Win8.1. */
3686 goto done;
3687#endif
3688 SetLastError(0xdeadbeef);
3693 {
3695 goto done;
3696 }
3700 LocalFree(pSD);
3701
3702 /* Test inheritance of ACLs in CreateFile without security descriptor */
3705
3709
3716 LocalFree(pSD);
3717 CloseHandle(hTemp);
3718
3719 /* Test inheritance of ACLs in CreateFile with security descriptor -
3720 * When a security descriptor is set, then inheritance doesn't take effect */
3721 pSD = &sd;
3728
3731
3733 sa.lpSecurityDescriptor = pSD;
3738 free(pDacl);
3739
3740 error = GetSecurityInfo(hTemp, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
3745 todo_wine
3747 acl_size.AceCount);
3748 LocalFree(pSD);
3749
3753 todo_wine
3756 {
3759 todo_wine
3761 acl_size.AceCount);
3762 LocalFree(pSD);
3763 }
3764 CloseHandle(hTemp);
3765
3766 /* Test inheritance of ACLs in NtCreateFile without security descriptor */
3770
3772 attr.RootDirectory = 0;
3773 attr.ObjectName = &tmpfileW;
3777
3781 RtlFreeUnicodeString(&tmpfileW);
3782
3789 LocalFree(pSD);
3790 CloseHandle(hTemp);
3791
3792 /* Test inheritance of ACLs in NtCreateFile with security descriptor -
3793 * When a security descriptor is set, then inheritance doesn't take effect */
3794 pSD = &sd;
3801
3805
3807 attr.RootDirectory = 0;
3808 attr.ObjectName = &tmpfileW;
3810 attr.SecurityDescriptor = pSD;
3812
3816 RtlFreeUnicodeString(&tmpfileW);
3817 free(pDacl);
3818
3819 error = GetSecurityInfo(hTemp, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
3824 todo_wine
3826 acl_size.AceCount);
3827 LocalFree(pSD);
3828
3832 todo_wine
3835 {
3838 todo_wine
3840 acl_size.AceCount);
3841 LocalFree(pSD);
3842 }
3843 CloseHandle(hTemp);
3844
3845done:
3849}
DWORD WINAPI GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1244
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: security.c:4102
BOOL WINAPI CreateDirectoryA(IN LPCSTR lpPathName, IN LPSECURITY_ATTRIBUTES lpSecurityAttributes)
Definition: dir.c:37
DWORD WINAPI GetTempPathA(IN DWORD nBufferLength, OUT LPSTR lpBuffer)
Definition: path.c:1973
BOOL WINAPI OpenThreadToken(HANDLE thread, DWORD access, BOOL self, HANDLE *handle)
Definition: security.c:836
static void test_inherited_dacl(PACL dacl, PSID admin_sid, PSID user_sid, DWORD flags, DWORD mask, BOOL todo_count, BOOL todo_sid, BOOL todo_flags, int line)
Definition: security.c:3567
static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
Definition: security.c:3549
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
Definition: env_spec_w32.h:870
Definition: umtypes.h:184
Definition: cookie.c:202
Referenced by START_TEST().
◆ test_CreateRestrictedToken()
Definition at line 5319 of file security.c.
5320{
5322 PTOKEN_GROUPS token_groups, groups2;
5323 LUID_AND_ATTRIBUTES lattr;
5324 SID_AND_ATTRIBUTES sattr;
5327 char privs_buffer[1000];
5329 PRIVILEGE_SET priv_set;
5331 BOOL is_member;
5333 LUID luid = { 0, 0 };
5336
5339
5343
5350
5352 {
5354 {
5356 break;
5357 }
5358 }
5360
5361 is_member = FALSE;
5365
5366 sattr.Sid = removed_sid;
5367 sattr.Attributes = 0;
5368 r_token = NULL;
5371
5372 is_member = TRUE;
5376
5383
5385 {
5387 {
5391 break;
5392 }
5393 }
5394
5395 free(groups2);
5396
5401
5406
5407 CloseHandle(r_token);
5408
5409 r_token = NULL;
5412
5417
5418 CloseHandle(r_token);
5419
5422
5424 {
5426 {
5428 break;
5429 }
5430 }
5432
5433 lattr.Luid = luid;
5434 lattr.Attributes = 0;
5435 r_token = NULL;
5438
5439 priv_set.PrivilegeCount = 1;
5440 priv_set.Control = 0;
5446
5449
5450 is_member = FALSE;
5452 {
5454 is_member = TRUE;
5455 }
5457
5458 CloseHandle(r_token);
5459
5460 removed_sid->SubAuthority[0] = 0xdeadbeef;
5462 r_token = NULL;
5465 CloseHandle(r_token);
5466
5467 free(token_groups);
5469 CloseHandle(process_token);
5470}
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:2066
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
Definition: setypes.h:73
Referenced by START_TEST().
◆ test_CreateWellKnownSid()
Definition at line 2137 of file security.c.
2138{
2144
2145 size = 0;
2146 SetLastError(0xdeadbeef);
2150 ok(error == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %lu\n", error);
2152
2153 SetLastError(0xdeadbeef);
2158
2163
2164 /* a domain sid usually have three subauthorities but we test that CreateWellKnownSid doesn't check it */
2165 AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2166
2168 {
2173
2175 continue;
2176
2177 /* some SIDs aren't implemented by all Windows versions - detect it */
2180 {
2182 continue;
2183 }
2184
2186 ok(CreateWellKnownSid(i, value->without_domain ? NULL : domainsid, sid_buffer, &cb), "Couldn't create well known sid %u\n", i);
2193
2195 {
2198 ok(CreateWellKnownSid(i, domainsid, buf2, &cb), "Couldn't create well known sid %u with optional domain\n", i);
2200 ok(memcmp(buf2, sid_buffer, cb) == 0, "SID create with domain is different than without (%u)\n", i);
2201 }
2202 }
2203
2204 FreeSid(domainsid);
2205}
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
static const struct well_known_sid_value well_known_sid_values[]
Definition: security.c:2098
Definition: pdh_main.c:96
Referenced by START_TEST().
◆ test_default_dacl_owner_group_sid()
Definition at line 6424 of file security.c.
6425{
6426 TOKEN_USER *token_user;
6427 TOKEN_OWNER *token_owner;
6428 TOKEN_PRIMARY_GROUP *token_primary_group;
6436 ACCESS_ALLOWED_ACE *ace;
6437
6440
6444
6446
6450
6456
6457 size = 0;
6458 ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, NULL, 0, &size );
6460
6462 ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, size, &size );
6464
6465 owner = (void *)0xdeadbeef;
6466 defaulted = TRUE;
6472
6474 defaulted = TRUE;
6479 ok( EqualSid( group, token_primary_group->PrimaryGroup ), "group shall equal token primary group\n" );
6480
6482 present = FALSE;
6483 defaulted = TRUE;
6489
6490 index = 0;
6491 found = FALSE;
6493 {
6495 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
6497 }
6499
6501 {
6502 index = 0;
6503 found = FALSE;
6505 {
6507 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
6509 }
6511 }
6512
6516
6517 free( token_primary_group );
6518 free( token_owner );
6519 free( token_user );
6520}
struct _SECURITY_ATTRIBUTES SECURITY_ATTRIBUTES
static TOKEN_USER * get_alloc_token_user(HANDLE token)
Definition: security.c:1757
static TOKEN_OWNER * get_alloc_token_owner(HANDLE token)
Definition: security.c:1775
static TOKEN_PRIMARY_GROUP * get_alloc_token_primary_group(HANDLE token)
Definition: security.c:1793
Referenced by START_TEST().
◆ test_default_handle_security()
|
static |
Definition at line 5512 of file security.c.
5513{
5516 PRIVILEGE_SET priv_set;
5518
5521
5522 priv_set_len = sizeof(priv_set);
5523 granted = 0xdeadbeef;
5524 status = 0xdeadbeef;
5525 SetLastError(0xdeadbeef);
5526 ret = AccessCheck(sd, token, MAXIMUM_ALLOWED, mapping, &priv_set, &priv_set_len, &granted, &status);
5527todo_wine {
5530 ok(granted == mapping->GenericAll, "expected all access %#lx, got %#lx\n", mapping->GenericAll, granted);
5531}
5532 priv_set_len = sizeof(priv_set);
5533 granted = 0xdeadbeef;
5534 status = 0xdeadbeef;
5535 SetLastError(0xdeadbeef);
5537todo_wine {
5541}
5542 priv_set_len = sizeof(priv_set);
5543 granted = 0xdeadbeef;
5544 status = 0xdeadbeef;
5545 SetLastError(0xdeadbeef);
5546 ret = AccessCheck(sd, token, ACCESS_SYSTEM_SECURITY, mapping, &priv_set, &priv_set_len, &granted, &status);
5547todo_wine {
5551}
5552 priv_set_len = sizeof(priv_set);
5553 granted = 0xdeadbeef;
5554 status = 0xdeadbeef;
5555 SetLastError(0xdeadbeef);
5556 ret = AccessCheck(sd, token, mapping->GenericRead, mapping, &priv_set, &priv_set_len, &granted, &status);
5557todo_wine {
5560 ok(granted == mapping->GenericRead, "expected read access %#lx, got %#lx\n", mapping->GenericRead, granted);
5561}
5562 priv_set_len = sizeof(priv_set);
5563 granted = 0xdeadbeef;
5564 status = 0xdeadbeef;
5565 SetLastError(0xdeadbeef);
5566 ret = AccessCheck(sd, token, mapping->GenericWrite, mapping, &priv_set, &priv_set_len, &granted, &status);
5567todo_wine {
5570 ok(granted == mapping->GenericWrite, "expected write access %#lx, got %#lx\n", mapping->GenericWrite, granted);
5571}
5572 priv_set_len = sizeof(priv_set);
5573 granted = 0xdeadbeef;
5574 status = 0xdeadbeef;
5575 SetLastError(0xdeadbeef);
5576 ret = AccessCheck(sd, token, mapping->GenericExecute, mapping, &priv_set, &priv_set_len, &granted, &status);
5577todo_wine {
5580 ok(granted == mapping->GenericExecute, "expected execute access %#lx, got %#lx\n", mapping->GenericExecute, granted);
5581}
5583}
static SECURITY_DESCRIPTOR * test_get_security_descriptor(HANDLE handle, int line)
Definition: security.c:176
static void validate_default_security_descriptor(SECURITY_DESCRIPTOR *sd)
Definition: security.c:5472
Referenced by test_event_security(), test_mutex_security(), test_named_pipe_security(), and test_semaphore_security().
◆ test_duplicate_handle_access()
Definition at line 7874 of file security.c.
7875{
7882 SID_AND_ATTRIBUTES sid_attr;
7888
7889 /* DuplicateHandle() validates access against the calling thread's token and
7890 * the target process's token. It does *not* validate access against the
7891 * calling process's token, even if the calling thread is not impersonating.
7892 */
7893
7894 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &token);
7896
7903
7914
7915 sid_attr.Sid = local_sid;
7916 sid_attr.Attributes = 0;
7922
7927
7930 CloseHandle(event2);
7931
7934 CloseHandle(event2);
7935
7936 ret = DuplicateHandle(GetCurrentProcess(), all_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7938 CloseHandle(event2);
7939
7940 ret = DuplicateHandle(GetCurrentProcess(), sync_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7942 CloseHandle(event2);
7943
7946
7950
7953 CloseHandle(event2);
7954
7955 SetLastError(0xdeadbeef);
7959
7960 ret = DuplicateHandle(GetCurrentProcess(), all_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7962 CloseHandle(event2);
7963
7964 SetLastError(0xdeadbeef);
7965 ret = DuplicateHandle(GetCurrentProcess(), sync_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7968
7971
7974 ret = CreateProcessAsUserA(restricted, NULL, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
7976
7977 ret = DuplicateHandle(GetCurrentProcess(), all_event, pi.hProcess, &event2, EVENT_MODIFY_STATE, FALSE, 0);
7979
7980 SetLastError(0xdeadbeef);
7981 ret = DuplicateHandle(GetCurrentProcess(), sync_event, pi.hProcess, &event2, EVENT_MODIFY_STATE, FALSE, 0);
7984
7987
7988 CloseHandle(impersonation);
7989 CloseHandle(restricted);
7991 CloseHandle(sync_event);
7992 CloseHandle(all_event);
7993}
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:137
static DWORD WINAPI duplicate_handle_access_thread(void *arg)
Definition: security.c:7853
Referenced by START_TEST().
◆ test_duplicate_handle_access_child()
Definition at line 7995 of file security.c.
7996{
7999
8003
8006 CloseHandle(event2);
8007
8008 SetLastError(0xdeadbeef);
8012
8015
8016 SetLastError(0xdeadbeef);
8017 ret = DuplicateHandle(process, event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
8020
8026
8027 SetLastError(0xdeadbeef);
8031
8032 SetLastError(0xdeadbeef);
8033 ret = DuplicateHandle(process, event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
8036
8041}
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
Definition: proc.c:1225
#define PROCESS_DUP_HANDLE
Definition: dbghelp_private.h:428
#define DUPLICATE_SAME_ACCESS
Referenced by START_TEST().
◆ test_duplicate_token()
Definition at line 8237 of file security.c.
8238{
8239 const DWORD orig_access = TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_PRIVILEGES;
8240 char prev_privs_buffer[128], ret_privs_buffer[1024];
8244 TOKEN_PRIVILEGES privs;
8251
8254
8255 /* Disable a privilege, to see if that privilege modification is preserved
8256 * in the duplicated tokens. */
8257 privs.PrivilegeCount = 1;
8261 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8263
8270 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8274 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8275 CloseHandle(token2);
8276
8279 TEST_GRANTED_ACCESS(token2, orig_access);
8283 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8287 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8288 CloseHandle(token2);
8289
8290 ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, NULL, SecurityAnonymous, TokenPrimary, &token2);
8293 CloseHandle(token2);
8294
8295 ret = DuplicateTokenEx(token, TOKEN_QUERY_SOURCE, NULL, SecurityAnonymous, TokenPrimary, &token2);
8298 CloseHandle(token2);
8299
8302 TEST_GRANTED_ACCESS(token2, orig_access);
8306 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8310 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8311 CloseHandle(token2);
8312
8315 TEST_GRANTED_ACCESS(token2, orig_access);
8319 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8323 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8324 CloseHandle(token2);
8325
8328 TEST_GRANTED_ACCESS(token2, orig_access);
8329 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8333 CloseHandle(token2);
8334
8338 attr.SecurityQualityOfService = &qos;
8341 TEST_GRANTED_ACCESS(token2, orig_access);
8345 CloseHandle(token2);
8346
8348 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8350
8352}
static const LUID_AND_ATTRIBUTES * find_privilege(const TOKEN_PRIVILEGES *privs, const LUID *luid)
Definition: security.c:8224
Definition: lsa.idl:63
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1871
Referenced by START_TEST().
◆ test_elevation()
Definition at line 8457 of file security.c.
8458{
8459 TOKEN_LINKED_TOKEN linked, linked2;
8461 TOKEN_ELEVATION elevation;
8464
8465#ifdef __REACTOS__
8468 return;
8469 }
8470#endif
8474
8477 orig_type = type;
8482 {
8485 return;
8486 }
8488
8490 {
8493 }
8495 {
8498
8503 ret = GetTokenInformation(linked.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8509 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8512
8513 /* Asking for the linked token again gives us a different token. */
8516
8517 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8520 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8523
8525
8527
8528 /* Asking for the linked token's linked token gives us a new limited token. */
8529 ret = GetTokenInformation(linked.LinkedToken, TokenLinkedToken, &linked2, sizeof(linked2), &size);
8531
8532 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8535 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8538
8540
8542
8544
8549
8554 }
8555 else
8556 {
8559
8564 ret = GetTokenInformation(linked.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8570 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8573
8574 /* Asking for the linked token again gives us a different token. */
8577
8578 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8581 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8584
8586
8588
8589 /* Asking for the linked token's linked token gives us a new elevated token. */
8590 ret = GetTokenInformation(linked.LinkedToken, TokenLinkedToken, &linked2, sizeof(linked2), &size);
8592
8593 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8596 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8599
8601
8603
8605
8610
8615 }
8616
8617 ret = DuplicateTokenEx(token, TOKEN_ALL_ACCESS, NULL, SecurityAnonymous, TokenPrimary, &token2);
8624 ok(elevation.TokenIsElevated == (type == TokenElevationTypeFull), "got elevation %#lx\n", elevation.TokenIsElevated);
8628 {
8633 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8637 }
8638 else
8640 CloseHandle(token2);
8641
8649 ok(elevation.TokenIsElevated == (type == TokenElevationTypeFull), "got elevation %#lx\n", elevation.TokenIsElevated);
8654 else
8657 CloseHandle(token2);
8658
8660 {
8661 char prev_privs_buffer[128], acl_buffer[256], prev_acl_buffer[256];
8665 TOKEN_DEFAULT_DACL default_acl;
8666 PRIVILEGE_SET priv_set;
8669 ACL acl;
8670
8671 /* Linked tokens do not preserve privilege modifications. */
8672
8673 privs.PrivilegeCount = 1;
8677 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8679
8680 priv_set.PrivilegeCount = 1;
8681 priv_set.Control = 0;
8686
8689
8693
8695
8698
8699 /* Linked tokens do not preserve default DACL modifications. */
8700
8704
8706 default_acl.DefaultDacl = &acl;
8709
8713
8716
8717 ret = GetTokenInformation(linked.LinkedToken, TokenDefaultDacl, ret_acl, sizeof(acl_buffer), &size);
8720
8722
8725 }
8726
8728}
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:437
static void check_different_token(HANDLE token1, HANDLE token2)
Definition: security.c:8443
Definition: setypes.h:1047
Definition: setypes.h:1068
Definition: setypes.h:1064
Referenced by START_TEST().
◆ test_EqualDomainSid()
Definition at line 7790 of file security.c.
7791{
7798
7799 ret = AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
7801
7802 SetLastError(0xdeadbeef);
7806
7807 SetLastError(0xdeadbeef);
7811
7813 {
7815
7818 {
7820 continue;
7821 }
7822
7823 equal = 0xdeadbeef;
7824 SetLastError(0xdeadbeef);
7827 {
7831 continue;
7832 }
7833
7837
7839 ret = CreateWellKnownSid(i, well_known_sid_values[i].without_domain ? NULL : domainsid, sid2, &size);
7841
7842 equal = 0xdeadbeef;
7843 SetLastError(0xdeadbeef);
7848 }
7849
7850 FreeSid(domainsid);
7851}
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
Definition: security.c:4184
Referenced by START_TEST().
◆ test_EqualSid()
Definition at line 5109 of file security.c.
5110{
5111 PSID sid1, sid2;
5115
5116 SetLastError(0xdeadbeef);
5118 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &sid1);
5120 {
5122 return;
5123 }
5126 "AllocateAndInitializeSid shouldn't have set last error to %ld\n",
5127 GetLastError());
5128
5130 0, 0, 0, 0, 0, 0, 0, &sid2);
5132
5133 SetLastError(0xdeadbeef);
5137 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5138 GetLastError());
5139
5140 SetLastError(0xdeadbeef);
5141 sid2 = FreeSid(sid2);
5144 "FreeSid shouldn't have set last error to %ld\n",
5145 GetLastError());
5146
5148 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &sid2);
5150
5151#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
5152 SetLastError(0xdeadbeef);
5157 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5158 GetLastError());
5159#endif
5160
5161 ((SID *)sid2)->Revision = 2;
5162 SetLastError(0xdeadbeef);
5166 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5167 GetLastError());
5169
5170 FreeSid(sid1);
5171 FreeSid(sid2);
5172}
Referenced by START_TEST().
◆ test_event_security()
Definition at line 5653 of file security.c.
5654{
5661 static const struct
5662 {
5663 int generic, mapped;
5664 } map[] =
5665 {
5666 { 0, 0 },
5671 };
5672
5673 SetLastError(0xdeadbeef);
5677
5678 SetLastError(0xdeadbeef);
5681
5684
5686 {
5687 SetLastError( 0xdeadbeef );
5691
5694
5696
5697 SetLastError(0xdeadbeef);
5699 todo_wine
5701 todo_wine
5703 }
5704
5706
5708}
static void test_default_handle_security(HANDLE token, HANDLE handle, GENERIC_MAPPING *mapping)
Definition: security.c:5512
Referenced by test_kernel_objects_security().
◆ test_file_security()
Definition at line 5866 of file security.c.
5867{
5870 static const struct
5871 {
5872 int generic, mapped;
5873 } map[] =
5874 {
5875 { 0, 0 },
5880 };
5884
5887
5888 /* file */
5889 SetLastError(0xdeadbeef);
5892
5895
5897 {
5898 SetLastError( 0xdeadbeef );
5902
5905
5907 }
5908
5910
5911 SetLastError(0xdeadbeef);
5914
5916 ok(access == (FILE_READ_ATTRIBUTES | SYNCHRONIZE), "expected FILE_READ_ATTRIBUTES | SYNCHRONIZE, got %#lx\n", access);
5917
5918 bytes = 0xdeadbeef;
5919 SetLastError(0xdeadbeef);
5922 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
5924
5926
5927 SetLastError(0xdeadbeef);
5930
5932 ok(access == (FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES), "expected FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES, got %#lx\n", access);
5933
5934 bytes = 0xdeadbeef;
5935 SetLastError(0xdeadbeef);
5938 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
5940
5943
5944 /* directory */
5945 SetLastError(0xdeadbeef);
5946 file = CreateFileA(temp_path, GENERIC_ALL, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
5948
5951
5953 {
5954 SetLastError( 0xdeadbeef );
5958
5961
5963 }
5964
5966
5967 SetLastError(0xdeadbeef);
5970
5972 ok(access == (FILE_READ_ATTRIBUTES | SYNCHRONIZE), "expected FILE_READ_ATTRIBUTES | SYNCHRONIZE, got %#lx\n", access);
5973
5975
5976 SetLastError(0xdeadbeef);
5977 file = CreateFileA(temp_path, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
5979
5981 ok(access == (FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES), "expected FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES, got %#lx\n", access);
5982
5984}
UINT WINAPI GetTempFileNameA(IN LPCSTR lpPathName, IN LPCSTR lpPrefixString, IN UINT uUnique, OUT LPSTR lpTempFileName)
Definition: filename.c:26
Referenced by test_kernel_objects_security().
◆ test_filemap_security()
Definition at line 5986 of file security.c.
5987{
5992 static const struct
5993 {
5994 int generic, mapped;
5995 BOOL open_only;
5996 } map[] =
5997 {
5998 { 0, 0 },
6008 };
6009 static const struct
6010 {
6011 int prot, mapped;
6012 } prot_map[] =
6013 {
6014 { 0, 0 },
6015 { PAGE_NOACCESS, 0 },
6017 { PAGE_READWRITE, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE },
6019 { PAGE_EXECUTE, 0 },
6020 { PAGE_EXECUTE_READ, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_EXECUTE },
6021 { PAGE_EXECUTE_READWRITE, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE },
6022 { PAGE_EXECUTE_WRITECOPY, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_EXECUTE }
6023 };
6024
6027
6028 SetLastError(0xdeadbeef);
6029 file = CreateFileA(file_name, GENERIC_READ|GENERIC_WRITE|GENERIC_EXECUTE, 0, NULL, CREATE_ALWAYS, 0, 0);
6033
6035 {
6037
6038 SetLastError(0xdeadbeef);
6041 {
6043 }
6044 else
6045 {
6047 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
6048 continue;
6049 }
6050
6052 ok(access == prot_map[i].mapped, "%ld: expected %#x, got %#lx\n", i, prot_map[i].mapped, access);
6053
6055 }
6056
6057 SetLastError(0xdeadbeef);
6060
6062 ok(access == (STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE),
6063 "expected STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE, got %#lx\n", access);
6064
6066 {
6068
6069 SetLastError( 0xdeadbeef );
6073
6076
6078 }
6079
6083
6085 "Wine Test Open Mapping");
6087
6089 {
6091
6098 }
6099
6100 CloseHandle(created_mapping);
6101}
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
Definition: filemap.c:23
HANDLE NTAPI OpenFileMappingA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: filemap.c:284
Referenced by test_kernel_objects_security().
◆ test_FileSecurity()
Definition at line 793 of file security.c.
794{
799 DWORD sdSize, retSize, rc, granted, priv_set_len;
800 PRIVILEGE_SET priv_set;
806 | DACL_SECURITY_INFORMATION;
807
810 return;
811 }
812
813 /* Create a temporary directory and in it a temporary file */
815 SetLastError(0xdeadbeef);
819
821 SetLastError(0xdeadbeef);
825 CloseHandle (fh);
826
827 /* For the temporary file ... */
828
829 /* Get size needed */
830 retSize = 0;
831 SetLastError(0xdeadbeef);
836 }
842
843 sdSize = retSize;
845
846 /* Get security descriptor for real */
847 retSize = -1;
848 SetLastError(0xdeadbeef);
852 ok (retSize == sdSize,
853 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
854
855 /* Use it to set security descriptor */
856 SetLastError(0xdeadbeef);
860
862
863 /* Repeat for the temporary directory ... */
864
865 /* Get size needed */
866 retSize = 0;
867 SetLastError(0xdeadbeef);
874
875 sdSize = retSize;
877
878 /* Get security descriptor for real */
879 retSize = -1;
880 SetLastError(0xdeadbeef);
884 ok (retSize == sdSize,
885 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
886
887 /* Use it to set security descriptor */
888 SetLastError(0xdeadbeef);
893
894 /* Old test */
896 SetLastError(0xdeadbeef);
901
902cleanup:
903 /* Remove temporary file and directory */
906
907 /* Test file access permissions for a file with FILE_ATTRIBUTE_ARCHIVE */
908 SetLastError(0xdeadbeef);
911
912 SetLastError(0xdeadbeef);
915
919
920 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
921 NULL, 0, &sdSize);
926
928 retSize = 0xdeadbeef;
929 SetLastError(0xdeadbeef);
930 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
931 sd, sdSize, &retSize);
934
935 SetLastError(0xdeadbeef);
939
940 SetLastError(0xdeadbeef);
943
944 SetLastError(0xdeadbeef);
947
948 SetLastError(0xdeadbeef);
949 rc = RevertToSelf();
951
952 priv_set_len = sizeof(priv_set);
953 granted = 0xdeadbeef;
954 status = 0xdeadbeef;
955 SetLastError(0xdeadbeef);
956 rc = AccessCheck(sd, token, FILE_READ_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
960
961 granted = 0xdeadbeef;
962 status = 0xdeadbeef;
963 SetLastError(0xdeadbeef);
964 rc = AccessCheck(sd, token, FILE_WRITE_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
968
969 granted = 0xdeadbeef;
970 status = 0xdeadbeef;
971 SetLastError(0xdeadbeef);
972 rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
976
977 granted = 0xdeadbeef;
978 status = 0xdeadbeef;
979 SetLastError(0xdeadbeef);
984
985 granted = 0xdeadbeef;
986 status = 0xdeadbeef;
987 SetLastError(0xdeadbeef);
988 rc = AccessCheck(sd, token, FILE_DELETE_CHILD, &mapping, &priv_set, &priv_set_len, &granted, &status);
992
993 granted = 0xdeadbeef;
994 status = 0xdeadbeef;
995 SetLastError(0xdeadbeef);
1000
1001 granted = 0xdeadbeef;
1002 status = 0xdeadbeef;
1003 SetLastError(0xdeadbeef);
1004 rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
1008
1009 SetLastError(0xdeadbeef);
1010 rc = AccessCheck(sd, token, 0xffffffff, &mapping, &priv_set, &priv_set_len, &granted, &status);
1012 ok(GetLastError() == ERROR_GENERIC_NOT_MAPPED, "expected ERROR_GENERIC_NOT_MAPPED, got %ld\n", GetLastError());
1013
1014 /* Test file access permissions for a file with FILE_ATTRIBUTE_READONLY */
1015 SetLastError(0xdeadbeef);
1016 fh = CreateFileA(file, FILE_READ_DATA, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, 0);
1018 retSize = 0xdeadbeef;
1019 SetLastError(0xdeadbeef);
1022 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
1024 CloseHandle(fh);
1025
1028 todo_wine
1030 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1031
1032 SetLastError(0xdeadbeef);
1035 SetLastError(0xdeadbeef);
1038
1039 SetLastError(0xdeadbeef);
1040 fh = CreateFileA(file, FILE_READ_DATA, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, 0);
1042 retSize = 0xdeadbeef;
1043 SetLastError(0xdeadbeef);
1046 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
1048 CloseHandle(fh);
1049
1053 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1054
1055 retSize = 0xdeadbeef;
1056 SetLastError(0xdeadbeef);
1057 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
1058 sd, sdSize, &retSize);
1061
1062 priv_set_len = sizeof(priv_set);
1063 granted = 0xdeadbeef;
1064 status = 0xdeadbeef;
1065 SetLastError(0xdeadbeef);
1066 rc = AccessCheck(sd, token, FILE_READ_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
1070
1071 granted = 0xdeadbeef;
1072 status = 0xdeadbeef;
1073 SetLastError(0xdeadbeef);
1074 rc = AccessCheck(sd, token, FILE_WRITE_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
1076todo_wine {
1079}
1080 granted = 0xdeadbeef;
1081 status = 0xdeadbeef;
1082 SetLastError(0xdeadbeef);
1083 rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
1087
1088 granted = 0xdeadbeef;
1089 status = 0xdeadbeef;
1090 SetLastError(0xdeadbeef);
1095
1096 granted = 0xdeadbeef;
1097 status = 0xdeadbeef;
1098 SetLastError(0xdeadbeef);
1099 rc = AccessCheck(sd, token, WRITE_OWNER, &mapping, &priv_set, &priv_set_len, &granted, &status);
1103
1104 granted = 0xdeadbeef;
1105 status = 0xdeadbeef;
1106 SetLastError(0xdeadbeef);
1107 rc = AccessCheck(sd, token, SYNCHRONIZE, &mapping, &priv_set, &priv_set_len, &granted, &status);
1111
1112 granted = 0xdeadbeef;
1113 status = 0xdeadbeef;
1114 SetLastError(0xdeadbeef);
1115 rc = AccessCheck(sd, token, FILE_DELETE_CHILD, &mapping, &priv_set, &priv_set_len, &granted, &status);
1117todo_wine {
1120}
1121 granted = 0xdeadbeef;
1122 status = 0xdeadbeef;
1123 SetLastError(0xdeadbeef);
1126todo_wine {
1129}
1130 granted = 0xdeadbeef;
1131 status = 0xdeadbeef;
1132 SetLastError(0xdeadbeef);
1133 rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
1135todo_wine {
1138}
1139 SetLastError(0xdeadbeef);
1142 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
1143 SetLastError(0xdeadbeef);
1146 SetLastError(0xdeadbeef);
1149
1152}
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:1631
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1479
BOOL WINAPI GetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1373
BOOL WINAPI SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
Definition: fileinfo.c:760
BOOL WINAPI WriteFile(IN HANDLE hFile, IN LPCVOID lpBuffer, IN DWORD nNumberOfBytesToWrite OPTIONAL, OUT LPDWORD lpNumberOfBytesWritten, IN LPOVERLAPPED lpOverlapped OPTIONAL)
Definition: rw.c:24
#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Definition: ntifs_ex.h:384
Definition: wbemprox_private.h:188
Definition: tftpd.h:86
Referenced by START_TEST().
◆ test_get_security_descriptor()
|
static |
Definition at line 176 of file security.c.
177{
178 /* use free(sd); when done */
181
182 needed = 0xdeadbeef;
183 SetLastError(0xdeadbeef);
184 ret = GetKernelObjectSecurity(handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
185 NULL, 0, &needed);
187 ok_(__FILE__, line)(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
188 ok_(__FILE__, line)(needed != 0xdeadbeef, "GetKernelObjectSecurity should return required buffer length\n");
189
190 length = needed;
192
193 needed = 0xdeadbeef;
194 SetLastError(0xdeadbeef);
195 ret = GetKernelObjectSecurity(handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
198 ok_(__FILE__, line)(needed == length || needed == 0 /* file, pipe */, "GetKernelObjectSecurity should return %lu instead of %lu\n", length, needed);
200}
Referenced by test_default_handle_security(), test_group_equal(), and test_owner_equal().
◆ test_GetExplicitEntriesFromAclW()
Definition at line 7599 of file security.c.
7600{
7606 EXPLICIT_ACCESSW *access2;
7610
7611 old_acl = malloc(256);
7614
7615 res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
7617
7619 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
7621
7624
7625 access2 = NULL;
7627 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7629 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7630 ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7631 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7632 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7634 LocalFree(access2);
7635
7638
7644 access.Trustee.ptstrName = everyone_sid;
7648
7649 access2 = NULL;
7651 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7653 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7654 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7656 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7657 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7658 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7660 LocalFree(access2);
7661 LocalFree(new_acl);
7662
7667
7668 access2 = NULL;
7670 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7672 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7673 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7675 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7676 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7677 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7679 LocalFree(access2);
7680 LocalFree(new_acl);
7681
7687
7688 access2 = NULL;
7690 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7692 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7693 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7695 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7696 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7697 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7698 LocalFree(access2);
7699 LocalFree(new_acl);
7700
7703 access.Trustee.ptstrName = users_sid;
7707
7708 access2 = (void *)0xdeadbeef;
7710 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7713 LocalFree(new_acl);
7714
7715 /* Make the ACL both Allow and Deny Everyone. */
7720 /* Revoke Everyone. */
7721 access.Trustee.ptstrName = everyone_sid;
7723 access.grfAccessPermissions = 0;
7724 new_acl = NULL;
7728 /* Deny Everyone should remain (along with Grant Users from earlier). */
7729 access2 = NULL;
7731 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7733#ifdef __REACTOS__
7734 if (!access2) {
7736 } else {
7737#endif
7738 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7739 ok(access2[0].grfAccessPermissions == KEY_READ , "Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7741 ok(access2[1].grfAccessMode == DENY_ACCESS, "Expected DENY_ACCESS, got %d\n", access2[1].grfAccessMode);
7742 ok(access2[1].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[1].grfAccessPermissions);
7744 LocalFree(access2);
7745#ifdef __REACTOS__
7746 }
7747#endif
7748
7749 FreeSid(users_sid);
7750 FreeSid(everyone_sid);
7751 free(old_acl);
7752}
DWORD WINAPI SetEntriesInAclW(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_W pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
Definition: ac.c:199
DWORD WINAPI GetExplicitEntriesFromAclW(PACL pacl, PULONG pcCountOfExplicitEntries, PEXPLICIT_ACCESS_W *pListOfExplicitEntries)
Definition: ac.c:648
Definition: accctrl.h:340
Referenced by START_TEST().
◆ test_GetKernelObjectSecurity()
Definition at line 8354 of file security.c.
8355{
8356 /* Basic tests for parameter validation. */
8357
8363 ACL *acl;
8364
8365 SetLastError(0xdeadbeef);
8366 size = 0xdeadbeef;
8371
8372 SetLastError(0xdeadbeef);
8376
8377 SetLastError(0xdeadbeef);
8378 size = 0xdeadbeef;
8379 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, NULL, 0, &size);
8383
8385
8386 SetLastError(0xdeadbeef);
8387 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, size - 1, &ret_size);
8391
8392 SetLastError(0xdeadbeef);
8393 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, size + 1, &ret_size);
8397
8399
8400 /* Calling the function with flags not defined succeeds and yields an empty
8401 * descriptor. */
8402
8403 SetLastError(0xdeadbeef);
8407
8409 SetLastError(0xdeadbeef);
8414
8419
8424
8429
8433 /* the descriptor is defaulted only on Windows >= 7 */
8434
8438 /* the descriptor is defaulted only on Windows >= 7 */
8439
8441}
Referenced by START_TEST().
◆ test_GetNamedSecurityInfoA()
Definition at line 3851 of file security.c.
3852{
3860 char invalid_path[] = "/an invalid file path";
3862 char software_key[] = "MACHINE\\Software";
3865 ACL_SIZE_INFORMATION acl_size;
3867 PSECURITY_DESCRIPTOR pSD;
3868 ACCESS_ALLOWED_ACE *ace;
3872 BOOL owner_defaulted;
3873 BOOL group_defaulted;
3874 BOOL dacl_defaulted;
3877 BOOL dacl_present;
3878 PACL pDacl;
3881
3883 {
3886 }
3887 if (!bret)
3888 {
3890 return;
3891 }
3900
3903
3904#ifdef __REACTOS__
3905 /* The rest of this test crashes on WS03, Vista, Win7, and Win8.1 */
3908 return;
3909 }
3910#endif
3911 SetLastError(0xdeadbeef);
3916 {
3919 return;
3920 }
3922
3928
3929 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
3932
3936 LocalFree(pSD);
3937
3938
3939 /* NULL descriptor tests */
3940
3944
3945 pDacl = NULL;
3950 LocalFree(pSD);
3951
3955
3956 /* Test behavior of SetNamedSecurityInfo with an invalid path */
3957 SetLastError(0xdeadbeef);
3962
3963 /* Create security descriptor information and test that it comes back the same */
3964 pSD = &sd;
3965 pDacl = malloc(100);
3979 SetLastError(0xdeadbeef);
3982 free(pDacl);
3984 {
3987 CloseHandle(hTemp);
3988 return;
3989 }
3991 SetLastError(0xdeadbeef);
3995 {
3998 CloseHandle(hTemp);
3999 return;
4000 }
4002
4006 {
4015 ace->Mask);
4016 }
4018 {
4021 bret = EqualSid(&ace->SidStart, admin_sid);
4023 "Administators Group ACE (%s) != Administators Group SID (%s).\n",
4026 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
4028 "Administators Group ACE has unexpected mask (0x%lx != 0x1f01ff)\n", ace->Mask);
4029 }
4030 LocalFree(pSD);
4031
4032 /* show that setting empty DACL is not removing all file permissions */
4039 free(pDacl);
4040
4044
4048 {
4053 }
4054 LocalFree(pSD);
4055
4060
4061 /* test setting NULL DACL */
4065
4070 LocalFree(pSD);
4071
4076
4077 /* NtSetSecurityObject doesn't inherit DACL entries */
4080 pDacl = malloc(100);
4087
4092
4096
4101
4106
4111
4112 /* test if DACL is properly mapped to permission */
4123
4128
4139
4143 free(pDacl);
4145 CloseHandle(hTemp);
4146
4147 /* Test querying the ownership of a built-in registry key */
4148 sid_size = sizeof(system_ptr);
4154
4155 bret = AllocateAndInitializeSid(&SIDAuthNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &localsys_sid);
4157
4158 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
4162 "MACHINE\\Software owner SID (%s) != Administrators SID (%s) or Local System Sid (%s).\n",
4164
4170 "MACHINE\\Software group SID (%s) != Local System SID (%s or %s)\n",
4172 LocalFree(pSD);
4173
4174 /* Test querying the DACL of a built-in registry key */
4175 sid_size = sizeof(users_ptr);
4180
4181 bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
4189 {
4192 bret = EqualSid(&ace->SidStart, users_sid);
4194 bret = EqualSid(&ace->SidStart, admin_sid);
4196 }
4198 "Builtin Users ACE not found.\n");
4199 if (users_ace_id != -1)
4200 {
4212 "Builtin Users ACE has unexpected mask (0x%lx != 0x%x)\n",
4213 ace->Mask, GENERIC_READ);
4214 }
4216 if (admins_ace_id != -1)
4217 {
4230 }
4231
4232 FreeSid(localsys_sid);
4233 LocalFree(pSD);
4234}
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: security.c:2498
UINT WINAPI GetWindowsDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
Definition: path.c:2256
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sec.c:238
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: ms-dtyp.idl:209
Referenced by START_TEST().
◆ test_GetSecurityInfo()
Definition at line 4721 of file security.c.
4722{
4723 char domain_users_ptr[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
4733 BOOL owner_defaulted, group_defaulted;
4734 BOOL dacl_defaulted, dacl_present;
4735 ACL_SIZE_INFORMATION acl_size;
4736 PSECURITY_DESCRIPTOR pSD;
4737 ACCESS_ALLOWED_ACE *ace;
4741 PACL pDacl;
4744
4746 {
4747 SE_FILE_OBJECT,
4748 SE_KERNEL_OBJECT,
4749 SE_WMIGUID_OBJECT,
4750 };
4751
4753 {
4754 SE_UNKNOWN_OBJECT_TYPE,
4755 SE_DS_OBJECT,
4756 SE_DS_OBJECT_ALL,
4758 SE_REGISTRY_WOW64_32KEY,
4759 SE_REGISTRY_WOW64_64KEY,
4760 0xdeadbeef,
4761 };
4762
4764 {
4767 }
4768 if (!bret)
4769 {
4771 return;
4772 }
4777
4778 /* Create something. Files have lots of associated security info. */
4782 {
4784 return;
4785 }
4786
4791 {
4794 return;
4795 }
4802 else
4804
4805 LocalFree(pSD);
4806
4807 /* If we don't ask for the security descriptor, Windows will still give us
4808 the other stuff, leaving us no way to free it. */
4817 else
4819
4820 /* Create security descriptor information and test that it comes back the same */
4821 pSD = &sd;
4843 {
4846#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
4850#endif
4854 ace->Mask);
4855 }
4857 {
4860#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
4861 bret = EqualSid(&ace->SidStart, admin_sid);
4862 todo_wine ok(bret, "Administators Group ACE (%s) != Administators Group SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
4863#endif
4865 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
4867 ace->Mask);
4868 }
4869 LocalFree(pSD);
4871
4872 /* Obtain the "domain users" SID from the user SID */
4874 *GetSidSubAuthority(user_sid, 1),
4875 *GetSidSubAuthority(user_sid, 2),
4876 *GetSidSubAuthority(user_sid, 3), 0, 0, 0, 0, &domain_sid))
4877 {
4879 return;
4880 }
4881 sid_size = sizeof(domain_users_ptr);
4882 CreateWellKnownSid(WinAccountDomainUsersSid, domain_sid, domain_users_sid, &sid_size);
4883 FreeSid(domain_sid);
4884
4885 /* Test querying the ownership of a process */
4890
4891 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
4895 "Process owner SID != Administrators SID.\n");
4896
4901 LocalFree(pSD);
4902
4903 /* Test querying the DACL of a process */
4907
4908 bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
4916 {
4919 bret = EqualSid(&ace->SidStart, domain_users_sid);
4921 bret = EqualSid(&ace->SidStart, admin_sid);
4923 }
4925 "Domain Users ACE not found.\n");
4926 if (domain_users_ace_id != -1)
4927 {
4935 ace->Mask, GENERIC_READ);
4936 }
4938 "Builtin Admins ACE not found.\n");
4939 if (admins_ace_id != -1)
4940 {
4947 }
4948 LocalFree(pSD);
4949
4950 ret = GetSecurityInfo(NULL, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
4952
4956 LocalFree(pSD);
4957
4961
4963 {
4965
4969
4973 LocalFree(pSD);
4974
4978 LocalFree(pSD);
4979
4983
4987
4988 winetest_pop_context();
4989 }
4990
4994
4998
5000
5002 {
5004
5008
5012
5016
5020
5021 winetest_pop_context();
5022 }
5023}
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1295
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl winetest_push_context(const char *fmt,...) __WINE_PRINTF_ATTR(1
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl void winetest_pop_context(void)
struct _TOKEN_USER TOKEN_USER
Referenced by START_TEST().
◆ test_GetSidIdentifierAuthority()
Definition at line 7042 of file security.c.
7043{
7048
7052
7053 SetLastError(0xdeadbeef);
7057
7058 SetLastError(0xdeadbeef);
7062}
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID sid)
Definition: security.c:333
Referenced by START_TEST().
◆ test_GetSidSubAuthority()
Definition at line 5025 of file security.c.
5026{
5028
5029 /* Note: on windows passing in an invalid index like -1, lets GetSidSubAuthority return 0x05000000 but
5030 still GetLastError returns ERROR_SUCCESS then. We don't test these unlikely cornercases here for now */
5031 ok(ConvertStringSidToSidA("S-1-5-21-93476-23408-4576",&psid),"ConvertStringSidToSidA failed\n");
5033 SetLastError(0xbebecaca);
5034 ok(*GetSidSubAuthorityCount(psid) == 4,"GetSidSubAuthorityCount gave %d expected 4\n", *GetSidSubAuthorityCount(psid));
5036 SetLastError(0xbebecaca);
5037 ok(*GetSidSubAuthority(psid,0) == 21,"GetSidSubAuthority gave %ld expected 21\n", *GetSidSubAuthority(psid,0));
5039 SetLastError(0xbebecaca);
5040 ok(*GetSidSubAuthority(psid,1) == 93476,"GetSidSubAuthority gave %ld expected 93476\n", *GetSidSubAuthority(psid,1));
5042 SetLastError(0xbebecaca);
5043 ok(GetSidSubAuthority(psid,4) != NULL,"Expected out of bounds GetSidSubAuthority to return a non-NULL pointer\n");
5045 LocalFree(psid);
5046}
Referenced by START_TEST().
◆ test_GetTokenInformation()
Definition at line 2045 of file security.c.
Referenced by START_TEST().
◆ test_GetUserNameA()
Definition at line 5174 of file security.c.
5175{
5177 DWORD required_len, buffer_len;
5179
5180 /* Test crashes on Windows. */
5181 if (0)
5182 {
5183 SetLastError(0xdeadbeef);
5185 }
5186
5187 SetLastError(0xdeadbeef);
5188 required_len = 0;
5193
5194 SetLastError(0xdeadbeef);
5195 required_len = 1;
5200
5201 /* Tests crashes on Windows. */
5202 if (0)
5203 {
5204 SetLastError(0xdeadbeef);
5205 required_len = UNLEN + 1;
5207
5208 SetLastError(0xdeadbeef);
5210 }
5211
5213
5214 /* Note that GetUserNameA on XP and newer outputs the number of bytes
5215 * required for a Unicode string, which affects a test in the next block. */
5216 SetLastError(0xdeadbeef);
5218 required_len = 0;
5224
5225 SetLastError(0xdeadbeef);
5227 buffer_len = required_len;
5231 ok(buffer_len == required_len ||
5233 "Outputted buffer length was %lu\n", buffer_len);
5235
5236 /* Use the reported buffer size from the last GetUserNameA call and pass
5237 * a length that is one less than the required value. */
5238 SetLastError(0xdeadbeef);
5240 buffer_len--;
5246}
Referenced by START_TEST().
◆ test_GetUserNameW()
Definition at line 5248 of file security.c.
5249{
5251 DWORD required_len, buffer_len;
5253
5254 /* Test crashes on Windows. */
5255 if (0)
5256 {
5257 SetLastError(0xdeadbeef);
5259 }
5260
5261 SetLastError(0xdeadbeef);
5262 required_len = 0;
5267
5268 SetLastError(0xdeadbeef);
5269 required_len = 1;
5274
5275 /* Tests crash on Windows. */
5276 if (0)
5277 {
5278 SetLastError(0xdeadbeef);
5279 required_len = UNLEN + 1;
5281
5282 SetLastError(0xdeadbeef);
5284 }
5285
5287
5288 SetLastError(0xdeadbeef);
5290 required_len = 0;
5296
5297 SetLastError(0xdeadbeef);
5299 buffer_len = required_len;
5305
5306 /* GetUserNameW on XP and newer writes a truncated portion of the username string to the buffer. */
5307 SetLastError(0xdeadbeef);
5309 buffer_len--;
5314 "Output buffer was altered\n");
5317}
Referenced by START_TEST().
◆ test_GetWindowsAccountDomainSid()
Definition at line 6959 of file security.c.
6960{
6961#ifdef __REACTOS__
6964#else
6969#endif
6970 DWORD sid_size;
6971 PSID user_sid;
6974#ifndef __REACTOS__
6976#endif
6977
6979 {
6982 }
6983 if (!bret)
6984 {
6986 return;
6987 }
6988
6997
6998 SetLastError(0xdeadbeef);
6999 bret = GetWindowsAccountDomainSid(0, 0, 0);
7001 ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %ld\n", GetLastError());
7002
7003 SetLastError(0xdeadbeef);
7004 bret = GetWindowsAccountDomainSid(user_sid, 0, 0);
7006 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
7007
7008 sid_size = SECURITY_MAX_SID_SIZE;
7009 SetLastError(0xdeadbeef);
7010 bret = GetWindowsAccountDomainSid(user_sid, 0, &sid_size);
7012 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
7013 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
7014
7015 SetLastError(0xdeadbeef);
7016 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, 0);
7018 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
7019
7020 sid_size = 1;
7021 SetLastError(0xdeadbeef);
7022 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
7024 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
7025 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
7026
7027 sid_size = SECURITY_MAX_SID_SIZE;
7028 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
7030 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
7031#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
7032 InitializeSid(domain_sid2, &domain_ident, 4);
7037#endif
7038
7040}
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
Definition: security.c:368
Referenced by START_TEST().
◆ test_granted_access()
|
static |
Definition at line 2892 of file security.c.
◆ test_group_as_file_owner()
Definition at line 8730 of file security.c.
8731{
8732 char sd_buffer[200], sid_buffer[100];
8737 SECURITY_DESCRIPTOR new_sd;
8741
8742 /* The EA Origin client sets the SD owner of a directory to Administrators,
8743 * while using the default DACL, and subsequently tries to create
8744 * subdirectories. */
8745
8748
8751 if (!present)
8752 {
8754 return;
8755 }
8756
8759
8762
8763 file = CreateFileA(path, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
8765
8766 ret = GetKernelObjectSecurity(file, DACL_SECURITY_INFORMATION, sd_buffer, sizeof(sd_buffer), &size);
8770
8772
8775
8778
8781
8782 ret = SetKernelObjectSecurity(file, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, &new_sd);
8784
8786
8790
8796}
Referenced by START_TEST().
◆ test_group_equal()
Definition at line 225 of file security.c.
226{
230 BOOL group_defaulted;
231
233
236
237#ifdef __REACTOS__
238 /* The call to EqualSid below crashes on WS03. */
240#endif
244
245 free(queriedSD);
246}
Referenced by test_process_security().
◆ test_impersonation_level()
Definition at line 3207 of file security.c.
3208{
3210 HANDLE Token2;
3214 PRIVILEGE_SET *PrivilegeSet;
3217 HKEY hkey;
3219
3220 SetLastError(0xdeadbeef);
3223 {
3225 return;
3226 }
3228 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3231 ok(error == ERROR_CANT_OPEN_ANONYMOUS, "OpenThreadToken on anonymous token should have returned ERROR_CANT_OPEN_ANONYMOUS instead of %ld\n", error);
3232 /* can't perform access check when opening object against an anonymous impersonation token */
3233 todo_wine {
3235 ok(error == ERROR_INVALID_HANDLE || error == ERROR_CANT_OPEN_ANONYMOUS || error == ERROR_BAD_IMPERSONATION_LEVEL,
3237 }
3238 RevertToSelf();
3239
3242
3247 /* can't increase the impersonation level */
3251 "Duplicating a token and increasing the impersonation level should have failed with ERROR_BAD_IMPERSONATION_LEVEL instead of %ld\n", error);
3252 /* we can query anything from an anonymous token, including the user */
3255 ok(!ret && error == ERROR_INSUFFICIENT_BUFFER, "GetTokenInformation(TokenUser) should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", error);
3260
3261 /* PrivilegeCheck fails with SecurityAnonymous level */
3264 ok(!ret && error == ERROR_INSUFFICIENT_BUFFER, "GetTokenInformation(TokenPrivileges) should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", error);
3268
3271 memcpy(PrivilegeSet->Privilege, Privileges->Privileges, PrivilegeSet->PrivilegeCount * sizeof(PrivilegeSet->Privilege[0]));
3274
3277 ok(!ret && error == ERROR_BAD_IMPERSONATION_LEVEL, "PrivilegeCheck for SecurityAnonymous token should have failed with ERROR_BAD_IMPERSONATION_LEVEL instead of %ld\n", error);
3278
3280
3283 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3285
3286 /* can't perform access check when opening object against an identification impersonation token */
3288 todo_wine {
3289 ok(error == ERROR_INVALID_HANDLE || error == ERROR_BAD_IMPERSONATION_LEVEL || error == ERROR_ACCESS_DENIED,
3290 "RegOpenKeyEx should have failed with ERROR_INVALID_HANDLE, ERROR_BAD_IMPERSONATION_LEVEL or ERROR_ACCESS_DENIED instead of %ld\n", error);
3291 }
3295 RevertToSelf();
3296
3299 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3302 ok(error == ERROR_SUCCESS, "RegOpenKeyEx should have succeeded instead of failing with %ld\n", error);
3303 RegCloseKey(hkey);
3306 RevertToSelf();
3307
3309 CloseHandle(ProcessToken);
3310
3311 free(PrivilegeSet);
3312}
@ User
LONG WINAPI RegOpenKeyExA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey, _In_ DWORD ulOptions, _In_ REGSAM samDesired, _Out_ PHKEY phkResult)
Definition: reg.c:3298
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
Referenced by START_TEST().
◆ test_inherited_dacl()
|
static |
Definition at line 3567 of file security.c.
3569{
3570 ACL_SIZE_INFORMATION acl_size;
3571 ACCESS_ALLOWED_ACE *ace;
3572 BOOL bret;
3573
3576
3577 todo_wine_if (todo_count)
3579 "GetAclInformation returned unexpected entry count (%ld != 2)\n",
3580 acl_size.AceCount);
3581
3583 {
3586
3588 todo_wine_if (todo_sid)
3589 ok_(__FILE__, line)(bret, "Current User ACE (%s) != Current User SID (%s)\n", debugstr_sid(&ace->SidStart), debugstr_sid(user_sid));
3590
3591 todo_wine_if (todo_flags)
3593 "Current User ACE has unexpected flags (0x%x != 0x%lx)\n",
3595
3597 "Current User ACE has unexpected mask (0x%lx != 0x%lx)\n",
3599 }
3601 {
3604
3606 todo_wine_if (todo_sid)
3607 ok_(__FILE__, line)(bret, "Administators Group ACE (%s) != Administators Group SID (%s)\n", debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
3608
3609 todo_wine_if (todo_flags)
3611 "Administators Group ACE has unexpected flags (0x%x != 0x%lx)\n",
3613
3615 "Administators Group ACE has unexpected mask (0x%lx != 0x%lx)\n",
3617 }
3618}
Referenced by test_CreateDirectoryA().
◆ test_InitializeAcl()
Definition at line 4673 of file security.c.
4674{
4678
4679 SetLastError(0xdeadbeef);
4682 {
4684 return;
4685 }
4686
4687 ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, "InitializeAcl with too small a buffer should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", GetLastError());
4688
4689 SetLastError(0xdeadbeef);
4691 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl with too large a buffer should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GetLastError());
4692
4693 SetLastError(0xdeadbeef);
4695 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(ACL_REVISION1) should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GetLastError());
4696
4699
4702
4705
4708
4709 SetLastError(0xdeadbeef);
4712
4715
4716 SetLastError(0xdeadbeef);
4718 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(-1) failed with error %ld\n", GetLastError());
4719}
Referenced by START_TEST().
◆ test_IsValidSecurityDescriptor()
Definition at line 8798 of file security.c.
8799{
8802
8803 SetLastError(0xdeadbeef);
8807
8809
8810 SetLastError(0xdeadbeef);
8814
8817
8818 SetLastError(0xdeadbeef);
8822
8824}
BOOL WINAPI IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: sec.c:176
Referenced by START_TEST().
◆ test_kernel_objects_security()
Definition at line 6343 of file security.c.
6344{
6347
6350
6354
6357
6361
6367 test_filemap_security();
6368 test_thread_security();
6369 test_process_access();
6370 /* FIXME: test other kernel object types */
6371
6372 CloseHandle(process_token);
6374}
static void test_named_pipe_security(HANDLE token)
Definition: security.c:5761
static BOOL validate_impersonation_token(HANDLE token, DWORD *token_type)
Definition: security.c:6292
Referenced by START_TEST().
◆ test_LookupAccountName()
Definition at line 2582 of file security.c.
2583{
2584 DWORD sid_size, domain_size, user_size;
2585 DWORD sid_save, domain_save;
2588 SID_NAME_USE sid_use;
2590 PSID psid;
2592
2593 /* native crashes if (assuming all other parameters correct):
2594 * - peUse is NULL
2595 * - Sid is NULL and cbSid is > 0
2596 * - cbSid or cchReferencedDomainName are NULL
2597 * - ReferencedDomainName is NULL and cchReferencedDomainName is the correct size
2598 */
2599
2600 user_size = UNLEN + 1;
2601 SetLastError(0xdeadbeef);
2604
2605 /* get sizes */
2606 sid_size = 0;
2607 domain_size = 0;
2608 sid_use = 0xcafebabe;
2609 SetLastError(0xdeadbeef);
2612 {
2614 return;
2615 }
2622
2623 sid_save = sid_size;
2624 domain_save = domain_size;
2625
2626 psid = malloc(sid_size);
2628
2629 /* try valid account name */
2639 domain_size = domain_save;
2640 sid_size = sid_save;
2641
2643 {
2645 }
2646 else
2647 {
2656 ok(sid_use == SidTypeWellKnownGroup, "Expected SidTypeWellKnownGroup (%d), got %d\n", SidTypeWellKnownGroup, sid_use);
2657 domain_size = domain_save;
2658 }
2659
2660 /* NULL Sid with zero sid size */
2661 SetLastError(0xdeadbeef);
2662 sid_size = 0;
2669
2670 /* try cchReferencedDomainName - 1 */
2671 SetLastError(0xdeadbeef);
2672 domain_size--;
2679
2680 /* NULL ReferencedDomainName with zero domain name size */
2681 SetLastError(0xdeadbeef);
2682 domain_size = 0;
2689
2690 free(psid);
2692
2693 /* get sizes for NULL account name */
2694 sid_size = 0;
2695 domain_size = 0;
2696 sid_use = 0xcafebabe;
2697 SetLastError(0xdeadbeef);
2705
2706 psid = malloc(sid_size);
2708
2709 /* try NULL account name */
2713 /* Using a fixed string will not work on different locales */
2717
2718 free(psid);
2720
2721 /* try an invalid account name */
2722 SetLastError(0xdeadbeef);
2723 sid_size = 0;
2724 domain_size = 0;
2732
2733 /* try an invalid system name */
2734 SetLastError(0xdeadbeef);
2735 sid_size = 0;
2736 domain_size = 0;
2739 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE || GetLastError() == RPC_S_INVALID_NET_ADDR /* Vista */,
2743
2744 /* try with the computer name as the account name */
2747 sid_size = 0;
2748 domain_size = 0;
2756 {
2757 psid = malloc(sid_size);
2759 ret = LookupAccountNameA(NULL, computer_name, psid, &sid_size, domain, &domain_size, &sid_use);
2762 (sid_use == SidTypeUser && ! strcmp(computer_name, user_name)), "expected SidTypeDomain for %s, got %d\n", computer_name, sid_use);
2764 free(psid);
2765 }
2766
2767 /* Well Known names */
2769 {
2771 return;
2772 }
2773
2776 /* 2 spaces */
2780
2781 /* example of some names where the spaces are not optional */
2786
2791
2792 /* case insensitivity */
2794
2795 /* fully qualified account names */
2801}
static void check_wellknown_name(const char *name, WELL_KNOWN_SID_TYPE result)
Definition: security.c:2520
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
#define ERROR_TRUSTED_RELATIONSHIP_FAILURE
Definition: winerror.h:1453
Referenced by START_TEST().
◆ test_LookupAccountSid()
Definition at line 2207 of file security.c.
2208{
2211 DWORD acc_sizeA, dom_sizeA, user_sizeA;
2212 DWORD real_acc_sizeA, real_dom_sizeA;
2214 LSA_OBJECT_ATTRIBUTES object_attributes;
2215 DWORD acc_sizeW, dom_sizeW;
2216 DWORD real_acc_sizeW, real_dom_sizeW;
2218 SID_NAME_USE use;
2221 MAX_SID max_sid;
2222 CHAR *str_sidA;
2224 HANDLE hToken;
2228
2229 /* native windows crashes if account size, domain size, or name use is NULL */
2230
2232 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &pUsersSid);
2235
2236 /* not running on NT so give up */
2238 return;
2239
2240 real_acc_sizeA = MAX_PATH;
2241 real_dom_sizeA = MAX_PATH;
2242 ret = LookupAccountSidA(NULL, pUsersSid, accountA, &real_acc_sizeA, domainA, &real_dom_sizeA, &use);
2244
2245 /* try NULL account */
2246 acc_sizeA = MAX_PATH;
2247 dom_sizeA = MAX_PATH;
2250
2251 /* try NULL domain */
2252 acc_sizeA = MAX_PATH;
2253 dom_sizeA = MAX_PATH;
2256
2257 /* try a small account buffer */
2258 acc_sizeA = 1;
2259 dom_sizeA = MAX_PATH;
2260 accountA[0] = 0;
2265
2266 /* try a 0 sized account buffer */
2267 acc_sizeA = 0;
2268 dom_sizeA = MAX_PATH;
2269 accountA[0] = 0;
2271 /* this can fail or succeed depending on OS version but the size will always be returned */
2272 ok(acc_sizeA == real_acc_sizeA + 1,
2273 "LookupAccountSidA() Expected acc_size = %lu, got %lu\n",
2274 real_acc_sizeA + 1, acc_sizeA);
2275
2276 /* try a 0 sized account buffer */
2277 acc_sizeA = 0;
2278 dom_sizeA = MAX_PATH;
2280 /* this can fail or succeed depending on OS version but the size will always be returned */
2281 ok(acc_sizeA == real_acc_sizeA + 1,
2282 "LookupAccountSid() Expected acc_size = %lu, got %lu\n",
2283 real_acc_sizeA + 1, acc_sizeA);
2284
2285 /* try a small domain buffer */
2286 dom_sizeA = 1;
2287 acc_sizeA = MAX_PATH;
2288 accountA[0] = 0;
2293
2294 /* try a 0 sized domain buffer */
2295 dom_sizeA = 0;
2296 acc_sizeA = MAX_PATH;
2297 accountA[0] = 0;
2299 /* this can fail or succeed depending on OS version but the size will always be returned */
2300 ok(dom_sizeA == real_dom_sizeA + 1,
2301 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2302 real_dom_sizeA + 1, dom_sizeA);
2303
2304 /* try a 0 sized domain buffer */
2305 dom_sizeA = 0;
2306 acc_sizeA = MAX_PATH;
2308 /* this can fail or succeed depending on OS version but the size will always be returned */
2309 ok(dom_sizeA == real_dom_sizeA + 1,
2310 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2311 real_dom_sizeA + 1, dom_sizeA);
2312
2313 real_acc_sizeW = MAX_PATH;
2314 real_dom_sizeW = MAX_PATH;
2315 ret = LookupAccountSidW(NULL, pUsersSid, accountW, &real_acc_sizeW, domainW, &real_dom_sizeW, &use);
2317
2318 /* try an invalid system name */
2319 real_acc_sizeA = MAX_PATH;
2320 real_dom_sizeA = MAX_PATH;
2321 ret = LookupAccountSidA("deepthought", pUsersSid, accountA, &real_acc_sizeA, domainA, &real_dom_sizeA, &use);
2323 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE || GetLastError() == RPC_S_INVALID_NET_ADDR /* Vista */,
2324 "LookupAccountSidA() Expected RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR, got %lu\n", GetLastError());
2325
2326 /* native windows crashes if domainW or accountW is NULL */
2327
2328 /* try a small account buffer */
2329 acc_sizeW = 1;
2330 dom_sizeW = MAX_PATH;
2331 accountW[0] = 0;
2336
2337 /* try a 0 sized account buffer */
2338 acc_sizeW = 0;
2339 dom_sizeW = MAX_PATH;
2340 accountW[0] = 0;
2342 /* this can fail or succeed depending on OS version but the size will always be returned */
2343 ok(acc_sizeW == real_acc_sizeW + 1,
2344 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2345 real_acc_sizeW + 1, acc_sizeW);
2346
2347 /* try a 0 sized account buffer */
2348 acc_sizeW = 0;
2349 dom_sizeW = MAX_PATH;
2351 /* this can fail or succeed depending on OS version but the size will always be returned */
2352 ok(acc_sizeW == real_acc_sizeW + 1,
2353 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2354 real_acc_sizeW + 1, acc_sizeW);
2355
2356 /* try a small domain buffer */
2357 dom_sizeW = 1;
2358 acc_sizeW = MAX_PATH;
2359 accountW[0] = 0;
2364
2365 /* try a 0 sized domain buffer */
2366 dom_sizeW = 0;
2367 acc_sizeW = MAX_PATH;
2368 accountW[0] = 0;
2370 /* this can fail or succeed depending on OS version but the size will always be returned */
2371 ok(dom_sizeW == real_dom_sizeW + 1,
2372 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2373 real_dom_sizeW + 1, dom_sizeW);
2374
2375 /* try a 0 sized domain buffer */
2376 dom_sizeW = 0;
2377 acc_sizeW = MAX_PATH;
2379 /* this can fail or succeed depending on OS version but the size will always be returned */
2380 ok(dom_sizeW == real_dom_sizeW + 1,
2381 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2382 real_dom_sizeW + 1, dom_sizeW);
2383
2384 acc_sizeW = dom_sizeW = use = 0;
2385 SetLastError(0xdeadbeef);
2389 ok(error == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %lu\n", error);
2393
2394 FreeSid(pUsersSid);
2395
2396 /* Test LookupAccountSid with Sid retrieved from token information.
2397 This assumes this process is running under the account of the current user.*/
2402 ptiUser = malloc(cbti);
2404 {
2405 acc_sizeA = dom_sizeA = MAX_PATH;
2406 ret = LookupAccountSidA(NULL, ptiUser->User.Sid, accountA, &acc_sizeA, domainA, &dom_sizeA, &use);
2408 user_sizeA = MAX_PATH;
2411 ok(lstrcmpA(usernameA, accountA) == 0, "LookupAccountSidA() Expected account name: %s got: %s\n", usernameA, accountA );
2412 }
2413 free(ptiUser);
2414
2417 {
2420 {
2422 {
2423 acc_sizeA = MAX_PATH;
2424 dom_sizeA = MAX_PATH;
2427 LocalFree(str_sidA);
2428 }
2429 }
2430 else
2431 {
2434 else
2436 }
2437 }
2438
2441
2445
2446 /* try a more restricted access mask if necessary */
2450 ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION) returned 0x%08lx\n", status);
2451 }
2452
2454 {
2457 ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy() failed, returned 0x%08lx\n", status);
2459 {
2460 ok(info->DomainSid!=0, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) missing SID\n");
2462 {
2493 }
2494
2496 }
2497
2500 }
2501}
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
NTSTATUS WINAPI LsaQueryInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
Definition: lsa.c:1473
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
Definition: ntsecapi.h:177
Definition: security.c:30
Definition: ntsecapi.h:565
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:646
Referenced by START_TEST().
◆ test_lookupPrivilegeName()
Definition at line 646 of file security.c.
647{
651 LUID luid = { 0, 0 };
654
655 /* check whether it's available first */
657 if (!pLookupPrivilegeNameA) return;
661 return;
662
663 /* check with a short buffer */
664 cchName = 0;
668 "LookupPrivilegeNameA didn't fail with ERROR_INSUFFICIENT_BUFFER: %ld\n",
669 GetLastError());
671 "LookupPrivilegeNameA returned an incorrect required length for\n"
674 /* check a known value and its returned length on success */
678 "LookupPrivilegeNameA returned an incorrect output length for\n"
681 /* check known values */
683 {
689 }
690 /* check a bogus LUID */
691 luid.LowPart = 0xdeadbeef;
695 "LookupPrivilegeNameA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
696 GetLastError());
697 /* check on a bogus system */
703 "LookupPrivilegeNameA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
704 GetLastError());
705}
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2521
Referenced by START_TEST().
◆ test_lookupPrivilegeValue()
Definition at line 713 of file security.c.
714{
745 };
748 LUID luid;
750
751 /* check whether it's available first */
753 if (!pLookupPrivilegeValueA) return;
756 return;
757
758 /* check a bogus system name */
762 "LookupPrivilegeValueA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
763 GetLastError());
764 /* check a NULL string */
767 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
768 GetLastError());
769 /* check a bogus privilege name */
772 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
773 GetLastError());
774 /* check case insensitive */
777 "LookupPrivilegeValueA(NULL, sEcREATEtOKENpRIVILEGE, &luid) failed: %ld\n",
778 GetLastError());
780 {
781 /* Not all privileges are implemented on all Windows versions, so
782 * don't worry if the call fails
783 */
785 {
787 "LookupPrivilegeValueA returned an invalid LUID for %s\n",
788 privs[i].name);
789 }
790 }
791}
Definition: security.c:708
Referenced by START_TEST().
◆ test_maximum_allowed()
Definition at line 7115 of file security.c.
7116{
7126
7128 if (!pCreateEventExA)
7129 {
7131 return;
7132 }
7133
7141
7145
7151}
Referenced by START_TEST().
◆ test_mutex_security()
Definition at line 5596 of file security.c.
5597{
5604 static const struct
5605 {
5606 int generic, mapped;
5607 } map[] =
5608 {
5609 { 0, 0 },
5614 };
5615
5616 SetLastError(0xdeadbeef);
5620
5621 SetLastError(0xdeadbeef);
5624
5627
5629 {
5630 SetLastError( 0xdeadbeef );
5634
5637
5639
5640 SetLastError(0xdeadbeef);
5642 todo_wine
5644 todo_wine
5646 }
5647
5649
5651}
Definition: module.h:456
HANDLE WINAPI DECLSPEC_HOTPATCH CreateMutexA(IN LPSECURITY_ATTRIBUTES lpMutexAttributes OPTIONAL, IN BOOL bInitialOwner, IN LPCSTR lpName OPTIONAL)
Definition: synch.c:512
HANDLE WINAPI DECLSPEC_HOTPATCH OpenMutexA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synchansi.c:71
Referenced by test_kernel_objects_security().
◆ test_named_pipe_security()
Definition at line 5761 of file security.c.
5762{
5766 FILE_GENERIC_WRITE,
5767 FILE_GENERIC_EXECUTE,
5769 static const struct
5770 {
5771 int generic, mapped;
5772 } map[] =
5773 {
5774 { 0, 0 },
5779 };
5780 static const struct
5781 {
5782 DWORD open_mode;
5784 } creation_access[] =
5785 {
5791 /* ACCESS_SYSTEM_SECURITY is also valid, but will fail with ERROR_PRIVILEGE_NOT_HELD */
5792 };
5793
5794 /* Test the different security access options for pipes */
5796 {
5797 SetLastError(0xdeadbeef);
5805 "CreateNamedPipeA(0x%lx) pipe expected access 0x%lx (got 0x%lx)\n",
5807 CloseHandle(pipe);
5808 }
5809
5810 SetLastError(0xdeadbeef);
5815
5817
5818 SetLastError(0xdeadbeef);
5821
5824
5826 {
5827 SetLastError( 0xdeadbeef );
5831
5834
5836 }
5837
5839 CloseHandle(pipe);
5840
5841 SetLastError(0xdeadbeef);
5842 file = CreateFileA("\\\\.\\pipe\\", FILE_ALL_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0);
5843 ok(file != INVALID_HANDLE_VALUE || broken(file == INVALID_HANDLE_VALUE) /* before Vista */, "CreateFile error %ld\n", GetLastError());
5844
5846 {
5849
5851 {
5852 SetLastError( 0xdeadbeef );
5856
5860 }
5861 }
5862
5864}
HANDLE WINAPI CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
Definition: npipe.c:220
Referenced by test_kernel_objects_security().
◆ test_owner_equal()
Definition at line 202 of file security.c.
203{
206 PSID owner;
207 BOOL owner_defaulted;
208
210
213
214#ifdef __REACTOS__
215 /* The call to EqualSid below crashes on WS03. */
217#endif
221
222 free(queriedSD);
223}
Referenced by test_process_security().
◆ test_PrivateObjectSecurity()
Definition at line 4586 of file security.c.
4587{
4588 SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
4590 PSECURITY_DESCRIPTOR sec;
4591 DWORD dwDescSize;
4592 DWORD dwRevision;
4593 DWORD retSize;
4598
4600 "O:SY"
4601 "G:S-1-5-21-93476-23408-4576"
4602 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
4603 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4604 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4606
4607 test_SetSecurityDescriptorControl(sec);
4608
4609 LocalFree(sec);
4610
4612 "O:SY"
4613 "G:S-1-5-21-93476-23408-4576",
4615
4616 test_SetSecurityDescriptorControl(sec);
4617
4618 LocalFree(sec);
4619
4621 "O:SY"
4622 "G:S-1-5-21-93476-23408-4576"
4623 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4624 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n");
4629
4633 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4637
4638 ret = GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, buf, dwDescSize, &retSize);
4641 ret = ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len);
4643 CHECK_ONE_OF_AND_FREE("G:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)",
4644 "G:S-1-5-21-93476-23408-4576D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"); /* Win7 */
4647
4651 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4653 "G:S-1-5-21-93476-23408-4576"
4654 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4655 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4656 "O:SY"
4657 "G:S-1-5-21-93476-23408-4576"
4658 "D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4659 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)"); /* Win7 */
4662
4663 SetLastError(0xdeadbeef);
4664 ok(GetPrivateObjectSecurity(sec, sec_info, buf, 5, &retSize) == FALSE, "GetPrivateObjectSecurity should have failed\n");
4665 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected error ERROR_INSUFFICIENT_BUFFER, got %lu\n", GetLastError());
4666
4667 LocalFree(sec);
4669}
BOOL WINAPI GetPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL, IN DWORD DescriptorLength, OUT PDWORD ReturnLength)
Definition: misc.c:1429
static void test_SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR sec)
Definition: security.c:4498
Referenced by START_TEST().
◆ test_process_access()
Definition at line 6175 of file security.c.
6176{
6179 STARTUPINFOA sti;
6182 static const struct
6183 {
6184 int generic, mapped;
6185 } map[] =
6186 {
6187 { 0, 0 },
6189 { GENERIC_WRITE, STANDARD_RIGHTS_WRITE | PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION | PROCESS_SUSPEND_RESUME |
6190 PROCESS_VM_WRITE | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION },
6193 };
6194
6197 SetLastError(0xdeadbeef);
6198 ret = CreateProcessA(NULL, cmdline, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &sti, &pi);
6200
6203
6205 ok(access == PROCESS_ALL_ACCESS_NT4 || access == PROCESS_ALL_ACCESS_VISTA, "expected PROCESS_ALL_ACCESS, got %#lx\n", access);
6206
6208 {
6209 SetLastError( 0xdeadbeef );
6213
6216 {
6218 ok(access == map[i].mapped || access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION) /* Vista+ */,
6220 break;
6225 access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_LIMITED_INFORMATION) /* Win10 Anniversary Update */,
6227 break;
6229 ok(access == map[i].mapped || access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE) /* Vista+ */,
6231 break;
6235 break;
6236 default:
6238 break;
6239 }
6240
6242 }
6243
6244 SetLastError( 0xdeadbeef );
6253
6254 SetLastError( 0xdeadbeef );
6261
6262 SetLastError( 0xdeadbeef );
6269
6270 SetLastError( 0xdeadbeef );
6277 "expected PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n", access);
6279
6280 SetLastError( 0xdeadbeef );
6285 ok(access == (PROCESS_VM_OPERATION | PROCESS_VM_READ), "unexpected access right %lx\n", access);
6287
6290}
BOOL WINAPI TerminateProcess(IN HANDLE hProcess, IN UINT uExitCode)
Definition: proc.c:1376
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA(const char *app_name, char *cmd_line, SECURITY_ATTRIBUTES *process_attr, SECURITY_ATTRIBUTES *thread_attr, BOOL inherit, DWORD flags, void *env, const char *cur_dir, STARTUPINFOA *startup_info, PROCESS_INFORMATION *info)
Definition: process.c:686
Referenced by test_kernel_objects_security().
◆ test_process_security()
Definition at line 2924 of file security.c.
2925{
2928 PTOKEN_OWNER owner;
2941 SID_NAME_USE use;
2942
2943 Acl = malloc(256);
2946 {
2948 free(Acl);
2949 return;
2950 }
2952
2953 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
2955
2956 /* get owner from the token we might be running as a user not admin */
2960 {
2961 free(Acl);
2962 return;
2963 }
2964
2969
2975
2980
2984 UsersSid = group->PrimaryGroup;
2985 test_sid_str(UsersSid);
2986
2994 else
2996
3001
3005 UserSid = user->User.Sid;
3006 test_sid_str(UserSid);
3007 ok(EqualPrefixSid(UsersSid, UserSid), "TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
3008
3011 {
3013 free(owner);
3015 free(Acl);
3016 return;
3017 }
3018
3023
3027
3030
3031 SecurityDescriptor->Revision = 0;
3034
3039 /* NULL DACL is valid and means that everyone has access */
3042
3043#ifdef __REACTOS__
3044 /* This crashes on Vista, Win7, and Win8.1. */
3046#endif
3047 /* Set owner and group and dacl */
3052
3057
3061 /* setting a dacl should not change the owner or group */
3064
3065 /* Test again with a different SID in case the previous SID also happens to
3066 * be the one that is incorrectly replacing the group. */
3071
3076#ifdef __REACTOS__
3077 }
3078#endif
3079
3085
3089
3093
3094 ThreadAcl = malloc( 256 );
3101
3108
3110 tsa.lpSecurityDescriptor = ThreadSecurityDescriptor;
3112
3113 /* Doesn't matter what ACL say we should get full access for ourselves */
3121
3122 FreeSid(EveryoneSid);
3127 free(owner);
3129 free(Acl);
3131 free(ThreadAcl);
3132 free(ThreadSecurityDescriptor);
3133}
static void test_owner_equal(HANDLE Handle, PSID expected, int line)
Definition: security.c:202
static void test_group_equal(HANDLE Handle, PSID expected, int line)
Definition: security.c:225
Referenced by START_TEST().
◆ test_process_security_child()
Definition at line 3135 of file security.c.
3136{
3140
3144
3149
3150 CloseHandle( handle1 );
3151
3152 SetLastError( 0xdeadbeef );
3156#ifdef __REACTOS__
3157 ok((!ret && err == ERROR_ACCESS_DENIED) || broken(ret && err == 0xdeadbeef) /* Vista-Win10 1607 */, "duplicating handle should have failed "
3158#else
3160#endif
3162
3164
3165#ifndef __REACTOS__ // Incorrect for WS03-Win10 1607
3166 /* These two should fail - they are denied by ACL */
3171#endif
3172
3173 /* Documented privilege elevation */
3179
3181
3182 /* Same only explicitly asking for all access rights */
3192 CloseHandle( handle1 );
3194
3195 /* Test thread security */
3200
3201#ifndef __REACTOS__ // Incorrect for WS03-Win10 1607
3204#endif
3205}
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:403
Referenced by START_TEST().
◆ test_pseudo_handle_security()
Definition at line 8163 of file security.c.
8164{
8170
8172 {
8173 HKEY_CLASSES_ROOT,
8174 HKEY_CURRENT_USER,
8175 HKEY_LOCAL_MACHINE,
8176 HKEY_USERS,
8177 HKEY_PERFORMANCE_DATA,
8178 HKEY_CURRENT_CONFIG,
8179 HKEY_DYN_DATA,
8180 };
8181
8182#ifdef __REACTOS__
8183 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, sizeof(buffer), &size);
8184#else
8185 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8186#endif
8188
8189#ifdef __REACTOS__
8190 ret = GetKernelObjectSecurity(GetCurrentThread(), OWNER_SECURITY_INFORMATION, sd, sizeof(buffer), &size);
8191#else
8192 ret = GetKernelObjectSecurity(GetCurrentThread(), OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8193#endif
8195
8197 {
8198 SetLastError(0xdeadbeef);
8199#ifdef __REACTOS__
8201#else
8202 ret = GetKernelObjectSecurity(keys[i], OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8203#endif
8205 ok(GetLastError() == ERROR_INVALID_HANDLE, "key %p: got error %lu\n", keys[i], GetLastError());
8206
8212 todo_wine ok(ret == ERROR_CALL_NOT_IMPLEMENTED || broken(ret == ERROR_INVALID_HANDLE) /* <7 */,
8214 else
8217
8221 }
8222}
Referenced by START_TEST().
◆ test_pseudo_tokens()
Definition at line 7064 of file security.c.
7065{
7066 TOKEN_STATISTICS statistics1, statistics2;
7068 DWORD retlen;
7070
7077
7078 /* test GetCurrentProcessToken() */
7079 SetLastError(0xdeadbeef);
7082 &statistics2, sizeof(statistics2), &retlen);
7086 ok(!memcmp(&statistics1, &statistics2, sizeof(statistics1)), "Token statistics do not match\n");
7087 else
7089
7090 /* test GetCurrentThreadEffectiveToken() */
7091 SetLastError(0xdeadbeef);
7094 &statistics2, sizeof(statistics2), &retlen);
7098 ok(!memcmp(&statistics1, &statistics2, sizeof(statistics1)), "Token statistics do not match\n");
7099 else
7101
7102 SetLastError(0xdeadbeef);
7106
7107 /* test GetCurrentThreadToken() */
7108 SetLastError(0xdeadbeef);
7110 &statistics2, sizeof(statistics2), &retlen);
7111 todo_wine ok(GetLastError() == ERROR_NO_TOKEN || broken(GetLastError() == ERROR_INVALID_HANDLE),
7113}
Referenced by START_TEST().
◆ test_security_descriptor()
Definition at line 2803 of file security.c.
2804{
2811
2812 SetLastError(0xdeadbeef);
2815 {
2817 return;
2818 }
2819
2824
2825 SetLastError(0xdeadbeef);
2826 size = 5;
2831 {
2839 ok(GetSecurityDescriptorDacl(&sd, &isPresent, &pacl, &isDefault), "GetSecurityDescriptorDacl failed\n");
2843 ok(GetSecurityDescriptorSacl(&sd, &isPresent, &pacl, &isDefault), "GetSecurityDescriptorSacl failed\n");
2847 }
2848
2850 "O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
2851 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)"
2854
2855 size = 0;
2857 todo_wine ok(!ret && GetLastError() == ERROR_BAD_DESCRIPTOR_FORMAT, "got %lu\n", GetLastError());
2858
2859 /* convert to absolute form */
2860 size = size_dacl = size_sacl = size_owner = size_group = 0;
2861 ret = MakeAbsoluteSD(sd_rel, NULL, &size, NULL, &size_dacl, NULL, &size_sacl, NULL, &size_owner, NULL,
2862 &size_group);
2864
2870 ret = MakeAbsoluteSD(sd_rel, sd_abs, &size, dacl, &size_dacl, sacl, &size_sacl, owner, &size_owner,
2871 group, &size_group);
2873
2874 size = 0;
2878
2879 size += 4;
2884
2885 free(sd_abs);
2886 free(sd_rel2);
2887 LocalFree(sd_rel);
2888}
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:950
Referenced by START_TEST().
◆ test_semaphore_security()
Definition at line 5710 of file security.c.
5711{
5718 static const struct
5719 {
5720 int generic, mapped;
5721 } map[] =
5722 {
5723 { 0, 0 },
5728 };
5729
5730 SetLastError(0xdeadbeef);
5734
5735 SetLastError(0xdeadbeef);
5738
5741
5743 {
5744 SetLastError( 0xdeadbeef );
5748
5751
5753 }
5754
5756
5758}
HANDLE WINAPI DECLSPEC_HOTPATCH CreateSemaphoreA(IN LPSECURITY_ATTRIBUTES lpSemaphoreAttributes OPTIONAL, IN LONG lInitialCount, IN LONG lMaximumCount, IN LPCSTR lpName OPTIONAL)
Definition: synchansi.c:44
HANDLE WINAPI DECLSPEC_HOTPATCH OpenSemaphoreA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synchansi.c:58
Referenced by test_kernel_objects_security().
◆ test_SetEntriesInAclA()
Definition at line 3428 of file security.c.
3429{
3435 EXPLICIT_ACCESSA ExplicitAccess;
3438
3439 NewAcl = (PACL)0xdeadbeef;
3442 {
3444 return;
3445 }
3448 "NewAcl=%p, expected NULL\n", NewAcl);
3449 LocalFree(NewAcl);
3450
3451 OldAcl = malloc(256);
3454 {
3456 free(OldAcl);
3457 return;
3458 }
3460
3461 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3463
3465 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
3467
3470
3482 LocalFree(NewAcl);
3483
3490 LocalFree(NewAcl);
3491
3493 {
3495 }
3496 else
3497 {
3503 LocalFree(NewAcl);
3504
3510 "returned acl wasn't NULL: %p\n", NewAcl);
3511
3518 "returned acl wasn't NULL: %p\n", NewAcl);
3519
3525 LocalFree(NewAcl);
3526 }
3527
3533 LocalFree(NewAcl);
3534
3541 LocalFree(NewAcl);
3542
3543 FreeSid(UsersSid);
3544 FreeSid(EveryoneSid);
3545 free(OldAcl);
3546}
DWORD WINAPI SetEntriesInAclA(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_A pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
Definition: ac.c:615
Definition: accctrl.h:332
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:206
Referenced by START_TEST().
◆ test_SetEntriesInAclW()
Definition at line 3314 of file security.c.
3315{
3321 EXPLICIT_ACCESSW ExplicitAccess;
3324
3325 NewAcl = (PACL)0xdeadbeef;
3329 LocalFree(NewAcl);
3330
3331 OldAcl = malloc(256);
3334 {
3336 free(OldAcl);
3337 return;
3338 }
3340
3341 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3343
3345 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
3347
3350
3362 LocalFree(NewAcl);
3363
3370 LocalFree(NewAcl);
3371
3373 {
3375 }
3376 else
3377 {
3383 LocalFree(NewAcl);
3384
3390 "returned acl wasn't NULL: %p\n", NewAcl);
3391
3398 "returned acl wasn't NULL: %p\n", NewAcl);
3399
3405 LocalFree(NewAcl);
3406 }
3407
3413 LocalFree(NewAcl);
3414
3421 LocalFree(NewAcl);
3422
3423 FreeSid(UsersSid);
3424 FreeSid(EveryoneSid);
3425 free(OldAcl);
3426}
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:215
Referenced by START_TEST().
◆ test_SetSecurityDescriptorControl()
|
static |
Definition at line 4498 of file security.c.
4499{
4502
4507 | 0x00000040 | 0x00000080 /* not defined in winnt.h */
4508 ;
4514 ;
4515
4516 int bit;
4517 DWORD dwRevision;
4519
4521
4522 /* The mutable bits are mutable regardless of the truth of
4523 SE_DACL_PRESENT and/or SE_SACL_PRESENT */
4524
4525 /* Check call barfs if any bit-of-interest is immutable */
4526 for (bit = 0; bit < 16; ++bit)
4527 {
4530
4532
4533 DWORD dwExpect = (bitOfInterest & immutable)
4534 ? ERROR_INVALID_PARAMETER : 0xbebecaca;
4535 LPCSTR strExpect = (bitOfInterest & immutable)
4536 ? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
4537
4539 setOrClear ^= bitOfInterest;
4540 SetLastError (0xbebecaca);
4541 SetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
4545
4546 setOrClear ^= bitOfInterest;
4547 SetLastError (0xbebecaca);
4548 SetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
4552 }
4553
4554 /* Check call barfs if any bit-to-set is immutable
4555 even when not a bit-of-interest */
4556 for (bit = 0; bit < 16; ++bit)
4557 {
4560
4562
4563 DWORD dwExpect = ((1 << bit) & immutable)
4564 ? ERROR_INVALID_PARAMETER : 0xbebecaca;
4565 LPCSTR strExpect = ((1 << bit) & immutable)
4566 ? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
4567
4569 setOrClear ^= bitsOfInterest;
4570 SetLastError (0xbebecaca);
4571 SetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
4575
4577 setOrClear ^= bitsOfInterest;
4578 SetLastError (0xbebecaca);
4579 SetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
4583 }
4584}
Definition: dsound.c:943
Referenced by test_PrivateObjectSecurity().
◆ test_sid_str()
Definition at line 2075 of file security.c.
Referenced by test_LookupAccountSid(), and test_process_security().
◆ test_system_security_access()
Definition at line 6858 of file security.c.
6859{
6861 {'S','O','F','T','W','A','R','E','\\','W','i','n','e','\\','S','A','C','L','t','e','s','t',0};
6863 HKEY hkey;
6865 ACL *sacl;
6867 TOKEN_PRIVILEGES priv, *priv_prev;
6869 LUID luid;
6871
6872 if (!OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &token )) return;
6874 {
6876 return;
6877 }
6878
6879 /* ACCESS_SYSTEM_SECURITY requires special privilege */
6880 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ|ACCESS_SYSTEM_SECURITY, NULL, &hkey, NULL );
6882 {
6885 return;
6886 }
6888
6889 priv.PrivilegeCount = 1;
6892
6896
6897 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ|ACCESS_SYSTEM_SECURITY, NULL, &hkey, NULL );
6899 {
6901 free( priv_prev );
6903 return;
6904 }
6906
6907 /* restore privileges */
6910 free( priv_prev );
6911
6912 /* privilege is checked on access */
6913 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6914 todo_wine ok( err == ERROR_PRIVILEGE_NOT_HELD || err == ERROR_ACCESS_DENIED, "got %lu\n", err );
6917
6918 priv.PrivilegeCount = 1;
6921
6925
6926 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6928 RegCloseKey( hkey );
6930
6931 /* handle created without ACCESS_SYSTEM_SECURITY, privilege held */
6932 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ, NULL, &hkey, NULL );
6934
6936 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6938 RegCloseKey( hkey );
6940
6941 /* restore privileges */
6944 free( priv_prev );
6945
6946 /* handle created without ACCESS_SYSTEM_SECURITY, privilege not held */
6947 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ, NULL, &hkey, NULL );
6949
6950 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6952 RegCloseKey( hkey );
6953
6957}
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
Referenced by START_TEST().
◆ test_thread_security()
Definition at line 6103 of file security.c.
6104{
6107 static const struct
6108 {
6109 int generic, mapped;
6110 } map[] =
6111 {
6112 { 0, 0 },
6114 { GENERIC_WRITE, STANDARD_RIGHTS_WRITE | THREAD_SET_INFORMATION | THREAD_SET_CONTEXT | THREAD_TERMINATE | THREAD_SUSPEND_RESUME | 0x4 },
6117 };
6118
6119 SetLastError(0xdeadbeef);
6122
6124 ok(access == THREAD_ALL_ACCESS_NT4 || access == THREAD_ALL_ACCESS_VISTA, "expected THREAD_ALL_ACCESS, got %#lx\n", access);
6125
6127 {
6128 SetLastError( 0xdeadbeef );
6132
6135 {
6142 break;
6148 break;
6152 break;
6153 default:
6155 break;
6156 }
6157
6159 }
6160
6161 SetLastError( 0xdeadbeef );
6170
6173}
BOOL WINAPI TerminateThread(IN HANDLE hThread, IN DWORD dwExitCode)
Definition: thread.c:587
#define THREAD_SET_CONTEXT
#define THREAD_SUSPEND_RESUME
#define THREAD_GET_CONTEXT
Referenced by test_kernel_objects_security().
◆ test_token_attr()
Definition at line 1812 of file security.c.
1813{
1817 TOKEN_GROUPS *Groups;
1823 LPSTR SidString;
1825 ACL *acl;
1826
1827 /* cygwin-like use case */
1828 SetLastError(0xdeadbeef);
1831 {
1833 return;
1834 }
1837 {
1845 ok(!ret && (GLE == ERROR_INVALID_PARAMETER), "GetTokenInformation(TokenImpersonationLevel) on primary token should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GLE);
1847 }
1848
1849 SetLastError(0xdeadbeef);
1852
1853 /* groups */
1854 /* insufficient buffer length */
1855 SetLastError(0xdeadbeef);
1856 Size2 = 0;
1861 Size2 -= 1;
1862 Groups = malloc(Size2);
1863 memset(Groups, 0xcc, Size2);
1864 Size = 0;
1871
1872 free(Groups);
1873
1874 SetLastError(0xdeadbeef);
1877 "GetTokenInformation(TokenGroups) %s with error %ld\n",
1880 SetLastError(0xdeadbeef);
1884 "GetTokenInformation shouldn't have set last error to %ld\n",
1885 GetLastError());
1888 {
1889 DWORD NameLength = 255;
1891 DWORD DomainLength = 255;
1893 SID_NAME_USE SidNameUse;
1896 ret = LookupAccountSidA(NULL, Groups->Groups[i].Sid, Name, &NameLength, Domain, &DomainLength, &SidNameUse);
1898 {
1900 trace("%s, %s\\%s use: %d attr: 0x%08lx\n", SidString, Domain, Name, SidNameUse, Groups->Groups[i].Attributes);
1901 LocalFree(SidString);
1902 }
1903 else trace("attr: 0x%08lx LookupAccountSid failed with error %ld\n", Groups->Groups[i].Attributes, GetLastError());
1904 }
1905 free(Groups);
1906
1907 /* user */
1915
1918 LocalFree(SidString);
1920
1921 /* owner */
1929
1932 LocalFree(SidString);
1934
1935 /* logon */
1939 else
1940 {
1948 {
1951 {
1954 LocalFree(SidString);
1955
1956 /* S-1-5-5-0-XXXXXX */
1959
1960 ok(Groups->Groups[0].Attributes == (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_LOGON_ID),
1962 }
1963 }
1964
1965 free(Groups);
1966 }
1967
1968 /* privileges */
1978 {
1983 }
1985
1988
1990 ret = GetTokenInformation(ImpersonationToken, TokenImpersonationLevel, &ImpersonationLevel, Size, &Size);
1991 ok(ret, "GetTokenInformation(TokenImpersonationLevel) failed with error %ld\n", GetLastError());
1992 ok(ImpersonationLevel == SecurityAnonymous, "ImpersonationLevel should have been SecurityAnonymous instead of %d\n", ImpersonationLevel);
1993
1994 CloseHandle(ImpersonationToken);
1995
1996 /* default dacl */
2000
2004
2005 SetLastError(0xdeadbeef);
2010
2011 SetLastError(0xdeadbeef);
2016
2017 acl = Dacl->DefaultDacl;
2019
2022
2023 Size2 = 0;
2028 ok(Size2 == sizeof(TOKEN_DEFAULT_DACL) || broken(Size2 == 2*sizeof(TOKEN_DEFAULT_DACL)), /* WoW64 */
2029 "got %lu expected sizeof(TOKEN_DEFAULT_DACL)\n", Size2);
2030
2031 Dacl->DefaultDacl = acl;
2034
2038 } else
2040
2043}
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:796
BOOL WINAPI LookupPrivilegeNameA(LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
Definition: security.c:1299
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1625
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1629
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:157
Referenced by START_TEST().
◆ test_token_label()
Definition at line 7229 of file security.c.
7230{
7232 {SECURITY_MANDATORY_LOW_RID}};
7233 char sacl_buffer[50];
7236 TOKEN_LINKED_TOKEN linked;
7241
7242 if (!pAddMandatoryAce)
7243 {
7245 return;
7246 }
7247
7248 ret = OpenProcessToken(GetCurrentProcess(), READ_CONTROL | TOKEN_QUERY | TOKEN_DUPLICATE, &token);
7250
7252
7255
7258
7259 CloseHandle(token2);
7260
7261 ret = DuplicateTokenEx(token, READ_CONTROL, NULL, SecurityImpersonation, TokenImpersonation, &token2);
7263
7266
7267 CloseHandle(token2);
7268
7269 /* Any label set in the SD when calling DuplicateTokenEx() is ignored. */
7270
7274
7278
7280#ifdef __REACTOS__
7282#else
7284#endif
7286
7288 ret = DuplicateTokenEx(token, TOKEN_ALL_ACCESS, &attr, SecurityImpersonation, TokenImpersonation, &token2);
7290
7293
7294 /* Trying to set a SD on the token also claims success but has no effect. */
7295
7298
7301
7303
7304 /* Test the linked token. */
7305
7306#ifdef __REACTOS__
7307 /* This test crashes on Vista and Win7 */
7310 }
7311 else {
7312#endif
7315
7318
7320#ifdef __REACTOS__
7321 }
7322#endif
7323
7325}
BOOL WINAPI AddMandatoryAce(PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid)
Definition: security.c:1372
static void check_token_label(HANDLE token, DWORD *level, BOOL sacl_inherited)
Definition: security.c:7153
Referenced by START_TEST().
◆ test_token_security_descriptor()
Definition at line 7327 of file security.c.
7328{
7330 {SECURITY_MANDATORY_LOW_RID}};
7337 EXPLICIT_ACCESSW exp_access;
7340 ACCESS_ALLOWED_ACE *ace;
7343 PSID psid;
7344
7345 /* Test whether we can create tokens with security descriptors */
7348
7351
7355
7358
7361
7364
7368
7369 ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, &sa, SecurityImpersonation, TokenImpersonation, &token2);
7371
7375
7379
7380 acl2 = (void *)0xdeadbeef;
7381 present = FALSE;
7382 defaulted = TRUE;
7389
7392 ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "Unexpected ACE type %#x\n", ace->Header.AceType);
7396
7397 free(sd2);
7398
7399 /* Duplicate token without security attributes.
7400 * Tokens do not inherit the security descriptor in DuplicateToken. */
7401 ret = DuplicateTokenEx(token2, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenImpersonation, &token3);
7403
7407
7411
7412 acl2 = (void *)0xdeadbeef;
7413 present = FALSE;
7414 defaulted = TRUE;
7418
7421
7422 index = 0;
7423 found = FALSE;
7425 {
7427 found = TRUE;
7428 }
7430
7431 free(sd2);
7432
7433 /* When creating a child process, the process does inherit the token of
7434 * the parent but not the DACL of the token */
7438
7442
7443 acl2 = (void *)0xdeadbeef;
7444 present = FALSE;
7445 defaulted = TRUE;
7451
7460
7461 retd = SetEntriesInAclW(1, &exp_access, acl2, &acl_child);
7463
7467
7470
7473
7474 /* The security label is also not inherited */
7475 if (pAddMandatoryAce)
7476 {
7479
7482
7486
7489
7492 }
7493 else
7495
7496 /* Start child process with our modified token */
7501
7508
7509 LocalFree(acl_child);
7510 free(sd2);
7511 LocalFree(psid);
7512
7513 CloseHandle(token3);
7514 CloseHandle(token2);
7516}
Referenced by START_TEST().
◆ test_TokenIntegrityLevel()
Definition at line 6376 of file security.c.
6377{
6378 TOKEN_MANDATORY_LABEL *tml;
6384 {SECURITY_MANDATORY_HIGH_RID}};
6386 {SECURITY_MANDATORY_MEDIUM_RID}};
6387
6388 SetLastError(0xdeadbeef);
6391
6392 SetLastError(0xdeadbeef);
6394
6395 /* not supported before Vista */
6396 if (!res && ((GetLastError() == ERROR_INVALID_PARAMETER) || GetLastError() == ERROR_INVALID_FUNCTION))
6397 {
6400 return;
6401 }
6402
6405 {
6407 return;
6408 }
6409
6412 "got 0x%lx (expected 0x%x)\n", tml->Label.Attributes, (SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED));
6413
6414#ifdef __REACTOS__ // This crashes on Vista, Win7, and Win8.1.
6416#endif
6420
6422}
Definition: setypes.h:1072
Referenced by START_TEST().
◆ test_trustee()
Definition at line 435 of file security.c.
436{
437 GUID ObjectType = {0x12345678, 0x1234, 0x5678, {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}};
438 GUID InheritedObjectType = {0x23456789, 0x2345, 0x6786, {0x2, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99}};
439 GUID ZeroGuid;
440 OBJECTS_AND_NAME_A oan;
441 OBJECTS_AND_SID oas;
442 TRUSTEEA trustee;
443 PSID psid;
444 char szObjectTypeName[] = "ObjectTypeName";
445 char szInheritedObjectTypeName[] = "InheritedObjectTypeName";
446 char szTrusteeName[] = "szTrusteeName";
447 SID_IDENTIFIER_AUTHORITY auth = { {0x11,0x22,0,0,0, 0} };
448
450
453 pBuildTrusteeWithObjectsAndNameA = (void *)GetProcAddress (hmod, "BuildTrusteeWithObjectsAndNameA" );
454 pBuildTrusteeWithObjectsAndSidA = (void *)GetProcAddress (hmod, "BuildTrusteeWithObjectsAndSidA" );
456 if( !pBuildTrusteeWithSidA || !pBuildTrusteeWithNameA ||
457 !pBuildTrusteeWithObjectsAndNameA || !pBuildTrusteeWithObjectsAndSidA ||
458 !pGetTrusteeNameA )
459 return;
460
462 {
464 return;
465 }
466
467 /* test BuildTrusteeWithSidA */
469 pBuildTrusteeWithSidA( &trustee, psid );
470
473 "MultipleTrusteeOperation wrong\n");
477
478 /* test BuildTrusteeWithObjectsAndSidA (test 1) */
481 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas, &ObjectType,
482 &InheritedObjectType, psid);
483
485 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
489
490 ok(oas.ObjectsPresent == (ACE_OBJECT_TYPE_PRESENT | ACE_INHERITED_OBJECT_TYPE_PRESENT), "ObjectsPresent wrong\n");
492 ok(!memcmp(&oas.InheritedObjectTypeGuid, &InheritedObjectType, sizeof(GUID)), "InheritedObjectTypeGuid wrong\n");
494
495 /* test GetTrusteeNameA */
497
498 /* test BuildTrusteeWithObjectsAndSidA (test 2) */
501 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas, NULL,
502 &InheritedObjectType, psid);
503
505 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
509
512 ok(!memcmp(&oas.InheritedObjectTypeGuid, &InheritedObjectType, sizeof(GUID)), "InheritedObjectTypeGuid wrong\n");
514
515 FreeSid( psid );
516
517 /* test BuildTrusteeWithNameA */
519 pBuildTrusteeWithNameA( &trustee, szTrusteeName );
520
523 "MultipleTrusteeOperation wrong\n");
527
528 /* test BuildTrusteeWithObjectsAndNameA (test 1) */
531 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan, SE_KERNEL_OBJECT, szObjectTypeName,
532 szInheritedObjectTypeName, szTrusteeName);
533
535 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
539
540 ok(oan.ObjectsPresent == (ACE_OBJECT_TYPE_PRESENT | ACE_INHERITED_OBJECT_TYPE_PRESENT), "ObjectsPresent wrong\n");
542 ok(oan.InheritedObjectTypeName == szInheritedObjectTypeName, "InheritedObjectTypeName wrong\n");
544
545 /* test GetTrusteeNameA */
547
548 /* test BuildTrusteeWithObjectsAndNameA (test 2) */
552 szInheritedObjectTypeName, szTrusteeName);
553
555 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
559
562 ok(oan.InheritedObjectTypeName == szInheritedObjectTypeName, "InheritedObjectTypeName wrong\n");
564
565 /* test BuildTrusteeWithObjectsAndNameA (test 3) */
568 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan, SE_KERNEL_OBJECT, szObjectTypeName,
569 NULL, szTrusteeName);
570
572 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
576
581}
Definition: shobjidl.idl:3021
Definition: accctrl.h:356
Definition: accctrl.h:348
Definition: accctrl.h:204
Referenced by START_TEST().
◆ test_window_security()
Definition at line 8826 of file security.c.
8827{
8829 BOOL present, defaulted;
8830 HDESK desktop;
8833
8835
8839
8844
8846}
HDESK WINAPI GetThreadDesktop(_In_ DWORD)
Referenced by START_TEST().
◆ validate_default_security_descriptor()
|
static |
Definition at line 5472 of file security.c.
5473{
5475 ACL *acl;
5477
5480
5481 present = -1;
5482 defaulted = -1;
5483 acl = (void *)0xdeadbeef;
5484 SetLastError(0xdeadbeef);
5487 todo_wine
5489 todo_wine
5492
5493 defaulted = -1;
5495 SetLastError(0xdeadbeef);
5498 todo_wine
5501
5502 defaulted = -1;
5504 SetLastError(0xdeadbeef);
5507 todo_wine
5510}
Referenced by test_default_handle_security().
◆ validate_impersonation_token()
Definition at line 6292 of file security.c.
6293{
6296 SECURITY_IMPERSONATION_LEVEL sil;
6297
6298 type = 0xdeadbeef;
6299 needed = 0;
6300 SetLastError(0xdeadbeef);
6304 ok(type == TokenPrimary || type == TokenImpersonation, "expected TokenPrimary or TokenImpersonation, got %d\n", type);
6305
6306 *token_type = type;
6308
6309 needed = 0;
6310 SetLastError(0xdeadbeef);
6315
6316 needed = 0xdeadbeef;
6317 SetLastError(0xdeadbeef);
6320 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6323
6324 needed = 0xdeadbeef;
6325 SetLastError(0xdeadbeef);
6328 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6331
6332 needed = 0xdeadbeef;
6333 SetLastError(0xdeadbeef);
6336 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6338 ok(needed > sizeof(TOKEN_PRIMARY_GROUP), "GetTokenInformation returned empty token primary group\n");
6339
6341}
Referenced by test_kernel_objects_security().
◆ VOID()
Variable Documentation
◆ ACCESS_MASK
Definition at line 130 of file security.c.
◆ BOOLEAN
Definition at line 129 of file security.c.
Referenced by PspWriteTebImpersonationInfo().
◆ DWORD
Definition at line 114 of file security.c.
◆ HANDLE
Definition at line 130 of file security.c.
Referenced by test_duplicate_handle_access_child(), and test_maximum_allowed().
◆ hmod
Definition at line 134 of file security.c.
Referenced by ask_confirm(), ask_overwrite_value(), child_process(), COMDLG32_FR_DoFindReplace(), EnumResourceLanguagesA(), EnumResourceLanguagesW(), EnumResourceNamesA(), EnumResourceNamesW(), EnumResourceTypesA(), EnumResourceTypesW(), GetExportsFromFile(), GetFileMUIInfo(), GetFunctionFromForwarder(), include_pac_utils(), Init(), init(), init_function_pointers(), init_functions(), load_config_driver(), load_v6_module(), LoadModuleWithSymbols(), LoadModuleWithSymbolsFullPath(), main(), MULTIMEDIA_PlaySound(), ParseImageSymbols(), PlaySound_AllocAndGetMMIO(), PlaySoundA(), PlaySoundW(), PlaySoundWrapW(), RegisterTypeLibraries(), RunDLL(), SHLoadIndirectString(), SQLConfigDriver(), SQLConfigDriverW(), START_TEST(), test_AdvInstallFile(), test_allocateLuid(), Test_atexit(), Test_CORE_20401(), test_GetConsoleFontInfo(), test_GetConsoleFontSize(), test_GetConsoleScreenBufferInfoEx(), test_GetCurrentConsoleFontEx(), test_GetLargestConsoleWindowSize(), test_iocp_callback(), test_lookupPrivilegeName(), test_lookupPrivilegeValue(), test_msidecomposedesc(), test_NdrDllGetClassObject(), test_NdrDllRegisterProxy(), test_SetConsoleFont(), test_SetConsoleScreenBufferInfoEx(), test_sha_ctx(), test_sscanf(), test_sscanf_s(), test_swscanf_s(), test_trustee(), TestGlobalClasses(), TestVersionedClasses(), twain_add_onedriver(), TWAIN_OpenDS(), and use_common().
◆ InheritedObjectTypeName
| POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName |
Definition at line 121 of file security.c.
Referenced by BuildTrusteeWithObjectsAndNameA(), and BuildTrusteeWithObjectsAndNameW().
◆ myARGC
|
static |
Definition at line 135 of file security.c.
Referenced by init(), and START_TEST().
◆ myARGV
|
static |
Definition at line 136 of file security.c.
Referenced by init(), START_TEST(), test_create_process_token(), test_create_process_token_child(), test_duplicate_handle_access(), test_duplicate_handle_access_child(), test_GetSecurityInfo(), test_process_security(), and test_token_security_descriptor().
◆ Name
Definition at line 122 of file security.c.
◆ ObjectType
Definition at line 119 of file security.c.
◆ ObjectTypeName
| POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName |
Definition at line 120 of file security.c.
Referenced by AccessCheckAndAuditAlarmA(), AccessCheckAndAuditAlarmW(), BuildTrusteeWithObjectsAndNameA(), BuildTrusteeWithObjectsAndNameW(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAccessCheckAndAuditAlarm(), NtAccessCheckByTypeAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarmByHandle(), NtOpenObjectAuditAlarm(), ObjectOpenAuditAlarmA(), ObjectOpenAuditAlarmW(), SepAccessCheckAndAuditAlarm(), and SepOpenObjectAuditAlarm().
◆ PBOOLEAN
Definition at line 129 of file security.c.
◆ PGENERIC_MAPPING
Definition at line 130 of file security.c.
◆ pInheritedObjectGuid
| POBJECTS_AND_SID GUID GUID* pInheritedObjectGuid |
Definition at line 126 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ pName
| LPSTR pName |
Definition at line 116 of file security.c.
Referenced by _FindPESectionByName(), _LocalEnumPrintersCheckName(), _RpcAddMonitor(), _RpcAddPort(), _RpcAddPortEx(), _RpcAddPrinterDriver(), _RpcAddPrinterDriverEx(), _RpcAddPrintProcessor(), _RpcAddPrintProvidor(), _RpcConfigurePort(), _RpcDeleteMonitor(), _RpcDeletePort(), _RpcDeletePrinterDriver(), _RpcDeletePrinterDriverEx(), _RpcDeletePrintProcessor(), _RpcDeletePrintProvidor(), _RpcEnumMonitors(), _RpcEnumPorts(), _RpcEnumPrinterDrivers(), _RpcEnumPrintProcessorDatatypes(), _RpcEnumPrintProcessors(), _RpcGetPrinterDriverDirectory(), _RpcGetPrintProcessorDirectory(), _RpcSetPort(), AddMonitorA(), AddMonitorW(), AddPortA(), AddPortExA(), AddPortExW(), AddPortW(), AddPrinterA(), AddPrinterDriverA(), AddPrinterDriverExA(), AddPrinterDriverExW(), AddPrinterDriverW(), AddPrinterExW(), AddPrinterW(), AddPrintMonitorList(), AddPrintProcessorA(), AddPrintProcessorW(), AddPrintProvidorA(), AddPrintProvidorW(), BaseFilterImpl_JoinFilterGraph(), cert_name_to_str_with_indent(), CertFindRDNAttr(), CertNameToStrA(), CertNameToStrW(), ConfigFileHandler_skippedEntity(), ConfigurePortA(), ConfigurePortW(), ConstructXcvName(), CCFDATAStorage::Create(), CreateAssemblyEnum(), FxDevice::CreateDevice(), CreateInstallReferenceEnum(), FxDevice::CreateSymbolicLink(), DECLARE_INTERFACE_(), DeleteMonitorA(), DeleteMonitorW(), DeletePortA(), DeletePortW(), DeletePrinterDriverA(), DeletePrinterDriverExA(), DeletePrinterDriverExW(), DeletePrinterDriverW(), DeletePrintProcessorA(), DeletePrintProcessorW(), DeletePrintProvidorA(), DeletePrintProvidorW(), enumerate_gac(), EnumFormsA(), EnumMonitorsA(), EnumMonitorsW(), EnumPortsA(), EnumPortsW(), EnumPrinterDriversA(), EnumPrinterDriversW(), EnumPrintersA(), EnumPrintProcessorDatatypesA(), EnumPrintProcessorDatatypesW(), EnumPrintProcessorsA(), EnumPrintProcessorsW(), Ext2IsNameValid(), Ext2ProcessEntry(), FATGetNextDirEntry(), FilterGraph2_AddFilter(), FilterGraph2_FindFilterByName(), find_installed_ports(), FsdGetFsAttributeInformation(), CFindFolder::GetDisplayNameOf(), CCabFolder::GetDisplayNameOf(), CRecycleBin::GetDisplayNameOf(), CNetConnectionPropertyUi::GetINetCfgComponent(), GetMonitorUI(), GetPrinterDriverDirectoryA(), GetPrinterDriverDirectoryW(), GetPrintProcessorDirectoryA(), GetPrintProcessorDirectoryW(), IAssemblyNameImpl_Clone(), IAssemblyNameImpl_IsEqual(), implicit_handle(), InitializeFormList(), IntStoreName(), CKsProxy::JoinFilterGraph(), LocalAddMonitor(), LocalAddPort(), LocalAddPortEx(), LocalAddPrinterDriver(), LocalAddPrinterDriverEx(), LocalConfigurePort(), LocalDeleteMonitor(), LocalDeletePort(), LocalEnumMonitors(), LocalEnumPorts(), LocalEnumPrinterDrivers(), LocalEnumPrintProcessorDatatypes(), LocalEnumPrintProcessors(), LocalGetPrinterDriverDirectory(), LocalGetPrintProcessorDirectory(), LocalmonEnumPorts(), LocalmonOpenPort(), LocalSetPort(), localui_AddPortUI(), localui_ConfigurePortUI(), localui_DeletePortUI(), ParaNdis_OnPnPEvent(), Parser_JoinFilterGraph(), pointer_default(), PrintD2(), PrintDebug(), SetDomainAndUsername(), SetPortA(), SetPortW(), SHFindAttrW(), SHGetUserDisplayName(), START_TEST(), StartPortThread(), test_EnumForms(), test_NameToStrConversionA_(), test_NameToStrConversionW_(), TestFilter_JoinFilterGraph(), TreeListChar(), vfatSplitPathName(), and VfdGetDeviceName().
◆ pObjectGuid
| POBJECTS_AND_SID GUID* pObjectGuid |
Definition at line 125 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ pObjName
| POBJECTS_AND_NAME_A pObjName |
Definition at line 118 of file security.c.
Referenced by BuildTrusteeWithObjectsAndNameA(), BuildTrusteeWithObjectsAndNameW(), and ConvertPath().
◆ pObjSid
| POBJECTS_AND_SID pObjSid |
Definition at line 124 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ PPRIVILEGE_SET
Definition at line 131 of file security.c.
◆ PSID
Definition at line 114 of file security.c.
◆ pSid
| static POBJECTS_AND_SID GUID GUID PSID pSid |
Definition at line 115 of file security.c.
Referenced by AccpLookupCurrentUser(), AccpLookupSidByName(), AddAccessAllowedAce(), AddAccessAllowedAceEx(), AddAccessAllowedObjectAce(), AddAccessDeniedAce(), AddAccessDeniedAceEx(), AddAccessDeniedObjectAce(), AddAuditAccessAce(), AddAuditAccessAceEx(), AddAuditAccessObjectAce(), AddSelectedPrincipal(), AllocateAndInitializeSid(), BuildDefaultPrincipalAce(), BuildTrusteeWithObjectsAndSidA(), BuildTrusteeWithObjectsAndSidW(), BuildTrusteeWithSidA(), BuildTrusteeWithSidW(), CachedGetUserFromSid(), CacheLookupResults(), ConvertStringSidToSidW(), CreateUserProfileA(), CreateUserProfileExA(), CreateUserProfileExW(), CreateUserProfileW(), CreateWellKnownSid(), DequeueSidLookup(), DisplayDacl(), FindSidInCache(), fnIMLangFontLink2_CodePageToScriptID(), FreeSid(), GetLengthSid(), GetShellSecurityDescriptor(), GetSidIdentifierAuthority(), GetSidSubAuthority(), GetSidSubAuthorityCount(), GetTextSid(), GetTextualSid(), GetUserSid(), Imm32IsInteractiveUserLogon(), InvokeObjectPickerDialog(), IsInteractiveUserLogon(), IsNTAdmin(), IsValidSid(), IsWellKnownSid(), LookupAccountSidW(), LookupSidCache(), LookupSidInformation(), LookupThreadProc(), ParseStringSidToSid(), PrintSid(), QueueSidLookup(), RtlAllocateAndInitializeSid(), SampInitializeSAM(), and WhoamiLogonId().
◆ PULONG
Definition at line 131 of file security.c.
◆ PUNICODE_STRING
| NTSTATUS *static PUNICODE_STRING |
Definition at line 132 of file security.c.
◆ well_known_sid_values
|
static |
Referenced by test_CreateWellKnownSid(), and test_EqualDomainSid().
