#include <stdarg.h>#include <stdio.h>#include "ntstatus.h"#include "windef.h"#include "winbase.h"#include "winerror.h"#include "winternl.h"#include "aclapi.h"#include "winnt.h"#include "sddl.h"#include "ntsecapi.h"#include "lmcons.h"#include "wine/test.h"
Include dependency graph for security.c:
Go to the source code of this file.
Classes | |
| struct | sidRef |
| struct | NameToLUID |
| union | _MAX_SID |
| struct | well_known_sid_value |
Typedefs | |
| typedef union _MAX_SID | MAX_SID |
Variables | |
| static | DWORD |
| static | PSID |
| static PSID | pSid |
| static LPSTR | pName |
| static POBJECTS_AND_NAME_A | pObjName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE | ObjectType |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR | ObjectTypeName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR | InheritedObjectTypeName |
| static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR LPSTR | Name |
| static POBJECTS_AND_SID | pObjSid |
| static POBJECTS_AND_SID GUID * | pObjectGuid |
| static POBJECTS_AND_SID GUID GUID * | pInheritedObjectGuid |
| static | BOOLEAN |
| static | PBOOLEAN |
| static | HANDLE |
| static | ACCESS_MASK |
| static | PGENERIC_MAPPING |
| static | PPRIVILEGE_SET |
| static | PULONG |
| static NTSTATUS *static | PUNICODE_STRING |
| static NTSTATUS *static PWSTR CURDIR *static HMODULE | hmod |
| static int | myARGC |
| static char ** | myARGV |
| static const struct well_known_sid_value | well_known_sid_values [] |
Macro Definition Documentation
◆ CHECK_ONE_OF_AND_FREE
| #define CHECK_ONE_OF_AND_FREE | ( | exp_str1, | |
| exp_str2 | |||
| ) |
Value:
ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %ld)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
LocalFree(string);
◆ CHECK_RESULT_AND_FREE
| #define CHECK_RESULT_AND_FREE | ( | exp_str | ) |
◆ CHECK_SET_SECURITY
Value:
do{ \
BOOL res_; \
SetLastError( 0xdeadbeef ); \
err = GetLastError(); \
if (e == ERROR_SUCCESS) \
ok(res_, "SetKernelObjectSecurity failed with %ld\n", err); \
else \
}while(0)
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: security.c:1928
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
Definition at line 2880 of file security.c.
◆ EVENT_QUERY_STATE
| #define EVENT_QUERY_STATE 0x0001 |
Definition at line 67 of file security.c.
◆ expect_eq
| #define expect_eq | ( | expr, | |
| value, | |||
| type, | |||
| format | |||
| ) | { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); } |
Definition at line 82 of file security.c.
◆ join_process
| #define join_process | ( | a | ) | join_process_(__LINE__, a) |
Definition at line 8013 of file security.c.
◆ PROCESS_ALL_ACCESS_NT4
| #define PROCESS_ALL_ACCESS_NT4 (PROCESS_ALL_ACCESS & ~0xf000) |
Definition at line 63 of file security.c.
◆ PROCESS_ALL_ACCESS_VISTA
| #define PROCESS_ALL_ACCESS_VISTA (PROCESS_ALL_ACCESS | 0xf000) |
Definition at line 64 of file security.c.
◆ PROCESS_QUERY_LIMITED_INFORMATION
| #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 |
Definition at line 59 of file security.c.
◆ SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Definition at line 557 of file security.c.
◆ SE_AUDIT_PRIVILEGE
Definition at line 575 of file security.c.
◆ SE_BACKUP_PRIVILEGE
Definition at line 571 of file security.c.
◆ SE_CHANGE_NOTIFY_PRIVILEGE
Definition at line 577 of file security.c.
◆ SE_CREATE_GLOBAL_PRIVILEGE
| #define SE_CREATE_GLOBAL_PRIVILEGE 30L |
Definition at line 584 of file security.c.
◆ SE_CREATE_PAGEFILE_PRIVILEGE
Definition at line 569 of file security.c.
◆ SE_CREATE_PERMANENT_PRIVILEGE
Definition at line 570 of file security.c.
◆ SE_CREATE_TOKEN_PRIVILEGE
Definition at line 556 of file security.c.
◆ SE_DEBUG_PRIVILEGE
| #define SE_DEBUG_PRIVILEGE 20L |
Definition at line 574 of file security.c.
◆ SE_ENABLE_DELEGATION_PRIVILEGE
Definition at line 581 of file security.c.
◆ SE_IMPERSONATE_PRIVILEGE
Definition at line 583 of file security.c.
◆ SE_INC_BASE_PRIORITY_PRIVILEGE
Definition at line 568 of file security.c.
◆ SE_INCREASE_QUOTA_PRIVILEGE
Definition at line 559 of file security.c.
◆ SE_LOAD_DRIVER_PRIVILEGE
| #define SE_LOAD_DRIVER_PRIVILEGE 10L |
Definition at line 564 of file security.c.
◆ SE_LOCK_MEMORY_PRIVILEGE
Definition at line 558 of file security.c.
◆ SE_MACHINE_ACCOUNT_PRIVILEGE
Definition at line 560 of file security.c.
◆ SE_MANAGE_VOLUME_PRIVILEGE
Definition at line 582 of file security.c.
◆ SE_MAX_WELL_KNOWN_PRIVILEGE
| #define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE |
Definition at line 585 of file security.c.
◆ SE_MIN_WELL_KNOWN_PRIVILEGE
Definition at line 555 of file security.c.
◆ SE_PROF_SINGLE_PROCESS_PRIVILEGE
Definition at line 567 of file security.c.
◆ SE_REMOTE_SHUTDOWN_PRIVILEGE
Definition at line 578 of file security.c.
◆ SE_RESTORE_PRIVILEGE
Definition at line 572 of file security.c.
◆ SE_SECURITY_PRIVILEGE
Definition at line 562 of file security.c.
◆ SE_SHUTDOWN_PRIVILEGE
Definition at line 573 of file security.c.
◆ SE_SYNC_AGENT_PRIVILEGE
Definition at line 580 of file security.c.
◆ SE_SYSTEM_ENVIRONMENT_PRIVILEGE
Definition at line 576 of file security.c.
◆ SE_SYSTEM_PROFILE_PRIVILEGE
Definition at line 565 of file security.c.
◆ SE_SYSTEMTIME_PRIVILEGE
Definition at line 566 of file security.c.
◆ SE_TAKE_OWNERSHIP_PRIVILEGE
Definition at line 563 of file security.c.
◆ SE_TCB_PRIVILEGE
Definition at line 561 of file security.c.
◆ SE_UNDOCK_PRIVILEGE
Definition at line 579 of file security.c.
◆ SEMAPHORE_QUERY_STATE
| #define SEMAPHORE_QUERY_STATE 0x0001 |
Definition at line 71 of file security.c.
◆ TEST_GRANTED_ACCESS
Definition at line 2860 of file security.c.
◆ TEST_GRANTED_ACCESS2
Definition at line 2861 of file security.c.
◆ THREAD_ALL_ACCESS_NT4
| #define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff) |
Definition at line 79 of file security.c.
◆ THREAD_ALL_ACCESS_VISTA
| #define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff) |
Definition at line 80 of file security.c.
◆ THREAD_QUERY_LIMITED_INFORMATION
| #define THREAD_QUERY_LIMITED_INFORMATION 0x0800 |
Definition at line 76 of file security.c.
◆ THREAD_SET_LIMITED_INFORMATION
| #define THREAD_SET_LIMITED_INFORMATION 0x0400 |
Definition at line 75 of file security.c.
◆ WIN32_NO_STATUS
| #define WIN32_NO_STATUS |
Definition at line 26 of file security.c.
◆ WINE_TEST_PIPE
| #define WINE_TEST_PIPE "\\\\.\\pipe\\WineTestPipe" |
Definition at line 5730 of file security.c.
Typedef Documentation
◆ MAX_SID
Function Documentation
◆ BOOL()
◆ check_different_token()
Definition at line 8413 of file security.c.
8414{
8415 TOKEN_STATISTICS stats1, stats2;
8418
8423
8425}
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
Definition: devicetopology.idl:137
Definition: setypes.h:1097
Referenced by test_elevation().
◆ check_token_label()
Definition at line 7123 of file security.c.
7124{
7126 {SECURITY_MANDATORY_MEDIUM_RID}};
7128 {SECURITY_MANDATORY_HIGH_RID}};
7130 SYSTEM_MANDATORY_LABEL_ACE *ace;
7137
7141
7145
7148 if (sacl_inherited)
7151 else
7155
7157 defaulted = TRUE;
7162
7164 defaulted = TRUE;
7169
7176
7179
7185
7191
7195
7197}
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:987
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3637
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
Definition: glfuncs.h:210
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
Definition: sec.c:21
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
Definition: ms-dtyp.idl:293
Definition: ms-dtyp.idl:301
Definition: ms-dtyp.idl:198
Definition: ms-dtyp.idl:278
Definition: dialog.c:52
Definition: security.c:35
#define SECURITY_MANDATORY_LABEL_AUTHORITY
Definition: setypes.h:682
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
Definition: setypes.h:820
Referenced by test_token_label().
◆ check_wellknown_name()
|
static |
Definition at line 2490 of file security.c.
2491{
2496
2497 DWORD sid_size, domain_size;
2498 SID_NAME_USE sid_use;
2500 PSID psid;
2502
2503 sid_size = 0;
2504 domain_size = 0;
2507 psid = malloc(sid_size);
2510
2512 {
2515 }
2516
2517 AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2520 {
2523 }
2524
2525 ret2 = get_sid_info(wk_sid, &wk_account, &wk_domain);
2527 {
2530 }
2531
2533
2536
2537#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, Win8.1, and Win10 1607.
2540#endif
2541
2545
2546cleanup:
2547 FreeSid(domainsid);
2548 free(psid);
2550}
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
Definition: security.c:2012
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
Definition: security.c:674
BOOL WINAPI CreateWellKnownSid(WELL_KNOWN_SID_TYPE type, PSID domain, PSID sid, DWORD *size)
Definition: security.c:429
enum _SID_NAME_USE SID_NAME_USE
Definition: ms-dtyp.idl:194
Definition: cookie.c:42
Referenced by test_LookupAccountName().
◆ debugstr_sid()
Definition at line 108 of file security.c.
109{
110 LPSTR sidstr;
113
116 else
117 {
118 res = __wine_dbg_strdup(sidstr);
119 LocalFree(sidstr);
120 }
121 /* Restore the last error in case ConvertSidToStringSidA() modified it */
122 SetLastError(le);
124}
◆ duplicate_handle_access_thread()
Definition at line 7823 of file security.c.
7824{
7827
7830 CloseHandle(event2);
7831
7834 CloseHandle(event2);
7835
7839 CloseHandle(event2);
7840
7841 return 0;
7842}
BOOL WINAPI DuplicateHandle(IN HANDLE hSourceProcessHandle, IN HANDLE hSourceHandle, IN HANDLE hTargetProcessHandle, OUT LPHANDLE lpTargetHandle, IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwOptions)
Definition: handle.c:149
Definition: nsiface.idl:2307
HANDLE WINAPI DECLSPEC_HOTPATCH OpenEventA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synch.c:605
Referenced by test_duplicate_handle_access().
◆ DWORD()
◆ find_privilege()
|
static |
Definition at line 8194 of file security.c.
8195{
8197
8199 {
8202 }
8203
8205}
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1036
Referenced by test_duplicate_token().
◆ get_alloc_token_owner()
|
static |
Definition at line 1745 of file security.c.
1746{
1747 TOKEN_OWNER *token_owner;
1750
1755
1759
1760 return token_owner;
1761}
Definition: setypes.h:1039
Referenced by test_default_dacl_owner_group_sid().
◆ get_alloc_token_primary_group()
|
static |
Definition at line 1763 of file security.c.
1764{
1765 TOKEN_PRIMARY_GROUP *token_primary_group;
1768
1773
1777
1778 return token_primary_group;
1779}
Definition: setypes.h:1043
Referenced by test_default_dacl_owner_group_sid().
◆ get_alloc_token_user()
|
static |
Definition at line 1727 of file security.c.
1728{
1729 TOKEN_USER *token_user;
1732
1737
1741
1742 return token_user;
1743}
Definition: setypes.h:1021
Referenced by test_default_dacl_owner_group_sid().
◆ get_nt_pathW()
|
static |
Definition at line 3519 of file security.c.
3520{
3525
3527
3530
3533
3535}
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
Definition: env_spec_w32.h:375
Definition: env_spec_w32.h:368
Referenced by test_CreateDirectoryA().
◆ get_obj_access()
|
static |
Definition at line 5555 of file security.c.
5556{
5559
5562
5564}
EXTERN_C NTSTATUS WINAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG)
Definition: winternl.h:2678
Definition: notification.c:70
Definition: usrmarshal.c:1272
Referenced by test_event_security(), test_file_security(), test_filemap_security(), test_maximum_allowed(), test_mutex_security(), test_named_pipe_security(), test_process_access(), test_semaphore_security(), and test_thread_security().
◆ get_sid_info()
Definition at line 2473 of file security.c.
2474{
2478 SID_NAME_USE use;
2479
2481 *dom = domain;
2482
2486 SetLastError(0xdeadbeef);
2488}
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
Definition: misc.c:405
Referenced by check_wellknown_name(), and test_LookupAccountName().
◆ init()
Definition at line 132 of file security.c.
133{
135
139
142
144}
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
Definition: loader.c:812
int winetest_get_mainargs(char ***pargv)
Referenced by START_TEST().
◆ join_process_()
|
static |
Definition at line 8014 of file security.c.
8015{
8020}
Definition: parser.c:49
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
Definition: synch.c:82
◆ LPSTR()
◆ NTSTATUS()
◆ START_TEST()
| START_TEST | ( | security | ) |
Definition at line 8818 of file security.c.
8819{
8820 init();
8822
8824 {
8826 test_child_token_sd();
8828 test_process_security_child();
8832 test_create_process_token_child();
8833 return;
8834 }
8835 test_kernel_objects_security();
8836 test_ConvertStringSidToSid();
8837 test_trustee();
8838 test_allocateLuid();
8839 test_lookupPrivilegeName();
8840 test_lookupPrivilegeValue();
8841 test_CreateWellKnownSid();
8842 test_FileSecurity();
8843 test_AccessCheck();
8844 test_token_attr();
8845 test_GetTokenInformation();
8846 test_LookupAccountSid();
8847 test_LookupAccountName();
8848 test_security_descriptor();
8849 test_process_security();
8850 test_impersonation_level();
8851 test_SetEntriesInAclW();
8852 test_SetEntriesInAclA();
8853 test_CreateDirectoryA();
8854 test_GetNamedSecurityInfoA();
8857 test_PrivateObjectSecurity();
8858 test_InitializeAcl();
8859 test_GetWindowsAccountDomainSid();
8860 test_EqualDomainSid();
8861 test_GetSecurityInfo();
8862 test_GetSidSubAuthority();
8863 test_CheckTokenMembership();
8864 test_EqualSid();
8865 test_GetUserNameA();
8866 test_GetUserNameW();
8867 test_CreateRestrictedToken();
8868 test_TokenIntegrityLevel();
8870 test_AdjustTokenPrivileges();
8871 test_AddAce();
8872 test_AddMandatoryAce();
8873 test_system_security_access();
8874 test_GetSidIdentifierAuthority();
8875 test_pseudo_tokens();
8876 test_maximum_allowed();
8877 test_token_label();
8878 test_GetExplicitEntriesFromAclW();
8879 test_BuildSecurityDescriptorW();
8880 test_duplicate_handle_access();
8881 test_create_process_token();
8882 test_pseudo_handle_security();
8883 test_duplicate_token();
8884 test_GetKernelObjectSecurity();
8885 test_elevation();
8886 test_group_as_file_owner();
8887 test_IsValidSecurityDescriptor();
8888 test_window_security();
8889
8890 /* Must be the last test, modifies process token */
8891 test_token_security_descriptor();
8892}
static void test_GetSidIdentifierAuthority(void)
Definition: security.c:7012
static void test_duplicate_handle_access_child(void)
Definition: security.c:7965
static void test_GetExplicitEntriesFromAclW(void)
Definition: security.c:7569
static void test_kernel_objects_security(void)
Definition: security.c:6313
static void test_create_process_token_child(void)
Definition: security.c:8115
static void test_duplicate_handle_access(void)
Definition: security.c:7844
static void test_default_dacl_owner_group_sid(void)
Definition: security.c:6394
static void test_IsValidSecurityDescriptor(void)
Definition: security.c:8768
static void test_GetWindowsAccountDomainSid(void)
Definition: security.c:6929
static void test_ConvertStringSecurityDescriptor(void)
Definition: security.c:4206
static void test_token_security_descriptor(void)
Definition: security.c:7297
static void test_ConvertSecurityDescriptorToString(void)
Definition: security.c:4369
static void test_BuildSecurityDescriptorW(void)
Definition: security.c:7724
static void test_GetKernelObjectSecurity(void)
Definition: security.c:8324
◆ test_AccessCheck()
Definition at line 1124 of file security.c.
1125{
1132 ACCESS_MASK Access;
1135 HANDLE ProcessToken;
1137 DWORD PrivSetLen;
1138 PRIVILEGE_SET *PrivSet;
1140 HMODULE NtDllModule;
1143 NTSTATUS ntret, ntAccessStatus;
1144
1146 if (!NtDllModule)
1147 {
1149 return;
1150 }
1152 if (!pRtlAdjustPrivilege)
1153 {
1155 return;
1156 }
1157
1158 Acl = malloc(256);
1161 {
1163 free(Acl);
1164 return;
1165 }
1167
1168 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
1170
1174
1176 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
1178
1180
1183
1186
1188 PrivSet = calloc(1, PrivSetLen);
1189 PrivSet->PrivilegeCount = 16;
1190
1193
1195
1198
1199 /* SD without owner/group */
1200 SetLastError(0xdeadbeef);
1201 Access = AccessStatus = 0x1abe11ed;
1203 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1208 "Access and/or AccessStatus were changed!\n");
1209
1210 /* Set owner and group */
1215
1216 /* Generic access mask */
1217 SetLastError(0xdeadbeef);
1218 Access = AccessStatus = 0x1abe11ed;
1220 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1225 "Access and/or AccessStatus were changed!\n");
1226
1227 /* Generic access mask - no privilegeset buffer */
1228 SetLastError(0xdeadbeef);
1229 Access = AccessStatus = 0x1abe11ed;
1236 "Access and/or AccessStatus were changed!\n");
1237
1238 /* Generic access mask - no returnlength */
1239 SetLastError(0xdeadbeef);
1240 Access = AccessStatus = 0x1abe11ed;
1247 "Access and/or AccessStatus were changed!\n");
1248
1249 /* Generic access mask - no privilegeset buffer, no returnlength */
1250 SetLastError(0xdeadbeef);
1251 Access = AccessStatus = 0x1abe11ed;
1258 "Access and/or AccessStatus were changed!\n");
1259
1260 /* sd with no dacl present */
1261 Access = AccessStatus = 0x1abe11ed;
1265 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1268 "AccessCheck failed to grant access with error %ld\n",
1269 GetLastError());
1270
1271 /* sd with no dacl present - no privilegeset buffer */
1272 SetLastError(0xdeadbeef);
1273 Access = AccessStatus = 0x1abe11ed;
1280 "Access and/or AccessStatus were changed!\n");
1281
1282 if(pNtAccessCheck)
1283 {
1285
1286 /* Generic access mask - no privilegeset buffer */
1287 SetLastError(0xdeadbeef);
1288 Access = ntAccessStatus = 0x1abe11ed;
1290 NULL, &ntPrivSetLen, &Access, &ntAccessStatus);
1293 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1296 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1297 "Access and/or AccessStatus were changed!\n");
1299
1300 /* Generic access mask - no returnlength */
1301 SetLastError(0xdeadbeef);
1302 Access = ntAccessStatus = 0x1abe11ed;
1304 PrivSet, NULL, &Access, &ntAccessStatus);
1307 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1310 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1311 "Access and/or AccessStatus were changed!\n");
1312
1313 /* Generic access mask - no privilegeset buffer, no returnlength */
1314 SetLastError(0xdeadbeef);
1315 Access = ntAccessStatus = 0x1abe11ed;
1320 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1323 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1324 "Access and/or AccessStatus were changed!\n");
1325
1326 /* Generic access mask - zero returnlength */
1327 SetLastError(0xdeadbeef);
1328 Access = ntAccessStatus = 0x1abe11ed;
1329 ntPrivSetLen = 0;
1331 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1334 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1337 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1338 "Access and/or AccessStatus were changed!\n");
1340
1341 /* Generic access mask - insufficient returnlength */
1342 SetLastError(0xdeadbeef);
1343 Access = ntAccessStatus = 0x1abe11ed;
1346 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1349 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1352 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1353 "Access and/or AccessStatus were changed!\n");
1355
1356 /* Key access mask - zero returnlength */
1357 SetLastError(0xdeadbeef);
1358 Access = ntAccessStatus = 0x1abe11ed;
1359 ntPrivSetLen = 0;
1361 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1364 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1367 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1368 "Access and/or AccessStatus were changed!\n");
1370
1371 /* Key access mask - insufficient returnlength */
1372 SetLastError(0xdeadbeef);
1373 Access = ntAccessStatus = 0x1abe11ed;
1376 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1379 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1382 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1383 "Access and/or AccessStatus were changed!\n");
1385 }
1386 else
1388
1389 /* sd with NULL dacl */
1390 Access = AccessStatus = 0x1abe11ed;
1394 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1397 "AccessCheck failed to grant access with error %ld\n",
1398 GetLastError());
1400 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1403 "AccessCheck failed to grant access with error %ld\n",
1404 GetLastError());
1405
1406 /* sd with blank dacl */
1410 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1416
1419
1422
1423 /* sd with dacl */
1424 Access = AccessStatus = 0x1abe11ed;
1426 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1429 "AccessCheck failed to grant access with error %ld\n",
1430 GetLastError());
1431
1433 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1436 "AccessCheck failed to grant any access with error %ld\n",
1437 GetLastError());
1439
1440 /* Null PrivSet with null PrivSetLen pointer */
1441 SetLastError(0xdeadbeef);
1442 Access = AccessStatus = 0x1abe11ed;
1449 "Access and/or AccessStatus were changed!\n");
1450
1451 /* Null PrivSet with zero PrivSetLen */
1452 SetLastError(0xdeadbeef);
1453 Access = AccessStatus = 0x1abe11ed;
1454 PrivSetLen = 0;
1456 0, &PrivSetLen, &Access, &AccessStatus);
1458 todo_wine
1461 todo_wine
1464 "Access and/or AccessStatus were changed!\n");
1465
1466 /* Null PrivSet with insufficient PrivSetLen */
1467 SetLastError(0xdeadbeef);
1468 Access = AccessStatus = 0x1abe11ed;
1469 PrivSetLen = 1;
1471 0, &PrivSetLen, &Access, &AccessStatus);
1477 "Access and/or AccessStatus were changed!\n");
1478
1479 /* Null PrivSet with insufficient PrivSetLen */
1480 SetLastError(0xdeadbeef);
1481 Access = AccessStatus = 0x1abe11ed;
1484 0, &PrivSetLen, &Access, &AccessStatus);
1490 "Access and/or AccessStatus were changed!\n");
1491
1492 /* Null PrivSet with minimal sufficient PrivSetLen */
1493 SetLastError(0xdeadbeef);
1494 Access = AccessStatus = 0x1abe11ed;
1497 0, &PrivSetLen, &Access, &AccessStatus);
1503 "Access and/or AccessStatus were changed!\n");
1504
1505 /* Valid PrivSet with zero PrivSetLen */
1506 SetLastError(0xdeadbeef);
1507 Access = AccessStatus = 0x1abe11ed;
1508 PrivSetLen = 0;
1510 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1516 "Access and/or AccessStatus were changed!\n");
1517
1518 /* Valid PrivSet with insufficient PrivSetLen */
1519 SetLastError(0xdeadbeef);
1520 Access = AccessStatus = 0x1abe11ed;
1521 PrivSetLen = 1;
1523 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1529 "Access and/or AccessStatus were changed!\n");
1530
1531 /* Valid PrivSet with insufficient PrivSetLen */
1532 SetLastError(0xdeadbeef);
1533 Access = AccessStatus = 0x1abe11ed;
1535 PrivSet->PrivilegeCount = 0xdeadbeef;
1537 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1543 "Access and/or AccessStatus were changed!\n");
1545
1546 /* Valid PrivSet with minimal sufficient PrivSetLen */
1547 SetLastError(0xdeadbeef);
1548 Access = AccessStatus = 0x1abe11ed;
1550 memset(PrivSet, 0xcc, PrivSetLen);
1552 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1559 PrivSet->PrivilegeCount);
1560
1561 /* Valid PrivSet with sufficient PrivSetLen */
1562 SetLastError(0xdeadbeef);
1563 Access = AccessStatus = 0x1abe11ed;
1565 memset(PrivSet, 0xcc, PrivSetLen);
1567 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1570 todo_wine
1575 PrivSet->PrivilegeCount);
1576
1578
1579 /* Null PrivSet with valid PrivSetLen */
1580 SetLastError(0xdeadbeef);
1581 Access = AccessStatus = 0x1abe11ed;
1583 0, &PrivSetLen, &Access, &AccessStatus);
1588 "Access and/or AccessStatus were changed!\n");
1589
1590 /* Access denied by SD */
1591 SetLastError(0xdeadbeef);
1592 Access = AccessStatus = 0x1abe11ed;
1594 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1600
1601 SetLastError(0xdeadbeef);
1602 PrivSet->PrivilegeCount = 16;
1604 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1606 "AccessCheck should have failed with ERROR_PRIVILEGE_NOT_HELD, instead of %ld\n",
1607 GetLastError());
1608
1613 {
1614 /* Valid PrivSet with zero PrivSetLen */
1615 SetLastError(0xdeadbeef);
1616 Access = AccessStatus = 0x1abe11ed;
1617 PrivSetLen = 0;
1619 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1625 "Access and/or AccessStatus were changed!\n");
1626
1627 /* Valid PrivSet with insufficient PrivSetLen */
1628 SetLastError(0xdeadbeef);
1629 Access = AccessStatus = 0x1abe11ed;
1632 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1638 "Access and/or AccessStatus were changed!\n");
1639
1640 /* Valid PrivSet with minimal sufficient PrivSetLen */
1641 SetLastError(0xdeadbeef);
1642 Access = AccessStatus = 0x1abe11ed;
1644 memset(PrivSet, 0xcc, PrivSetLen);
1646 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1648 "AccessCheck should have succeeded, error %ld\n",
1649 GetLastError());
1651 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1652 Access);
1654 PrivSet->PrivilegeCount);
1655
1656 /* Valid PrivSet with large PrivSetLen */
1657 SetLastError(0xdeadbeef);
1658 Access = AccessStatus = 0x1abe11ed;
1660 memset(PrivSet, 0xcc, PrivSetLen);
1662 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1664 "AccessCheck should have succeeded, error %ld\n",
1665 GetLastError());
1667 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1668 Access);
1670 PrivSet->PrivilegeCount);
1671 }
1672 else
1674 ret);
1677
1678 /* test INHERIT_ONLY_ACE */
1681
1684
1686 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1692
1694
1697
1698 SetLastError(0xdeadbeef);
1700 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1704
1706
1707 SetLastError(0xdeadbeef);
1709 PrivSet, &PrivSetLen, &Access, &AccessStatus);
1713
1714 CloseHandle(ProcessToken);
1715
1716 if (EveryoneSid)
1717 FreeSid(EveryoneSid);
1720 if (UsersSid)
1721 FreeSid(UsersSid);
1722 free(Acl);
1724 free(PrivSet);
1725}
Definition: tokenizer.hpp:28
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1006
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1039
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1063
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
Definition: security.c:1650
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1090
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
Definition: security.c:1218
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
Definition: security.c:1226
BOOL WINAPI DuplicateToken(HANDLE token, SECURITY_IMPERSONATION_LEVEL level, PHANDLE ret)
Definition: security.c:675
BOOL WINAPI OpenProcessToken(HANDLE process, DWORD access, HANDLE *handle)
Definition: security.c:828
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
Definition: nt_native.h:564
Definition: setypes.h:85
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
Definition: sefuncs.h:21
struct _PRIVILEGE_SET PRIVILEGE_SET
Referenced by START_TEST().
◆ test_AddAce()
Definition at line 6528 of file security.c.
6529{
6530 static SID const sidWorld = { SID_REVISION, 1, { SECURITY_WORLD_SID_AUTHORITY} , { SECURITY_WORLD_RID } };
6531
6532 char acl_buf[1024], ace_buf[256];
6536
6541
6544
6560
6563 /* next test succeededs but corrupts ACL */
6567 SetLastError(0xdeadbeef);
6571}
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
Definition: security.c:1141
struct _SID SID
struct _ACL * PACL
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
#define MAXDWORD
Definition: ms-dtyp.idl:215
Referenced by START_TEST().
◆ test_AddMandatoryAce()
Definition at line 6573 of file security.c.
6574{
6576 {SECURITY_MANDATORY_LOW_RID}};
6578 {SECURITY_MANDATORY_MEDIUM_RID}};
6583 ACL_SIZE_INFORMATION acl_size_info;
6584 SYSTEM_MANDATORY_LABEL_ACE *ace;
6585 char buffer_acl[256];
6590 SID *everyone;
6591 ACL *sacl;
6592
6593 if (!pAddMandatoryAce)
6594 {
6596 return;
6597 }
6598
6601
6605
6608
6612
6616
6617 sacl = (void *)0xdeadbeef;
6618 present = TRUE;
6623
6624 free(sd2);
6626
6630
6631 SetLastError(0xdeadbeef);
6636
6639
6642 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6646
6647 SetLastError(0xdeadbeef);
6651
6654
6657
6661
6665
6666 sacl = (void *)0xdeadbeef;
6667 present = FALSE;
6668 defaulted = TRUE;
6676 ok(acl_size_info.AceCount == 1, "SACL contains an unexpected ACE count %lu\n", acl_size_info.AceCount);
6677
6680 ok (ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "Unexpected ACE type %#x\n", ace->Header.AceType);
6684
6685 free(sd2);
6686
6687 ret = pAddMandatoryAce(acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6689
6692
6696
6700
6701 sacl = (void *)0xdeadbeef;
6702 present = FALSE;
6703 defaulted = TRUE;
6710
6713 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6717
6720 ok(ace->Header.AceType == SYSTEM_MANDATORY_LABEL_ACE_TYPE, "got type %#x\n", ace->Header.AceType);
6724
6725 SetLastError(0xdeadbeef);
6729
6730 free(sd2);
6731
6734
6737
6741
6745
6746 sacl = (void *)0xdeadbeef;
6747 present = FALSE;
6748 defaulted = TRUE;
6755
6756 free(sd2);
6757
6760
6761 ret = pAddMandatoryAce(acl, ACL_REVISION3, 0, SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP, &medium_level);
6763
6766
6769
6773
6777
6778 sacl = (void *)0xdeadbeef;
6779 present = FALSE;
6780 defaulted = TRUE;
6787
6788 free(sd2);
6789
6792
6793 ret = AllocateAndInitializeSid(&sia_world, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, (void **)&everyone);
6795
6798
6801
6804
6808
6812
6813 sacl = (void *)0xdeadbeef;
6814 present = FALSE;
6815 defaulted = TRUE;
6822
6823 FreeSid(everyone);
6824 free(sd2);
6826}
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1194
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
Definition: security.c:1234
Definition: winnt_old.h:1191
Definition: compat.h:191
Definition: rpc_generic.c:61
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventA(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCSTR lpName OPTIONAL)
Definition: synch.c:573
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
Definition: setypes.h:822
Referenced by START_TEST().
◆ test_AdjustTokenPrivileges()
Definition at line 6492 of file security.c.
6493{
6497 LUID luid;
6499
6501 return;
6502
6504 {
6506 return;
6507 }
6508
6509 tp.PrivilegeCount = 1;
6510 tp.Privileges[0].Luid = luid;
6512
6513 len = 0xdeadbeef;
6517
6518 /* revert */
6519 tp.PrivilegeCount = 1;
6520 tp.Privileges[0].Luid = luid;
6521 tp.Privileges[0].Attributes = 0;
6524
6526}
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
Definition: misc.c:732
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:374
Definition: setypes.h:1034
Referenced by START_TEST().
◆ test_allocateLuid()
Definition at line 588 of file security.c.
589{
591 LUID luid1, luid2;
593
595 if (!pAllocateLocallyUniqueId) return;
596
597 ret = pAllocateLocallyUniqueId(&luid1);
599 return;
600
603 ret = pAllocateLocallyUniqueId(&luid2);
607 "AllocateLocallyUniqueId returned a well-known LUID\n");
609 "AllocateLocallyUniqueId returned non-unique LUIDs\n");
612 "AllocateLocallyUniqueId(NULL) didn't return ERROR_NOACCESS: %ld\n",
613 GetLastError());
614}
Referenced by START_TEST().
◆ test_BuildSecurityDescriptorW()
Definition at line 7724 of file security.c.
7725{
7726 SECURITY_DESCRIPTOR old_sd, *new_sd, *rel_sd;
7727 ULONG new_sd_size;
7728 DWORD buf_size;
7732
7734
7739
7740 new_sd = NULL;
7741 new_sd_size = 0;
7742 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, NULL, &new_sd_size, (void **)&new_sd);
7745 LocalFree(new_sd);
7746
7747 new_sd = (void *)0xdeadbeef;
7748 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, &old_sd, &new_sd_size, (void **)&new_sd);
7749 ok(ret == ERROR_INVALID_SECURITY_DESCR, "expected ERROR_INVALID_SECURITY_DESCR, got %lu\n", ret);
7751
7752 new_sd = NULL;
7753 new_sd_size = 0;
7754 ret = BuildSecurityDescriptorW(NULL, NULL, 0, NULL, 0, NULL, rel_sd, &new_sd_size, (void **)&new_sd);
7757 LocalFree(new_sd);
7758}
DWORD WINAPI BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL, IN PTRUSTEE_W pGroup OPTIONAL, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL, IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR *pNewSD)
Definition: sec.c:436
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
Referenced by START_TEST().
◆ test_CheckTokenMembership()
Definition at line 5018 of file security.c.
5019{
5020 PTOKEN_GROUPS token_groups;
5023 BOOL is_member;
5026
5029
5032
5033 /* groups */
5036 "GetTokenInformation(TokenGroups) %s with error %ld\n",
5041
5043 {
5045 break;
5046 }
5047
5049 {
5050 free(token_groups);
5053 return;
5054 }
5055
5056 is_member = FALSE;
5060
5061 is_member = FALSE;
5065
5066 is_member = TRUE;
5067 SetLastError(0xdeadbeef);
5070 "CheckTokenMembership with process token %s with error %ld\n",
5073
5074 free(token_groups);
5076 CloseHandle(process_token);
5077}
BOOL WINAPI CheckTokenMembership(IN HANDLE ExistingTokenHandle, IN PSID SidToCheck, OUT PBOOL IsMember)
Definition: token.c:21
Definition: setypes.h:1025
Referenced by START_TEST().
◆ test_child_token_sd()
Definition at line 7488 of file security.c.
7489{
7491 {SECURITY_MANDATORY_LOW_RID}};
7492 SYSTEM_MANDATORY_LABEL_ACE *ace_label;
7494 ACCESS_ALLOWED_ACE *acc_ace;
7498 PSID psid;
7499 ACL *acl;
7500
7503
7506
7510
7514
7515 acl = NULL;
7516 present = FALSE;
7517 defaulted = TRUE;
7523
7526 {
7530 "ACE inherited from the parent\n");
7531 }
7532
7533 LocalFree(psid);
7535
7536 if (!pAddMandatoryAce)
7537 {
7539 return;
7540 }
7541
7545
7549
7550 acl = NULL;
7551 present = FALSE;
7552 defaulted = TRUE;
7564 "Low integrity level should not have been inherited\n");
7565
7567}
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
Definition: security.c:3560
Referenced by START_TEST().
◆ test_ConvertSecurityDescriptorToString()
Definition at line 4369 of file security.c.
4370{
4372 SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
4375 PSID psid, psid2;
4376 PACL pacl;
4377 char sid_buf[256];
4378 char acl_buf[8192];
4380
4381/* It seems Windows XP adds an extra character to the length of the string for each ACE in an ACL. We
4382 * don't replicate this feature so we only test len >= strlen+1. */
4383#define CHECK_RESULT_AND_FREE(exp_str) \
4384 ok(strcmp(string, (exp_str)) == 0, "String mismatch (expected \"%s\", got \"%s\")\n", (exp_str), string); \
4385 ok(len >= (strlen(exp_str) + 1), "Length mismatch (expected %d, got %ld)\n", lstrlenA(exp_str) + 1, len); \
4386 LocalFree(string);
4387
4388#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2) \
4389 ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
4390 ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %ld)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
4391 LocalFree(string);
4392
4394 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4396
4397 size = 4096;
4400 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4402
4404 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4406
4410 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4412
4415 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4417
4418 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, GROUP_SECURITY_INFORMATION, &string, &len), "Conversion failed\n");
4420
4421 pacl = (PACL)acl_buf;
4424 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4426
4428 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4430
4433 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4435
4437 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4438 CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)");
4439
4440 AddAccessDeniedAceEx(pacl, ACL_REVISION, OBJECT_INHERIT_ACE|CONTAINER_INHERIT_ACE, 0xffffffff, psid);
4441 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4442 CHECK_RESULT_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
4443
4444
4445 pacl = (PACL)acl_buf;
4448 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4450
4451 /* fails in win2k */
4453 AddAuditAccessAceEx(pacl, ACL_REVISION, VALID_INHERIT_FLAGS, KEY_READ|KEY_WRITE, psid2, TRUE, TRUE);
4454 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4455 CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)", /* XP */
4456 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)" /* Vista */);
4457
4458 /* fails in win2k */
4459 AddAuditAccessAceEx(pacl, ACL_REVISION, NO_PROPAGATE_INHERIT_ACE, FILE_GENERIC_READ|FILE_GENERIC_WRITE, psid2, TRUE, FALSE);
4460 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(&desc, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4461 CHECK_ONE_OF_AND_FREE("O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", /* XP */
4462 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)" /* Vista */);
4463
4464 LocalFree(psid2);
4465 LocalFree(psid);
4466}
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
Definition: security.c:3499
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
Definition: security.c:1114
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
Definition: security.c:1979
#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2)
#define CHECK_RESULT_AND_FREE(exp_str)
Referenced by START_TEST().
◆ test_ConvertStringSecurityDescriptor()
Definition at line 4206 of file security.c.
4207{
4209 PSECURITY_DESCRIPTOR pSD;
4213 ACL *acl;
4214 static const struct
4215 {
4216 const char *sidstring;
4220 DWORD altGLE;
4221 DWORD ace_Mask;
4222 } cssd[] =
4223 {
4225 /* test ACE string type */
4229 /* test ACE string with spaces */
4233 { "D:(D ;;GA;;;WD)", SDDL_REVISION_1, FALSE, RPC_S_INVALID_STRING_UUID, ERROR_INVALID_ACL }, /* Vista+ */
4241 /* test ACE string access rights */
4246 { "D:(A;;GRGWGX;;;WD)", SDDL_REVISION_1, TRUE, 0, 0, GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE },
4247 { "D:(A;;RCSDWDWO;;;WD)", SDDL_REVISION_1, TRUE, 0, 0, READ_CONTROL | DELETE | WRITE_DAC | WRITE_OWNER },
4257 /* test ACE string access right error case */
4259 /* test behaviour with empty strings */
4261 /* test ACE string SID */
4264 { "D:(D;;GA;;;Nonexistent account)", SDDL_REVISION_1, FALSE, ERROR_INVALID_ACL, ERROR_INVALID_SID }, /* W2K */
4265 };
4266
4268 {
4270
4271 SetLastError(0xdeadbeef);
4275 ok(ret == cssd[i].ret, "(%02u) Expected %s (%ld)\n", i, cssd[i].ret ? "success" : "failure", GLE);
4281 {
4283 {
4284 ACCESS_ALLOWED_ACE *ace;
4285
4288
4289 ace = (ACCESS_ALLOWED_ACE *)(acl + 1);
4292 }
4293 LocalFree(pSD);
4294 }
4295 }
4296
4297 /* test behaviour with NULL parameters */
4298 SetLastError(0xdeadbeef);
4301 todo_wine
4303 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4304 GetLastError());
4305
4306 SetLastError(0xdeadbeef);
4310 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4311 GetLastError());
4312
4313 SetLastError(0xdeadbeef);
4317 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4318 GetLastError());
4319
4320 SetLastError(0xdeadbeef);
4324 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4325 GetLastError());
4326
4327 /* test behaviour with empty strings */
4328 SetLastError(0xdeadbeef);
4331 ok(ret, "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %ld\n", GetLastError());
4332 LocalFree(pSD);
4333
4334 SetLastError(0xdeadbeef);
4336 "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)", SDDL_REVISION_1, &pSD, NULL);
4338 "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %lu\n", GetLastError());
4340
4341 /* empty DACL */
4342 size = 0;
4343 SetLastError(0xdeadbeef);
4344 ret = ConvertStringSecurityDescriptorToSecurityDescriptorA("D:", SDDL_REVISION_1, &pSD, &size);
4353 LocalFree(pSD);
4354
4355 /* empty SACL */
4356 size = 0;
4357 SetLastError(0xdeadbeef);
4358 ret = ConvertStringSecurityDescriptorToSecurityDescriptorA("S:", SDDL_REVISION_1, &pSD, &size);
4366 LocalFree(pSD);
4367}
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3032
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
Definition: security.c:3062
Definition: setypes.h:848
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
Referenced by START_TEST().
◆ test_ConvertStringSidToSid()
Definition at line 218 of file security.c.
219{
221 { { {0x00,0x00,0x33,0x44,0x55,0x66} }, "S-1-860116326-1" },
222 { { {0x00,0x00,0x01,0x02,0x03,0x04} }, "S-1-16909060-1" },
223 { { {0x00,0x00,0x00,0x01,0x02,0x03} }, "S-1-66051-1" },
224 { { {0x00,0x00,0x00,0x00,0x01,0x02} }, "S-1-258-1" },
225 { { {0x00,0x00,0x00,0x00,0x00,0x02} }, "S-1-2-1" },
226 { { {0x00,0x00,0x00,0x00,0x00,0x0c} }, "S-1-12-1" },
227 };
228 static const struct
229 {
233 }
234 str_to_sid_tests[] =
235 {
236 { "WD", "S-1-1-0" },
237 { "wD", "S-1-1-0" },
238 { "CO", "S-1-3-0" },
239 { "CG", "S-1-3-1" },
240 { "OW", "S-1-3-4", 1 }, /* Vista+ */
241 { "NU", "S-1-5-2" },
242 { "IU", "S-1-5-4" },
243 { "SU", "S-1-5-6" },
244 { "AN", "S-1-5-7" },
245 { "ED", "S-1-5-9" },
246 { "PS", "S-1-5-10" },
247 { "AU", "S-1-5-11" },
248 { "RC", "S-1-5-12" },
249 { "SY", "S-1-5-18" },
250 { "LS", "S-1-5-19" },
251 { "NS", "S-1-5-20" },
252 { "LA", "S-1-5-21-*-*-*-500" },
253 { "LG", "S-1-5-21-*-*-*-501" },
254 { "BO", "S-1-5-32-551" },
255 { "BA", "S-1-5-32-544" },
256 { "BU", "S-1-5-32-545" },
257 { "BG", "S-1-5-32-546" },
258 { "PU", "S-1-5-32-547" },
259 { "AO", "S-1-5-32-548" },
260 { "SO", "S-1-5-32-549" },
261 { "PO", "S-1-5-32-550" },
262 { "RE", "S-1-5-32-552" },
263 { "RU", "S-1-5-32-554" },
264 { "RD", "S-1-5-32-555" },
265 { "NO", "S-1-5-32-556" },
266 { "AC", "S-1-15-2-1", 1 }, /* Win8+ */
267 { "CA", "", 1 },
268 { "DA", "", 1 },
269 { "DC", "", 1 },
270 { "DD", "", 1 },
271 { "DG", "", 1 },
272 { "DU", "", 1 },
273 { "EA", "", 1 },
274 { "PA", "", 1 },
275 { "RS", "", 1 },
276 { "SA", "", 1 },
277#ifdef __REACTOS__
278 { "s-1-12-1", "S-1-12-1", 1 }, /* Crashes on ReactOS if not optional. ROSTESTS-418 */
279 { "S-0x1-0XC-0x1a", "S-1-12-26", 1 }, /* Crashes on ReactOS if not optional. ROSTESTS-418 */
280#else
281 { "s-1-12-1", "S-1-12-1" },
282 { "S-0x1-0XC-0x1a", "S-1-12-26" },
283#endif
284 };
285
286 const char noSubAuthStr[] = "S-1-5";
289 SID *pisid;
292
296 return;
298 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
299 GetLastError() );
300
303 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
304 GetLastError() );
305
308 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
309 GetLastError() );
310
313 "expected failure with no sub authorities\n" );
315 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
316 GetLastError() );
317
320 "expected failure with too many characters\n" );
322 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
323 GetLastError() );
324
327 "expected failure with too many characters\n" );
329 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
330 GetLastError() );
331
332 ok(ConvertStringSidToSidA("S-1-5-21-93476-23408-4576", &psid), "ConvertStringSidToSidA failed\n");
333 pisid = psid;
334 ok(pisid->SubAuthorityCount == 4, "Invalid sub authority count - expected 4, got %d\n", pisid->SubAuthorityCount);
335 ok(pisid->SubAuthority[0] == 21, "Invalid subauthority 0 - expected 21, got %ld\n", pisid->SubAuthority[0]);
336 ok(pisid->SubAuthority[3] == 4576, "Invalid subauthority 0 - expected 4576, got %ld\n", pisid->SubAuthority[3]);
338 LocalFree(psid);
339
341 {
343 &psid );
348 {
352 }
353 if( psid )
354 FreeSid( psid );
355
358 pisid = psid;
359 ok( pisid &&
362 "string sid %s didn't parse to expected value\n"
363 "(got 0x%04x%08lx, expected 0x%04x%08lx)\n",
364 refs[i].refStr,
374 if( psid )
375 LocalFree( psid );
376 }
377
379 {
381
384 {
386 continue;
387 }
389
392 {
393 LocalFree(psid);
394 continue;
395 }
396
400 LocalFree(psid);
402 }
403}
Definition: security.c:127
Referenced by START_TEST().
◆ test_create_process_token()
Definition at line 8022 of file security.c.
8023{
8028 SID_AND_ATTRIBUTES sid_attr;
8035
8049
8051
8052#ifdef __REACTOS__
8053 /* This block creates test failures on WS03 */
8055#endif
8059#ifdef __REACTOS__
8060 }
8061#endif
8062
8063 ret = CreateProcessAsUserA(GetCurrentProcessToken(), NULL, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
8067
8071 ok(ret || broken(GetLastError() == ERROR_ACCESS_DENIED) /* < 7 */, "got error %lu\n", GetLastError());
8074
8081
8088
8089 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY | TOKEN_DUPLICATE, &token);
8091
8096 ok(ret || broken(GetLastError() == ERROR_BAD_TOKEN_TYPE) /* < 7 */, "got error %lu\n", GetLastError());
8098 CloseHandle(token2);
8099
8102 sid_attr.Attributes = 0;
8108 CloseHandle(token2);
8109
8111
8113}
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessAsUserA(_In_opt_ HANDLE hToken, _In_opt_ LPCSTR lpApplicationName, _Inout_opt_ LPSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCSTR lpCurrentDirectory, _In_ LPSTARTUPINFOA lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
Definition: logon.c:939
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
Definition: security.c:533
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3859
Definition: processthreadsapi.h:65
Definition: setypes.h:502
Definition: processthreadsapi.h:15
Referenced by START_TEST().
◆ test_create_process_token_child()
Definition at line 8115 of file security.c.
Referenced by START_TEST().
◆ test_CreateDirectoryA()
Definition at line 3590 of file security.c.
3591{
3597 ACL_SIZE_INFORMATION acl_size;
3598 UNICODE_STRING tmpfileW;
3609 PACL pDacl;
3610
3612 {
3615 }
3616 if (!bret)
3617 {
3619 return;
3620 }
3629
3631 sa.lpSecurityDescriptor = pSD;
3635 pDacl = calloc(1, 100);
3639 GENERIC_ALL, user_sid);
3642 GENERIC_ALL, admin_sid);
3646
3651 free(pDacl);
3652
3653#ifdef __REACTOS__
3654 /* The rest of this test crashes on WS03, Vista, Win7, and Win8.1. */
3656 goto done;
3657#endif
3658 SetLastError(0xdeadbeef);
3663 {
3665 goto done;
3666 }
3670 LocalFree(pSD);
3671
3672 /* Test inheritance of ACLs in CreateFile without security descriptor */
3675
3679
3686 LocalFree(pSD);
3687 CloseHandle(hTemp);
3688
3689 /* Test inheritance of ACLs in CreateFile with security descriptor -
3690 * When a security descriptor is set, then inheritance doesn't take effect */
3691 pSD = &sd;
3698
3701
3703 sa.lpSecurityDescriptor = pSD;
3708 free(pDacl);
3709
3710 error = GetSecurityInfo(hTemp, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
3715 todo_wine
3717 acl_size.AceCount);
3718 LocalFree(pSD);
3719
3723 todo_wine
3726 {
3729 todo_wine
3731 acl_size.AceCount);
3732 LocalFree(pSD);
3733 }
3734 CloseHandle(hTemp);
3735
3736 /* Test inheritance of ACLs in NtCreateFile without security descriptor */
3740
3742 attr.RootDirectory = 0;
3743 attr.ObjectName = &tmpfileW;
3747
3751 RtlFreeUnicodeString(&tmpfileW);
3752
3759 LocalFree(pSD);
3760 CloseHandle(hTemp);
3761
3762 /* Test inheritance of ACLs in NtCreateFile with security descriptor -
3763 * When a security descriptor is set, then inheritance doesn't take effect */
3764 pSD = &sd;
3771
3775
3777 attr.RootDirectory = 0;
3778 attr.ObjectName = &tmpfileW;
3780 attr.SecurityDescriptor = pSD;
3782
3786 RtlFreeUnicodeString(&tmpfileW);
3787 free(pDacl);
3788
3789 error = GetSecurityInfo(hTemp, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
3794 todo_wine
3796 acl_size.AceCount);
3797 LocalFree(pSD);
3798
3802 todo_wine
3805 {
3808 todo_wine
3810 acl_size.AceCount);
3811 LocalFree(pSD);
3812 }
3813 CloseHandle(hTemp);
3814
3815done:
3819}
DWORD WINAPI GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: misc.c:1244
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
Definition: security.c:4102
BOOL WINAPI CreateDirectoryA(IN LPCSTR lpPathName, IN LPSECURITY_ATTRIBUTES lpSecurityAttributes)
Definition: dir.c:37
DWORD WINAPI GetTempPathA(IN DWORD nBufferLength, OUT LPSTR lpBuffer)
Definition: path.c:1973
BOOL WINAPI OpenThreadToken(HANDLE thread, DWORD access, BOOL self, HANDLE *handle)
Definition: security.c:836
static void test_inherited_dacl(PACL dacl, PSID admin_sid, PSID user_sid, DWORD flags, DWORD mask, BOOL todo_count, BOOL todo_sid, BOOL todo_flags, int line)
Definition: security.c:3537
static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
Definition: security.c:3519
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
Definition: env_spec_w32.h:870
Definition: umtypes.h:184
Definition: cookie.c:202
Referenced by START_TEST().
◆ test_CreateRestrictedToken()
Definition at line 5289 of file security.c.
5290{
5292 PTOKEN_GROUPS token_groups, groups2;
5293 LUID_AND_ATTRIBUTES lattr;
5294 SID_AND_ATTRIBUTES sattr;
5297 char privs_buffer[1000];
5299 PRIVILEGE_SET priv_set;
5301 BOOL is_member;
5303 LUID luid = { 0, 0 };
5306
5309
5313
5320
5322 {
5324 {
5326 break;
5327 }
5328 }
5330
5331 is_member = FALSE;
5335
5336 sattr.Sid = removed_sid;
5337 sattr.Attributes = 0;
5338 r_token = NULL;
5341
5342 is_member = TRUE;
5346
5353
5355 {
5357 {
5361 break;
5362 }
5363 }
5364
5365 free(groups2);
5366
5371
5376
5377 CloseHandle(r_token);
5378
5379 r_token = NULL;
5382
5387
5388 CloseHandle(r_token);
5389
5392
5394 {
5396 {
5398 break;
5399 }
5400 }
5402
5403 lattr.Luid = luid;
5404 lattr.Attributes = 0;
5405 r_token = NULL;
5408
5409 priv_set.PrivilegeCount = 1;
5410 priv_set.Control = 0;
5416
5419
5420 is_member = FALSE;
5422 {
5424 is_member = TRUE;
5425 }
5427
5428 CloseHandle(r_token);
5429
5430 removed_sid->SubAuthority[0] = 0xdeadbeef;
5432 r_token = NULL;
5435 CloseHandle(r_token);
5436
5437 free(token_groups);
5439 CloseHandle(process_token);
5440}
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:2066
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
Definition: sefuncs.h:411
Definition: setypes.h:73
Referenced by START_TEST().
◆ test_CreateWellKnownSid()
Definition at line 2107 of file security.c.
2108{
2114
2115 size = 0;
2116 SetLastError(0xdeadbeef);
2120 ok(error == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %lu\n", error);
2122
2123 SetLastError(0xdeadbeef);
2128
2133
2134 /* a domain sid usually have three subauthorities but we test that CreateWellKnownSid doesn't check it */
2135 AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2136
2138 {
2143
2145 continue;
2146
2147 /* some SIDs aren't implemented by all Windows versions - detect it */
2150 {
2152 continue;
2153 }
2154
2156 ok(CreateWellKnownSid(i, value->without_domain ? NULL : domainsid, sid_buffer, &cb), "Couldn't create well known sid %u\n", i);
2163
2165 {
2168 ok(CreateWellKnownSid(i, domainsid, buf2, &cb), "Couldn't create well known sid %u with optional domain\n", i);
2170 ok(memcmp(buf2, sid_buffer, cb) == 0, "SID create with domain is different than without (%u)\n", i);
2171 }
2172 }
2173
2174 FreeSid(domainsid);
2175}
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
Definition: security.c:852
static const struct well_known_sid_value well_known_sid_values[]
Definition: security.c:2068
Definition: pdh_main.c:96
Referenced by START_TEST().
◆ test_default_dacl_owner_group_sid()
Definition at line 6394 of file security.c.
6395{
6396 TOKEN_USER *token_user;
6397 TOKEN_OWNER *token_owner;
6398 TOKEN_PRIMARY_GROUP *token_primary_group;
6406 ACCESS_ALLOWED_ACE *ace;
6407
6410
6414
6416
6420
6426
6427 size = 0;
6428 ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, NULL, 0, &size );
6430
6432 ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, size, &size );
6434
6435 owner = (void *)0xdeadbeef;
6436 defaulted = TRUE;
6442
6444 defaulted = TRUE;
6449 ok( EqualSid( group, token_primary_group->PrimaryGroup ), "group shall equal token primary group\n" );
6450
6452 present = FALSE;
6453 defaulted = TRUE;
6459
6460 index = 0;
6461 found = FALSE;
6463 {
6465 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
6467 }
6469
6471 {
6472 index = 0;
6473 found = FALSE;
6475 {
6477 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
6479 }
6481 }
6482
6486
6487 free( token_primary_group );
6488 free( token_owner );
6489 free( token_user );
6490}
struct _SECURITY_ATTRIBUTES SECURITY_ATTRIBUTES
static TOKEN_USER * get_alloc_token_user(HANDLE token)
Definition: security.c:1727
static TOKEN_OWNER * get_alloc_token_owner(HANDLE token)
Definition: security.c:1745
static TOKEN_PRIMARY_GROUP * get_alloc_token_primary_group(HANDLE token)
Definition: security.c:1763
Referenced by START_TEST().
◆ test_default_handle_security()
|
static |
Definition at line 5482 of file security.c.
5483{
5486 PRIVILEGE_SET priv_set;
5488
5491
5492 priv_set_len = sizeof(priv_set);
5493 granted = 0xdeadbeef;
5494 status = 0xdeadbeef;
5495 SetLastError(0xdeadbeef);
5496 ret = AccessCheck(sd, token, MAXIMUM_ALLOWED, mapping, &priv_set, &priv_set_len, &granted, &status);
5497todo_wine {
5500 ok(granted == mapping->GenericAll, "expected all access %#lx, got %#lx\n", mapping->GenericAll, granted);
5501}
5502 priv_set_len = sizeof(priv_set);
5503 granted = 0xdeadbeef;
5504 status = 0xdeadbeef;
5505 SetLastError(0xdeadbeef);
5507todo_wine {
5511}
5512 priv_set_len = sizeof(priv_set);
5513 granted = 0xdeadbeef;
5514 status = 0xdeadbeef;
5515 SetLastError(0xdeadbeef);
5516 ret = AccessCheck(sd, token, ACCESS_SYSTEM_SECURITY, mapping, &priv_set, &priv_set_len, &granted, &status);
5517todo_wine {
5521}
5522 priv_set_len = sizeof(priv_set);
5523 granted = 0xdeadbeef;
5524 status = 0xdeadbeef;
5525 SetLastError(0xdeadbeef);
5526 ret = AccessCheck(sd, token, mapping->GenericRead, mapping, &priv_set, &priv_set_len, &granted, &status);
5527todo_wine {
5530 ok(granted == mapping->GenericRead, "expected read access %#lx, got %#lx\n", mapping->GenericRead, granted);
5531}
5532 priv_set_len = sizeof(priv_set);
5533 granted = 0xdeadbeef;
5534 status = 0xdeadbeef;
5535 SetLastError(0xdeadbeef);
5536 ret = AccessCheck(sd, token, mapping->GenericWrite, mapping, &priv_set, &priv_set_len, &granted, &status);
5537todo_wine {
5540 ok(granted == mapping->GenericWrite, "expected write access %#lx, got %#lx\n", mapping->GenericWrite, granted);
5541}
5542 priv_set_len = sizeof(priv_set);
5543 granted = 0xdeadbeef;
5544 status = 0xdeadbeef;
5545 SetLastError(0xdeadbeef);
5546 ret = AccessCheck(sd, token, mapping->GenericExecute, mapping, &priv_set, &priv_set_len, &granted, &status);
5547todo_wine {
5550 ok(granted == mapping->GenericExecute, "expected execute access %#lx, got %#lx\n", mapping->GenericExecute, granted);
5551}
5553}
static SECURITY_DESCRIPTOR * test_get_security_descriptor(HANDLE handle, int line)
Definition: security.c:146
static void validate_default_security_descriptor(SECURITY_DESCRIPTOR *sd)
Definition: security.c:5442
Referenced by test_event_security(), test_mutex_security(), test_named_pipe_security(), and test_semaphore_security().
◆ test_duplicate_handle_access()
Definition at line 7844 of file security.c.
7845{
7852 SID_AND_ATTRIBUTES sid_attr;
7858
7859 /* DuplicateHandle() validates access against the calling thread's token and
7860 * the target process's token. It does *not* validate access against the
7861 * calling process's token, even if the calling thread is not impersonating.
7862 */
7863
7864 ret = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY, &token);
7866
7873
7884
7885 sid_attr.Sid = local_sid;
7886 sid_attr.Attributes = 0;
7892
7897
7900 CloseHandle(event2);
7901
7904 CloseHandle(event2);
7905
7906 ret = DuplicateHandle(GetCurrentProcess(), all_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7908 CloseHandle(event2);
7909
7910 ret = DuplicateHandle(GetCurrentProcess(), sync_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7912 CloseHandle(event2);
7913
7916
7920
7923 CloseHandle(event2);
7924
7925 SetLastError(0xdeadbeef);
7929
7930 ret = DuplicateHandle(GetCurrentProcess(), all_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7932 CloseHandle(event2);
7933
7934 SetLastError(0xdeadbeef);
7935 ret = DuplicateHandle(GetCurrentProcess(), sync_event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7938
7941
7944 ret = CreateProcessAsUserA(restricted, NULL, cmdline, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);
7946
7947 ret = DuplicateHandle(GetCurrentProcess(), all_event, pi.hProcess, &event2, EVENT_MODIFY_STATE, FALSE, 0);
7949
7950 SetLastError(0xdeadbeef);
7951 ret = DuplicateHandle(GetCurrentProcess(), sync_event, pi.hProcess, &event2, EVENT_MODIFY_STATE, FALSE, 0);
7954
7957
7958 CloseHandle(impersonation);
7959 CloseHandle(restricted);
7961 CloseHandle(sync_event);
7962 CloseHandle(all_event);
7963}
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
Definition: thread.c:137
static DWORD WINAPI duplicate_handle_access_thread(void *arg)
Definition: security.c:7823
Referenced by START_TEST().
◆ test_duplicate_handle_access_child()
Definition at line 7965 of file security.c.
7966{
7969
7973
7976 CloseHandle(event2);
7977
7978 SetLastError(0xdeadbeef);
7982
7985
7986 SetLastError(0xdeadbeef);
7987 ret = DuplicateHandle(process, event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
7990
7996
7997 SetLastError(0xdeadbeef);
8001
8002 SetLastError(0xdeadbeef);
8003 ret = DuplicateHandle(process, event, GetCurrentProcess(), &event2, EVENT_MODIFY_STATE, FALSE, 0);
8006
8011}
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
Definition: proc.c:1224
#define PROCESS_DUP_HANDLE
Definition: dbghelp_private.h:428
#define DUPLICATE_SAME_ACCESS
Referenced by START_TEST().
◆ test_duplicate_token()
Definition at line 8207 of file security.c.
8208{
8209 const DWORD orig_access = TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_PRIVILEGES;
8210 char prev_privs_buffer[128], ret_privs_buffer[1024];
8214 TOKEN_PRIVILEGES privs;
8221
8224
8225 /* Disable a privilege, to see if that privilege modification is preserved
8226 * in the duplicated tokens. */
8227 privs.PrivilegeCount = 1;
8231 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8233
8240 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8244 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8245 CloseHandle(token2);
8246
8249 TEST_GRANTED_ACCESS(token2, orig_access);
8253 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8257 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8258 CloseHandle(token2);
8259
8260 ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, NULL, SecurityAnonymous, TokenPrimary, &token2);
8263 CloseHandle(token2);
8264
8265 ret = DuplicateTokenEx(token, TOKEN_QUERY_SOURCE, NULL, SecurityAnonymous, TokenPrimary, &token2);
8268 CloseHandle(token2);
8269
8272 TEST_GRANTED_ACCESS(token2, orig_access);
8276 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8280 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8281 CloseHandle(token2);
8282
8285 TEST_GRANTED_ACCESS(token2, orig_access);
8289 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8293 todo_wine ok(priv->Attributes == SE_GROUP_MANDATORY, "Got attributes %#lx\n", priv->Attributes);
8294 CloseHandle(token2);
8295
8298 TEST_GRANTED_ACCESS(token2, orig_access);
8299 ret = GetTokenInformation(token2, TokenPrivileges, ret_privs, sizeof(ret_privs_buffer), &size);
8303 CloseHandle(token2);
8304
8308 attr.SecurityQualityOfService = &qos;
8311 TEST_GRANTED_ACCESS(token2, orig_access);
8315 CloseHandle(token2);
8316
8318 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8320
8322}
static const LUID_AND_ATTRIBUTES * find_privilege(const TOKEN_PRIVILEGES *privs, const LUID *luid)
Definition: security.c:8194
Definition: lsa.idl:63
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1871
Referenced by START_TEST().
◆ test_elevation()
Definition at line 8427 of file security.c.
8428{
8429 TOKEN_LINKED_TOKEN linked, linked2;
8431 TOKEN_ELEVATION elevation;
8434
8435#ifdef __REACTOS__
8438 return;
8439 }
8440#endif
8444
8447 orig_type = type;
8452 {
8455 return;
8456 }
8458
8460 {
8463 }
8465 {
8468
8473 ret = GetTokenInformation(linked.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8479 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8482
8483 /* Asking for the linked token again gives us a different token. */
8486
8487 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8490 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8493
8495
8497
8498 /* Asking for the linked token's linked token gives us a new limited token. */
8499 ret = GetTokenInformation(linked.LinkedToken, TokenLinkedToken, &linked2, sizeof(linked2), &size);
8501
8502 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8505 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8508
8510
8512
8514
8519
8524 }
8525 else
8526 {
8529
8534 ret = GetTokenInformation(linked.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8540 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8543
8544 /* Asking for the linked token again gives us a different token. */
8547
8548 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8551 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8554
8556
8558
8559 /* Asking for the linked token's linked token gives us a new elevated token. */
8560 ret = GetTokenInformation(linked.LinkedToken, TokenLinkedToken, &linked2, sizeof(linked2), &size);
8562
8563 ret = GetTokenInformation(linked2.LinkedToken, TokenElevationType, &type, sizeof(type), &size);
8566 ret = GetTokenInformation(linked2.LinkedToken, TokenElevation, &elevation, sizeof(elevation), &size);
8569
8571
8573
8575
8580
8585 }
8586
8587 ret = DuplicateTokenEx(token, TOKEN_ALL_ACCESS, NULL, SecurityAnonymous, TokenPrimary, &token2);
8594 ok(elevation.TokenIsElevated == (type == TokenElevationTypeFull), "got elevation %#lx\n", elevation.TokenIsElevated);
8598 {
8603 ret = GetTokenInformation(linked.LinkedToken, TokenImpersonationLevel, &type, sizeof(type), &size);
8607 }
8608 else
8610 CloseHandle(token2);
8611
8619 ok(elevation.TokenIsElevated == (type == TokenElevationTypeFull), "got elevation %#lx\n", elevation.TokenIsElevated);
8624 else
8627 CloseHandle(token2);
8628
8630 {
8631 char prev_privs_buffer[128], acl_buffer[256], prev_acl_buffer[256];
8635 TOKEN_DEFAULT_DACL default_acl;
8636 PRIVILEGE_SET priv_set;
8639 ACL acl;
8640
8641 /* Linked tokens do not preserve privilege modifications. */
8642
8643 privs.PrivilegeCount = 1;
8647 ret = AdjustTokenPrivileges(token, FALSE, &privs, sizeof(prev_privs_buffer), prev_privs, &size);
8649
8650 priv_set.PrivilegeCount = 1;
8651 priv_set.Control = 0;
8656
8659
8663
8665
8668
8669 /* Linked tokens do not preserve default DACL modifications. */
8670
8674
8676 default_acl.DefaultDacl = &acl;
8679
8683
8686
8687 ret = GetTokenInformation(linked.LinkedToken, TokenDefaultDacl, ret_acl, sizeof(acl_buffer), &size);
8690
8692
8695 }
8696
8698}
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
Definition: security.c:437
static void check_different_token(HANDLE token1, HANDLE token2)
Definition: security.c:8413
Definition: setypes.h:1047
Definition: setypes.h:1068
Definition: setypes.h:1064
Referenced by START_TEST().
◆ test_EqualDomainSid()
Definition at line 7760 of file security.c.
7761{
7768
7769 ret = AllocateAndInitializeSid(&ident, 6, SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
7771
7772 SetLastError(0xdeadbeef);
7776
7777 SetLastError(0xdeadbeef);
7781
7783 {
7785
7788 {
7790 continue;
7791 }
7792
7793 equal = 0xdeadbeef;
7794 SetLastError(0xdeadbeef);
7797 {
7801 continue;
7802 }
7803
7807
7809 ret = CreateWellKnownSid(i, well_known_sid_values[i].without_domain ? NULL : domainsid, sid2, &size);
7811
7812 equal = 0xdeadbeef;
7813 SetLastError(0xdeadbeef);
7818 }
7819
7820 FreeSid(domainsid);
7821}
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
Definition: security.c:4184
Referenced by START_TEST().
◆ test_EqualSid()
Definition at line 5079 of file security.c.
5080{
5081 PSID sid1, sid2;
5085
5086 SetLastError(0xdeadbeef);
5088 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &sid1);
5090 {
5092 return;
5093 }
5096 "AllocateAndInitializeSid shouldn't have set last error to %ld\n",
5097 GetLastError());
5098
5100 0, 0, 0, 0, 0, 0, 0, &sid2);
5102
5103 SetLastError(0xdeadbeef);
5107 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5108 GetLastError());
5109
5110 SetLastError(0xdeadbeef);
5111 sid2 = FreeSid(sid2);
5114 "FreeSid shouldn't have set last error to %ld\n",
5115 GetLastError());
5116
5118 DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &sid2);
5120
5121#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
5122 SetLastError(0xdeadbeef);
5127 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5128 GetLastError());
5129#endif
5130
5131 ((SID *)sid2)->Revision = 2;
5132 SetLastError(0xdeadbeef);
5136 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5137 GetLastError());
5139
5140 FreeSid(sid1);
5141 FreeSid(sid2);
5142}
Referenced by START_TEST().
◆ test_event_security()
Definition at line 5623 of file security.c.
5624{
5631 static const struct
5632 {
5633 int generic, mapped;
5634 } map[] =
5635 {
5636 { 0, 0 },
5641 };
5642
5643 SetLastError(0xdeadbeef);
5647
5648 SetLastError(0xdeadbeef);
5651
5654
5656 {
5657 SetLastError( 0xdeadbeef );
5661
5664
5666
5667 SetLastError(0xdeadbeef);
5669 todo_wine
5671 todo_wine
5673 }
5674
5676
5678}
static void test_default_handle_security(HANDLE token, HANDLE handle, GENERIC_MAPPING *mapping)
Definition: security.c:5482
Referenced by test_kernel_objects_security().
◆ test_file_security()
Definition at line 5836 of file security.c.
5837{
5840 static const struct
5841 {
5842 int generic, mapped;
5843 } map[] =
5844 {
5845 { 0, 0 },
5850 };
5854
5857
5858 /* file */
5859 SetLastError(0xdeadbeef);
5862
5865
5867 {
5868 SetLastError( 0xdeadbeef );
5872
5875
5877 }
5878
5880
5881 SetLastError(0xdeadbeef);
5884
5886 ok(access == (FILE_READ_ATTRIBUTES | SYNCHRONIZE), "expected FILE_READ_ATTRIBUTES | SYNCHRONIZE, got %#lx\n", access);
5887
5888 bytes = 0xdeadbeef;
5889 SetLastError(0xdeadbeef);
5892 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
5894
5896
5897 SetLastError(0xdeadbeef);
5900
5902 ok(access == (FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES), "expected FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES, got %#lx\n", access);
5903
5904 bytes = 0xdeadbeef;
5905 SetLastError(0xdeadbeef);
5908 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
5910
5913
5914 /* directory */
5915 SetLastError(0xdeadbeef);
5916 file = CreateFileA(temp_path, GENERIC_ALL, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
5918
5921
5923 {
5924 SetLastError( 0xdeadbeef );
5928
5931
5933 }
5934
5936
5937 SetLastError(0xdeadbeef);
5940
5942 ok(access == (FILE_READ_ATTRIBUTES | SYNCHRONIZE), "expected FILE_READ_ATTRIBUTES | SYNCHRONIZE, got %#lx\n", access);
5943
5945
5946 SetLastError(0xdeadbeef);
5947 file = CreateFileA(temp_path, GENERIC_WRITE, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
5949
5951 ok(access == (FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES), "expected FILE_GENERIC_WRITE | FILE_READ_ATTRIBUTES, got %#lx\n", access);
5952
5954}
UINT WINAPI GetTempFileNameA(IN LPCSTR lpPathName, IN LPCSTR lpPrefixString, IN UINT uUnique, OUT LPSTR lpTempFileName)
Definition: filename.c:26
Referenced by test_kernel_objects_security().
◆ test_filemap_security()
Definition at line 5956 of file security.c.
5957{
5962 static const struct
5963 {
5964 int generic, mapped;
5965 BOOL open_only;
5966 } map[] =
5967 {
5968 { 0, 0 },
5978 };
5979 static const struct
5980 {
5981 int prot, mapped;
5982 } prot_map[] =
5983 {
5984 { 0, 0 },
5985 { PAGE_NOACCESS, 0 },
5987 { PAGE_READWRITE, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE },
5989 { PAGE_EXECUTE, 0 },
5990 { PAGE_EXECUTE_READ, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_EXECUTE },
5991 { PAGE_EXECUTE_READWRITE, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE },
5992 { PAGE_EXECUTE_WRITECOPY, STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_EXECUTE }
5993 };
5994
5997
5998 SetLastError(0xdeadbeef);
5999 file = CreateFileA(file_name, GENERIC_READ|GENERIC_WRITE|GENERIC_EXECUTE, 0, NULL, CREATE_ALWAYS, 0, 0);
6003
6005 {
6007
6008 SetLastError(0xdeadbeef);
6011 {
6013 }
6014 else
6015 {
6017 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
6018 continue;
6019 }
6020
6022 ok(access == prot_map[i].mapped, "%ld: expected %#x, got %#lx\n", i, prot_map[i].mapped, access);
6023
6025 }
6026
6027 SetLastError(0xdeadbeef);
6030
6032 ok(access == (STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE),
6033 "expected STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE, got %#lx\n", access);
6034
6036 {
6038
6039 SetLastError( 0xdeadbeef );
6043
6046
6048 }
6049
6053
6055 "Wine Test Open Mapping");
6057
6059 {
6061
6068 }
6069
6070 CloseHandle(created_mapping);
6071}
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
Definition: filemap.c:23
HANDLE NTAPI OpenFileMappingA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: filemap.c:284
Referenced by test_kernel_objects_security().
◆ test_FileSecurity()
Definition at line 763 of file security.c.
764{
769 DWORD sdSize, retSize, rc, granted, priv_set_len;
770 PRIVILEGE_SET priv_set;
776 | DACL_SECURITY_INFORMATION;
777
780 return;
781 }
782
783 /* Create a temporary directory and in it a temporary file */
785 SetLastError(0xdeadbeef);
789
791 SetLastError(0xdeadbeef);
795 CloseHandle (fh);
796
797 /* For the temporary file ... */
798
799 /* Get size needed */
800 retSize = 0;
801 SetLastError(0xdeadbeef);
806 }
812
813 sdSize = retSize;
815
816 /* Get security descriptor for real */
817 retSize = -1;
818 SetLastError(0xdeadbeef);
822 ok (retSize == sdSize,
823 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
824
825 /* Use it to set security descriptor */
826 SetLastError(0xdeadbeef);
830
832
833 /* Repeat for the temporary directory ... */
834
835 /* Get size needed */
836 retSize = 0;
837 SetLastError(0xdeadbeef);
844
845 sdSize = retSize;
847
848 /* Get security descriptor for real */
849 retSize = -1;
850 SetLastError(0xdeadbeef);
854 ok (retSize == sdSize,
855 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
856
857 /* Use it to set security descriptor */
858 SetLastError(0xdeadbeef);
863
864 /* Old test */
866 SetLastError(0xdeadbeef);
871
872cleanup:
873 /* Remove temporary file and directory */
876
877 /* Test file access permissions for a file with FILE_ATTRIBUTE_ARCHIVE */
878 SetLastError(0xdeadbeef);
881
882 SetLastError(0xdeadbeef);
885
889
890 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
891 NULL, 0, &sdSize);
896
898 retSize = 0xdeadbeef;
899 SetLastError(0xdeadbeef);
900 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
901 sd, sdSize, &retSize);
904
905 SetLastError(0xdeadbeef);
909
910 SetLastError(0xdeadbeef);
913
914 SetLastError(0xdeadbeef);
917
918 SetLastError(0xdeadbeef);
919 rc = RevertToSelf();
921
922 priv_set_len = sizeof(priv_set);
923 granted = 0xdeadbeef;
924 status = 0xdeadbeef;
925 SetLastError(0xdeadbeef);
926 rc = AccessCheck(sd, token, FILE_READ_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
930
931 granted = 0xdeadbeef;
932 status = 0xdeadbeef;
933 SetLastError(0xdeadbeef);
934 rc = AccessCheck(sd, token, FILE_WRITE_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
938
939 granted = 0xdeadbeef;
940 status = 0xdeadbeef;
941 SetLastError(0xdeadbeef);
942 rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
946
947 granted = 0xdeadbeef;
948 status = 0xdeadbeef;
949 SetLastError(0xdeadbeef);
954
955 granted = 0xdeadbeef;
956 status = 0xdeadbeef;
957 SetLastError(0xdeadbeef);
958 rc = AccessCheck(sd, token, FILE_DELETE_CHILD, &mapping, &priv_set, &priv_set_len, &granted, &status);
962
963 granted = 0xdeadbeef;
964 status = 0xdeadbeef;
965 SetLastError(0xdeadbeef);
970
971 granted = 0xdeadbeef;
972 status = 0xdeadbeef;
973 SetLastError(0xdeadbeef);
974 rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
978
979 SetLastError(0xdeadbeef);
982 ok(GetLastError() == ERROR_GENERIC_NOT_MAPPED, "expected ERROR_GENERIC_NOT_MAPPED, got %ld\n", GetLastError());
983
984 /* Test file access permissions for a file with FILE_ATTRIBUTE_READONLY */
985 SetLastError(0xdeadbeef);
986 fh = CreateFileA(file, FILE_READ_DATA, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, 0);
988 retSize = 0xdeadbeef;
989 SetLastError(0xdeadbeef);
992 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
994 CloseHandle(fh);
995
998 todo_wine
1000 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1001
1002 SetLastError(0xdeadbeef);
1005 SetLastError(0xdeadbeef);
1008
1009 SetLastError(0xdeadbeef);
1010 fh = CreateFileA(file, FILE_READ_DATA, FILE_SHARE_READ, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_READONLY, 0);
1012 retSize = 0xdeadbeef;
1013 SetLastError(0xdeadbeef);
1016 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
1018 CloseHandle(fh);
1019
1023 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1024
1025 retSize = 0xdeadbeef;
1026 SetLastError(0xdeadbeef);
1027 rc = GetFileSecurityA(file, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION,
1028 sd, sdSize, &retSize);
1031
1032 priv_set_len = sizeof(priv_set);
1033 granted = 0xdeadbeef;
1034 status = 0xdeadbeef;
1035 SetLastError(0xdeadbeef);
1036 rc = AccessCheck(sd, token, FILE_READ_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
1040
1041 granted = 0xdeadbeef;
1042 status = 0xdeadbeef;
1043 SetLastError(0xdeadbeef);
1044 rc = AccessCheck(sd, token, FILE_WRITE_DATA, &mapping, &priv_set, &priv_set_len, &granted, &status);
1046todo_wine {
1049}
1050 granted = 0xdeadbeef;
1051 status = 0xdeadbeef;
1052 SetLastError(0xdeadbeef);
1053 rc = AccessCheck(sd, token, FILE_EXECUTE, &mapping, &priv_set, &priv_set_len, &granted, &status);
1057
1058 granted = 0xdeadbeef;
1059 status = 0xdeadbeef;
1060 SetLastError(0xdeadbeef);
1065
1066 granted = 0xdeadbeef;
1067 status = 0xdeadbeef;
1068 SetLastError(0xdeadbeef);
1069 rc = AccessCheck(sd, token, WRITE_OWNER, &mapping, &priv_set, &priv_set_len, &granted, &status);
1073
1074 granted = 0xdeadbeef;
1075 status = 0xdeadbeef;
1076 SetLastError(0xdeadbeef);
1077 rc = AccessCheck(sd, token, SYNCHRONIZE, &mapping, &priv_set, &priv_set_len, &granted, &status);
1081
1082 granted = 0xdeadbeef;
1083 status = 0xdeadbeef;
1084 SetLastError(0xdeadbeef);
1085 rc = AccessCheck(sd, token, FILE_DELETE_CHILD, &mapping, &priv_set, &priv_set_len, &granted, &status);
1087todo_wine {
1090}
1091 granted = 0xdeadbeef;
1092 status = 0xdeadbeef;
1093 SetLastError(0xdeadbeef);
1096todo_wine {
1099}
1100 granted = 0xdeadbeef;
1101 status = 0xdeadbeef;
1102 SetLastError(0xdeadbeef);
1103 rc = AccessCheck(sd, token, FILE_ALL_ACCESS, &mapping, &priv_set, &priv_set_len, &granted, &status);
1105todo_wine {
1108}
1109 SetLastError(0xdeadbeef);
1112 ok(GetLastError() == ERROR_ACCESS_DENIED, "expected ERROR_ACCESS_DENIED, got %ld\n", GetLastError());
1113 SetLastError(0xdeadbeef);
1116 SetLastError(0xdeadbeef);
1119
1122}
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
Definition: security.c:1631
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: security.c:1479
BOOL WINAPI GetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
Definition: security.c:1373
BOOL WINAPI SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
Definition: fileinfo.c:760
BOOL WINAPI WriteFile(_In_ HANDLE hFile, _In_reads_bytes_opt_(nNumberOfBytesToWrite) LPCVOID lpBuffer, _In_ DWORD nNumberOfBytesToWrite, _Out_opt_ LPDWORD lpNumberOfBytesWritten, _Inout_opt_ LPOVERLAPPED lpOverlapped)
Definition: rw.c:25
#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
Definition: ntifs_ex.h:384
Definition: wbemprox_private.h:188
Definition: tftpd.h:86
Referenced by START_TEST().
◆ test_get_security_descriptor()
|
static |
Definition at line 146 of file security.c.
147{
148 /* use free(sd); when done */
151
152 needed = 0xdeadbeef;
153 SetLastError(0xdeadbeef);
154 ret = GetKernelObjectSecurity(handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
155 NULL, 0, &needed);
157 ok_(__FILE__, line)(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
158 ok_(__FILE__, line)(needed != 0xdeadbeef, "GetKernelObjectSecurity should return required buffer length\n");
159
160 length = needed;
162
163 needed = 0xdeadbeef;
164 SetLastError(0xdeadbeef);
165 ret = GetKernelObjectSecurity(handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
168 ok_(__FILE__, line)(needed == length || needed == 0 /* file, pipe */, "GetKernelObjectSecurity should return %lu instead of %lu\n", length, needed);
170}
Referenced by test_default_handle_security(), test_group_equal(), and test_owner_equal().
◆ test_GetExplicitEntriesFromAclW()
Definition at line 7569 of file security.c.
7570{
7576 EXPLICIT_ACCESSW *access2;
7580
7581 old_acl = malloc(256);
7584
7585 res = AllocateAndInitializeSid(&SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
7587
7589 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &users_sid);
7591
7594
7595 access2 = NULL;
7597 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7599 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7600 ok(access2[0].grfAccessPermissions == KEY_READ, "Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7601 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7602 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7604 LocalFree(access2);
7605
7608
7614 access.Trustee.ptstrName = everyone_sid;
7618
7619 access2 = NULL;
7621 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7623 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7624 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7626 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7627 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7628 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7630 LocalFree(access2);
7631 LocalFree(new_acl);
7632
7637
7638 access2 = NULL;
7640 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7642 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7643 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7645 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7646 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7647 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7649 LocalFree(access2);
7650 LocalFree(new_acl);
7651
7657
7658 access2 = NULL;
7660 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7662 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7663 ok(access2[0].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7665 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].Trustee.TrusteeType);
7666 ok(access2[0].Trustee.TrusteeForm == TRUSTEE_IS_SID, "Expected SID trustee, got %d\n", access2[0].Trustee.TrusteeForm);
7667 ok(access2[0].grfInheritance == NO_INHERITANCE, "Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7668 LocalFree(access2);
7669 LocalFree(new_acl);
7670
7673 access.Trustee.ptstrName = users_sid;
7677
7678 access2 = (void *)0xdeadbeef;
7680 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7683 LocalFree(new_acl);
7684
7685 /* Make the ACL both Allow and Deny Everyone. */
7690 /* Revoke Everyone. */
7691 access.Trustee.ptstrName = everyone_sid;
7693 access.grfAccessPermissions = 0;
7694 new_acl = NULL;
7698 /* Deny Everyone should remain (along with Grant Users from earlier). */
7699 access2 = NULL;
7701 ok(res == ERROR_SUCCESS, "GetExplicitEntriesFromAclW failed with error %ld\n", GetLastError());
7703#ifdef __REACTOS__
7704 if (!access2) {
7706 } else {
7707#endif
7708 ok(access2[0].grfAccessMode == GRANT_ACCESS, "Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7709 ok(access2[0].grfAccessPermissions == KEY_READ , "Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7711 ok(access2[1].grfAccessMode == DENY_ACCESS, "Expected DENY_ACCESS, got %d\n", access2[1].grfAccessMode);
7712 ok(access2[1].grfAccessPermissions == KEY_WRITE, "Expected KEY_WRITE, got %ld\n", access2[1].grfAccessPermissions);
7714 LocalFree(access2);
7715#ifdef __REACTOS__
7716 }
7717#endif
7718
7719 FreeSid(users_sid);
7720 FreeSid(everyone_sid);
7721 free(old_acl);
7722}
DWORD WINAPI SetEntriesInAclW(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_W pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
Definition: ac.c:199
DWORD WINAPI GetExplicitEntriesFromAclW(PACL pacl, PULONG pcCountOfExplicitEntries, PEXPLICIT_ACCESS_W *pListOfExplicitEntries)
Definition: ac.c:648
Definition: accctrl.h:340
Referenced by START_TEST().
◆ test_GetKernelObjectSecurity()
Definition at line 8324 of file security.c.
8325{
8326 /* Basic tests for parameter validation. */
8327
8333 ACL *acl;
8334
8335 SetLastError(0xdeadbeef);
8336 size = 0xdeadbeef;
8341
8342 SetLastError(0xdeadbeef);
8346
8347 SetLastError(0xdeadbeef);
8348 size = 0xdeadbeef;
8349 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, NULL, 0, &size);
8353
8355
8356 SetLastError(0xdeadbeef);
8357 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, size - 1, &ret_size);
8361
8362 SetLastError(0xdeadbeef);
8363 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, size + 1, &ret_size);
8367
8369
8370 /* Calling the function with flags not defined succeeds and yields an empty
8371 * descriptor. */
8372
8373 SetLastError(0xdeadbeef);
8377
8379 SetLastError(0xdeadbeef);
8384
8389
8394
8399
8403 /* the descriptor is defaulted only on Windows >= 7 */
8404
8408 /* the descriptor is defaulted only on Windows >= 7 */
8409
8411}
Referenced by START_TEST().
◆ test_GetNamedSecurityInfoA()
Definition at line 3821 of file security.c.
3822{
3830 char invalid_path[] = "/an invalid file path";
3832 char software_key[] = "MACHINE\\Software";
3835 ACL_SIZE_INFORMATION acl_size;
3837 PSECURITY_DESCRIPTOR pSD;
3838 ACCESS_ALLOWED_ACE *ace;
3842 BOOL owner_defaulted;
3843 BOOL group_defaulted;
3844 BOOL dacl_defaulted;
3847 BOOL dacl_present;
3848 PACL pDacl;
3851
3853 {
3856 }
3857 if (!bret)
3858 {
3860 return;
3861 }
3870
3873
3874#ifdef __REACTOS__
3875 /* The rest of this test crashes on WS03, Vista, Win7, and Win8.1 */
3878 return;
3879 }
3880#endif
3881 SetLastError(0xdeadbeef);
3886 {
3889 return;
3890 }
3892
3898
3899 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
3902
3906 LocalFree(pSD);
3907
3908
3909 /* NULL descriptor tests */
3910
3914
3915 pDacl = NULL;
3920 LocalFree(pSD);
3921
3925
3926 /* Test behavior of SetNamedSecurityInfo with an invalid path */
3927 SetLastError(0xdeadbeef);
3932
3933 /* Create security descriptor information and test that it comes back the same */
3934 pSD = &sd;
3935 pDacl = malloc(100);
3949 SetLastError(0xdeadbeef);
3952 free(pDacl);
3954 {
3957 CloseHandle(hTemp);
3958 return;
3959 }
3961 SetLastError(0xdeadbeef);
3965 {
3968 CloseHandle(hTemp);
3969 return;
3970 }
3972
3976 {
3985 ace->Mask);
3986 }
3988 {
3991 bret = EqualSid(&ace->SidStart, admin_sid);
3993 "Administators Group ACE (%s) != Administators Group SID (%s).\n",
3996 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
3998 "Administators Group ACE has unexpected mask (0x%lx != 0x1f01ff)\n", ace->Mask);
3999 }
4000 LocalFree(pSD);
4001
4002 /* show that setting empty DACL is not removing all file permissions */
4009 free(pDacl);
4010
4014
4018 {
4023 }
4024 LocalFree(pSD);
4025
4030
4031 /* test setting NULL DACL */
4035
4040 LocalFree(pSD);
4041
4046
4047 /* NtSetSecurityObject doesn't inherit DACL entries */
4050 pDacl = malloc(100);
4057
4062
4066
4071
4076
4081
4082 /* test if DACL is properly mapped to permission */
4093
4098
4109
4113 free(pDacl);
4115 CloseHandle(hTemp);
4116
4117 /* Test querying the ownership of a built-in registry key */
4118 sid_size = sizeof(system_ptr);
4124
4125 bret = AllocateAndInitializeSid(&SIDAuthNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &localsys_sid);
4127
4128 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
4132 "MACHINE\\Software owner SID (%s) != Administrators SID (%s) or Local System Sid (%s).\n",
4134
4140 "MACHINE\\Software group SID (%s) != Local System SID (%s or %s)\n",
4142 LocalFree(pSD);
4143
4144 /* Test querying the DACL of a built-in registry key */
4145 sid_size = sizeof(users_ptr);
4150
4151 bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
4159 {
4162 bret = EqualSid(&ace->SidStart, users_sid);
4164 bret = EqualSid(&ace->SidStart, admin_sid);
4166 }
4168 "Builtin Users ACE not found.\n");
4169 if (users_ace_id != -1)
4170 {
4182 "Builtin Users ACE has unexpected mask (0x%lx != 0x%x)\n",
4183 ace->Mask, GENERIC_READ);
4184 }
4186 if (admins_ace_id != -1)
4187 {
4200 }
4201
4202 FreeSid(localsys_sid);
4203 LocalFree(pSD);
4204}
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: security.c:2498
UINT WINAPI GetWindowsDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
Definition: path.c:2256
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
Definition: sec.c:238
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: ms-dtyp.idl:209
Referenced by START_TEST().
◆ test_GetSecurityInfo()
Definition at line 4691 of file security.c.
4692{
4693 char domain_users_ptr[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
4703 BOOL owner_defaulted, group_defaulted;
4704 BOOL dacl_defaulted, dacl_present;
4705 ACL_SIZE_INFORMATION acl_size;
4706 PSECURITY_DESCRIPTOR pSD;
4707 ACCESS_ALLOWED_ACE *ace;
4711 PACL pDacl;
4714
4716 {
4717 SE_FILE_OBJECT,
4718 SE_KERNEL_OBJECT,
4719 SE_WMIGUID_OBJECT,
4720 };
4721
4723 {
4724 SE_UNKNOWN_OBJECT_TYPE,
4725 SE_DS_OBJECT,
4726 SE_DS_OBJECT_ALL,
4728 SE_REGISTRY_WOW64_32KEY,
4729 SE_REGISTRY_WOW64_64KEY,
4730 0xdeadbeef,
4731 };
4732
4734 {
4737 }
4738 if (!bret)
4739 {
4741 return;
4742 }
4747
4748 /* Create something. Files have lots of associated security info. */
4752 {
4754 return;
4755 }
4756
4761 {
4764 return;
4765 }
4772 else
4774
4775 LocalFree(pSD);
4776
4777 /* If we don't ask for the security descriptor, Windows will still give us
4778 the other stuff, leaving us no way to free it. */
4787 else
4789
4790 /* Create security descriptor information and test that it comes back the same */
4791 pSD = &sd;
4813 {
4816#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
4820#endif
4824 ace->Mask);
4825 }
4827 {
4830#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
4831 bret = EqualSid(&ace->SidStart, admin_sid);
4832 todo_wine ok(bret, "Administators Group ACE (%s) != Administators Group SID (%s).\n", debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
4833#endif
4835 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((ACE_HEADER *)ace)->AceFlags);
4837 ace->Mask);
4838 }
4839 LocalFree(pSD);
4841
4842 /* Obtain the "domain users" SID from the user SID */
4844 *GetSidSubAuthority(user_sid, 1),
4845 *GetSidSubAuthority(user_sid, 2),
4846 *GetSidSubAuthority(user_sid, 3), 0, 0, 0, 0, &domain_sid))
4847 {
4849 return;
4850 }
4851 sid_size = sizeof(domain_users_ptr);
4852 CreateWellKnownSid(WinAccountDomainUsersSid, domain_sid, domain_users_sid, &sid_size);
4853 FreeSid(domain_sid);
4854
4855 /* Test querying the ownership of a process */
4860
4861 bret = GetSecurityDescriptorOwner(pSD, &owner, &owner_defaulted);
4865 "Process owner SID != Administrators SID.\n");
4866
4871 LocalFree(pSD);
4872
4873 /* Test querying the DACL of a process */
4877
4878 bret = GetSecurityDescriptorDacl(pSD, &dacl_present, &pDacl, &dacl_defaulted);
4886 {
4889 bret = EqualSid(&ace->SidStart, domain_users_sid);
4891 bret = EqualSid(&ace->SidStart, admin_sid);
4893 }
4895 "Domain Users ACE not found.\n");
4896 if (domain_users_ace_id != -1)
4897 {
4905 ace->Mask, GENERIC_READ);
4906 }
4908 "Builtin Admins ACE not found.\n");
4909 if (admins_ace_id != -1)
4910 {
4917 }
4918 LocalFree(pSD);
4919
4920 ret = GetSecurityInfo(NULL, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, NULL, NULL, &pSD);
4922
4926 LocalFree(pSD);
4927
4931
4933 {
4935
4939
4943 LocalFree(pSD);
4944
4948 LocalFree(pSD);
4949
4953
4957
4958 winetest_pop_context();
4959 }
4960
4964
4968
4970
4972 {
4974
4978
4982
4986
4990
4991 winetest_pop_context();
4992 }
4993}
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
Definition: misc.c:1295
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl void winetest_pop_context(void)
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl winetest_push_context(const char *fmt,...) __WINE_PRINTF_ATTR(1
Definition: test.h:537
struct _TOKEN_USER TOKEN_USER
Referenced by START_TEST().
◆ test_GetSidIdentifierAuthority()
Definition at line 7012 of file security.c.
7013{
7018
7022
7023 SetLastError(0xdeadbeef);
7027
7028 SetLastError(0xdeadbeef);
7032}
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID sid)
Definition: security.c:333
Referenced by START_TEST().
◆ test_GetSidSubAuthority()
Definition at line 4995 of file security.c.
4996{
4998
4999 /* Note: on windows passing in an invalid index like -1, lets GetSidSubAuthority return 0x05000000 but
5000 still GetLastError returns ERROR_SUCCESS then. We don't test these unlikely cornercases here for now */
5001 ok(ConvertStringSidToSidA("S-1-5-21-93476-23408-4576",&psid),"ConvertStringSidToSidA failed\n");
5003 SetLastError(0xbebecaca);
5004 ok(*GetSidSubAuthorityCount(psid) == 4,"GetSidSubAuthorityCount gave %d expected 4\n", *GetSidSubAuthorityCount(psid));
5006 SetLastError(0xbebecaca);
5007 ok(*GetSidSubAuthority(psid,0) == 21,"GetSidSubAuthority gave %ld expected 21\n", *GetSidSubAuthority(psid,0));
5009 SetLastError(0xbebecaca);
5010 ok(*GetSidSubAuthority(psid,1) == 93476,"GetSidSubAuthority gave %ld expected 93476\n", *GetSidSubAuthority(psid,1));
5012 SetLastError(0xbebecaca);
5013 ok(GetSidSubAuthority(psid,4) != NULL,"Expected out of bounds GetSidSubAuthority to return a non-NULL pointer\n");
5015 LocalFree(psid);
5016}
Referenced by START_TEST().
◆ test_GetTokenInformation()
Definition at line 2015 of file security.c.
Referenced by START_TEST().
◆ test_GetUserNameA()
Definition at line 5144 of file security.c.
5145{
5147 DWORD required_len, buffer_len;
5149
5150 /* Test crashes on Windows. */
5151 if (0)
5152 {
5153 SetLastError(0xdeadbeef);
5155 }
5156
5157 SetLastError(0xdeadbeef);
5158 required_len = 0;
5163
5164 SetLastError(0xdeadbeef);
5165 required_len = 1;
5170
5171 /* Tests crashes on Windows. */
5172 if (0)
5173 {
5174 SetLastError(0xdeadbeef);
5175 required_len = UNLEN + 1;
5177
5178 SetLastError(0xdeadbeef);
5180 }
5181
5183
5184 /* Note that GetUserNameA on XP and newer outputs the number of bytes
5185 * required for a Unicode string, which affects a test in the next block. */
5186 SetLastError(0xdeadbeef);
5188 required_len = 0;
5194
5195 SetLastError(0xdeadbeef);
5197 buffer_len = required_len;
5201 ok(buffer_len == required_len ||
5203 "Outputted buffer length was %lu\n", buffer_len);
5205
5206 /* Use the reported buffer size from the last GetUserNameA call and pass
5207 * a length that is one less than the required value. */
5208 SetLastError(0xdeadbeef);
5210 buffer_len--;
5216}
Referenced by START_TEST().
◆ test_GetUserNameW()
Definition at line 5218 of file security.c.
5219{
5221 DWORD required_len, buffer_len;
5223
5224 /* Test crashes on Windows. */
5225 if (0)
5226 {
5227 SetLastError(0xdeadbeef);
5229 }
5230
5231 SetLastError(0xdeadbeef);
5232 required_len = 0;
5237
5238 SetLastError(0xdeadbeef);
5239 required_len = 1;
5244
5245 /* Tests crash on Windows. */
5246 if (0)
5247 {
5248 SetLastError(0xdeadbeef);
5249 required_len = UNLEN + 1;
5251
5252 SetLastError(0xdeadbeef);
5254 }
5255
5257
5258 SetLastError(0xdeadbeef);
5260 required_len = 0;
5266
5267 SetLastError(0xdeadbeef);
5269 buffer_len = required_len;
5275
5276 /* GetUserNameW on XP and newer writes a truncated portion of the username string to the buffer. */
5277 SetLastError(0xdeadbeef);
5279 buffer_len--;
5284 "Output buffer was altered\n");
5287}
Referenced by START_TEST().
◆ test_GetWindowsAccountDomainSid()
Definition at line 6929 of file security.c.
6930{
6931#ifdef __REACTOS__
6934#else
6939#endif
6940 DWORD sid_size;
6941 PSID user_sid;
6944#ifndef __REACTOS__
6946#endif
6947
6949 {
6952 }
6953 if (!bret)
6954 {
6956 return;
6957 }
6958
6967
6968 SetLastError(0xdeadbeef);
6969 bret = GetWindowsAccountDomainSid(0, 0, 0);
6971 ok(GetLastError() == ERROR_INVALID_SID, "expected ERROR_INVALID_SID, got %ld\n", GetLastError());
6972
6973 SetLastError(0xdeadbeef);
6974 bret = GetWindowsAccountDomainSid(user_sid, 0, 0);
6976 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
6977
6978 sid_size = SECURITY_MAX_SID_SIZE;
6979 SetLastError(0xdeadbeef);
6980 bret = GetWindowsAccountDomainSid(user_sid, 0, &sid_size);
6982 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
6983 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
6984
6985 SetLastError(0xdeadbeef);
6986 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, 0);
6988 ok(GetLastError() == ERROR_INVALID_PARAMETER, "expected ERROR_INVALID_PARAMETER, got %ld\n", GetLastError());
6989
6990 sid_size = 1;
6991 SetLastError(0xdeadbeef);
6992 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
6994 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6995 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
6996
6997 sid_size = SECURITY_MAX_SID_SIZE;
6998 bret = GetWindowsAccountDomainSid(user_sid, domain_sid, &sid_size);
7000 ok(sid_size == GetSidLengthRequired(4), "expected size %ld, got %ld\n", GetSidLengthRequired(4), sid_size);
7001#ifndef __REACTOS__ // This crashes on WS03, Vista, Win7, and Win8.1.
7002 InitializeSid(domain_sid2, &domain_ident, 4);
7007#endif
7008
7010}
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
Definition: security.c:862
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
Definition: security.c:368
Referenced by START_TEST().
◆ test_granted_access()
|
static |
Definition at line 2862 of file security.c.
◆ test_group_as_file_owner()
Definition at line 8700 of file security.c.
8701{
8702 char sd_buffer[200], sid_buffer[100];
8707 SECURITY_DESCRIPTOR new_sd;
8711
8712 /* The EA Origin client sets the SD owner of a directory to Administrators,
8713 * while using the default DACL, and subsequently tries to create
8714 * subdirectories. */
8715
8718
8721 if (!present)
8722 {
8724 return;
8725 }
8726
8729
8732
8733 file = CreateFileA(path, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0);
8735
8736 ret = GetKernelObjectSecurity(file, DACL_SECURITY_INFORMATION, sd_buffer, sizeof(sd_buffer), &size);
8740
8742
8745
8748
8751
8752 ret = SetKernelObjectSecurity(file, OWNER_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION, &new_sd);
8754
8756
8760
8766}
Referenced by START_TEST().
◆ test_group_equal()
Definition at line 195 of file security.c.
196{
200 BOOL group_defaulted;
201
203
206
207#ifdef __REACTOS__
208 /* The call to EqualSid below crashes on WS03. */
210#endif
214
215 free(queriedSD);
216}
Referenced by test_process_security().
◆ test_impersonation_level()
Definition at line 3177 of file security.c.
3178{
3180 HANDLE Token2;
3184 PRIVILEGE_SET *PrivilegeSet;
3187 HKEY hkey;
3189
3190 SetLastError(0xdeadbeef);
3193 {
3195 return;
3196 }
3198 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3201 ok(error == ERROR_CANT_OPEN_ANONYMOUS, "OpenThreadToken on anonymous token should have returned ERROR_CANT_OPEN_ANONYMOUS instead of %ld\n", error);
3202 /* can't perform access check when opening object against an anonymous impersonation token */
3203 todo_wine {
3205 ok(error == ERROR_INVALID_HANDLE || error == ERROR_CANT_OPEN_ANONYMOUS || error == ERROR_BAD_IMPERSONATION_LEVEL,
3207 }
3208 RevertToSelf();
3209
3212
3217 /* can't increase the impersonation level */
3221 "Duplicating a token and increasing the impersonation level should have failed with ERROR_BAD_IMPERSONATION_LEVEL instead of %ld\n", error);
3222 /* we can query anything from an anonymous token, including the user */
3225 ok(!ret && error == ERROR_INSUFFICIENT_BUFFER, "GetTokenInformation(TokenUser) should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", error);
3230
3231 /* PrivilegeCheck fails with SecurityAnonymous level */
3234 ok(!ret && error == ERROR_INSUFFICIENT_BUFFER, "GetTokenInformation(TokenPrivileges) should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", error);
3238
3241 memcpy(PrivilegeSet->Privilege, Privileges->Privileges, PrivilegeSet->PrivilegeCount * sizeof(PrivilegeSet->Privilege[0]));
3244
3247 ok(!ret && error == ERROR_BAD_IMPERSONATION_LEVEL, "PrivilegeCheck for SecurityAnonymous token should have failed with ERROR_BAD_IMPERSONATION_LEVEL instead of %ld\n", error);
3248
3250
3253 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3255
3256 /* can't perform access check when opening object against an identification impersonation token */
3258 todo_wine {
3259 ok(error == ERROR_INVALID_HANDLE || error == ERROR_BAD_IMPERSONATION_LEVEL || error == ERROR_ACCESS_DENIED,
3260 "RegOpenKeyEx should have failed with ERROR_INVALID_HANDLE, ERROR_BAD_IMPERSONATION_LEVEL or ERROR_ACCESS_DENIED instead of %ld\n", error);
3261 }
3265 RevertToSelf();
3266
3269 ret = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY_SOURCE | TOKEN_IMPERSONATE | TOKEN_ADJUST_DEFAULT, TRUE, &Token);
3272 ok(error == ERROR_SUCCESS, "RegOpenKeyEx should have succeeded instead of failing with %ld\n", error);
3273 RegCloseKey(hkey);
3276 RevertToSelf();
3277
3279 CloseHandle(ProcessToken);
3280
3281 free(PrivilegeSet);
3282}
@ User
LONG WINAPI RegOpenKeyExA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey, _In_ DWORD ulOptions, _In_ REGSAM samDesired, _Out_ PHKEY phkResult)
Definition: reg.c:3298
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4539
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
Definition: sefuncs.h:419
Referenced by START_TEST().
◆ test_inherited_dacl()
|
static |
Definition at line 3537 of file security.c.
3539{
3540 ACL_SIZE_INFORMATION acl_size;
3541 ACCESS_ALLOWED_ACE *ace;
3542 BOOL bret;
3543
3546
3547 todo_wine_if (todo_count)
3549 "GetAclInformation returned unexpected entry count (%ld != 2)\n",
3550 acl_size.AceCount);
3551
3553 {
3556
3558 todo_wine_if (todo_sid)
3559 ok_(__FILE__, line)(bret, "Current User ACE (%s) != Current User SID (%s)\n", debugstr_sid(&ace->SidStart), debugstr_sid(user_sid));
3560
3561 todo_wine_if (todo_flags)
3563 "Current User ACE has unexpected flags (0x%x != 0x%lx)\n",
3565
3567 "Current User ACE has unexpected mask (0x%lx != 0x%lx)\n",
3569 }
3571 {
3574
3576 todo_wine_if (todo_sid)
3577 ok_(__FILE__, line)(bret, "Administators Group ACE (%s) != Administators Group SID (%s)\n", debugstr_sid(&ace->SidStart), debugstr_sid(admin_sid));
3578
3579 todo_wine_if (todo_flags)
3581 "Administators Group ACE has unexpected flags (0x%x != 0x%lx)\n",
3583
3585 "Administators Group ACE has unexpected mask (0x%lx != 0x%lx)\n",
3587 }
3588}
Referenced by test_CreateDirectoryA().
◆ test_InitializeAcl()
Definition at line 4643 of file security.c.
4644{
4648
4649 SetLastError(0xdeadbeef);
4652 {
4654 return;
4655 }
4656
4657 ok(!ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, "InitializeAcl with too small a buffer should have failed with ERROR_INSUFFICIENT_BUFFER instead of %ld\n", GetLastError());
4658
4659 SetLastError(0xdeadbeef);
4661 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl with too large a buffer should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GetLastError());
4662
4663 SetLastError(0xdeadbeef);
4665 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(ACL_REVISION1) should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GetLastError());
4666
4669
4672
4675
4678
4679 SetLastError(0xdeadbeef);
4682
4685
4686 SetLastError(0xdeadbeef);
4688 ok(!ret && GetLastError() == ERROR_INVALID_PARAMETER, "InitializeAcl(-1) failed with error %ld\n", GetLastError());
4689}
Referenced by START_TEST().
◆ test_IsValidSecurityDescriptor()
Definition at line 8768 of file security.c.
8769{
8772
8773 SetLastError(0xdeadbeef);
8777
8779
8780 SetLastError(0xdeadbeef);
8784
8787
8788 SetLastError(0xdeadbeef);
8792
8794}
BOOL WINAPI IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: sec.c:176
Referenced by START_TEST().
◆ test_kernel_objects_security()
Definition at line 6313 of file security.c.
6314{
6317
6320
6324
6327
6331
6337 test_filemap_security();
6338 test_thread_security();
6339 test_process_access();
6340 /* FIXME: test other kernel object types */
6341
6342 CloseHandle(process_token);
6344}
static void test_named_pipe_security(HANDLE token)
Definition: security.c:5731
static BOOL validate_impersonation_token(HANDLE token, DWORD *token_type)
Definition: security.c:6262
Referenced by START_TEST().
◆ test_LookupAccountName()
Definition at line 2552 of file security.c.
2553{
2554 DWORD sid_size, domain_size, user_size;
2555 DWORD sid_save, domain_save;
2558 SID_NAME_USE sid_use;
2560 PSID psid;
2562
2563 /* native crashes if (assuming all other parameters correct):
2564 * - peUse is NULL
2565 * - Sid is NULL and cbSid is > 0
2566 * - cbSid or cchReferencedDomainName are NULL
2567 * - ReferencedDomainName is NULL and cchReferencedDomainName is the correct size
2568 */
2569
2570 user_size = UNLEN + 1;
2571 SetLastError(0xdeadbeef);
2574
2575 /* get sizes */
2576 sid_size = 0;
2577 domain_size = 0;
2578 sid_use = 0xcafebabe;
2579 SetLastError(0xdeadbeef);
2582 {
2584 return;
2585 }
2592
2593 sid_save = sid_size;
2594 domain_save = domain_size;
2595
2596 psid = malloc(sid_size);
2598
2599 /* try valid account name */
2609 domain_size = domain_save;
2610 sid_size = sid_save;
2611
2613 {
2615 }
2616 else
2617 {
2626 ok(sid_use == SidTypeWellKnownGroup, "Expected SidTypeWellKnownGroup (%d), got %d\n", SidTypeWellKnownGroup, sid_use);
2627 domain_size = domain_save;
2628 }
2629
2630 /* NULL Sid with zero sid size */
2631 SetLastError(0xdeadbeef);
2632 sid_size = 0;
2639
2640 /* try cchReferencedDomainName - 1 */
2641 SetLastError(0xdeadbeef);
2642 domain_size--;
2649
2650 /* NULL ReferencedDomainName with zero domain name size */
2651 SetLastError(0xdeadbeef);
2652 domain_size = 0;
2659
2660 free(psid);
2662
2663 /* get sizes for NULL account name */
2664 sid_size = 0;
2665 domain_size = 0;
2666 sid_use = 0xcafebabe;
2667 SetLastError(0xdeadbeef);
2675
2676 psid = malloc(sid_size);
2678
2679 /* try NULL account name */
2683 /* Using a fixed string will not work on different locales */
2687
2688 free(psid);
2690
2691 /* try an invalid account name */
2692 SetLastError(0xdeadbeef);
2693 sid_size = 0;
2694 domain_size = 0;
2702
2703 /* try an invalid system name */
2704 SetLastError(0xdeadbeef);
2705 sid_size = 0;
2706 domain_size = 0;
2709 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE || GetLastError() == RPC_S_INVALID_NET_ADDR /* Vista */,
2713
2714 /* try with the computer name as the account name */
2717 sid_size = 0;
2718 domain_size = 0;
2726 {
2727 psid = malloc(sid_size);
2729 ret = LookupAccountNameA(NULL, computer_name, psid, &sid_size, domain, &domain_size, &sid_use);
2732 (sid_use == SidTypeUser && ! strcmp(computer_name, user_name)), "expected SidTypeDomain for %s, got %d\n", computer_name, sid_use);
2734 free(psid);
2735 }
2736
2737 /* Well Known names */
2739 {
2741 return;
2742 }
2743
2746 /* 2 spaces */
2750
2751 /* example of some names where the spaces are not optional */
2756
2761
2762 /* case insensitivity */
2764
2765 /* fully qualified account names */
2771}
static void check_wellknown_name(const char *name, WELL_KNOWN_SID_TYPE result)
Definition: security.c:2490
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
Definition: shimtest.c:21
#define ERROR_TRUSTED_RELATIONSHIP_FAILURE
Definition: winerror.h:1453
Referenced by START_TEST().
◆ test_LookupAccountSid()
Definition at line 2177 of file security.c.
2178{
2181 DWORD acc_sizeA, dom_sizeA, user_sizeA;
2182 DWORD real_acc_sizeA, real_dom_sizeA;
2184 LSA_OBJECT_ATTRIBUTES object_attributes;
2185 DWORD acc_sizeW, dom_sizeW;
2186 DWORD real_acc_sizeW, real_dom_sizeW;
2188 SID_NAME_USE use;
2191 MAX_SID max_sid;
2192 CHAR *str_sidA;
2194 HANDLE hToken;
2198
2199 /* native windows crashes if account size, domain size, or name use is NULL */
2200
2202 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &pUsersSid);
2205
2206 /* not running on NT so give up */
2208 return;
2209
2210 real_acc_sizeA = MAX_PATH;
2211 real_dom_sizeA = MAX_PATH;
2212 ret = LookupAccountSidA(NULL, pUsersSid, accountA, &real_acc_sizeA, domainA, &real_dom_sizeA, &use);
2214
2215 /* try NULL account */
2216 acc_sizeA = MAX_PATH;
2217 dom_sizeA = MAX_PATH;
2220
2221 /* try NULL domain */
2222 acc_sizeA = MAX_PATH;
2223 dom_sizeA = MAX_PATH;
2226
2227 /* try a small account buffer */
2228 acc_sizeA = 1;
2229 dom_sizeA = MAX_PATH;
2230 accountA[0] = 0;
2235
2236 /* try a 0 sized account buffer */
2237 acc_sizeA = 0;
2238 dom_sizeA = MAX_PATH;
2239 accountA[0] = 0;
2241 /* this can fail or succeed depending on OS version but the size will always be returned */
2242 ok(acc_sizeA == real_acc_sizeA + 1,
2243 "LookupAccountSidA() Expected acc_size = %lu, got %lu\n",
2244 real_acc_sizeA + 1, acc_sizeA);
2245
2246 /* try a 0 sized account buffer */
2247 acc_sizeA = 0;
2248 dom_sizeA = MAX_PATH;
2250 /* this can fail or succeed depending on OS version but the size will always be returned */
2251 ok(acc_sizeA == real_acc_sizeA + 1,
2252 "LookupAccountSid() Expected acc_size = %lu, got %lu\n",
2253 real_acc_sizeA + 1, acc_sizeA);
2254
2255 /* try a small domain buffer */
2256 dom_sizeA = 1;
2257 acc_sizeA = MAX_PATH;
2258 accountA[0] = 0;
2263
2264 /* try a 0 sized domain buffer */
2265 dom_sizeA = 0;
2266 acc_sizeA = MAX_PATH;
2267 accountA[0] = 0;
2269 /* this can fail or succeed depending on OS version but the size will always be returned */
2270 ok(dom_sizeA == real_dom_sizeA + 1,
2271 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2272 real_dom_sizeA + 1, dom_sizeA);
2273
2274 /* try a 0 sized domain buffer */
2275 dom_sizeA = 0;
2276 acc_sizeA = MAX_PATH;
2278 /* this can fail or succeed depending on OS version but the size will always be returned */
2279 ok(dom_sizeA == real_dom_sizeA + 1,
2280 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2281 real_dom_sizeA + 1, dom_sizeA);
2282
2283 real_acc_sizeW = MAX_PATH;
2284 real_dom_sizeW = MAX_PATH;
2285 ret = LookupAccountSidW(NULL, pUsersSid, accountW, &real_acc_sizeW, domainW, &real_dom_sizeW, &use);
2287
2288 /* try an invalid system name */
2289 real_acc_sizeA = MAX_PATH;
2290 real_dom_sizeA = MAX_PATH;
2291 ret = LookupAccountSidA("deepthought", pUsersSid, accountA, &real_acc_sizeA, domainA, &real_dom_sizeA, &use);
2293 ok(GetLastError() == RPC_S_SERVER_UNAVAILABLE || GetLastError() == RPC_S_INVALID_NET_ADDR /* Vista */,
2294 "LookupAccountSidA() Expected RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR, got %lu\n", GetLastError());
2295
2296 /* native windows crashes if domainW or accountW is NULL */
2297
2298 /* try a small account buffer */
2299 acc_sizeW = 1;
2300 dom_sizeW = MAX_PATH;
2301 accountW[0] = 0;
2306
2307 /* try a 0 sized account buffer */
2308 acc_sizeW = 0;
2309 dom_sizeW = MAX_PATH;
2310 accountW[0] = 0;
2312 /* this can fail or succeed depending on OS version but the size will always be returned */
2313 ok(acc_sizeW == real_acc_sizeW + 1,
2314 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2315 real_acc_sizeW + 1, acc_sizeW);
2316
2317 /* try a 0 sized account buffer */
2318 acc_sizeW = 0;
2319 dom_sizeW = MAX_PATH;
2321 /* this can fail or succeed depending on OS version but the size will always be returned */
2322 ok(acc_sizeW == real_acc_sizeW + 1,
2323 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2324 real_acc_sizeW + 1, acc_sizeW);
2325
2326 /* try a small domain buffer */
2327 dom_sizeW = 1;
2328 acc_sizeW = MAX_PATH;
2329 accountW[0] = 0;
2334
2335 /* try a 0 sized domain buffer */
2336 dom_sizeW = 0;
2337 acc_sizeW = MAX_PATH;
2338 accountW[0] = 0;
2340 /* this can fail or succeed depending on OS version but the size will always be returned */
2341 ok(dom_sizeW == real_dom_sizeW + 1,
2342 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2343 real_dom_sizeW + 1, dom_sizeW);
2344
2345 /* try a 0 sized domain buffer */
2346 dom_sizeW = 0;
2347 acc_sizeW = MAX_PATH;
2349 /* this can fail or succeed depending on OS version but the size will always be returned */
2350 ok(dom_sizeW == real_dom_sizeW + 1,
2351 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2352 real_dom_sizeW + 1, dom_sizeW);
2353
2354 acc_sizeW = dom_sizeW = use = 0;
2355 SetLastError(0xdeadbeef);
2359 ok(error == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %lu\n", error);
2363
2364 FreeSid(pUsersSid);
2365
2366 /* Test LookupAccountSid with Sid retrieved from token information.
2367 This assumes this process is running under the account of the current user.*/
2372 ptiUser = malloc(cbti);
2374 {
2375 acc_sizeA = dom_sizeA = MAX_PATH;
2376 ret = LookupAccountSidA(NULL, ptiUser->User.Sid, accountA, &acc_sizeA, domainA, &dom_sizeA, &use);
2378 user_sizeA = MAX_PATH;
2381 ok(lstrcmpA(usernameA, accountA) == 0, "LookupAccountSidA() Expected account name: %s got: %s\n", usernameA, accountA );
2382 }
2383 free(ptiUser);
2384
2387 {
2390 {
2392 {
2393 acc_sizeA = MAX_PATH;
2394 dom_sizeA = MAX_PATH;
2397 LocalFree(str_sidA);
2398 }
2399 }
2400 else
2401 {
2404 else
2406 }
2407 }
2408
2411
2415
2416 /* try a more restricted access mask if necessary */
2420 ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION) returned 0x%08lx\n", status);
2421 }
2422
2424 {
2427 ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy() failed, returned 0x%08lx\n", status);
2429 {
2430 ok(info->DomainSid!=0, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) missing SID\n");
2432 {
2463 }
2464
2466 }
2467
2470 }
2471}
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
NTSTATUS WINAPI LsaQueryInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
Definition: lsa.c:1473
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
Definition: misc.c:537
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
Definition: ntsecapi.h:177
Definition: security.c:30
Definition: ntsecapi.h:565
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
Definition: setypes.h:646
Referenced by START_TEST().
◆ test_lookupPrivilegeName()
Definition at line 616 of file security.c.
617{
621 LUID luid = { 0, 0 };
624
625 /* check whether it's available first */
627 if (!pLookupPrivilegeNameA) return;
631 return;
632
633 /* check with a short buffer */
634 cchName = 0;
638 "LookupPrivilegeNameA didn't fail with ERROR_INSUFFICIENT_BUFFER: %ld\n",
639 GetLastError());
641 "LookupPrivilegeNameA returned an incorrect required length for\n"
644 /* check a known value and its returned length on success */
648 "LookupPrivilegeNameA returned an incorrect output length for\n"
651 /* check known values */
653 {
659 }
660 /* check a bogus LUID */
661 luid.LowPart = 0xdeadbeef;
665 "LookupPrivilegeNameA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
666 GetLastError());
667 /* check on a bogus system */
673 "LookupPrivilegeNameA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
674 GetLastError());
675}
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
Definition: winbase.h:2521
Referenced by START_TEST().
◆ test_lookupPrivilegeValue()
Definition at line 683 of file security.c.
684{
715 };
718 LUID luid;
720
721 /* check whether it's available first */
723 if (!pLookupPrivilegeValueA) return;
726 return;
727
728 /* check a bogus system name */
732 "LookupPrivilegeValueA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
733 GetLastError());
734 /* check a NULL string */
737 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
738 GetLastError());
739 /* check a bogus privilege name */
742 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
743 GetLastError());
744 /* check case insensitive */
747 "LookupPrivilegeValueA(NULL, sEcREATEtOKENpRIVILEGE, &luid) failed: %ld\n",
748 GetLastError());
750 {
751 /* Not all privileges are implemented on all Windows versions, so
752 * don't worry if the call fails
753 */
755 {
757 "LookupPrivilegeValueA returned an invalid LUID for %s\n",
758 privs[i].name);
759 }
760 }
761}
Definition: security.c:678
Referenced by START_TEST().
◆ test_maximum_allowed()
Definition at line 7085 of file security.c.
7086{
7096
7098 if (!pCreateEventExA)
7099 {
7101 return;
7102 }
7103
7111
7115
7121}
Referenced by START_TEST().
◆ test_mutex_security()
Definition at line 5566 of file security.c.
5567{
5574 static const struct
5575 {
5576 int generic, mapped;
5577 } map[] =
5578 {
5579 { 0, 0 },
5584 };
5585
5586 SetLastError(0xdeadbeef);
5590
5591 SetLastError(0xdeadbeef);
5594
5597
5599 {
5600 SetLastError( 0xdeadbeef );
5604
5607
5609
5610 SetLastError(0xdeadbeef);
5612 todo_wine
5614 todo_wine
5616 }
5617
5619
5621}
Definition: module.h:456
HANDLE WINAPI DECLSPEC_HOTPATCH CreateMutexA(IN LPSECURITY_ATTRIBUTES lpMutexAttributes OPTIONAL, IN BOOL bInitialOwner, IN LPCSTR lpName OPTIONAL)
Definition: synch.c:512
HANDLE WINAPI DECLSPEC_HOTPATCH OpenMutexA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synchansi.c:71
Referenced by test_kernel_objects_security().
◆ test_named_pipe_security()
Definition at line 5731 of file security.c.
5732{
5736 FILE_GENERIC_WRITE,
5737 FILE_GENERIC_EXECUTE,
5739 static const struct
5740 {
5741 int generic, mapped;
5742 } map[] =
5743 {
5744 { 0, 0 },
5749 };
5750 static const struct
5751 {
5752 DWORD open_mode;
5754 } creation_access[] =
5755 {
5761 /* ACCESS_SYSTEM_SECURITY is also valid, but will fail with ERROR_PRIVILEGE_NOT_HELD */
5762 };
5763
5764 /* Test the different security access options for pipes */
5766 {
5767 SetLastError(0xdeadbeef);
5775 "CreateNamedPipeA(0x%lx) pipe expected access 0x%lx (got 0x%lx)\n",
5777 CloseHandle(pipe);
5778 }
5779
5780 SetLastError(0xdeadbeef);
5785
5787
5788 SetLastError(0xdeadbeef);
5791
5794
5796 {
5797 SetLastError( 0xdeadbeef );
5801
5804
5806 }
5807
5809 CloseHandle(pipe);
5810
5811 SetLastError(0xdeadbeef);
5812 file = CreateFileA("\\\\.\\pipe\\", FILE_ALL_ACCESS, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0, 0);
5813 ok(file != INVALID_HANDLE_VALUE || broken(file == INVALID_HANDLE_VALUE) /* before Vista */, "CreateFile error %ld\n", GetLastError());
5814
5816 {
5819
5821 {
5822 SetLastError( 0xdeadbeef );
5826
5830 }
5831 }
5832
5834}
HANDLE WINAPI CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
Definition: npipe.c:220
Referenced by test_kernel_objects_security().
◆ test_owner_equal()
Definition at line 172 of file security.c.
173{
176 PSID owner;
177 BOOL owner_defaulted;
178
180
183
184#ifdef __REACTOS__
185 /* The call to EqualSid below crashes on WS03. */
187#endif
191
192 free(queriedSD);
193}
Referenced by test_process_security().
◆ test_PrivateObjectSecurity()
Definition at line 4556 of file security.c.
4557{
4558 SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
4560 PSECURITY_DESCRIPTOR sec;
4561 DWORD dwDescSize;
4562 DWORD dwRevision;
4563 DWORD retSize;
4568
4570 "O:SY"
4571 "G:S-1-5-21-93476-23408-4576"
4572 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
4573 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4574 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4576
4577 test_SetSecurityDescriptorControl(sec);
4578
4579 LocalFree(sec);
4580
4582 "O:SY"
4583 "G:S-1-5-21-93476-23408-4576",
4585
4586 test_SetSecurityDescriptorControl(sec);
4587
4588 LocalFree(sec);
4589
4591 "O:SY"
4592 "G:S-1-5-21-93476-23408-4576"
4593 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4594 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)", SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n");
4599
4603 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4607
4608 ret = GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, buf, dwDescSize, &retSize);
4611 ret = ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len);
4613 CHECK_ONE_OF_AND_FREE("G:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)",
4614 "G:S-1-5-21-93476-23408-4576D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"); /* Win7 */
4617
4621 ok(ConvertSecurityDescriptorToStringSecurityDescriptorA(buf, SDDL_REVISION_1, sec_info, &string, &len), "Conversion failed\n");
4623 "G:S-1-5-21-93476-23408-4576"
4624 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4625 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4626 "O:SY"
4627 "G:S-1-5-21-93476-23408-4576"
4628 "D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4629 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)"); /* Win7 */
4632
4633 SetLastError(0xdeadbeef);
4634 ok(GetPrivateObjectSecurity(sec, sec_info, buf, 5, &retSize) == FALSE, "GetPrivateObjectSecurity should have failed\n");
4635 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "Expected error ERROR_INSUFFICIENT_BUFFER, got %lu\n", GetLastError());
4636
4637 LocalFree(sec);
4639}
BOOL WINAPI GetPrivateObjectSecurity(IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor OPTIONAL, IN DWORD DescriptorLength, OUT PDWORD ReturnLength)
Definition: misc.c:1429
static void test_SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR sec)
Definition: security.c:4468
Referenced by START_TEST().
◆ test_process_access()
Definition at line 6145 of file security.c.
6146{
6149 STARTUPINFOA sti;
6152 static const struct
6153 {
6154 int generic, mapped;
6155 } map[] =
6156 {
6157 { 0, 0 },
6159 { GENERIC_WRITE, STANDARD_RIGHTS_WRITE | PROCESS_SET_QUOTA | PROCESS_SET_INFORMATION | PROCESS_SUSPEND_RESUME |
6160 PROCESS_VM_WRITE | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_VM_OPERATION },
6163 };
6164
6167 SetLastError(0xdeadbeef);
6168 ret = CreateProcessA(NULL, cmdline, NULL, NULL, FALSE, CREATE_SUSPENDED, NULL, NULL, &sti, &pi);
6170
6173
6175 ok(access == PROCESS_ALL_ACCESS_NT4 || access == PROCESS_ALL_ACCESS_VISTA, "expected PROCESS_ALL_ACCESS, got %#lx\n", access);
6176
6178 {
6179 SetLastError( 0xdeadbeef );
6183
6186 {
6188 ok(access == map[i].mapped || access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION) /* Vista+ */,
6190 break;
6195 access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_SET_LIMITED_INFORMATION) /* Win10 Anniversary Update */,
6197 break;
6199 ok(access == map[i].mapped || access == (map[i].mapped | PROCESS_QUERY_LIMITED_INFORMATION | PROCESS_TERMINATE) /* Vista+ */,
6201 break;
6205 break;
6206 default:
6208 break;
6209 }
6210
6212 }
6213
6214 SetLastError( 0xdeadbeef );
6223
6224 SetLastError( 0xdeadbeef );
6231
6232 SetLastError( 0xdeadbeef );
6239
6240 SetLastError( 0xdeadbeef );
6247 "expected PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n", access);
6249
6250 SetLastError( 0xdeadbeef );
6255 ok(access == (PROCESS_VM_OPERATION | PROCESS_VM_READ), "unexpected access right %lx\n", access);
6257
6260}
BOOL WINAPI TerminateProcess(IN HANDLE hProcess, IN UINT uExitCode)
Definition: proc.c:1375
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA(const char *app_name, char *cmd_line, SECURITY_ATTRIBUTES *process_attr, SECURITY_ATTRIBUTES *thread_attr, BOOL inherit, DWORD flags, void *env, const char *cur_dir, STARTUPINFOA *startup_info, PROCESS_INFORMATION *info)
Definition: process.c:686
Referenced by test_kernel_objects_security().
◆ test_process_security()
Definition at line 2894 of file security.c.
2895{
2898 PTOKEN_OWNER owner;
2911 SID_NAME_USE use;
2912
2913 Acl = malloc(256);
2916 {
2918 free(Acl);
2919 return;
2920 }
2922
2923 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
2925
2926 /* get owner from the token we might be running as a user not admin */
2930 {
2931 free(Acl);
2932 return;
2933 }
2934
2939
2945
2950
2954 UsersSid = group->PrimaryGroup;
2955 test_sid_str(UsersSid);
2956
2964 else
2966
2971
2975 UserSid = user->User.Sid;
2976 test_sid_str(UserSid);
2977 ok(EqualPrefixSid(UsersSid, UserSid), "TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
2978
2981 {
2983 free(owner);
2985 free(Acl);
2986 return;
2987 }
2988
2993
2997
3000
3001 SecurityDescriptor->Revision = 0;
3004
3009 /* NULL DACL is valid and means that everyone has access */
3012
3013#ifdef __REACTOS__
3014 /* This crashes on Vista, Win7, and Win8.1. */
3016#endif
3017 /* Set owner and group and dacl */
3022
3027
3031 /* setting a dacl should not change the owner or group */
3034
3035 /* Test again with a different SID in case the previous SID also happens to
3036 * be the one that is incorrectly replacing the group. */
3041
3046#ifdef __REACTOS__
3047 }
3048#endif
3049
3055
3059
3063
3064 ThreadAcl = malloc( 256 );
3071
3078
3080 tsa.lpSecurityDescriptor = ThreadSecurityDescriptor;
3082
3083 /* Doesn't matter what ACL say we should get full access for ourselves */
3091
3092 FreeSid(EveryoneSid);
3097 free(owner);
3099 free(Acl);
3101 free(ThreadAcl);
3102 free(ThreadSecurityDescriptor);
3103}
static void test_owner_equal(HANDLE Handle, PSID expected, int line)
Definition: security.c:172
static void test_group_equal(HANDLE Handle, PSID expected, int line)
Definition: security.c:195
Referenced by START_TEST().
◆ test_process_security_child()
Definition at line 3105 of file security.c.
3106{
3110
3114
3119
3120 CloseHandle( handle1 );
3121
3122 SetLastError( 0xdeadbeef );
3126#ifdef __REACTOS__
3127 ok((!ret && err == ERROR_ACCESS_DENIED) || broken(ret && err == 0xdeadbeef) /* Vista-Win10 1607 */, "duplicating handle should have failed "
3128#else
3130#endif
3132
3134
3135#ifndef __REACTOS__ // Incorrect for WS03-Win10 1607
3136 /* These two should fail - they are denied by ACL */
3141#endif
3142
3143 /* Documented privilege elevation */
3149
3151
3152 /* Same only explicitly asking for all access rights */
3162 CloseHandle( handle1 );
3164
3165 /* Test thread security */
3170
3171#ifndef __REACTOS__ // Incorrect for WS03-Win10 1607
3174#endif
3175}
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:403
Referenced by START_TEST().
◆ test_pseudo_handle_security()
Definition at line 8133 of file security.c.
8134{
8140
8142 {
8143 HKEY_CLASSES_ROOT,
8144 HKEY_CURRENT_USER,
8145 HKEY_LOCAL_MACHINE,
8146 HKEY_USERS,
8147 HKEY_PERFORMANCE_DATA,
8148 HKEY_CURRENT_CONFIG,
8149 HKEY_DYN_DATA,
8150 };
8151
8152#ifdef __REACTOS__
8153 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, sd, sizeof(buffer), &size);
8154#else
8155 ret = GetKernelObjectSecurity(GetCurrentProcess(), OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8156#endif
8158
8159#ifdef __REACTOS__
8160 ret = GetKernelObjectSecurity(GetCurrentThread(), OWNER_SECURITY_INFORMATION, sd, sizeof(buffer), &size);
8161#else
8162 ret = GetKernelObjectSecurity(GetCurrentThread(), OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8163#endif
8165
8167 {
8168 SetLastError(0xdeadbeef);
8169#ifdef __REACTOS__
8171#else
8172 ret = GetKernelObjectSecurity(keys[i], OWNER_SECURITY_INFORMATION, &sd, sizeof(buffer), &size);
8173#endif
8175 ok(GetLastError() == ERROR_INVALID_HANDLE, "key %p: got error %lu\n", keys[i], GetLastError());
8176
8182 todo_wine ok(ret == ERROR_CALL_NOT_IMPLEMENTED || broken(ret == ERROR_INVALID_HANDLE) /* <7 */,
8184 else
8187
8191 }
8192}
Referenced by START_TEST().
◆ test_pseudo_tokens()
Definition at line 7034 of file security.c.
7035{
7036 TOKEN_STATISTICS statistics1, statistics2;
7038 DWORD retlen;
7040
7047
7048 /* test GetCurrentProcessToken() */
7049 SetLastError(0xdeadbeef);
7052 &statistics2, sizeof(statistics2), &retlen);
7056 ok(!memcmp(&statistics1, &statistics2, sizeof(statistics1)), "Token statistics do not match\n");
7057 else
7059
7060 /* test GetCurrentThreadEffectiveToken() */
7061 SetLastError(0xdeadbeef);
7064 &statistics2, sizeof(statistics2), &retlen);
7068 ok(!memcmp(&statistics1, &statistics2, sizeof(statistics1)), "Token statistics do not match\n");
7069 else
7071
7072 SetLastError(0xdeadbeef);
7076
7077 /* test GetCurrentThreadToken() */
7078 SetLastError(0xdeadbeef);
7080 &statistics2, sizeof(statistics2), &retlen);
7081 todo_wine ok(GetLastError() == ERROR_NO_TOKEN || broken(GetLastError() == ERROR_INVALID_HANDLE),
7083}
Referenced by START_TEST().
◆ test_security_descriptor()
Definition at line 2773 of file security.c.
2774{
2781
2782 SetLastError(0xdeadbeef);
2785 {
2787 return;
2788 }
2789
2794
2795 SetLastError(0xdeadbeef);
2796 size = 5;
2801 {
2809 ok(GetSecurityDescriptorDacl(&sd, &isPresent, &pacl, &isDefault), "GetSecurityDescriptorDacl failed\n");
2813 ok(GetSecurityDescriptorSacl(&sd, &isPresent, &pacl, &isDefault), "GetSecurityDescriptorSacl failed\n");
2817 }
2818
2820 "O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
2821 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)"
2824
2825 size = 0;
2827 todo_wine ok(!ret && GetLastError() == ERROR_BAD_DESCRIPTOR_FORMAT, "got %lu\n", GetLastError());
2828
2829 /* convert to absolute form */
2830 size = size_dacl = size_sacl = size_owner = size_group = 0;
2831 ret = MakeAbsoluteSD(sd_rel, NULL, &size, NULL, &size_dacl, NULL, &size_sacl, NULL, &size_owner, NULL,
2832 &size_group);
2834
2840 ret = MakeAbsoluteSD(sd_rel, sd_abs, &size, dacl, &size_dacl, sacl, &size_sacl, owner, &size_owner,
2841 group, &size_group);
2843
2844 size = 0;
2848
2849 size += 4;
2854
2855 free(sd_abs);
2856 free(sd_rel2);
2857 LocalFree(sd_rel);
2858}
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
Definition: security.c:950
Referenced by START_TEST().
◆ test_semaphore_security()
Definition at line 5680 of file security.c.
5681{
5688 static const struct
5689 {
5690 int generic, mapped;
5691 } map[] =
5692 {
5693 { 0, 0 },
5698 };
5699
5700 SetLastError(0xdeadbeef);
5704
5705 SetLastError(0xdeadbeef);
5708
5711
5713 {
5714 SetLastError( 0xdeadbeef );
5718
5721
5723 }
5724
5726
5728}
HANDLE WINAPI DECLSPEC_HOTPATCH CreateSemaphoreA(IN LPSECURITY_ATTRIBUTES lpSemaphoreAttributes OPTIONAL, IN LONG lInitialCount, IN LONG lMaximumCount, IN LPCSTR lpName OPTIONAL)
Definition: synchansi.c:44
HANDLE WINAPI DECLSPEC_HOTPATCH OpenSemaphoreA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
Definition: synchansi.c:58
Referenced by test_kernel_objects_security().
◆ test_SetEntriesInAclA()
Definition at line 3398 of file security.c.
3399{
3405 EXPLICIT_ACCESSA ExplicitAccess;
3408
3409 NewAcl = (PACL)0xdeadbeef;
3412 {
3414 return;
3415 }
3418 "NewAcl=%p, expected NULL\n", NewAcl);
3419 LocalFree(NewAcl);
3420
3421 OldAcl = malloc(256);
3424 {
3426 free(OldAcl);
3427 return;
3428 }
3430
3431 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3433
3435 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
3437
3440
3452 LocalFree(NewAcl);
3453
3460 LocalFree(NewAcl);
3461
3463 {
3465 }
3466 else
3467 {
3473 LocalFree(NewAcl);
3474
3480 "returned acl wasn't NULL: %p\n", NewAcl);
3481
3488 "returned acl wasn't NULL: %p\n", NewAcl);
3489
3495 LocalFree(NewAcl);
3496 }
3497
3503 LocalFree(NewAcl);
3504
3511 LocalFree(NewAcl);
3512
3513 FreeSid(UsersSid);
3514 FreeSid(EveryoneSid);
3515 free(OldAcl);
3516}
DWORD WINAPI SetEntriesInAclA(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_A pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
Definition: ac.c:615
Definition: accctrl.h:332
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:206
Referenced by START_TEST().
◆ test_SetEntriesInAclW()
Definition at line 3284 of file security.c.
3285{
3291 EXPLICIT_ACCESSW ExplicitAccess;
3294
3295 NewAcl = (PACL)0xdeadbeef;
3299 LocalFree(NewAcl);
3300
3301 OldAcl = malloc(256);
3304 {
3306 free(OldAcl);
3307 return;
3308 }
3310
3311 res = AllocateAndInitializeSid( &SIDAuthWorld, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3313
3315 DOMAIN_ALIAS_RID_USERS, 0, 0, 0, 0, 0, 0, &UsersSid);
3317
3320
3332 LocalFree(NewAcl);
3333
3340 LocalFree(NewAcl);
3341
3343 {
3345 }
3346 else
3347 {
3353 LocalFree(NewAcl);
3354
3360 "returned acl wasn't NULL: %p\n", NewAcl);
3361
3368 "returned acl wasn't NULL: %p\n", NewAcl);
3369
3375 LocalFree(NewAcl);
3376 }
3377
3383 LocalFree(NewAcl);
3384
3391 LocalFree(NewAcl);
3392
3393 FreeSid(UsersSid);
3394 FreeSid(EveryoneSid);
3395 free(OldAcl);
3396}
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
Definition: accctrl.h:215
Referenced by START_TEST().
◆ test_SetSecurityDescriptorControl()
|
static |
Definition at line 4468 of file security.c.
4469{
4472
4477 | 0x00000040 | 0x00000080 /* not defined in winnt.h */
4478 ;
4484 ;
4485
4486 int bit;
4487 DWORD dwRevision;
4489
4491
4492 /* The mutable bits are mutable regardless of the truth of
4493 SE_DACL_PRESENT and/or SE_SACL_PRESENT */
4494
4495 /* Check call barfs if any bit-of-interest is immutable */
4496 for (bit = 0; bit < 16; ++bit)
4497 {
4500
4502
4503 DWORD dwExpect = (bitOfInterest & immutable)
4504 ? ERROR_INVALID_PARAMETER : 0xbebecaca;
4505 LPCSTR strExpect = (bitOfInterest & immutable)
4506 ? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
4507
4509 setOrClear ^= bitOfInterest;
4510 SetLastError (0xbebecaca);
4511 SetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
4515
4516 setOrClear ^= bitOfInterest;
4517 SetLastError (0xbebecaca);
4518 SetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
4522 }
4523
4524 /* Check call barfs if any bit-to-set is immutable
4525 even when not a bit-of-interest */
4526 for (bit = 0; bit < 16; ++bit)
4527 {
4530
4532
4533 DWORD dwExpect = ((1 << bit) & immutable)
4534 ? ERROR_INVALID_PARAMETER : 0xbebecaca;
4535 LPCSTR strExpect = ((1 << bit) & immutable)
4536 ? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
4537
4539 setOrClear ^= bitsOfInterest;
4540 SetLastError (0xbebecaca);
4541 SetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
4545
4547 setOrClear ^= bitsOfInterest;
4548 SetLastError (0xbebecaca);
4549 SetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
4553 }
4554}
Definition: dsound.c:943
Referenced by test_PrivateObjectSecurity().
◆ test_sid_str()
Definition at line 2045 of file security.c.
Referenced by test_LookupAccountSid(), and test_process_security().
◆ test_system_security_access()
Definition at line 6828 of file security.c.
6829{
6831 {'S','O','F','T','W','A','R','E','\\','W','i','n','e','\\','S','A','C','L','t','e','s','t',0};
6833 HKEY hkey;
6835 ACL *sacl;
6837 TOKEN_PRIVILEGES priv, *priv_prev;
6839 LUID luid;
6841
6842 if (!OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY, &token )) return;
6844 {
6846 return;
6847 }
6848
6849 /* ACCESS_SYSTEM_SECURITY requires special privilege */
6850 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ|ACCESS_SYSTEM_SECURITY, NULL, &hkey, NULL );
6852 {
6855 return;
6856 }
6858
6859 priv.PrivilegeCount = 1;
6862
6866
6867 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ|ACCESS_SYSTEM_SECURITY, NULL, &hkey, NULL );
6869 {
6871 free( priv_prev );
6873 return;
6874 }
6876
6877 /* restore privileges */
6880 free( priv_prev );
6881
6882 /* privilege is checked on access */
6883 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6884 todo_wine ok( err == ERROR_PRIVILEGE_NOT_HELD || err == ERROR_ACCESS_DENIED, "got %lu\n", err );
6887
6888 priv.PrivilegeCount = 1;
6891
6895
6896 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6898 RegCloseKey( hkey );
6900
6901 /* handle created without ACCESS_SYSTEM_SECURITY, privilege held */
6902 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ, NULL, &hkey, NULL );
6904
6906 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6908 RegCloseKey( hkey );
6910
6911 /* restore privileges */
6914 free( priv_prev );
6915
6916 /* handle created without ACCESS_SYSTEM_SECURITY, privilege not held */
6917 res = RegCreateKeyExW( HKEY_LOCAL_MACHINE, testkeyW, 0, NULL, 0, KEY_READ, NULL, &hkey, NULL );
6919
6920 err = GetSecurityInfo( hkey, SE_REGISTRY_KEY, SACL_SECURITY_INFORMATION, NULL, NULL, NULL, &sacl, &sd );
6922 RegCloseKey( hkey );
6923
6927}
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
Definition: reg.c:1096
Referenced by START_TEST().
◆ test_thread_security()
Definition at line 6073 of file security.c.
6074{
6077 static const struct
6078 {
6079 int generic, mapped;
6080 } map[] =
6081 {
6082 { 0, 0 },
6084 { GENERIC_WRITE, STANDARD_RIGHTS_WRITE | THREAD_SET_INFORMATION | THREAD_SET_CONTEXT | THREAD_TERMINATE | THREAD_SUSPEND_RESUME | 0x4 },
6087 };
6088
6089 SetLastError(0xdeadbeef);
6092
6094 ok(access == THREAD_ALL_ACCESS_NT4 || access == THREAD_ALL_ACCESS_VISTA, "expected THREAD_ALL_ACCESS, got %#lx\n", access);
6095
6097 {
6098 SetLastError( 0xdeadbeef );
6102
6105 {
6112 break;
6118 break;
6122 break;
6123 default:
6125 break;
6126 }
6127
6129 }
6130
6131 SetLastError( 0xdeadbeef );
6140
6143}
BOOL WINAPI TerminateThread(IN HANDLE hThread, IN DWORD dwExitCode)
Definition: thread.c:587
#define THREAD_SET_CONTEXT
#define THREAD_SUSPEND_RESUME
#define THREAD_GET_CONTEXT
Referenced by test_kernel_objects_security().
◆ test_token_attr()
Definition at line 1782 of file security.c.
1783{
1787 TOKEN_GROUPS *Groups;
1793 LPSTR SidString;
1795 ACL *acl;
1796
1797 /* cygwin-like use case */
1798 SetLastError(0xdeadbeef);
1801 {
1803 return;
1804 }
1807 {
1815 ok(!ret && (GLE == ERROR_INVALID_PARAMETER), "GetTokenInformation(TokenImpersonationLevel) on primary token should have failed with ERROR_INVALID_PARAMETER instead of %ld\n", GLE);
1817 }
1818
1819 SetLastError(0xdeadbeef);
1822
1823 /* groups */
1824 /* insufficient buffer length */
1825 SetLastError(0xdeadbeef);
1826 Size2 = 0;
1831 Size2 -= 1;
1832 Groups = malloc(Size2);
1833 memset(Groups, 0xcc, Size2);
1834 Size = 0;
1841
1842 free(Groups);
1843
1844 SetLastError(0xdeadbeef);
1847 "GetTokenInformation(TokenGroups) %s with error %ld\n",
1850 SetLastError(0xdeadbeef);
1854 "GetTokenInformation shouldn't have set last error to %ld\n",
1855 GetLastError());
1858 {
1859 DWORD NameLength = 255;
1861 DWORD DomainLength = 255;
1863 SID_NAME_USE SidNameUse;
1866 ret = LookupAccountSidA(NULL, Groups->Groups[i].Sid, Name, &NameLength, Domain, &DomainLength, &SidNameUse);
1868 {
1870 trace("%s, %s\\%s use: %d attr: 0x%08lx\n", SidString, Domain, Name, SidNameUse, Groups->Groups[i].Attributes);
1871 LocalFree(SidString);
1872 }
1873 else trace("attr: 0x%08lx LookupAccountSid failed with error %ld\n", Groups->Groups[i].Attributes, GetLastError());
1874 }
1875 free(Groups);
1876
1877 /* user */
1885
1888 LocalFree(SidString);
1890
1891 /* owner */
1899
1902 LocalFree(SidString);
1904
1905 /* logon */
1909 else
1910 {
1918 {
1921 {
1924 LocalFree(SidString);
1925
1926 /* S-1-5-5-0-XXXXXX */
1929
1930 ok(Groups->Groups[0].Attributes == (SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED | SE_GROUP_LOGON_ID),
1932 }
1933 }
1934
1935 free(Groups);
1936 }
1937
1938 /* privileges */
1948 {
1953 }
1955
1958
1960 ret = GetTokenInformation(ImpersonationToken, TokenImpersonationLevel, &ImpersonationLevel, Size, &Size);
1961 ok(ret, "GetTokenInformation(TokenImpersonationLevel) failed with error %ld\n", GetLastError());
1962 ok(ImpersonationLevel == SecurityAnonymous, "ImpersonationLevel should have been SecurityAnonymous instead of %d\n", ImpersonationLevel);
1963
1964 CloseHandle(ImpersonationToken);
1965
1966 /* default dacl */
1970
1974
1975 SetLastError(0xdeadbeef);
1980
1981 SetLastError(0xdeadbeef);
1986
1987 acl = Dacl->DefaultDacl;
1989
1992
1993 Size2 = 0;
1998 ok(Size2 == sizeof(TOKEN_DEFAULT_DACL) || broken(Size2 == 2*sizeof(TOKEN_DEFAULT_DACL)), /* WoW64 */
1999 "got %lu expected sizeof(TOKEN_DEFAULT_DACL)\n", Size2);
2000
2001 Dacl->DefaultDacl = acl;
2004
2008 } else
2010
2013}
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:796
BOOL WINAPI LookupPrivilegeNameA(LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
Definition: security.c:1299
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1625
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1629
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: psfuncs.h:157
Referenced by START_TEST().
◆ test_token_label()
Definition at line 7199 of file security.c.
7200{
7202 {SECURITY_MANDATORY_LOW_RID}};
7203 char sacl_buffer[50];
7206 TOKEN_LINKED_TOKEN linked;
7211
7212 if (!pAddMandatoryAce)
7213 {
7215 return;
7216 }
7217
7218 ret = OpenProcessToken(GetCurrentProcess(), READ_CONTROL | TOKEN_QUERY | TOKEN_DUPLICATE, &token);
7220
7222
7225
7228
7229 CloseHandle(token2);
7230
7231 ret = DuplicateTokenEx(token, READ_CONTROL, NULL, SecurityImpersonation, TokenImpersonation, &token2);
7233
7236
7237 CloseHandle(token2);
7238
7239 /* Any label set in the SD when calling DuplicateTokenEx() is ignored. */
7240
7244
7248
7250#ifdef __REACTOS__
7252#else
7254#endif
7256
7258 ret = DuplicateTokenEx(token, TOKEN_ALL_ACCESS, &attr, SecurityImpersonation, TokenImpersonation, &token2);
7260
7263
7264 /* Trying to set a SD on the token also claims success but has no effect. */
7265
7268
7271
7273
7274 /* Test the linked token. */
7275
7276#ifdef __REACTOS__
7277 /* This test crashes on Vista and Win7 */
7280 }
7281 else {
7282#endif
7285
7288
7290#ifdef __REACTOS__
7291 }
7292#endif
7293
7295}
BOOL WINAPI AddMandatoryAce(PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid)
Definition: security.c:1372
static void check_token_label(HANDLE token, DWORD *level, BOOL sacl_inherited)
Definition: security.c:7123
Referenced by START_TEST().
◆ test_token_security_descriptor()
Definition at line 7297 of file security.c.
7298{
7300 {SECURITY_MANDATORY_LOW_RID}};
7307 EXPLICIT_ACCESSW exp_access;
7310 ACCESS_ALLOWED_ACE *ace;
7313 PSID psid;
7314
7315 /* Test whether we can create tokens with security descriptors */
7318
7321
7325
7328
7331
7334
7338
7339 ret = DuplicateTokenEx(token, MAXIMUM_ALLOWED, &sa, SecurityImpersonation, TokenImpersonation, &token2);
7341
7345
7349
7350 acl2 = (void *)0xdeadbeef;
7351 present = FALSE;
7352 defaulted = TRUE;
7359
7362 ok(ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE, "Unexpected ACE type %#x\n", ace->Header.AceType);
7366
7367 free(sd2);
7368
7369 /* Duplicate token without security attributes.
7370 * Tokens do not inherit the security descriptor in DuplicateToken. */
7371 ret = DuplicateTokenEx(token2, MAXIMUM_ALLOWED, NULL, SecurityImpersonation, TokenImpersonation, &token3);
7373
7377
7381
7382 acl2 = (void *)0xdeadbeef;
7383 present = FALSE;
7384 defaulted = TRUE;
7388
7391
7392 index = 0;
7393 found = FALSE;
7395 {
7397 found = TRUE;
7398 }
7400
7401 free(sd2);
7402
7403 /* When creating a child process, the process does inherit the token of
7404 * the parent but not the DACL of the token */
7408
7412
7413 acl2 = (void *)0xdeadbeef;
7414 present = FALSE;
7415 defaulted = TRUE;
7421
7430
7431 retd = SetEntriesInAclW(1, &exp_access, acl2, &acl_child);
7433
7437
7440
7443
7444 /* The security label is also not inherited */
7445 if (pAddMandatoryAce)
7446 {
7449
7452
7456
7459
7462 }
7463 else
7465
7466 /* Start child process with our modified token */
7471
7478
7479 LocalFree(acl_child);
7480 free(sd2);
7481 LocalFree(psid);
7482
7483 CloseHandle(token3);
7484 CloseHandle(token2);
7486}
Referenced by START_TEST().
◆ test_TokenIntegrityLevel()
Definition at line 6346 of file security.c.
6347{
6348 TOKEN_MANDATORY_LABEL *tml;
6354 {SECURITY_MANDATORY_HIGH_RID}};
6356 {SECURITY_MANDATORY_MEDIUM_RID}};
6357
6358 SetLastError(0xdeadbeef);
6361
6362 SetLastError(0xdeadbeef);
6364
6365 /* not supported before Vista */
6366 if (!res && ((GetLastError() == ERROR_INVALID_PARAMETER) || GetLastError() == ERROR_INVALID_FUNCTION))
6367 {
6370 return;
6371 }
6372
6375 {
6377 return;
6378 }
6379
6382 "got 0x%lx (expected 0x%x)\n", tml->Label.Attributes, (SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED));
6383
6384#ifdef __REACTOS__ // This crashes on Vista, Win7, and Win8.1.
6386#endif
6390
6392}
Definition: setypes.h:1072
Referenced by START_TEST().
◆ test_trustee()
Definition at line 405 of file security.c.
406{
407 GUID ObjectType = {0x12345678, 0x1234, 0x5678, {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}};
408 GUID InheritedObjectType = {0x23456789, 0x2345, 0x6786, {0x2, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99}};
409 GUID ZeroGuid;
410 OBJECTS_AND_NAME_A oan;
411 OBJECTS_AND_SID oas;
412 TRUSTEEA trustee;
413 PSID psid;
414 char szObjectTypeName[] = "ObjectTypeName";
415 char szInheritedObjectTypeName[] = "InheritedObjectTypeName";
416 char szTrusteeName[] = "szTrusteeName";
417 SID_IDENTIFIER_AUTHORITY auth = { {0x11,0x22,0,0,0, 0} };
418
420
423 pBuildTrusteeWithObjectsAndNameA = (void *)GetProcAddress (hmod, "BuildTrusteeWithObjectsAndNameA" );
424 pBuildTrusteeWithObjectsAndSidA = (void *)GetProcAddress (hmod, "BuildTrusteeWithObjectsAndSidA" );
426 if( !pBuildTrusteeWithSidA || !pBuildTrusteeWithNameA ||
427 !pBuildTrusteeWithObjectsAndNameA || !pBuildTrusteeWithObjectsAndSidA ||
428 !pGetTrusteeNameA )
429 return;
430
432 {
434 return;
435 }
436
437 /* test BuildTrusteeWithSidA */
439 pBuildTrusteeWithSidA( &trustee, psid );
440
443 "MultipleTrusteeOperation wrong\n");
447
448 /* test BuildTrusteeWithObjectsAndSidA (test 1) */
451 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas, &ObjectType,
452 &InheritedObjectType, psid);
453
455 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
459
460 ok(oas.ObjectsPresent == (ACE_OBJECT_TYPE_PRESENT | ACE_INHERITED_OBJECT_TYPE_PRESENT), "ObjectsPresent wrong\n");
462 ok(!memcmp(&oas.InheritedObjectTypeGuid, &InheritedObjectType, sizeof(GUID)), "InheritedObjectTypeGuid wrong\n");
464
465 /* test GetTrusteeNameA */
467
468 /* test BuildTrusteeWithObjectsAndSidA (test 2) */
471 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas, NULL,
472 &InheritedObjectType, psid);
473
475 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
479
482 ok(!memcmp(&oas.InheritedObjectTypeGuid, &InheritedObjectType, sizeof(GUID)), "InheritedObjectTypeGuid wrong\n");
484
485 FreeSid( psid );
486
487 /* test BuildTrusteeWithNameA */
489 pBuildTrusteeWithNameA( &trustee, szTrusteeName );
490
493 "MultipleTrusteeOperation wrong\n");
497
498 /* test BuildTrusteeWithObjectsAndNameA (test 1) */
501 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan, SE_KERNEL_OBJECT, szObjectTypeName,
502 szInheritedObjectTypeName, szTrusteeName);
503
505 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
509
510 ok(oan.ObjectsPresent == (ACE_OBJECT_TYPE_PRESENT | ACE_INHERITED_OBJECT_TYPE_PRESENT), "ObjectsPresent wrong\n");
512 ok(oan.InheritedObjectTypeName == szInheritedObjectTypeName, "InheritedObjectTypeName wrong\n");
514
515 /* test GetTrusteeNameA */
517
518 /* test BuildTrusteeWithObjectsAndNameA (test 2) */
522 szInheritedObjectTypeName, szTrusteeName);
523
525 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
529
532 ok(oan.InheritedObjectTypeName == szInheritedObjectTypeName, "InheritedObjectTypeName wrong\n");
534
535 /* test BuildTrusteeWithObjectsAndNameA (test 3) */
538 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan, SE_KERNEL_OBJECT, szObjectTypeName,
539 NULL, szTrusteeName);
540
542 ok(trustee.MultipleTrusteeOperation == NO_MULTIPLE_TRUSTEE, "MultipleTrusteeOperation wrong\n");
546
551}
Definition: shobjidl.idl:3021
Definition: accctrl.h:356
Definition: accctrl.h:348
Definition: accctrl.h:204
Referenced by START_TEST().
◆ test_window_security()
Definition at line 8796 of file security.c.
8797{
8799 BOOL present, defaulted;
8800 HDESK desktop;
8803
8805
8809
8814
8816}
HDESK WINAPI GetThreadDesktop(_In_ DWORD)
Referenced by START_TEST().
◆ validate_default_security_descriptor()
|
static |
Definition at line 5442 of file security.c.
5443{
5445 ACL *acl;
5447
5450
5451 present = -1;
5452 defaulted = -1;
5453 acl = (void *)0xdeadbeef;
5454 SetLastError(0xdeadbeef);
5457 todo_wine
5459 todo_wine
5462
5463 defaulted = -1;
5465 SetLastError(0xdeadbeef);
5468 todo_wine
5471
5472 defaulted = -1;
5474 SetLastError(0xdeadbeef);
5477 todo_wine
5480}
Referenced by test_default_handle_security().
◆ validate_impersonation_token()
Definition at line 6262 of file security.c.
6263{
6266 SECURITY_IMPERSONATION_LEVEL sil;
6267
6268 type = 0xdeadbeef;
6269 needed = 0;
6270 SetLastError(0xdeadbeef);
6274 ok(type == TokenPrimary || type == TokenImpersonation, "expected TokenPrimary or TokenImpersonation, got %d\n", type);
6275
6276 *token_type = type;
6278
6279 needed = 0;
6280 SetLastError(0xdeadbeef);
6285
6286 needed = 0xdeadbeef;
6287 SetLastError(0xdeadbeef);
6290 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6293
6294 needed = 0xdeadbeef;
6295 SetLastError(0xdeadbeef);
6298 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6301
6302 needed = 0xdeadbeef;
6303 SetLastError(0xdeadbeef);
6306 ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, "expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
6308 ok(needed > sizeof(TOKEN_PRIMARY_GROUP), "GetTokenInformation returned empty token primary group\n");
6309
6311}
Referenced by test_kernel_objects_security().
◆ VOID()
Variable Documentation
◆ ACCESS_MASK
Definition at line 100 of file security.c.
◆ BOOLEAN
Definition at line 99 of file security.c.
Referenced by PspWriteTebImpersonationInfo().
◆ DWORD
Definition at line 84 of file security.c.
◆ HANDLE
Definition at line 100 of file security.c.
Referenced by test_duplicate_handle_access_child(), and test_maximum_allowed().
◆ hmod
Definition at line 104 of file security.c.
Referenced by ask_confirm(), ask_overwrite_value(), child_process(), COMDLG32_FR_DoFindReplace(), EnumResourceLanguagesA(), EnumResourceLanguagesW(), EnumResourceNamesA(), EnumResourceNamesW(), EnumResourceTypesA(), EnumResourceTypesW(), GetExportsFromFile(), GetFileMUIInfo(), GetFunctionFromForwarder(), include_pac_utils(), Init(), init(), init_function_pointers(), init_functions(), load_config_driver(), load_v6_module(), LoadModuleWithSymbols(), LoadModuleWithSymbolsFullPath(), main(), MULTIMEDIA_PlaySound(), ParseImageSymbols(), PlaySound_AllocAndGetMMIO(), PlaySoundA(), PlaySoundW(), PlaySoundWrapW(), RegisterTypeLibraries(), SHLoadIndirectString(), SQLConfigDriver(), SQLConfigDriverW(), START_TEST(), test_AdvInstallFile(), test_allocateLuid(), Test_atexit(), Test_CORE_20401(), test_GetConsoleFontInfo(), test_GetConsoleFontSize(), test_GetConsoleScreenBufferInfoEx(), test_GetCurrentConsoleFontEx(), test_GetLargestConsoleWindowSize(), test_iocp_callback(), test_lookupPrivilegeName(), test_lookupPrivilegeValue(), test_msidecomposedesc(), test_NdrDllGetClassObject(), test_NdrDllRegisterProxy(), test_SetConsoleFont(), test_SetConsoleScreenBufferInfoEx(), test_sha_ctx(), test_sscanf(), test_sscanf_s(), test_swscanf_s(), test_trustee(), test_unload_trace(), TestGlobalClasses(), TestVersionedClasses(), twain_add_onedriver(), TWAIN_OpenDS(), and use_common().
◆ InheritedObjectTypeName
| POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName |
Definition at line 91 of file security.c.
Referenced by BuildTrusteeWithObjectsAndNameA(), and BuildTrusteeWithObjectsAndNameW().
◆ myARGC
|
static |
Definition at line 105 of file security.c.
Referenced by init(), and START_TEST().
◆ myARGV
|
static |
Definition at line 106 of file security.c.
Referenced by init(), START_TEST(), test_create_process_token(), test_create_process_token_child(), test_duplicate_handle_access(), test_duplicate_handle_access_child(), test_GetSecurityInfo(), test_process_security(), and test_token_security_descriptor().
◆ Name
Definition at line 92 of file security.c.
◆ ObjectType
Definition at line 89 of file security.c.
◆ ObjectTypeName
| POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName |
Definition at line 90 of file security.c.
Referenced by AccessCheckAndAuditAlarmA(), AccessCheckAndAuditAlarmW(), BuildTrusteeWithObjectsAndNameA(), BuildTrusteeWithObjectsAndNameW(), NpCreateClientEnd(), NpCreateExistingNamedPipe(), NtAccessCheckAndAuditAlarm(), NtAccessCheckByTypeAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarm(), NtAccessCheckByTypeResultListAndAuditAlarmByHandle(), NtOpenObjectAuditAlarm(), ObjectOpenAuditAlarmA(), ObjectOpenAuditAlarmW(), SepAccessCheckAndAuditAlarm(), SepOpenObjectAuditAlarm(), and test_query_directory().
◆ PBOOLEAN
Definition at line 99 of file security.c.
◆ PGENERIC_MAPPING
Definition at line 100 of file security.c.
◆ pInheritedObjectGuid
| POBJECTS_AND_SID GUID GUID* pInheritedObjectGuid |
Definition at line 96 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ pName
| LPSTR pName |
Definition at line 86 of file security.c.
Referenced by _FindPESectionByName(), _LocalEnumPrintersCheckName(), _RpcAddMonitor(), _RpcAddPort(), _RpcAddPortEx(), _RpcAddPrinterDriver(), _RpcAddPrinterDriverEx(), _RpcAddPrintProcessor(), _RpcAddPrintProvidor(), _RpcConfigurePort(), _RpcDeleteMonitor(), _RpcDeletePort(), _RpcDeletePrinterDriver(), _RpcDeletePrinterDriverEx(), _RpcDeletePrintProcessor(), _RpcDeletePrintProvidor(), _RpcEnumMonitors(), _RpcEnumPorts(), _RpcEnumPrinterDrivers(), _RpcEnumPrintProcessorDatatypes(), _RpcEnumPrintProcessors(), _RpcGetPrinterDriverDirectory(), _RpcGetPrintProcessorDirectory(), _RpcSetPort(), AddMonitorA(), AddMonitorW(), AddPortA(), AddPortExA(), AddPortExW(), AddPortW(), AddPrinterA(), AddPrinterDriverA(), AddPrinterDriverExA(), AddPrinterDriverExW(), AddPrinterDriverW(), AddPrinterExW(), AddPrinterW(), AddPrintMonitorList(), AddPrintProcessorA(), AddPrintProcessorW(), AddPrintProvidorA(), AddPrintProvidorW(), BaseFilterImpl_JoinFilterGraph(), cert_name_to_str_with_indent(), CertFindRDNAttr(), CertNameToStrA(), CertNameToStrW(), ConfigFileHandler_skippedEntity(), ConfigurePortA(), ConfigurePortW(), ConstructXcvName(), CCFDATAStorage::Create(), CreateAssemblyEnum(), FxDevice::CreateDevice(), CreateInstallReferenceEnum(), FxDevice::CreateSymbolicLink(), DECLARE_INTERFACE_(), DeleteMonitorA(), DeleteMonitorW(), DeletePortA(), DeletePortW(), DeletePrinterDriverA(), DeletePrinterDriverExA(), DeletePrinterDriverExW(), DeletePrinterDriverW(), DeletePrintProcessorA(), DeletePrintProcessorW(), DeletePrintProvidorA(), DeletePrintProvidorW(), enumerate_gac(), EnumFormsA(), EnumMonitorsA(), EnumMonitorsW(), EnumPortsA(), EnumPortsW(), EnumPrinterDriversA(), EnumPrinterDriversW(), EnumPrintersA(), EnumPrintProcessorDatatypesA(), EnumPrintProcessorDatatypesW(), EnumPrintProcessorsA(), EnumPrintProcessorsW(), Ext2IsNameValid(), Ext2ProcessEntry(), FATGetNextDirEntry(), FilterGraph2_AddFilter(), FilterGraph2_FindFilterByName(), find_installed_ports(), FsdGetFsAttributeInformation(), CFindFolder::GetDisplayNameOf(), CCabFolder::GetDisplayNameOf(), CRecycleBin::GetDisplayNameOf(), CNetConnectionPropertyUi::GetINetCfgComponent(), GetMonitorUI(), GetPrinterDriverDirectoryA(), GetPrinterDriverDirectoryW(), GetPrintProcessorDirectoryA(), GetPrintProcessorDirectoryW(), IAssemblyNameImpl_Clone(), IAssemblyNameImpl_IsEqual(), implicit_handle(), InitializeFormList(), IntStoreName(), CKsProxy::JoinFilterGraph(), LocalAddMonitor(), LocalAddPort(), LocalAddPortEx(), LocalAddPrinterDriver(), LocalAddPrinterDriverEx(), LocalConfigurePort(), LocalDeleteMonitor(), LocalDeletePort(), LocalEnumMonitors(), LocalEnumPorts(), LocalEnumPrinterDrivers(), LocalEnumPrintProcessorDatatypes(), LocalEnumPrintProcessors(), LocalGetPrinterDriverDirectory(), LocalGetPrintProcessorDirectory(), LocalmonEnumPorts(), LocalmonOpenPort(), LocalSetPort(), localui_AddPortUI(), localui_ConfigurePortUI(), localui_DeletePortUI(), ParaNdis_OnPnPEvent(), Parser_JoinFilterGraph(), pointer_default(), PrintD2(), PrintDebug(), SetDomainAndUsername(), SetPortA(), SetPortW(), SHFindAttrW(), SHGetUserDisplayName(), START_TEST(), StartPortThread(), test_EnumForms(), test_NameToStrConversionA_(), test_NameToStrConversionW_(), TestFilter_JoinFilterGraph(), TreeListChar(), vfatSplitPathName(), and VfdGetDeviceName().
◆ pObjectGuid
| POBJECTS_AND_SID GUID* pObjectGuid |
Definition at line 95 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ pObjName
| POBJECTS_AND_NAME_A pObjName |
Definition at line 88 of file security.c.
Referenced by BuildTrusteeWithObjectsAndNameA(), BuildTrusteeWithObjectsAndNameW(), and ConvertPath().
◆ pObjSid
| POBJECTS_AND_SID pObjSid |
Definition at line 94 of file security.c.
Referenced by BuildTrusteeWithObjectsAndSidA(), and BuildTrusteeWithObjectsAndSidW().
◆ PPRIVILEGE_SET
Definition at line 101 of file security.c.
◆ PSID
Definition at line 84 of file security.c.
◆ pSid
| static POBJECTS_AND_SID GUID GUID PSID pSid |
Definition at line 85 of file security.c.
Referenced by AccpLookupCurrentUser(), AccpLookupSidByName(), AddAccessAllowedAce(), AddAccessAllowedAceEx(), AddAccessAllowedObjectAce(), AddAccessDeniedAce(), AddAccessDeniedAceEx(), AddAccessDeniedObjectAce(), AddAuditAccessAce(), AddAuditAccessAceEx(), AddAuditAccessObjectAce(), AddSelectedPrincipal(), AllocateAndInitializeSid(), BuildDefaultPrincipalAce(), BuildTrusteeWithObjectsAndSidA(), BuildTrusteeWithObjectsAndSidW(), BuildTrusteeWithSidA(), BuildTrusteeWithSidW(), CachedGetUserFromSid(), CacheLookupResults(), ConvertStringSidToSidW(), CreateUserProfileA(), CreateUserProfileExA(), CreateUserProfileExW(), CreateUserProfileW(), CreateWellKnownSid(), DequeueSidLookup(), DisplayDacl(), FindSidInCache(), fnIMLangFontLink2_CodePageToScriptID(), FreeSid(), GetLengthSid(), GetShellSecurityDescriptor(), GetSidIdentifierAuthority(), GetSidSubAuthority(), GetSidSubAuthorityCount(), GetTextSid(), GetTextualSid(), GetUserSid(), Imm32IsInteractiveUserLogon(), InvokeObjectPickerDialog(), IsInteractiveUserLogon(), IsNTAdmin(), IsValidSid(), IsWellKnownSid(), LookupAccountSidW(), LookupSidCache(), LookupSidInformation(), LookupThreadProc(), ParseStringSidToSid(), PrintSid(), QueueSidLookup(), RtlAllocateAndInitializeSid(), SampInitializeSAM(), and WhoamiLogonId().
◆ PULONG
Definition at line 101 of file security.c.
◆ PUNICODE_STRING
| NTSTATUS *static PUNICODE_STRING |
Definition at line 102 of file security.c.
◆ well_known_sid_values
|
static |
Referenced by test_CreateWellKnownSid(), and test_EqualDomainSid().
