26#define WIN32_NO_STATUS
41#ifndef wine_dbg_sprintf
58#ifndef PROCESS_QUERY_LIMITED_INFORMATION
59#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
63#define PROCESS_ALL_ACCESS_NT4 (PROCESS_ALL_ACCESS & ~0xf000)
64#define PROCESS_ALL_ACCESS_VISTA (PROCESS_ALL_ACCESS | 0xf000)
66#ifndef EVENT_QUERY_STATE
67#define EVENT_QUERY_STATE 0x0001
70#ifndef SEMAPHORE_QUERY_STATE
71#define SEMAPHORE_QUERY_STATE 0x0001
74#ifndef THREAD_SET_LIMITED_INFORMATION
75#define THREAD_SET_LIMITED_INFORMATION 0x0400
76#define THREAD_QUERY_LIMITED_INFORMATION 0x0800
79#define THREAD_ALL_ACCESS_NT4 (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3ff)
80#define THREAD_ALL_ACCESS_VISTA (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xffff)
82#define expect_eq(expr, value, type, format) { type ret_ = expr; ok((value) == ret_, #expr " expected " format " got " format "\n", (value), (ret_)); }
118 res = __wine_dbg_strdup(sidstr);
156 ok_(__FILE__,
line)(!
ret,
"GetKernelObjectSecurity should fail\n");
158 ok_(__FILE__,
line)(needed != 0xdeadbeef,
"GetKernelObjectSecurity should return required buffer length\n");
168 ok_(__FILE__,
line)(needed ==
length || needed == 0 ,
"GetKernelObjectSecurity should return %lu instead of %lu\n",
length, needed);
177 BOOL owner_defaulted;
190 ok_(__FILE__,
line)(!owner_defaulted,
"Defaulted is true\n");
200 BOOL group_defaulted;
213 ok_(__FILE__,
line)(!group_defaulted,
"Defaulted is true\n");
221 { { {0x00,0x00,0x33,0x44,0x55,0x66} },
"S-1-860116326-1" },
222 { { {0x00,0x00,0x01,0x02,0x03,0x04} },
"S-1-16909060-1" },
223 { { {0x00,0x00,0x00,0x01,0x02,0x03} },
"S-1-66051-1" },
224 { { {0x00,0x00,0x00,0x00,0x01,0x02} },
"S-1-258-1" },
225 { { {0x00,0x00,0x00,0x00,0x00,0x02} },
"S-1-2-1" },
226 { { {0x00,0x00,0x00,0x00,0x00,0x0c} },
"S-1-12-1" },
240 {
"OW",
"S-1-3-4", 1 },
246 {
"PS",
"S-1-5-10" },
247 {
"AU",
"S-1-5-11" },
248 {
"RC",
"S-1-5-12" },
249 {
"SY",
"S-1-5-18" },
250 {
"LS",
"S-1-5-19" },
251 {
"NS",
"S-1-5-20" },
252 {
"LA",
"S-1-5-21-*-*-*-500" },
253 {
"LG",
"S-1-5-21-*-*-*-501" },
254 {
"BO",
"S-1-5-32-551" },
255 {
"BA",
"S-1-5-32-544" },
256 {
"BU",
"S-1-5-32-545" },
257 {
"BG",
"S-1-5-32-546" },
258 {
"PU",
"S-1-5-32-547" },
259 {
"AO",
"S-1-5-32-548" },
260 {
"SO",
"S-1-5-32-549" },
261 {
"PO",
"S-1-5-32-550" },
262 {
"RE",
"S-1-5-32-552" },
263 {
"RU",
"S-1-5-32-554" },
264 {
"RD",
"S-1-5-32-555" },
265 {
"NO",
"S-1-5-32-556" },
266 {
"AC",
"S-1-15-2-1", 1 },
278 {
"s-1-12-1",
"S-1-12-1", 1 },
279 {
"S-0x1-0XC-0x1a",
"S-1-12-26", 1 },
281 {
"s-1-12-1",
"S-1-12-1" },
282 {
"S-0x1-0XC-0x1a",
"S-1-12-26" },
286 const char noSubAuthStr[] =
"S-1-5";
294 ok( !
r,
"expected failure with NULL parameters\n" );
298 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
303 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
308 "expected GetLastError() is ERROR_INVALID_PARAMETER, got %ld\n",
313 "expected failure with no sub authorities\n" );
315 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
320 "expected failure with too many characters\n" );
322 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
327 "expected failure with too many characters\n" );
329 "expected GetLastError() is ERROR_INVALID_SID, got %ld\n",
342 r =
AllocateAndInitializeSid( &refs[
i].
auth, 1,1,0,0,0,0,0,0,0,
344 ok(
r,
"failed to allocate sid\n" );
346 ok(
r,
"failed to convert sid\n" );
350 "incorrect sid, expected %s, got %s\n", refs[
i].
refStr,
str );
357 ok(
r,
"failed to parse sid string\n" );
361 sizeof(refs[
i].
auth) ),
362 "string sid %s didn't parse to expected value\n"
363 "(got 0x%04x%08lx, expected 0x%04x%08lx)\n",
385 skip(
"%u: failed to convert %s.\n",
i, str_to_sid_tests[
i].
name);
388 ok(
ret,
"%u: failed to convert string to sid.\n",
i);
398 ok(
ret,
"%u: failed to convert SID to string.\n",
i);
407 GUID ObjectType = {0x12345678, 0x1234, 0x5678, {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}};
408 GUID InheritedObjectType = {0x23456789, 0x2345, 0x6786, {0x2, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99}};
414 char szObjectTypeName[] =
"ObjectTypeName";
415 char szInheritedObjectTypeName[] =
"InheritedObjectTypeName";
416 char szTrusteeName[] =
"szTrusteeName";
419 memset( &ZeroGuid, 0x00,
sizeof (ZeroGuid) );
423 pBuildTrusteeWithObjectsAndNameA = (
void *)
GetProcAddress (
hmod,
"BuildTrusteeWithObjectsAndNameA" );
424 pBuildTrusteeWithObjectsAndSidA = (
void *)
GetProcAddress (
hmod,
"BuildTrusteeWithObjectsAndSidA" );
426 if( !pBuildTrusteeWithSidA || !pBuildTrusteeWithNameA ||
427 !pBuildTrusteeWithObjectsAndNameA || !pBuildTrusteeWithObjectsAndSidA ||
431 if ( !
AllocateAndInitializeSid( &
auth, 1, 42, 0,0,0,0,0,0,0,&psid ) )
433 trace(
"failed to init SID\n" );
438 memset( &trustee, 0xff,
sizeof trustee );
439 pBuildTrusteeWithSidA( &trustee, psid );
443 "MultipleTrusteeOperation wrong\n");
446 ok( trustee.
ptstrName == psid,
"ptstrName wrong\n" );
449 memset( &trustee, 0xff,
sizeof trustee );
450 memset( &oas, 0xff,
sizeof(oas) );
451 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas, &
ObjectType,
452 &InheritedObjectType, psid);
463 ok(oas.
pSid == psid,
"pSid wrong\n");
466 ok(pGetTrusteeNameA(&trustee) == (
LPSTR)&oas,
"GetTrusteeName returned wrong value\n");
469 memset( &trustee, 0xff,
sizeof trustee );
470 memset( &oas, 0xff,
sizeof(oas) );
471 pBuildTrusteeWithObjectsAndSidA(&trustee, &oas,
NULL,
472 &InheritedObjectType, psid);
483 ok(oas.
pSid == psid,
"pSid wrong\n");
488 memset( &trustee, 0xff,
sizeof trustee );
489 pBuildTrusteeWithNameA( &trustee, szTrusteeName );
493 "MultipleTrusteeOperation wrong\n");
496 ok( trustee.
ptstrName == szTrusteeName,
"ptstrName wrong\n" );
499 memset( &trustee, 0xff,
sizeof trustee );
500 memset( &oan, 0xff,
sizeof(oan) );
501 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan,
SE_KERNEL_OBJECT, szObjectTypeName,
502 szInheritedObjectTypeName, szTrusteeName);
513 ok(oan.
ptstrName == szTrusteeName,
"szTrusteeName wrong\n");
516 ok(pGetTrusteeNameA(&trustee) == (
LPSTR)&oan,
"GetTrusteeName returned wrong value\n");
519 memset( &trustee, 0xff,
sizeof trustee );
520 memset( &oan, 0xff,
sizeof(oan) );
522 szInheritedObjectTypeName, szTrusteeName);
533 ok(oan.
ptstrName == szTrusteeName,
"szTrusteeName wrong\n");
536 memset( &trustee, 0xff,
sizeof trustee );
537 memset( &oan, 0xff,
sizeof(oan) );
538 pBuildTrusteeWithObjectsAndNameA(&trustee, &oan,
SE_KERNEL_OBJECT, szObjectTypeName,
539 NULL, szTrusteeName);
550 ok(oan.
ptstrName == szTrusteeName,
"szTrusteeName wrong\n");
554#ifndef SE_MIN_WELL_KNOWN_PRIVILEGE
555#define SE_MIN_WELL_KNOWN_PRIVILEGE 2L
556#define SE_CREATE_TOKEN_PRIVILEGE 2L
557#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3L
558#define SE_LOCK_MEMORY_PRIVILEGE 4L
559#define SE_INCREASE_QUOTA_PRIVILEGE 5L
560#define SE_MACHINE_ACCOUNT_PRIVILEGE 6L
561#define SE_TCB_PRIVILEGE 7L
562#define SE_SECURITY_PRIVILEGE 8L
563#define SE_TAKE_OWNERSHIP_PRIVILEGE 9L
564#define SE_LOAD_DRIVER_PRIVILEGE 10L
565#define SE_SYSTEM_PROFILE_PRIVILEGE 11L
566#define SE_SYSTEMTIME_PRIVILEGE 12L
567#define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13L
568#define SE_INC_BASE_PRIORITY_PRIVILEGE 14L
569#define SE_CREATE_PAGEFILE_PRIVILEGE 15L
570#define SE_CREATE_PERMANENT_PRIVILEGE 16L
571#define SE_BACKUP_PRIVILEGE 17L
572#define SE_RESTORE_PRIVILEGE 18L
573#define SE_SHUTDOWN_PRIVILEGE 19L
574#define SE_DEBUG_PRIVILEGE 20L
575#define SE_AUDIT_PRIVILEGE 21L
576#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22L
577#define SE_CHANGE_NOTIFY_PRIVILEGE 23L
578#define SE_REMOTE_SHUTDOWN_PRIVILEGE 24L
579#define SE_UNDOCK_PRIVILEGE 25L
580#define SE_SYNC_AGENT_PRIVILEGE 26L
581#define SE_ENABLE_DELEGATION_PRIVILEGE 27L
582#define SE_MANAGE_VOLUME_PRIVILEGE 28L
583#define SE_IMPERSONATE_PRIVILEGE 29L
584#define SE_CREATE_GLOBAL_PRIVILEGE 30L
585#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE
595 if (!pAllocateLocallyUniqueId)
return;
597 ret = pAllocateLocallyUniqueId(&luid1);
602 "AllocateLocallyUniqueId failed: %ld\n",
GetLastError());
603 ret = pAllocateLocallyUniqueId(&luid2);
605 "AllocateLocallyUniqueId failed: %ld\n",
GetLastError());
607 "AllocateLocallyUniqueId returned a well-known LUID\n");
609 "AllocateLocallyUniqueId returned non-unique LUIDs\n");
610 ret = pAllocateLocallyUniqueId(
NULL);
612 "AllocateLocallyUniqueId(NULL) didn't return ERROR_NOACCESS: %ld\n",
621 LUID luid = { 0, 0 };
627 if (!pLookupPrivilegeNameA)
return;
638 "LookupPrivilegeNameA didn't fail with ERROR_INSUFFICIENT_BUFFER: %ld\n",
641 "LookupPrivilegeNameA returned an incorrect required length for\n"
642 "SeCreateTokenPrivilege (got %ld, expected %d)\n",
cchName,
643 lstrlenA(
"SeCreateTokenPrivilege") + 1);
648 "LookupPrivilegeNameA returned an incorrect output length for\n"
649 "SeCreateTokenPrivilege (got %ld, expected %d)\n",
cchName,
650 (
int)
strlen(
"SeCreateTokenPrivilege"));
658 "LookupPrivilegeNameA(0.%ld) failed: %ld\n",
i,
GetLastError());
665 "LookupPrivilegeNameA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
670 ret = pLookupPrivilegeNameA(
"b0gu5.Nam3", &luid,
buf, &
cchName);
673 "LookupPrivilegeNameA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
723 if (!pLookupPrivilegeValueA)
return;
724 ret = pLookupPrivilegeValueA(
NULL,
"SeCreateTokenPrivilege", &luid);
729 ret = pLookupPrivilegeValueA(
"b0gu5.Nam3",
"SeCreateTokenPrivilege", &luid);
732 "LookupPrivilegeValueA didn't fail with RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR: %ld\n",
735 ret = pLookupPrivilegeValueA(
NULL, 0, &luid);
737 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
740 ret = pLookupPrivilegeValueA(
NULL,
"SeBogusPrivilege", &luid);
742 "LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
745 ret = pLookupPrivilegeValueA(
NULL,
"sEcREATEtOKENpRIVILEGE", &luid);
747 "LookupPrivilegeValueA(NULL, sEcREATEtOKENpRIVILEGE, &luid) failed: %ld\n",
754 if (pLookupPrivilegeValueA(
NULL, privs[
i].
name, &luid))
757 "LookupPrivilegeValueA returned an invalid LUID for %s\n",
769 DWORD sdSize, retSize, rc, granted, priv_set_len;
804 win_skip(
"GetFileSecurityA is not implemented\n");
807 ok (!rc,
"GetFileSecurityA "
808 "was expected to fail for '%s'\n",
file);
810 "returned %ld; expected ERROR_INSUFFICIENT_BUFFER\n",
GetLastError());
820 ok (rc,
"GetFileSecurityA "
822 ok (retSize == sdSize,
823 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
828 ok (rc,
"SetFileSecurityA "
839 ok (!rc,
"GetFileSecurityA "
840 "was expected to fail for '%s'\n",
path);
842 "returned %ld; expected ERROR_INSUFFICIENT_BUFFER\n",
GetLastError());
852 ok (rc,
"GetFileSecurityA "
854 ok (retSize == sdSize,
855 "GetFileSecurityA returned size %ld; expected %ld\n", retSize, sdSize);
860 ok (rc,
"SetFileSecurityA "
865 strcpy (wintmpdir,
"\\Should not exist");
868 ok (!rc,
"GetFileSecurityA should fail for not existing directories/files\n");
870 "last error ERROR_FILE_NOT_FOUND expected, got %ld\n",
GetLastError());
892 ok(!rc,
"GetFileSecurity should fail\n");
894 "expected ERROR_INSUFFICIENT_BUFFER got %ld\n",
GetLastError());
898 retSize = 0xdeadbeef;
901 sd, sdSize, &retSize);
903 ok(retSize == sdSize,
"expected %ld, got %ld\n", sdSize, retSize);
907 ok(!rc,
"OpenThreadToken should fail\n");
922 priv_set_len =
sizeof(priv_set);
923 granted = 0xdeadbeef;
929 ok(granted ==
FILE_READ_DATA,
"expected FILE_READ_DATA, got %#lx\n", granted);
931 granted = 0xdeadbeef;
939 granted = 0xdeadbeef;
945 ok(granted ==
FILE_EXECUTE,
"expected FILE_EXECUTE, got %#lx\n", granted);
947 granted = 0xdeadbeef;
953 ok(granted ==
DELETE,
"expected DELETE, got %#lx\n", granted);
955 granted = 0xdeadbeef;
963 granted = 0xdeadbeef;
969 ok(granted == 0x1ff,
"expected 0x1ff, got %#lx\n", granted);
971 granted = 0xdeadbeef;
981 ok(!rc,
"AccessCheck should fail\n");
988 retSize = 0xdeadbeef;
991 ok(!rc,
"WriteFile should fail\n");
993 ok(retSize == 0,
"expected 0, got %ld\n", retSize);
1000 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1012 retSize = 0xdeadbeef;
1015 ok(!rc,
"WriteFile should fail\n");
1017 ok(retSize == 0,
"expected 0, got %ld\n", retSize);
1023 "expected FILE_ATTRIBUTE_ARCHIVE|FILE_ATTRIBUTE_READONLY got %#lx\n", rc);
1025 retSize = 0xdeadbeef;
1028 sd, sdSize, &retSize);
1030 ok(retSize == sdSize,
"expected %ld, got %ld\n", sdSize, retSize);
1032 priv_set_len =
sizeof(priv_set);
1033 granted = 0xdeadbeef;
1039 ok(granted ==
FILE_READ_DATA,
"expected FILE_READ_DATA, got %#lx\n", granted);
1041 granted = 0xdeadbeef;
1048 ok(granted ==
FILE_WRITE_DATA,
"expected FILE_WRITE_DATA, got %#lx\n", granted);
1050 granted = 0xdeadbeef;
1056 ok(granted ==
FILE_EXECUTE,
"expected FILE_EXECUTE, got %#lx\n", granted);
1058 granted = 0xdeadbeef;
1064 ok(granted ==
DELETE,
"expected DELETE, got %#lx\n", granted);
1066 granted = 0xdeadbeef;
1072 ok(granted ==
WRITE_OWNER,
"expected WRITE_OWNER, got %#lx\n", granted);
1074 granted = 0xdeadbeef;
1080 ok(granted ==
SYNCHRONIZE,
"expected SYNCHRONIZE, got %#lx\n", granted);
1082 granted = 0xdeadbeef;
1091 granted = 0xdeadbeef;
1098 ok(granted == 0x1ff,
"expected 0x1ff, got %#lx\n", granted);
1100 granted = 0xdeadbeef;
1107 ok(granted ==
FILE_ALL_ACCESS,
"expected FILE_ALL_ACCESS, got %#lx\n", granted);
1111 ok(!rc,
"DeleteFile should fail\n");
1148 skip(
"not running on NT, skipping test\n");
1151 pRtlAdjustPrivilege = (
void *)
GetProcAddress(NtDllModule,
"RtlAdjustPrivilege");
1152 if (!pRtlAdjustPrivilege)
1154 win_skip(
"missing RtlAdjustPrivilege, skipping test\n");
1162 skip(
"ACLs not implemented - skipping tests\n");
1168 res =
AllocateAndInitializeSid( &SIDAuthWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
1182 ok(
res,
"InitializeSecurityDescriptor failed with error %ld\n",
GetLastError());
1188 PrivSet =
calloc(1, PrivSetLen);
1206 "failed with ERROR_INVALID_SECURITY_DESCR, instead of %ld\n",
err);
1208 "Access and/or AccessStatus were changed!\n");
1223 "with ERROR_GENERIC_NOT_MAPPED, instead of %ld\n",
err);
1225 "Access and/or AccessStatus were changed!\n");
1234 "with ERROR_NOACCESS, instead of %ld\n",
err);
1236 "Access and/or AccessStatus were changed!\n");
1245 "with ERROR_NOACCESS, instead of %ld\n",
err);
1247 "Access and/or AccessStatus were changed!\n");
1256 "with ERROR_NOACCESS, instead of %ld\n",
err);
1258 "Access and/or AccessStatus were changed!\n");
1268 "AccessCheck failed to grant access with error %ld\n",
1278 "with ERROR_NOACCESS, instead of %ld\n",
err);
1280 "Access and/or AccessStatus were changed!\n");
1288 Access = ntAccessStatus = 0x1abe11ed;
1290 NULL, &ntPrivSetLen, &Access, &ntAccessStatus);
1293 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1294 ok(
err == 0xdeadbeef,
1295 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1296 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1297 "Access and/or AccessStatus were changed!\n");
1298 ok(ntPrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", ntPrivSetLen);
1302 Access = ntAccessStatus = 0x1abe11ed;
1304 PrivSet,
NULL, &Access, &ntAccessStatus);
1307 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1308 ok(
err == 0xdeadbeef,
1309 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1310 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1311 "Access and/or AccessStatus were changed!\n");
1315 Access = ntAccessStatus = 0x1abe11ed;
1317 NULL,
NULL, &Access, &ntAccessStatus);
1320 "NtAccessCheck should have failed with STATUS_ACCESS_VIOLATION, got %lx\n", ntret);
1321 ok(
err == 0xdeadbeef,
1322 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1323 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1324 "Access and/or AccessStatus were changed!\n");
1328 Access = ntAccessStatus = 0x1abe11ed;
1331 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1334 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1335 ok(
err == 0xdeadbeef,
1336 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1337 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1338 "Access and/or AccessStatus were changed!\n");
1339 ok(ntPrivSetLen == 0,
"PrivSetLen returns %ld\n", ntPrivSetLen);
1343 Access = ntAccessStatus = 0x1abe11ed;
1346 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1349 "NtAccessCheck should have failed with STATUS_GENERIC_NOT_MAPPED, got %lx\n", ntret);
1350 ok(
err == 0xdeadbeef,
1351 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1352 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1353 "Access and/or AccessStatus were changed!\n");
1354 ok(ntPrivSetLen ==
sizeof(
PRIVILEGE_SET)-1,
"PrivSetLen returns %ld\n", ntPrivSetLen);
1358 Access = ntAccessStatus = 0x1abe11ed;
1361 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1364 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1365 ok(
err == 0xdeadbeef,
1366 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1367 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1368 "Access and/or AccessStatus were changed!\n");
1369 ok(ntPrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", ntPrivSetLen);
1373 Access = ntAccessStatus = 0x1abe11ed;
1376 PrivSet, &ntPrivSetLen, &Access, &ntAccessStatus);
1379 "NtAccessCheck should have failed with STATUS_BUFFER_TOO_SMALL, got %lx\n", ntret);
1380 ok(
err == 0xdeadbeef,
1381 "NtAccessCheck shouldn't set last error, got %ld\n",
err);
1382 ok(Access == 0x1abe11ed && ntAccessStatus == 0x1abe11ed,
1383 "Access and/or AccessStatus were changed!\n");
1384 ok(ntPrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", ntPrivSetLen);
1387 win_skip(
"NtAccessCheck unavailable. Skipping.\n");
1397 "AccessCheck failed to grant access with error %ld\n",
1403 "AccessCheck failed to grant access with error %ld\n",
1414 "with ERROR_ACCESS_DENIED, instead of %ld\n",
err);
1415 ok(!Access,
"Should have failed to grant any access, got 0x%08lx\n", Access);
1429 "AccessCheck failed to grant access with error %ld\n",
1436 "AccessCheck failed to grant any access with error %ld\n",
1438 trace(
"AccessCheck with MAXIMUM_ALLOWED got Access 0x%08lx\n", Access);
1447 "failed with ERROR_NOACCESS, instead of %ld\n",
err);
1449 "Access and/or AccessStatus were changed!\n");
1460 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1462 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1464 "Access and/or AccessStatus were changed!\n");
1474 "failed with ERROR_NOACCESS, instead of %ld\n",
err);
1475 ok(PrivSetLen == 1,
"PrivSetLen returns %ld\n", PrivSetLen);
1477 "Access and/or AccessStatus were changed!\n");
1487 "failed with ERROR_NOACCESS, instead of %ld\n",
err);
1488 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET) - 1,
"PrivSetLen returns %ld\n", PrivSetLen);
1490 "Access and/or AccessStatus were changed!\n");
1500 "failed with ERROR_NOACCESS, instead of %ld\n",
err);
1501 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1503 "Access and/or AccessStatus were changed!\n");
1513 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1514 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1516 "Access and/or AccessStatus were changed!\n");
1526 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1527 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1529 "Access and/or AccessStatus were changed!\n");
1540 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1541 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1543 "Access and/or AccessStatus were changed!\n");
1544 ok(PrivSet->
PrivilegeCount == 0xdeadbeef,
"buffer contents should not be changed\n");
1550 memset(PrivSet, 0xcc, PrivSetLen);
1555 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1557 "AccessCheck failed to grant access with error %ld\n",
GetLastError());
1558 ok(PrivSet->
PrivilegeCount == 0,
"PrivilegeCount returns %ld, expects 0\n",
1565 memset(PrivSet, 0xcc, PrivSetLen);
1571 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET) + 1,
"PrivSetLen returns %ld\n", PrivSetLen);
1573 "AccessCheck failed to grant access with error %ld\n",
GetLastError());
1574 ok(PrivSet->
PrivilegeCount == 0,
"PrivilegeCount returns %ld, expects 0\n",
1586 "failed with ERROR_NOACCESS, instead of %ld\n",
err);
1588 "Access and/or AccessStatus were changed!\n");
1598 "with ERROR_ACCESS_DENIED, instead of %ld\n",
err);
1599 ok(!Access,
"Should have failed to grant any access, got 0x%08lx\n", Access);
1606 "AccessCheck should have failed with ERROR_PRIVILEGE_NOT_HELD, instead of %ld\n",
1622 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1623 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1625 "Access and/or AccessStatus were changed!\n");
1635 "failed with ERROR_INSUFFICIENT_BUFFER, instead of %ld\n",
err);
1636 ok(PrivSetLen ==
sizeof(
PRIVILEGE_SET),
"PrivSetLen returns %ld\n", PrivSetLen);
1638 "Access and/or AccessStatus were changed!\n");
1644 memset(PrivSet, 0xcc, PrivSetLen);
1648 "AccessCheck should have succeeded, error %ld\n",
1651 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1653 ok(PrivSet->
PrivilegeCount == 1,
"PrivilegeCount returns %ld, expects 1\n",
1660 memset(PrivSet, 0xcc, PrivSetLen);
1664 "AccessCheck should have succeeded, error %ld\n",
1667 "Access should be equal to ACCESS_SYSTEM_SECURITY instead of 0x%08lx\n",
1669 ok(PrivSet->
PrivilegeCount == 1,
"PrivilegeCount returns %ld, expects 1\n",
1673 trace(
"Couldn't get SE_SECURITY_PRIVILEGE (0x%08x), skipping ACCESS_SYSTEM_SECURITY test\n",
1690 "with ERROR_ACCESS_DENIED, instead of %ld\n",
err);
1691 ok(!Access,
"Should have failed to grant any access, got 0x%08lx\n", Access);
1703 "with ERROR_BAD_IMPERSONATION_LEVEL, instead of %ld\n",
err);
1712 "with ERROR_NO_IMPERSONATION_TOKEN, instead of %ld\n",
err);
1734 ok(!
ret,
"Expected failure, got %d\n",
ret);
1736 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
1752 ok(!
ret,
"Expected failure, got %d\n",
ret);
1754 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
1770 ok(!
ret,
"Expected failure, got %d\n",
ret);
1772 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
1778 return token_primary_group;
1802 win_skip(
"OpenProcessToken is not implemented\n");
1815 ok(!
ret && (
GLE ==
ERROR_INVALID_PARAMETER),
"GetTokenInformation(TokenImpersonationLevel) on primary token should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
GLE);
1828 ok(Size2 > 1,
"got %ld\n", Size2);
1833 memset(Groups, 0xcc, Size2);
1840 ok(*((
BYTE*)Groups) == 0xcc,
"buffer altered\n");
1847 "GetTokenInformation(TokenGroups) %s with error %ld\n",
1852 ok(
ret,
"GetTokenInformation(TokenGroups) failed with error %ld\n",
GetLastError());
1854 "GetTokenInformation shouldn't have set last error to %ld\n",
1856 trace(
"TokenGroups:\n");
1859 DWORD NameLength = 255;
1861 DWORD DomainLength = 255;
1880 "GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
1884 "GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
1887 trace(
"TokenUser: %s attr: 0x%08lx\n", SidString,
User->User.Attributes);
1894 "GetTokenInformation(TokenOwner) failed with error %ld\n",
GetLastError());
1898 "GetTokenInformation(TokenOwner) failed with error %ld\n",
GetLastError());
1901 trace(
"TokenOwner: %s\n", SidString);
1912 "GetTokenInformation(TokenLogonSid) failed with error %ld\n",
GetLastError());
1916 "GetTokenInformation(TokenLogonSid) failed with error %ld\n",
GetLastError());
1923 trace(
"TokenLogon: %s\n", SidString);
1928 ok(
ret,
"Unknown SID\n");
1941 "GetTokenInformation(TokenPrivileges) failed with error %ld\n",
GetLastError());
1945 "GetTokenInformation(TokenPrivileges) failed with error %ld\n",
GetLastError());
1946 trace(
"TokenPrivileges:\n");
1961 ok(
ret,
"GetTokenInformation(TokenImpersonationLevel) failed with error %ld\n",
GetLastError());
1969 "GetTokenInformation(TokenDefaultDacl) failed with error %lu\n",
GetLastError());
1973 ok(
ret,
"GetTokenInformation(TokenDefaultDacl) failed with error %lu\n",
GetLastError());
1978 ok(!
ret,
"SetTokenInformation(TokenDefaultDacl) succeeded\n");
1984 ok(!
ret,
"SetTokenInformation(TokenDefaultDacl) succeeded\n");
1987 acl =
Dacl->DefaultDacl;
1991 ok(
ret,
"SetTokenInformation(TokenDefaultDacl) succeeded\n");
1994 Dacl->DefaultDacl = (
ACL *)0xdeadbeef;
1996 ok(
ret,
"GetTokenInformation(TokenDefaultDacl) failed with error %lu\n",
GetLastError());
1997 ok(
Dacl->DefaultDacl ==
NULL,
"expected NULL, got %p\n",
Dacl->DefaultDacl);
1999 "got %lu expected sizeof(TOKEN_DEFAULT_DACL)\n", Size2);
2001 Dacl->DefaultDacl = acl;
2003 ok(
ret,
"SetTokenInformation(TokenDefaultDacl) failed with error %lu\n",
GetLastError());
2007 ok(
ret,
"GetTokenInformation(TokenDefaultDacl) failed with error %lu\n",
GetLastError());
2009 win_skip(
"TOKEN_DEFAULT_DACL size too small on WoW64\n");
2025 is_app_container = 0xdeadbeef;
2027 sizeof(is_app_container), &
size);
2032 ok(
size ==
sizeof(is_app_container),
"size = %lu\n",
size);
2033 ok(!is_app_container,
"is_app_container = %lx\n", is_app_container);
2058 "LookupAccountSid(%s) failed: %ld\n", str_sid,
GetLastError());
2062 trace(
" %s couldn't be mapped\n", str_sid);
2072 {
TRUE,
"S-1-0-0"}, {
TRUE,
"S-1-1-0"}, {
TRUE,
"S-1-2-0"}, {
TRUE,
"S-1-3-0"},
2075 {
TRUE,
"S-1-5-6"}, {
TRUE,
"S-1-5-7"}, {
TRUE,
"S-1-5-8"}, {
TRUE,
"S-1-5-9"},
2076 {
TRUE,
"S-1-5-10"}, {
TRUE,
"S-1-5-11"}, {
TRUE,
"S-1-5-12"}, {
TRUE,
"S-1-5-13"},
2078 {
TRUE,
"S-1-5-20"}, {
TRUE,
"S-1-5-32"},
2079 {
FALSE,
"S-1-5-32-544"}, {
TRUE,
"S-1-5-32-545"}, {
TRUE,
"S-1-5-32-546"},
2080 {
TRUE,
"S-1-5-32-547"}, {
TRUE,
"S-1-5-32-548"}, {
TRUE,
"S-1-5-32-549"},
2081 {
TRUE,
"S-1-5-32-550"}, {
TRUE,
"S-1-5-32-551"}, {
TRUE,
"S-1-5-32-552"},
2082 {
TRUE,
"S-1-5-32-554"}, {
TRUE,
"S-1-5-32-555"}, {
TRUE,
"S-1-5-32-556"},
2083 {
FALSE,
"S-1-5-21-12-23-34-45-56-500"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-501"},
2084 {
FALSE,
"S-1-5-21-12-23-34-45-56-502"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-512"},
2085 {
FALSE,
"S-1-5-21-12-23-34-45-56-513"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-514"},
2086 {
FALSE,
"S-1-5-21-12-23-34-45-56-515"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-516"},
2087 {
FALSE,
"S-1-5-21-12-23-34-45-56-517"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-518"},
2088 {
FALSE,
"S-1-5-21-12-23-34-45-56-519"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-520"},
2089 {
FALSE,
"S-1-5-21-12-23-34-45-56-553"},
2091 {
TRUE,
"S-1-5-64-10"}, {
TRUE,
"S-1-5-64-21"}, {
TRUE,
"S-1-5-64-14"},
2092 {
TRUE,
"S-1-5-15"}, {
TRUE,
"S-1-5-1000"}, {
FALSE,
"S-1-5-32-557"},
2093 {
TRUE,
"S-1-5-32-558"}, {
TRUE,
"S-1-5-32-559"}, {
TRUE,
"S-1-5-32-560"},
2094 {
TRUE,
"S-1-5-32-561"}, {
TRUE,
"S-1-5-32-562"},
2096 {
TRUE,
"S-1-5-32-568"},
2097 {
TRUE,
"S-1-5-17"}, {
FALSE,
"S-1-5-32-569"}, {
TRUE,
"S-1-16-0"},
2098 {
TRUE,
"S-1-16-4096"}, {
TRUE,
"S-1-16-8192"}, {
TRUE,
"S-1-16-12288"},
2099 {
TRUE,
"S-1-16-16384"}, {
TRUE,
"S-1-5-33"}, {
TRUE,
"S-1-3-4"},
2100 {
FALSE,
"S-1-5-21-12-23-34-45-56-571"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-572"},
2101 {
TRUE,
"S-1-5-22"}, {
FALSE,
"S-1-5-21-12-23-34-45-56-521"}, {
TRUE,
"S-1-5-32-573"},
2102 {
FALSE,
"S-1-5-21-12-23-34-45-56-498"}, {
TRUE,
"S-1-5-32-574"}, {
TRUE,
"S-1-16-8448"},
2104 {
TRUE,
"S-1-15-2-1"},
2119 ok(!
ret,
"CreateWellKnownSid succeeded\n");
2121 ok(
size,
"expected size > 0\n");
2126 ok(!
ret,
"CreateWellKnownSid succeeded\n");
2135 AllocateAndInitializeSid(&
ident, 6,
SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2148 cb =
sizeof(sid_buffer);
2151 skip(
"Well known SID %u not implemented\n",
i);
2155 cb =
sizeof(sid_buffer);
2160 ok(
strcmp(
str,
value->sid_string) == 0,
"%d: SID mismatch - expected %s, got %s\n",
i,
2164 if (
value->without_domain)
2170 ok(
memcmp(buf2, sid_buffer,
cb) == 0,
"SID create with domain is different than without (%u)\n",
i);
2181 DWORD acc_sizeA, dom_sizeA, user_sizeA;
2182 DWORD real_acc_sizeA, real_dom_sizeA;
2185 DWORD acc_sizeW, dom_sizeW;
2186 DWORD real_acc_sizeW, real_dom_sizeW;
2204 "AllocateAndInitializeSid failed with error %ld\n",
GetLastError());
2213 ok(
ret,
"LookupAccountSidA() Expected TRUE, got FALSE\n");
2219 ok(
ret,
"LookupAccountSidA() Expected TRUE, got FALSE\n");
2225 ok(
ret,
"LookupAccountSidA() Expected TRUE, got FALSE\n");
2232 ok(!
ret,
"LookupAccountSidA() Expected FALSE got TRUE\n");
2234 "LookupAccountSidA() Expected ERROR_NOT_ENOUGH_MEMORY, got %lu\n",
GetLastError());
2242 ok(acc_sizeA == real_acc_sizeA + 1,
2243 "LookupAccountSidA() Expected acc_size = %lu, got %lu\n",
2244 real_acc_sizeA + 1, acc_sizeA);
2251 ok(acc_sizeA == real_acc_sizeA + 1,
2252 "LookupAccountSid() Expected acc_size = %lu, got %lu\n",
2253 real_acc_sizeA + 1, acc_sizeA);
2260 ok(!
ret,
"LookupAccountSidA() Expected FALSE got TRUE\n");
2262 "LookupAccountSidA() Expected ERROR_NOT_ENOUGH_MEMORY, got %lu\n",
GetLastError());
2270 ok(dom_sizeA == real_dom_sizeA + 1,
2271 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2272 real_dom_sizeA + 1, dom_sizeA);
2279 ok(dom_sizeA == real_dom_sizeA + 1,
2280 "LookupAccountSidA() Expected dom_size = %lu, got %lu\n",
2281 real_dom_sizeA + 1, dom_sizeA);
2286 ok(
ret,
"LookupAccountSidW() Expected TRUE, got FALSE\n");
2291 ret =
LookupAccountSidA(
"deepthought", pUsersSid, accountA, &real_acc_sizeA, domainA, &real_dom_sizeA, &use);
2292 ok(!
ret,
"LookupAccountSidA() Expected FALSE got TRUE\n");
2294 "LookupAccountSidA() Expected RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR, got %lu\n",
GetLastError());
2303 ok(!
ret,
"LookupAccountSidW() Expected FALSE got TRUE\n");
2305 "LookupAccountSidW() Expected ERROR_NOT_ENOUGH_MEMORY, got %lu\n",
GetLastError());
2313 ok(acc_sizeW == real_acc_sizeW + 1,
2314 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2315 real_acc_sizeW + 1, acc_sizeW);
2322 ok(acc_sizeW == real_acc_sizeW + 1,
2323 "LookupAccountSidW() Expected acc_size = %lu, got %lu\n",
2324 real_acc_sizeW + 1, acc_sizeW);
2331 ok(!
ret,
"LookupAccountSidW() Expected FALSE got TRUE\n");
2333 "LookupAccountSidW() Expected ERROR_NOT_ENOUGH_MEMORY, got %lu\n",
GetLastError());
2341 ok(dom_sizeW == real_dom_sizeW + 1,
2342 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2343 real_dom_sizeW + 1, dom_sizeW);
2350 ok(dom_sizeW == real_dom_sizeW + 1,
2351 "LookupAccountSidW() Expected dom_size = %lu, got %lu\n",
2352 real_dom_sizeW + 1, dom_sizeW);
2354 acc_sizeW = dom_sizeW = use = 0;
2360 ok(acc_sizeW,
"expected non-zero account size\n");
2361 ok(dom_sizeW,
"expected non-zero domain size\n");
2362 ok(!use,
"expected zero use %u\n", use);
2377 ok(
ret,
"LookupAccountSidA() Expected TRUE, got FALSE\n");
2380 ok(
ret,
"GetUserNameA() Expected TRUE, got FALSE\n");
2381 ok(
lstrcmpA(usernameA, accountA) == 0,
"LookupAccountSidA() Expected account name: %s got: %s\n", usernameA, accountA );
2385 trace(
"Well Known SIDs:\n");
2386 for (
i = 0;
i <= 60;
i++)
2396 trace(
" %d: %s %s\\%s %d\n",
i, str_sidA, domainA, accountA, use);
2405 trace(
" %d: not supported\n",
i);
2409 ZeroMemory(&object_attributes,
sizeof(object_attributes));
2410 object_attributes.
Length =
sizeof(object_attributes);
2414 "LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08lx\n",
status);
2418 trace(
"LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION\n");
2430 ok(
info->DomainSid!=0,
"LsaQueryInformationPolicy(PolicyAccountDomainInformation) missing SID\n");
2431 if (
info->DomainSid)
2497 DWORD sid_size, domain_size;
2506 ok(!
ret,
" %s Should have failed to lookup account name\n",
name);
2513 ok(!
ret,
" %s Should have failed to lookup account name\n",
name);
2517 AllocateAndInitializeSid(&
ident, 6,
SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
2518 cb =
sizeof(wk_sid);
2528 win_skip(
"CreateWellKnownSid() succeeded but the account '%s' is not present (W2K)\n",
name);
2534 ok(
ret,
"Failed to lookup account name %s\n",
name);
2535 ok(sid_size != 0,
"sid_size was zero\n");
2538 ok(
EqualSid(psid,wk_sid),
"%s Sid %s fails to match well known sid %s!\n",
2554 DWORD sid_size, domain_size, user_size;
2555 DWORD sid_save, domain_save;
2570 user_size =
UNLEN + 1;
2578 sid_use = 0xcafebabe;
2583 win_skip(
"LookupAccountNameA is not implemented\n");
2586 ok(!
ret,
"Expected 0, got %d\n",
ret);
2588 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2589 ok(sid_size != 0,
"Expected non-zero sid size\n");
2590 ok(domain_size != 0,
"Expected non-zero domain size\n");
2591 ok(sid_use == (
SID_NAME_USE)0xcafebabe,
"Expected 0xcafebabe, got %d\n", sid_use);
2593 sid_save = sid_size;
2594 domain_save = domain_size;
2602 ok(
ret,
"Failed to lookup account name\n");
2606 ok(domain_size == domain_save - 1,
"Expected %ld, got %ld\n", domain_save - 1, domain_size);
2609 domain_size = domain_save;
2610 sid_size = sid_save;
2614 skip(
"Non-English locale (test with hardcoded 'Everyone')\n");
2620 ok(
ret,
"Failed to lookup account name\n");
2621 ok(sid_size != 0,
"sid_size was zero\n");
2624 ok(domain_size == 0,
"Expected 0, got %ld\n", domain_size);
2627 domain_size = domain_save;
2634 ok(!
ret,
"Expected 0, got %d\n",
ret);
2636 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2637 ok(sid_size == sid_save,
"Expected %ld, got %ld\n", sid_save, sid_size);
2638 ok(domain_size == domain_save,
"Expected %ld, got %ld\n", domain_save, domain_size);
2644 ok(!
ret,
"Expected 0, got %d\n",
ret);
2646 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2647 ok(sid_size == sid_save,
"Expected %ld, got %ld\n", sid_save, sid_size);
2648 ok(domain_size == domain_save,
"Expected %ld, got %ld\n", domain_save, domain_size);
2654 ok(!
ret,
"Expected 0, got %d\n",
ret);
2656 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2657 ok(sid_size == sid_save,
"Expected %ld, got %ld\n", sid_save, sid_size);
2658 ok(domain_size == domain_save,
"Expected %ld, got %ld\n", domain_save, domain_size);
2666 sid_use = 0xcafebabe;
2669 ok(!
ret,
"Expected 0, got %d\n",
ret);
2671 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2672 ok(sid_size != 0,
"Expected non-zero sid size\n");
2673 ok(domain_size != 0,
"Expected non-zero domain size\n");
2674 ok(sid_use == (
SID_NAME_USE)0xcafebabe,
"Expected 0xcafebabe, got %d\n", sid_use);
2682 ok(
ret,
"Failed to lookup account name\n");
2685 "Got %s for account and %s for domain, these should be the same\n",
account,
domain);
2696 ok(!
ret,
"Expected 0, got %d\n",
ret);
2699 "Expected ERROR_NONE_MAPPED, got %ld\n",
GetLastError());
2700 ok(sid_size == 0,
"Expected 0, got %ld\n", sid_size);
2701 ok(domain_size == 0,
"Expected 0, got %ld\n", domain_size);
2708 ok(!
ret,
"Expected 0, got %d\n",
ret);
2710 "Expected RPC_S_SERVER_UNAVAILABLE or RPC_S_INVALID_NET_ADDR, got %ld\n",
GetLastError());
2711 ok(sid_size == 0,
"Expected 0, got %ld\n", sid_size);
2712 ok(domain_size == 0,
"Expected 0, got %ld\n", domain_size);
2740 skip(
"Non-English locale (skipping well known name creation tests)\n");
2777 DWORD size, size_dacl, size_sacl, size_owner, size_group;
2778 BOOL isDefault, isPresent,
ret;
2786 win_skip(
"InitializeSecurityDescriptor is not implemented\n");
2799 ok(
size > 5,
"Size not increased\n");
2820 "O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
2821 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)"
2830 size = size_dacl = size_sacl = size_owner = size_group = 0;
2831 ret =
MakeAbsoluteSD(sd_rel,
NULL, &
size,
NULL, &size_dacl,
NULL, &size_sacl,
NULL, &size_owner,
NULL,
2835 sd_abs =
malloc(
size + size_dacl + size_sacl + size_owner + size_group);
2837 sacl = (
PACL)((
char *)
dacl + size_dacl);
2838 owner = (
PSID)((
char *)sacl + size_sacl);
2839 group = (
PSID)((
char *)owner + size_owner);
2841 group, &size_group);
2860#define TEST_GRANTED_ACCESS(a,b) test_granted_access(a,b,0,__LINE__)
2861#define TEST_GRANTED_ACCESS2(a,b,c) test_granted_access(a,b,c,__LINE__)
2869 sizeof(obj_info),
NULL );
2873 obj_info.
GrantedAccess == alt,
"Granted access should be 0x%08lx "
2880#define CHECK_SET_SECURITY(o,i,e) \
2884 SetLastError( 0xdeadbeef ); \
2885 res_ = SetKernelObjectSecurity( o, i, SecurityDescriptor ); \
2886 err = GetLastError(); \
2887 if (e == ERROR_SUCCESS) \
2888 ok(res_, "SetKernelObjectSecurity failed with %ld\n", err); \
2890 ok(!res_ && err == e, "SetKernelObjectSecurity should have failed " \
2891 "with %s, instead of %ld\n", #e, err); \
2917 win_skip(
"ACLs not implemented - skipping tests\n");
2923 res =
AllocateAndInitializeSid( &SIDAuthWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
2936 ok(!
res,
"Expected failure, got %d\n",
res);
2938 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2947 ok(!
res,
"Expected failure, got %d\n",
res);
2949 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2954 UsersSid =
group->PrimaryGroup;
2958 dom_size =
sizeof(
domain);
2960 ok(
ret,
"LookupAccountSid failed with %ld\n",
ret);
2963 skip(
"Non-English locale (test with hardcoded 'None')\n");
2968 ok(!
res,
"Expected failure, got %d\n",
res);
2970 "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n",
GetLastError());
2975 UserSid =
user->User.Sid;
2977 ok(
EqualPrefixSid(UsersSid, UserSid),
"TokenPrimaryGroup Sid and TokenUser Sid don't match.\n");
2996 ok(
res,
"InitializeSecurityDescriptor failed with error %ld\n",
GetLastError());
3056 psa.nLength =
sizeof(
psa);
3062 ok(
res,
"InitializeSecurityDescriptor failed with error %ld\n",
GetLastError());
3064 ThreadAcl =
malloc( 256 );
3102 free(ThreadSecurityDescriptor);
3131 "with STATUS_ACCESS_DENIED, instead of err:%ld\n",
err);
3138 ok(
handle ==
NULL,
"OpenProcess(PROCESS_VM_READ) should have failed\n");
3140 ok(
handle ==
NULL,
"OpenProcess(PROCESS_ALL_ACCESS) should have failed\n");
3173 ok(
handle ==
NULL,
"OpenThread(THREAD_SET_THREAD_TOKEN) should have failed\n");
3194 win_skip(
"ImpersonateSelf is not implemented\n");
3197 ok(
ret,
"ImpersonateSelf(SecurityAnonymous) failed with error %ld\n",
GetLastError());
3199 ok(!
ret,
"OpenThreadToken should have failed\n");
3206 "RegOpenKeyEx failed with %ld\n",
error);
3221 "Duplicating a token and increasing the impersonation level should have failed with ERROR_BAD_IMPERSONATION_LEVEL instead of %ld\n",
error);
3228 ok(
ret,
"GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
3237 ok(
ret,
"GetTokenInformation(TokenPrivileges) failed with error %ld\n",
GetLastError());
3252 ok(
ret,
"ImpersonateSelf(SecurityIdentification) failed with error %ld\n",
GetLastError());
3260 "RegOpenKeyEx should have failed with ERROR_INVALID_HANDLE, ERROR_BAD_IMPERSONATION_LEVEL or ERROR_ACCESS_DENIED instead of %ld\n",
error);
3263 ok(
ret,
"PrivilegeCheck for SecurityIdentification failed with error %ld\n",
GetLastError());
3268 ok(
ret,
"ImpersonateSelf(SecurityImpersonation) failed with error %ld\n",
GetLastError());
3275 ok(
ret,
"PrivilegeCheck for SecurityImpersonation failed with error %ld\n",
GetLastError());
3292 static const WCHAR wszEveryone[] = {
'E',
'v',
'e',
'r',
'y',
'o',
'n',
'e',0};
3293 static const WCHAR wszCurrentUser[] = {
'C',
'U',
'R',
'R',
'E',
'N',
'T',
'_',
'U',
'S',
'E',
'R',
'\0'};
3295 NewAcl = (
PACL)0xdeadbeef;
3298 ok(NewAcl ==
NULL,
"NewAcl=%p, expected NULL\n", NewAcl);
3305 win_skip(
"ACLs not implemented - skipping tests\n");
3311 res =
AllocateAndInitializeSid( &SIDAuthWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3331 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3339 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3344 skip(
"Non-English locale (test with hardcoded 'Everyone')\n");
3352 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3358 "SetEntriesInAclW failed: %lu\n",
res);
3360 "returned acl wasn't NULL: %p\n", NewAcl);
3366 "SetEntriesInAclW failed: %lu\n",
res);
3368 "returned acl wasn't NULL: %p\n", NewAcl);
3374 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3382 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3390 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3406 static const CHAR szEveryone[] = {
'E',
'v',
'e',
'r',
'y',
'o',
'n',
'e',0};
3407 static const CHAR szCurrentUser[] = {
'C',
'U',
'R',
'R',
'E',
'N',
'T',
'_',
'U',
'S',
'E',
'R',
'\0'};
3409 NewAcl = (
PACL)0xdeadbeef;
3413 win_skip(
"SetEntriesInAclA is not implemented\n");
3418 "NewAcl=%p, expected NULL\n", NewAcl);
3425 win_skip(
"ACLs not implemented - skipping tests\n");
3431 res =
AllocateAndInitializeSid( &SIDAuthWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &EveryoneSid);
3451 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3459 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3464 skip(
"Non-English locale (test with hardcoded 'Everyone')\n");
3472 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3478 "SetEntriesInAclA failed: %lu\n",
res);
3480 "returned acl wasn't NULL: %p\n", NewAcl);
3486 "SetEntriesInAclA failed: %lu\n",
res);
3488 "returned acl wasn't NULL: %p\n", NewAcl);
3494 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3502 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3510 ok(NewAcl !=
NULL,
"returned acl was NULL\n");
3529 ok(!
status,
"RtlAnsiStringToUnicodeString failed with %08lx\n",
status);
3532 ok(
ret,
"RtlDosPathNameToNtPathName_U failed\n");
3545 ok_(__FILE__,
line)(bret,
"GetAclInformation failed\n");
3549 "GetAclInformation returned unexpected entry count (%ld != 2)\n",
3555 ok_(__FILE__,
line)(bret,
"Failed to get Current User ACE\n");
3557 bret =
EqualSid(&ace->SidStart, user_sid);
3563 "Current User ACE has unexpected flags (0x%x != 0x%lx)\n",
3567 "Current User ACE has unexpected mask (0x%lx != 0x%lx)\n",
3573 ok_(__FILE__,
line)(bret,
"Failed to get Administators Group ACE\n");
3575 bret =
EqualSid(&ace->SidStart, admin_sid);
3581 "Administators Group ACE has unexpected flags (0x%x != 0x%lx)\n",
3585 "Administators Group ACE has unexpected mask (0x%lx != 0x%lx)\n",
3593 DWORD sid_size =
sizeof(admin_ptr), user_size;
3594 PSID admin_sid = (
PSID) admin_ptr, user_sid;
3618 win_skip(
"Failed to get current user token\n");
3623 "GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
3626 ok(bret,
"GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
3630 sa.nLength =
sizeof(
sa);
3631 sa.lpSecurityDescriptor = pSD;
3632 sa.bInheritHandle =
TRUE;
3637 ok(bret,
"Failed to initialize ACL.\n");
3640 ok(bret,
"Failed to add Current User to ACL.\n");
3643 ok(bret,
"Failed to add Administrator Group to ACL.\n");
3645 ok(bret,
"Failed to add ACL to security descriptor.\n");
3664 win_skip(
"GetNamedSecurityInfoA is not implemented\n");
3667 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
3695 ok(bret,
"Failed to initialize ACL\n");
3697 ok(bret,
"Failed to add ACL to security descriptor\n");
3702 sa.nLength =
sizeof(
sa);
3703 sa.lpSecurityDescriptor = pSD;
3704 sa.bInheritHandle =
TRUE;
3714 ok(bret,
"GetAclInformation failed\n");
3716 ok(acl_size.
AceCount == 0,
"GetAclInformation returned unexpected entry count (%ld != 0).\n",
3728 ok(bret,
"GetAclInformation failed\n");
3730 ok(acl_size.
AceCount == 0,
"GetAclInformation returned unexpected entry count (%ld != 0).\n",
3742 attr.RootDirectory = 0;
3743 attr.ObjectName = &tmpfileW;
3746 attr.SecurityQualityOfService =
NULL;
3768 ok(bret,
"Failed to initialize ACL\n");
3770 ok(bret,
"Failed to add ACL to security descriptor\n");
3777 attr.RootDirectory = 0;
3778 attr.ObjectName = &tmpfileW;
3780 attr.SecurityDescriptor = pSD;
3781 attr.SecurityQualityOfService =
NULL;
3793 ok(bret,
"GetAclInformation failed\n");
3795 ok(acl_size.
AceCount == 0,
"GetAclInformation returned unexpected entry count (%ld != 0).\n",
3807 ok(bret,
"GetAclInformation failed\n");
3809 ok(acl_size.
AceCount == 0,
"GetAclInformation returned unexpected entry count (%ld != 0).\n",
3818 ok(bret ==
TRUE,
"RemoveDirectoryA should always succeed\n");
3827 PSID admin_sid = (
PSID) admin_ptr, users_sid = (
PSID) users_ptr;
3828 PSID system_sid = (
PSID) system_ptr, user_sid, localsys_sid;
3829 DWORD sid_size =
sizeof(admin_ptr), user_size;
3830 char invalid_path[] =
"/an invalid file path";
3831 int users_ace_id = -1, admins_ace_id = -1,
i;
3832 char software_key[] =
"MACHINE\\Software";
3842 BOOL owner_defaulted;
3843 BOOL group_defaulted;
3844 BOOL dacl_defaulted;
3859 win_skip(
"Failed to get current user token\n");
3864 "GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
3867 ok(bret,
"GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
3872 ok(bret,
"GetWindowsDirectory failed with error %ld\n",
GetLastError());
3887 win_skip(
"GetNamedSecurityInfoA is not implemented\n");
3891 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
3894 ok(bret,
"GetSecurityDescriptorControl failed with error %ld\n",
GetLastError());
3896 "control (0x%x) doesn't have (SE_SELF_RELATIVE|SE_DACL_PRESENT) flags set\n",
control);
3900 ok(bret,
"GetSecurityDescriptorOwner failed with error %ld\n",
GetLastError());
3901 ok(owner !=
NULL,
"owner should not be NULL\n");
3904 ok(bret,
"GetSecurityDescriptorGroup failed with error %ld\n",
GetLastError());
3918 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
3919 ok(pDacl !=
NULL,
"DACL should not be NULL\n");
3931 ok(
GetLastError() == 0xdeadbeef,
"Expected last error to remain unchanged.\n");
3939 ok(bret,
"Failed to initialize ACL.\n");
3941 ok(bret,
"Failed to add Current User to ACL.\n");
3943 ok(bret,
"Failed to add Administrator Group to ACL.\n");
3945 ok(bret,
"Failed to add ACL to security descriptor.\n");
3955 win_skip(
"SetNamedSecurityInfoA is not implemented\n");
3960 ok(!
error,
"SetNamedSecurityInfoA failed with error %ld\n",
error);
3966 win_skip(
"GetNamedSecurityInfoA is not implemented\n");
3971 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
3974 ok(bret,
"GetAclInformation failed\n");
3978 ok(bret,
"Failed to get Current User ACE.\n");
3979 bret =
EqualSid(&ace->SidStart, user_sid);
3980 todo_wine ok(bret,
"Current User ACE (%s) != Current User SID (%s).\n",
3983 "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((
ACE_HEADER *)ace)->
AceFlags);
3984 ok(ace->Mask == 0x1f01ff,
"Current User ACE has unexpected mask (0x%lx != 0x1f01ff)\n",
3990 ok(bret,
"Failed to get Administators Group ACE.\n");
3991 bret =
EqualSid(&ace->SidStart, admin_sid);
3993 "Administators Group ACE (%s) != Administators Group SID (%s).\n",
3996 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((
ACE_HEADER *)ace)->
AceFlags);
3998 "Administators Group ACE has unexpected mask (0x%lx != 0x1f01ff)\n", ace->Mask);
4005 ok(bret,
"Failed to initialize ACL.\n");
4008 ok(!
error,
"SetNamedSecurityInfoA failed with error %ld\n",
error);
4013 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
4016 ok(bret,
"GetAclInformation failed\n");
4020 ok(bret,
"Failed to get ACE.\n");
4034 ok(!
error,
"SetNamedSecurityInfoA failed with error %ld\n",
error);
4038 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
4052 ok(bret,
"Failed to initialize ACL.\n");
4054 ok(bret,
"Failed to add ACL to security descriptor.\n");
4084 ok(bret,
"Failed to initialize ACL.\n");
4086 ok(bret,
"Failed to add Current User to ACL.\n");
4088 ok(bret,
"Failed to add Current User to ACL.\n");
4090 ok(bret,
"Failed to add ACL to security descriptor.\n");
4100 ok(bret,
"Failed to initialize ACL.\n");
4102 ok(bret,
"Failed to add Current User to ACL.\n");
4104 ok(bret,
"Failed to add Current User to ACL.\n");
4106 ok(bret,
"Failed to add ACL to security descriptor.\n");
4118 sid_size =
sizeof(system_ptr);
4123 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
4125 bret =
AllocateAndInitializeSid(&SIDAuthNT, 1,
SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &localsys_sid);
4126 ok(bret,
"AllocateAndInitializeSid failed with error %ld\n",
GetLastError());
4129 ok(bret,
"GetSecurityDescriptorOwner failed with error %ld\n",
GetLastError());
4130 ok(owner !=
NULL,
"owner should not be NULL\n");
4132 "MACHINE\\Software owner SID (%s) != Administrators SID (%s) or Local System Sid (%s).\n",
4136 ok(bret,
"GetSecurityDescriptorGroup failed with error %ld\n",
GetLastError());
4140 "MACHINE\\Software group SID (%s) != Local System SID (%s or %s)\n",
4145 sid_size =
sizeof(users_ptr);
4149 ok(!
error,
"GetNamedSecurityInfo failed with error %ld\n",
error);
4152 ok(bret,
"GetSecurityDescriptorDacl failed with error %ld\n",
GetLastError());
4153 ok(dacl_present,
"DACL should be present\n");
4154 ok(pDacl &&
IsValidAcl(pDacl),
"GetSecurityDescriptorDacl returned invalid DACL.\n");
4156 ok(bret,
"GetAclInformation failed\n");
4157 ok(acl_size.
AceCount != 0,
"GetAclInformation returned no ACLs\n");
4161 ok(bret,
"Failed to get ACE %d.\n",
i);
4162 bret =
EqualSid(&ace->SidStart, users_sid);
4163 if (bret) users_ace_id =
i;
4164 bret =
EqualSid(&ace->SidStart, admin_sid);
4165 if (bret) admins_ace_id =
i;
4167 ok(users_ace_id != -1 ||
broken(users_ace_id == -1) ,
4168 "Builtin Users ACE not found.\n");
4169 if (users_ace_id != -1)
4171 bret =
GetAce(pDacl, users_ace_id, (
VOID **)&ace);
4172 ok(bret,
"Failed to get Builtin Users ACE.\n");
4178 "Builtin Users ACE has unexpected flags (0x%x != 0x%x)\n",
flags,
4182 "Builtin Users ACE has unexpected mask (0x%lx != 0x%x)\n",
4185 ok(admins_ace_id != -1,
"Builtin Admins ACE not found.\n");
4186 if (admins_ace_id != -1)
4188 bret =
GetAce(pDacl, admins_ace_id, (
VOID **)&ace);
4189 ok(bret,
"Failed to get Builtin Admins ACE.\n");
4197 "Builtin Admins ACE has unexpected flags (0x%x != 0x0)\n",
flags);
4199 "Builtin Admins ACE has unexpected mask (0x%lx != 0x%x)\n", ace->Mask,
KEY_ALL_ACCESS);
4210 static const WCHAR Blank[] = { 0 };
4216 const char *sidstring;
4275 ok(
ret == cssd[
i].
ret,
"(%02u) Expected %s (%ld)\n",
i, cssd[
i].
ret ?
"success" :
"failure",
GLE);
4278 (cssd[
i].altGLE &&
GLE == cssd[
i].altGLE),
4279 "(%02u) Unexpected last error %ld\n",
i,
GLE);
4282 if (cssd[
i].ace_Mask)
4290 ok(ace->
Mask == cssd[
i].ace_Mask,
"(%02u) Expected %08lx, got %08lx\n",
4291 i, cssd[
i].ace_Mask, ace->
Mask);
4303 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4310 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4315 "D:(A;;ROB;;;WD)", 0xdeadbeef,
NULL,
NULL);
4317 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4324 "ConvertStringSecurityDescriptorToSecurityDescriptor should have failed with ERROR_INVALID_PARAMETER instead of %ld\n",
4331 ok(
ret,
"ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %ld\n",
GetLastError());
4336 "D:P(A;;GRGW;;;BA)(A;;GRGW;;;S-1-5-21-0-0-0-1000)S:(ML;;NWNR;;;S-1-16-12288)",
SDDL_REVISION_1, &pSD,
NULL);
4338 "ConvertStringSecurityDescriptorToSecurityDescriptor failed with error %lu\n",
GetLastError());
4383#define CHECK_RESULT_AND_FREE(exp_str) \
4384 ok(strcmp(string, (exp_str)) == 0, "String mismatch (expected \"%s\", got \"%s\")\n", (exp_str), string); \
4385 ok(len >= (strlen(exp_str) + 1), "Length mismatch (expected %d, got %ld)\n", lstrlenA(exp_str) + 1, len); \
4388#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2) \
4389 ok(strcmp(string, (exp_str1)) == 0 || strcmp(string, (exp_str2)) == 0, "String mismatch (expected\n\"%s\" or\n\"%s\", got\n\"%s\")\n", (exp_str1), (exp_str2), string); \
4390 ok(len >= (strlen(exp_str1) + 1) || len >= (strlen(exp_str2) + 1), "Length mismatch (expected %d or %d, got %ld)\n", lstrlenA(exp_str1) + 1, lstrlenA(exp_str2) + 1, len); \
4407 size =
sizeof(sid_buf);
4421 pacl = (
PACL)acl_buf;
4442 CHECK_RESULT_AND_FREE(
"O:SYG:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
4445 pacl = (
PACL)acl_buf;
4456 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)" );
4461 CHECK_ONE_OF_AND_FREE(
"O:SYG:S-1-5-21-93476-23408-4576D:S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4462 "O:SYG:S-1-5-21-93476-23408-4576D:NO_ACCESS_CONTROLS:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)" );
4477 | 0x00000040 | 0x00000080
4488 LPCSTR fmt =
"Expected error %s, got %u\n";
4496 for (bit = 0; bit < 16; ++bit)
4503 DWORD dwExpect = (bitOfInterest & immutable)
4505 LPCSTR strExpect = (bitOfInterest & immutable)
4506 ?
"ERROR_INVALID_PARAMETER" :
"0xbebecaca";
4508 ctrl = (bitOfInterest &
mutable) ?
ref + bitOfInterest :
ref;
4509 setOrClear ^= bitOfInterest;
4516 setOrClear ^= bitOfInterest;
4526 for (bit = 0; bit < 16; ++bit)
4533 DWORD dwExpect = ((1 << bit) & immutable)
4535 LPCSTR strExpect = ((1 << bit) & immutable)
4536 ?
"ERROR_INVALID_PARAMETER" :
"0xbebecaca";
4538 ctrl = ((1 << bit) & immutable) ?
test :
ref |
mutable;
4539 setOrClear ^= bitsOfInterest;
4546 ctrl = ((1 << bit) & immutable) ?
test :
ref | (1 << bit);
4547 setOrClear ^= bitsOfInterest;
4571 "G:S-1-5-21-93476-23408-4576"
4572 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
4573 "(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4574 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4583 "G:S-1-5-21-93476-23408-4576",
4592 "G:S-1-5-21-93476-23408-4576"
4593 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4594 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
SDDL_REVISION_1, &sec, &dwDescSize),
"Creating descriptor failed\n");
4602 ok(retSize <= dwDescSize,
"Buffer too small (%ld vs %ld)\n", retSize, dwDescSize);
4610 ok(retSize <= dwDescSize,
"Buffer too small (%ld vs %ld)\n", retSize, dwDescSize);
4613 CHECK_ONE_OF_AND_FREE(
"G:S-1-5-21-93476-23408-4576D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)",
4614 "G:S-1-5-21-93476-23408-4576D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)");
4620 ok(retSize == dwDescSize,
"Buffer too small (%ld vs %ld)\n", retSize, dwDescSize);
4623 "G:S-1-5-21-93476-23408-4576"
4624 "D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4625 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
4627 "G:S-1-5-21-93476-23408-4576"
4628 "D:P(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
4629 "S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)");
4640#undef CHECK_RESULT_AND_FREE
4641#undef CHECK_ONE_OF_AND_FREE
4653 win_skip(
"InitializeAcl is not implemented\n");
4668 ok(
ret,
"InitializeAcl(ACL_REVISION2) failed with error %ld\n",
GetLastError());
4674 ok(
ret,
"InitializeAcl(ACL_REVISION3) failed with error %ld\n",
GetLastError());
4681 ok(
ret,
"InitializeAcl(ACL_REVISION4) failed with error %ld\n",
GetLastError());
4696 PSID domain_users_sid = (
PSID) domain_users_ptr, domain_sid;
4698 int domain_users_ace_id = -1, admins_ace_id = -1,
i;
4699 DWORD sid_size =
sizeof(admin_ptr),
l =
sizeof(
b);
4701 PSID admin_sid = (
PSID) admin_ptr, user_sid;
4703 BOOL owner_defaulted, group_defaulted;
4704 BOOL dacl_defaulted, dacl_present;
4740 win_skip(
"Failed to get current user token\n");
4744 ok(bret,
"GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
4753 skip(
"Couldn't create an object for GetSecurityInfo test\n");
4762 win_skip(
"GetSecurityInfo is not implemented\n");
4767 ok(pSD !=
NULL,
"GetSecurityInfo\n");
4768 ok(owner !=
NULL,
"GetSecurityInfo\n");
4773 win_skip(
"No ACL information returned\n");
4783 ok(owner !=
NULL,
"GetSecurityInfo\n");
4788 win_skip(
"No ACL information returned\n");
4796 ok(bret,
"Failed to initialize ACL.\n");
4798 ok(bret,
"Failed to add Current User to ACL.\n");
4800 ok(bret,
"Failed to add Administrator Group to ACL.\n");
4802 ok(bret,
"Failed to add ACL to security descriptor.\n");
4809 ok(pDacl &&
IsValidAcl(pDacl),
"GetSecurityInfo returned invalid DACL.\n");
4811 ok(bret,
"GetAclInformation failed\n");
4815 ok(bret,
"Failed to get Current User ACE.\n");
4817 bret =
EqualSid(&ace->SidStart, user_sid);
4818 todo_wine ok(bret,
"Current User ACE (%s) != Current User SID (%s).\n",
4822 "Current User ACE has unexpected flags (0x%x != 0x0)\n", ((
ACE_HEADER *)ace)->
AceFlags);
4823 ok(ace->Mask == 0x1f01ff,
"Current User ACE has unexpected mask (0x%lx != 0x1f01ff)\n",
4829 ok(bret,
"Failed to get Administators Group ACE.\n");
4831 bret =
EqualSid(&ace->SidStart, admin_sid);
4835 "Administators Group ACE has unexpected flags (0x%x != 0x0)\n", ((
ACE_HEADER *)ace)->
AceFlags);
4836 ok(ace->Mask == 0x1f01ff,
"Administators Group ACE has unexpected mask (0x%lx != 0x1f01ff)\n",
4848 win_skip(
"Failed to get current domain SID\n");
4851 sid_size =
sizeof(domain_users_ptr);
4852 CreateWellKnownSid(WinAccountDomainUsersSid, domain_sid, domain_users_sid, &sid_size);
4859 ok(!
ret,
"GetNamedSecurityInfo failed with error %ld\n",
ret);
4862 ok(bret,
"GetSecurityDescriptorOwner failed with error %ld\n",
GetLastError());
4863 ok(owner !=
NULL,
"owner should not be NULL\n");
4865 "Process owner SID != Administrators SID.\n");
4868 ok(bret,
"GetSecurityDescriptorGroup failed with error %ld\n",
GetLastError());
4870 ok(
EqualSid(
group, domain_users_sid),
"Process group SID != Domain Users SID.\n");
4876 ok(!
ret,
"GetSecurityInfo failed with error %ld\n",
ret);
4879 ok(bret,
"GetSecurityDescriptorDacl failed with error %ld\n",
GetLastError());
4880 ok(dacl_present,
"DACL should be present\n");
4881 ok(pDacl &&
IsValidAcl(pDacl),
"GetSecurityDescriptorDacl returned invalid DACL.\n");
4883 ok(bret,
"GetAclInformation failed\n");
4884 ok(acl_size.
AceCount != 0,
"GetAclInformation returned no ACLs\n");
4888 ok(bret,
"Failed to get ACE %d.\n",
i);
4889 bret =
EqualSid(&ace->SidStart, domain_users_sid);
4890 if (bret) domain_users_ace_id =
i;
4891 bret =
EqualSid(&ace->SidStart, admin_sid);
4892 if (bret) admins_ace_id =
i;
4894 ok(domain_users_ace_id != -1 ||
broken(domain_users_ace_id == -1) ,
4895 "Domain Users ACE not found.\n");
4896 if (domain_users_ace_id != -1)
4898 bret =
GetAce(pDacl, domain_users_ace_id, (
VOID **)&ace);
4899 ok(bret,
"Failed to get Domain Users ACE.\n");
4902 "Domain Users ACE has unexpected flags (0x%x != 0x%x)\n",
flags,
4904 ok(ace->Mask ==
GENERIC_READ,
"Domain Users ACE has unexpected mask (0x%lx != 0x%x)\n",
4907 ok(admins_ace_id != -1 ||
broken(admins_ace_id == -1) ,
4908 "Builtin Admins ACE not found.\n");
4909 if (admins_ace_id != -1)
4911 bret =
GetAce(pDacl, admins_ace_id, (
VOID **)&ace);
4912 ok(bret,
"Failed to get Builtin Admins ACE.\n");
4914 ok(
flags == 0x0,
"Builtin Admins ACE has unexpected flags (0x%x != 0x0)\n",
flags);
4916 "Builtin Admins ACE has unexpected mask (0x%lx != 0x%x)\n", ace->Mask,
PROCESS_ALL_ACCESS);
4928 sa.lpSecurityDescriptor =
sd;
5036 "GetTokenInformation(TokenGroups) %s with error %ld\n",
5040 ok(
ret,
"GetTokenInformation(TokenGroups) failed with error %ld\n",
GetLastError());
5052 skip(
"user not a member of any group\n");
5059 ok(is_member,
"CheckTokenMembership should have detected sid as member\n");
5064 ok(is_member,
"CheckTokenMembership should have detected sid as member\n");
5070 "CheckTokenMembership with process token %s with error %ld\n",
5072 ok(!is_member,
"CheckTokenMembership should have cleared is_member\n");
5091 win_skip(
"AllocateAndInitializeSid is not implemented\n");
5096 "AllocateAndInitializeSid shouldn't have set last error to %ld\n",
5100 0, 0, 0, 0, 0, 0, 0, &sid2);
5105 ok(!
ret,
"World and domain admins sids shouldn't have been equal\n");
5107 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5112 ok(!sid2,
"FreeSid should have returned NULL instead of %p\n", sid2);
5114 "FreeSid shouldn't have set last error to %ld\n",
5124 ok(
ret,
"Same sids should have been equal %s != %s\n",
5127 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5131 ((
SID *)sid2)->Revision = 2;
5134 ok(!
ret,
"EqualSid with invalid sid should have returned FALSE\n");
5136 "EqualSid should have set last error to ERROR_SUCCESS instead of %ld\n",
5147 DWORD required_len, buffer_len;
5161 ok(required_len != 0,
"Outputted buffer length was %lu\n", required_len);
5168 ok(required_len != 0 && required_len != 1,
"Outputted buffer length was %lu\n", required_len);
5175 required_len =
UNLEN + 1;
5192 ok(required_len != 0,
"Outputted buffer length was %lu\n", required_len);
5197 buffer_len = required_len;
5201 ok(buffer_len == required_len ||
5202 broken(buffer_len == required_len /
sizeof(
WCHAR)),
5203 "Outputted buffer length was %lu\n", buffer_len);
5214 ok(buffer_len == required_len,
"Outputted buffer length was %lu\n", buffer_len);
5221 DWORD required_len, buffer_len;
5235 ok(required_len != 0,
"Outputted buffer length was %lu\n", required_len);
5242 ok(required_len != 0 && required_len != 1,
"Outputted buffer length was %lu\n", required_len);
5249 required_len =
UNLEN + 1;
5264 ok(required_len != 0,
"Outputted buffer length was %lu\n", required_len);
5269 buffer_len = required_len;
5273 ok(buffer_len == required_len,
"Outputted buffer length was %lu\n", buffer_len);
5284 "Output buffer was altered\n");
5285 ok(buffer_len == required_len,
"Outputted buffer length was %lu\n", buffer_len);
5297 char privs_buffer[1000];
5303 LUID luid = { 0, 0 };
5329 ok(!!removed_sid,
"user is not a member of any group\n");
5334 ok(is_member,
"not a member\n");
5336 sattr.
Sid = removed_sid;
5345 ok(!is_member,
"not a member\n");
5401 ok(i < privs->PrivilegeCount,
"user has no privileges\n");
5415 ok(!is_member,
"privilege should not be enabled\n");
5426 ok(!is_member,
"disabled privilege should not be present\n");
5449 ok(
ret,
"security descriptor is not valid\n");
5453 acl = (
void *)0xdeadbeef;
5458 ok(present == 1,
"acl is not present\n");
5460 ok(acl != (
void *)0xdeadbeef && acl !=
NULL,
"acl pointer is not set\n");
5461 ok(defaulted == 0,
"defaulted is set to TRUE\n");
5464 sid = (
void *)0xdeadbeef;
5469 ok(
sid != (
void *)0xdeadbeef &&
sid !=
NULL,
"sid pointer is not set\n");
5470 ok(defaulted == 0,
"defaulted is set to TRUE\n");
5473 sid = (
void *)0xdeadbeef;
5478 ok(
sid != (
void *)0xdeadbeef &&
sid !=
NULL,
"sid pointer is not set\n");
5479 ok(defaulted == 0,
"defaulted is set to TRUE\n");
5492 priv_set_len =
sizeof(priv_set);
5493 granted = 0xdeadbeef;
5500 ok(granted ==
mapping->GenericAll,
"expected all access %#lx, got %#lx\n",
mapping->GenericAll, granted);
5502 priv_set_len =
sizeof(priv_set);
5503 granted = 0xdeadbeef;
5510 ok(granted == 0,
"expected 0, got %#lx\n", granted);
5512 priv_set_len =
sizeof(priv_set);
5513 granted = 0xdeadbeef;
5520 ok(granted == 0,
"expected 0, got %#lx\n", granted);
5522 priv_set_len =
sizeof(priv_set);
5523 granted = 0xdeadbeef;
5530 ok(granted ==
mapping->GenericRead,
"expected read access %#lx, got %#lx\n",
mapping->GenericRead, granted);
5532 priv_set_len =
sizeof(priv_set);
5533 granted = 0xdeadbeef;
5540 ok(granted ==
mapping->GenericWrite,
"expected write access %#lx, got %#lx\n",
mapping->GenericWrite, granted);
5542 priv_set_len =
sizeof(priv_set);
5543 granted = 0xdeadbeef;
5550 ok(granted ==
mapping->GenericExecute,
"expected execute access %#lx, got %#lx\n",
mapping->GenericExecute, granted);
5563 return info.GrantedAccess;
5576 int generic, mapped;
5588 ok(!
mutex,
"mutex should not exist\n");
5613 ok(!
dup,
"OpenMutex should fail\n");
5633 int generic, mapped;
5645 ok(!
event,
"event should not exist\n");
5670 ok(!
dup,
"OpenEvent should fail\n");
5690 int generic, mapped;
5702 ok(!
sem,
"semaphore should not exist\n");
5730#define WINE_TEST_PIPE "\\\\.\\pipe\\WineTestPipe"
5741 int generic, mapped;
5754 } creation_access[] =
5775 "CreateNamedPipeA(0x%lx) pipe expected access 0x%lx (got 0x%lx)\n",
5776 creation_access[
i].open_mode, creation_access[
i].
access,
access);
5842 int generic, mapped;
5891 ok(!
ret,
"ReadFile should fail\n");
5907 ok(!
ret,
"ReadFile should fail\n");
5964 int generic, mapped;
6006 if (
map[
i].open_only)
continue;
6010 if (prot_map[
i].mapped)
6016 ok(!
mapping,
"CreateFileMapping(%04x) should fail\n", prot_map[
i].prot);
6022 ok(
access == prot_map[
i].mapped,
"%ld: expected %#x, got %#lx\n",
i, prot_map[
i].mapped,
access);
6033 "expected STANDARD_RIGHTS_REQUIRED | SECTION_QUERY | SECTION_MAP_READ | SECTION_MAP_WRITE | SECTION_MAP_EXECUTE, got %#lx\n",
access);
6037 if (
map[
i].open_only)
continue;
6055 "Wine Test Open Mapping");
6056 ok(created_mapping !=
NULL,
"CreateFileMapping failed with error %lu\n",
GetLastError());
6065 ok(
access ==
map[
i].mapped,
"%ld: unexpected access flags %#lx, expected %#x\n",
6079 int generic, mapped;
6111 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6117 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6121 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6138 "expected THREAD_QUERY_INFORMATION|THREAD_QUERY_LIMITED_INFORMATION, got %#lx\n",
access);
6151 char cmdline[] =
"winver.exe";
6154 int generic, mapped;
6165 memset(&sti, 0,
sizeof(sti));
6166 sti.
cb =
sizeof(sti);
6189 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6196 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6200 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6204 "%ld: expected %#x, got %#lx\n",
i,
map[
i].mapped,
access);
6221 "expected PROCESS_QUERY_INFORMATION|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n",
access);
6247 "expected PROCESS_VM_OPERATION|PROCESS_VM_WRITE|PROCESS_QUERY_LIMITED_INFORMATION, got %#lx\n",
access);
6273 ok(needed ==
sizeof(
type),
"GetTokenInformation should return required buffer length\n");
6283 ok(needed ==
sizeof(sil),
"GetTokenInformation should return required buffer length\n");
6286 needed = 0xdeadbeef;
6289 ok(!
ret,
"GetTokenInformation should fail\n");
6291 ok(needed != 0xdeadbeef,
"GetTokenInformation should return required buffer length\n");
6294 needed = 0xdeadbeef;
6297 ok(!
ret,
"GetTokenInformation should fail\n");
6299 ok(needed != 0xdeadbeef,
"GetTokenInformation should return required buffer length\n");
6300 ok(needed >
sizeof(
TOKEN_OWNER),
"GetTokenInformation returned empty token owner\n");
6302 needed = 0xdeadbeef;
6305 ok(!
ret,
"GetTokenInformation should fail\n");
6307 ok(needed != 0xdeadbeef,
"GetTokenInformation should return required buffer length\n");
6308 ok(needed >
sizeof(
TOKEN_PRIMARY_GROUP),
"GetTokenInformation returned empty token primary group\n");
6322 ok(token_type ==
TokenPrimary,
"expected TokenPrimary, got %ld\n", token_type);
6323 ok(!
ret,
"access token should not be an impersonation token\n");
6329 ok(
ret,
"access token should be a valid impersonation token\n");
6368 win_skip(
"TokenIntegrityLevel not supported\n");
6400 BOOL ret, defaulted, present, found;
6422 sa.lpSecurityDescriptor =
sd;
6435 owner = (
void *)0xdeadbeef;
6439 ok( owner != (
void *)0xdeadbeef,
"owner not set\n" );
6440 ok( !defaulted,
"owner defaulted\n" );
6441 ok(
EqualSid( owner, token_owner->
Owner ),
"owner shall equal token owner\n" );
6443 group = (
void *)0xdeadbeef;
6447 ok(
group != (
void *)0xdeadbeef,
"group not set\n" );
6448 ok( !defaulted,
"group defaulted\n" );
6451 dacl = (
void *)0xdeadbeef;
6456 ok( present,
"dacl not present\n" );
6457 ok(
dacl != (
void *)0xdeadbeef,
"dacl not set\n" );
6458 ok( !defaulted,
"dacl defaulted\n" );
6465 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->
Header.
AceType );
6468 ok( found,
"owner sid not found in dacl\n" );
6477 "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
6480 ok( !found,
"DACL shall not reference token user if it is different from token owner\n" );
6483 free(
sa.lpSecurityDescriptor );
6487 free( token_primary_group );
6488 free( token_owner );
6509 tp.PrivilegeCount = 1;
6510 tp.Privileges[0].Luid = luid;
6516 ok(
len == 0xdeadbeef,
"got length %ld\n",
len);
6519 tp.PrivilegeCount = 1;
6520 tp.Privileges[0].Luid = luid;
6521 tp.Privileges[0].Attributes = 0;
6532 char acl_buf[1024], ace_buf[256];
6537 memset(ace, 0,
sizeof(ace_buf));
6569 ok(!
ret,
"AddAce succeeded\n");
6585 char buffer_acl[256];
6586 ACL *acl = (
ACL *)&buffer_acl;
6593 if (!pAddMandatoryAce)
6595 win_skip(
"AddMandatoryAce not supported, skipping test\n");
6600 ok(
ret,
"InitializeSecurityDescriptor failed with error %lu\n",
GetLastError());
6602 sa.nLength =
sizeof(
sa);
6603 sa.lpSecurityDescriptor =
sd;
6611 "Unexpected GetKernelObjectSecurity return value %u, error %lu\n",
ret,
GetLastError());
6617 sacl = (
void *)0xdeadbeef;
6621 ok(!present,
"SACL is present\n");
6622 ok(sacl == (
void *)0xdeadbeef,
"SACL is set\n");
6627 memset(buffer_acl, 0,
sizeof(buffer_acl));
6633 ok(!
ret,
"AddMandatoryAce succeeded\n");
6635 "Expected ERROR_INVALID_PARAMETER got %lu\n",
GetLastError());
6649 ok(!
ret,
"expected failure\n");
6660 "Unexpected GetKernelObjectSecurity return value %u, error %lu\n",
ret,
GetLastError());
6666 sacl = (
void *)0xdeadbeef;
6671 ok(present,
"SACL not present\n");
6672 ok(sacl != (
void *)0xdeadbeef,
"SACL not set\n");
6673 ok(!defaulted,
"SACL defaulted\n");
6676 ok(acl_size_info.
AceCount == 1,
"SACL contains an unexpected ACE count %lu\n", acl_size_info.
AceCount);
6695 "Unexpected GetKernelObjectSecurity return value %u, error %lu\n",
ret,
GetLastError());
6701 sacl = (
void *)0xdeadbeef;
6706 ok(present,
"SACL not present\n");
6707 ok(sacl != (
void *)0xdeadbeef,
"SACL not set\n");
6709 ok(!defaulted,
"SACL defaulted\n");
6727 ok(!
ret,
"expected failure\n");
6740 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
6746 sacl = (
void *)0xdeadbeef;
6751 ok(present,
"SACL not present\n");
6752 ok(sacl && sacl != (
void *)0xdeadbeef,
"SACL not set\n");
6753 ok(!defaulted,
"SACL defaulted\n");
6772 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
6778 sacl = (
void *)0xdeadbeef;
6783 ok(present,
"SACL not present\n");
6784 ok(sacl != (
void *)0xdeadbeef,
"SACL not set\n");
6786 ok(!defaulted,
"SACL defaulted\n");
6793 ret =
AllocateAndInitializeSid(&sia_world, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, (
void **)&everyone);
6807 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
6813 sacl = (
void *)0xdeadbeef;
6818 ok(present,
"SACL not present\n");
6819 ok(sacl && sacl != (
void *)0xdeadbeef,
"SACL not set\n");
6820 ok(!defaulted,
"SACL defaulted\n");
6830 static const WCHAR testkeyW[] =
6831 {
'S',
'O',
'F',
'T',
'W',
'A',
'R',
'E',
'\\',
'W',
'i',
'n',
'e',
'\\',
'S',
'A',
'C',
'L',
't',
'e',
's',
't',0};
6853 skip(
"unprivileged user\n" );
6870 win_skip(
"privilege not held\n" );
6933 PSID domain_sid = (
PSID *)&buffer1;
6937 PSID domain_sid = (
PSID *)&buffer1;
6938 PSID domain_sid2 = (
PSID *)&buffer2;
6955 win_skip(
"Failed to get current user token\n");
6961 "GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
6964 ok(bret,
"GetTokenInformation(TokenUser) failed with error %ld\n",
GetLastError());
6970 ok(!bret,
"GetWindowsAccountDomainSid succeeded\n");
6975 ok(!bret,
"GetWindowsAccountDomainSid succeeded\n");
6981 ok(!bret,
"GetWindowsAccountDomainSid succeeded\n");
6987 ok(!bret,
"GetWindowsAccountDomainSid succeeded\n");
6993 ok(!bret,
"GetWindowsAccountDomainSid succeeded\n");
6999 ok(bret,
"GetWindowsAccountDomainSid failed with error %ld\n",
GetLastError());
7003 for (
i = 0;
i < 4;
i++)
7005 ok(
EqualSid(domain_sid, domain_sid2),
"unexpected domain sid %s != %s\n",
7021 ok(!
ret,
"expected FALSE, got %u\n",
ret);
7025 ok(
id !=
NULL,
"got NULL pointer as identifier authority\n");
7030 ok(
id !=
NULL,
"got NULL pointer as identifier authority\n");
7043 memset(&statistics1, 0x11,
sizeof(statistics1));
7050 memset(&statistics2, 0x22,
sizeof(statistics2));
7052 &statistics2,
sizeof(statistics2), &retlen);
7054 "GetTokenInformation failed with %lu\n",
GetLastError());
7056 ok(!
memcmp(&statistics1, &statistics2,
sizeof(statistics1)),
"Token statistics do not match\n");
7058 win_skip(
"CurrentProcessToken not supported, skipping test\n");
7062 memset(&statistics2, 0x22,
sizeof(statistics2));
7064 &statistics2,
sizeof(statistics2), &retlen);
7066 "GetTokenInformation failed with %lu\n",
GetLastError());
7068 ok(!
memcmp(&statistics1, &statistics2,
sizeof(statistics1)),
"Token statistics do not match\n");
7070 win_skip(
"CurrentThreadEffectiveToken not supported, skipping test\n");
7074 ok(!
ret,
"OpenThreadToken should have failed\n");
7080 &statistics2,
sizeof(statistics2), &retlen);
7091 ACL *acl = (
ACL *)&buffer_acl;
7098 if (!pCreateEventExA)
7100 win_skip(
"CreateEventExA is not available\n");
7106 memset(buffer_acl, 0,
sizeof(buffer_acl));
7113 sa.lpSecurityDescriptor =
sd;
7140 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7147 ok(
ret,
"GetSecurityDescriptorControl failed with error %lu\n",
GetLastError());
7150 "Unexpected security descriptor control %#x\n",
control);
7153 "Unexpected security descriptor control %#x\n",
control);
7156 sid = (
void *)0xdeadbeef;
7160 ok(!
sid,
"Owner present\n");
7161 ok(!defaulted,
"Owner defaulted\n");
7163 sid = (
void *)0xdeadbeef;
7167 ok(!
sid,
"Group present\n");
7168 ok(!defaulted,
"Group defaulted\n");
7172 ok(present,
"No SACL in the security descriptor\n");
7173 ok(!!sacl,
"NULL SACL in the security descriptor\n");
7174 ok(!defaulted,
"SACL defaulted\n");
7175 ok(sacl->
AceCount == 1,
"SACL contains an unexpected ACE count %u\n", sacl->
AceCount);
7203 char sacl_buffer[50];
7205 ACL *sacl = (
ACL *)sacl_buffer;
7212 if (!pAddMandatoryAce)
7214 win_skip(
"Mandatory integrity control is not supported.\n");
7227 ok(level2 ==
level,
"Expected level %#lx, got %#lx.\n",
level, level2);
7235 ok(level2 ==
level,
"Expected level %#lx, got %#lx.\n",
level, level2);
7242 ok(!
ret,
"expected failure\n");
7257 attr.lpSecurityDescriptor =
sd;
7262 ok(level2 ==
level,
"Expected level %#lx, got %#lx.\n",
level, level2);
7270 ok(level2 ==
level,
"Expected level %#lx, got %#lx.\n",
level, level2);
7279 skip(
"Linked token tests crash on Vista and Win7.\n");
7287 ok(level2 ==
level,
"Expected level %#lx, got %#lx.\n",
level, level2);
7304 ACL *acl = (
ACL *)&buffer_acl, *acl2, *acl_child;
7305 BOOL defaulted, present,
ret, found;
7320 ok(
ret,
"InitializeSecurityDescriptor failed with error %lu\n",
GetLastError());
7322 memset(buffer_acl, 0,
sizeof(buffer_acl));
7336 sa.lpSecurityDescriptor =
sd;
7344 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7350 acl2 = (
void *)0xdeadbeef;
7355 ok(present,
"acl2 not present\n");
7356 ok(acl2 != (
void *)0xdeadbeef,
"acl2 not set\n");
7357 ok(acl2->AceCount == 1,
"Expected 1 ACE, got %d\n", acl2->AceCount);
7358 ok(!defaulted,
"acl2 defaulted\n");
7365 "Expected NO_PROPAGATE_INHERIT_ACE as flags, got %x\n", ace->
Header.
AceFlags);
7376 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7382 acl2 = (
void *)0xdeadbeef;
7387 ok(present,
"DACL not present\n");
7389 ok(acl2 != (
void *)0xdeadbeef,
"DACL not set\n");
7390 ok(!defaulted,
"DACL defaulted\n");
7399 ok(!found,
"Access allowed ACE was inherited\n");
7407 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7413 acl2 = (
void *)0xdeadbeef;
7418 ok(present,
"DACL not present\n");
7419 ok(acl2 != (
void *)0xdeadbeef,
"DACL not set\n");
7420 ok(!defaulted,
"DACL defaulted\n");
7436 ok(
ret,
"InitializeSecurityDescriptor failed with error %lu\n",
GetLastError());
7445 if (pAddMandatoryAce)
7455 ok(
ret,
"InitializeSecurityDescriptor failed with error %lu\n",
GetLastError());
7464 win_skip(
"SYSTEM_MANDATORY_LABEL not supported\n");
7509 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7520 ok(present,
"DACL not present\n");
7521 ok(acl && acl != (
void *)0xdeadbeef,
"Got invalid DACL\n");
7522 ok(!defaulted,
"DACL defaulted\n");
7524 ok(acl->
AceCount,
"Expected at least one ACE\n");
7530 "ACE inherited from the parent\n");
7536 if (!pAddMandatoryAce)
7538 win_skip(
"SYSTEM_MANDATORY_LABEL not supported\n");
7544 "Unexpected GetKernelObjectSecurity return value %d, error %lu\n",
ret,
GetLastError());
7555 ok(present,
"SACL not present\n");
7556 ok(acl && acl != (
void *)0xdeadbeef,
"Got invalid SACL\n");
7557 ok(!defaulted,
"SACL defaulted\n");
7558 ok(acl->
AceCount == 1,
"Expected exactly one ACE\n");
7559 ret =
GetAce(acl, 0, (
void **)&ace_label);
7564 "Low integrity level should not have been inherited\n");
7571 static const WCHAR wszCurrentUser[] = {
'C',
'U',
'R',
'R',
'E',
'N',
'T',
'_',
'U',
'S',
'E',
'R',
'\0'};
7585 res =
AllocateAndInitializeSid(&SIDAuthWorld, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &everyone_sid);
7598 ok(
count == 1,
"Expected count == 1, got %ld\n",
count);
7599 ok(access2[0].grfAccessMode ==
GRANT_ACCESS,
"Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7600 ok(access2[0].grfAccessPermissions ==
KEY_READ,
"Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7602 ok(access2[0].grfInheritance ==
NO_INHERITANCE,
"Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7603 ok(
EqualSid(access2[0].Trustee.ptstrName, users_sid),
"Expected equal SIDs\n");
7614 access.Trustee.ptstrName = everyone_sid;
7617 ok(new_acl !=
NULL,
"returned acl was NULL\n");
7622 ok(
count == 2,
"Expected count == 2, got %ld\n",
count);
7623 ok(access2[0].grfAccessMode ==
GRANT_ACCESS,
"Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7624 ok(access2[0].grfAccessPermissions ==
KEY_WRITE,
"Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7626 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].
Trustee.
TrusteeType);
7628 ok(access2[0].grfInheritance ==
NO_INHERITANCE,
"Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7629 ok(
EqualSid(access2[0].Trustee.ptstrName, everyone_sid),
"Expected equal SIDs\n");
7636 ok(new_acl !=
NULL,
"returned acl was NULL\n");
7641 ok(
count == 2,
"Expected count == 2, got %ld\n",
count);
7642 ok(access2[0].grfAccessMode ==
GRANT_ACCESS,
"Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7643 ok(access2[0].grfAccessPermissions ==
KEY_WRITE,
"Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7645 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].
Trustee.
TrusteeType);
7647 ok(access2[0].grfInheritance ==
NO_INHERITANCE,
"Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7648 ok(
EqualSid(access2[0].Trustee.ptstrName, everyone_sid),
"Expected equal SIDs\n");
7656 ok(new_acl !=
NULL,
"returned acl was NULL\n");
7661 ok(
count == 2,
"Expected count == 2, got %ld\n",
count);
7662 ok(access2[0].grfAccessMode ==
GRANT_ACCESS,
"Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7663 ok(access2[0].grfAccessPermissions ==
KEY_WRITE,
"Expected KEY_WRITE, got %ld\n", access2[0].grfAccessPermissions);
7665 "Expected TRUSTEE_IS_UNKNOWN trustee type, got %d\n", access2[0].
Trustee.
TrusteeType);
7667 ok(access2[0].grfInheritance ==
NO_INHERITANCE,
"Expected NO_INHERITANCE, got %lx\n", access2[0].grfInheritance);
7673 access.Trustee.ptstrName = users_sid;
7676 ok(new_acl !=
NULL,
"returned acl was NULL\n");
7678 access2 = (
void *)0xdeadbeef;
7681 ok(
count == 0,
"Expected count == 0, got %ld\n",
count);
7682 ok(access2 ==
NULL,
"access2 was not NULL\n");
7691 access.Trustee.ptstrName = everyone_sid;
7693 access.grfAccessPermissions = 0;
7697 ok(new_acl !=
NULL,
"returned acl was NULL\n");
7702 ok(
count == 2,
"Expected count == 2, got %ld\n",
count);
7705 ok(
FALSE,
"FIXME: access2 should not be null!\n");
7708 ok(access2[0].grfAccessMode ==
GRANT_ACCESS,
"Expected GRANT_ACCESS, got %d\n", access2[0].grfAccessMode);
7709 ok(access2[0].grfAccessPermissions ==
KEY_READ ,
"Expected KEY_READ, got %ld\n", access2[0].grfAccessPermissions);
7710 ok(
EqualSid(access2[0].Trustee.ptstrName, users_sid),
"Expected equal SIDs\n");
7711 ok(access2[1].grfAccessMode ==
DENY_ACCESS,
"Expected DENY_ACCESS, got %d\n", access2[1].grfAccessMode);
7712 ok(access2[1].grfAccessPermissions ==
KEY_WRITE,
"Expected KEY_WRITE, got %ld\n", access2[1].grfAccessPermissions);
7713 ok(
EqualSid(access2[1].Trustee.ptstrName, everyone_sid),
"Expected equal SIDs\n");
7735 buf_size =
sizeof(
buf);
7744 ok(new_sd !=
NULL,
"expected new_sd != NULL\n");
7747 new_sd = (
void *)0xdeadbeef;
7750 ok(new_sd == (
void *)0xdeadbeef,
"expected new_sd == 0xdeadbeef, got %p\n", new_sd);
7756 ok(new_sd !=
NULL,
"expected new_sd != NULL\n");
7764 PSID domainsid,
sid = sid_buffer, sid2 = sid_buffer2;
7769 ret =
AllocateAndInitializeSid(&
ident, 6,
SECURITY_NT_NON_UNIQUE, 12, 23, 34, 45, 56, 0, 0, &domainsid);
7786 size =
sizeof(sid_buffer);
7789 trace(
"Well known SID %u not supported\n",
i);
7808 size =
sizeof(sid_buffer2);
7846 char acl_buffer[200], everyone_sid_buffer[100], local_sid_buffer[100],
cmdline[300];
7849 SID *everyone_sid = (
SID *)everyone_sid_buffer;
7850 SID *local_sid = (
SID *)local_sid_buffer;
7851 ACL *acl = (
ACL *)acl_buffer;
7867 size =
sizeof(everyone_sid_buffer);
7870 size =
sizeof(local_sid_buffer);
7883 sa.lpSecurityDescriptor = &
sd;
7885 sid_attr.
Sid = local_sid;
7919 ok(!
ret,
"wait failed\n");
7927 ok(!event2,
"expected failure\n");
7936 ok(!
ret,
"expected failure\n");
7944 ret =
CreateProcessAsUserA(restricted,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
7952 ok(!
ret,
"expected failure\n");
7956 ok(!
ret,
"wait failed\n");
7980 ok(!event2,
"expected failure\n");
7988 ok(!
ret,
"expected failure\n");
7999 ok(!
ret,
"expected failure\n");
8004 ok(!
ret,
"expected failure\n");
8013#define join_process(a) join_process_(__LINE__, a)
8024 char cmdline[300], acl_buffer[200], sid_buffer[100];
8026 ACL *acl = (
ACL *)acl_buffer;
8036 size =
sizeof(sid_buffer);
8046 sa.lpSecurityDescriptor = &
sd;
8056 ret =
CreateProcessAsUserA(
NULL,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8063 ret =
CreateProcessAsUserA(GetCurrentProcessToken(),
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8070 ret =
CreateProcessAsUserA(
token,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8077 ret =
CreateProcessAsUserA(
token,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8078 ok(!
ret,
"expected failure\n");
8084 ret =
CreateProcessAsUserA(
token,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8085 ok(!
ret,
"expected failure\n");
8095 ret =
CreateProcessAsUserA(token2,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8105 ret =
CreateProcessAsUserA(token2,
NULL,
cmdline,
NULL,
NULL,
FALSE, 0,
NULL,
NULL, &
si, &
pi);
8128 ok(!
event,
"expected failure\n");
8174 ok(!
ret,
"key %p: expected failure\n",
keys[
i]);
8183 "key %p: got error %u\n",
keys[
i],
ret);
8210 char prev_privs_buffer[128], ret_privs_buffer[1024];
8243 ok(!!priv,
"Privilege should exist\n");
8251 ok(!
ret,
"expected failure\n");
8256 ok(!!priv,
"Privilege should exist\n");
8279 ok(!!priv,
"Privilege should exist\n");
8292 ok(!!priv,
"Privilege should exist\n");
8302 todo_wine ok(!priv,
"Privilege shouldn't exist\n");
8308 attr.SecurityQualityOfService = &qos;
8338 ok(!
ret,
"expected failure\n");
8340 ok(
size == 0xdeadbeef,
"got size %lu\n",
size);
8344 ok(!
ret,
"expected failure\n");
8350 ok(!
ret,
"expected failure\n");
8352 ok(
size > 0 &&
size != 0xdeadbeef,
"got size 0\n");
8358 ok(!
ret,
"expected failure\n");
8364 ok(
ret,
"expected success\n");
8375 ok(!
ret,
"expected failure\n");
8381 ok(
ret,
"expected success\n");
8392 ok(!
sid,
"expected no owner SID\n");
8393 ok(!defaulted,
"expected owner not defaulted\n");
8397 ok(!
sid,
"expected no group SID\n");
8398 ok(!defaulted,
"expected group not defaulted\n");
8402 todo_wine ok(!present,
"expected no DACL present\n");
8407 ok(!present,
"expected no SACL present\n");
8437 skip(
"test_elevation() is invalid for WS03\n");
8453 win_skip(
"Failed to get linked token.\n");
8517 ok(!
ret,
"expected failure\n");
8522 ok(!
ret,
"expected failure\n");
8578 ok(!
ret,
"expected failure\n");
8583 ok(!
ret,
"expected failure\n");
8591 ok(
type == orig_type,
"expected same type\n");
8616 ok(
type == orig_type,
"expected same type\n");
8631 char prev_privs_buffer[128], acl_buffer[256], prev_acl_buffer[256];
8655 ok(!is_member,
"not a member\n");
8662 ok(is_member,
"not a member\n");
8702 char sd_buffer[200], sid_buffer[100];
8705 SID *admin_sid = (
SID *)sid_buffer;
8716 size =
sizeof(sid_buffer);
8723 skip(
"user is not an administrator\n");
8775 ok(!
ret,
"Unexpected return value %d.\n",
ret);
8782 ok(!
ret,
"Unexpected return value %d.\n",
ret);
8790 ok(
ret,
"Unexpected return value %d.\n",
ret);
8799 BOOL present, defaulted;
8813 ok(defaulted ==
FALSE,
"got defaulted %d\n", defaulted);
DWORD WINAPI SetEntriesInAclA(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_A pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
DWORD WINAPI SetEntriesInAclW(ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_W pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
DWORD WINAPI GetExplicitEntriesFromAclW(PACL pacl, PULONG pcCountOfExplicitEntries, PEXPLICIT_ACCESS_W *pListOfExplicitEntries)
@ SE_PROVIDER_DEFINED_OBJECT
@ SE_REGISTRY_WOW64_64KEY
@ SE_REGISTRY_WOW64_32KEY
enum _SE_OBJECT_TYPE SE_OBJECT_TYPE
@ TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_NAME
@ TRUSTEE_IS_WELL_KNOWN_GROUP
static void startup(void)
static unsigned char bytes[4]
static struct sockaddr_in sa
static const WCHAR nameW[]
#define FILE_DELETE_ON_CLOSE
void account(int argc, const char *argv[])
void user(int argc, const char *argv[])
EXTERN_C NTSTATUS WINAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG)
#define RegCloseKey(hKey)
#define ERROR_INSUFFICIENT_BUFFER
#define ERROR_INVALID_FUNCTION
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessAsUserA(_In_opt_ HANDLE hToken, _In_opt_ LPCSTR lpApplicationName, _Inout_opt_ LPSTR lpCommandLine, _In_opt_ LPSECURITY_ATTRIBUTES lpProcessAttributes, _In_opt_ LPSECURITY_ATTRIBUTES lpThreadAttributes, _In_ BOOL bInheritHandles, _In_ DWORD dwCreationFlags, _In_opt_ LPVOID lpEnvironment, _In_opt_ LPCSTR lpCurrentDirectory, _In_ LPSTARTUPINFOA lpStartupInfo, _Out_ LPPROCESS_INFORMATION lpProcessInformation)
LONG WINAPI RegCreateKeyExW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey, _In_ DWORD Reserved, _In_opt_ LPWSTR lpClass, _In_ DWORD dwOptions, _In_ REGSAM samDesired, _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes, _Out_ PHKEY phkResult, _Out_opt_ LPDWORD lpdwDisposition)
LONG WINAPI RegOpenKeyExA(_In_ HKEY hKey, _In_ LPCSTR lpSubKey, _In_ DWORD ulOptions, _In_ REGSAM samDesired, _Out_ PHKEY phkResult)
LONG WINAPI RegDeleteKeyW(_In_ HKEY hKey, _In_ LPCWSTR lpSubKey)
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
NTSTATUS WINAPI LsaQueryInformationPolicy(IN LSA_HANDLE PolicyHandle, IN POLICY_INFORMATION_CLASS InformationClass, OUT PVOID *Buffer)
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
BOOL WINAPI LookupPrivilegeValueA(LPCSTR lpSystemName, LPCSTR lpName, PLUID lpLuid)
BOOL WINAPI LookupAccountSidA(LPCSTR lpSystemName, PSID lpSid, LPSTR lpName, LPDWORD cchName, LPSTR lpReferencedDomainName, LPDWORD cchReferencedDomainName, PSID_NAME_USE peUse)
DWORD WINAPI SetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
BOOL WINAPI GetUserNameW(LPWSTR lpszName, LPDWORD lpSize)
DWORD WINAPI GetSecurityInfo(HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
BOOL WINAPI GetUserNameA(LPSTR lpszName, LPDWORD lpSize)
BOOL WINAPI LookupAccountSidW(LPCWSTR pSystemName, PSID pSid, LPWSTR pAccountName, LPDWORD pdwAccountName, LPWSTR pDomainName, LPDWORD pdwDomainName, PSID_NAME_USE peUse)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
BOOL WINAPI LookupAccountNameA(LPCSTR SystemName, LPCSTR AccountName, PSID Sid, LPDWORD SidLength, LPSTR ReferencedDomainName, LPDWORD hReferencedDomainNameLength, PSID_NAME_USE SidNameUse)
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
static const ACEFLAG AceFlags[]
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI ConvertSecurityDescriptorToStringSecurityDescriptorA(PSECURITY_DESCRIPTOR SecurityDescriptor, DWORD SDRevision, SECURITY_INFORMATION Information, LPSTR *OutputString, PULONG OutputLen)
BOOL WINAPI CreateRestrictedToken(_In_ HANDLE ExistingTokenHandle, _In_ DWORD Flags, _In_ DWORD DisableSidCount, _In_reads_opt_(DisableSidCount) PSID_AND_ATTRIBUTES SidsToDisable, _In_ DWORD DeletePrivilegeCount, _In_reads_opt_(DeletePrivilegeCount) PLUID_AND_ATTRIBUTES PrivilegesToDelete, _In_ DWORD RestrictedSidCount, _In_reads_opt_(RestrictedSidCount) PSID_AND_ATTRIBUTES SidsToRestrict, _Outptr_ PHANDLE NewTokenHandle)
Creates a filtered token that is a restricted one of the regular access token. A restricted token can...
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
BOOL WINAPI SetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength)
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorA(LPCSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
BOOL WINAPI InitializeSid(PSID Sid, PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount)
BOOL WINAPI ConvertStringSidToSidA(LPCSTR StringSid, PSID *Sid)
BOOL WINAPI EqualPrefixSid(PSID pSid1, PSID pSid2)
BOOL WINAPI ImpersonateSelf(SECURITY_IMPERSONATION_LEVEL ImpersonationLevel)
BOOL WINAPI AddAccessDeniedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
BOOL WINAPI AddAce(PACL pAcl, DWORD dwAceRevision, DWORD dwStartingAceIndex, LPVOID pAceList, DWORD nAceListLength)
BOOL WINAPI MakeAbsoluteSD(PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, LPDWORD lpdwAbsoluteSecurityDescriptorSize, PACL pDacl, LPDWORD lpdwDaclSize, PACL pSacl, LPDWORD lpdwSaclSize, PSID pOwner, LPDWORD lpdwOwnerSize, PSID pPrimaryGroup, LPDWORD lpdwPrimaryGroupSize)
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
BOOL WINAPI SetThreadToken(IN PHANDLE ThreadHandle OPTIONAL, IN HANDLE TokenHandle)
BOOL WINAPI AllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority, BYTE nSubAuthorityCount, DWORD nSubAuthority0, DWORD nSubAuthority1, DWORD nSubAuthority2, DWORD nSubAuthority3, DWORD nSubAuthority4, DWORD nSubAuthority5, DWORD nSubAuthority6, DWORD nSubAuthority7, PSID *pSid)
DWORD WINAPI GetSidLengthRequired(UCHAR nSubAuthorityCount)
BOOL WINAPI IsValidSid(PSID pSid)
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
BOOL WINAPI GetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
static const SID sidWorld
BOOL WINAPI AddAccessAllowedAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD AccessMask, PSID pSid)
DWORD WINAPI GetLengthSid(PSID pSid)
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
PVOID WINAPI FreeSid(PSID pSid)
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
BOOL WINAPI SetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
BOOL WINAPI GetWindowsAccountDomainSid(PSID sid, PSID domain_sid, DWORD *size)
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
BOOL WINAPI AccessCheck(IN PSECURITY_DESCRIPTOR pSecurityDescriptor, IN HANDLE ClientToken, IN DWORD DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet OPTIONAL, IN OUT LPDWORD PrivilegeSetLength, OUT LPDWORD GrantedAccess, OUT LPBOOL AccessStatus)
BOOL WINAPI DuplicateTokenEx(IN HANDLE ExistingTokenHandle, IN DWORD dwDesiredAccess, IN LPSECURITY_ATTRIBUTES lpTokenAttributes OPTIONAL, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN TOKEN_TYPE TokenType, OUT PHANDLE DuplicateTokenHandle)
static const char * debugstr_sid(PSID sid)
DWORD WINAPI GetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
BOOL WINAPI GetFileSecurityA(LPCSTR lpFileName, SECURITY_INFORMATION RequestedInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD nLength, LPDWORD lpnLengthNeeded)
DWORD WINAPI SetNamedSecurityInfoA(LPSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID psidOwner, PSID psidGroup, PACL pDacl, PACL pSacl)
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID pSid)
BOOL WINAPI EqualDomainSid(IN PSID pSid1, IN PSID pSid2, OUT BOOL *pfEqual)
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
BOOL WINAPI AddAuditAccessAceEx(PACL pAcl, DWORD dwAceRevision, DWORD AceFlags, DWORD dwAccessMask, PSID pSid, BOOL bAuditSuccess, BOOL bAuditFailure)
BOOL WINAPI SetKernelObjectSecurity(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
BOOL WINAPI CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
BOOL WINAPI LookupPrivilegeNameA(LPCSTR lpSystemName, PLUID lpLuid, LPSTR lpName, LPDWORD cchName)
BOOL WINAPI IsValidAcl(PACL pAcl)
BOOL WINAPI ConvertStringSecurityDescriptorToSecurityDescriptorW(LPCWSTR StringSecurityDescriptor, DWORD StringSDRevision, PSECURITY_DESCRIPTOR *SecurityDescriptor, PULONG SecurityDescriptorSize)
const char * wine_dbg_sprintf(const char *format,...)
#define ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_INVALID_PARAMETER
struct _SECURITY_ATTRIBUTES SECURITY_ATTRIBUTES
#define ReadFile(a, b, c, d, e)
#define GetProcAddress(x, y)
#define INVALID_HANDLE_VALUE
#define CreateFileMappingW(a, b, c, d, e, f)
#define CreateFileA(a, b, c, d, e, f, g)
#define GetCurrentProcess()
#define ERROR_INVALID_HANDLE
#define FILE_ATTRIBUTE_NORMAL
#define ERROR_ACCESS_DENIED
static void cleanup(void)
BOOL WINAPI DeleteFileA(IN LPCSTR lpFileName)
BOOL WINAPI RemoveDirectoryA(IN LPCSTR lpPathName)
BOOL WINAPI CreateDirectoryA(IN LPCSTR lpPathName, IN LPSECURITY_ATTRIBUTES lpSecurityAttributes)
BOOL WINAPI SetFileAttributesA(LPCSTR lpFileName, DWORD dwFileAttributes)
BOOL WINAPI SetEndOfFile(HANDLE hFile)
DWORD WINAPI GetFileAttributesA(LPCSTR lpFileName)
BOOL WINAPI WriteFile(_In_ HANDLE hFile, _In_reads_bytes_opt_(nNumberOfBytesToWrite) LPCVOID lpBuffer, _In_ DWORD nNumberOfBytesToWrite, _Out_opt_ LPDWORD lpNumberOfBytesWritten, _Inout_opt_ LPOVERLAPPED lpOverlapped)
BOOL WINAPI DuplicateHandle(IN HANDLE hSourceProcessHandle, IN HANDLE hSourceHandle, IN HANDLE hTargetProcessHandle, OUT LPHANDLE lpTargetHandle, IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwOptions)
HMODULE WINAPI DECLSPEC_HOTPATCH GetModuleHandleA(LPCSTR lpModuleName)
UINT WINAPI GetWindowsDirectoryA(OUT LPSTR lpBuffer, IN UINT uSize)
DWORD WINAPI GetTempPathA(IN DWORD nBufferLength, OUT LPSTR lpBuffer)
BOOL WINAPI TerminateProcess(IN HANDLE hProcess, IN UINT uExitCode)
HANDLE WINAPI OpenProcess(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwProcessId)
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
HANDLE WINAPI DECLSPEC_HOTPATCH CreateThread(IN LPSECURITY_ATTRIBUTES lpThreadAttributes, IN DWORD dwStackSize, IN LPTHREAD_START_ROUTINE lpStartAddress, IN LPVOID lpParameter, IN DWORD dwCreationFlags, OUT LPDWORD lpThreadId)
BOOL WINAPI TerminateThread(IN HANDLE hThread, IN DWORD dwExitCode)
LANGID WINAPI GetSystemDefaultLangID(void)
int WINAPI lstrcmpA(LPCSTR str1, LPCSTR str2)
int WINAPI lstrcmpiA(LPCSTR str1, LPCSTR str2)
const WCHAR windows_dir[]
BOOL WINAPI DECLSPEC_HOTPATCH CreateProcessA(const char *app_name, char *cmd_line, SECURITY_ATTRIBUTES *process_attr, SECURITY_ATTRIBUTES *thread_attr, BOOL inherit, DWORD flags, void *env, const char *cur_dir, STARTUPINFOA *startup_info, PROCESS_INFORMATION *info)
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR descr, PSID group, BOOL defaulted)
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR descr, PSID owner, BOOL defaulted)
BOOL WINAPI SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR descr, SECURITY_DESCRIPTOR_CONTROL mask, SECURITY_DESCRIPTOR_CONTROL set)
BOOL WINAPI CheckTokenMembership(HANDLE token, PSID sid_to_check, PBOOL is_member)
BOOL WINAPI GetPrivateObjectSecurity(PSECURITY_DESCRIPTOR obj_descr, SECURITY_INFORMATION info, PSECURITY_DESCRIPTOR ret_descr, DWORD len, PDWORD ret_len)
BOOL WINAPI ImpersonateLoggedOnUser(HANDLE token)
BOOL WINAPI IsValidSecurityDescriptor(PSECURITY_DESCRIPTOR descr)
BOOL WINAPI SetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR descr, BOOL present, PACL sacl, BOOL defaulted)
BOOL WINAPI RevertToSelf(void)
BOOL WINAPI AddMandatoryAce(PACL acl, DWORD rev, DWORD flags, DWORD policy, PSID sid)
FILE *CDECL tmpfile(void)
_ACRTIMP int __cdecl memcmp(const void *, const void *, size_t)
_ACRTIMP int __cdecl atoi(const char *)
_ACRTIMP __int64 __cdecl _atoi64(const char *)
_ACRTIMP size_t __cdecl strlen(const char *)
_ACRTIMP int __cdecl strcmp(const char *, const char *)
_In_ uint64_t _In_ uint64_t _In_ uint64_t _In_opt_ traverse_ptr * tp
static PVOID Mapping[EMS_PHYSICAL_PAGES]
HANDLE NTAPI CreateFileMappingA(IN HANDLE hFile, IN LPSECURITY_ATTRIBUTES lpFileMappingAttributes, IN DWORD flProtect, IN DWORD dwMaximumSizeHigh, IN DWORD dwMaximumSizeLow, IN LPCSTR lpName)
HANDLE NTAPI OpenFileMappingA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
UINT WINAPI GetTempFileNameA(IN LPCSTR lpPathName, IN LPCSTR lpPrefixString, IN UINT uUnique, OUT LPSTR lpTempFileName)
#define STATUS_ACCESS_VIOLATION
GLuint GLuint GLsizei count
GLuint GLuint GLsizei GLenum type
GLdouble GLdouble GLdouble r
GLboolean GLboolean GLboolean b
GLenum GLuint GLenum GLsizei const GLchar * buf
GLuint GLsizei GLsizei * length
GLuint GLint GLboolean GLint GLenum access
GLenum GLenum GLenum GLenum mapping
GLfloat GLfloat GLfloat GLfloat h
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat token
HLOCAL NTAPI LocalFree(HLOCAL hMem)
#define PROCESS_SUSPEND_RESUME
#define PROCESS_TERMINATE
#define PROCESS_QUERY_INFORMATION
#define THREAD_SET_THREAD_TOKEN
#define PROCESS_CREATE_THREAD
#define THREAD_QUERY_INFORMATION
#define PROCESS_VM_OPERATION
#define PROCESS_SET_INFORMATION
#define PROCESS_CREATE_PROCESS
#define PROCESS_SET_QUOTA
#define THREAD_SET_CONTEXT
#define PROCESS_DUP_HANDLE
#define THREAD_SUSPEND_RESUME
#define THREAD_GET_CONTEXT
enum _SID_NAME_USE SID_NAME_USE
enum _SECURITY_IMPERSONATION_LEVEL SECURITY_IMPERSONATION_LEVEL
WORD SECURITY_DESCRIPTOR_CONTROL
LPSTR WINAPI lstrcatA(LPSTR lpString1, LPCSTR lpString2)
int WINAPI lstrlenA(LPCSTR lpString)
#define todo_wine_if(is_todo)
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl void winetest_pop_context(void)
void __cdecl void __cdecl void __cdecl void __cdecl void __cdecl winetest_push_context(const char *fmt,...) __WINE_PRINTF_ATTR(1
#define memcpy(s1, s2, n)
#define ERROR_ALREADY_EXISTS
#define FILE_FLAG_BACKUP_SEMANTICS
#define FILE_FLAG_DELETE_ON_CLOSE
#define ERROR_FILE_NOT_FOUND
static void test_CreateWellKnownSid(void)
static void test_pseudo_handle_security(void)
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR ObjectTypeName
static void test_GetSidIdentifierAuthority(void)
static void test_EqualDomainSid(void)
static NTSTATUS *static PUNICODE_STRING
static void test_AddMandatoryAce(void)
#define TEST_GRANTED_ACCESS(a, b)
static void test_token_attr(void)
static void test_duplicate_handle_access_child(void)
#define SE_TAKE_OWNERSHIP_PRIVILEGE
static void test_duplicate_token(void)
#define PROCESS_ALL_ACCESS_VISTA
static void test_GetExplicitEntriesFromAclW(void)
#define THREAD_QUERY_LIMITED_INFORMATION
static POBJECTS_AND_SID pObjSid
#define SE_MIN_WELL_KNOWN_PRIVILEGE
#define EVENT_QUERY_STATE
static BOOL get_sid_info(PSID psid, LPSTR *user, LPSTR *dom)
#define SE_SYSTEM_PROFILE_PRIVILEGE
#define SE_SYNC_AGENT_PRIVILEGE
#define THREAD_SET_LIMITED_INFORMATION
static void test_elevation(void)
#define SE_REMOTE_SHUTDOWN_PRIVILEGE
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
static void test_window_security(void)
static void test_kernel_objects_security(void)
static void test_GetTokenInformation(void)
static void test_CheckTokenMembership(void)
static DWORD WINAPI duplicate_handle_access_thread(void *arg)
static void test_AdjustTokenPrivileges(void)
static void test_AccessCheck(void)
static void test_AddAce(void)
static void test_create_process_token_child(void)
static void test_system_security_access(void)
#define PROCESS_ALL_ACCESS_NT4
static void test_file_security(HANDLE token)
static void test_process_security_child(void)
static void test_lookupPrivilegeName(void)
static void test_owner_equal(HANDLE Handle, PSID expected, int line)
static POBJECTS_AND_NAME_A pObjName
static void test_duplicate_handle_access(void)
static void test_EqualSid(void)
#define SE_IMPERSONATE_PRIVILEGE
#define SE_DEBUG_PRIVILEGE
#define SE_CREATE_TOKEN_PRIVILEGE
static POBJECTS_AND_SID GUID * pObjectGuid
static void test_InitializeAcl(void)
#define CHECK_SET_SECURITY(o, i, e)
static void test_default_dacl_owner_group_sid(void)
static void test_LookupAccountName(void)
static void test_process_security(void)
#define SE_SYSTEMTIME_PRIVILEGE
static void test_group_as_file_owner(void)
#define SE_CREATE_PERMANENT_PRIVILEGE
#define SE_MACHINE_ACCOUNT_PRIVILEGE
static void test_SetSecurityDescriptorControl(PSECURITY_DESCRIPTOR sec)
#define THREAD_ALL_ACCESS_NT4
static void test_IsValidSecurityDescriptor(void)
#define SE_SECURITY_PRIVILEGE
static TOKEN_USER * get_alloc_token_user(HANDLE token)
static void test_LookupAccountSid(void)
static void test_GetWindowsAccountDomainSid(void)
static void test_child_token_sd(void)
#define expect_eq(expr, value, type, format)
static ACCESS_MASK get_obj_access(HANDLE obj)
static SECURITY_DESCRIPTOR * test_get_security_descriptor(HANDLE handle, int line)
static void test_semaphore_security(HANDLE token)
#define CHECK_ONE_OF_AND_FREE(exp_str1, exp_str2)
static void test_FileSecurity(void)
static void test_inherited_dacl(PACL dacl, PSID admin_sid, PSID user_sid, DWORD flags, DWORD mask, BOOL todo_count, BOOL todo_sid, BOOL todo_flags, int line)
#define SE_AUDIT_PRIVILEGE
static void test_ConvertStringSecurityDescriptor(void)
#define SEMAPHORE_QUERY_STATE
#define TEST_GRANTED_ACCESS2(a, b, c)
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE
static void join_process_(int line, const PROCESS_INFORMATION *pi)
static void test_CreateDirectoryA(void)
static void test_maximum_allowed(void)
#define SE_MANAGE_VOLUME_PRIVILEGE
static TOKEN_OWNER * get_alloc_token_owner(HANDLE token)
#define SE_INC_BASE_PRIORITY_PRIVILEGE
static const struct well_known_sid_value well_known_sid_values[]
static void test_GetNamedSecurityInfoA(void)
static void test_GetUserNameW(void)
static void test_GetSecurityInfo(void)
static void test_lookupPrivilegeValue(void)
static void test_GetUserNameA(void)
static void test_impersonation_level(void)
static void test_event_security(HANDLE token)
static void check_token_label(HANDLE token, DWORD *level, BOOL sacl_inherited)
static void test_PrivateObjectSecurity(void)
static void test_GetSidSubAuthority(void)
static void test_create_process_token(void)
#define SE_UNDOCK_PRIVILEGE
static void test_TokenIntegrityLevel(void)
static void test_mutex_security(HANDLE token)
static TOKEN_PRIMARY_GROUP * get_alloc_token_primary_group(HANDLE token)
static void test_SetEntriesInAclW(void)
static void test_token_security_descriptor(void)
#define SE_SHUTDOWN_PRIVILEGE
#define SE_LOCK_MEMORY_PRIVILEGE
static void test_token_label(void)
#define SE_BACKUP_PRIVILEGE
#define SE_RESTORE_PRIVILEGE
static void test_pseudo_tokens(void)
#define PROCESS_QUERY_LIMITED_INFORMATION
static void test_default_handle_security(HANDLE token, HANDLE handle, GENERIC_MAPPING *mapping)
static void test_sid_str(PSID *sid)
static void get_nt_pathW(const char *name, UNICODE_STRING *nameW)
static POBJECTS_AND_SID GUID GUID * pInheritedObjectGuid
static void test_CreateRestrictedToken(void)
static void test_allocateLuid(void)
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE
static void test_named_pipe_security(HANDLE token)
static void test_SetEntriesInAclA(void)
static void test_trustee(void)
static void test_ConvertSecurityDescriptorToString(void)
static void test_security_descriptor(void)
static void test_thread_security(void)
static void check_different_token(HANDLE token1, HANDLE token2)
static void test_filemap_security(void)
#define SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_ENABLE_DELEGATION_PRIVILEGE
static void check_wellknown_name(const char *name, WELL_KNOWN_SID_TYPE result)
#define CHECK_RESULT_AND_FREE(exp_str)
static BOOL validate_impersonation_token(HANDLE token, DWORD *token_type)
#define SE_INCREASE_QUOTA_PRIVILEGE
static void test_BuildSecurityDescriptorW(void)
#define SE_LOAD_DRIVER_PRIVILEGE
static const LUID_AND_ATTRIBUTES * find_privilege(const TOKEN_PRIVILEGES *privs, const LUID *luid)
static void validate_default_security_descriptor(SECURITY_DESCRIPTOR *sd)
static void test_granted_access(HANDLE handle, ACCESS_MASK access, ACCESS_MASK alt, int line)
#define SE_MAX_WELL_KNOWN_PRIVILEGE
#define SE_CREATE_GLOBAL_PRIVILEGE
static void test_ConvertStringSidToSid(void)
static void test_GetKernelObjectSecurity(void)
static NTSTATUS *static PWSTR CURDIR *static HMODULE hmod
#define THREAD_ALL_ACCESS_VISTA
static POBJECTS_AND_NAME_A SE_OBJECT_TYPE LPSTR LPSTR InheritedObjectTypeName
static void test_process_access(void)
#define SE_CREATE_PAGEFILE_PRIVILEGE
static void test_group_equal(HANDLE Handle, PSID expected, int line)
D3D11_SHADER_VARIABLE_DESC desc
static PROCESS_INFORMATION pi
static const char filler[0x1000]
static HINSTANCE hkernel32
static WCHAR computer_name[MAX_COMPUTERNAME_LENGTH+1]
static WCHAR user_name[UNLEN+1]
static HANDLE PIO_APC_ROUTINE PVOID PIO_STATUS_BLOCK io
static void ULONG ULONG * ret_size
static SCRIPT_CACHE SCRIPT_ANALYSIS * psa
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
struct _ACCESS_ALLOWED_ACE ACCESS_ALLOWED_ACE
DWORD SECURITY_INFORMATION
#define MUTANT_ALL_ACCESS
#define MUTANT_QUERY_STATE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
_In_ ACCESS_MASK _In_opt_ POBJECT_ATTRIBUTES _In_ BOOLEAN _In_ TOKEN_TYPE TokenType
#define SE_GROUP_USE_FOR_DENY_ONLY
#define SE_GROUP_INTEGRITY_ENABLED
#define SE_GROUP_INTEGRITY
#define SE_GROUP_LOGON_ID
#define SE_GROUP_MANDATORY
#define SE_GROUP_ENABLED_BY_DEFAULT
HANDLE WINAPI CreateNamedPipeA(LPCSTR lpName, DWORD dwOpenMode, DWORD dwPipeMode, DWORD nMaxInstances, DWORD nOutBufferSize, DWORD nInBufferSize, DWORD nDefaultTimeOut, LPSECURITY_ATTRIBUTES lpSecurityAttributes)
#define SPECIFIC_RIGHTS_ALL
#define SECTION_MAP_EXECUTE
#define THREAD_ALL_ACCESS
#define SECTION_MAP_WRITE
#define FILE_ATTRIBUTE_READONLY
#define FILE_GENERIC_EXECUTE
#define FILE_ATTRIBUTE_COMPRESSED
#define ACCESS_SYSTEM_SECURITY
#define PAGE_EXECUTE_READ
#define SECTION_ALL_ACCESS
#define FILE_READ_ATTRIBUTES
#define PROCESS_ALL_ACCESS
NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING DestinationString, PANSI_STRING SourceString, BOOLEAN AllocateDestinationString)
#define FILE_DELETE_CHILD
#define FILE_SHARE_DELETE
#define STANDARD_RIGHTS_READ
#define STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_WRITE
#define FILE_ATTRIBUTE_ARCHIVE
#define PAGE_EXECUTE_WRITECOPY
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
#define STANDARD_RIGHTS_EXECUTE
NTSTATUS NTAPI NtCreateFile(OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength)
#define THREAD_SET_INFORMATION
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
#define FILE_GENERIC_READ
#define PAGE_EXECUTE_READWRITE
#define FILE_GENERIC_WRITE
#define STANDARD_RIGHTS_REQUIRED
#define FILE_ATTRIBUTE_NOT_CONTENT_INDEXED
#define STATUS_GENERIC_NOT_MAPPED
#define FILE_FLAG_FIRST_PIPE_INSTANCE
@ PolicyAccountDomainInformation
#define POLICY_VIEW_LOCAL_INFORMATION
#define POLICY_ALL_ACCESS
#define OBJ_CASE_INSENSITIVE
int winetest_get_mainargs(char ***pargv)
#define wait_child_process
#define _WIN32_WINNT_WIN10
#define _WIN32_WINNT_WS03
#define _WIN32_WINNT_WIN7
#define _WIN32_WINNT_VISTA
DWORD WINAPI BuildSecurityDescriptorW(IN PTRUSTEE_W pOwner OPTIONAL, IN PTRUSTEE_W pGroup OPTIONAL, IN ULONG cCountOfAccessEntries, IN PEXPLICIT_ACCESS_W pListOfAccessEntries OPTIONAL, IN ULONG cCountOfAuditEntries, IN PEXPLICIT_ACCESS_W pListOfAuditEntries OPTIONAL, IN PSECURITY_DESCRIPTOR pOldSD OPTIONAL, OUT PULONG pSizeNewSD, OUT PSECURITY_DESCRIPTOR *pNewSD)
BOOL WINAPI GetSecurityDescriptorControl(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSECURITY_DESCRIPTOR_CONTROL pControl, LPDWORD lpdwRevision)
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
#define STATUS_BUFFER_TOO_SMALL
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
BOOL WINAPI SHIM_OBJ_NAME() GetComputerNameA(LPSTR lpBuffer, LPDWORD lpnSize)
static char tmpdir[MAX_PATH]
DWORD grfAccessPermissions
ACCESS_MODE grfAccessMode
DWORD grfAccessPermissions
ACCESS_MODE grfAccessMode
char max[SECURITY_MAX_SID_SIZE]
LPSTR InheritedObjectTypeName
SE_OBJECT_TYPE ObjectType
GUID InheritedObjectTypeGuid
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
LPVOID lpSecurityDescriptor
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
SID_IDENTIFIER_AUTHORITY IdentifierAuthority
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
struct _TRUSTEE_A * pMultipleTrustee
struct _TRUSTEE_W * pMultipleTrustee
MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation
SID_IDENTIFIER_AUTHORITY auth
DWORD WINAPI WaitForSingleObject(IN HANDLE hHandle, IN DWORD dwMilliseconds)
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventA(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCSTR lpName OPTIONAL)
HANDLE WINAPI DECLSPEC_HOTPATCH CreateMutexA(IN LPSECURITY_ATTRIBUTES lpMutexAttributes OPTIONAL, IN BOOL bInitialOwner, IN LPCSTR lpName OPTIONAL)
HANDLE WINAPI DECLSPEC_HOTPATCH OpenEventA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
HANDLE WINAPI DECLSPEC_HOTPATCH CreateSemaphoreA(IN LPSECURITY_ATTRIBUTES lpSemaphoreAttributes OPTIONAL, IN LONG lInitialCount, IN LONG lMaximumCount, IN LPCSTR lpName OPTIONAL)
HANDLE WINAPI DECLSPEC_HOTPATCH OpenMutexA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
HANDLE WINAPI DECLSPEC_HOTPATCH OpenSemaphoreA(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCSTR lpName)
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
#define FIELD_OFFSET(t, f)
#define STATUS_ACCESS_DENIED
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
#define success(from, fromstr, to, tostr)
#define SEMAPHORE_MODIFY_STATE
#define PIPE_ACCESS_INBOUND
DWORD WINAPI GetLastError(void)
#define STARTF_USESHOWWINDOW
HANDLE WINAPI GetCurrentThread(void)
#define NMPWAIT_USE_DEFAULT_WAIT
#define PIPE_ACCESS_DUPLEX
DWORD WINAPI GetCurrentThreadId(void)
#define EVENT_MODIFY_STATE
DWORD WINAPI GetCurrentProcessId(void)
#define SEMAPHORE_ALL_ACCESS
#define PIPE_ACCESS_OUTBOUND
#define PIPE_UNLIMITED_INSTANCES
_In_ PSID _Out_writes_to_opt_ cchName LPSTR _Inout_ LPDWORD cchName
#define MUTEX_MODIFY_STATE
_In_ ULONG _In_ ULONG_PTR ident
#define ERROR_INVALID_SECURITY_DESCR
#define ERROR_INVALID_DATATYPE
#define ERROR_TRUSTED_DOMAIN_FAILURE
#define ERROR_BAD_TOKEN_TYPE
#define ERROR_NON_DOMAIN_SID
#define ERROR_UNKNOWN_REVISION
#define RPC_S_INVALID_STRING_UUID
#define ERROR_NO_SUCH_PRIVILEGE
#define ERROR_INVALID_ACL
#define ERROR_CANT_OPEN_ANONYMOUS
#define ERROR_BAD_DESCRIPTOR_FORMAT
#define ERROR_NO_SECURITY_ON_OBJECT
#define ERROR_NO_IMPERSONATION_TOKEN
#define ERROR_BAD_IMPERSONATION_LEVEL
#define ERROR_INVALID_SID
#define ERROR_GENERIC_NOT_MAPPED
#define ERROR_NO_SUCH_LOGON_SESSION
#define RPC_S_SERVER_UNAVAILABLE
#define ERROR_TRUSTED_RELATIONSHIP_FAILURE
#define RPC_S_INVALID_NET_ADDR
#define ERROR_PRIVILEGE_NOT_HELD
#define ERROR_NONE_MAPPED
#define PROCESS_SET_LIMITED_INFORMATION
@ TokenElevationTypeLimited
@ TokenElevationTypeDefault
#define HKEY_LOCAL_MACHINE
#define HKEY_CURRENT_CONFIG
#define HKEY_CURRENT_USER
#define HKEY_PERFORMANCE_DATA
#define HKEY_CLASSES_ROOT
HDESK WINAPI GetThreadDesktop(_In_ DWORD)
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define DUPLICATE_SAME_ACCESS
_Out_ PBOOLEAN _Out_ PBOOLEAN _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
_In_opt_ PVOID _In_opt_ PUNICODE_STRING _In_ PSECURITY_DESCRIPTOR _In_ PACCESS_STATE _In_ BOOLEAN _In_ BOOLEAN AccessGranted
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
#define VALID_INHERIT_FLAGS
#define LABEL_SECURITY_INFORMATION
#define CONTAINER_INHERIT_ACE
#define DOMAIN_ALIAS_RID_USERS
#define TOKEN_QUERY_SOURCE
#define SE_OWNER_DEFAULTED
#define DOMAIN_GROUP_RID_SCHEMA_ADMINS
#define SECURITY_BUILTIN_DOMAIN_RID
#define DOMAIN_USER_RID_ADMIN
#define DACL_SECURITY_INFORMATION
#define SE_SACL_PROTECTED
#define SE_DACL_DEFAULTED
struct _TOKEN_USER TOKEN_USER
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
#define SE_DACL_PROTECTED
#define SE_DACL_AUTO_INHERITED
#define SECURITY_WORLD_SID_AUTHORITY
#define TOKEN_ADJUST_PRIVILEGES
#define DOMAIN_GROUP_RID_CONTROLLERS
#define DOMAIN_GROUP_RID_COMPUTERS
#define SECURITY_WORLD_RID
#define DOMAIN_GROUP_RID_POLICY_ADMINS
#define SECURITY_STATIC_TRACKING
#define ACCESS_ALLOWED_ACE_TYPE
#define SECURITY_MANDATORY_LABEL_AUTHORITY
#define SECURITY_LOCAL_SYSTEM_RID
#define SE_DACL_AUTO_INHERIT_REQ
#define DOMAIN_GROUP_RID_GUESTS
#define OWNER_SECURITY_INFORMATION
#define DOMAIN_USER_RID_GUEST
#define SE_SACL_DEFAULTED
struct _SECURITY_DESCRIPTOR_RELATIVE SECURITY_DESCRIPTOR_RELATIVE
#define SE_SACL_AUTO_INHERITED
#define SECURITY_NT_AUTHORITY
#define DOMAIN_ALIAS_RID_RAS_SERVERS
#define DOMAIN_GROUP_RID_CERT_ADMINS
#define OBJECT_INHERIT_ACE
@ TokenImpersonationLevel
#define TOKEN_ASSIGN_PRIMARY
#define SYSTEM_MANDATORY_LABEL_NO_EXECUTE_UP
#define NO_PROPAGATE_INHERIT_ACE
#define SECURITY_MANDATORY_HIGH_RID
#define TOKEN_ADJUST_DEFAULT
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SECURITY_DESCRIPTOR_REVISION
* PSID_IDENTIFIER_AUTHORITY
#define TOKEN_ADJUST_GROUPS
#define SYSTEM_MANDATORY_LABEL_NO_WRITE_UP
#define SE_SACL_AUTO_INHERIT_REQ
#define GROUP_SECURITY_INFORMATION
#define ACE_OBJECT_TYPE_PRESENT
#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS
#define TOKEN_IMPERSONATE
#define SE_PRIVILEGE_ENABLED
#define SECURITY_DESCRIPTOR_MIN_LENGTH
#define SE_GROUP_DEFAULTED
#define PRIVILEGE_SET_ALL_NECESSARY
#define SID_MAX_SUB_AUTHORITIES
#define SACL_SECURITY_INFORMATION
#define SE_RM_CONTROL_VALID
#define DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_GROUP_RID_ADMINS
#define SE_PRIVILEGE_REMOVED
#define SECURITY_DESCRIPTOR_REVISION1
#define SECURITY_MANDATORY_MEDIUM_RID
#define SECURITY_MANDATORY_LOW_RID
struct _PRIVILEGE_SET PRIVILEGE_SET
#define SECURITY_MAX_SID_SIZE
#define SECURITY_NT_NON_UNIQUE
#define DOMAIN_GROUP_RID_USERS
1.9.6