ReactOS 0.4.16-dev-937-g7afcd2a
Functions
RtlRemovePrivileges.c File Reference
#include "precomp.h"
Include dependency graph for RtlRemovePrivileges.c:

Go to the source code of this file.

Functions

 START_TEST (RtlRemovePrivileges)
 

Function Documentation

◆ START_TEST()

START_TEST ( RtlRemovePrivileges  )

Definition at line 10 of file RtlRemovePrivileges.c.

11{
12#if (NTDDI_VERSION >= NTDDI_VISTA)
13 NTSTATUS Status;
14 HANDLE TokenHandle, TestTokenHandle;
15 ULONG ReturnLength;
16 UCHAR Buffer
17 [sizeof(TOKEN_PRIVILEGES) +
18 sizeof(LUID_AND_ATTRIBUTES) * (SE_MAX_WELL_KNOWN_PRIVILEGE - SE_MIN_WELL_KNOWN_PRIVILEGE)];
19 PTOKEN_PRIVILEGES Privileges;
20 ULONG PrivilegesToKeep[2];
21
22 /* Duplicate current process token to run this test */
23 Status = NtOpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &TokenHandle);
24 if (!NT_SUCCESS(Status))
25 {
26 ok(0, "Failed to open current process token with TOKEN_DUPLICATE access (Status code %lx)!\n", Status);
27 return;
28 }
29
30 Status = NtDuplicateToken(TokenHandle, TOKEN_ALL_ACCESS, NULL, FALSE, TokenPrimary, &TestTokenHandle);
31 NtClose(TokenHandle);
32 if (!NT_SUCCESS(Status))
33 {
34 ok(0, "Failed to duplicate current process token (Status code %lx)!\n", Status);
35 return;
36 }
37
38 /* Retrieve token privileges, we need at least 3 privileges to run following tests */
39 Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);
40 if (!NT_SUCCESS(Status))
41 {
42 NtClose(TestTokenHandle);
43 ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);
44 return;
45 }
46 Privileges = (PTOKEN_PRIVILEGES)Buffer;
47 if (Privileges->PrivilegeCount < 3)
48 {
49 NtClose(TestTokenHandle);
50 ok(0, "No enough privileges to run the test (Number of privilege: %lu)!\n", Privileges->PrivilegeCount);
51 return;
52 }
53
54 /* Remove all privileges except 2nd and 3rd privileges, this should succeed */
55 PrivilegesToKeep[0] = Privileges->Privileges[1].Luid.LowPart;
56 PrivilegesToKeep[1] = Privileges->Privileges[2].Luid.LowPart;
57 Status = RtlRemovePrivileges(TestTokenHandle, PrivilegesToKeep, ARRAYSIZE(PrivilegesToKeep));
58
59 /* Do not use NT_SUCCESS, RtlRemovePrivileges may returns STATUS_NOT_ALL_ASSIGNED */
60 if (Status != STATUS_SUCCESS)
61 {
62 NtClose(TestTokenHandle);
63 ok_ntstatus(Status, STATUS_SUCCESS);
64 return;
65 }
66
67 /* Now, only two privileges we kept should be present */
68 Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);
69 if (!NT_SUCCESS(Status))
70 {
71 NtClose(TestTokenHandle);
72 ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);
73 return;
74 }
75 ok(Privileges->PrivilegeCount == ARRAYSIZE(PrivilegesToKeep),
76 "Number of privileges after RtlRemovePrivileges is %lu, expected %u\n", Privileges->PrivilegeCount,
77 ARRAYSIZE(PrivilegesToKeep));
78 ok(PrivilegesToKeep[0] + PrivilegesToKeep[1] ==
79 Privileges->Privileges[0].Luid.LowPart + Privileges->Privileges[1].Luid.LowPart,
80 "Incorrect privileges kept by RtlRemovePrivileges: %lu and %lu, expected %lu and %lu",
81 Privileges->Privileges[0].Luid.LowPart, Privileges->Privileges[1].Luid.LowPart, PrivilegesToKeep[0],
82 PrivilegesToKeep[1]);
83
84 /* Remove all privileges, this should succeed */
85 Status = RtlRemovePrivileges(TestTokenHandle, NULL, 0);
86
87 /* Do not use NT_SUCCESS, RtlRemovePrivileges may returns STATUS_NOT_ALL_ASSIGNED */
88 if (Status != STATUS_SUCCESS)
89 {
90 NtClose(TestTokenHandle);
91 ok_ntstatus(Status, STATUS_SUCCESS);
92 return;
93 }
94
95 /* Now, no privilege should be present */
96 Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);
97 if (!NT_SUCCESS(Status))
98 {
99 NtClose(TestTokenHandle);
100 ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);
101 return;
102 }
103 ok(Privileges->PrivilegeCount == 0, "There are %lu privileges still exist after RtlRemovePrivileges\n",
104 Privileges->PrivilegeCount);
105
106 NtClose(TestTokenHandle);
107 return;
108#else
109 skip("RtlRemovePrivileges available on NT6.0+ (NTDDI_VERSION >= NTDDI_VISTA)");
110#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
111}
ReturnLength
_In_ PVOID _In_ ULONG _Out_ PVOID _In_ ULONG _Inout_ PULONG ReturnLength
Definition: KdSystemDebugControl.c:34
ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
ok
#define ok(value,...)
Definition: atltest.h:57
skip
#define skip(...)
Definition: atltest.h:64
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Buffer
Definition: bufpool.h:45
NULL
#define NULL
Definition: types.h:112
FALSE
#define FALSE
Definition: types.h:117
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
Status
Status
Definition: gdiplustypes.h:25
TokenPrimary
@ TokenPrimary
Definition: imports.h:273
SE_MIN_WELL_KNOWN_PRIVILEGE
#define SE_MIN_WELL_KNOWN_PRIVILEGE
Definition: security.c:655
SE_MAX_WELL_KNOWN_PRIVILEGE
#define SE_MAX_WELL_KNOWN_PRIVILEGE
Definition: security.c:685
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
RtlRemovePrivileges
NTSYSAPI NTSTATUS NTAPI RtlRemovePrivileges(_In_ HANDLE TokenHandle, _In_reads_opt_(PrivilegeCount) _When_(PrivilegeCount !=0, _Notnull_) PULONG PrivilegesToKeep, _In_ ULONG PrivilegeCount)
Removes all privileges in the specified access token.
Definition: priv.c:515
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_LUID_AND_ATTRIBUTES
Definition: setypes.h:73
_TOKEN_PRIVILEGES
Definition: setypes.h:1022
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:926
TOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
TokenPrivileges
@ TokenPrivileges
Definition: setypes.h:968
PTOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES
TOKEN_ALL_ACCESS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:946
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181