d9/d33/RtlRemovePrivileges_8c_source.html

/*

 * PROJECT:         ReactOS api tests

 * LICENSE:         See COPYING in the top level directory

 * PURPOSE:         Test for RtlRemovePrivileges

 * PROGRAMMER:      Ratin Gao <ratin@knsoft.org>

 */


#include "precomp.h"


START_TEST(RtlRemovePrivileges)

{

#if (NTDDI_VERSION >= NTDDI_VISTA)

    NTSTATUS Status;

    HANDLE TokenHandle, TestTokenHandle;

    ULONG ReturnLength;

    UCHAR Buffer

        [sizeof(TOKEN_PRIVILEGES) +

         sizeof(LUID_AND_ATTRIBUTES) * (SE_MAX_WELL_KNOWN_PRIVILEGE - SE_MIN_WELL_KNOWN_PRIVILEGE)];

    PTOKEN_PRIVILEGES Privileges;

    ULONG PrivilegesToKeep[2];


    /* Duplicate current process token to run this test */

    Status = NtOpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &TokenHandle);

    if (!NT_SUCCESS(Status))

    {

        ok(0, "Failed to open current process token with TOKEN_DUPLICATE access (Status code %lx)!\n", Status);

        return;

    }


    Status = NtDuplicateToken(TokenHandle, TOKEN_ALL_ACCESS, NULL, FALSE, TokenPrimary, &TestTokenHandle);

    NtClose(TokenHandle);

    if (!NT_SUCCESS(Status))

    {

        ok(0, "Failed to duplicate current process token (Status code %lx)!\n", Status);

        return;

    }


    /* Retrieve token privileges, we need at least 3 privileges to run following tests */

    Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);

    if (!NT_SUCCESS(Status))

    {

        NtClose(TestTokenHandle);

        ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);

        return;

    }

    Privileges = (PTOKEN_PRIVILEGES)Buffer;

    if (Privileges->PrivilegeCount < 3)

    {

        NtClose(TestTokenHandle);

        ok(0, "No enough privileges to run the test (Number of privilege: %lu)!\n", Privileges->PrivilegeCount);

        return;

    }


    /* Remove all privileges except 2nd and 3rd privileges, this should succeed */

    PrivilegesToKeep[0] = Privileges->Privileges[1].Luid.LowPart;

    PrivilegesToKeep[1] = Privileges->Privileges[2].Luid.LowPart;

    Status = RtlRemovePrivileges(TestTokenHandle, PrivilegesToKeep, ARRAYSIZE(PrivilegesToKeep));


    /* Do not use NT_SUCCESS, RtlRemovePrivileges may returns STATUS_NOT_ALL_ASSIGNED */

    if (Status != STATUS_SUCCESS)

    {

        NtClose(TestTokenHandle);

        ok_ntstatus(Status, STATUS_SUCCESS);

        return;

    }


    /* Now, only two privileges we kept should be present */

    Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);

    if (!NT_SUCCESS(Status))

    {

        NtClose(TestTokenHandle);

        ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);

        return;

    }

    ok(Privileges->PrivilegeCount == ARRAYSIZE(PrivilegesToKeep),

       "Number of privileges after RtlRemovePrivileges is %lu, expected %u\n", Privileges->PrivilegeCount,

       ARRAYSIZE(PrivilegesToKeep));

    ok(PrivilegesToKeep[0] + PrivilegesToKeep[1] ==

           Privileges->Privileges[0].Luid.LowPart + Privileges->Privileges[1].Luid.LowPart,

       "Incorrect privileges kept by RtlRemovePrivileges: %lu and %lu, expected %lu and %lu",

       Privileges->Privileges[0].Luid.LowPart, Privileges->Privileges[1].Luid.LowPart, PrivilegesToKeep[0],

       PrivilegesToKeep[1]);


    /* Remove all privileges, this should succeed */

    Status = RtlRemovePrivileges(TestTokenHandle, NULL, 0);


    /* Do not use NT_SUCCESS, RtlRemovePrivileges may returns STATUS_NOT_ALL_ASSIGNED */

    if (Status != STATUS_SUCCESS)

    {

        NtClose(TestTokenHandle);

        ok_ntstatus(Status, STATUS_SUCCESS);

        return;

    }


    /* Now, no privilege should be present */

    Status = NtQueryInformationToken(TestTokenHandle, TokenPrivileges, Buffer, sizeof(Buffer), &ReturnLength);

    if (!NT_SUCCESS(Status))

    {

        NtClose(TestTokenHandle);

        ok(0, "Failed to retrieve token privileges (Status code %lx)!\n", Status);

        return;

    }

    ok(Privileges->PrivilegeCount == 0, "There are %lu privileges still exist after RtlRemovePrivileges\n",

       Privileges->PrivilegeCount);


    NtClose(TestTokenHandle);

    return;

#else

    skip("RtlRemovePrivileges available on NT6.0+ (NTDDI_VERSION >= NTDDI_VISTA)");

#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */

}

ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135

ok
#define ok(value,...)
Definition: atltest.h:57

skip
#define skip(...)
Definition: atltest.h:64

START_TEST
#define START_TEST(x)
Definition: atltest.h:75

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Buffer
Definition: bufpool.h:45

NULL
#define NULL
Definition: types.h:112

FALSE
#define FALSE
Definition: types.h:117

NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32

ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47

GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759

ReturnLength
IN CINT OUT PVOID IN ULONG OUT PULONG ReturnLength
Definition: dumpinfo.c:43

Status
Status
Definition: gdiplustypes.h:25

void
Definition: nsiface.idl:2307

TokenPrimary
@ TokenPrimary
Definition: imports.h:273

SE_MIN_WELL_KNOWN_PRIVILEGE
#define SE_MIN_WELL_KNOWN_PRIVILEGE
Definition: security.c:655

SE_MAX_WELL_KNOWN_PRIVILEGE
#define SE_MAX_WELL_KNOWN_PRIVILEGE
Definition: security.c:685

TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726

RtlRemovePrivileges
NTSYSAPI NTSTATUS NTAPI RtlRemovePrivileges(_In_ HANDLE TokenHandle, _In_reads_opt_(PrivilegeCount) _When_(PrivilegeCount !=0, _Notnull_) PULONG PrivilegesToKeep, _In_ ULONG PrivilegeCount)
Removes all privileges in the specified access token.
Definition: priv.c:515

NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402

NtOpenProcessToken
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
Definition: security.c:350

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

_LUID_AND_ATTRIBUTES
Definition: setypes.h:73

_TOKEN_PRIVILEGES
Definition: setypes.h:1022

NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473

NtDuplicateToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
Definition: tokenlif.c:1869

ULONG
uint32_t ULONG
Definition: typedefs.h:59

precomp.h

Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:926

TOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES

TokenPrivileges
@ TokenPrivileges
Definition: setypes.h:968

PTOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES * PTOKEN_PRIVILEGES

TOKEN_ALL_ACCESS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:946

UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181