780{
785 ULONG PrivilegeSetLength;
792 GUID ChildObjectType2 = {0x34578901, 0x3456, 0x7896, {0x3, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00}};
793 GUID ChildObjectType3 = {0x45678901, 0x4567, 0x1122, {0x4, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x01}};
794 GUID ChildObjectType4 = {0x56788901, 0x1111, 0x2222, {0x5, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x02}};
795 GUID ChildObjectType5 = {0x67901234, 0x2222, 0x3333, {0x4, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x03}};
796
797
799 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
800 if (PrivilegeSet ==
NULL)
801 {
802 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
803 return;
804 }
805
807 1,
809 0,
810 0,
811 0,
812 0,
813 0,
814 0,
815 0,
816 &EveryoneSid);
818 {
819 skip(
"Failed to create Everyone SID, skipping tests\n");
820 goto Quit;
821 }
822
824 2,
827 0,
828 0,
829 0,
830 0,
831 0,
832 0,
835 {
836 skip(
"Failed to create Admins SID, skipping tests\n");
837 goto Quit;
838 }
839
841 2,
844 0,
845 0,
846 0,
847 0,
848 0,
849 0,
850 &UsersSid);
852 {
853 skip(
"Failed to create User SID, skipping tests\n");
854 goto Quit;
855 }
856
859 {
860 skip(
"Failed to get token, skipping tests\n");
861 goto Quit;
862 }
863
866 {
867 skip(
"Failed to create a security descriptor, skipping tests\n");
868 goto Quit;
869 }
870
882 {
883 skip(
"Failed to allocate memory for DACL, skipping tests\n");
884 goto Quit;
885 }
886
891 {
892 skip(
"Failed to create DACL, skipping tests\n");
893 goto Quit;
894 }
895
896
899 0,
905 {
906 skip(
"Failed to add allowed object ACE for Admins SID, skipping tests\n");
907 goto Quit;
908 }
909
912 0,
916 EveryoneSid);
918 {
919 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
920 goto Quit;
921 }
922
925 0,
927 &ChildObjectType2,
929 EveryoneSid);
931 {
932 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
933 goto Quit;
934 }
935
938 0,
940 &ChildObjectType3,
942 EveryoneSid);
944 {
945 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
946 goto Quit;
947 }
948
951 0,
953 &ChildObjectType4,
955 EveryoneSid);
957 {
958 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
959 goto Quit;
960 }
961
964 0,
966 &ChildObjectType5,
968 EveryoneSid);
970 {
971 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
972 goto Quit;
973 }
974
975
979
980
982 ObjTypeList[0].
Sbz = 0;
984
986 ObjTypeList[1].
Sbz = 0;
988
990 ObjTypeList[2].
Sbz = 0;
991 ObjTypeList[2].
ObjectType = &ChildObjectType2;
992
994 ObjTypeList[3].
Sbz = 0;
995 ObjTypeList[3].
ObjectType = &ChildObjectType3;
996
998 ObjTypeList[4].
Sbz = 0;
999 ObjTypeList[4].
ObjectType = &ChildObjectType4;
1000
1002 ObjTypeList[5].
Sbz = 0;
1003 ObjTypeList[5].
ObjectType = &ChildObjectType5;
1004
1005
1010 ObjTypeList,
1013 PrivilegeSet,
1014 &PrivilegeSetLength,
1020
1025 ObjTypeList,
1028 PrivilegeSet,
1029 &PrivilegeSetLength,
1035
1040 ObjTypeList,
1043 PrivilegeSet,
1044 &PrivilegeSetLength,
1050
1055 ObjTypeList,
1058 PrivilegeSet,
1059 &PrivilegeSetLength,
1065
1070 ObjTypeList,
1073 PrivilegeSet,
1074 &PrivilegeSetLength,
1080
1085 ObjTypeList,
1088 PrivilegeSet,
1089 &PrivilegeSetLength,
1095
1096Quit:
1098 {
1100 }
1101
1103 {
1105 }
1106
1107 if (UsersSid)
1108 {
1110 }
1111
1113 {
1115 }
1116
1117 if (EveryoneSid)
1118 {
1120 }
1121
1122 if (PrivilegeSet)
1123 {
1124 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
1125 }
1126}
static SID_IDENTIFIER_AUTHORITY WorldAuthority
static HANDLE GetTokenProcess(_In_ BOOLEAN WantImpersonateLevel, _In_ BOOLEAN WantImpersonateType)
static SID_IDENTIFIER_AUTHORITY NtAuthority
static GENERIC_MAPPING RegMapping
static GUID ChildObjectType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
#define NT_SUCCESS(StatCode)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _ACCESS_ALLOWED_OBJECT_ACE ACCESS_ALLOWED_OBJECT_ACE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
#define FIELD_OFFSET(t, f)
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define DOMAIN_ALIAS_RID_USERS
#define SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_WORLD_RID
#define SECURITY_DESCRIPTOR_REVISION
#define ACCESS_PROPERTY_SET_GUID
#define DOMAIN_ALIAS_RID_ADMINS
#define ACCESS_OBJECT_GUID
#define ACCESS_PROPERTY_GUID