11static GUID ObjectType = {0x12345678, 0x1234, 0x5678, {0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88}};
12static GUID ChildObjectType = {0x23456789, 0x2345, 0x6786, {0x2, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99}};
33 trace(
"Failed to get current process token (Status 0x%08lx)\n",
Status);
57 trace(
"Failed to duplicate token (Status 0x%08lx)\n",
Status);
62 return DuplicatedToken;
73 ULONG PrivilegeSetLength;
94 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
95 if (PrivilegeSet ==
NULL)
97 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
119 skip(
"Failed to get token, skipping tests\n");
142 skip(
"Failed to get token, skipping tests\n");
179 skip(
"Failed to get token, skipping tests\n");
215 skip(
"Failed to create a security descriptor, skipping tests\n");
259 "STATUS_ACCESS_VIOLATION or STATUS_INVALID_SECURITY_DESCR expected, got 0x%lx\n",
Status);
263 ObjTypeList[0].
Sbz = 0;
282 ObjTypeList[0].
Sbz = 0;
286 ObjTypeList[1].
Sbz = 0;
304 ObjTypeList[0].
Level = 0xa;
305 ObjTypeList[0].
Sbz = 0;
324 ObjTypeList[0].
Sbz = 0;
328 ObjTypeList[1].
Sbz = 0;
365 ULONG PrivilegeSetLength;
373 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
374 if (PrivilegeSet ==
NULL)
376 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
393 skip(
"Failed to create Admins SID, skipping tests\n");
410 skip(
"Failed to create User SID, skipping tests\n");
417 skip(
"Failed to get token, skipping tests\n");
424 skip(
"Failed to create a security descriptor, skipping tests\n");
435 ObjTypeList[0].
Sbz = 0;
439 ObjTypeList[1].
Sbz = 0;
460 ok(PrivilegeSet !=
NULL,
"PrivilegeSet is NULL when it mustn't be!\n");
461 ok(PrivilegeSetLength != 0,
"PrivilegeSetLength mustn't be 0!\n");
478 ok(PrivilegeSet !=
NULL,
"PrivilegeSet is NULL when it mustn't be!\n");
479 ok(PrivilegeSetLength != 0,
"PrivilegeSetLength mustn't be 0!\n");
499 ok(PrivilegeSet !=
NULL,
"PrivilegeSet is NULL when it mustn't be!\n");
500 ok(PrivilegeSetLength != 0,
"PrivilegeSetLength mustn't be 0!\n");
532 ULONG PrivilegeSetLength;
542 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
543 if (PrivilegeSet ==
NULL)
545 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
562 skip(
"Failed to create Everyone SID, skipping tests\n");
579 skip(
"Failed to create Admins SID, skipping tests\n");
596 skip(
"Failed to create User SID, skipping tests\n");
603 skip(
"Failed to get token, skipping tests\n");
610 skip(
"Failed to create a security descriptor, skipping tests\n");
622 skip(
"Failed to allocate memory for DACL, skipping tests\n");
635 skip(
"Failed to create DACL, skipping tests\n");
655 skip(
"Failed to allocate memory for DACL, skipping tests\n");
664 skip(
"Failed to create DACL, skipping tests\n");
678 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
691 skip(
"Failed to add allowed object ACE for Admins SID, skipping tests\n");
702 ObjTypeList[0].
Sbz = 0;
706 ObjTypeList[1].
Sbz = 0;
724 ok(PrivilegeSet !=
NULL,
"PrivilegeSet is NULL when it mustn't be!\n");
725 ok(PrivilegeSetLength != 0,
"PrivilegeSetLength mustn't be 0!\n");
742 ok(PrivilegeSet !=
NULL,
"PrivilegeSet is NULL when it mustn't be!\n");
743 ok(PrivilegeSetLength != 0,
"PrivilegeSetLength mustn't be 0!\n");
785 ULONG PrivilegeSetLength;
792 GUID ChildObjectType2 = {0x34578901, 0x3456, 0x7896, {0x3, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0x00}};
793 GUID ChildObjectType3 = {0x45678901, 0x4567, 0x1122, {0x4, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x01}};
794 GUID ChildObjectType4 = {0x56788901, 0x1111, 0x2222, {0x5, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x02}};
795 GUID ChildObjectType5 = {0x67901234, 0x2222, 0x3333, {0x4, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x03}};
799 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
800 if (PrivilegeSet ==
NULL)
802 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
819 skip(
"Failed to create Everyone SID, skipping tests\n");
836 skip(
"Failed to create Admins SID, skipping tests\n");
853 skip(
"Failed to create User SID, skipping tests\n");
860 skip(
"Failed to get token, skipping tests\n");
867 skip(
"Failed to create a security descriptor, skipping tests\n");
883 skip(
"Failed to allocate memory for DACL, skipping tests\n");
892 skip(
"Failed to create DACL, skipping tests\n");
906 skip(
"Failed to add allowed object ACE for Admins SID, skipping tests\n");
919 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
932 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
945 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
958 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
971 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
982 ObjTypeList[0].
Sbz = 0;
986 ObjTypeList[1].
Sbz = 0;
990 ObjTypeList[2].
Sbz = 0;
991 ObjTypeList[2].
ObjectType = &ChildObjectType2;
994 ObjTypeList[3].
Sbz = 0;
995 ObjTypeList[3].
ObjectType = &ChildObjectType3;
998 ObjTypeList[4].
Sbz = 0;
999 ObjTypeList[4].
ObjectType = &ChildObjectType4;
1002 ObjTypeList[5].
Sbz = 0;
1003 ObjTypeList[5].
ObjectType = &ChildObjectType5;
1014 &PrivilegeSetLength,
1029 &PrivilegeSetLength,
1044 &PrivilegeSetLength,
1059 &PrivilegeSetLength,
1074 &PrivilegeSetLength,
1089 &PrivilegeSetLength,
1124 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
1136 ULONG PrivilegeSetLength;
1146 PrivilegeSet =
RtlAllocateHeap(RtlGetProcessHeap(), 0, PrivilegeSetLength);
1147 if (PrivilegeSet ==
NULL)
1149 skip(
"Failed to allocate PrivilegeSet, skipping tests\n");
1166 skip(
"Failed to create Everyone SID, skipping tests\n");
1183 skip(
"Failed to create Admins SID, skipping tests\n");
1200 skip(
"Failed to create User SID, skipping tests\n");
1207 skip(
"Failed to get token, skipping tests\n");
1214 skip(
"Failed to create a security descriptor, skipping tests\n");
1227 skip(
"Failed to allocate memory for DACL, skipping tests\n");
1236 skip(
"Failed to create DACL, skipping tests\n");
1253 skip(
"Failed to add deny object ACE for Admins SID, skipping tests\n");
1266 skip(
"Failed to add deny object ACE for Everyone SID, skipping tests\n");
1279 skip(
"Failed to add allowed object ACE for Everyone SID, skipping tests\n");
1290 ObjTypeList[0].
Sbz = 0;
1294 ObjTypeList[1].
Sbz = 0;
1306 &PrivilegeSetLength,
1321 &PrivilegeSetLength,
1337 &PrivilegeSetLength,
1372 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
static SID_IDENTIFIER_AUTHORITY WorldAuthority
static VOID AccessGrantedMultipleObjectsTests(VOID)
static VOID DenyAccessTests(VOID)
static HANDLE GetTokenProcess(_In_ BOOLEAN WantImpersonateLevel, _In_ BOOLEAN WantImpersonateType)
static SID_IDENTIFIER_AUTHORITY NtAuthority
static VOID AccessGrantedNoDaclTests(VOID)
static GENERIC_MAPPING RegMapping
static VOID AccessGrantedTests(VOID)
static VOID ParamsValidationTests(VOID)
static GUID ChildObjectType
NTSTATUS NTAPI NtAccessCheckByType(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_opt_ PSID PrincipalSelfSid, _In_ HANDLE ClientToken, _In_ ACCESS_MASK DesiredAccess, _In_reads_opt_(ObjectTypeListLength) POBJECT_TYPE_LIST ObjectTypeList, _In_ ULONG ObjectTypeListLength, _In_ PGENERIC_MAPPING GenericMapping, _Out_writes_bytes_(*PrivilegeSetLength) PPRIVILEGE_SET PrivilegeSet, _Inout_ PULONG PrivilegeSetLength, _Out_ PACCESS_MASK GrantedAccess, _Out_ PNTSTATUS AccessStatus)
Determines whether security access can be granted to a client that requests such access on the object...
#define ok_hex(expression, result)
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
#define STATUS_INVALID_HANDLE
#define NT_SUCCESS(StatCode)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
#define InitializeObjectAttributes(p, n, a, r, s)
struct _ACCESS_ALLOWED_OBJECT_ACE ACCESS_ALLOWED_OBJECT_ACE
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce(_Inout_ PACL pAcl, _In_ ULONG dwAceRevision, _In_ ULONG AceFlags, _In_ ACCESS_MASK AccessMask, _In_opt_ GUID *ObjectTypeGuid, _In_opt_ GUID *InheritedObjectTypeGuid, _In_ PSID pSid)
#define NtCurrentProcess()
#define KEY_ENUMERATE_SUB_KEYS
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
NTSTATUS NTAPI NtOpenProcessToken(IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle)
#define STATUS_NO_IMPERSONATION_TOKEN
#define STATUS_INVALID_SECURITY_DESCR
#define STATUS_ACCESS_VIOLATION
#define STATUS_GENERIC_NOT_MAPPED
#define STATUS_REVISION_MISMATCH
#define STATUS_BAD_IMPERSONATION_LEVEL
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtDuplicateToken(_In_ HANDLE ExistingTokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ BOOLEAN EffectiveOnly, _In_ TOKEN_TYPE TokenType, _Out_ PHANDLE NewTokenHandle)
Duplicates a token.
#define FIELD_OFFSET(t, f)
#define STATUS_ACCESS_DENIED
#define STATUS_INVALID_PARAMETER
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK _Out_ PNTSTATUS AccessStatus
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET _In_ PGENERIC_MAPPING _In_ KPROCESSOR_MODE _Out_ PACCESS_MASK GrantedAccess
#define DOMAIN_ALIAS_RID_USERS
#define SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_WORLD_SID_AUTHORITY
#define SECURITY_WORLD_RID
#define SECURITY_NT_AUTHORITY
#define SECURITY_DESCRIPTOR_REVISION
struct _ACCESS_DENIED_OBJECT_ACE ACCESS_DENIED_OBJECT_ACE
#define ACCESS_PROPERTY_SET_GUID
#define DOMAIN_ALIAS_RID_ADMINS
#define ACCESS_OBJECT_GUID
#define ACCESS_PROPERTY_GUID