ReactOS  0.4.14-dev-614-gbfd8a84
CmSecurity.c File Reference
#include <kmt_test.h>
#include "../ntos_se/se.h"
Include dependency graph for CmSecurity.c:

Go to the source code of this file.

Macros

#define CheckKeySecurity(name, AceCount, ...)   CheckKeySecurity_(name, AceCount, __FILE__, __LINE__, ##__VA_ARGS__)
 
#define CheckKeySecurity_(name, AceCount, file, line, ...)   CheckKeySecurity__(name, AceCount, file ":" KMT_STRINGIZE(line), ##__VA_ARGS__)
 

Functions

static VOID CheckKeySecurity__ (_In_ PCWSTR KeyName, _In_ ULONG AceCount, _In_ PCSTR FileAndLine,...)
 
 START_TEST (CmSecurity)
 

Macro Definition Documentation

◆ CheckKeySecurity

#define CheckKeySecurity (   name,
  AceCount,
  ... 
)    CheckKeySecurity_(name, AceCount, __FILE__, __LINE__, ##__VA_ARGS__)

Definition at line 11 of file CmSecurity.c.

◆ CheckKeySecurity_

#define CheckKeySecurity_ (   name,
  AceCount,
  file,
  line,
  ... 
)    CheckKeySecurity__(name, AceCount, file ":" KMT_STRINGIZE(line), ##__VA_ARGS__)

Definition at line 12 of file CmSecurity.c.

Function Documentation

◆ CheckKeySecurity__()

static VOID CheckKeySecurity__ ( _In_ PCWSTR  KeyName,
_In_ ULONG  AceCount,
_In_ PCSTR  FileAndLine,
  ... 
)
static

Definition at line 15 of file CmSecurity.c.

20 {
22  UNICODE_STRING KeyNameString;
26  ULONG SecurityDescriptorSize;
27  PSID Owner;
28  PSID Group;
29  PACL Dacl;
30  PACL Sacl;
31  BOOLEAN Present;
32  BOOLEAN Defaulted;
33  va_list Arguments;
34 
35  RtlInitUnicodeString(&KeyNameString, KeyName);
37  &KeyNameString,
39  NULL,
40  NULL);
41  Status = ZwOpenKey(&KeyHandle,
45  if (skip(NT_SUCCESS(Status), "No key (%ls)\n", KeyName))
46  {
47  return;
48  }
49 
50  Status = ZwQuerySecurityObject(KeyHandle,
52  NULL,
53  0,
54  &SecurityDescriptorSize);
56  if (skip(Status == STATUS_BUFFER_TOO_SMALL, "No security size (%ls)\n", KeyName))
57  {
59  return;
60  }
61 
63  SecurityDescriptorSize,
64  'dSmK');
65  ok(SecurityDescriptor != NULL, "Failed to allocate %lu bytes\n", SecurityDescriptorSize);
66  if (skip(SecurityDescriptor != NULL, "No memory for descriptor (%ls)\n", KeyName))
67  {
69  return;
70  }
71 
72  Status = ZwQuerySecurityObject(KeyHandle,
75  SecurityDescriptorSize,
76  &SecurityDescriptorSize);
78  if (NT_SUCCESS(Status))
79  {
80  Owner = NULL;
82  &Owner,
83  &Defaulted);
85  ok(Defaulted == FALSE, "Owner defaulted for %ls\n", KeyName);
86 
87  Group = NULL;
89  &Group,
90  &Defaulted);
92  ok(Defaulted == FALSE, "Group defaulted for %ls\n", KeyName);
93 
94  Dacl = NULL;
96  &Present,
97  &Dacl,
98  &Defaulted);
100  ok(Present == TRUE, "DACL not present for %ls\n", KeyName);
101  ok(Defaulted == FALSE, "DACL defaulted for %ls\n", KeyName);
102  va_start(Arguments, FileAndLine);
103  VCheckAcl__(Dacl, AceCount, FileAndLine, Arguments);
104  va_end(Arguments);
105 
106  Sacl = NULL;
108  &Present,
109  &Sacl,
110  &Defaulted);
112  ok(Present == FALSE, "SACL present for %ls\n", KeyName);
113  ok(Defaulted == FALSE, "SACL defaulted for %ls\n", KeyName);
114  ok(Sacl == NULL, "Sacl is %p for %ls\n", Sacl, KeyName);
115  }
118 }
PSID SeAliasAdminsSid
Definition: setypes.h:1175
VOID VCheckAcl__(_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine, _In_ va_list Arguments)
Definition: SeHelpers.c:128
#define CheckSid(Sid, SidSize, ExpectedSid)
Definition: se.h:46
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
#define TRUE
Definition: types.h:120
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
LONG NTSTATUS
Definition: precomp.h:26
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
#define va_end(ap)
Definition: acmsvcex.h:90
PSE_EXPORTS SeExports
Definition: semgr.c:18
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
char * va_list
Definition: acmsvcex.h:78
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3376
Definition: trio.c:380
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
#define ok(value,...)
Definition: atltest.h:57
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define va_start(ap, A)
Definition: acmsvcex.h:91
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
#define skip(...)
Definition: atltest.h:64
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define ok_eq_hex(value, expected)
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
PSID SeLocalSystemSid
Definition: setypes.h:1174

◆ START_TEST()

START_TEST ( CmSecurity  )

Definition at line 120 of file CmSecurity.c.

121 {
123  PSID TerminalServerSid;
124 
125  TerminalServerSid = ExAllocatePoolWithTag(PagedPool,
127  'iSmK');
128  if (TerminalServerSid != NULL)
129  {
130  RtlInitializeSid(TerminalServerSid, &NtSidAuthority, 1);
131  *RtlSubAuthoritySid(TerminalServerSid, 0) = SECURITY_TERMINAL_SERVER_RID;
132  }
133  CheckKeySecurity(L"\\REGISTRY",
138 
139  CheckKeySecurity(L"\\REGISTRY\\MACHINE",
144 
145  CheckKeySecurity(L"\\REGISTRY\\MACHINE\\HARDWARE",
150 
151  CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SAM",
156 
157  CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SECURITY",
160 
161  CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SOFTWARE",
177  ACCESS_ALLOWED_ACE_TYPE, 0, TerminalServerSid, KEY_READ | KEY_WRITE | DELETE,
179  CONTAINER_INHERIT_ACE, TerminalServerSid, GENERIC_READ | GENERIC_WRITE | DELETE);
180 
181  CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SYSTEM",
197 
198  CheckKeySecurity(L"\\REGISTRY\\USER",
203 
204  CheckKeySecurity(L"\\REGISTRY\\USER\\.DEFAULT",
220 
221  CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-18",
237 
238  CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-20",
255 
256  if (TerminalServerSid != NULL)
257  {
258  ExFreePoolWithTag(TerminalServerSid, 'iSmK');
259  }
260 }
PSID SeAliasAdminsSid
Definition: setypes.h:1175
#define GENERIC_ALL
Definition: nt_native.h:92
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:542
#define KEY_READ
Definition: nt_native.h:1023
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
PSE_EXPORTS SeExports
Definition: semgr.c:18
#define GENERIC_WRITE
Definition: nt_native.h:90
PSID SeNetworkServiceSid
Definition: setypes.h:1190
smooth NULL
Definition: ftsmooth.c:416
static SID_IDENTIFIER_AUTHORITY NtSidAuthority
Definition: samrpc.c:14
PSID SeAliasPowerUsersSid
Definition: setypes.h:1178
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define KEY_WRITE
Definition: nt_native.h:1031
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:715
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:685
#define WRITE_DAC
Definition: nt_native.h:59
#define READ_CONTROL
Definition: nt_native.h:58
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
static const WCHAR L[]
Definition: oid.c:1250
#define GENERIC_READ
Definition: compat.h:124
PSID SeAliasUsersSid
Definition: setypes.h:1176
PSID SeCreatorOwnerSid
Definition: setypes.h:1167
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define CheckKeySecurity(name, AceCount,...)
Definition: CmSecurity.c:11
PSID SeRestrictedSid
Definition: setypes.h:1184
#define INHERIT_ONLY_ACE
Definition: setypes.h:717
PSID SeWorldSid
Definition: setypes.h:1165
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1099
#define OBJECT_INHERIT_ACE
Definition: setypes.h:714
PSID SeLocalSystemSid
Definition: setypes.h:1174
#define DELETE
Definition: nt_native.h:57
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54