ReactOS 0.4.15-dev-7889-g76290a6
CmSecurity.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS kernel-mode tests
3 * LICENSE: LGPLv2+ - See COPYING.LIB in the top level directory
4 * PURPOSE: Kernel-Mode Test Suite NPFS security test
5 * PROGRAMMER: Thomas Faber <thomas.faber@reactos.org>
6 */
7
8#include <kmt_test.h>
9#include "../ntos_se/se.h"
10
11#define CheckKeySecurity(name, AceCount, ...) CheckKeySecurity_(name, AceCount, __FILE__, __LINE__, ##__VA_ARGS__)
12#define CheckKeySecurity_(name, AceCount, file, line, ...) CheckKeySecurity__(name, AceCount, file ":" KMT_STRINGIZE(line), ##__VA_ARGS__)
13static
14VOID
17 _In_ ULONG AceCount,
18 _In_ PCSTR FileAndLine,
19 ...)
20{
22 UNICODE_STRING KeyNameString;
26 ULONG SecurityDescriptorSize;
27 PSID Owner;
28 PSID Group;
29 PACL Dacl;
30 PACL Sacl;
31 BOOLEAN Present;
32 BOOLEAN Defaulted;
33 va_list Arguments;
34
35 RtlInitUnicodeString(&KeyNameString, KeyName);
37 &KeyNameString,
39 NULL,
40 NULL);
41 Status = ZwOpenKey(&KeyHandle,
45 if (skip(NT_SUCCESS(Status), "No key (%ls)\n", KeyName))
46 {
47 return;
48 }
49
50 Status = ZwQuerySecurityObject(KeyHandle,
52 NULL,
53 0,
54 &SecurityDescriptorSize);
56 if (skip(Status == STATUS_BUFFER_TOO_SMALL, "No security size (%ls)\n", KeyName))
57 {
59 return;
60 }
61
63 SecurityDescriptorSize,
64 'dSmK');
65 ok(SecurityDescriptor != NULL, "Failed to allocate %lu bytes\n", SecurityDescriptorSize);
66 if (skip(SecurityDescriptor != NULL, "No memory for descriptor (%ls)\n", KeyName))
67 {
69 return;
70 }
71
72 Status = ZwQuerySecurityObject(KeyHandle,
75 SecurityDescriptorSize,
76 &SecurityDescriptorSize);
78 if (NT_SUCCESS(Status))
79 {
80 Owner = NULL;
82 &Owner,
83 &Defaulted);
85 ok(Defaulted == FALSE, "Owner defaulted for %ls\n", KeyName);
86
87 Group = NULL;
89 &Group,
90 &Defaulted);
92 ok(Defaulted == FALSE, "Group defaulted for %ls\n", KeyName);
93
94 Dacl = NULL;
96 &Present,
97 &Dacl,
98 &Defaulted);
100 ok(Present == TRUE, "DACL not present for %ls\n", KeyName);
101 ok(Defaulted == FALSE, "DACL defaulted for %ls\n", KeyName);
102 va_start(Arguments, FileAndLine);
103 VCheckAcl__(Dacl, AceCount, FileAndLine, Arguments);
104 va_end(Arguments);
105
106 Sacl = NULL;
108 &Present,
109 &Sacl,
110 &Defaulted);
112 ok(Present == FALSE, "SACL present for %ls\n", KeyName);
113 ok(Defaulted == FALSE, "SACL defaulted for %ls\n", KeyName);
114 ok(Sacl == NULL, "Sacl is %p for %ls\n", Sacl, KeyName);
115 }
118}
119
120START_TEST(CmSecurity)
121{
123 PSID TerminalServerSid;
124
125 TerminalServerSid = ExAllocatePoolWithTag(PagedPool,
127 'iSmK');
128 if (TerminalServerSid != NULL)
129 {
130 RtlInitializeSid(TerminalServerSid, &NtSidAuthority, 1);
131 *RtlSubAuthoritySid(TerminalServerSid, 0) = SECURITY_TERMINAL_SERVER_RID;
132 }
133 CheckKeySecurity(L"\\REGISTRY",
138
139 CheckKeySecurity(L"\\REGISTRY\\MACHINE",
144
145 CheckKeySecurity(L"\\REGISTRY\\MACHINE\\HARDWARE",
150
151 CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SAM",
156
157 CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SECURITY",
160
161 CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SOFTWARE",
177 ACCESS_ALLOWED_ACE_TYPE, 0, TerminalServerSid, KEY_READ | KEY_WRITE | DELETE,
180
181 CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SYSTEM",
197
198 CheckKeySecurity(L"\\REGISTRY\\USER",
203
204 CheckKeySecurity(L"\\REGISTRY\\USER\\.DEFAULT",
220
221 CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-18",
237
238 CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-20",
255
256 if (TerminalServerSid != NULL)
257 {
258 ExFreePoolWithTag(TerminalServerSid, 'iSmK');
259 }
260}
static VOID CheckKeySecurity__(_In_ PCWSTR KeyName, _In_ ULONG AceCount, _In_ PCSTR FileAndLine,...)
Definition: CmSecurity.c:15
#define CheckKeySecurity(name, AceCount,...)
Definition: CmSecurity.c:11
unsigned char BOOLEAN
char * va_list
Definition: acmsvcex.h:78
#define va_end(ap)
Definition: acmsvcex.h:90
#define va_start(ap, A)
Definition: acmsvcex.h:91
#define ok_eq_hex(value, expected)
Definition: apitest.h:77
#define ok(value,...)
Definition: atltest.h:57
#define skip(...)
Definition: atltest.h:64
#define START_TEST(x)
Definition: atltest.h:75
LONG NTSTATUS
Definition: precomp.h:26
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define GENERIC_READ
Definition: compat.h:135
#define ExAllocatePoolWithTag(hernya, size, tag)
Definition: env_spec_w32.h:350
#define PagedPool
Definition: env_spec_w32.h:308
Status
Definition: gdiplustypes.h:25
#define OBJ_KERNEL_HANDLE
Definition: winternl.h:231
#define ExFreePoolWithTag(_P, _T)
Definition: module.h:1109
VOID VCheckAcl__(_In_ PACL Acl, _In_ ULONG AceCount, _In_ PCSTR FileAndLine, _In_ va_list Arguments)
Definition: SeHelpers.c:128
#define NO_SIZE
Definition: se.h:29
#define CheckSid(Sid, SidSize, ExpectedSid)
Definition: se.h:31
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define _In_
Definition: ms_sal.h:308
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
#define KernelMode
Definition: asm.h:34
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
_In_opt_ PSID Group
Definition: rtlfuncs.h:1646
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN SaclPresent, _Out_ PACL *Sacl, _Out_ PBOOLEAN SaclDefaulted)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor(_In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _Out_ PBOOLEAN DaclPresent, _Out_ PACL *Dacl, _Out_ PBOOLEAN DaclDefaulted)
#define WRITE_DAC
Definition: nt_native.h:59
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define KEY_READ
Definition: nt_native.h:1023
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define GENERIC_ALL
Definition: nt_native.h:92
#define DELETE
Definition: nt_native.h:57
#define KEY_WRITE
Definition: nt_native.h:1031
#define READ_CONTROL
Definition: nt_native.h:58
#define GENERIC_WRITE
Definition: nt_native.h:90
NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted)
Definition: sd.c:280
NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted)
Definition: sd.c:257
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
#define L(x)
Definition: ntvdm.h:50
NTSTATUS NTAPI ObCloseHandle(IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode)
Definition: obhandle.c:3379
static SID_IDENTIFIER_AUTHORITY NtSidAuthority
Definition: samrpc.c:14
PSE_EXPORTS SeExports
Definition: semgr.c:21
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
PSID SeAliasAdminsSid
Definition: setypes.h:1229
PSID SeAliasUsersSid
Definition: setypes.h:1230
PSID SeCreatorOwnerSid
Definition: setypes.h:1221
PSID SeRestrictedSid
Definition: setypes.h:1238
PSID SeNetworkServiceSid
Definition: setypes.h:1244
PSID SeWorldSid
Definition: setypes.h:1219
PSID SeAliasPowerUsersSid
Definition: setypes.h:1232
PSID SeLocalSystemSid
Definition: setypes.h:1228
const uint16_t * PCWSTR
Definition: typedefs.h:57
const char * PCSTR
Definition: typedefs.h:52
uint32_t ULONG
Definition: typedefs.h:59
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
#define SECURITY_TERMINAL_SERVER_RID
Definition: setypes.h:570
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126