ReactOS 0.4.15-dev-7928-g68a8619
NtAdjustPrivilegesToken.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS API tests
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Tests for the NtAdjustPrivilegesToken API
5 * COPYRIGHT: Copyright 2021 George Bișoc <george.bisoc@reactos.org>
6 */
7
8#include "precomp.h"
9
10static
11BOOL
12IsPrivilegeEnabled(
13 _In_ HANDLE TokenHandle,
14 _In_ ULONG Privilege)
15{
16 PRIVILEGE_SET PrivSet;
17 BOOL Result, Success;
18 LUID Priv;
19
20 ConvertPrivLongToLuid(Privilege, &Priv);
21
22 PrivSet.PrivilegeCount = 1;
23 PrivSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
24 PrivSet.Privilege[0].Luid = Priv;
25 PrivSet.Privilege[0].Attributes = 0;
26
27 Success = PrivilegeCheck(TokenHandle, &PrivSet, &Result);
28 if (!Success)
29 {
30 skip("Failed to check the privilege (error code: %lu)\n", GetLastError());
31 return FALSE;
32 }
33
34 return Result;
35}
36
37static
38VOID
39AdjustEnableDefaultPriv(VOID)
40{
41 NTSTATUS Status;
42 HANDLE Token;
43 TOKEN_PRIVILEGES Priv;
44 BOOL Success, IsEnabled;
45 LUID PrivLuid;
46
47 Success = OpenProcessToken(GetCurrentProcess(),
48 TOKEN_READ | TOKEN_ADJUST_PRIVILEGES,
49 &Token);
50 if (!Success)
51 {
52 skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
53 return;
54 }
55
56 Success = LookupPrivilegeValueW(NULL, L"SeImpersonatePrivilege", &PrivLuid);
57 if (!Success)
58 {
59 skip("LookupPrivilegeValueW() has failed to locate the privilege value (error code: %lu)!\n", GetLastError());
60 return;
61 }
62
63 Priv.PrivilegeCount = 1;
64 Priv.Privileges[0].Luid = PrivLuid;
65 Priv.Privileges[0].Attributes = 0;
66
67 IsEnabled = IsPrivilegeEnabled(Token, SE_IMPERSONATE_PRIVILEGE);
68 trace("The privilege is %s!\n", IsEnabled ? "enabled" : "disabled");
69
70 Status = NtAdjustPrivilegesToken(Token,
71 FALSE,
72 &Priv,
73 0,
74 NULL,
75 NULL);
76 ok_hex(Status, STATUS_SUCCESS);
77
78 IsEnabled = IsPrivilegeEnabled(Token, SE_IMPERSONATE_PRIVILEGE);
79 trace("The privilege is %s!\n", IsEnabled ? "enabled" : "disabled");
80
81 CloseHandle(Token);
82}
83
84START_TEST(NtAdjustPrivilegesToken)
85{
86 AdjustEnableDefaultPriv();
87}
IsPrivilegeEnabled
static BOOL IsPrivilegeEnabled(_In_ HANDLE TokenHandle, _In_ ULONG Privilege)
Definition: NtAdjustPrivilegesToken.c:12
AdjustEnableDefaultPriv
static VOID AdjustEnableDefaultPriv(VOID)
Definition: NtAdjustPrivilegesToken.c:39
ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94
trace
#define trace
Definition: atltest.h:70
skip
#define skip(...)
Definition: atltest.h:64
START_TEST
#define START_TEST(x)
Definition: atltest.h:75
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NULL
#define NULL
Definition: types.h:112
FALSE
#define FALSE
Definition: types.h:117
LookupPrivilegeValueW
BOOL WINAPI LookupPrivilegeValueW(LPCWSTR lpSystemName, LPCWSTR lpPrivilegeName, PLUID lpLuid)
Definition: misc.c:782
PrivilegeCheck
BOOL WINAPI PrivilegeCheck(HANDLE ClientToken, PPRIVILEGE_SET RequiredPrivileges, LPBOOL pfResult)
Definition: security.c:2066
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
CloseHandle
#define CloseHandle
Definition: compat.h:739
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
Success
@ Success
Definition: eventcreate.c:712
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
IsEnabled
return pProvider IsEnabled(ProviderControl)
Status
Status
Definition: gdiplustypes.h:25
ConvertPrivLongToLuid
#define ConvertPrivLongToLuid(PrivilegeVal, ConvertedPrivLuid)
Definition: precomp.h:44
SE_IMPERSONATE_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
_In_
#define _In_
Definition: ms_sal.h:308
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
L
#define L(x)
Definition: ntvdm.h:50
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
_LUID
Definition: devicetopology.idl:137
_PRIVILEGE_SET
Definition: setypes.h:85
_PRIVILEGE_SET::Privilege
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
_PRIVILEGE_SET::Control
$ULONG Control
Definition: setypes.h:87
_PRIVILEGE_SET::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:86
_TOKEN_PRIVILEGES
Definition: setypes.h:1022
_TOKEN_PRIVILEGES::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:1023
_TOKEN_PRIVILEGES::Privileges
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:1024
NtAdjustPrivilegesToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtAdjustPrivilegesToken(_In_ HANDLE TokenHandle, _In_ BOOLEAN DisableAllPrivileges, _In_opt_ PTOKEN_PRIVILEGES NewState, _In_ ULONG BufferLength, _Out_writes_bytes_to_opt_(BufferLength, *ReturnLength) PTOKEN_PRIVILEGES PreviousState, _When_(PreviousState!=NULL, _Out_) PULONG ReturnLength)
Removes a certain amount of privileges of a token based upon the request by the caller.
Definition: tokenadj.c:451
ULONG
uint32_t ULONG
Definition: typedefs.h:59
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409
TOKEN_ADJUST_PRIVILEGES
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:930
TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:951
PRIVILEGE_SET_ALL_NECESSARY
#define PRIVILEGE_SET_ALL_NECESSARY
Definition: setypes.h:83