ReactOS 0.4.15-dev-7934-g1dc8d80
Functions
NtSetInformationToken.c File Reference
#include "precomp.h"
Include dependency graph for NtSetInformationToken.c:

Go to the source code of this file.

Functions

static HANDLE OpenCurrentToken (VOID)
 
static PTOKEN_DEFAULT_DACL QueryOriginalDefaultDacl (_In_ HANDLE Token, _Out_ PULONG DaclLength)
 
static PACL CreateNewDefaultDacl (_Out_ PULONG DaclLength)
 
static VOID SetTokenDefaultDaclTests (_In_ HANDLE Token)
 
static VOID SetTokenSessionIdTests (_In_ HANDLE Token)
 
 START_TEST (NtSetInformationToken)
 

Function Documentation

◆ CreateNewDefaultDacl()

static PACL CreateNewDefaultDacl ( _Out_ PULONG  DaclLength)
static

Definition at line 77 of file NtSetInformationToken.c.

79{
80 NTSTATUS Status;
81 PACL Dacl;
82 ULONG Length;
83 PSID LocalSystemSid;
84 static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
85
86 *DaclLength = 0;
87
88 Status = RtlAllocateAndInitializeSid(&NtAuthority,
89 1,
90 SECURITY_LOCAL_SYSTEM_RID,
91 0, 0, 0, 0, 0, 0, 0,
92 &LocalSystemSid);
93 if (!NT_SUCCESS(Status))
94 {
95 ok(0, "Failed to allocate Local System SID (Status code %lx)!\n", Status);
96 return NULL;
97 }
98
99 Length = sizeof(ACL) +
100 sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(LocalSystemSid);
101
102 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
103 HEAP_ZERO_MEMORY,
104 Length);
105 if (!Dacl)
106 {
107 ok(0, "Failed to allocate from heap for DACL!\n");
108 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalSystemSid);
109 return NULL;
110 }
111
112 Status = RtlCreateAcl(Dacl,
113 Length,
114 ACL_REVISION);
115 if (!NT_SUCCESS(Status))
116 {
117 ok(0, "Failed to create ACL (Status code %lx)!\n", Status);
118 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalSystemSid);
119 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
120 return NULL;
121 }
122
123 Status = RtlAddAccessAllowedAce(Dacl,
124 ACL_REVISION,
125 GENERIC_ALL,
126 LocalSystemSid);
127 if (!NT_SUCCESS(Status))
128 {
129 ok(0, "Failed to add access allowed ACE (Status code %lx)!\n", Status);
130 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalSystemSid);
131 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
132 return NULL;
133 }
134
135 *DaclLength = Length;
136 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalSystemSid);
137 return Dacl;
138}
ok
#define ok(value,...)
Definition: atltest.h:57
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
LocalSystemSid
PSID LocalSystemSid
Definition: globals.c:16
NtAuthority
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
Status
Status
Definition: gdiplustypes.h:25
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
ACL
struct _ACL ACL
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACL
Definition: ms-dtyp.idl:293
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
_SID
Definition: ms-dtyp.idl:198
ULONG
uint32_t ULONG
Definition: typedefs.h:59
SECURITY_LOCAL_SYSTEM_RID
#define SECURITY_LOCAL_SYSTEM_RID
Definition: setypes.h:574
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

Referenced by SetTokenDefaultDaclTests().

◆ OpenCurrentToken()

static HANDLE OpenCurrentToken ( VOID  )
static

Definition at line 12 of file NtSetInformationToken.c.

13{
14 BOOL Success;
15 HANDLE Token;
16
17 Success = OpenProcessToken(GetCurrentProcess(),
18 TOKEN_READ | TOKEN_ADJUST_DEFAULT | TOKEN_ADJUST_SESSIONID,
19 &Token);
20 if (!Success)
21 {
22 ok(0, "OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
23 return NULL;
24 }
25
26 return Token;
27}
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
Success
@ Success
Definition: eventcreate.c:712
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
TOKEN_ADJUST_SESSIONID
#define TOKEN_ADJUST_SESSIONID
Definition: setypes.h:933
TOKEN_ADJUST_DEFAULT
#define TOKEN_ADJUST_DEFAULT
Definition: setypes.h:932
TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:951

Referenced by START_TEST().

◆ QueryOriginalDefaultDacl()

static PTOKEN_DEFAULT_DACL QueryOriginalDefaultDacl ( _In_ HANDLE  Token,
_Out_ PULONG  DaclLength 
)
static

Definition at line 31 of file NtSetInformationToken.c.

34{
35 NTSTATUS Status;
36 PTOKEN_DEFAULT_DACL Dacl;
37 ULONG BufferLength;
38
39 *DaclLength = 0;
40
41 Status = NtQueryInformationToken(Token,
42 TokenDefaultDacl,
43 NULL,
44 0,
45 &BufferLength);
46 if (!NT_SUCCESS(Status) && (Status != STATUS_BUFFER_TOO_SMALL))
47 {
48 ok(0, "Failed to query buffer length, STATUS_BUFFER_TOO_SMALL has to be expected (Status code %lx)!\n", Status);
49 return NULL;
50 }
51
52 Dacl = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
53 if (!Dacl)
54 {
55 ok(0, "Failed to allocate from heap for token default DACL (required buffer length %lu)!\n", BufferLength);
56 return NULL;
57 }
58
59 Status = NtQueryInformationToken(Token,
60 TokenDefaultDacl,
61 Dacl,
62 BufferLength,
63 &BufferLength);
64 if (!NT_SUCCESS(Status))
65 {
66 ok(0, "Failed to query default DACL (Status code %lx)!\n", Status);
67 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
68 return NULL;
69 }
70
71 *DaclLength = BufferLength;
72 return Dacl;
73}
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_TOKEN_DEFAULT_DACL
Definition: setypes.h:1035
NtQueryInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtQueryInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _Out_writes_bytes_to_opt_(TokenInformationLength, *ReturnLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength, _Out_ PULONG ReturnLength)
Queries a specific type of information in regard of an access token based upon the information class....
Definition: tokencls.c:473
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771
TokenDefaultDacl
@ TokenDefaultDacl
Definition: setypes.h:971

Referenced by SetTokenDefaultDaclTests().

◆ SetTokenDefaultDaclTests()

static VOID SetTokenDefaultDaclTests ( _In_ HANDLE  Token)
static

Definition at line 142 of file NtSetInformationToken.c.

144{
145 NTSTATUS Status;
146 PACL NewDacl;
147 TOKEN_DEFAULT_DACL NewDefaultDacl;
148 PTOKEN_DEFAULT_DACL DefaultDacl;
149 ULONG OriginalDaclLength, NewDaclLength;
150
151 /*
152 * Query the original DACL of the token first,
153 * we don't want to leave the token tampered
154 * later on.
155 */
156 DefaultDacl = QueryOriginalDefaultDacl(Token, &OriginalDaclLength);
157 if (!DefaultDacl)
158 {
159 ok(0, "Failed to query token's default DACL!\n");
160 return;
161 }
162
163 /* Allocate new DACL */
164 NewDacl = CreateNewDefaultDacl(&NewDaclLength);
165 if (!DefaultDacl)
166 {
167 ok(0, "Failed to allocate buffer for new DACL!\n");
168 RtlFreeHeap(RtlGetProcessHeap(), 0, DefaultDacl);
169 return;
170 }
171
172 NewDefaultDacl.DefaultDacl = NewDacl;
173
174 /*
175 * Set a new DACL for the token.
176 */
177 Status = NtSetInformationToken(Token,
178 TokenDefaultDacl,
179 &NewDefaultDacl,
180 NewDaclLength);
181 ok_ntstatus(Status, STATUS_SUCCESS);
182
183 /* Now set the original DACL */
184 Status = NtSetInformationToken(Token,
185 TokenDefaultDacl,
186 DefaultDacl,
187 OriginalDaclLength);
188 ok_ntstatus(Status, STATUS_SUCCESS);
189
190 RtlFreeHeap(RtlGetProcessHeap(), 0, DefaultDacl);
191 RtlFreeHeap(RtlGetProcessHeap(), 0, NewDacl);
192}
CreateNewDefaultDacl
static PACL CreateNewDefaultDacl(_Out_ PULONG DaclLength)
Definition: NtSetInformationToken.c:77
QueryOriginalDefaultDacl
static PTOKEN_DEFAULT_DACL QueryOriginalDefaultDacl(_In_ HANDLE Token, _Out_ PULONG DaclLength)
Definition: NtSetInformationToken.c:31
ok_ntstatus
#define ok_ntstatus(status, expected)
Definition: atltest.h:135
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:1036
NtSetInformationToken
_Must_inspect_result_ __kernel_entry NTSTATUS NTAPI NtSetInformationToken(_In_ HANDLE TokenHandle, _In_ TOKEN_INFORMATION_CLASS TokenInformationClass, _In_reads_bytes_(TokenInformationLength) PVOID TokenInformation, _In_ ULONG TokenInformationLength)
Sets (modifies) some specific information in regard of an access token. The calling thread must have ...
Definition: tokencls.c:1125

Referenced by START_TEST().

◆ SetTokenSessionIdTests()

static VOID SetTokenSessionIdTests ( _In_ HANDLE  Token)
static

Definition at line 196 of file NtSetInformationToken.c.

198{
199 NTSTATUS Status;
200 ULONG SessionId = 1;
201
202 /*
203 * We're not allowed to set a session ID
204 * because we don't have the TCB privilege.
205 */
206 Status = NtSetInformationToken(Token,
207 TokenSessionId,
208 &SessionId,
209 sizeof(ULONG));
210 ok_ntstatus(Status, STATUS_PRIVILEGE_NOT_HELD);
211}
STATUS_PRIVILEGE_NOT_HELD
#define STATUS_PRIVILEGE_NOT_HELD
Definition: DriverTester.h:9
SessionId
ULONG SessionId
Definition: dllmain.c:28
TokenSessionId
@ TokenSessionId
Definition: setypes.h:977

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( NtSetInformationToken  )

Definition at line 213 of file NtSetInformationToken.c.

214{
215 NTSTATUS Status;
216 ULONG DummyReturnLength = 0;
217 HANDLE Token;
218
219 /* Everything else is NULL */
220 Status = NtSetInformationToken(NULL,
221 TokenOwner,
222 NULL,
223 0);
224 ok_ntstatus(Status, STATUS_INVALID_HANDLE);
225
226 /* We don't give a token */
227 Status = NtSetInformationToken(NULL,
228 TokenOwner,
229 NULL,
230 DummyReturnLength);
231 ok_ntstatus(Status, STATUS_INVALID_HANDLE);
232
233 Token = OpenCurrentToken();
234
235 /* We give a bogus token class */
236 Status = NtSetInformationToken(Token,
237 0xa0a,
238 NULL,
239 DummyReturnLength);
240 ok_ntstatus(Status, STATUS_INVALID_INFO_CLASS);
241
242 /* Now perform tests for each class */
243 SetTokenDefaultDaclTests(Token);
244 SetTokenSessionIdTests(Token);
245
246 CloseHandle(Token);
247}
SetTokenDefaultDaclTests
static VOID SetTokenDefaultDaclTests(_In_ HANDLE Token)
Definition: NtSetInformationToken.c:142
OpenCurrentToken
static HANDLE OpenCurrentToken(VOID)
Definition: NtSetInformationToken.c:12
SetTokenSessionIdTests
static VOID SetTokenSessionIdTests(_In_ HANDLE Token)
Definition: NtSetInformationToken.c:196
CloseHandle
#define CloseHandle
Definition: compat.h:739
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240
TokenOwner
@ TokenOwner
Definition: setypes.h:969