ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

advapi32: Add few more tests for token access check and fix it on Wine.

This commit is contained in:
Vitaliy Margolen 2007-01-24 23:41:39 -07:00 committed by Alexandre Julliard
parent 3c3e3e8d1d
commit 2cf11ef771
2 changed files with 41 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
dlls/advapi32/tests/security.c
View File

@ -656,6 +656,7 @@ static void test_AccessCheck(void)
BOOL res; BOOL res;
HMODULE NtDllModule; HMODULE NtDllModule;
BOOLEAN Enabled; BOOLEAN Enabled;
DWORD err;
NtDllModule = GetModuleHandle("ntdll.dll"); NtDllModule = GetModuleHandle("ntdll.dll");
@ -691,8 +692,8 @@ static void test_AccessCheck(void)
res = AddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, EveryoneSid); res = AddAccessAllowedAce(Acl, ACL_REVISION, KEY_READ, EveryoneSid);
ok(res, "AddAccessAllowedAceEx failed with error %d\n", GetLastError()); ok(res, "AddAccessAllowedAceEx failed with error %d\n", GetLastError());
res = AddAccessAllowedAce(Acl, ACL_REVISION, KEY_ALL_ACCESS, AdminSid); res = AddAccessDeniedAce(Acl, ACL_REVISION, KEY_SET_VALUE, AdminSid);
ok(res, "AddAccessAllowedAceEx failed with error %d\n", GetLastError()); ok(res, "AddAccessDeniedAce failed with error %d\n", GetLastError());
SecurityDescriptor = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH); SecurityDescriptor = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH);
@ -702,12 +703,6 @@ static void test_AccessCheck(void)
res = SetSecurityDescriptorDacl(SecurityDescriptor, TRUE, Acl, FALSE); res = SetSecurityDescriptorDacl(SecurityDescriptor, TRUE, Acl, FALSE);
ok(res, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError()); ok(res, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);
ok(res, "SetSecurityDescriptorOwner failed with error %d\n", GetLastError());
res = SetSecurityDescriptorGroup(SecurityDescriptor, UsersSid, TRUE);
ok(res, "SetSecurityDescriptorGroup failed with error %d\n", GetLastError());
PrivSetLen = FIELD_OFFSET(PRIVILEGE_SET, Privilege[16]); PrivSetLen = FIELD_OFFSET(PRIVILEGE_SET, Privilege[16]);
PrivSet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PrivSetLen); PrivSet = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, PrivSetLen);
PrivSet->PrivilegeCount = 16; PrivSet->PrivilegeCount = 16;
@ -720,6 +715,33 @@ static void test_AccessCheck(void)
TOKEN_QUERY, TRUE, &Token); TOKEN_QUERY, TRUE, &Token);
ok(ret, "OpenThreadToken failed with error %d\n", GetLastError()); ok(ret, "OpenThreadToken failed with error %d\n", GetLastError());
/* SD without owner/group */
SetLastError(0xdeadbeef);
Access = AccessStatus = 0xdeadbeef;
ret = AccessCheck(SecurityDescriptor, Token, KEY_QUERY_VALUE, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
err = GetLastError();
ok(!ret && err == ERROR_INVALID_SECURITY_DESCR, "AccessCheck should have "
"failed with ERROR_INVALID_SECURITY_DESCR, instead of %d\n", err);
ok(Access == 0xdeadbeef && AccessStatus == 0xdeadbeef,
"Access and/or AccessStatus were changed!\n");
/* Set owner and group */
res = SetSecurityDescriptorOwner(SecurityDescriptor, AdminSid, FALSE);
ok(res, "SetSecurityDescriptorOwner failed with error %d\n", GetLastError());
res = SetSecurityDescriptorGroup(SecurityDescriptor, UsersSid, TRUE);
ok(res, "SetSecurityDescriptorGroup failed with error %d\n", GetLastError());
/* Generic access mask */
SetLastError(0xdeadbeef);
ret = AccessCheck(SecurityDescriptor, Token, GENERIC_READ, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
err = GetLastError();
ok(!ret && err == ERROR_GENERIC_NOT_MAPPED, "AccessCheck should have failed "
"with ERROR_GENERIC_NOT_MAPPED, instead of %d\n", err);
ok(Access == 0xdeadbeef && AccessStatus == 0xdeadbeef,
"Access and/or AccessStatus were changed!\n");
ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping, ret = AccessCheck(SecurityDescriptor, Token, KEY_READ, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus); PrivSet, &PrivSetLen, &Access, &AccessStatus);
ok(ret, "AccessCheck failed with error %d\n", GetLastError()); ok(ret, "AccessCheck failed with error %d\n", GetLastError());
@ -735,6 +757,16 @@ static void test_AccessCheck(void)
GetLastError()); GetLastError());
trace("AccessCheck with MAXIMUM_ALLOWED got Access 0x%08x\n", Access); trace("AccessCheck with MAXIMUM_ALLOWED got Access 0x%08x\n", Access);
/* Access denied by SD */
SetLastError(0xdeadbeef);
ret = AccessCheck(SecurityDescriptor, Token, KEY_WRITE, &Mapping,
PrivSet, &PrivSetLen, &Access, &AccessStatus);
ok(ret, "AccessCheck failed with error %d\n", GetLastError());
err = GetLastError();
ok(!AccessStatus && err == ERROR_ACCESS_DENIED, "AccessCheck should have failed "
"with ERROR_ACCESS_DENIED, instead of %d\n", err);
ok(!Access, "Should have failed to grant any access, got 0x%08x\n", Access);
SetLastError(0); SetLastError(0);
PrivSet->PrivilegeCount = 16; PrivSet->PrivilegeCount = 16;
ret = AccessCheck(SecurityDescriptor, Token, ACCESS_SYSTEM_SECURITY, &Mapping, ret = AccessCheck(SecurityDescriptor, Token, ACCESS_SYSTEM_SECURITY, &Mapping,

2
server/token.c
View File

@ -838,7 +838,7 @@ static unsigned int token_access_check( struct token *token,
if (desired_access & access) if (desired_access & access)
{ {
*granted_access = 0; *granted_access = 0;
return STATUS_SUCCESS; return STATUS_ACCESS_DENIED;
} }
} }
} }