ReceiveTempSMS
/
Sweden-Number
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

advapi32/tests: Add additional tests for passing a thread sd to CreateProcess. 

Signed-off-by: Alexandre Julliard <julliard@winehq.org>
This commit is contained in:
Joris van der Wel 2018-09-18 21:07:17 +02:00 committed by Alexandre Julliard
parent d07f31e376
commit adede14dc2
1 changed files with 41 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
dlls/advapi32/tests/security.c
View File

@ -2862,12 +2862,12 @@ static void test_process_security(void)
PTOKEN_OWNER owner; PTOKEN_OWNER owner;
PTOKEN_PRIMARY_GROUP group; PTOKEN_PRIMARY_GROUP group;
PSID AdminSid = NULL, UsersSid = NULL; PSID AdminSid = NULL, UsersSid = NULL;
PACL Acl = NULL; PACL Acl = NULL, ThreadAcl = NULL;
SECURITY_DESCRIPTOR *SecurityDescriptor = NULL; SECURITY_DESCRIPTOR *SecurityDescriptor = NULL, *ThreadSecurityDescriptor = NULL;
char buffer[MAX_PATH]; char buffer[MAX_PATH];
PROCESS_INFORMATION info; PROCESS_INFORMATION info;
STARTUPINFOA startup; STARTUPINFOA startup;
SECURITY_ATTRIBUTES psa; SECURITY_ATTRIBUTES psa, tsa;
HANDLE token, event; HANDLE token, event;
DWORD size; DWORD size;
SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY }; SID_IDENTIFIER_AUTHORITY SIDAuthWorld = { SECURITY_WORLD_SID_AUTHORITY };
@ -2988,11 +2988,36 @@ static void test_process_security(void)
psa.lpSecurityDescriptor = SecurityDescriptor; psa.lpSecurityDescriptor = SecurityDescriptor;
psa.bInheritHandle = TRUE; psa.bInheritHandle = TRUE;
ThreadSecurityDescriptor = HeapAlloc( GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH );
res = InitializeSecurityDescriptor( ThreadSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION );
ok(res, "InitializeSecurityDescriptor failed with error %d\n", GetLastError());
ThreadAcl = HeapAlloc( GetProcessHeap(), 0, 256 );
res = InitializeAcl( ThreadAcl, 256, ACL_REVISION );
ok(res, "InitializeAcl failed with error %d\n", GetLastError());
res = AddAccessDeniedAce( ThreadAcl, ACL_REVISION, THREAD_SET_THREAD_TOKEN, AdminSid );
ok(res, "AddAccessDeniedAce failed with error %d\n", GetLastError() );
res = AddAccessAllowedAce( ThreadAcl, ACL_REVISION, THREAD_ALL_ACCESS, AdminSid );
ok(res, "AddAccessAllowedAce failed with error %d\n", GetLastError());
res = SetSecurityDescriptorOwner( ThreadSecurityDescriptor, AdminSid, FALSE );
ok(res, "SetSecurityDescriptorOwner failed with error %d\n", GetLastError());
res = SetSecurityDescriptorGroup( ThreadSecurityDescriptor, UsersSid, FALSE );
ok(res, "SetSecurityDescriptorGroup failed with error %d\n", GetLastError());
res = SetSecurityDescriptorDacl( ThreadSecurityDescriptor, TRUE, ThreadAcl, FALSE );
ok(res, "SetSecurityDescriptorDacl failed with error %d\n", GetLastError());
tsa.nLength = sizeof(tsa);
tsa.lpSecurityDescriptor = ThreadSecurityDescriptor;
tsa.bInheritHandle = TRUE;
/* Doesn't matter what ACL say we should get full access for ourselves */ /* Doesn't matter what ACL say we should get full access for ourselves */
res = CreateProcessA( NULL, buffer, &psa, NULL, FALSE, 0, NULL, NULL, &startup, &info ); res = CreateProcessA( NULL, buffer, &psa, &tsa, FALSE, 0, NULL, NULL, &startup, &info );
ok(res, "CreateProcess with err:%d\n", GetLastError()); ok(res, "CreateProcess with err:%d\n", GetLastError());
TEST_GRANTED_ACCESS2( info.hProcess, PROCESS_ALL_ACCESS_NT4, TEST_GRANTED_ACCESS2( info.hProcess, PROCESS_ALL_ACCESS_NT4,
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL ); STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL );
TEST_GRANTED_ACCESS2( info.hThread, THREAD_ALL_ACCESS_NT4,
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL );
winetest_wait_child_process( info.hProcess ); winetest_wait_child_process( info.hProcess );
FreeSid(EveryoneSid); FreeSid(EveryoneSid);
@ -3003,6 +3028,8 @@ static void test_process_security(void)
HeapFree(GetProcessHeap(), 0, owner); HeapFree(GetProcessHeap(), 0, owner);
HeapFree(GetProcessHeap(), 0, Acl); HeapFree(GetProcessHeap(), 0, Acl);
HeapFree(GetProcessHeap(), 0, SecurityDescriptor); HeapFree(GetProcessHeap(), 0, SecurityDescriptor);
HeapFree(GetProcessHeap(), 0, ThreadAcl);
HeapFree(GetProcessHeap(), 0, ThreadSecurityDescriptor);
} }
static void test_process_security_child(void) static void test_process_security_child(void)
@ -3061,6 +3088,16 @@ static void test_process_security_child(void)
TEST_GRANTED_ACCESS( handle1, PROCESS_VM_READ ); TEST_GRANTED_ACCESS( handle1, PROCESS_VM_READ );
CloseHandle( handle1 ); CloseHandle( handle1 );
CloseHandle( handle ); CloseHandle( handle );
/* Test thread security */
handle = OpenThread( THREAD_TERMINATE, FALSE, GetCurrentThreadId() );
ok(handle != NULL, "OpenThread(THREAD_TERMINATE) with err:%d\n", GetLastError());
TEST_GRANTED_ACCESS( handle, PROCESS_TERMINATE );
CloseHandle( handle );
handle = OpenThread( THREAD_SET_THREAD_TOKEN, FALSE, GetCurrentThreadId() );
todo_wine
ok(handle == NULL, "OpenThread(THREAD_SET_THREAD_TOKEN) should have failed\n");
} }
static void test_impersonation_level(void) static void test_impersonation_level(void)