Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
W
wine-winehq
Project
Project
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Registry
Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
wine
wine-winehq
Commits
2cf11ef7
Commit
2cf11ef7
authored
Jan 24, 2007
by
Vitaliy Margolen
Committed by
Alexandre Julliard
Jan 25, 2007
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
advapi32: Add few more tests for token access check and fix it on Wine.
parent
3c3e3e8d
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
41 additions
and
9 deletions
+41
-9
security.c
dlls/advapi32/tests/security.c
+40
-8
token.c
server/token.c
+1
-1
No files found.
dlls/advapi32/tests/security.c
View file @
2cf11ef7
...
@@ -656,6 +656,7 @@ static void test_AccessCheck(void)
...
@@ -656,6 +656,7 @@ static void test_AccessCheck(void)
BOOL
res
;
BOOL
res
;
HMODULE
NtDllModule
;
HMODULE
NtDllModule
;
BOOLEAN
Enabled
;
BOOLEAN
Enabled
;
DWORD
err
;
NtDllModule
=
GetModuleHandle
(
"ntdll.dll"
);
NtDllModule
=
GetModuleHandle
(
"ntdll.dll"
);
...
@@ -691,8 +692,8 @@ static void test_AccessCheck(void)
...
@@ -691,8 +692,8 @@ static void test_AccessCheck(void)
res
=
AddAccessAllowedAce
(
Acl
,
ACL_REVISION
,
KEY_READ
,
EveryoneSid
);
res
=
AddAccessAllowedAce
(
Acl
,
ACL_REVISION
,
KEY_READ
,
EveryoneSid
);
ok
(
res
,
"AddAccessAllowedAceEx failed with error %d
\n
"
,
GetLastError
());
ok
(
res
,
"AddAccessAllowedAceEx failed with error %d
\n
"
,
GetLastError
());
res
=
AddAccess
AllowedAce
(
Acl
,
ACL_REVISION
,
KEY_ALL_ACCESS
,
AdminSid
);
res
=
AddAccess
DeniedAce
(
Acl
,
ACL_REVISION
,
KEY_SET_VALUE
,
AdminSid
);
ok
(
res
,
"AddAccess
AllowedAceEx
failed with error %d
\n
"
,
GetLastError
());
ok
(
res
,
"AddAccess
DeniedAce
failed with error %d
\n
"
,
GetLastError
());
SecurityDescriptor
=
HeapAlloc
(
GetProcessHeap
(),
0
,
SECURITY_DESCRIPTOR_MIN_LENGTH
);
SecurityDescriptor
=
HeapAlloc
(
GetProcessHeap
(),
0
,
SECURITY_DESCRIPTOR_MIN_LENGTH
);
...
@@ -702,12 +703,6 @@ static void test_AccessCheck(void)
...
@@ -702,12 +703,6 @@ static void test_AccessCheck(void)
res
=
SetSecurityDescriptorDacl
(
SecurityDescriptor
,
TRUE
,
Acl
,
FALSE
);
res
=
SetSecurityDescriptorDacl
(
SecurityDescriptor
,
TRUE
,
Acl
,
FALSE
);
ok
(
res
,
"SetSecurityDescriptorDacl failed with error %d
\n
"
,
GetLastError
());
ok
(
res
,
"SetSecurityDescriptorDacl failed with error %d
\n
"
,
GetLastError
());
res
=
SetSecurityDescriptorOwner
(
SecurityDescriptor
,
AdminSid
,
FALSE
);
ok
(
res
,
"SetSecurityDescriptorOwner failed with error %d
\n
"
,
GetLastError
());
res
=
SetSecurityDescriptorGroup
(
SecurityDescriptor
,
UsersSid
,
TRUE
);
ok
(
res
,
"SetSecurityDescriptorGroup failed with error %d
\n
"
,
GetLastError
());
PrivSetLen
=
FIELD_OFFSET
(
PRIVILEGE_SET
,
Privilege
[
16
]);
PrivSetLen
=
FIELD_OFFSET
(
PRIVILEGE_SET
,
Privilege
[
16
]);
PrivSet
=
HeapAlloc
(
GetProcessHeap
(),
HEAP_ZERO_MEMORY
,
PrivSetLen
);
PrivSet
=
HeapAlloc
(
GetProcessHeap
(),
HEAP_ZERO_MEMORY
,
PrivSetLen
);
PrivSet
->
PrivilegeCount
=
16
;
PrivSet
->
PrivilegeCount
=
16
;
...
@@ -720,6 +715,33 @@ static void test_AccessCheck(void)
...
@@ -720,6 +715,33 @@ static void test_AccessCheck(void)
TOKEN_QUERY
,
TRUE
,
&
Token
);
TOKEN_QUERY
,
TRUE
,
&
Token
);
ok
(
ret
,
"OpenThreadToken failed with error %d
\n
"
,
GetLastError
());
ok
(
ret
,
"OpenThreadToken failed with error %d
\n
"
,
GetLastError
());
/* SD without owner/group */
SetLastError
(
0xdeadbeef
);
Access
=
AccessStatus
=
0xdeadbeef
;
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
KEY_QUERY_VALUE
,
&
Mapping
,
PrivSet
,
&
PrivSetLen
,
&
Access
,
&
AccessStatus
);
err
=
GetLastError
();
ok
(
!
ret
&&
err
==
ERROR_INVALID_SECURITY_DESCR
,
"AccessCheck should have "
"failed with ERROR_INVALID_SECURITY_DESCR, instead of %d
\n
"
,
err
);
ok
(
Access
==
0xdeadbeef
&&
AccessStatus
==
0xdeadbeef
,
"Access and/or AccessStatus were changed!
\n
"
);
/* Set owner and group */
res
=
SetSecurityDescriptorOwner
(
SecurityDescriptor
,
AdminSid
,
FALSE
);
ok
(
res
,
"SetSecurityDescriptorOwner failed with error %d
\n
"
,
GetLastError
());
res
=
SetSecurityDescriptorGroup
(
SecurityDescriptor
,
UsersSid
,
TRUE
);
ok
(
res
,
"SetSecurityDescriptorGroup failed with error %d
\n
"
,
GetLastError
());
/* Generic access mask */
SetLastError
(
0xdeadbeef
);
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
GENERIC_READ
,
&
Mapping
,
PrivSet
,
&
PrivSetLen
,
&
Access
,
&
AccessStatus
);
err
=
GetLastError
();
ok
(
!
ret
&&
err
==
ERROR_GENERIC_NOT_MAPPED
,
"AccessCheck should have failed "
"with ERROR_GENERIC_NOT_MAPPED, instead of %d
\n
"
,
err
);
ok
(
Access
==
0xdeadbeef
&&
AccessStatus
==
0xdeadbeef
,
"Access and/or AccessStatus were changed!
\n
"
);
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
KEY_READ
,
&
Mapping
,
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
KEY_READ
,
&
Mapping
,
PrivSet
,
&
PrivSetLen
,
&
Access
,
&
AccessStatus
);
PrivSet
,
&
PrivSetLen
,
&
Access
,
&
AccessStatus
);
ok
(
ret
,
"AccessCheck failed with error %d
\n
"
,
GetLastError
());
ok
(
ret
,
"AccessCheck failed with error %d
\n
"
,
GetLastError
());
...
@@ -735,6 +757,16 @@ static void test_AccessCheck(void)
...
@@ -735,6 +757,16 @@ static void test_AccessCheck(void)
GetLastError
());
GetLastError
());
trace
(
"AccessCheck with MAXIMUM_ALLOWED got Access 0x%08x
\n
"
,
Access
);
trace
(
"AccessCheck with MAXIMUM_ALLOWED got Access 0x%08x
\n
"
,
Access
);
/* Access denied by SD */
SetLastError
(
0xdeadbeef
);
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
KEY_WRITE
,
&
Mapping
,
PrivSet
,
&
PrivSetLen
,
&
Access
,
&
AccessStatus
);
ok
(
ret
,
"AccessCheck failed with error %d
\n
"
,
GetLastError
());
err
=
GetLastError
();
ok
(
!
AccessStatus
&&
err
==
ERROR_ACCESS_DENIED
,
"AccessCheck should have failed "
"with ERROR_ACCESS_DENIED, instead of %d
\n
"
,
err
);
ok
(
!
Access
,
"Should have failed to grant any access, got 0x%08x
\n
"
,
Access
);
SetLastError
(
0
);
SetLastError
(
0
);
PrivSet
->
PrivilegeCount
=
16
;
PrivSet
->
PrivilegeCount
=
16
;
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
ACCESS_SYSTEM_SECURITY
,
&
Mapping
,
ret
=
AccessCheck
(
SecurityDescriptor
,
Token
,
ACCESS_SYSTEM_SECURITY
,
&
Mapping
,
...
...
server/token.c
View file @
2cf11ef7
...
@@ -838,7 +838,7 @@ static unsigned int token_access_check( struct token *token,
...
@@ -838,7 +838,7 @@ static unsigned int token_access_check( struct token *token,
if
(
desired_access
&
access
)
if
(
desired_access
&
access
)
{
{
*
granted_access
=
0
;
*
granted_access
=
0
;
return
STATUS_
SUCCESS
;
return
STATUS_
ACCESS_DENIED
;
}
}
}
}
}
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment