[prev in list] [next in list] [prev in thread] [next in thread]
List: wine-devel
Subject: Re: [PATCH 3/3] advapi32/tests: Test GetTokenInformation with TokenIntegrityLevel
From: Nikolay Sivov <bunglehead () gmail ! com>
Date: 2012-07-30 5:30:29
Message-ID: 5016282F.6010105 () gmail ! com
[Download RAW message or body]
On 7/29/2012 02:24, Detlef Riekenberg wrote:
> --
> By by ... Detlef
> ---
> dlls/advapi32/tests/security.c | 99 ++++++++++++++++++++++++++++++++++++++--
> 1 files changed, 94 insertions(+), 5 deletions(-)
>
> diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
> index 28e43ec..93bbc62 100644
> --- a/dlls/advapi32/tests/security.c
> +++ b/dlls/advapi32/tests/security.c
> @@ -167,6 +167,8 @@ static void init(void)
> pSetSecurityDescriptorControl = (void *)GetProcAddress(hmod, \
> "SetSecurityDescriptorControl"); pGetSecurityInfo = (void *)GetProcAddress(hmod, \
> "GetSecurityInfo"); pCreateRestrictedToken = (void *)GetProcAddress(hmod, \
> "CreateRestrictedToken"); + pConvertSidToStringSidA = (void *)GetProcAddress( \
> hmod, "ConvertSidToStringSidA" ); + pConvertStringSidToSidA = (void \
> *)GetProcAddress( hmod, "ConvertStringSidToSidA" );
> myARGC = winetest_get_mainargs( &myARGV );
> }
> @@ -211,12 +213,11 @@ static void test_sid(void)
> BOOL r;
> LPSTR str = NULL;
>
> - pConvertSidToStringSidA = (void *)GetProcAddress( hmod, \
> "ConvertSidToStringSidA" );
> - if( !pConvertSidToStringSidA )
> - return;
> - pConvertStringSidToSidA = (void *)GetProcAddress( hmod, \
> "ConvertStringSidToSidA" );
> - if( !pConvertStringSidToSidA )
> + if( !pConvertSidToStringSidA || !pConvertStringSidToSidA )
> + {
> + skip("ConvertSidToStringSidA or ConvertStringSidToSidA not available\n");
> return;
> + }
>
> r = pConvertStringSidToSidA( NULL, NULL );
> ok( !r, "expected failure with NULL parameters\n" );
> @@ -4274,6 +4275,93 @@ static void test_kernel_objects_security(void)
> CloseHandle(token);
> }
>
> +static void test_TokenIntegrityLevel(void)
> +{
> + TOKEN_MANDATORY_LABEL *tml;
> + UCHAR expected_authority[] = SECURITY_MANDATORY_LABEL_AUTHORITY;
> + HANDLE token;
> + DWORD size;
> + DWORD res;
> + LPVOID buffer = NULL;
> + char *sidname = NULL;
> + ULONG level;
> + SID *psid;
> +
> + if(!pConvertSidToStringSidA)
> + {
> + skip("ConvertSidToStringSidA not available\n");
> + return;
> + }
> +
> + SetLastError(0xdeadbeef);
> + res = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token);
> + ok(res, "got %d with %d (expected TRUE)\n", res, GetLastError());
> + if (!res)
> + return;
> +
> + SetLastError(0xdeadbeef);
> + res = GetTokenInformation(token, TokenIntegrityLevel, NULL, 0, &size);
> +
> + /* not supported before Vista */
> + if (!res && (GetLastError() == ERROR_INVALID_PARAMETER))
> + {
> + skip("TokenIntegrityLevel not supported\n");
> + CloseHandle(token);
> + return;
> + }
> +
> + if (!res && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
> + {
> + buffer = HeapAlloc(GetProcessHeap(), 0, size * 2);
> + SetLastError(0xdeadbeef);
> + res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size, \
> &size); + }
You don't need that, buffer size is fixed for this case.
> +
> + ok(res, "got %d with %d (expected TRUE)\n", res, GetLastError());
> +
> + if (!res || !buffer)
> + goto cleanup;
> +
> + tml = buffer;
> +
> + psid = tml->Label.Sid;
> + ok(psid != NULL, "Label.Sid: NULL\n");
> + if (!psid)
> + goto cleanup;
> +
> + ok(tml->Label.Attributes == (SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED),
> + "got 0x%x (expected 0x%x)\n", tml->Label.Attributes, (SE_GROUP_INTEGRITY | \
> SE_GROUP_INTEGRITY_ENABLED));
Attributes value probably depends on system setup, I believe you can
disable all that intergity level stuff. If it doesn't currently fail on
testbot let's keep it that way for now.
> +
> + res = pConvertSidToStringSidA(psid, &sidname);
> + trace("sid: %s\n", sidname);
> + LocalFree(sidname);
> +
> + ok(psid->Revision == 1, "got Revision %d (expected 1)\n", psid->Revision);
> + ok(psid->SubAuthorityCount == 1, "got SubAuthorityCount %d (expected 1)\n", \
> psid->SubAuthorityCount); + ok(!memcmp(psid->IdentifierAuthority.Value, \
> expected_authority, sizeof(expected_authority)), + "got \
> IdentifierAuthority %d, %d, %d, %d, %d, %d (expected 0,0,0,0,0,16)\n", + \
> psid->IdentifierAuthority.Value[0], psid->IdentifierAuthority.Value[1], + \
> psid->IdentifierAuthority.Value[2], psid->IdentifierAuthority.Value[3], + \
> psid->IdentifierAuthority.Value[4], psid->IdentifierAuthority.Value[5]); +
> + level = psid->SubAuthority[0];
> + ok((level == SECURITY_MANDATORY_MEDIUM_RID) || (level == \
> SECURITY_MANDATORY_HIGH_RID), + "got level 0x%x (expected 0x%x or 0x%x)\n", \
> level, SECURITY_MANDATORY_MEDIUM_RID, SECURITY_MANDATORY_HIGH_RID);
All this mess should be replaced with EqualSid()
> +
> + SetLastError(0xdeadbeef);
> + res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size - 1, \
> &size); + ok(!res && (GetLastError() == ERROR_INSUFFICIENT_BUFFER),
> + "got %d and %u (expected FALSE and ERROR_INSUFFICIENT_BUFFER)\n", res, \
> GetLastError());
Doesn't make much sense, behaviour is not specific to TokenIntegrityLevel.
> +
> + SetLastError(0xdeadbeef);
> + res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size + 1, \
> &size); + ok(res, "got %d and %u (expected TRUE)\n", res, GetLastError());
Same here.
> +
> +cleanup:
> + HeapFree(GetProcessHeap(), 0, buffer);
> + CloseHandle(token);
> +}
> +
> START_TEST(security)
> {
> init();
> @@ -4311,4 +4399,5 @@ START_TEST(security)
> test_GetUserNameA();
> test_GetUserNameW();
> test_CreateRestrictedToken();
> + test_TokenIntegrityLevel();
> }
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic