reactos/wine
1
0
Fork 0
mirror of https://github.com/reactos/wine.git synced 2024-11-24 20:30:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ntdll: RtlSetControlSecurityDescriptor() implementation and test.

Browse Source
This commit is contained in:
Paul Bryan Roberts 2008-10-17 18:44:14 +01:00 committed by Alexandre Julliard
parent 564dc2bfcc
commit b1542f4f00
2 changed files with 129 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
dlls/advapi32/tests/security.c
View File

@ -2431,6 +2431,95 @@ static void test_ConvertSecurityDescriptorToString()
}
}
static void test_SetSecurityDescriptorControl (PSECURITY_DESCRIPTOR sec)
{
SECURITY_DESCRIPTOR_CONTROL ref;
SECURITY_DESCRIPTOR_CONTROL test;
SECURITY_DESCRIPTOR_CONTROL const mutable
= SE_DACL_AUTO_INHERIT_REQ | SE_SACL_AUTO_INHERIT_REQ
| SE_DACL_AUTO_INHERITED | SE_SACL_AUTO_INHERITED
| SE_DACL_PROTECTED | SE_SACL_PROTECTED
| 0x00000040 | 0x00000080 /* not defined in winnt.h */
;
SECURITY_DESCRIPTOR_CONTROL const immutable
= SE_OWNER_DEFAULTED | SE_GROUP_DEFAULTED
| SE_DACL_PRESENT | SE_DACL_DEFAULTED
| SE_SACL_PRESENT | SE_SACL_DEFAULTED
| SE_RM_CONTROL_VALID | SE_SELF_RELATIVE
;
int bit;
DWORD dwRevision;
LPCSTR fmt = "Expected error %s, got %u\n";
GetSecurityDescriptorControl (sec, &ref, &dwRevision);
/* The mutable bits are mutable regardless of the truth of
SE_DACL_PRESENT and/or SE_SACL_PRESENT */
/* Check call barfs if any bit-of-interest is immutable */
for (bit = 0; bit < 16; ++bit)
{
SECURITY_DESCRIPTOR_CONTROL const bitOfInterest = 1 << bit;
SECURITY_DESCRIPTOR_CONTROL setOrClear = ref & bitOfInterest;
SECURITY_DESCRIPTOR_CONTROL ctrl;
DWORD dwExpect = (bitOfInterest & immutable)
? ERROR_INVALID_PARAMETER : 0xbebecaca;
LPCSTR strExpect = (bitOfInterest & immutable)
? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
ctrl = (bitOfInterest & mutable) ? ref + bitOfInterest : ref;
setOrClear ^= bitOfInterest;
SetLastError (0xbebecaca);
pSetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
ok (GetLastError () == dwExpect, fmt, strExpect, GetLastError ());
GetSecurityDescriptorControl(sec, &test, &dwRevision);
expect_eq(test, ctrl, int, "%x");
ctrl = ref;
setOrClear ^= bitOfInterest;
SetLastError (0xbebecaca);
pSetSecurityDescriptorControl (sec, bitOfInterest, setOrClear);
ok (GetLastError () == dwExpect, fmt, strExpect, GetLastError ());
GetSecurityDescriptorControl (sec, &test, &dwRevision);
expect_eq(test, ref, int, "%x");
}
/* Check call barfs if any bit-to-set is immutable
even when not a bit-of-interest */
for (bit = 0; bit < 16; ++bit)
{
SECURITY_DESCRIPTOR_CONTROL const bitsOfInterest = mutable;
SECURITY_DESCRIPTOR_CONTROL setOrClear = ref & bitsOfInterest;
SECURITY_DESCRIPTOR_CONTROL ctrl;
DWORD dwExpect = ((1 << bit) & immutable)
? ERROR_INVALID_PARAMETER : 0xbebecaca;
LPCSTR strExpect = ((1 << bit) & immutable)
? "ERROR_INVALID_PARAMETER" : "0xbebecaca";
ctrl = ((1 << bit) & immutable) ? test : ref | mutable;
setOrClear ^= bitsOfInterest;
SetLastError (0xbebecaca);
pSetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
ok (GetLastError () == dwExpect, fmt, strExpect, GetLastError ());
GetSecurityDescriptorControl(sec, &test, &dwRevision);
expect_eq(test, ctrl, int, "%x");
ctrl = ((1 << bit) & immutable) ? test : ref | (1 << bit);
setOrClear ^= bitsOfInterest;
SetLastError (0xbebecaca);
pSetSecurityDescriptorControl (sec, bitsOfInterest, setOrClear | (1 << bit));
ok (GetLastError () == dwExpect, fmt, strExpect, GetLastError ());
GetSecurityDescriptorControl(sec, &test, &dwRevision);
expect_eq(test, ctrl, int, "%x");
}
}
static void test_PrivateObjectSecurity(void)
{
SECURITY_INFORMATION sec_info = OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION;
@ -2449,6 +2538,27 @@ static void test_PrivateObjectSecurity(void)
return;
}
ok(pConvertStringSecurityDescriptorToSecurityDescriptorA(
"O:SY"
"G:S-1-5-21-93476-23408-4576"
"D:(A;NP;GAGXGWGR;;;SU)(A;IOID;CCDC;;;SU)"
"(D;OICI;0xffffffff;;;S-1-5-21-93476-23408-4576)"
"S:(AU;OICINPIOIDSAFA;CCDCLCSWRPRC;;;SU)(AU;NPSA;0x12019f;;;SU)",
SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n");
test_SetSecurityDescriptorControl(sec);
LocalFree(sec);
ok(pConvertStringSecurityDescriptorToSecurityDescriptorA(
"O:SY"
"G:S-1-5-21-93476-23408-4576",
SDDL_REVISION_1, &sec, &dwDescSize), "Creating descriptor failed\n");
test_SetSecurityDescriptorControl(sec);
LocalFree(sec);
ok(pConvertStringSecurityDescriptorToSecurityDescriptorA(
"O:SY"
"G:S-1-5-21-93476-23408-4576"
@ -2457,7 +2567,7 @@ static void test_PrivateObjectSecurity(void)
buf = HeapAlloc(GetProcessHeap(), 0, dwDescSize);
pSetSecurityDescriptorControl(sec, SE_DACL_PROTECTED, SE_DACL_PROTECTED);
GetSecurityDescriptorControl(sec, &ctrl, &dwRevision);
todo_wine expect_eq(ctrl, 0x9014, int, "%x");
expect_eq(ctrl, 0x9014, int, "%x");
ok(GetPrivateObjectSecurity(sec, GROUP_SECURITY_INFORMATION, buf, dwDescSize, &retSize),
"GetPrivateObjectSecurity failed (err=%u)\n", GetLastError());

20
dlls/ntdll/sec.c
View File

@ -1052,8 +1052,24 @@ NTSTATUS WINAPI RtlSetControlSecurityDescriptor(
SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest,
SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet)
{
FIXME("(%p 0x%08x 0x%08x): stub\n", SecurityDescriptor, ControlBitsOfInterest,
ControlBitsToSet);
SECURITY_DESCRIPTOR_CONTROL const immutable
= SE_OWNER_DEFAULTED | SE_GROUP_DEFAULTED
| SE_DACL_PRESENT | SE_DACL_DEFAULTED
| SE_SACL_PRESENT | SE_SACL_DEFAULTED
| SE_RM_CONTROL_VALID | SE_SELF_RELATIVE
;
SECURITY_DESCRIPTOR *lpsd = SecurityDescriptor;
TRACE("(%p 0x%04x 0x%04x)\n", SecurityDescriptor,
ControlBitsOfInterest, ControlBitsToSet);
if ((ControlBitsOfInterest | ControlBitsToSet) & immutable)
return STATUS_INVALID_PARAMETER;
lpsd->Control |= (ControlBitsOfInterest & ControlBitsToSet);
lpsd->Control &= ~(ControlBitsOfInterest & ~ControlBitsToSet);
return STATUS_SUCCESS;
}