Jinoh Kang : advapi32/tests: Test that the token default DACL uses token owner instead of token user.
Alexandre Julliard
julliard at winehq.org
Wed Jul 20 15:55:31 CDT 2022
Module: wine
Branch: master
Commit: b735ded8c2b76c7839836b02b6b7c2e9efaff38a
URL: https://gitlab.winehq.org/wine/wine/-/commit/b735ded8c2b76c7839836b02b6b7c2e9efaff38a
Author: Jinoh Kang <jinoh.kang.kr at gmail.com>
Date: Tue Jul 19 23:58:21 2022 +0900
advapi32/tests: Test that the token default DACL uses token owner instead of token user.
---
dlls/advapi32/tests/security.c | 35 +++++++++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 3fe84083587..99e68c9a1e5 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1765,6 +1765,24 @@ static void test_AccessCheck(void)
HeapFree(GetProcessHeap(), 0, PrivSet);
}
+static TOKEN_USER *get_alloc_token_user( HANDLE token )
+{
+ TOKEN_USER *token_user;
+ DWORD size;
+ BOOL ret;
+
+ ret = GetTokenInformation( token, TokenUser, NULL, 0, &size );
+ ok(!ret, "Expected failure, got %d\n", ret);
+ ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
+ "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
+
+ token_user = HeapAlloc( GetProcessHeap(), 0, size );
+ ret = GetTokenInformation( token, TokenUser, token_user, size, &size );
+ ok(ret, "GetTokenInformation failed with error %ld\n", GetLastError());
+
+ return token_user;
+}
+
static TOKEN_OWNER *get_alloc_token_owner( HANDLE token )
{
TOKEN_OWNER *token_owner;
@@ -6357,6 +6375,7 @@ static void test_TokenIntegrityLevel(void)
static void test_default_dacl_owner_group_sid(void)
{
+ TOKEN_USER *token_user;
TOKEN_OWNER *token_owner;
TOKEN_PRIMARY_GROUP *token_primary_group;
HANDLE handle, token;
@@ -6371,6 +6390,7 @@ static void test_default_dacl_owner_group_sid(void)
ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token );
ok(ret, "OpenProcessToken failed with error %ld\n", GetLastError());
+ token_user = get_alloc_token_user( token );
token_owner = get_alloc_token_owner( token );
token_primary_group = get_alloc_token_primary_group( token );
@@ -6430,12 +6450,27 @@ static void test_default_dacl_owner_group_sid(void)
}
ok( found, "owner sid not found in dacl\n" );
+ if (!EqualSid( token_user->User.Sid, token_owner->Owner ))
+ {
+ index = 0;
+ found = FALSE;
+ while (GetAce( dacl, index++, (void **)&ace ))
+ {
+ ok( ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE,
+ "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
+ if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
+ }
+ todo_wine
+ ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
+ }
+
HeapFree( GetProcessHeap(), 0, sa.lpSecurityDescriptor );
HeapFree( GetProcessHeap(), 0, sd );
CloseHandle( handle );
HeapFree( GetProcessHeap(), 0, token_primary_group );
HeapFree( GetProcessHeap(), 0, token_owner );
+ HeapFree( GetProcessHeap(), 0, token_user );
}
static void test_AdjustTokenPrivileges(void)
More information about the wine-cvs
mailing list