[3/3] advapi32/tests: Add tests for AddMandatoryAce.
Sebastian Lackner
sebastian at fds-team.de
Thu Feb 16 13:58:39 CST 2017
From: Michael Müller <michael at fds-team.de>
Signed-off-by: Michael Müller <michael at fds-team.de>
Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---
dlls/advapi32/tests/security.c | 45 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 45 insertions(+)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index c31dfbeace3..80f0879be85 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -65,6 +65,7 @@
static BOOL (WINAPI *pAddAccessAllowedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
static BOOL (WINAPI *pAddAccessDeniedAceEx)(PACL, DWORD, DWORD, DWORD, PSID);
static BOOL (WINAPI *pAddAuditAccessAceEx)(PACL, DWORD, DWORD, DWORD, PSID, BOOL, BOOL);
+static BOOL (WINAPI *pAddMandatoryAce)(PACL,DWORD,DWORD,DWORD,PSID);
static VOID (WINAPI *pBuildTrusteeWithSidA)( PTRUSTEEA pTrustee, PSID pSid );
static VOID (WINAPI *pBuildTrusteeWithNameA)( PTRUSTEEA pTrustee, LPSTR pName );
static VOID (WINAPI *pBuildTrusteeWithObjectsAndNameA)( PTRUSTEEA pTrustee,
@@ -199,6 +200,7 @@ static void init(void)
pAddAccessAllowedAceEx = (void *)GetProcAddress(hmod, "AddAccessAllowedAceEx");
pAddAccessDeniedAceEx = (void *)GetProcAddress(hmod, "AddAccessDeniedAceEx");
pAddAuditAccessAceEx = (void *)GetProcAddress(hmod, "AddAuditAccessAceEx");
+ pAddMandatoryAce = (void *)GetProcAddress(hmod, "AddMandatoryAce");
pCheckTokenMembership = (void *)GetProcAddress(hmod, "CheckTokenMembership");
pConvertStringSecurityDescriptorToSecurityDescriptorA =
(void *)GetProcAddress(hmod, "ConvertStringSecurityDescriptorToSecurityDescriptorA" );
@@ -6156,6 +6158,48 @@ static void test_AddAce(void)
ok(GetLastError() == ERROR_INVALID_PARAMETER, "GetLastError() = %d\n", GetLastError());
}
+static void test_AddMandatoryAce(void)
+{
+ static SID low_level = {SID_REVISION, 1, {SECURITY_MANDATORY_LABEL_AUTHORITY},
+ {SECURITY_MANDATORY_LOW_RID}};
+ SYSTEM_MANDATORY_LABEL_ACE *ace;
+ char buffer_acl[256];
+ ACL *pAcl = (ACL *)&buffer_acl;
+ BOOL ret, found;
+ DWORD index;
+
+ if (!pAddMandatoryAce)
+ {
+ win_skip("AddMandatoryAce not supported, skipping test\n");
+ return;
+ }
+
+ ret = InitializeAcl(pAcl, 256, ACL_REVISION);
+ ok(ret, "InitializeAcl failed with %u\n", GetLastError());
+
+ SetLastError(0xdeadbeef);
+ ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, 0x1234, &low_level);
+ ok(!ret, "AddMandatoryAce succeeded\n");
+ ok(GetLastError() == ERROR_INVALID_PARAMETER,
+ "Expected ERROR_INVALID_PARAMETER got %u\n", GetLastError());
+
+ ret = pAddMandatoryAce(pAcl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, &low_level);
+ ok(ret, "AddMandatoryAce failed with %u\n", GetLastError());
+
+ index = 0;
+ found = FALSE;
+ while (pGetAce( pAcl, index++, (void **)&ace ))
+ {
+ if (ace->Header.AceType != SYSTEM_MANDATORY_LABEL_ACE_TYPE) continue;
+ ok(ace->Header.AceFlags == 0, "Expected flags 0, got %x\n", ace->Header.AceFlags);
+ ok(ace->Mask == SYSTEM_MANDATORY_LABEL_NO_WRITE_UP,
+ "Expected mask SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, got %x\n", ace->Mask);
+ ok(EqualSid(&ace->SidStart, &low_level), "Expected low integrity level\n");
+ found = TRUE;
+ }
+ ok(found, "Could not find mandatory label ace\n");
+}
+
static void test_system_security_access(void)
{
static const WCHAR testkeyW[] =
@@ -6495,6 +6539,7 @@ START_TEST(security)
test_default_dacl_owner_sid();
test_AdjustTokenPrivileges();
test_AddAce();
+ test_AddMandatoryAce();
test_system_security_access();
test_GetSidIdentifierAuthority();
test_pseudo_tokens();
--
2.11.0
More information about the wine-patches
mailing list