Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 16:36:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[KMTESTS:OB] Add support for LUID mappings being disabled in ObSecurity tests

Browse source 
CORE-16114
This commit is contained in:
Pierre Schweitzer 2019-06-20 08:53:27 +02:00
parent 6cde208c6b
commit f529033555
2 changed files with 44 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/rostests/kmtests/include/kmt_platform.h
View file

@ -24,6 +24,7 @@
#include <ndk/kefuncs.h> #include <ndk/kefuncs.h>
#include <ndk/mmfuncs.h> #include <ndk/mmfuncs.h>
#include <ndk/obfuncs.h> #include <ndk/obfuncs.h>
#include <ndk/psfuncs.h>
#include <ndk/sefuncs.h> #include <ndk/sefuncs.h>
#include <ntstrsafe.h> #include <ntstrsafe.h>
#if defined KMT_FILTER_DRIVER #if defined KMT_FILTER_DRIVER

52
modules/rostests/kmtests/ntos_ob/ObSecurity.c
View file

@ -124,18 +124,52 @@ CheckDirectorySecurity__(
START_TEST(ObSecurity) START_TEST(ObSecurity)
{ {
NTSTATUS Status;
/* Assume yes, that's the default on W2K3 */
ULONG LUIDMappingsEnabled = 1, ReturnLength;
#define DIRECTORY_GENERIC_READ STANDARD_RIGHTS_READ | DIRECTORY_TRAVERSE | DIRECTORY_QUERY #define DIRECTORY_GENERIC_READ STANDARD_RIGHTS_READ | DIRECTORY_TRAVERSE | DIRECTORY_QUERY
#define DIRECTORY_GENERIC_WRITE STANDARD_RIGHTS_WRITE | DIRECTORY_CREATE_SUBDIRECTORY | DIRECTORY_CREATE_OBJECT #define DIRECTORY_GENERIC_WRITE STANDARD_RIGHTS_WRITE | DIRECTORY_CREATE_SUBDIRECTORY | DIRECTORY_CREATE_OBJECT
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users" /* Check if LUID device maps are enabled */
4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE | Status = ZwQueryInformationProcess(NtCurrentProcess(),
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS, ProcessLUIDDeviceMapsEnabled,
ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE | &LUIDMappingsEnabled,
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS, sizeof(LUIDMappingsEnabled),
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS, &ReturnLength);
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | ok(NT_SUCCESS(Status), "NtQueryInformationProcess failed: 0x%x\n", Status);
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL); trace("LUID mappings are enabled: %d\n", LUIDMappingsEnabled);
if (LUIDMappingsEnabled != 0)
{
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL);
}
else
{
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
6, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeWorldSid, GENERIC_EXECUTE,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid,GENERIC_ALL,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid,GENERIC_ALL,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL);
}
CheckDirectorySecurity(L"\\", CheckDirectorySecurity(L"\\",
4, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, DIRECTORY_GENERIC_READ, 4, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, DIRECTORY_GENERIC_READ,