Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-22 16:36:33 +00:00
Code Issues Projects Releases Packages Wiki Activity

[KMTESTS:OB] Add support for LUID mappings being disabled in ObSecurity tests

Browse source 
CORE-16114
This commit is contained in:
Pierre Schweitzer 2019-06-20 08:53:27 +02:00
parent 6cde208c6b
commit f529033555
2 changed files with 44 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/rostests/kmtests/include/kmt_platform.h
View file

@ -24,6 +24,7 @@
#include <ndk/kefuncs.h>
#include <ndk/mmfuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/psfuncs.h>
#include <ndk/sefuncs.h>
#include <ntstrsafe.h>
#if defined KMT_FILTER_DRIVER

52
modules/rostests/kmtests/ntos_ob/ObSecurity.c
View file

@ -124,18 +124,52 @@ CheckDirectorySecurity__(
START_TEST(ObSecurity)
{
NTSTATUS Status;
/* Assume yes, that's the default on W2K3 */
ULONG LUIDMappingsEnabled = 1, ReturnLength;
#define DIRECTORY_GENERIC_READ STANDARD_RIGHTS_READ | DIRECTORY_TRAVERSE | DIRECTORY_QUERY
#define DIRECTORY_GENERIC_WRITE STANDARD_RIGHTS_WRITE | DIRECTORY_CREATE_SUBDIRECTORY | DIRECTORY_CREATE_OBJECT
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL);
/* Check if LUID device maps are enabled */
Status = ZwQueryInformationProcess(NtCurrentProcess(),
ProcessLUIDDeviceMapsEnabled,
&LUIDMappingsEnabled,
sizeof(LUIDMappingsEnabled),
&ReturnLength);
ok(NT_SUCCESS(Status), "NtQueryInformationProcess failed: 0x%x\n", Status);
trace("LUID mappings are enabled: %d\n", LUIDMappingsEnabled);
if (LUIDMappingsEnabled != 0)
{
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL);
}
else
{
CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
6, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeWorldSid, GENERIC_EXECUTE,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid,GENERIC_ALL,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid,GENERIC_ALL,
ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
CONTAINER_INHERIT_ACE |
OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid,GENERIC_ALL);
}
CheckDirectorySecurity(L"\\",
4, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, DIRECTORY_GENERIC_READ,