📄 security.c
字号:
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE
#endif /* ndef SE_MIN_WELL_KNOWN_PRIVILEGE */
static void test_allocateLuid(void)
{
BOOL (WINAPI *pAllocateLocallyUniqueId)(PLUID);
LUID luid1, luid2;
BOOL ret;
pAllocateLocallyUniqueId = (void*)GetProcAddress(hmod, "AllocateLocallyUniqueId");
if (!pAllocateLocallyUniqueId) return;
ret = pAllocateLocallyUniqueId(&luid1);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
return;
ok(ret,
"AllocateLocallyUniqueId failed: %ld\n", GetLastError());
ret = pAllocateLocallyUniqueId(&luid2);
ok( ret,
"AllocateLocallyUniqueId failed: %ld\n", GetLastError());
ok(luid1.LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE || luid1.HighPart != 0,
"AllocateLocallyUniqueId returned a well-known LUID\n");
ok(luid1.LowPart != luid2.LowPart || luid1.HighPart != luid2.HighPart,
"AllocateLocallyUniqueId returned non-unique LUIDs\n");
ret = pAllocateLocallyUniqueId(NULL);
ok( !ret && GetLastError() == ERROR_NOACCESS,
"AllocateLocallyUniqueId(NULL) didn't return ERROR_NOACCESS: %ld\n",
GetLastError());
}
static void test_lookupPrivilegeName(void)
{
BOOL (WINAPI *pLookupPrivilegeNameA)(LPSTR, PLUID, LPSTR, LPDWORD);
char buf[MAX_PATH]; /* arbitrary, seems long enough */
DWORD cchName = sizeof(buf);
LUID luid = { 0, 0 };
LONG i;
BOOL ret;
/* check whether it's available first */
pLookupPrivilegeNameA = (void*)GetProcAddress(hmod, "LookupPrivilegeNameA");
if (!pLookupPrivilegeNameA) return;
luid.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
ret = pLookupPrivilegeNameA(NULL, &luid, buf, &cchName);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
return;
/* check with a short buffer */
cchName = 0;
luid.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
ret = pLookupPrivilegeNameA(NULL, &luid, NULL, &cchName);
ok( !ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER,
"LookupPrivilegeNameA didn't fail with ERROR_INSUFFICIENT_BUFFER: %ld\n",
GetLastError());
ok(cchName == strlen("SeCreateTokenPrivilege") + 1,
"LookupPrivilegeNameA returned an incorrect required length for\n"
"SeCreateTokenPrivilege (got %ld, expected %d)\n", cchName,
strlen("SeCreateTokenPrivilege") + 1);
/* check a known value and its returned length on success */
cchName = sizeof(buf);
ok(pLookupPrivilegeNameA(NULL, &luid, buf, &cchName) &&
cchName == strlen("SeCreateTokenPrivilege"),
"LookupPrivilegeNameA returned an incorrect output length for\n"
"SeCreateTokenPrivilege (got %ld, expected %d)\n", cchName,
(int)strlen("SeCreateTokenPrivilege"));
/* check known values */
for (i = SE_MIN_WELL_KNOWN_PRIVILEGE; i < SE_MAX_WELL_KNOWN_PRIVILEGE; i++)
{
luid.LowPart = i;
cchName = sizeof(buf);
ret = pLookupPrivilegeNameA(NULL, &luid, buf, &cchName);
ok( ret || GetLastError() == ERROR_NO_SUCH_PRIVILEGE,
"LookupPrivilegeNameA(0.%ld) failed: %ld\n", i, GetLastError());
}
/* check a bogus LUID */
luid.LowPart = 0xdeadbeef;
cchName = sizeof(buf);
ret = pLookupPrivilegeNameA(NULL, &luid, buf, &cchName);
ok( !ret && GetLastError() == ERROR_NO_SUCH_PRIVILEGE,
"LookupPrivilegeNameA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
GetLastError());
/* check on a bogus system */
luid.LowPart = SE_CREATE_TOKEN_PRIVILEGE;
cchName = sizeof(buf);
ret = pLookupPrivilegeNameA("b0gu5.Nam3", &luid, buf, &cchName);
ok( !ret && GetLastError() == RPC_S_SERVER_UNAVAILABLE,
"LookupPrivilegeNameA didn't fail with RPC_S_SERVER_UNAVAILABLE: %ld\n",
GetLastError());
}
struct NameToLUID
{
const char *name;
DWORD lowPart;
};
static void test_lookupPrivilegeValue(void)
{
static const struct NameToLUID privs[] = {
{ "SeCreateTokenPrivilege", SE_CREATE_TOKEN_PRIVILEGE },
{ "SeAssignPrimaryTokenPrivilege", SE_ASSIGNPRIMARYTOKEN_PRIVILEGE },
{ "SeLockMemoryPrivilege", SE_LOCK_MEMORY_PRIVILEGE },
{ "SeIncreaseQuotaPrivilege", SE_INCREASE_QUOTA_PRIVILEGE },
{ "SeMachineAccountPrivilege", SE_MACHINE_ACCOUNT_PRIVILEGE },
{ "SeTcbPrivilege", SE_TCB_PRIVILEGE },
{ "SeSecurityPrivilege", SE_SECURITY_PRIVILEGE },
{ "SeTakeOwnershipPrivilege", SE_TAKE_OWNERSHIP_PRIVILEGE },
{ "SeLoadDriverPrivilege", SE_LOAD_DRIVER_PRIVILEGE },
{ "SeSystemProfilePrivilege", SE_SYSTEM_PROFILE_PRIVILEGE },
{ "SeSystemtimePrivilege", SE_SYSTEMTIME_PRIVILEGE },
{ "SeProfileSingleProcessPrivilege", SE_PROF_SINGLE_PROCESS_PRIVILEGE },
{ "SeIncreaseBasePriorityPrivilege", SE_INC_BASE_PRIORITY_PRIVILEGE },
{ "SeCreatePagefilePrivilege", SE_CREATE_PAGEFILE_PRIVILEGE },
{ "SeCreatePermanentPrivilege", SE_CREATE_PERMANENT_PRIVILEGE },
{ "SeBackupPrivilege", SE_BACKUP_PRIVILEGE },
{ "SeRestorePrivilege", SE_RESTORE_PRIVILEGE },
{ "SeShutdownPrivilege", SE_SHUTDOWN_PRIVILEGE },
{ "SeDebugPrivilege", SE_DEBUG_PRIVILEGE },
{ "SeAuditPrivilege", SE_AUDIT_PRIVILEGE },
{ "SeSystemEnvironmentPrivilege", SE_SYSTEM_ENVIRONMENT_PRIVILEGE },
{ "SeChangeNotifyPrivilege", SE_CHANGE_NOTIFY_PRIVILLEGE },
{ "SeRemoteShutdownPrivilege", SE_REMOTE_SHUTDOWN_PRIVILEGE },
{ "SeUndockPrivilege", SE_UNDOCK_PRIVILEGE },
{ "SeSyncAgentPrivilege", SE_SYNC_AGENT_PRIVILEGE },
{ "SeEnableDelegationPrivilege", SE_ENABLE_DELEGATION_PRIVILEGE },
{ "SeManageVolumePrivilege", SE_MANAGE_VOLUME_PRIVILEGE },
{ "SeImpersonatePrivilege", SE_IMPERSONATE_PRIVILEGE },
{ "SeCreateGlobalPrivilege", SE_CREATE_GLOBAL_PRIVILEGE },
};
BOOL (WINAPI *pLookupPrivilegeValueA)(LPCSTR, LPCSTR, PLUID);
int i;
LUID luid;
BOOL ret;
/* check whether it's available first */
pLookupPrivilegeValueA = (void*)GetProcAddress(hmod, "LookupPrivilegeValueA");
if (!pLookupPrivilegeValueA) return;
ret = pLookupPrivilegeValueA(NULL, "SeCreateTokenPrivilege", &luid);
if (!ret && GetLastError() == ERROR_CALL_NOT_IMPLEMENTED)
return;
/* check a bogus system name */
ret = pLookupPrivilegeValueA("b0gu5.Nam3", "SeCreateTokenPrivilege", &luid);
ok( !ret && GetLastError() == RPC_S_SERVER_UNAVAILABLE,
"LookupPrivilegeValueA didn't fail with RPC_S_SERVER_UNAVAILABLE: %ld\n",
GetLastError());
/* check a NULL string */
ret = pLookupPrivilegeValueA(NULL, 0, &luid);
ok( !ret && GetLastError() == ERROR_NO_SUCH_PRIVILEGE,
"LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
GetLastError());
/* check a bogus privilege name */
ret = pLookupPrivilegeValueA(NULL, "SeBogusPrivilege", &luid);
ok( !ret && GetLastError() == ERROR_NO_SUCH_PRIVILEGE,
"LookupPrivilegeValueA didn't fail with ERROR_NO_SUCH_PRIVILEGE: %ld\n",
GetLastError());
/* check case insensitive */
ret = pLookupPrivilegeValueA(NULL, "sEcREATEtOKENpRIVILEGE", &luid);
ok( ret,
"LookupPrivilegeValueA(NULL, sEcREATEtOKENpRIVILEGE, &luid) failed: %ld\n",
GetLastError());
for (i = 0; i < sizeof(privs) / sizeof(privs[0]); i++)
{
/* Not all privileges are implemented on all Windows versions, so
* don't worry if the call fails
*/
if (pLookupPrivilegeValueA(NULL, privs[i].name, &luid))
{
ok(luid.LowPart == privs[i].lowPart,
"LookupPrivilegeValueA returned an invalid LUID for %s\n",
privs[i].name);
}
}
}
static void test_luid(void)
{
test_allocateLuid();
test_lookupPrivilegeName();
test_lookupPrivilegeValue();
}
static void test_FileSecurity(void)
{
char directory[MAX_PATH];
DWORD retval, outSize;
BOOL result;
BYTE buffer[0x40];
pGetFileSecurityA = (fnGetFileSecurityA)
GetProcAddress( hmod, "GetFileSecurityA" );
if( !pGetFileSecurityA )
return;
retval = GetTempPathA(sizeof(directory), directory);
if (!retval) {
trace("GetTempPathA failed\n");
return;
}
strcpy(directory, "\\Should not exist");
SetLastError(NO_ERROR);
result = GetFileSecurityA( directory,OWNER_SECURITY_INFORMATION,
(PSECURITY_DESCRIPTOR)buffer,0x40,&outSize);
ok(!result, "GetFileSecurityA should fail for not existing directories/files\n");
ok( (GetLastError() == ERROR_FILE_NOT_FOUND ) ||
(GetLastError() == ERROR_CALL_NOT_IMPLEMENTED) ,
"last error ERROR_FILE_NOT_FOUND / ERROR_CALL_NOT_IMPLEMENTED (98) "
"expected, got %ld\n", GetLastError());
}
START_TEST(security)
{
init();
if (!hmod) return;
test_sid();
test_trustee();
test_luid();
test_FileSecurity();
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -