19 Jun
2022
19 Jun
'22
5:11 p.m.
https://git.reactos.org/?p=reactos.git;a=commitdiff;h=0c569e1ff37b41ace8b2a…
commit 0c569e1ff37b41ace8b2ae6aab8208b80f13e975
Author: George Bișoc <george.bisoc(a)reactos.org>
AuthorDate: Sat Jun 18 21:41:50 2022 +0200
Commit: George Bișoc <george.bisoc(a)reactos.org>
CommitDate: Sun Jun 19 17:22:04 2022 +0200
[NTDLL_APITEST] NtQueryInformationToken: write tests for TokenGroupsAndPrivileges
---
.../apitests/ntdll/NtQueryInformationToken.c | 101 ++++++++++++++++++++-
1 file changed, 96 insertions(+), 5 deletions(-)
diff --git a/modules/rostests/apitests/ntdll/NtQueryInformationToken.c
b/modules/rostests/apitests/ntdll/NtQueryInformationToken.c
index 0a017f30d1a..cdeca0f9d64 100644
--- a/modules/rostests/apitests/ntdll/NtQueryInformationToken.c
+++ b/modules/rostests/apitests/ntdll/NtQueryInformationToken.c
@@ -435,7 +435,7 @@ QueryTokenImpersonationTests(
&BufferLength);
ok_ntstatus(Status, STATUS_SUCCESS);
ok(Level == SecurityAnonymous, "The current token impersonation level is not
anonymous!\n");
- CloseHandle(DupToken);
+ NtClose(DupToken);
}
static
@@ -463,7 +463,7 @@ QueryTokenStatisticsTests(
Statistics = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
if (!Statistics)
{
- skip("Failed to allocate heap for token statistics!\n");
+ ok(FALSE, "Failed to allocate from heap for token statistics (required
buffer length %lu)!\n", BufferLength);
return;
}
@@ -486,6 +486,96 @@ QueryTokenStatisticsTests(
RtlFreeHeap(RtlGetProcessHeap(), 0, Statistics);
}
+static
+VOID
+QueryTokenPrivilegesAndGroupsTests(
+ _In_ HANDLE Token)
+{
+ NTSTATUS Status;
+ PTOKEN_GROUPS_AND_PRIVILEGES PrivsAndGroups;
+ TOKEN_GROUPS SidToRestrict;
+ HANDLE FilteredToken;
+ PSID WorldSid;
+ ULONG BufferLength;
+ static SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+
+ /*
+ * Create a World SID and filter the token
+ * by adding a restricted SID.
+ */
+ Status = RtlAllocateAndInitializeSid(&WorldAuthority,
+ 1,
+ SECURITY_WORLD_RID,
+ 0, 0, 0, 0, 0, 0, 0,
+ &WorldSid);
+ if (!NT_SUCCESS(Status))
+ {
+ ok(FALSE, "Failed to allocate World SID (Status code %lx)!\n",
Status);
+ return;
+ }
+
+ SidToRestrict.GroupCount = 1;
+ SidToRestrict.Groups[0].Attributes = 0;
+ SidToRestrict.Groups[0].Sid = WorldSid;
+
+ Status = NtFilterToken(Token,
+ 0,
+ NULL,
+ NULL,
+ &SidToRestrict,
+ &FilteredToken);
+ if (!NT_SUCCESS(Status))
+ {
+ ok(FALSE, "Failed to filter the current token (Status code %lx)!\n",
Status);
+ RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
+ return;
+ }
+
+ /*
+ * Query the exact buffer length to hold
+ * our stuff, STATUS_BUFFER_TOO_SMALL must
+ * be expected here.
+ */
+ Status = NtQueryInformationToken(FilteredToken,
+ TokenGroupsAndPrivileges,
+ NULL,
+ 0,
+ &BufferLength);
+ ok_ntstatus(Status, STATUS_BUFFER_TOO_SMALL);
+
+ /* Allocate the buffer based on the size we got */
+ PrivsAndGroups = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
+ if (!PrivsAndGroups)
+ {
+ ok(FALSE, "Failed to allocate from heap for token privileges and groups
(required buffer length %lu)!\n", BufferLength);
+ RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
+ NtClose(FilteredToken);
+ return;
+ }
+
+ /* Do the actual query */
+ Status = NtQueryInformationToken(FilteredToken,
+ TokenGroupsAndPrivileges,
+ PrivsAndGroups,
+ BufferLength,
+ &BufferLength);
+ ok_ntstatus(Status, STATUS_SUCCESS);
+
+ trace("=============== TokenGroupsAndPrivileges ===============\n");
+ trace("SID count: %lu\n", PrivsAndGroups->SidCount);
+ trace("SID length: %lu\n", PrivsAndGroups->SidLength);
+ trace("Restricted SID count: %lu\n",
PrivsAndGroups->RestrictedSidCount);
+ trace("Restricted SID length: %lu\n",
PrivsAndGroups->RestrictedSidLength);
+ trace("Privilege count: %lu\n", PrivsAndGroups->PrivilegeCount);
+ trace("Privilege length: %lu\n", PrivsAndGroups->PrivilegeLength);
+ trace("Authentication ID: %lu %lu\n",
PrivsAndGroups->AuthenticationId.LowPart,
PrivsAndGroups->AuthenticationId.HighPart);
+ trace("=========================================\n\n");
+
+ RtlFreeHeap(RtlGetProcessHeap(), 0, PrivsAndGroups);
+ RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
+ NtClose(FilteredToken);
+}
+
static
VOID
QueryTokenRestrictedSidsTest(
@@ -591,7 +681,7 @@ QueryTokenRestrictedSidsTest(
RtlFreeHeap(RtlGetProcessHeap(), 0, RestrictedGroups);
RtlFreeHeap(RtlGetProcessHeap(), 0, WorldSid);
- CloseHandle(FilteredToken);
+ NtClose(FilteredToken);
}
static
@@ -667,7 +757,7 @@ QueryTokenIsSandboxInert(
ok_ntstatus(Status, STATUS_SUCCESS);
ok(IsTokenInert == TRUE, "The token must be a sandbox inert one after
filtering!\n");
- CloseHandle(FilteredToken);
+ NtClose(FilteredToken);
}
static
@@ -744,10 +834,11 @@ START_TEST(NtQueryInformationToken)
QueryTokenTypeTests(Token);
QueryTokenImpersonationTests(Token);
QueryTokenStatisticsTests(Token);
+ QueryTokenPrivilegesAndGroupsTests(Token);
QueryTokenRestrictedSidsTest(Token);
QueryTokenSessionIdTests(Token);
QueryTokenIsSandboxInert(Token);
QueryTokenOriginTests(Token);
- CloseHandle(Token);
+ NtClose(Token);
}