Jinoh Kang : advapi32/tests: Test that the token default DACL uses token owner instead of token user. - wine-commits

20 Jul 2022

Module: wine
Branch: master
Commit: b735ded8c2b76c7839836b02b6b7c2e9efaff38a
URL:    https://gitlab.winehq.org/wine/wine/-/commit/b735ded8c2b76c7839836b02b6b7c2e...
Author: Jinoh Kang jinoh.kang.kr@gmail.com
Date:   Tue Jul 19 23:58:21 2022 +0900
advapi32/tests: Test that the token default DACL uses token owner instead of token user.
---
dlls/advapi32/tests/security.c | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c
index 3fe84083587..99e68c9a1e5 100644
--- a/dlls/advapi32/tests/security.c
+++ b/dlls/advapi32/tests/security.c
@@ -1765,6 +1765,24 @@ static void test_AccessCheck(void)
     HeapFree(GetProcessHeap(), 0, PrivSet);
 }
+static TOKEN_USER *get_alloc_token_user( HANDLE token )
+{
+    TOKEN_USER *token_user;
+    DWORD size;
+    BOOL ret;
+
+    ret = GetTokenInformation( token, TokenUser, NULL, 0, &size );
+    ok(!ret, "Expected failure, got %d\n", ret);
+    ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER,
+       "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError());
+
+    token_user = HeapAlloc( GetProcessHeap(), 0, size );
+    ret = GetTokenInformation( token, TokenUser, token_user, size, &size );
+    ok(ret, "GetTokenInformation failed with error %ld\n", GetLastError());
+
+    return token_user;
+}
+
 static TOKEN_OWNER *get_alloc_token_owner( HANDLE token )
 {
     TOKEN_OWNER *token_owner;
@@ -6357,6 +6375,7 @@ static void test_TokenIntegrityLevel(void)
static void test_default_dacl_owner_group_sid(void)
 {
+    TOKEN_USER *token_user;
     TOKEN_OWNER *token_owner;
     TOKEN_PRIMARY_GROUP *token_primary_group;
     HANDLE handle, token;
@@ -6371,6 +6390,7 @@ static void test_default_dacl_owner_group_sid(void)
     ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token );
     ok(ret, "OpenProcessToken failed with error %ld\n", GetLastError());
+    token_user = get_alloc_token_user( token );
     token_owner = get_alloc_token_owner( token );
     token_primary_group = get_alloc_token_primary_group( token );
@@ -6430,12 +6450,27 @@ static void test_default_dacl_owner_group_sid(void)
     }
     ok( found, "owner sid not found in dacl\n" );
+    if (!EqualSid( token_user->User.Sid, token_owner->Owner ))
+    {
+        index = 0;
+        found = FALSE;
+        while (GetAce( dacl, index++, (void **)&ace ))
+        {
+            ok( ace->Header.AceType == ACCESS_ALLOWED_ACE_TYPE,
+                "expected ACCESS_ALLOWED_ACE_TYPE, got %d\n", ace->Header.AceType );
+            if (EqualSid( &ace->SidStart, token_user->User.Sid )) found = TRUE;
+        }
+        todo_wine
+        ok( !found, "DACL shall not reference token user if it is different from token owner\n" );
+    }
+
     HeapFree( GetProcessHeap(), 0, sa.lpSecurityDescriptor );
     HeapFree( GetProcessHeap(), 0, sd );
     CloseHandle( handle );
HeapFree( GetProcessHeap(), 0, token_primary_group );
     HeapFree( GetProcessHeap(), 0, token_owner );
+    HeapFree( GetProcessHeap(), 0, token_user );
 }
static void test_AdjustTokenPrivileges(void)

    