Re: [PATCH 3/3] advapi32/tests: Test GetTokenInformation with TokenIntegrityLevel

On 7/29/2012 02:24, Detlef Riekenberg wrote:

-- By by ... Detlef

---

dlls/advapi32/tests/security.c | 99 ++++++++++++++++++++++++++++++++++++++-- 1 files changed, 94 insertions(+), 5 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index 28e43ec..93bbc62 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -167,6 +167,8 @@ static void init(void) pSetSecurityDescriptorControl = (void *)GetProcAddress(hmod, "SetSecurityDescriptorControl"); pGetSecurityInfo = (void *)GetProcAddress(hmod, "GetSecurityInfo"); pCreateRestrictedToken = (void *)GetProcAddress(hmod, "CreateRestrictedToken");

• pConvertSidToStringSidA = (void *)GetProcAddress( hmod, "ConvertSidToStringSidA" );

• pConvertStringSidToSidA = (void *)GetProcAddress( hmod, "ConvertStringSidToSidA" );

  myARGC = winetest_get_mainargs( &myARGV ); }

@@ -211,12 +213,11 @@ static void test_sid(void) BOOL r; LPSTR str = NULL;

• pConvertSidToStringSidA = (void *)GetProcAddress( hmod, "ConvertSidToStringSidA" );
• if( !pConvertSidToStringSidA )

•    return;
  

• pConvertStringSidToSidA = (void *)GetProcAddress( hmod, "ConvertStringSidToSidA" );
• if( !pConvertStringSidToSidA )

• if( !pConvertSidToStringSidA || !pConvertStringSidToSidA )

• {

•    skip("ConvertSidToStringSidA or ConvertStringSidToSidA not available\n");
      return;
  

• }

  r = pConvertStringSidToSidA( NULL, NULL ); ok( !r, "expected failure with NULL parameters\n" );

@@ -4274,6 +4275,93 @@ static void test_kernel_objects_security(void) CloseHandle(token); }

+static void test_TokenIntegrityLevel(void) +{

• TOKEN_MANDATORY_LABEL *tml;
• UCHAR expected_authority[] = SECURITY_MANDATORY_LABEL_AUTHORITY;
• HANDLE token;
• DWORD size;
• DWORD res;
• LPVOID buffer = NULL;
• char *sidname = NULL;
• ULONG level;
• SID *psid;
• if(!pConvertSidToStringSidA)
• {

•    skip("ConvertSidToStringSidA not available\n");
  

•    return;
  

• }
• SetLastError(0xdeadbeef);
• res = OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token);
• ok(res, "got %d with %d (expected TRUE)\n", res, GetLastError());
• if (!res)

•    return;
  

• SetLastError(0xdeadbeef);
• res = GetTokenInformation(token, TokenIntegrityLevel, NULL, 0, &size);
• /* not supported before Vista */
• if (!res && (GetLastError() == ERROR_INVALID_PARAMETER))
• {

•    skip("TokenIntegrityLevel not supported\n");
  

•    CloseHandle(token);
  

•    return;
  

• }
• if (!res && (GetLastError() == ERROR_INSUFFICIENT_BUFFER))
• {

•    buffer = HeapAlloc(GetProcessHeap(), 0, size * 2);
  

•    SetLastError(0xdeadbeef);
  

•    res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size, &size);
  

• }

You don't need that, buffer size is fixed for this case.

• ok(res, "got %d with %d (expected TRUE)\n", res, GetLastError());
• if (!res || !buffer)

•    goto cleanup;
  

• tml = buffer;
• psid = tml->Label.Sid;
• ok(psid != NULL, "Label.Sid: NULL\n");
• if (!psid)

•    goto cleanup;
  

• ok(tml->Label.Attributes == (SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED),

•    "got 0x%x (expected 0x%x)\n", tml->Label.Attributes, (SE_GROUP_INTEGRITY | SE_GROUP_INTEGRITY_ENABLED));
  

Attributes value probably depends on system setup, I believe you can disable all that intergity level stuff. If it doesn't currently fail on testbot let's keep it that way for now.

• res = pConvertSidToStringSidA(psid, &sidname);
• trace("sid: %s\n", sidname);
• LocalFree(sidname);
• ok(psid->Revision == 1, "got Revision %d (expected 1)\n", psid->Revision);
• ok(psid->SubAuthorityCount == 1, "got SubAuthorityCount %d (expected 1)\n", psid->SubAuthorityCount);
• ok(!memcmp(psid->IdentifierAuthority.Value, expected_authority, sizeof(expected_authority)),

•        "got IdentifierAuthority %d, %d, %d, %d, %d, %d (expected 0,0,0,0,0,16)\n",
  

•        psid->IdentifierAuthority.Value[0], psid->IdentifierAuthority.Value[1],
  

•        psid->IdentifierAuthority.Value[2], psid->IdentifierAuthority.Value[3],
  

•        psid->IdentifierAuthority.Value[4], psid->IdentifierAuthority.Value[5]);
  

• level = psid->SubAuthority[0];
• ok((level == SECURITY_MANDATORY_MEDIUM_RID) || (level == SECURITY_MANDATORY_HIGH_RID),

•    "got level 0x%x (expected 0x%x or 0x%x)\n", level, SECURITY_MANDATORY_MEDIUM_RID, SECURITY_MANDATORY_HIGH_RID);
  

All this mess should be replaced with EqualSid()

• SetLastError(0xdeadbeef);
• res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size - 1, &size);
• ok(!res && (GetLastError() == ERROR_INSUFFICIENT_BUFFER),

•    "got %d and %u (expected FALSE and ERROR_INSUFFICIENT_BUFFER)\n", res, GetLastError());
  

Doesn't make much sense, behaviour is not specific to TokenIntegrityLevel.

• SetLastError(0xdeadbeef);
• res = GetTokenInformation(token, TokenIntegrityLevel, buffer, size + 1, &size);
• ok(res, "got %d and %u (expected TRUE)\n", res, GetLastError());

Same here.

+cleanup:

• HeapFree(GetProcessHeap(), 0, buffer);
• CloseHandle(token);

+}

• START_TEST(security) { init();

@@ -4311,4 +4399,5 @@ START_TEST(security) test_GetUserNameA(); test_GetUserNameW(); test_CreateRestrictedToken();

• test_TokenIntegrityLevel(); }