[PATCH 1/2] advapi32/tests: Test that default object owner and group match the token.

From: Jinoh Kang jinoh.kang.kr@gmail.com

--- dlls/advapi32/tests/security.c | 50 ++++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 6 deletions(-)

diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index aeee279a86d..d1e9c00c154 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -6304,16 +6304,41 @@ static void test_TokenIntegrityLevel(void) CloseHandle(token); }

-static void test_default_dacl_owner_sid(void) +static void test_default_dacl_owner_group_sid(void) { - HANDLE handle; + HANDLE handle, token; BOOL ret, defaulted, present, found; DWORD size, index; SECURITY_DESCRIPTOR *sd; SECURITY_ATTRIBUTES sa; - PSID owner; + PSID owner, group; ACL *dacl; ACCESS_ALLOWED_ACE *ace; + TOKEN_OWNER *token_owner; + TOKEN_PRIMARY_GROUP *token_primary_group; + + ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token ); + ok(ret, "OpenProcessToken failed with error %ld\n", GetLastError()); + + ret = GetTokenInformation( token, TokenOwner, NULL, 0, &size ); + ok(!ret, "Expected failure, got %d\n", ret); + ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, + "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError()); + + token_owner = HeapAlloc(GetProcessHeap(), 0, size); + ret = GetTokenInformation( token, TokenOwner, token_owner, size, &size ); + ok(ret, "GetTokenInformation failed with error %ld\n", GetLastError()); + + ret = GetTokenInformation( token, TokenPrimaryGroup, NULL, 0, &size ); + ok(!ret, "Expected failure, got %d\n", ret); + ok(GetLastError() == ERROR_INSUFFICIENT_BUFFER, + "Expected ERROR_INSUFFICIENT_BUFFER, got %ld\n", GetLastError()); + + token_primary_group = HeapAlloc(GetProcessHeap(), 0, size); + ret = GetTokenInformation( token, TokenPrimaryGroup, token_primary_group, size, &size ); + ok(ret, "GetTokenInformation failed with error %ld\n", GetLastError()); + + CloseHandle( token );

sd = HeapAlloc( GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH ); ret = InitializeSecurityDescriptor( sd, SECURITY_DESCRIPTOR_REVISION ); @@ -6326,11 +6351,11 @@ static void test_default_dacl_owner_sid(void) ok( handle != NULL, "error %lu\n", GetLastError() );

size = 0; - ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, NULL, 0, &size ); + ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, NULL, 0, &size ); ok( !ret && GetLastError() == ERROR_INSUFFICIENT_BUFFER, "error %lu\n", GetLastError() );

sd = HeapAlloc( GetProcessHeap(), 0, size ); - ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, size, &size ); + ret = GetKernelObjectSecurity( handle, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, sd, size, &size ); ok( ret, "error %lu\n", GetLastError() );

owner = (void *)0xdeadbeef; @@ -6339,6 +6364,16 @@ static void test_default_dacl_owner_sid(void) ok( ret, "error %lu\n", GetLastError() ); ok( owner != (void *)0xdeadbeef, "owner not set\n" ); ok( !defaulted, "owner defaulted\n" ); + todo_wine + ok( EqualSid( owner, token_owner->Owner ), "owner shall equal token owner\n" ); + + group = (void *)0xdeadbeef; + defaulted = TRUE; + ret = GetSecurityDescriptorGroup( sd, &group, &defaulted ); + ok( ret, "error %lu\n", GetLastError() ); + ok( group != (void *)0xdeadbeef, "group not set\n" ); + ok( !defaulted, "group defaulted\n" ); + ok( EqualSid( group, token_primary_group->PrimaryGroup ), "group shall equal token primary group\n" );

dacl = (void *)0xdeadbeef; present = FALSE; @@ -6360,6 +6395,9 @@ static void test_default_dacl_owner_sid(void) HeapFree( GetProcessHeap(), 0, sa.lpSecurityDescriptor ); HeapFree( GetProcessHeap(), 0, sd ); CloseHandle( handle ); + + HeapFree( GetProcessHeap(), 0, token_primary_group ); + HeapFree( GetProcessHeap(), 0, token_owner ); }

static void test_AdjustTokenPrivileges(void) @@ -8502,7 +8540,7 @@ START_TEST(security) test_GetUserNameW(); test_CreateRestrictedToken(); test_TokenIntegrityLevel(); - test_default_dacl_owner_sid(); + test_default_dacl_owner_group_sid(); test_AdjustTokenPrivileges(); test_AddAce(); test_AddMandatoryAce();