Module: wine Branch: master Commit: a4b12eb9f937202848b229ed15f2c7d1823b41da URL: http://source.winehq.org/git/wine.git/?a=commit;h=a4b12eb9f937202848b229ed15...
Author: Piotr Caban piotr@codeweavers.com Date: Fri Mar 27 11:11:54 2015 +0100
advapi32/tests: Add test for mapping DACL to permission.
This test shows that first DACL entry that allows or denies access should be used. The logic inside server for translating DACL to permission is not matching it (always scans all DACL entries, deny entries have bigger priority).
---
dlls/advapi32/tests/security.c | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-)
diff --git a/dlls/advapi32/tests/security.c b/dlls/advapi32/tests/security.c index dbe52b0..6d3f9ac 100644 --- a/dlls/advapi32/tests/security.c +++ b/dlls/advapi32/tests/security.c @@ -3405,7 +3405,6 @@ static void test_GetNamedSecurityInfoA(void) "Administators Group ACE has unexpected mask (0x%x != 0x1f01ff)\n", ace->Mask); } LocalFree(pSD); - HeapFree(GetProcessHeap(), 0, user);
/* show that setting empty DACL is not removing all file permissions */ pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL)); @@ -3442,7 +3441,7 @@ static void test_GetNamedSecurityInfoA(void) /* NtSetSecurityObject doesn't inherit DACL entries */ pSD = sd+sizeof(void*)-((ULONG_PTR)sd)%sizeof(void*); InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION); - pDacl = HeapAlloc(GetProcessHeap(), 0, sizeof(ACL)); + pDacl = HeapAlloc(GetProcessHeap(), 0, 100); bret = InitializeAcl(pDacl, sizeof(ACL), ACL_REVISION); ok(bret, "Failed to initialize ACL.\n"); bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); @@ -3473,7 +3472,39 @@ static void test_GetNamedSecurityInfoA(void) NULL, OPEN_EXISTING, 0, NULL); ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError()); CloseHandle(h); + + /* test if DACL is properly mapped to permission */ + bret = InitializeAcl(pDacl, 100, ACL_REVISION); + ok(bret, "Failed to initialize ACL.\n"); + bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); + ok(bret, "Failed to add Current User to ACL.\n"); + bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); + ok(bret, "Failed to add Current User to ACL.\n"); + bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); + ok(bret, "Failed to add ACL to security desciptor.\n"); + status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD); + ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status); + + h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ, + NULL, OPEN_EXISTING, 0, NULL); + todo_wine ok(h != INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError()); + + bret = InitializeAcl(pDacl, 100, ACL_REVISION); + ok(bret, "Failed to initialize ACL.\n"); + bret = pAddAccessDeniedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); + ok(bret, "Failed to add Current User to ACL.\n"); + bret = pAddAccessAllowedAceEx(pDacl, ACL_REVISION, 0, GENERIC_ALL, user_sid); + ok(bret, "Failed to add Current User to ACL.\n"); + bret = SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE); + ok(bret, "Failed to add ACL to security desciptor.\n"); + status = pNtSetSecurityObject(hTemp, DACL_SECURITY_INFORMATION, pSD); + ok(status == ERROR_SUCCESS, "NtSetSecurityObject returned %x\n", status); + + h = CreateFileA(tmpfile, GENERIC_READ, FILE_SHARE_DELETE|FILE_SHARE_WRITE|FILE_SHARE_READ, + NULL, OPEN_EXISTING, 0, NULL); + ok(h == INVALID_HANDLE_VALUE, "CreateFile error %d\n", GetLastError()); HeapFree(GetProcessHeap(), 0, pDacl); + HeapFree(GetProcessHeap(), 0, user); CloseHandle(hTemp);
/* Test querying the ownership of a built-in registry key */