X-Git-Url: https://git.reactos.org/?p=reactos.git;a=blobdiff_plain;f=rostests%2Fkmtests%2Fntos_se%2FSeInheritance.c;h=99e24d1114d697af5ea2d398e07f78d85e342963;hp=773311925c3c6bc9292ec32175467de27e995788;hb=643b7c9da93ee1a58ad8ba3f08f9ca268079c698;hpb=418629f6a904fa942c658db77046f904f048da84

diff --git a/rostests/kmtests/ntos_se/SeInheritance.c b/rostests/kmtests/ntos_se/SeInheritance.c
index 773311925c3..99e24d1114d 100644
--- a/rostests/kmtests/ntos_se/SeInheritance.c
+++ b/rostests/kmtests/ntos_se/SeInheritance.c
@@ -780,6 +780,81 @@ TestSeAssignSecurity(
         EndTestAssign()
     }
 
+    /* ACE type that Win2003 doesn't know about (> ACCESS_MAX_MS_ACE_TYPE) */
+    for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
+    {
+        Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlxAddMandatoryLabelAceEx(Acl, ACL_REVISION, 0, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, SeExports->SeWorldSid);
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
+                                              TRUE,
+                                              Acl,
+                                              BooleanFlagOn(UsingDefault, 1));
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlSetSaclSecurityDescriptor(&ExplicitDescriptor,
+                                              TRUE,
+                                              Acl,
+                                              BooleanFlagOn(UsingDefault, 2));
+        ok_eq_hex(Status, STATUS_SUCCESS);
+
+        TestAssignExpectDefault(&ParentDescriptor, NULL, FALSE)
+        TestAssignExpectDefault(&ParentDescriptor, NULL, TRUE)
+        StartTestAssign(NULL, &ExplicitDescriptor, FALSE, TRUE, TRUE)
+            ok_eq_uint(DaclDefaulted, FALSE);
+            CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,    STANDARD_RIGHTS_ALL | 0x800F,
+                              ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,    STANDARD_RIGHTS_READ | 0x0005);
+            ok_eq_uint(SaclDefaulted, FALSE);
+            CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0, SeExports->SeWorldSid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+            ok_eq_uint(OwnerDefaulted, FALSE);
+            CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+            ok_eq_uint(GroupDefaulted, FALSE);
+            CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+        EndTestAssign()
+    }
+
+    for (UsingDefault = 0; UsingDefault <= 3; UsingDefault++)
+    {
+        Status = RtlCreateAcl(Acl, AclSize, ACL_REVISION);
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlxAddMandatoryLabelAceEx(Acl, ACL_REVISION, OBJECT_INHERIT_ACE, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP, SeExports->SeCreatorOwnerSid);
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlSetSaclSecurityDescriptor(&ParentDescriptor,
+                                              TRUE,
+                                              Acl,
+                                              BooleanFlagOn(UsingDefault, 1));
+        ok_eq_hex(Status, STATUS_SUCCESS);
+        Status = RtlSetSaclSecurityDescriptor(&ExplicitDescriptor,
+                                              TRUE,
+                                              Acl,
+                                              BooleanFlagOn(UsingDefault, 2));
+        ok_eq_hex(Status, STATUS_SUCCESS);
+
+        StartTestAssign(&ParentDescriptor, NULL, FALSE, TRUE, TRUE)
+            ok_eq_uint(DaclDefaulted, FALSE);
+            CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,    STANDARD_RIGHTS_ALL | 0x800F,
+                              ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,    STANDARD_RIGHTS_READ | 0x0005);
+            ok_eq_uint(SaclDefaulted, FALSE);
+            CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+            ok_eq_uint(OwnerDefaulted, FALSE);
+            CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+            ok_eq_uint(GroupDefaulted, FALSE);
+            CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+        EndTestAssign()
+        StartTestAssign(NULL, &ExplicitDescriptor, FALSE, TRUE, TRUE)
+            ok_eq_uint(DaclDefaulted, FALSE);
+            CheckAcl(Dacl, 2, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid,    STANDARD_RIGHTS_ALL | 0x800F,
+                              ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid,    STANDARD_RIGHTS_READ | 0x0005);
+            ok_eq_uint(SaclDefaulted, FALSE);
+            CheckAcl(Sacl, 1, SYSTEM_MANDATORY_LABEL_ACE_TYPE, OBJECT_INHERIT_ACE, SeExports->SeCreatorOwnerSid, SYSTEM_MANDATORY_LABEL_NO_WRITE_UP);
+            ok_eq_uint(OwnerDefaulted, FALSE);
+            CheckSid(Owner, NO_SIZE, Token->UserAndGroups[Token->DefaultOwnerIndex].Sid);
+            ok_eq_uint(GroupDefaulted, FALSE);
+            CheckSid(Group, NO_SIZE, Token->PrimaryGroup);
+        EndTestAssign()
+    }
+
+    /* TODO: Test object/compound ACEs */
     /* TODO: Test duplicate ACEs */
     /* TODO: Test INHERITED_ACE flag */
     /* TODO: Test invalid ACE flags */