[KMTESTS:OB] Add support for LUID mappings being disabled in ObSecurity tests
authorPierre Schweitzer <pierre@reactos.org>
Thu, 20 Jun 2019 06:53:27 +0000 (08:53 +0200)
committerPierre Schweitzer <pierre@reactos.org>
Sun, 30 Jun 2019 21:07:54 +0000 (23:07 +0200)
CORE-16114

modules/rostests/kmtests/include/kmt_platform.h
modules/rostests/kmtests/ntos_ob/ObSecurity.c

index 4895bf2..2cdc9b6 100644 (file)
@@ -24,6 +24,7 @@
 #include <ndk/kefuncs.h>
 #include <ndk/mmfuncs.h>
 #include <ndk/obfuncs.h>
+#include <ndk/psfuncs.h>
 #include <ndk/sefuncs.h>
 #include <ntstrsafe.h>
 #if defined KMT_FILTER_DRIVER
index 4ac9478..55f5a0f 100644 (file)
@@ -124,18 +124,52 @@ CheckDirectorySecurity__(
 
 START_TEST(ObSecurity)
 {
+    NTSTATUS Status;
+    /* Assume yes, that's the default on W2K3 */
+    ULONG LUIDMappingsEnabled = 1, ReturnLength;
+
 #define DIRECTORY_GENERIC_READ      STANDARD_RIGHTS_READ | DIRECTORY_TRAVERSE | DIRECTORY_QUERY
 #define DIRECTORY_GENERIC_WRITE     STANDARD_RIGHTS_WRITE | DIRECTORY_CREATE_SUBDIRECTORY | DIRECTORY_CREATE_OBJECT
 
-    CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
-                           4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,      SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,      SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, 0,                       SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
-                                                       CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,      SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    /* Check if LUID device maps are enabled */
+    Status = ZwQueryInformationProcess(NtCurrentProcess(),
+                                       ProcessLUIDDeviceMapsEnabled,
+                                       &LUIDMappingsEnabled,
+                                       sizeof(LUIDMappingsEnabled),
+                                       &ReturnLength);
+    ok(NT_SUCCESS(Status), "NtQueryInformationProcess failed: 0x%x\n", Status);
+
+    trace("LUID mappings are enabled: %d\n", LUIDMappingsEnabled);
+    if (LUIDMappingsEnabled != 0)
+    {
+        CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
+                               4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, 0,                       SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    }
+    else
+    {
+        CheckDirectorySecurityWithOwnerAndGroup(L"\\??", SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
+                               6, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid, READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
+                                  ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeWorldSid, GENERIC_EXECUTE,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeAliasAdminsSid,GENERIC_ALL,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeLocalSystemSid,GENERIC_ALL,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE,      SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    }
 
     CheckDirectorySecurity(L"\\",
                            4, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeWorldSid,       DIRECTORY_GENERIC_READ,