From 567c098f48f4af55b50b095662cc6477de1df160 Mon Sep 17 00:00:00 2001 From: Thomas Faber Date: Fri, 18 Sep 2015 11:06:11 +0000 Subject: [PATCH] [KMTESTS:CM] - Add a test for registry hive security descriptors svn path=/trunk/; revision=69265 --- rostests/kmtests/CMakeLists.txt | 1 + rostests/kmtests/kmtest_drv/testlist.c | 2 + rostests/kmtests/ntos_cm/CmSecurity.c | 260 +++++++++++++++++++++++++ 3 files changed, 263 insertions(+) create mode 100644 rostests/kmtests/ntos_cm/CmSecurity.c diff --git a/rostests/kmtests/CMakeLists.txt b/rostests/kmtests/CMakeLists.txt index b42390828a5..2093302a32f 100644 --- a/rostests/kmtests/CMakeLists.txt +++ b/rostests/kmtests/CMakeLists.txt @@ -35,6 +35,7 @@ list(APPEND KMTEST_DRV_SOURCE npfs/NpfsHelpers.c npfs/NpfsReadWrite.c npfs/NpfsVolumeInfo.c + ntos_cm/CmSecurity.c ntos_ex/ExCallback.c ntos_ex/ExDoubleList.c ntos_ex/ExFastMutex.c diff --git a/rostests/kmtests/kmtest_drv/testlist.c b/rostests/kmtests/kmtest_drv/testlist.c index 415df0e7185..b97b6591f52 100644 --- a/rostests/kmtests/kmtest_drv/testlist.c +++ b/rostests/kmtests/kmtest_drv/testlist.c @@ -7,6 +7,7 @@ #include +KMT_TESTFUNC Test_CmSecurity; KMT_TESTFUNC Test_Example; KMT_TESTFUNC Test_ExCallback; KMT_TESTFUNC Test_ExDoubleList; @@ -68,6 +69,7 @@ KMT_TESTFUNC Test_ZwMapViewOfSection; const KMT_TEST TestList[] = { + { "CmSecurity", Test_CmSecurity }, { "ExCallback", Test_ExCallback }, { "ExDoubleList", Test_ExDoubleList }, { "ExFastMutex", Test_ExFastMutex }, diff --git a/rostests/kmtests/ntos_cm/CmSecurity.c b/rostests/kmtests/ntos_cm/CmSecurity.c new file mode 100644 index 00000000000..a0c1f55ee7e --- /dev/null +++ b/rostests/kmtests/ntos_cm/CmSecurity.c @@ -0,0 +1,260 @@ +/* + * PROJECT: ReactOS kernel-mode tests + * LICENSE: LGPLv2+ - See COPYING.LIB in the top level directory + * PURPOSE: Kernel-Mode Test Suite NPFS security test + * PROGRAMMER: Thomas Faber + */ + +#include +#include "../ntos_se/se.h" + +#define CheckKeySecurity(name, AceCount, ...) CheckKeySecurity_(name, AceCount, __FILE__, __LINE__, ##__VA_ARGS__) +#define CheckKeySecurity_(name, AceCount, file, line, ...) CheckKeySecurity__(name, AceCount, file ":" KMT_STRINGIZE(line), ##__VA_ARGS__) +static +VOID +CheckKeySecurity__( + _In_ PCWSTR KeyName, + _In_ ULONG AceCount, + _In_ PCSTR FileAndLine, + ...) +{ + NTSTATUS Status; + UNICODE_STRING KeyNameString; + OBJECT_ATTRIBUTES ObjectAttributes; + HANDLE KeyHandle; + PSECURITY_DESCRIPTOR SecurityDescriptor; + ULONG SecurityDescriptorSize; + PSID Owner; + PSID Group; + PACL Dacl; + PACL Sacl; + BOOLEAN Present; + BOOLEAN Defaulted; + va_list Arguments; + + RtlInitUnicodeString(&KeyNameString, KeyName); + InitializeObjectAttributes(&ObjectAttributes, + &KeyNameString, + OBJ_KERNEL_HANDLE, + NULL, + NULL); + Status = ZwOpenKey(&KeyHandle, + READ_CONTROL | ACCESS_SYSTEM_SECURITY, + &ObjectAttributes); + ok_eq_hex(Status, STATUS_SUCCESS); + if (skip(NT_SUCCESS(Status), "No key (%ls)\n", KeyName)) + { + return; + } + + Status = ZwQuerySecurityObject(KeyHandle, + OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION, + NULL, + 0, + &SecurityDescriptorSize); + ok_eq_hex(Status, STATUS_BUFFER_TOO_SMALL); + if (skip(Status == STATUS_BUFFER_TOO_SMALL, "No security size (%ls)\n", KeyName)) + { + ObCloseHandle(KeyHandle, KernelMode); + return; + } + + SecurityDescriptor = ExAllocatePoolWithTag(PagedPool, + SecurityDescriptorSize, + 'dSmK'); + ok(SecurityDescriptor != NULL, "Failed to allocate %lu bytes\n", SecurityDescriptorSize); + if (skip(SecurityDescriptor != NULL, "No memory for descriptor (%ls)\n", KeyName)) + { + ObCloseHandle(KeyHandle, KernelMode); + return; + } + + Status = ZwQuerySecurityObject(KeyHandle, + OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION, + SecurityDescriptor, + SecurityDescriptorSize, + &SecurityDescriptorSize); + ok_eq_hex(Status, STATUS_SUCCESS); + if (NT_SUCCESS(Status)) + { + Owner = NULL; + Status = RtlGetOwnerSecurityDescriptor(SecurityDescriptor, + &Owner, + &Defaulted); + CheckSid(Owner, NO_SIZE, SeExports->SeAliasAdminsSid); + ok(Defaulted == FALSE, "Owner defaulted for %ls\n", KeyName); + + Group = NULL; + Status = RtlGetGroupSecurityDescriptor(SecurityDescriptor, + &Group, + &Defaulted); + CheckSid(Group, NO_SIZE, SeExports->SeLocalSystemSid); + ok(Defaulted == FALSE, "Group defaulted for %ls\n", KeyName); + + Dacl = NULL; + Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor, + &Present, + &Dacl, + &Defaulted); + ok_eq_hex(Status, STATUS_SUCCESS); + ok(Present == TRUE, "DACL not present for %ls\n", KeyName); + ok(Defaulted == FALSE, "DACL defaulted for %ls\n", KeyName); + va_start(Arguments, FileAndLine); + VCheckAcl__(Dacl, AceCount, FileAndLine, Arguments); + va_end(Arguments); + + Sacl = NULL; + Status = RtlGetSaclSecurityDescriptor(SecurityDescriptor, + &Present, + &Sacl, + &Defaulted); + ok_eq_hex(Status, STATUS_SUCCESS); + ok(Present == FALSE, "SACL present for %ls\n", KeyName); + ok(Defaulted == FALSE, "SACL defaulted for %ls\n", KeyName); + ok(Sacl == NULL, "Sacl is %p for %ls\n", Sacl, KeyName); + } + ExFreePoolWithTag(SecurityDescriptor, 'dSmK'); + ObCloseHandle(KeyHandle, KernelMode); +} + +START_TEST(CmSecurity) +{ + SID_IDENTIFIER_AUTHORITY NtSidAuthority = {SECURITY_NT_AUTHORITY}; + PSID TerminalServerSid; + + TerminalServerSid = ExAllocatePoolWithTag(PagedPool, + RtlLengthRequiredSid(1), + 'iSmK'); + if (TerminalServerSid != NULL) + { + RtlInitializeSid(TerminalServerSid, &NtSidAuthority, 1); + *RtlSubAuthoritySid(TerminalServerSid, 0) = SECURITY_TERMINAL_SERVER_RID; + } + CheckKeySecurity(L"\\REGISTRY", + 4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeWorldSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeRestrictedSid, KEY_READ); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE", + 4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeWorldSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeRestrictedSid, KEY_READ); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE\\HARDWARE", + 4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeWorldSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeRestrictedSid, KEY_READ); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SAM", + 4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeWorldSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeRestrictedSid, KEY_READ); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SECURITY", + 2, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, WRITE_DAC | READ_CONTROL); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SOFTWARE", + 12, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasPowerUsersSid, KEY_READ | KEY_WRITE | DELETE, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasPowerUsersSid, GENERIC_READ | GENERIC_WRITE | DELETE, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeCreatorOwnerSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, TerminalServerSid, KEY_READ | KEY_WRITE | DELETE, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, TerminalServerSid, GENERIC_READ | GENERIC_WRITE | DELETE); + + CheckKeySecurity(L"\\REGISTRY\\MACHINE\\SYSTEM", + 10, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasPowerUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasPowerUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeCreatorOwnerSid, GENERIC_ALL); + + CheckKeySecurity(L"\\REGISTRY\\USER", + 4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeWorldSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE, SeExports->SeRestrictedSid, KEY_READ); + + CheckKeySecurity(L"\\REGISTRY\\USER\\.DEFAULT", + 10, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasPowerUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasPowerUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeCreatorOwnerSid, GENERIC_ALL); + + CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-18", + 10, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasPowerUsersSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasPowerUsersSid, GENERIC_READ, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeAliasAdminsSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeLocalSystemSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE, SeExports->SeCreatorOwnerSid, GENERIC_ALL); + + CheckKeySecurity(L"\\REGISTRY\\USER\\S-1-5-20", + 8, ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeNetworkServiceSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeLocalSystemSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeAliasAdminsSid, KEY_ALL_ACCESS, + ACCESS_ALLOWED_ACE_TYPE, 0, SeExports->SeRestrictedSid, KEY_READ, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE | + OBJECT_INHERIT_ACE, SeExports->SeNetworkServiceSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE | + OBJECT_INHERIT_ACE, SeExports->SeLocalSystemSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE | + OBJECT_INHERIT_ACE, SeExports->SeAliasAdminsSid, GENERIC_ALL, + ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE | + CONTAINER_INHERIT_ACE | + OBJECT_INHERIT_ACE, SeExports->SeRestrictedSid, GENERIC_READ); + + if (TerminalServerSid != NULL) + { + ExFreePoolWithTag(TerminalServerSid, 'iSmK'); + } +} -- 2.17.1