Public/winfsp
1
0
Fork 0
mirror of https://github.com/winfsp/winfsp.git synced 2025-04-24 01:13:04 -05:00
Code Issues Packages Projects Releases Wiki Activity

winfsp-tests: security testing

Browse Source
This commit is contained in:
Bill Zissimopoulos 2016-02-19 17:11:48 -08:00
parent 9e057b4ea1
commit 34891de75e
1 changed files with 101 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
tst/winfsp-tests/security-test.c
View File

@ -55,7 +55,6 @@ void getsecurity_dotest(ULONG Flags, PWSTR Prefix, ULONG FileInfoTimeout)
Success = GetKernelObjectSecurity(Handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, Success = GetKernelObjectSecurity(Handle, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION,
FileSecurityDescriptor, Length, &Length); FileSecurityDescriptor, Length, &Length);
ASSERT(Success); ASSERT(Success);
FspDebugLogSD("%s\n", FileSecurityDescriptor);
Success = GetSecurityDescriptorOwner(FileSecurityDescriptor, &Owner, &OwnerDefaulted); Success = GetSecurityDescriptorOwner(FileSecurityDescriptor, &Owner, &OwnerDefaulted);
ASSERT(Success); ASSERT(Success);
ASSERT(0 != Owner); ASSERT(0 != Owner);
@ -78,7 +77,6 @@ FspDebugLogSD("%s\n", FileSecurityDescriptor);
Success = GetKernelObjectSecurity(Handle, DACL_SECURITY_INFORMATION, Success = GetKernelObjectSecurity(Handle, DACL_SECURITY_INFORMATION,
FileSecurityDescriptor, Length, &Length); FileSecurityDescriptor, Length, &Length);
ASSERT(Success); ASSERT(Success);
FspDebugLogSD("%s\n", FileSecurityDescriptor);
Success = GetSecurityDescriptorOwner(FileSecurityDescriptor, &Owner, &OwnerDefaulted); Success = GetSecurityDescriptorOwner(FileSecurityDescriptor, &Owner, &OwnerDefaulted);
ASSERT(Success); ASSERT(Success);
ASSERT(0 == Owner); ASSERT(0 == Owner);
@ -125,6 +123,107 @@ void setsecurity_dotest(ULONG Flags, PWSTR Prefix, ULONG FileInfoTimeout)
{ {
void *memfs = memfs_start_ex(Flags, FileInfoTimeout); void *memfs = memfs_start_ex(Flags, FileInfoTimeout);
static PWSTR Sddl = L"D:P(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;WD)";
static PWSTR Sddl2 = L"D:P(A;;GA;;;SY)(A;;GA;;;BA)";
PWSTR ConvertedSddl;
PSECURITY_DESCRIPTOR SecurityDescriptor, FileSecurityDescriptor, FileSecurityDescriptor2;
SECURITY_ATTRIBUTES SecurityAttributes = { 0 };
PSID Owner, Owner2, Group, Group2;
PACL Dacl, Dacl2, Sacl, Sacl2;
BOOL OwnerDefaulted, GroupDefaulted, DaclDefaulted, DaclPresent, SaclDefaulted, SaclPresent;
DWORD Length;
HANDLE Handle;
BOOLEAN Success;
WCHAR FilePath[MAX_PATH];
Success = ConvertStringSecurityDescriptorToSecurityDescriptorW(Sddl, SDDL_REVISION_1, &SecurityDescriptor, 0);
ASSERT(Success);
SecurityAttributes.nLength = sizeof SecurityAttributes;
SecurityAttributes.lpSecurityDescriptor = SecurityDescriptor;
StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\file0",
Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs));
Handle = CreateFileW(FilePath,
GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, &SecurityAttributes,
CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0);
ASSERT(INVALID_HANDLE_VALUE != Handle);
CloseHandle(Handle);
Handle = CreateFileW(FilePath,
GENERIC_READ | GENERIC_WRITE | WRITE_DAC, FILE_SHARE_READ | FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_DELETE_ON_CLOSE, 0);
ASSERT(INVALID_HANDLE_VALUE != Handle);
Success = GetKernelObjectSecurity(Handle,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
0, 0, &Length);
ASSERT(!Success);
ASSERT(ERROR_INSUFFICIENT_BUFFER == GetLastError());
FileSecurityDescriptor = malloc(Length);
Success = GetKernelObjectSecurity(Handle,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
FileSecurityDescriptor, Length, &Length);
ASSERT(Success);
Success = GetSecurityDescriptorOwner(FileSecurityDescriptor, &Owner, &OwnerDefaulted);
ASSERT(Success);
ASSERT(0 != Owner);
Success = GetSecurityDescriptorGroup(FileSecurityDescriptor, &Group, &GroupDefaulted);
ASSERT(Success);
ASSERT(0 != Group);
Success = GetSecurityDescriptorDacl(FileSecurityDescriptor, &DaclPresent, &Dacl, &DaclDefaulted);
ASSERT(Success);
ASSERT(DaclPresent);
ASSERT(0 != Dacl);
Success = GetSecurityDescriptorSacl(FileSecurityDescriptor, &SaclPresent, &Sacl, &SaclDefaulted);
ASSERT(Success);
ASSERT(!SaclPresent);
LocalFree(SecurityDescriptor);
Success = ConvertStringSecurityDescriptorToSecurityDescriptorW(Sddl2, SDDL_REVISION_1, &SecurityDescriptor, 0);
ASSERT(Success);
Success = SetKernelObjectSecurity(Handle, DACL_SECURITY_INFORMATION, SecurityDescriptor);
ASSERT(Success);
Success = GetKernelObjectSecurity(Handle,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
0, 0, &Length);
ASSERT(!Success);
ASSERT(ERROR_INSUFFICIENT_BUFFER == GetLastError());
FileSecurityDescriptor2 = malloc(Length);
Success = GetKernelObjectSecurity(Handle,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
FileSecurityDescriptor2, Length, &Length);
ASSERT(Success);
Success = GetSecurityDescriptorOwner(FileSecurityDescriptor2, &Owner2, &OwnerDefaulted);
ASSERT(Success);
ASSERT(0 != Owner2);
Success = GetSecurityDescriptorGroup(FileSecurityDescriptor2, &Group2, &GroupDefaulted);
ASSERT(Success);
ASSERT(0 != Group2);
Success = GetSecurityDescriptorDacl(FileSecurityDescriptor2, &DaclPresent, &Dacl2, &DaclDefaulted);
ASSERT(Success);
ASSERT(DaclPresent);
ASSERT(0 != Dacl2);
Success = GetSecurityDescriptorSacl(FileSecurityDescriptor2, &SaclPresent, &Sacl2, &SaclDefaulted);
ASSERT(Success);
ASSERT(!SaclPresent);
ASSERT(EqualSid(Owner, Owner2));
ASSERT(EqualSid(Group, Group2));
ASSERT(ConvertSecurityDescriptorToStringSecurityDescriptorW(FileSecurityDescriptor2, SDDL_REVISION_1,
DACL_SECURITY_INFORMATION, &ConvertedSddl, 0));
ASSERT(0 == wcscmp(L"D:P(A;;FA;;;SY)(A;;FA;;;BA)", ConvertedSddl));
LocalFree(ConvertedSddl);
free(FileSecurityDescriptor);
free(FileSecurityDescriptor2);
CloseHandle(Handle);
LocalFree(SecurityDescriptor);
memfs_stop(memfs); memfs_stop(memfs);
} }