From b194a334066124de20f74aa752c9af4b7540ff90 Mon Sep 17 00:00:00 2001 From: Bill Zissimopoulos Date: Fri, 21 Oct 2016 17:43:25 -0700 Subject: [PATCH] tst: winfsp-tests: backup/restore privilege testing --- tst/winfsp-tests/create-test.c | 251 +++++++++++++++++++++++++++++++- tst/winfsp-tests/winfsp-tests.c | 30 +++- 2 files changed, 279 insertions(+), 2 deletions(-) diff --git a/tst/winfsp-tests/create-test.c b/tst/winfsp-tests/create-test.c index 97163d08..b9e61666 100644 --- a/tst/winfsp-tests/create-test.c +++ b/tst/winfsp-tests/create-test.c @@ -399,7 +399,7 @@ void create_notraverse_dotest(ULONG Flags, PWSTR Prefix) Success = CreateDirectory(FilePath, &SecurityAttributes); ASSERT(Success); - Success = LookupPrivilegeValue(0, SE_CHANGE_NOTIFY_NAME, &Luid); + Success = LookupPrivilegeValueW(0, SE_CHANGE_NOTIFY_NAME, &Luid); ASSERT(Success); Success = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Token); ASSERT(Success); @@ -477,6 +477,253 @@ void create_notraverse_test(void) create_notraverse_dotest(MemfsNet, L"\\\\memfs\\share"); } +void create_backup_dotest(ULONG Flags, PWSTR Prefix) +{ + void *memfs = memfs_start(Flags); + + LUID Luid; + PRIVILEGE_SET RequiredPrivileges; + TOKEN_PRIVILEGES Privileges; + HANDLE Token; + BOOL Success; + + Success = LookupPrivilegeValueW(0, SE_BACKUP_NAME, &Luid); + ASSERT(Success); + Success = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token); + ASSERT(Success); + Privileges.PrivilegeCount = 1; + Privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + Privileges.Privileges[0].Luid = Luid; + Success = AdjustTokenPrivileges(Token, FALSE, &Privileges, 0, 0, 0); + ASSERT(Success); + + RequiredPrivileges.PrivilegeCount = 1; + RequiredPrivileges.Control = PRIVILEGE_SET_ALL_NECESSARY; + RequiredPrivileges.Privilege[0].Attributes = 0; + RequiredPrivileges.Privilege[0].Luid = Luid; + ASSERT(PrivilegeCheck(Token, &RequiredPrivileges, &Success)); + + if (Success) + { + FspDebugLog(__FUNCTION__ ": HasBackupPrivilege\n"); + + static PWSTR Sddl = L"D:P(A;;SD;;;WD)"; + PSECURITY_DESCRIPTOR SecurityDescriptor; + SECURITY_ATTRIBUTES SecurityAttributes = { 0 }; + HANDLE Handle; + WCHAR FilePath[MAX_PATH]; + + Success = ConvertStringSecurityDescriptorToSecurityDescriptorW(Sddl, SDDL_REVISION_1, &SecurityDescriptor, 0); + ASSERT(Success); + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + Success = CreateDirectoryW(FilePath, 0); + ASSERT(Success); + + SecurityAttributes.nLength = sizeof SecurityAttributes; + SecurityAttributes.lpSecurityDescriptor = SecurityDescriptor; + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1\\file0", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + &SecurityAttributes, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0); + ASSERT(INVALID_HANDLE_VALUE != Handle); + CloseHandle(Handle); + + Handle = CreateFileW(FilePath, + GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + Handle = CreateFileW(FilePath, + GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0); + ASSERT(INVALID_HANDLE_VALUE != Handle); + CloseHandle(Handle); + + Privileges.PrivilegeCount = 1; + Privileges.Privileges[0].Attributes = 0; + Privileges.Privileges[0].Luid = Luid; + Success = AdjustTokenPrivileges(Token, FALSE, &Privileges, 0, 0, 0); + ASSERT(Success); + + Handle = CreateFileW(FilePath, + GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, 0, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + Handle = CreateFileW(FilePath, + GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + Success = DeleteFileW(FilePath); + ASSERT(Success); + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + Success = RemoveDirectoryW(FilePath); + ASSERT(Success); + + LocalFree(SecurityDescriptor); + } + + CloseHandle(Token); + + memfs_stop(memfs); +} + +void create_backup_test(void) +{ + if (NtfsTests) + { + WCHAR DirBuf[MAX_PATH] = L"\\\\?\\"; + GetCurrentDirectoryW(MAX_PATH - 4, DirBuf + 4); + create_backup_dotest(-1, DirBuf); + } + if (WinFspDiskTests) + create_backup_dotest(MemfsDisk, 0); + if (WinFspNetTests) + create_backup_dotest(MemfsNet, L"\\\\memfs\\share"); +} + +void create_restore_dotest(ULONG Flags, PWSTR Prefix) +{ + void *memfs = memfs_start(Flags); + + LUID Luid; + PRIVILEGE_SET RequiredPrivileges; + TOKEN_PRIVILEGES Privileges; + HANDLE Token; + BOOL Success; + + Success = LookupPrivilegeValueW(0, SE_RESTORE_NAME, &Luid); + ASSERT(Success); + Success = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &Token); + ASSERT(Success); + Privileges.PrivilegeCount = 1; + Privileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; + Privileges.Privileges[0].Luid = Luid; + Success = AdjustTokenPrivileges(Token, FALSE, &Privileges, 0, 0, 0); + ASSERT(Success); + + RequiredPrivileges.PrivilegeCount = 1; + RequiredPrivileges.Control = PRIVILEGE_SET_ALL_NECESSARY; + RequiredPrivileges.Privilege[0].Attributes = 0; + RequiredPrivileges.Privilege[0].Luid = Luid; + ASSERT(PrivilegeCheck(Token, &RequiredPrivileges, &Success)); + + if (Success) + { + FspDebugLog(__FUNCTION__ ": HasRestorePrivilege\n"); + + static PWSTR Sddl = L"D:P(A;;SD;;;WD)"; + PSECURITY_DESCRIPTOR SecurityDescriptor; + SECURITY_ATTRIBUTES SecurityAttributes = { 0 }; + HANDLE DirHandle, Handle; + WCHAR FilePath[MAX_PATH]; + + Success = ConvertStringSecurityDescriptorToSecurityDescriptorW(Sddl, SDDL_REVISION_1, &SecurityDescriptor, 0); + ASSERT(Success); + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + SecurityAttributes.nLength = sizeof SecurityAttributes; + SecurityAttributes.lpSecurityDescriptor = SecurityDescriptor; + + Success = CreateDirectoryW(FilePath, &SecurityAttributes); + ASSERT(Success); + + DirHandle = CreateFileW(FilePath, + DELETE, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, + 0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_DELETE_ON_CLOSE, 0); + ASSERT(INVALID_HANDLE_VALUE != DirHandle); + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1\\file0", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + if (!OptNoTraverseToken) + { + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, 0); + ASSERT(INVALID_HANDLE_VALUE != Handle); + CloseHandle(Handle); + + Success = DeleteFileW(FilePath); + ASSERT(Success); + } + else + { + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + } + + Privileges.PrivilegeCount = 1; + Privileges.Privileges[0].Attributes = 0; + Privileges.Privileges[0].Luid = Luid; + Success = AdjustTokenPrivileges(Token, FALSE, &Privileges, 0, 0, 0); + ASSERT(Success); + + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + Handle = CreateFileW(FilePath, + GENERIC_READ | GENERIC_WRITE, FILE_SHARE_READ | FILE_SHARE_WRITE, + 0, CREATE_NEW, FILE_ATTRIBUTE_NORMAL | FILE_FLAG_BACKUP_SEMANTICS, 0); + ASSERT(INVALID_HANDLE_VALUE == Handle); + ASSERT(ERROR_ACCESS_DENIED == GetLastError()); + + CloseHandle(DirHandle); + + StringCbPrintfW(FilePath, sizeof FilePath, L"%s%s\\dir1", + Prefix ? L"" : L"\\\\?\\GLOBALROOT", Prefix ? Prefix : memfs_volumename(memfs)); + + DirHandle = CreateFileW(FilePath, + DELETE, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, + 0, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, 0); + ASSERT(INVALID_HANDLE_VALUE == DirHandle); + ASSERT(ERROR_FILE_NOT_FOUND == GetLastError()); + + LocalFree(SecurityDescriptor); + } + + CloseHandle(Token); + + memfs_stop(memfs); +} + +void create_restore_test(void) +{ + if (NtfsTests) + { + WCHAR DirBuf[MAX_PATH] = L"\\\\?\\"; + GetCurrentDirectoryW(MAX_PATH - 4, DirBuf + 4); + create_restore_dotest(-1, DirBuf); + } + if (WinFspDiskTests) + create_restore_dotest(MemfsDisk, 0); + if (WinFspNetTests) + create_restore_dotest(MemfsNet, L"\\\\memfs\\share"); +} + void create_share_dotest(ULONG Flags, PWSTR Prefix) { void *memfs = memfs_start(Flags); @@ -594,6 +841,8 @@ void create_tests(void) TEST(create_related_test); TEST(create_sd_test); TEST(create_notraverse_test); + TEST(create_backup_test); + TEST(create_restore_test); TEST(create_share_test); TEST(create_curdir_test); } diff --git a/tst/winfsp-tests/winfsp-tests.c b/tst/winfsp-tests/winfsp-tests.c index 89b8fe8a..cfaa0120 100644 --- a/tst/winfsp-tests/winfsp-tests.c +++ b/tst/winfsp-tests/winfsp-tests.c @@ -173,6 +173,32 @@ HANDLE HookCreateFileW( return h; } +static VOID DisableBackupRestorePrivileges(VOID) +{ + union + { + TOKEN_PRIVILEGES P; + UINT B[sizeof(TOKEN_PRIVILEGES) + sizeof(LUID_AND_ATTRIBUTES)]; + } Privileges; + HANDLE Token; + + Privileges.P.PrivilegeCount = 2; + Privileges.P.Privileges[0].Attributes = 0; + Privileges.P.Privileges[1].Attributes = 0; + + if (!LookupPrivilegeValueW(0, SE_BACKUP_NAME, &Privileges.P.Privileges[0].Luid) || + !LookupPrivilegeValueW(0, SE_RESTORE_NAME, &Privileges.P.Privileges[1].Luid)) + ABORT(); + + if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Token)) + ABORT(); + + if (!AdjustTokenPrivileges(Token, FALSE, &Privileges.P, 0, 0, 0)) + ABORT(); + + CloseHandle(Token); +} + #define rmarg(argv, argc, argi) \ argc--,\ memmove(argv + argi, argv + argi + 1, (argc - argi) * sizeof(char *)),\ @@ -230,7 +256,7 @@ int main(int argc, char *argv[]) } else if (0 == strcmp("--no-traverse", a)) { - if (LookupPrivilegeValue(0, SE_CHANGE_NOTIFY_NAME, &OptNoTraverseLuid) && + if (LookupPrivilegeValueW(0, SE_CHANGE_NOTIFY_NAME, &OptNoTraverseLuid) && OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &OptNoTraverseToken)) { rmarg(argv, argc, argi); @@ -239,6 +265,8 @@ int main(int argc, char *argv[]) } } + DisableBackupRestorePrivileges(); + myrandseed = (unsigned)time(0); tlib_run_tests(argc, argv);