https://git.reactos.org/?p=reactos.git;a=commitdiff;h=f529033555bdfe7fb090e8f21f1191187b21706b

commit f529033555bdfe7fb090e8f21f1191187b21706b
Author:     Pierre Schweitzer <pie...@reactos.org>
AuthorDate: Thu Jun 20 08:53:27 2019 +0200
Commit:     Pierre Schweitzer <pie...@reactos.org>
CommitDate: Sun Jun 30 23:07:54 2019 +0200

    [KMTESTS:OB] Add support for LUID mappings being disabled in ObSecurity 
tests
    
    CORE-16114
---
 modules/rostests/kmtests/include/kmt_platform.h |  1 +
 modules/rostests/kmtests/ntos_ob/ObSecurity.c   | 52 ++++++++++++++++++++-----
 2 files changed, 44 insertions(+), 9 deletions(-)

diff --git a/modules/rostests/kmtests/include/kmt_platform.h 
b/modules/rostests/kmtests/include/kmt_platform.h
index 4895bf25a31..2cdc9b655c8 100644
--- a/modules/rostests/kmtests/include/kmt_platform.h
+++ b/modules/rostests/kmtests/include/kmt_platform.h
@@ -24,6 +24,7 @@
 #include <ndk/kefuncs.h>
 #include <ndk/mmfuncs.h>
 #include <ndk/obfuncs.h>
+#include <ndk/psfuncs.h>
 #include <ndk/sefuncs.h>
 #include <ntstrsafe.h>
 #if defined KMT_FILTER_DRIVER
diff --git a/modules/rostests/kmtests/ntos_ob/ObSecurity.c 
b/modules/rostests/kmtests/ntos_ob/ObSecurity.c
index 4ac9478074a..55f5a0fe4cb 100644
--- a/modules/rostests/kmtests/ntos_ob/ObSecurity.c
+++ b/modules/rostests/kmtests/ntos_ob/ObSecurity.c
@@ -124,18 +124,52 @@ CheckDirectorySecurity__(
 
 START_TEST(ObSecurity)
 {
+    NTSTATUS Status;
+    /* Assume yes, that's the default on W2K3 */
+    ULONG LUIDMappingsEnabled = 1, ReturnLength;
+
 #define DIRECTORY_GENERIC_READ      STANDARD_RIGHTS_READ | DIRECTORY_TRAVERSE 
| DIRECTORY_QUERY
 #define DIRECTORY_GENERIC_WRITE     STANDARD_RIGHTS_WRITE | 
DIRECTORY_CREATE_SUBDIRECTORY | DIRECTORY_CREATE_OBJECT
 
-    CheckDirectorySecurityWithOwnerAndGroup(L"\\??", 
SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
-                           4, ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,     
 SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,     
 SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, 0,                      
 SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
-                              ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
-                                                       CONTAINER_INHERIT_ACE |
-                                                       OBJECT_INHERIT_ACE,     
 SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    /* Check if LUID device maps are enabled */
+    Status = ZwQueryInformationProcess(NtCurrentProcess(),
+                                       ProcessLUIDDeviceMapsEnabled,
+                                       &LUIDMappingsEnabled,
+                                       sizeof(LUIDMappingsEnabled),
+                                       &ReturnLength);
+    ok(NT_SUCCESS(Status), "NtQueryInformationProcess failed: 0x%x\n", Status);
+
+    trace("LUID mappings are enabled: %d\n", LUIDMappingsEnabled);
+    if (LUIDMappingsEnabled != 0)
+    {
+        CheckDirectorySecurityWithOwnerAndGroup(L"\\??", 
SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
+                               4, ACCESS_ALLOWED_ACE_TYPE, 
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, 
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, 0,                  
     SeExports->SeAliasAdminsSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    }
+    else
+    {
+        CheckDirectorySecurityWithOwnerAndGroup(L"\\??", 
SeExports->SeAliasAdminsSid, NULL, // Group is "Domain Users"
+                               6, ACCESS_ALLOWED_ACE_TYPE, 0, 
SeExports->SeWorldSid, READ_CONTROL | DIRECTORY_TRAVERSE | DIRECTORY_QUERY,
+                                  ACCESS_ALLOWED_ACE_TYPE, 0, 
SeExports->SeLocalSystemSid, DIRECTORY_ALL_ACCESS,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeWorldSid, GENERIC_EXECUTE,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeAliasAdminsSid,GENERIC_ALL,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeLocalSystemSid,GENERIC_ALL,
+                                  ACCESS_ALLOWED_ACE_TYPE, INHERIT_ONLY_ACE |
+                                                           
CONTAINER_INHERIT_ACE |
+                                                           OBJECT_INHERIT_ACE, 
     SeExports->SeCreatorOwnerSid,GENERIC_ALL);
+    }
 
     CheckDirectorySecurity(L"\\",
                            4, ACCESS_ALLOWED_ACE_TYPE, 0, 
SeExports->SeWorldSid,       DIRECTORY_GENERIC_READ,

Reply via email to