| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file contains unit tests for the RestrictedToken. | 5 // This file contains unit tests for the RestrictedToken. |
| 6 | 6 |
| 7 #define _ATL_NO_EXCEPTIONS | 7 #define _ATL_NO_EXCEPTIONS |
| 8 #include <atlbase.h> | 8 #include <atlbase.h> |
| 9 #include <atlsecurity.h> | 9 #include <atlsecurity.h> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 274 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 285 ASSERT_TRUE(restricted_token.GetUser(&user_sid)); | 285 ASSERT_TRUE(restricted_token.GetUser(&user_sid)); |
| 286 | 286 |
| 287 for (unsigned int i = 0; i < sids.GetCount(); ++i) { | 287 for (unsigned int i = 0; i < sids.GetCount(); ++i) { |
| 288 if (user_sid == sids[i]) { | 288 if (user_sid == sids[i]) { |
| 289 ASSERT_EQ(SE_GROUP_USE_FOR_DENY_ONLY, | 289 ASSERT_EQ(SE_GROUP_USE_FOR_DENY_ONLY, |
| 290 attributes[i] & SE_GROUP_USE_FOR_DENY_ONLY); | 290 attributes[i] & SE_GROUP_USE_FOR_DENY_ONLY); |
| 291 } | 291 } |
| 292 } | 292 } |
| 293 } | 293 } |
| 294 | 294 |
| 295 // Tests test method AddOwnerSidForDenyOnly with a custom effective token. |
| 296 TEST(RestrictedTokenTest, DenyOwnerSidCustom) { |
| 297 // Get the current process token. |
| 298 HANDLE token_handle = INVALID_HANDLE_VALUE; |
| 299 ASSERT_TRUE(::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS, |
| 300 &token_handle)); |
| 301 |
| 302 ASSERT_NE(INVALID_HANDLE_VALUE, token_handle); |
| 303 |
| 304 ATL::CAccessToken access_token; |
| 305 access_token.Attach(token_handle); |
| 306 |
| 307 RestrictedToken token; |
| 308 ASSERT_EQ(ERROR_SUCCESS, token.Init(access_token.GetHandle())); |
| 309 ASSERT_EQ(ERROR_SUCCESS, token.AddUserSidForDenyOnly()); |
| 310 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); |
| 311 |
| 312 ATL::CAccessToken restricted_token; |
| 313 restricted_token.Attach(token_handle); |
| 314 |
| 315 ATL::CTokenGroups groups; |
| 316 ASSERT_TRUE(restricted_token.GetGroups(&groups)); |
| 317 |
| 318 ATL::CSid::CSidArray sids; |
| 319 ATL::CAtlArray<DWORD> attributes; |
| 320 groups.GetSidsAndAttributes(&sids, &attributes); |
| 321 |
| 322 ATL::CSid user_sid; |
| 323 ASSERT_TRUE(restricted_token.GetUser(&user_sid)); |
| 324 |
| 325 for (unsigned int i = 0; i < sids.GetCount(); ++i) { |
| 326 if (user_sid == sids[i]) { |
| 327 ASSERT_EQ(SE_GROUP_USE_FOR_DENY_ONLY, |
| 328 attributes[i] & SE_GROUP_USE_FOR_DENY_ONLY); |
| 329 } |
| 330 } |
| 331 } |
| 332 |
| 295 // Tests the method DeleteAllPrivileges. | 333 // Tests the method DeleteAllPrivileges. |
| 296 TEST(RestrictedTokenTest, DeleteAllPrivileges) { | 334 TEST(RestrictedTokenTest, DeleteAllPrivileges) { |
| 297 RestrictedToken token; | 335 RestrictedToken token; |
| 298 HANDLE token_handle = NULL; | 336 HANDLE token_handle = NULL; |
| 299 | 337 |
| 300 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); | 338 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); |
| 301 ASSERT_EQ(ERROR_SUCCESS, token.DeleteAllPrivileges(NULL)); | 339 ASSERT_EQ(ERROR_SUCCESS, token.DeleteAllPrivileges(NULL)); |
| 302 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); | 340 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); |
| 303 | 341 |
| 304 ATL::CAccessToken restricted_token; | 342 ATL::CAccessToken restricted_token; |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 426 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); | 464 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); |
| 427 | 465 |
| 428 ATL::CAccessToken restricted_token; | 466 ATL::CAccessToken restricted_token; |
| 429 restricted_token.Attach(token_handle); | 467 restricted_token.Attach(token_handle); |
| 430 ATL::CSid user; | 468 ATL::CSid user; |
| 431 restricted_token.GetUser(&user); | 469 restricted_token.GetUser(&user); |
| 432 | 470 |
| 433 CheckRestrictingSid(restricted_token, user, 1); | 471 CheckRestrictingSid(restricted_token, user, 1); |
| 434 } | 472 } |
| 435 | 473 |
| 474 // Tests the method AddRestrictingSidCurrentUser with a custom effective token. |
| 475 TEST(RestrictedTokenTest, AddRestrictingSidCurrentUserCustom) { |
| 476 // Get the current process token. |
| 477 HANDLE token_handle = INVALID_HANDLE_VALUE; |
| 478 ASSERT_TRUE(::OpenProcessToken(::GetCurrentProcess(), TOKEN_ALL_ACCESS, |
| 479 &token_handle)); |
| 480 |
| 481 ASSERT_NE(INVALID_HANDLE_VALUE, token_handle); |
| 482 |
| 483 ATL::CAccessToken access_token; |
| 484 access_token.Attach(token_handle); |
| 485 |
| 486 RestrictedToken token; |
| 487 ASSERT_EQ(ERROR_SUCCESS, token.Init(access_token.GetHandle())); |
| 488 ASSERT_EQ(ERROR_SUCCESS, token.AddRestrictingSidCurrentUser()); |
| 489 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); |
| 490 |
| 491 ATL::CAccessToken restricted_token; |
| 492 restricted_token.Attach(token_handle); |
| 493 ATL::CSid user; |
| 494 restricted_token.GetUser(&user); |
| 495 |
| 496 CheckRestrictingSid(restricted_token, user, 1); |
| 497 } |
| 498 |
| 436 // Tests the method AddRestrictingSidLogonSession. | 499 // Tests the method AddRestrictingSidLogonSession. |
| 437 TEST(RestrictedTokenTest, AddRestrictingSidLogonSession) { | 500 TEST(RestrictedTokenTest, AddRestrictingSidLogonSession) { |
| 438 RestrictedToken token; | 501 RestrictedToken token; |
| 439 HANDLE token_handle = NULL; | 502 HANDLE token_handle = NULL; |
| 440 | 503 |
| 441 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); | 504 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); |
| 442 ASSERT_EQ(ERROR_SUCCESS, token.AddRestrictingSidLogonSession()); | 505 ASSERT_EQ(ERROR_SUCCESS, token.AddRestrictingSidLogonSession()); |
| 443 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); | 506 ASSERT_EQ(ERROR_SUCCESS, token.GetRestrictedTokenHandle(&token_handle)); |
| 444 | 507 |
| 445 ATL::CAccessToken restricted_token; | 508 ATL::CAccessToken restricted_token; |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 521 TEST(RestrictedTokenTest, DoubleInit) { | 584 TEST(RestrictedTokenTest, DoubleInit) { |
| 522 RestrictedToken token; | 585 RestrictedToken token; |
| 523 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); | 586 ASSERT_EQ(ERROR_SUCCESS, token.Init(NULL)); |
| 524 | 587 |
| 525 ASSERT_EQ(ERROR_ALREADY_INITIALIZED, token.Init(NULL)); | 588 ASSERT_EQ(ERROR_ALREADY_INITIALIZED, token.Init(NULL)); |
| 526 } | 589 } |
| 527 | 590 |
| 528 #endif | 591 #endif |
| 529 | 592 |
| 530 } // namespace sandbox | 593 } // namespace sandbox |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10844003:
Fixing a couple of issues in sandbox::RestrictedToken: (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src