2022-09-06 19:14:07 -04:00
|
|
|
// Copyright 2016 The Crashpad Authors
|
2016-12-07 11:35:07 -08:00
|
|
|
//
|
|
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
// you may not use this file except in compliance with the License.
|
|
|
|
// You may obtain a copy of the License at
|
|
|
|
//
|
|
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
//
|
|
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
// See the License for the specific language governing permissions and
|
|
|
|
// limitations under the License.
|
|
|
|
|
|
|
|
#include "util/win/registration_protocol_win.h"
|
|
|
|
|
2019-12-10 08:51:20 -08:00
|
|
|
#include <aclapi.h>
|
2016-12-07 11:35:07 -08:00
|
|
|
#include <sddl.h>
|
|
|
|
#include <string.h>
|
2020-09-12 09:20:14 +02:00
|
|
|
#include <wchar.h>
|
2019-12-10 08:51:20 -08:00
|
|
|
#include <windows.h>
|
|
|
|
|
|
|
|
#include <vector>
|
2016-12-07 11:35:07 -08:00
|
|
|
|
2019-12-10 08:51:20 -08:00
|
|
|
#include "base/logging.h"
|
2020-06-18 15:35:28 +02:00
|
|
|
#include "base/notreached.h"
|
2016-12-07 11:35:07 -08:00
|
|
|
#include "gtest/gtest.h"
|
|
|
|
#include "test/errors.h"
|
2019-12-10 08:51:20 -08:00
|
|
|
#include "util/win/scoped_handle.h"
|
2016-12-07 11:35:07 -08:00
|
|
|
#include "util/win/scoped_local_alloc.h"
|
|
|
|
|
|
|
|
namespace crashpad {
|
|
|
|
namespace test {
|
|
|
|
namespace {
|
|
|
|
|
2020-09-12 09:20:14 +02:00
|
|
|
std::wstring GetStringFromSid(PSID sid) {
|
2019-12-10 08:51:20 -08:00
|
|
|
LPWSTR sid_str;
|
|
|
|
if (!ConvertSidToStringSid(sid, &sid_str)) {
|
|
|
|
PLOG(ERROR) << "ConvertSidToStringSid";
|
2020-09-12 09:20:14 +02:00
|
|
|
return std::wstring();
|
2019-12-10 08:51:20 -08:00
|
|
|
}
|
|
|
|
ScopedLocalAlloc sid_str_ptr(sid_str);
|
|
|
|
return sid_str;
|
|
|
|
}
|
|
|
|
|
2020-09-12 09:20:14 +02:00
|
|
|
std::wstring GetUserSidString() {
|
2019-12-10 08:51:20 -08:00
|
|
|
HANDLE token_handle;
|
|
|
|
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &token_handle)) {
|
|
|
|
PLOG(ERROR) << "OpenProcessToken";
|
2020-09-12 09:20:14 +02:00
|
|
|
return std::wstring();
|
2019-12-10 08:51:20 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
ScopedKernelHANDLE token(token_handle);
|
|
|
|
DWORD user_size = 0;
|
|
|
|
GetTokenInformation(token.get(), TokenUser, nullptr, 0, &user_size);
|
|
|
|
if (user_size == 0) {
|
|
|
|
PLOG(ERROR) << "GetTokenInformation Size";
|
2020-09-12 09:20:14 +02:00
|
|
|
return std::wstring();
|
2019-12-10 08:51:20 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
std::vector<char> user(user_size);
|
|
|
|
if (!GetTokenInformation(
|
|
|
|
token.get(), TokenUser, user.data(), user_size, &user_size)) {
|
|
|
|
PLOG(ERROR) << "GetTokenInformation";
|
2020-09-12 09:20:14 +02:00
|
|
|
return std::wstring();
|
2019-12-10 08:51:20 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
TOKEN_USER* user_ptr = reinterpret_cast<TOKEN_USER*>(user.data());
|
|
|
|
return GetStringFromSid(user_ptr->User.Sid);
|
|
|
|
}
|
|
|
|
|
|
|
|
void CheckAce(PACL acl,
|
|
|
|
DWORD index,
|
|
|
|
BYTE check_ace_type,
|
|
|
|
ACCESS_MASK check_mask,
|
2020-09-12 09:20:14 +02:00
|
|
|
const std::wstring& check_sid) {
|
2019-12-10 08:51:20 -08:00
|
|
|
ASSERT_FALSE(check_sid.empty());
|
|
|
|
void* ace_ptr;
|
|
|
|
ASSERT_TRUE(GetAce(acl, index, &ace_ptr));
|
|
|
|
|
|
|
|
ACE_HEADER* header = static_cast<ACE_HEADER*>(ace_ptr);
|
|
|
|
ASSERT_EQ(check_ace_type, header->AceType);
|
|
|
|
ASSERT_EQ(0, header->AceFlags);
|
|
|
|
|
|
|
|
PSID sid = nullptr;
|
|
|
|
ACCESS_MASK mask = 0;
|
|
|
|
switch (header->AceType) {
|
|
|
|
case ACCESS_ALLOWED_ACE_TYPE: {
|
|
|
|
ACCESS_ALLOWED_ACE* allowed_ace =
|
|
|
|
static_cast<ACCESS_ALLOWED_ACE*>(ace_ptr);
|
|
|
|
sid = &allowed_ace->SidStart;
|
|
|
|
mask = allowed_ace->Mask;
|
|
|
|
} break;
|
|
|
|
case SYSTEM_MANDATORY_LABEL_ACE_TYPE: {
|
|
|
|
SYSTEM_MANDATORY_LABEL_ACE* label_ace =
|
|
|
|
static_cast<SYSTEM_MANDATORY_LABEL_ACE*>(ace_ptr);
|
|
|
|
sid = &label_ace->SidStart;
|
|
|
|
mask = label_ace->Mask;
|
|
|
|
} break;
|
|
|
|
default:
|
2024-08-14 13:09:43 +10:00
|
|
|
NOTREACHED();
|
2019-12-10 08:51:20 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
ASSERT_EQ(check_mask, mask);
|
|
|
|
ASSERT_EQ(check_sid, GetStringFromSid(sid));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(SecurityDescriptor, NamedPipeDefault) {
|
|
|
|
const void* sec_desc = GetSecurityDescriptorForNamedPipeInstance(nullptr);
|
|
|
|
|
|
|
|
PACL acl;
|
|
|
|
BOOL acl_present;
|
|
|
|
BOOL acl_defaulted;
|
|
|
|
ASSERT_TRUE(GetSecurityDescriptorDacl(
|
|
|
|
const_cast<void*>(sec_desc), &acl_present, &acl, &acl_defaulted));
|
|
|
|
ASSERT_EQ(3, acl->AceCount);
|
|
|
|
CheckAce(acl, 0, ACCESS_ALLOWED_ACE_TYPE, GENERIC_ALL, GetUserSidString());
|
|
|
|
// Check SYSTEM user SID.
|
|
|
|
CheckAce(acl, 1, ACCESS_ALLOWED_ACE_TYPE, GENERIC_ALL, L"S-1-5-18");
|
|
|
|
// Check ALL APPLICATION PACKAGES group SID.
|
|
|
|
CheckAce(acl,
|
|
|
|
2,
|
|
|
|
ACCESS_ALLOWED_ACE_TYPE,
|
|
|
|
GENERIC_READ | GENERIC_WRITE,
|
|
|
|
L"S-1-15-2-1");
|
|
|
|
|
|
|
|
ASSERT_TRUE(GetSecurityDescriptorSacl(
|
|
|
|
const_cast<void*>(sec_desc), &acl_present, &acl, &acl_defaulted));
|
|
|
|
ASSERT_EQ(1, acl->AceCount);
|
|
|
|
CheckAce(acl, 0, SYSTEM_MANDATORY_LABEL_ACE_TYPE, 0, L"S-1-16-0");
|
|
|
|
}
|
|
|
|
|
2016-12-07 11:35:07 -08:00
|
|
|
TEST(SecurityDescriptor, MatchesAdvapi32) {
|
|
|
|
// This security descriptor is built manually in the connection code to avoid
|
|
|
|
// calling the advapi32 functions. Verify that it returns the same thing as
|
|
|
|
// ConvertStringSecurityDescriptorToSecurityDescriptor() would.
|
|
|
|
|
|
|
|
// Mandatory Label, no ACE flags, no ObjectType, integrity level
|
|
|
|
// untrusted.
|
2017-07-25 13:34:04 -04:00
|
|
|
static constexpr wchar_t kSddl[] = L"S:(ML;;;;;S-1-16-0)";
|
2016-12-07 11:35:07 -08:00
|
|
|
PSECURITY_DESCRIPTOR sec_desc;
|
|
|
|
ULONG sec_desc_len;
|
|
|
|
ASSERT_TRUE(ConvertStringSecurityDescriptorToSecurityDescriptor(
|
|
|
|
kSddl, SDDL_REVISION_1, &sec_desc, &sec_desc_len))
|
|
|
|
<< ErrorMessage("ConvertStringSecurityDescriptorToSecurityDescriptor");
|
|
|
|
ScopedLocalAlloc sec_desc_owner(sec_desc);
|
|
|
|
|
|
|
|
size_t created_len;
|
|
|
|
const void* const created =
|
2019-12-10 08:51:20 -08:00
|
|
|
GetFallbackSecurityDescriptorForNamedPipeInstance(&created_len);
|
test: Use (actual, [un]expected) in gtest {ASSERT,EXPECT}_{EQ,NE}
gtest used to require (expected, actual) ordering for arguments to
EXPECT_EQ and ASSERT_EQ, and in failed test assertions would identify
each side as “expected” or “actual.” Tests in Crashpad adhered to this
traditional ordering. After a gtest change in February 2016, it is now
agnostic with respect to the order of these arguments.
This change mechanically updates all uses of these macros to (actual,
expected) by reversing them. This provides consistency with our use of
the logging CHECK_EQ and DCHECK_EQ macros, and makes for better
readability by ordinary native speakers. The rough (but working!)
conversion tool is
https://chromium-review.googlesource.com/c/466727/1/rewrite_expectassert_eq.py,
and “git cl format” cleaned up its output.
EXPECT_NE and ASSERT_NE never had a preferred ordering. gtest never made
a judgment that one side or the other needed to provide an “unexpected”
value. Consequently, some code used (unexpected, actual) while other
code used (actual, unexpected). For consistency with the new EXPECT_EQ
and ASSERT_EQ usage, as well as consistency with CHECK_NE and DCHECK_NE,
this change also updates these use sites to (actual, unexpected) where
one side can be called “unexpected” as, for example, std::string::npos
can be. Unfortunately, this portion was a manual conversion.
References:
https://github.com/google/googletest/blob/master/googletest/docs/Primer.md#binary-comparison
https://github.com/google/googletest/commit/77d6b173380332b1c1bc540532641f410ec82d65
https://github.com/google/googletest/pull/713
Change-Id: I978fef7c94183b8b1ef63f12f5ab4d6693626be3
Reviewed-on: https://chromium-review.googlesource.com/466727
Reviewed-by: Scott Graham <scottmg@chromium.org>
2017-04-04 00:35:21 -04:00
|
|
|
ASSERT_EQ(created_len, sec_desc_len);
|
|
|
|
EXPECT_EQ(memcmp(sec_desc, created, sec_desc_len), 0);
|
2016-12-07 11:35:07 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace
|
|
|
|
} // namespace test
|
|
|
|
} // namespace crashpad
|