Google Git
Sign in
chromium / chromium / src / e6bde21a3a77de1ab90c80bcce4f95f27ddce6d0 / . / sandbox / win / src / sid_unittest.cc
blob: 35c1314139bac535b1a7776250fa13e3bc3d8a41 [file] [log] [blame]
// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file contains unit tests for the sid class.
#include "sandbox/win/src/sid.h"
#include <sddl.h>
#include "base/win/atl.h"
#include "base/win/windows_version.h"
#include "testing/gtest/include/gtest/gtest.h"
namespace sandbox {
namespace {
bool EqualSid(const Sid& sid, const ATL::CSid& compare_sid) {
if (!sid.IsValid())
return false;
return !!::EqualSid(sid.GetPSID(), const_cast<SID*>(compare_sid.GetPSID()));
}
bool EqualSid(const Sid& sid, const wchar_t* sddl_sid) {
PSID compare_sid;
if (!sid.IsValid())
return false;
if (!::ConvertStringSidToSid(sddl_sid, &compare_sid))
return false;
bool equal = !!::EqualSid(sid.GetPSID(), compare_sid);
::LocalFree(compare_sid);
return equal;
}
struct KnownCapabilityTestEntry {
WellKnownCapabilities capability;
const wchar_t* sddl_sid;
};
struct NamedCapabilityTestEntry {
const wchar_t* capability_name;
const wchar_t* sddl_sid;
};
} // namespace
// Tests the creation of a Sid.
TEST(SidTest, Constructors) {
ATL::CSid sid_world = ATL::Sids::World();
PSID sid_world_pointer = const_cast<SID*>(sid_world.GetPSID());
// Check the SID* constructor.
Sid sid_sid_star(sid_world_pointer);
ASSERT_TRUE(EqualSid(sid_sid_star, sid_world));
// Check the copy constructor.
Sid sid_copy(sid_sid_star);
ASSERT_TRUE(EqualSid(sid_copy, sid_world));
Sid sid_sddl = Sid::FromSddlString(L"S-1-1-0");
ASSERT_TRUE(sid_sddl.IsValid());
ASSERT_TRUE(EqualSid(sid_sddl, sid_world));
Sid sid_sddl_invalid = Sid::FromSddlString(L"X-1-1-0");
ASSERT_FALSE(sid_sddl_invalid.IsValid());
Sid sid_sddl_empty = Sid::FromSddlString(L"");
ASSERT_FALSE(sid_sddl_empty.IsValid());
// Note that the WELL_KNOWN_SID_TYPE constructor is tested in the GetPSID
// test. AppContainer related constructors are tested in AppContainer.
}
// Tests the method GetPSID
TEST(SidTest, GetPSID) {
// Check for non-null result;
ASSERT_NE(nullptr, Sid(::WinLocalSid).GetPSID());
ASSERT_NE(nullptr, Sid(::WinCreatorOwnerSid).GetPSID());
ASSERT_NE(nullptr, Sid(::WinBatchSid).GetPSID());
ASSERT_TRUE(EqualSid(Sid(::WinNullSid), ATL::Sids::Null()));
ASSERT_TRUE(EqualSid(Sid(::WinWorldSid), ATL::Sids::World()));
ASSERT_TRUE(EqualSid(Sid(::WinDialupSid), ATL::Sids::Dialup()));
ASSERT_TRUE(EqualSid(Sid(::WinNetworkSid), ATL::Sids::Network()));
ASSERT_TRUE(
EqualSid(Sid(::WinBuiltinAdministratorsSid), ATL::Sids::Admins()));
ASSERT_TRUE(EqualSid(Sid(::WinBuiltinUsersSid), ATL::Sids::Users()));
ASSERT_TRUE(EqualSid(Sid(::WinBuiltinGuestsSid), ATL::Sids::Guests()));
ASSERT_TRUE(EqualSid(Sid(::WinProxySid), ATL::Sids::Proxy()));
}
TEST(SidTest, KnownCapability) {
if (base::win::GetVersion() < base::win::VERSION_WIN8)
return;
Sid sid_invalid_well_known =
Sid::FromKnownCapability(kMaxWellKnownCapability);
EXPECT_FALSE(sid_invalid_well_known.IsValid());
const KnownCapabilityTestEntry capabilities[] = {
{kInternetClient, L"S-1-15-3-1"},
{kInternetClientServer, L"S-1-15-3-2"},
{kPrivateNetworkClientServer, L"S-1-15-3-3"},
{kPicturesLibrary, L"S-1-15-3-4"},
{kVideosLibrary, L"S-1-15-3-5"},
{kMusicLibrary, L"S-1-15-3-6"},
{kDocumentsLibrary, L"S-1-15-3-7"},
{kEnterpriseAuthentication, L"S-1-15-3-8"},
{kSharedUserCertificates, L"S-1-15-3-9"},
{kRemovableStorage, L"S-1-15-3-10"},
{kAppointments, L"S-1-15-3-11"},
{kContacts, L"S-1-15-3-12"},
};
for (auto capability : capabilities) {
EXPECT_TRUE(EqualSid(Sid::FromKnownCapability(capability.capability),
capability.sddl_sid))
<< "Known Capability: " << capability.sddl_sid;
}
}
TEST(SidTest, NamedCapability) {
if (base::win::GetVersion() < base::win::VERSION_WIN10)
return;
Sid sid_nullptr = Sid::FromNamedCapability(nullptr);
EXPECT_FALSE(sid_nullptr.IsValid());
Sid sid_empty = Sid::FromNamedCapability(L"");
EXPECT_FALSE(sid_empty.IsValid());
const NamedCapabilityTestEntry capabilities[] = {
{L"internetClient", L"S-1-15-3-1"},
{L"internetClientServer", L"S-1-15-3-2"},
{L"registryRead",
L"S-1-15-3-1024-1065365936-1281604716-3511738428-"
"1654721687-432734479-3232135806-4053264122-3456934681"},
{L"lpacCryptoServices",
L"S-1-15-3-1024-3203351429-2120443784-2872670797-"
"1918958302-2829055647-4275794519-765664414-2751773334"},
{L"enterpriseAuthentication", L"S-1-15-3-8"},
{L"privateNetworkClientServer", L"S-1-15-3-3"}};
for (auto capability : capabilities) {
EXPECT_TRUE(EqualSid(Sid::FromNamedCapability(capability.capability_name),
capability.sddl_sid))
<< "Named Capability: " << capability.sddl_sid;
}
}
TEST(SidTest, Sddl) {
Sid sid_sddl = Sid::FromSddlString(L"S-1-1-0");
ASSERT_TRUE(sid_sddl.IsValid());
base::string16 sddl_str;
ASSERT_TRUE(sid_sddl.ToSddlString(&sddl_str));
ASSERT_EQ(L"S-1-1-0", sddl_str);
}
TEST(SidTest, SubAuthorities) {
DWORD world_subauthorities[] = {0};
SID_IDENTIFIER_AUTHORITY world_authority = {SECURITY_WORLD_SID_AUTHORITY};
Sid sid_world =
Sid::FromSubAuthorities(&world_authority, 1, world_subauthorities);
ASSERT_TRUE(EqualSid(sid_world, ATL::Sids::World()));
ASSERT_TRUE(Sid::FromSubAuthorities(&world_authority, 0, nullptr).IsValid());
DWORD admin_subauthorities[] = {32, 544};
SID_IDENTIFIER_AUTHORITY nt_authority = {SECURITY_NT_AUTHORITY};
Sid sid_admin =
Sid::FromSubAuthorities(&nt_authority, 2, admin_subauthorities);
ASSERT_TRUE(EqualSid(sid_admin, ATL::Sids::Admins()));
}
} // namespace sandbox