52 lines
1.7 KiB
C++
52 lines
1.7 KiB
C++
#include "gtest/gtest.h"
|
|
|
|
#include <stdio.h>
|
|
#include <windows.h>
|
|
#include <sddl.h>
|
|
|
|
#include "nsWindowsHelpers.h"
|
|
|
|
TEST(MaintenanceServiceTest, ServiceStartInteractiveOnly)
|
|
{
|
|
// First, make a restricted token that excludes the Interactive group.
|
|
SID_AND_ATTRIBUTES sid;
|
|
DWORD SIDSize = SECURITY_MAX_SID_SIZE;
|
|
sid.Sid = LocalAlloc(LMEM_FIXED, SIDSize);
|
|
// Automatically free the SID when we are done with it.
|
|
UniqueSidPtr uniqueSid(sid.Sid);
|
|
ASSERT_TRUE(sid.Sid);
|
|
|
|
BOOL success =
|
|
CreateWellKnownSid(WinInteractiveSid, nullptr, sid.Sid, &SIDSize);
|
|
ASSERT_TRUE(success);
|
|
|
|
HANDLE primaryToken;
|
|
success =
|
|
OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &primaryToken);
|
|
// Automatically close the token when we are done with it.
|
|
nsAutoHandle uniquePrimaryToken(primaryToken);
|
|
ASSERT_TRUE(success);
|
|
|
|
HANDLE restrictedToken;
|
|
success = CreateRestrictedToken(primaryToken, 0, 1, &sid, 0, nullptr, 0,
|
|
nullptr, &restrictedToken);
|
|
// Automatically close the token when we are done with it.
|
|
nsAutoHandle uniqueRestrictedToken(restrictedToken);
|
|
ASSERT_TRUE(success);
|
|
|
|
success = ImpersonateLoggedOnUser(restrictedToken);
|
|
ASSERT_TRUE(success);
|
|
|
|
SC_HANDLE scmHandle =
|
|
OpenSCManagerW(L"127.0.0.1", nullptr, SC_MANAGER_CONNECT);
|
|
// Automatically close the SCM when we are done with it.
|
|
nsAutoServiceHandle uniqueScmHandle(scmHandle);
|
|
ASSERT_TRUE(scmHandle);
|
|
|
|
SC_HANDLE serviceHandle =
|
|
OpenServiceW(scmHandle, L"MozillaMaintenance", SERVICE_START);
|
|
// Automatically close the SCM when we are done with it.
|
|
nsAutoServiceHandle uniqueServiceHandle(serviceHandle);
|
|
ASSERT_FALSE(serviceHandle);
|
|
ASSERT_EQ(GetLastError(), static_cast<DWORD>(ERROR_ACCESS_DENIED));
|
|
}
|