summaryrefslogtreecommitdiffstats
path: root/security/sandbox/chromium/sandbox/win/src/sid_unittest.cc
diff options
context:
space:
mode:
Diffstat (limited to 'security/sandbox/chromium/sandbox/win/src/sid_unittest.cc')
-rw-r--r--security/sandbox/chromium/sandbox/win/src/sid_unittest.cc182
1 files changed, 182 insertions, 0 deletions
diff --git a/security/sandbox/chromium/sandbox/win/src/sid_unittest.cc b/security/sandbox/chromium/sandbox/win/src/sid_unittest.cc
new file mode 100644
index 0000000000..81186cd0be
--- /dev/null
+++ b/security/sandbox/chromium/sandbox/win/src/sid_unittest.cc
@@ -0,0 +1,182 @@
+// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file contains unit tests for the sid class.
+
+#include "sandbox/win/src/sid.h"
+
+#include <sddl.h>
+
+#include "base/win/atl.h"
+#include "base/win/windows_version.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+namespace sandbox {
+
+namespace {
+
+bool EqualSid(const Sid& sid, const ATL::CSid& compare_sid) {
+ if (!sid.IsValid())
+ return false;
+ return !!::EqualSid(sid.GetPSID(), const_cast<SID*>(compare_sid.GetPSID()));
+}
+
+bool EqualSid(const Sid& sid, const wchar_t* sddl_sid) {
+ PSID compare_sid;
+ if (!sid.IsValid())
+ return false;
+ if (!::ConvertStringSidToSid(sddl_sid, &compare_sid))
+ return false;
+ bool equal = !!::EqualSid(sid.GetPSID(), compare_sid);
+ ::LocalFree(compare_sid);
+ return equal;
+}
+
+struct KnownCapabilityTestEntry {
+ WellKnownCapabilities capability;
+ const wchar_t* sddl_sid;
+};
+
+struct NamedCapabilityTestEntry {
+ const wchar_t* capability_name;
+ const wchar_t* sddl_sid;
+};
+
+} // namespace
+
+// Tests the creation of a Sid.
+TEST(SidTest, Constructors) {
+ ATL::CSid sid_world = ATL::Sids::World();
+ PSID sid_world_pointer = const_cast<SID*>(sid_world.GetPSID());
+
+ // Check the SID* constructor.
+ Sid sid_sid_star(sid_world_pointer);
+ ASSERT_TRUE(EqualSid(sid_sid_star, sid_world));
+
+ // Check the copy constructor.
+ Sid sid_copy(sid_sid_star);
+ ASSERT_TRUE(EqualSid(sid_copy, sid_world));
+
+ Sid sid_sddl = Sid::FromSddlString(L"S-1-1-0");
+ ASSERT_TRUE(sid_sddl.IsValid());
+ ASSERT_TRUE(EqualSid(sid_sddl, sid_world));
+
+ Sid sid_sddl_invalid = Sid::FromSddlString(L"X-1-1-0");
+ ASSERT_FALSE(sid_sddl_invalid.IsValid());
+
+ Sid sid_sddl_empty = Sid::FromSddlString(L"");
+ ASSERT_FALSE(sid_sddl_empty.IsValid());
+
+ // Note that the WELL_KNOWN_SID_TYPE constructor is tested in the GetPSID
+ // test. AppContainer related constructors are tested in AppContainer.
+}
+
+// Tests the method GetPSID
+TEST(SidTest, GetPSID) {
+ // Check for non-null result;
+ ASSERT_NE(nullptr, Sid(::WinLocalSid).GetPSID());
+ ASSERT_NE(nullptr, Sid(::WinCreatorOwnerSid).GetPSID());
+ ASSERT_NE(nullptr, Sid(::WinBatchSid).GetPSID());
+
+ ASSERT_TRUE(EqualSid(Sid(::WinNullSid), ATL::Sids::Null()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinWorldSid), ATL::Sids::World()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinDialupSid), ATL::Sids::Dialup()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinNetworkSid), ATL::Sids::Network()));
+
+ ASSERT_TRUE(
+ EqualSid(Sid(::WinBuiltinAdministratorsSid), ATL::Sids::Admins()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinBuiltinUsersSid), ATL::Sids::Users()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinBuiltinGuestsSid), ATL::Sids::Guests()));
+
+ ASSERT_TRUE(EqualSid(Sid(::WinProxySid), ATL::Sids::Proxy()));
+}
+
+TEST(SidTest, KnownCapability) {
+ if (base::win::GetVersion() < base::win::Version::WIN8)
+ return;
+
+ Sid sid_invalid_well_known =
+ Sid::FromKnownCapability(kMaxWellKnownCapability);
+ EXPECT_FALSE(sid_invalid_well_known.IsValid());
+
+ const KnownCapabilityTestEntry capabilities[] = {
+ {kInternetClient, L"S-1-15-3-1"},
+ {kInternetClientServer, L"S-1-15-3-2"},
+ {kPrivateNetworkClientServer, L"S-1-15-3-3"},
+ {kPicturesLibrary, L"S-1-15-3-4"},
+ {kVideosLibrary, L"S-1-15-3-5"},
+ {kMusicLibrary, L"S-1-15-3-6"},
+ {kDocumentsLibrary, L"S-1-15-3-7"},
+ {kEnterpriseAuthentication, L"S-1-15-3-8"},
+ {kSharedUserCertificates, L"S-1-15-3-9"},
+ {kRemovableStorage, L"S-1-15-3-10"},
+ {kAppointments, L"S-1-15-3-11"},
+ {kContacts, L"S-1-15-3-12"},
+ };
+
+ for (auto capability : capabilities) {
+ EXPECT_TRUE(EqualSid(Sid::FromKnownCapability(capability.capability),
+ capability.sddl_sid))
+ << "Known Capability: " << capability.sddl_sid;
+ }
+}
+
+TEST(SidTest, NamedCapability) {
+ if (base::win::GetVersion() < base::win::Version::WIN10)
+ return;
+
+ Sid sid_nullptr = Sid::FromNamedCapability(nullptr);
+ EXPECT_FALSE(sid_nullptr.IsValid());
+
+ Sid sid_empty = Sid::FromNamedCapability(L"");
+ EXPECT_FALSE(sid_empty.IsValid());
+
+ const NamedCapabilityTestEntry capabilities[] = {
+ {L"internetClient", L"S-1-15-3-1"},
+ {L"internetClientServer", L"S-1-15-3-2"},
+ {L"registryRead",
+ L"S-1-15-3-1024-1065365936-1281604716-3511738428-"
+ "1654721687-432734479-3232135806-4053264122-3456934681"},
+ {L"lpacCryptoServices",
+ L"S-1-15-3-1024-3203351429-2120443784-2872670797-"
+ "1918958302-2829055647-4275794519-765664414-2751773334"},
+ {L"enterpriseAuthentication", L"S-1-15-3-8"},
+ {L"privateNetworkClientServer", L"S-1-15-3-3"}};
+
+ for (auto capability : capabilities) {
+ EXPECT_TRUE(EqualSid(Sid::FromNamedCapability(capability.capability_name),
+ capability.sddl_sid))
+ << "Named Capability: " << capability.sddl_sid;
+ }
+}
+
+TEST(SidTest, Sddl) {
+ Sid sid_sddl = Sid::FromSddlString(L"S-1-1-0");
+ ASSERT_TRUE(sid_sddl.IsValid());
+ std::wstring sddl_str;
+ ASSERT_TRUE(sid_sddl.ToSddlString(&sddl_str));
+ ASSERT_EQ(L"S-1-1-0", sddl_str);
+}
+
+TEST(SidTest, SubAuthorities) {
+ DWORD world_subauthorities[] = {0};
+ SID_IDENTIFIER_AUTHORITY world_authority = {SECURITY_WORLD_SID_AUTHORITY};
+ Sid sid_world =
+ Sid::FromSubAuthorities(&world_authority, 1, world_subauthorities);
+ ASSERT_TRUE(EqualSid(sid_world, ATL::Sids::World()));
+ ASSERT_TRUE(Sid::FromSubAuthorities(&world_authority, 0, nullptr).IsValid());
+
+ DWORD admin_subauthorities[] = {32, 544};
+ SID_IDENTIFIER_AUTHORITY nt_authority = {SECURITY_NT_AUTHORITY};
+ Sid sid_admin =
+ Sid::FromSubAuthorities(&nt_authority, 2, admin_subauthorities);
+ ASSERT_TRUE(EqualSid(sid_admin, ATL::Sids::Admins()));
+}
+
+} // namespace sandbox
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-09 01:34:52 +0000