1 /*
2  * PROJECT:         ReactOS API tests
3  * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE:         Tests for the NtAdjustPrivilegesToken API
5  * COPYRIGHT:       Copyright 2021 George Bișoc <george.bisoc@reactos.org>
6  */
7 
8 #include "precomp.h"
9 
10 static
11 BOOL
12 IsPrivilegeEnabled(
13     _In_ HANDLE TokenHandle,
14     _In_ ULONG Privilege)
15 {
16     PRIVILEGE_SET PrivSet;
17     BOOL Result, Success;
18     LUID Priv;
19 
20     ConvertPrivLongToLuid(Privilege, &Priv);
21 
22     PrivSet.PrivilegeCount = 1;
23     PrivSet.Control = PRIVILEGE_SET_ALL_NECESSARY;
24     PrivSet.Privilege[0].Luid = Priv;
25     PrivSet.Privilege[0].Attributes = 0;
26 
27     Success = PrivilegeCheck(TokenHandle, &PrivSet, &Result);
28     if (!Success)
29     {
30         skip("Failed to check the privilege (error code: %lu)\n", GetLastError());
31         return FALSE;
32     }
33 
34     return Result;
35 }
36 
37 static
38 VOID
39 AdjustEnableDefaultPriv(VOID)
40 {
41     NTSTATUS Status;
42     HANDLE Token;
43     TOKEN_PRIVILEGES Priv;
44     BOOL Success, IsEnabled;
45     LUID PrivLuid;
46 
47     Success = OpenProcessToken(GetCurrentProcess(),
48                                TOKEN_READ | TOKEN_ADJUST_PRIVILEGES,
49                                &Token);
50     if (!Success)
51     {
52         skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
53         return;
54     }
55 
56     Success = LookupPrivilegeValueW(NULL, L"SeImpersonatePrivilege", &PrivLuid);
57     if (!Success)
58     {
59         skip("LookupPrivilegeValueW() has failed to locate the privilege value (error code: %lu)!\n", GetLastError());
60         return;
61     }
62 
63     Priv.PrivilegeCount = 1;
64     Priv.Privileges[0].Luid = PrivLuid;
65     Priv.Privileges[0].Attributes = 0;
66 
67     IsEnabled = IsPrivilegeEnabled(Token, SE_IMPERSONATE_PRIVILEGE);
68     trace("The privilege is %s!\n", IsEnabled ? "enabled" : "disabled");
69 
70     Status = NtAdjustPrivilegesToken(Token,
71                                      FALSE,
72                                      &Priv,
73                                      0,
74                                      NULL,
75                                      NULL);
76     ok_hex(Status, STATUS_SUCCESS);
77 
78     IsEnabled = IsPrivilegeEnabled(Token, SE_IMPERSONATE_PRIVILEGE);
79     trace("The privilege is %s!\n", IsEnabled ? "enabled" : "disabled");
80 
81     CloseHandle(Token);
82 }
83 
84 START_TEST(NtAdjustPrivilegesToken)
85 {
86     AdjustEnableDefaultPriv();
87 }
88