chrome/installer/util/scoped_token_privilege_unittest.cc - Issue 2925383002: Move ScopedTokenPrivilege to chrome/installer/util

Side by Side Diff: chrome/installer/util/scoped_token_privilege_unittest.cc

Issue 2925383002: Move ScopedTokenPrivilege to chrome/installer/util (Closed)

Patch Set: Created 3 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

OLD	NEW
(Empty)
	1 // Copyright 2017 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "chrome/installer/util/scoped_token_privilege.h"

	6

	7 #include <shlobj.h>

	8 #include <memory>

	9

	10 #include "testing/gtest/include/gtest/gtest.h"

	11
	grt (UTC plus 2) 2017/06/09 08:35:28 wrap this whole file in "namespace installer {" wrap this whole file in "namespace installer {" alito 2017/06/09 17:20:50 Done. Show quoted text On 2017/06/09 08:35:28, grt (UTC plus 2) wrote: > wrap this whole file in "namespace installer {" Done.
	12 namespace {

	13

	14 // The privilege tested in ScopeTokenPrivilege tests below.

	15 // Use SE_RESTORE_NAME as it is one of the many privileges that is available,

	16 // but not enabled by default on processes running at high integrity.

	17 static const wchar_t kTestedPrivilege[] = SE_RESTORE_NAME;
	grt (UTC plus 2) 2017/06/09 08:35:28 no "static" in the unnamed namespace. please use " no "static" in the unnamed namespace. please use "constexpr wchar_t ...[] = ...;" instead. alito 2017/06/09 17:20:51 Done. Show quoted text On 2017/06/09 08:35:28, grt (UTC plus 2) wrote: > no "static" in the unnamed namespace. please use "constexpr wchar_t ...[] = > ...;" instead. Done.
	18

	19 // Returns true if the current process' token has privilege \|privilege_name\|

	20 // enabled.

	21 bool CurrentProcessHasPrivilege(const wchar_t* privilege_name) {

	22 HANDLE temp_handle;

	23 if (!::OpenProcessToken(::GetCurrentProcess(), TOKEN_QUERY, &temp_handle)) {

	24 ADD_FAILURE();

	25 return false;

	26 }

	27

	28 base::win::ScopedHandle token(temp_handle);

	29

	30 // First get the size of the buffer needed for \|privileges\| below.

	31 DWORD size;

	32 EXPECT_FALSE(

	33 ::GetTokenInformation(token.Get(), TokenPrivileges, NULL, 0, &size));

	34

	35 std::unique_ptr<BYTE[]> privileges_bytes(new BYTE[size]);

	36 TOKEN_PRIVILEGES* privileges =

	37 reinterpret_cast<TOKEN_PRIVILEGES*>(privileges_bytes.get());

	38

	39 if (!::GetTokenInformation(token.Get(), TokenPrivileges, privileges, size,

	40 &size)) {

	41 ADD_FAILURE();

	42 return false;

	43 }

	44

	45 // There is no point getting a buffer to store more than \|privilege_name\|\0 as

	46 // anything longer will obviously not be equal to \|privilege_name\|.

	47 const DWORD desired_size = static_cast<DWORD>(wcslen(privilege_name));

	48 const DWORD buffer_size = desired_size + 1;

	49 std::unique_ptr<wchar_t[]> name_buffer(new wchar_t[buffer_size]);

	50 for (int i = privileges->PrivilegeCount - 1; i >= 0; --i) {

	51 LUID_AND_ATTRIBUTES& luid_and_att = privileges->Privileges[i];

	52 DWORD size = buffer_size;

	53 ::LookupPrivilegeName(NULL, &luid_and_att.Luid, name_buffer.get(), &size);

	54 if (size == desired_size &&

	55 wcscmp(name_buffer.get(), privilege_name) == 0) {

	56 return luid_and_att.Attributes == SE_PRIVILEGE_ENABLED;

	57 }

	58 }

	59 return false;

	60 }

	61
	grt (UTC plus 2) 2017/06/09 08:35:28 nit: close the unnamed namespace here -- i prefer nit: close the unnamed namespace here -- i prefer having the tests themselves in either a named namespace or none at all. alito 2017/06/09 17:20:51 Done. Show quoted text On 2017/06/09 08:35:28, grt (UTC plus 2) wrote: > nit: close the unnamed namespace here -- i prefer having the tests themselves in > either a named namespace or none at all. Done.
	62 // Note: This test is only valid when run at high integrity (i.e. it will fail

	63 // at medium integrity).

	64 TEST(ScopedTokenPrivilegeTest, Basic) {

	65 ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));

	66

	67 if (!::IsUserAnAdmin()) {

	68 LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeBasic due to "

	69 "not running as admin.";

	70 return;

	71 }

	72

	73 {

	74 ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);

	75 ASSERT_TRUE(test_scoped_privilege.is_enabled());

	76 ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));

	77 }

	78

	79 ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));

	80 }

	81

	82 // Note: This test is only valid when run at high integrity (i.e. it will fail

	83 // at medium integrity).

	84 TEST(ScopedTokenPrivilegeTest, AlreadyEnabled) {

	85 ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));

	86

	87 if (!::IsUserAnAdmin()) {

	88 LOG(WARNING) << "Skipping SetupUtilTest.ScopedTokenPrivilegeAlreadyEnabled "

	89 "due to not running as admin.";

	90 return;

	91 }

	92

	93 {

	94 ScopedTokenPrivilege test_scoped_privilege(kTestedPrivilege);

	95 ASSERT_TRUE(test_scoped_privilege.is_enabled());

	96 ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));

	97 {

	98 ScopedTokenPrivilege dup_scoped_privilege(kTestedPrivilege);

	99 ASSERT_TRUE(dup_scoped_privilege.is_enabled());

	100 ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));

	101 }

	102 ASSERT_TRUE(CurrentProcessHasPrivilege(kTestedPrivilege));

	103 }

	104

	105 ASSERT_FALSE(CurrentProcessHasPrivilege(kTestedPrivilege));

	106 }

	107

	108 } // namespace

OLD	NEW

« chrome/installer/util/scoped_token_privilege.h ('K') | « chrome/installer/util/scoped_token_privilege.cc ('k') | no next file » | no next file with comments »