From 38ab24c9047a589c21a99138b2e5dfc696ef9afd Mon Sep 17 00:00:00 2001 From: David Hall Date: Thu, 15 Aug 2019 15:36:12 -0700 Subject: [PATCH] Completed unit tests and updates to SID functions in SecurityBaseApi.h --- PInvoke/Security/AdvApi32/PSID.cs | 2 +- PInvoke/Security/AdvApi32/SecurityBaseApi.SID.cs | 125 ++++++++++- PInvoke/Security/AdvApi32/WinNT.cs | 32 ++- .../PInvoke/Security/AdvApi32/AdvApi32Tests.cs | 25 --- UnitTests/PInvoke/Security/AdvApi32/PSIDTests.cs | 228 +++++++++++++++------ UnitTests/PInvoke/Security/Authz/AuthzTests.cs | 2 +- 6 files changed, 310 insertions(+), 104 deletions(-) diff --git a/PInvoke/Security/AdvApi32/PSID.cs b/PInvoke/Security/AdvApi32/PSID.cs index d0cdd0e5..6674745d 100644 --- a/PInvoke/Security/AdvApi32/PSID.cs +++ b/PInvoke/Security/AdvApi32/PSID.cs @@ -26,7 +26,7 @@ namespace Vanara.PInvoke /// Initializes a new instance of the class. /// The size of memory to allocate, in bytes. - public SafePSID(int size) : base(size) + public SafePSID(SizeT size) : base(size) { } diff --git a/PInvoke/Security/AdvApi32/SecurityBaseApi.SID.cs b/PInvoke/Security/AdvApi32/SecurityBaseApi.SID.cs index b0810bd8..dc512dc8 100644 --- a/PInvoke/Security/AdvApi32/SecurityBaseApi.SID.cs +++ b/PInvoke/Security/AdvApi32/SecurityBaseApi.SID.cs @@ -210,9 +210,42 @@ namespace Vanara.PInvoke /// // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsididentifierauthority // PSID_IDENTIFIER_AUTHORITY GetSidIdentifierAuthority( PSID pSid ); - [DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)] + [DllImport(Lib.AdvApi32, SetLastError = true, EntryPoint = "GetSidIdentifierAuthority")] [PInvokeData("securitybaseapi.h", MSDNShortId = "67a06e7b-775f-424c-ab36-0fc9b93b801a")] - public static extern PSID_IDENTIFIER_AUTHORITY GetSidIdentifierAuthority(PSID pSid); + internal static extern IntPtr InternalGetSidIdentifierAuthority(PSID pSid); + + /// + /// + /// The GetSidIdentifierAuthority function returns a pointer to the SID_IDENTIFIER_AUTHORITY structure in a specified security + /// identifier (SID). + /// + /// + /// + /// A pointer to the SID structure for which a pointer to the SID_IDENTIFIER_AUTHORITY structure is returned. + /// + /// This function does not handle SID structures that are not valid. Call the IsValidSid function to verify that the SID + /// structure is valid before you call this function. + /// + /// + /// + /// + /// If the function succeeds, the return value is a pointer to the SID_IDENTIFIER_AUTHORITY structure for the specified SID structure. + /// + /// + /// If the function fails, the return value is undefined. The function fails if the SID structure pointed to by the pSid parameter is + /// not valid. To get extended error information, call GetLastError. + /// + /// + /// + /// + /// This function uses a 32-bit RID value. For applications that require a larger RID value, use CreateWellKnownSid and related functions. + /// + /// + // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsididentifierauthority + // PSID_IDENTIFIER_AUTHORITY GetSidIdentifierAuthority( PSID pSid ); + [PInvokeData("securitybaseapi.h", MSDNShortId = "67a06e7b-775f-424c-ab36-0fc9b93b801a")] + public static PSID_IDENTIFIER_AUTHORITY GetSidIdentifierAuthority(PSID pSid) => + new PSID_IDENTIFIER_AUTHORITY(InternalGetSidIdentifierAuthority(pSid)); /// /// @@ -256,9 +289,34 @@ namespace Vanara.PInvoke /// index value specified by the nSubAuthority parameter is out of bounds. /// /// - [DllImport(Lib.AdvApi32, ExactSpelling = true, SetLastError = true)] + [DllImport(Lib.AdvApi32, EntryPoint = "GetSidSubAuthority", SetLastError = true)] [PInvokeData("securitybaseapi.h", MSDNShortId = "aa446657")] - public static extern IntPtr GetSidSubAuthority(PSID pSid, uint nSubAuthority); + internal static extern IntPtr InternalGetSidSubAuthority(PSID pSid, uint nSubAuthority); + + /// + /// The GetSidSubAuthority function returns a pointer to a specified subauthority in a security identifier (SID). The subauthority + /// value is a relative identifier (RID). + /// + /// A pointer to the SID structure from which a pointer to a subauthority is to be returned. + /// + /// Specifies an index value identifying the subauthority array element whose address the function will return. The function performs + /// no validation tests on this value. An application can call the GetSidSubAuthorityCount function to discover the range of + /// acceptable values. + /// + /// + /// On success, the return value is the specified SID subauthority. + /// + /// If the function fails, an exception is thrown. The function fails if the specified SID structure is not valid or if the index + /// value specified by the nSubAuthority parameter is out of bounds. + /// + /// + [PInvokeData("securitybaseapi.h", MSDNShortId = "aa446657")] + public static uint GetSidSubAuthority(PSID pSid, uint nSubAuthority) + { + var ptr = InternalGetSidSubAuthority(pSid, nSubAuthority); + Win32Error.GetLastError().ThrowIfFailed(); + return unchecked((uint)Marshal.ReadInt32(ptr)); + } /// /// The GetSidSubAuthorityCount function returns a pointer to the member in a security identifier (SID) structure that @@ -284,9 +342,41 @@ namespace Vanara.PInvoke /// // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsidsubauthoritycount PUCHAR // GetSidSubAuthorityCount( PSID pSid ); - [DllImport(Lib.AdvApi32, SetLastError = true, ExactSpelling = true)] + [DllImport(Lib.AdvApi32, SetLastError = true, EntryPoint = "GetSidSubAuthorityCount")] [PInvokeData("securitybaseapi.h", MSDNShortId = "ca81fb91-f5a1-4dc6-83ec-eadb62a37805")] - public static extern IntPtr GetSidSubAuthorityCount(PSID pSid); + internal static extern IntPtr InternalGetSidSubAuthorityCount(PSID pSid); + + /// + /// The GetSidSubAuthorityCount function returns a pointer to the member in a security identifier (SID) structure that + /// contains the subauthority count. + /// + /// + /// A pointer to the SID structure from which a pointer to the subauthority count is returned. + /// + /// This function does not handle SID structures that are not valid. Call the IsValidSid function to verify that the SID + /// structure is valid before you call this function. + /// + /// + /// + /// If the function succeeds, the return value is the subauthority count for the specified SID structure. + /// + /// If the function fails, an exception is thrown. The function fails if the specified SID structure is not valid. To get + /// extended error information, call GetLastError. + /// + /// + /// + /// The SID structure specified in pSid uses a 32-bit value. For applications that require longer RID values, use CreateWellKnownSid + /// and related functions. + /// + // https://docs.microsoft.com/en-us/windows/desktop/api/securitybaseapi/nf-securitybaseapi-getsidsubauthoritycount PUCHAR + // GetSidSubAuthorityCount( PSID pSid ); + [PInvokeData("securitybaseapi.h", MSDNShortId = "ca81fb91-f5a1-4dc6-83ec-eadb62a37805")] + public static byte GetSidSubAuthorityCount(PSID pSid) + { + var ptr = InternalGetSidSubAuthorityCount(pSid); + Win32Error.GetLastError().ThrowIfFailed(); + return Marshal.ReadByte(ptr); + } /// /// The GetWindowsAccountDomainSid function receives a security identifier (SID) and returns a SID representing the domain of @@ -308,6 +398,29 @@ namespace Vanara.PInvoke [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetWindowsAccountDomainSid(PSID pSid, SafePSID pDomainSid, ref uint cbDomainSid); + /// + /// The GetWindowsAccountDomainSid function receives a security identifier (SID) and returns a SID representing the domain of + /// that SID. + /// + /// A pointer to the SID to examine. + /// An allocated safe pointer to a SID representing the domain. + /// + /// Returns if successful. + /// Otherwise, returns . For extended error information, call GetLastError. + /// + [PInvokeData("securitybaseapi.h", MSDNShortId = "ee2ba1b4-1bef-4d79-bb18-512705e2c378")] + public static bool GetWindowsAccountDomainSid(PSID pSid, out SafePSID pDomainSid) + { + uint sz = 0; + if (!GetWindowsAccountDomainSid(pSid, SafePSID.Null, ref sz) && sz == 0) + { + pDomainSid = SafePSID.Null; + return false; + } + pDomainSid = new SafePSID(sz); + return GetWindowsAccountDomainSid(pSid, pDomainSid, ref sz); + } + /// The InitializeSid function initializes a security identifier (SID). /// A pointer to a SID structure to be initialized. /// A pointer to a SID_IDENTIFIER_AUTHORITY structure to set in the SID structure. diff --git a/PInvoke/Security/AdvApi32/WinNT.cs b/PInvoke/Security/AdvApi32/WinNT.cs index d6eaa91e..2e68a8f7 100644 --- a/PInvoke/Security/AdvApi32/WinNT.cs +++ b/PInvoke/Security/AdvApi32/WinNT.cs @@ -4282,7 +4282,7 @@ namespace Vanara.PInvoke { /// An array of 6 bytes specifying a SID's top-level authority. [MarshalAs(UnmanagedType.ByValArray, SizeConst = 6)] - public byte[] Value; + public byte[] Value = new byte[6]; /// Initializes a new instance of the struct. /// The value. @@ -4291,7 +4291,6 @@ namespace Vanara.PInvoke { if (value == null || value.Length != 6) throw new ArgumentOutOfRangeException(nameof(value)); - Value = new byte[6]; Array.Copy(value, Value, 6); } @@ -4299,10 +4298,17 @@ namespace Vanara.PInvoke /// The value. public PSID_IDENTIFIER_AUTHORITY(long value) { - Value = new byte[6]; LongValue = value; } + internal PSID_IDENTIFIER_AUTHORITY(IntPtr existingPtr) + { + if (existingPtr == IntPtr.Zero) + Value = existingPtr.ToArray(6); + } + + private PSID_IDENTIFIER_AUTHORITY() { } + /// Gets or sets the long value. /// The long value. public long LongValue @@ -4311,10 +4317,7 @@ namespace Vanara.PInvoke { long nAuthority = 0; for (var i = 0; i <= 5; i++) - { - nAuthority <<= 8; - nAuthority |= Value[i]; - } + nAuthority |= (Value[i] << (8 * i)); return nAuthority; } set @@ -4334,6 +4337,21 @@ namespace Vanara.PInvoke /// The sia. /// The result of the conversion. public static implicit operator PSID_IDENTIFIER_AUTHORITY(SID_IDENTIFIER_AUTHORITY sia) => new PSID_IDENTIFIER_AUTHORITY(sia.Value); + + /// Implements the operator !=. + /// The first handle. + /// The second handle. + /// The result of the operator. + public static bool operator !=(PSID_IDENTIFIER_AUTHORITY h1, PSID_IDENTIFIER_AUTHORITY h2) => !(h1 == h2); + + /// Implements the operator ==. + /// The first handle. + /// The second handle. + /// The result of the operator. + public static bool operator ==(PSID_IDENTIFIER_AUTHORITY h1, PSID_IDENTIFIER_AUTHORITY h2) => h1.Equals(h2); + + /// + public override bool Equals(object obj) => obj is PSID_IDENTIFIER_AUTHORITY h ? h.LongValue == h.LongValue : false; } /// The TOKEN_PRIVILEGES structure contains information about a set of privileges for an access token. diff --git a/UnitTests/PInvoke/Security/AdvApi32/AdvApi32Tests.cs b/UnitTests/PInvoke/Security/AdvApi32/AdvApi32Tests.cs index 94806879..7301148f 100644 --- a/UnitTests/PInvoke/Security/AdvApi32/AdvApi32Tests.cs +++ b/UnitTests/PInvoke/Security/AdvApi32/AdvApi32Tests.cs @@ -44,31 +44,6 @@ namespace Vanara.PInvoke.Tests } } - [Test()] - public void AllocateAndInitializeSidTest() - { - var b = AllocateAndInitializeSid(KnownSIDAuthority.SECURITY_WORLD_SID_AUTHORITY, 1, KnownSIDRelativeID.SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, out var pSid); - Assert.That(b); - var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null); - var esid = new byte[everyone.BinaryLength]; - everyone.GetBinaryForm(esid, 0); - var peSid = new SafeByteArray(esid); - Assert.That(EqualSid(pSid, (IntPtr)peSid)); - ConvertStringSidToSid("S-1-2-0", out var lsid); - Assert.That(EqualSid(pSid, (IntPtr)lsid), Is.False); - string s = null; - Assert.That(IsValidSid(pSid), Is.True); - Assert.That(() => s = ConvertSidToStringSid(pSid), Throws.Nothing); - Assert.That(s, Is.EqualTo("S-1-1-0")); - var saptr = GetSidSubAuthority(pSid, 0); - Assert.That(Marshal.ReadInt32(saptr), Is.EqualTo(0)); - var len = GetLengthSid(pSid); - var p2 = new SafePSID(len); - b = CopySid(len, (IntPtr)p2, pSid); - Assert.That(EqualSid(p2, pSid)); - Assert.That(b); - } - [Test()] [PrincipalPermission(SecurityAction.Assert, Role = "Administrators")] public void ChangeAndQueryServiceConfigTest() diff --git a/UnitTests/PInvoke/Security/AdvApi32/PSIDTests.cs b/UnitTests/PInvoke/Security/AdvApi32/PSIDTests.cs index ec4bcc2a..a3e238b4 100644 --- a/UnitTests/PInvoke/Security/AdvApi32/PSIDTests.cs +++ b/UnitTests/PInvoke/Security/AdvApi32/PSIDTests.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using Vanara.Extensions; +using Vanara.InteropServices; using static Vanara.PInvoke.AdvApi32; namespace Vanara.PInvoke.Tests @@ -23,110 +24,209 @@ namespace Vanara.PInvoke.Tests [TestFixture()] public class PSIDTests { - public static SafePSID GetCurrentSid() => new SafePSID(WindowsIdentity.GetCurrent().User.GetBytes()); + [Test()] + public void AllocateAndInitializeSidTest() + { + var b = AllocateAndInitializeSid(KnownSIDAuthority.SECURITY_WORLD_SID_AUTHORITY, 1, KnownSIDRelativeID.SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, out var pSid); + Assert.That(b); + var everyone = new SecurityIdentifier(WellKnownSidType.WorldSid, null); + var esid = new byte[everyone.BinaryLength]; + everyone.GetBinaryForm(esid, 0); + var peSid = new SafeByteArray(esid); + Assert.That(EqualSid(pSid, (IntPtr)peSid)); + ConvertStringSidToSid("S-1-2-0", out var lsid); + Assert.That(EqualSid(pSid, (IntPtr)lsid), Is.False); + string s = null; + Assert.That(IsValidSid(pSid), Is.True); + Assert.That(() => s = ConvertSidToStringSid(pSid), Throws.Nothing); + Assert.That(s, Is.EqualTo("S-1-1-0")); + Assert.That(GetSidSubAuthority(pSid, 0), Is.EqualTo(0)); + var len = GetLengthSid(pSid); + var p2 = new SafePSID(len); + b = CopySid(len, (IntPtr)p2, pSid); + Assert.That(EqualSid(p2, pSid)); + Assert.That(b); + } [Test()] public void CloneTest() { - var sid = GetCurrentSid(); - var sid2 = sid.Clone(); - Assert.That(sid2.IsValidSid); - Assert.That(sid, Is.EqualTo(sid2)); + using (var sid = SafePSID.Current) + using (var sid2 = sid.Clone()) + { + Assert.That(sid2.IsValidSid); + Assert.That(sid, Is.EqualTo(sid2)); + } } [Test()] public void CopyTest() { - var sid = GetCurrentSid(); - Assert.That(!sid.IsInvalid); - Assert.That(sid.IsValidSid); - Assert.That(sid.ToString(), Does.StartWith("S-1-5")); + using (var sid = SafePSID.Current) + { + Assert.That(!sid.IsInvalid); + Assert.That(sid.IsValidSid); + Assert.That(sid.ToString(), Does.StartWith("S-1-5")); + } + } + + [Test] + public void EqualDomainSidTest() + { + Assert.That(EqualDomainSid(SafePSID.Current, SafePSID.Current, out var eq), ResultIs.Successful); + Assert.That(eq, Is.True); + } + + [Test] + public void EqualPrefixSidTest() + { + Assert.That(EqualPrefixSid(SafePSID.Current, SafePSID.Everyone), Is.False); } [Test] public void EqualsTest() { - var ssid = new SafePSID("S-1-1-0"); - var esid = SafePSID.Everyone; - var mesid = SafePSID.Current; - Assert.That(ssid == esid, Is.True); - Assert.That(ssid != mesid, Is.True); - Assert.That(ssid.Equals(null), Is.False); - Assert.That(ssid == null, Is.False); - Assert.That(ssid.Equals((PSID)esid), Is.True); - Assert.That(ssid.Equals((IntPtr)esid), Is.True); - Assert.That(ssid.Equals((object)esid), Is.True); - Assert.That(ssid.Equals((object)(PSID)esid), Is.True); - Assert.That(ssid.Equals((object)(IntPtr)esid), Is.True); - Assert.That(ssid.Equals((object)54), Is.False); + using (var ssid = new SafePSID("S-1-1-0")) + using (var esid = SafePSID.Everyone) + using (var mesid = SafePSID.Current) + { + Assert.That(ssid == esid, Is.True); + Assert.That(ssid != mesid, Is.True); + Assert.That(ssid.Equals(null), Is.False); + Assert.That(ssid == null, Is.False); + Assert.That(ssid.Equals((PSID)esid), Is.True); + Assert.That(ssid.Equals((IntPtr)esid), Is.True); + Assert.That(ssid.Equals((object)esid), Is.True); + Assert.That(ssid.Equals((object)(PSID)esid), Is.True); + Assert.That(ssid.Equals((object)(IntPtr)esid), Is.True); + Assert.That(ssid.Equals((object)54), Is.False); + } } [Test()] public void GetBinaryForm() { - var sid = new SafePSID("S-1-1-0"); - Assert.That(sid.GetBinaryForm(), Is.EquivalentTo(new SecurityIdentifier(WellKnownSidType.WorldSid, null).GetBytes())); + using (var sid = new SafePSID("S-1-1-0")) + Assert.That(sid.GetBinaryForm(), Is.EquivalentTo(new SecurityIdentifier(WellKnownSidType.WorldSid, null).GetBytes())); + } + + [Test] + public void GetSidIdentifierAuthorityTest() + { + Assert.That(GetSidIdentifierAuthority(SafePSID.Everyone), Is.EqualTo(KnownSIDAuthority.SECURITY_WORLD_SID_AUTHORITY)); + } + + [Test] + public void GetSidLengthRequiredTest() + { + Assert.That(GetSidLengthRequired(6), ResultIs.Not.Value(0)); + } + + [Test] + public void GetSidSubAuthorityTest() + { + Assert.That(GetSidSubAuthority(SafePSID.Everyone, 0), ResultIs.Value(0)); + } + + [Test] + public void GetSidSubAuthorityCountTest() + { + Assert.That(GetSidSubAuthorityCount(SafePSID.Everyone), ResultIs.Value(1)); + } + + [Test] + public void GetWindowsAccountDomainSidTest() + { + Assert.That(GetWindowsAccountDomainSid(SafePSID.Current, out var pDomSid), ResultIs.Successful); + Assert.That(pDomSid.IsValidSid); + } + + [Test] + public void InitializeSidTest() + { + using (var pSid = new SafePSID(32)) + Assert.That(InitializeSid(pSid, KnownSIDAuthority.SECURITY_LOCAL_SID_AUTHORITY, 2), ResultIs.Successful); + } + + [Test] + public void IsWellKnownSidTest() + { + Assert.That(IsWellKnownSid(SafePSID.Everyone, WELL_KNOWN_SID_TYPE.WinWorldSid), Is.True); } [Test()] public void InitTest() { - var sid = GetCurrentSid(); - var sidStr = sid.ToString(); - Assert.That(sidStr, Does.StartWith("S-1-5-")); - var ssid = sid.ToString().Substring(6).Split('-').Select(int.Parse).ToArray(); - var i = ssid[0]; - var dest = new int[ssid.Length - 1]; - Array.Copy(ssid, 1, dest, 0, ssid.Length - 1); - var sid2 = SafePSID.Init(KnownSIDAuthority.SECURITY_NT_AUTHORITY, i, dest); - Assert.That(sid2.IsValidSid); - Assert.That(sid, Is.EqualTo(sid2)); + using (var sid = SafePSID.Current) + { + var sidStr = sid.ToString(); + Assert.That(sidStr, Does.StartWith("S-1-5-")); + var ssid = sid.ToString().Substring(6).Split('-').Select(int.Parse).ToArray(); + var i = ssid[0]; + var dest = new int[ssid.Length - 1]; + Array.Copy(ssid, 1, dest, 0, ssid.Length - 1); + using (var sid2 = SafePSID.Init(KnownSIDAuthority.SECURITY_NT_AUTHORITY, i, dest)) + { + Assert.That(sid2.IsValidSid); + Assert.That(sid, Is.EqualTo(sid2)); + } + } } [Test()] public void PSIDTest() { - var sid = GetCurrentSid(); - Assert.That(!sid.IsInvalid); - Assert.That(sid.IsValidSid); - Assert.That(sid.ToString(), Does.StartWith("S-1-5")); + using (var sid = SafePSID.Current) + { + Assert.That(!sid.IsInvalid); + Assert.That(sid.IsValidSid); + Assert.That(sid.ToString(), Does.StartWith("S-1-5")); - var sid2 = new SafePSID(sid); - Assert.That(!sid2.IsInvalid); - Assert.That(sid2.ToString(), Is.EqualTo(sid.ToString())); + using (var sid2 = new SafePSID(sid)) + { + Assert.That(!sid2.IsInvalid); + Assert.That(sid2.ToString(), Is.EqualTo(sid.ToString())); - var sid3 = new SafePSID("S-1-1-0"); - var id2 = new SecurityIdentifier((IntPtr)sid3); - Assert.That(id2.IsWellKnown(WellKnownSidType.WorldSid)); + using (var sid3 = new SafePSID("S-1-1-0")) + { + var id2 = new SecurityIdentifier((IntPtr)sid3); + Assert.That(id2.IsWellKnown(WellKnownSidType.WorldSid)); - var sid4 = new SafePSID(100); - Assert.That(!sid4.IsClosed); - Assert.That(!sid4.IsValidSid); - Assert.That((int)sid4.Size, Is.EqualTo(100)); - sid4.Dispose(); - Assert.That(sid4.IsClosed); - Assert.That((int)sid4.Size, Is.EqualTo(0)); + using (var sid4 = new SafePSID(100)) + { + Assert.That(!sid4.IsClosed); + Assert.That(!sid4.IsValidSid); + Assert.That((int)sid4.Size, Is.EqualTo(100)); + sid4.Dispose(); + Assert.That(sid4.IsClosed); + Assert.That((int)sid4.Size, Is.EqualTo(0)); - Assert.That(sid.Equals("X"), Is.False); - Assert.That(sid.Equals(sid3), Is.False); + Assert.That(sid.Equals("X"), Is.False); + Assert.That(sid.Equals(sid3), Is.False); + } + } + } + } } [Test()] public void ToStringTest() { - var sid = SafePSID.Everyone; - const string sddl = "S-1-1-0"; - Assert.That(sid.ToString(), Is.EqualTo(sddl)); - Assert.That(sid.ToString(null), Is.EqualTo(sddl)); - Assert.That(sid.ToString(""), Is.EqualTo(sddl)); - Assert.That(sid.ToString("D"), Is.EqualTo(sddl)); - Assert.That(sid.ToString("B"), Is.EqualTo("01 01 00 00 00 00 00 01 00 00 00 00")); - Assert.That(sid.ToString("N"), Is.EqualTo("Everyone")); - Assert.That(sid.ToString("P"), Is.EqualTo("Everyone")); + using (var sid = SafePSID.Everyone) + { + const string sddl = "S-1-1-0"; + Assert.That(sid.ToString(), Is.EqualTo(sddl)); + Assert.That(sid.ToString(null), Is.EqualTo(sddl)); + Assert.That(sid.ToString(""), Is.EqualTo(sddl)); + Assert.That(sid.ToString("D"), Is.EqualTo(sddl)); + Assert.That(sid.ToString("B"), Is.EqualTo("01 01 00 00 00 00 00 01 00 00 00 00")); + Assert.That(sid.ToString("N"), Is.EqualTo("Everyone")); + Assert.That(sid.ToString("P"), Is.EqualTo("Everyone")); - Assert.That(SafePSID.Null.ToString(), Is.EqualTo("0")); + Assert.That(SafePSID.Null.ToString(), Is.EqualTo("0")); - Assert.That(new SafePSID(new byte[] { 12, 255 }).ToString(), Is.EqualTo("Invalid")); + Assert.That(new SafePSID(new byte[] { 12, 255 }).ToString(), Is.EqualTo("Invalid")); + } } [Test] diff --git a/UnitTests/PInvoke/Security/Authz/AuthzTests.cs b/UnitTests/PInvoke/Security/Authz/AuthzTests.cs index 65cc0f9a..2dc9fc53 100644 --- a/UnitTests/PInvoke/Security/Authz/AuthzTests.cs +++ b/UnitTests/PInvoke/Security/Authz/AuthzTests.cs @@ -46,7 +46,7 @@ namespace Vanara.PInvoke.Tests public static SafeAUTHZ_CLIENT_CONTEXT_HANDLE GetCurrentUserAuthContext(SafeAUTHZ_RESOURCE_MANAGER_HANDLE hResMgr) { - var b = AuthzInitializeContextFromSid(AuthzContextFlags.DEFAULT, PSIDTests.GetCurrentSid(), hResMgr, IntPtr.Zero, new LUID(), IntPtr.Zero, out var hCtx); + var b = AuthzInitializeContextFromSid(AuthzContextFlags.DEFAULT, SafePSID.Current, hResMgr, IntPtr.Zero, new LUID(), IntPtr.Zero, out var hCtx); if (!b) TestContext.WriteLine($"AuthzInitializeContextFromSid:{Win32Error.GetLastError()}"); Assert.That(b); Assert.That(!hCtx.IsInvalid);