Bug 1980886 p2 - Provide a forward_iterator for accessing the ACE_HEADERs in an ACL. r=yjuglaret,win-reviewers,gstoll

Differential Revision: https://phabricator.services.mozilla.com/D266682

Author: bobowen

testing/gtest/mozilla/MozHelpers.h

@@ -58,8 +58,26 @@ namespace mozilla::gtest {
           a;                                      \
         },                                        \
         b)
+
+// Wrap EXPECT_DEATH_* macros to also disable the crash reporter.
+#  define EXPECT_DEATH_WRAP(a, b)                 \
+    EXPECT_DEATH_IF_SUPPORTED(                    \
+        {                                         \
+          mozilla::gtest::DisableCrashReporter(); \
+          a;                                      \
+        },                                        \
+        b)
+#  define EXPECT_DEBUG_DEATH_WRAP(a, b)           \
+    EXPECT_DEBUG_DEATH(                           \
+        {                                         \
+          mozilla::gtest::DisableCrashReporter(); \
+          a;                                      \
+        },                                        \
+        b)
 #else
 #  define ASSERT_DEATH_WRAP(a, b)
+#  define EXPECT_DEATH_WRAP(a, b)
+#  define EXPECT_DEBUG_DEATH_WRAP(a, b)
 #endif
 
 void DisableCrashReporter();

widget/windows/WinHeaderOnlyUtils.h

@@ -21,6 +21,7 @@
 #include "mozilla/Attributes.h"
 #include "mozilla/DynamicallyLinkedFunctionPtr.h"
 #include "mozilla/Maybe.h"
+#include "mozilla/NotNull.h"
 #include "mozilla/ResultVariant.h"
 #include "mozilla/UniquePtr.h"
 #include "nsWindowsHelpers.h"
@@ -815,6 +816,109 @@ int MozPathGetDriveNumber(const T* aPath) {
   return ToDriveNumber(aPath);
 }
 
+/**
+ * Class to provide a forward_iterator for accessing the ACE_HEADERs in an ACL.
+ * ACE_HEADERs start after the ACL struct and know the size of their ACE.
+ */
+class AclAceRange {
+ public:
+  explicit AclAceRange(const NotNull<const ACL*> aAcl) : mAcl(aAcl) {}
+
+  class Iterator {
+   public:
+    using iterator_category = std::forward_iterator_tag;
+    using difference_type = WORD;
+    using value_type = const ACE_HEADER;
+    using pointer = value_type*;
+    using reference = value_type&;
+
+    // Constructs an end iterator.
+    Iterator() = default;
+
+    Iterator(const Iterator&) = default;
+    Iterator& operator=(const Iterator& aOther) = default;
+    Iterator(Iterator&&) = default;
+    Iterator& operator=(Iterator&& aOther) = default;
+
+    reference operator*() const {
+      MOZ_RELEASE_ASSERT(mAceCount,
+                         "Trying to dereference past end of AclAceRange");
+      return *CurrentAceHeader();
+    }
+    pointer operator->() const {
+      MOZ_RELEASE_ASSERT(mAceCount,
+                         "Trying to dereference past end of AclAceRange");
+      return CurrentAceHeader();
+    }
+
+    Iterator& operator++() {
+      MOZ_ASSERT(mAceCount, "Iterating past end of AclAceRange");
+      if (!mAceCount) {
+        return *this;
+      }
+
+      --mAceCount;
+      if (!mAceCount) {
+        return *this;
+      }
+
+      mCharCurrentAceHeader += CurrentAceHeader()->AceSize;
+      SetAtEndIfCurrentAcePastEndOfAcl();
+      return *this;
+    }
+
+    Iterator operator++(int) {
+      auto tmp = *this;
+      ++*this;
+      return tmp;
+    }
+
+    bool operator==(const Iterator& aOther) const {
+      return mAceCount == aOther.mAceCount;
+    }
+    bool operator!=(const Iterator& aOther) const { return !(*this == aOther); }
+
+   private:
+    friend class AclAceRange;
+
+    explicit Iterator(const NotNull<const ACL*> aAcl)
+        : mCharCurrentAceHeader(reinterpret_cast<const char*>(aAcl.get() + 1)),
+          mCharEndAcl(reinterpret_cast<const char*>(aAcl.get()) +
+                      aAcl->AclSize),
+          mAceCount(aAcl->AceCount) {
+      if (mAceCount > 0) {
+        SetAtEndIfCurrentAcePastEndOfAcl();
+      } else if (mAceCount < 0) {
+        SetAtEnd();
+      }
+    }
+
+    void SetAtEnd() { mAceCount = 0; }
+
+    void SetAtEndIfCurrentAcePastEndOfAcl() {
+      if (mCharCurrentAceHeader + sizeof(ACE_HEADER) > mCharEndAcl ||
+          mCharCurrentAceHeader + CurrentAceHeader()->AceSize > mCharEndAcl) {
+        SetAtEnd();
+      }
+    }
+
+    pointer CurrentAceHeader() const {
+      return reinterpret_cast<const ACE_HEADER*>(mCharCurrentAceHeader);
+    }
+
+    const char* mCharCurrentAceHeader = nullptr;
+    const char* mCharEndAcl = nullptr;
+    // An mAceCount of 0 means we are at the end.
+    int mAceCount = 0;
+  };
+
+  Iterator begin() { return Iterator(mAcl); }
+  Iterator end() { return Iterator(); }
+
+ private:
+  const NotNull<const ACL*> mAcl;
+};
+
 }  // namespace mozilla
 
 #endif  // mozilla_WinHeaderOnlyUtils_h

widget/windows/tests/gtest/TestAclAceRange.cpp

@@ -0,0 +1,249 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "WinHeaderOnlyUtils.h"
+
+#include <algorithm>
+
+#include "gtest/gtest.h"
+#include "mozilla/gtest/MozHelpers.h"
+
+using namespace mozilla;
+
+struct TestAcl {
+  ACL acl{ACL_REVISION, 0, sizeof(TestAcl), 3, 0};
+  ACCESS_ALLOWED_ACE ace1{
+      {ACCESS_ALLOWED_ACE_TYPE, OBJECT_INHERIT_ACE, sizeof(ACCESS_ALLOWED_ACE)},
+      GENERIC_READ,
+      0};
+  ACCESS_ALLOWED_OBJECT_ACE ace2{{ACCESS_ALLOWED_OBJECT_ACE_TYPE, INHERITED_ACE,
+                                  sizeof(ACCESS_ALLOWED_OBJECT_ACE)},
+                                 GENERIC_READ,
+                                 0};
+  ACCESS_DENIED_ACE ace3{
+      {ACCESS_DENIED_ACE_TYPE, INHERITED_ACE, sizeof(ACCESS_DENIED_ACE)},
+      GENERIC_READ,
+      0};
+  NotNull<ACL*> AsAclPtr() { return WrapNotNull(reinterpret_cast<ACL*>(this)); }
+};
+
+TEST(AclAceRange, SimpleCount)
+{
+  TestAcl testAcl;
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    Unused << aceHeader;
+    ++aceCount;
+  }
+
+  ASSERT_EQ(aceCount, 3);
+}
+
+TEST(AclAceRange, SameAsGetAce)
+{
+  TestAcl testAcl;
+  int aceIdx = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    VOID* pGetAceHeader = nullptr;
+    EXPECT_TRUE(::GetAce(testAcl.AsAclPtr(), aceIdx, &pGetAceHeader));
+    auto* getAceHeader = static_cast<ACE_HEADER*>(pGetAceHeader);
+    EXPECT_EQ(getAceHeader->AceType, aceHeader.AceType);
+    EXPECT_EQ(getAceHeader->AceFlags, aceHeader.AceFlags);
+    EXPECT_EQ(getAceHeader->AceSize, aceHeader.AceSize);
+    ++aceIdx;
+  }
+}
+
+TEST(AclAceRange, WithFlagCount)
+{
+  TestAcl testAcl;
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    if (aceHeader.AceFlags & INHERITED_ACE) {
+      ++aceCount;
+    }
+  }
+
+  ASSERT_EQ(aceCount, 2);
+}
+
+TEST(AclAceRange, AclSizeCheckedAsWellAsCount)
+{
+  TestAcl testAcl;
+  testAcl.acl.AclSize -= sizeof(ACCESS_DENIED_ACE);
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    if (aceHeader.AceFlags & INHERITED_ACE) {
+      ++aceCount;
+    }
+  }
+
+  ASSERT_EQ(aceCount, 1);
+}
+
+TEST(AclAceRange, ChecksAceHeaderSizeInAclSize)
+{
+  TestAcl testAcl;
+  testAcl.acl.AclSize -= 1;
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    if (aceHeader.AceFlags & INHERITED_ACE) {
+      ++aceCount;
+    }
+  }
+
+  ASSERT_EQ(aceCount, 1);
+}
+
+TEST(AclAceRange, AceCountOfZeroResultsInNoIterations)
+{
+  TestAcl testAcl;
+  testAcl.acl.AceCount = 0;
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    Unused << aceHeader;
+    ++aceCount;
+  }
+
+  ASSERT_EQ(aceCount, 0);
+}
+
+TEST(AclAceRange, AclSizeTooSmallForAnyAcesResultsInNoIterations)
+{
+  TestAcl testAcl;
+  testAcl.acl.AclSize = sizeof(ACCESS_ALLOWED_ACE) - 1;
+  int aceCount = 0;
+  for (const auto& aceHeader : AclAceRange(testAcl.AsAclPtr())) {
+    Unused << aceHeader;
+    ++aceCount;
+  }
+
+  ASSERT_EQ(aceCount, 0);
+}
+
+TEST(AclAceRange, weakly_incrementable)
+{
+  TestAcl testAcl;
+  AclAceRange aclAceRange(testAcl.AsAclPtr());
+  auto iter = aclAceRange.begin();
+
+  EXPECT_TRUE(std::addressof(++iter) == std::addressof(iter))
+      << "addressof pre-increment result should match iterator";
+
+  // pre and post increment advance iterator.
+  EXPECT_EQ(iter->AceType, testAcl.ace2.Header.AceType);
+  EXPECT_EQ(iter->AceFlags, testAcl.ace2.Header.AceFlags);
+  EXPECT_EQ(iter->AceSize, testAcl.ace2.Header.AceSize);
+  iter++;
+  EXPECT_EQ(iter->AceType, testAcl.ace3.Header.AceType);
+  EXPECT_EQ(iter->AceFlags, testAcl.ace3.Header.AceFlags);
+  EXPECT_EQ(iter->AceSize, testAcl.ace3.Header.AceSize);
+
+  // Moveable.
+  auto moveConstructedIter(std::move(iter));
+  EXPECT_EQ(moveConstructedIter->AceType, testAcl.ace3.Header.AceType);
+  EXPECT_EQ(moveConstructedIter->AceFlags, testAcl.ace3.Header.AceFlags);
+  EXPECT_EQ(moveConstructedIter->AceSize, testAcl.ace3.Header.AceSize);
+  auto moveAssignedIter = std::move(iter);
+  EXPECT_EQ(moveAssignedIter->AceType, testAcl.ace3.Header.AceType);
+  EXPECT_EQ(moveAssignedIter->AceFlags, testAcl.ace3.Header.AceFlags);
+  EXPECT_EQ(moveAssignedIter->AceSize, testAcl.ace3.Header.AceSize);
+}
+
+TEST(AclAceRange, incrementable)
+{
+  TestAcl testAcl;
+  AclAceRange aclAceRange1(testAcl.AsAclPtr());
+  AclAceRange aclAceRange2(testAcl.AsAclPtr());
+  auto it1 = aclAceRange1.begin();
+  auto it2 = aclAceRange2.begin();
+
+  // bool(a == b) implies bool(a++ == b)
+  EXPECT_TRUE(it1 == it2) << "begin iterators for same ACL should be equal";
+  EXPECT_TRUE(it1++ == it2);
+  EXPECT_FALSE(it1 == it2);
+  EXPECT_FALSE(it1++ == it2);
+
+  // bool(a == b) implies bool(((void)a++, a) == ++b)
+  it1 = aclAceRange1.begin();
+  EXPECT_TRUE(it1 == it2);
+  EXPECT_TRUE(((void)it1++, it1) == ++it2);
+  it1 = aclAceRange1.begin();
+  EXPECT_FALSE(it1 == it2);
+  EXPECT_FALSE(((void)it1++, it1) == ++it2);
+
+  // Copyable.
+  auto copyConstructedIter(it2);
+  EXPECT_EQ(copyConstructedIter->AceType, testAcl.ace3.Header.AceType);
+  EXPECT_EQ(copyConstructedIter->AceFlags, testAcl.ace3.Header.AceFlags);
+  EXPECT_EQ(copyConstructedIter->AceSize, testAcl.ace3.Header.AceSize);
+  auto copyAssignedIter = it2;
+  EXPECT_EQ(copyAssignedIter->AceType, testAcl.ace3.Header.AceType);
+  EXPECT_EQ(copyAssignedIter->AceFlags, testAcl.ace3.Header.AceFlags);
+  EXPECT_EQ(copyAssignedIter->AceSize, testAcl.ace3.Header.AceSize);
+
+  // Default constructable.
+  AclAceRange::Iterator defaultConstructed;
+  EXPECT_TRUE(defaultConstructed == aclAceRange1.end());
+}
+
+TEST(AclAceRange, AlgorithmCountIf)
+{
+  TestAcl testAcl;
+  AclAceRange aclAceRange(testAcl.AsAclPtr());
+  auto aceCount = std::count_if(
+      aclAceRange.begin(), aclAceRange.end(),
+      [](const auto& hdr) { return hdr.AceFlags & INHERITED_ACE; });
+
+  ASSERT_EQ(aceCount, 2);
+}
+
+TEST(AclAceRange, AlgorithmAnyOf)
+{
+  TestAcl testAcl;
+  AclAceRange aclAceRange(testAcl.AsAclPtr());
+  auto anyInherited =
+      std::any_of(aclAceRange.begin(), aclAceRange.end(),
+                  [](const auto& hdr) { return hdr.AceFlags & INHERITED_ACE; });
+
+  ASSERT_TRUE(anyInherited);
+}
+
+TEST(AclAceRange, DereferenceAtEndIsFatal)
+{
+#if DEBUG
+  const auto* msg =
+      "Assertion failure: mAceCount \\(Trying to dereference past end of "
+      "AclAceRange\\)";
+#else
+  const auto* msg = "";
+#endif
+
+  EXPECT_DEATH_WRAP(
+      {
+        TestAcl testAcl;
+        AclAceRange aclAceRange(testAcl.AsAclPtr());
+        auto aceItCurrent = aclAceRange.begin();
+        for (; aceItCurrent != aclAceRange.end(); ++aceItCurrent) {
+        }
+        *aceItCurrent;
+      },
+      msg);
+}
+
+TEST(AclAceRange, DebugAssertForIteratingPastEnd)
+{
+  EXPECT_DEBUG_DEATH_WRAP(
+      {
+        TestAcl testAcl;
+        AclAceRange aclAceRange(testAcl.AsAclPtr());
+        auto aceItCurrent = aclAceRange.begin();
+        for (; aceItCurrent != aclAceRange.end(); ++aceItCurrent) {
+        }
+        ++aceItCurrent;
+      },
+      "Assertion failure: mAceCount \\(Iterating past end of AclAceRange\\)");
+}