928 lines
29 KiB
C
928 lines
29 KiB
C
/*++
|
||
|
||
Copyright (c) 1989 Microsoft Corporation
|
||
|
||
Module Name:
|
||
|
||
ctseacc.c
|
||
|
||
Abstract:
|
||
|
||
Common security accessibility test routines.
|
||
|
||
These routines are used in both the kernel and user mode RTL tests.
|
||
|
||
This test assumes the security runtime library routines are
|
||
functioning correctly.
|
||
|
||
|
||
|
||
Author:
|
||
|
||
Jim Kelly (JimK) 23-Mar-1990
|
||
|
||
Environment:
|
||
|
||
Test of security.
|
||
|
||
Revision History:
|
||
|
||
v5: robertre
|
||
Updated ACL_REVISION
|
||
|
||
--*/
|
||
|
||
#include "tsecomm.c" // Mode dependent macros and routines.
|
||
|
||
|
||
|
||
////////////////////////////////////////////////////////////////
|
||
// //
|
||
// Module wide variables //
|
||
// //
|
||
////////////////////////////////////////////////////////////////
|
||
|
||
NTSTATUS Status;
|
||
STRING Event1Name, Process1Name;
|
||
UNICODE_STRING UnicodeEvent1Name, UnicodeProcess1Name;
|
||
|
||
OBJECT_ATTRIBUTES NullObjectAttributes;
|
||
|
||
HANDLE Event1;
|
||
OBJECT_ATTRIBUTES Event1ObjectAttributes;
|
||
PSECURITY_DESCRIPTOR Event1SecurityDescriptor;
|
||
PSID Event1Owner;
|
||
PSID Event1Group;
|
||
PACL Event1Dacl;
|
||
PACL Event1Sacl;
|
||
|
||
PACL TDacl;
|
||
BOOLEAN TDaclPresent;
|
||
BOOLEAN TDaclDefaulted;
|
||
|
||
PACL TSacl;
|
||
BOOLEAN TSaclPresent;
|
||
BOOLEAN TSaclDefaulted;
|
||
|
||
PSID TOwner;
|
||
BOOLEAN TOwnerDefaulted;
|
||
PSID TGroup;
|
||
BOOLEAN TGroupDefaulted;
|
||
|
||
|
||
HANDLE Process1;
|
||
OBJECT_ATTRIBUTES Process1ObjectAttributes;
|
||
|
||
|
||
|
||
|
||
////////////////////////////////////////////////////////////////
|
||
// //
|
||
// Initialization Routine //
|
||
// //
|
||
////////////////////////////////////////////////////////////////
|
||
|
||
BOOLEAN
|
||
TestSeInitialize()
|
||
{
|
||
|
||
Event1SecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
|
||
|
||
RtlInitString(&Event1Name, "\\SecurityTestEvent1");
|
||
Status = RtlAnsiStringToUnicodeString(
|
||
&UnicodeEvent1Name,
|
||
&Event1Name,
|
||
TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
|
||
RtlInitString(&Process1Name, "\\SecurityTestProcess1");
|
||
Status = RtlAnsiStringToUnicodeString(
|
||
&UnicodeProcess1Name,
|
||
&Process1Name,
|
||
TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
|
||
|
||
InitializeObjectAttributes(&NullObjectAttributes, NULL, 0, NULL, NULL);
|
||
|
||
//
|
||
// Build an ACL or two for use.
|
||
|
||
TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
|
||
TSacl = (PACL)TstAllocatePool( PagedPool, 256 );
|
||
|
||
TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION;
|
||
TDacl->Sbz1=TSacl->Sbz1=0;
|
||
TDacl->Sbz2=TSacl->Sbz2=0;
|
||
TDacl->AclSize=256;
|
||
TSacl->AclSize=8;
|
||
TDacl->AceCount=TSacl->AceCount=0;
|
||
|
||
return TRUE;
|
||
}
|
||
|
||
|
||
|
||
////////////////////////////////////////////////////////////////
|
||
// //
|
||
// Test routines //
|
||
// //
|
||
////////////////////////////////////////////////////////////////
|
||
|
||
BOOLEAN
|
||
TestSeUnnamedCreate()
|
||
//
|
||
// Test:
|
||
// No Security Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl Inheritence With Creator ID
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Empty Security Descriptor Explicitly Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Dacl Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Sacl Specified (W/Privilege)
|
||
// No Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Default Dacl Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Default Sacl Specified (W/Privilege)
|
||
// No Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Sacl Specified (W/O Privilege - should be rejected)
|
||
// Default Sacl Specified (W/O Privilege - should be rejected)
|
||
//
|
||
// Valid Owner Explicitly Specified
|
||
// Invalid Owner Explicitly Specified
|
||
//
|
||
// Explicit Group Specified
|
||
//
|
||
{
|
||
|
||
|
||
BOOLEAN CompletionStatus = TRUE;
|
||
|
||
InitializeObjectAttributes(&Event1ObjectAttributes, NULL, 0, NULL, NULL);
|
||
DbgPrint("Se: No Security Descriptor... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
DELETE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
if (NT_SUCCESS(Status)) {
|
||
DbgPrint("Succeeded.\n");
|
||
} else {
|
||
DbgPrint(" **** Failed ****\n");
|
||
CompletionStatus = FALSE;
|
||
}
|
||
ASSERT(NT_SUCCESS(Status));
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Dacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl Inheritence W/ Creator ID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl And Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
return CompletionStatus;
|
||
|
||
}
|
||
|
||
BOOLEAN
|
||
TestSeNamedCreate()
|
||
//
|
||
// Test:
|
||
// No Security Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl Inheritence With Creator ID
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Empty Security Descriptor Explicitly Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Dacl Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Sacl Specified (W/Privilege)
|
||
// No Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Default Dacl Specified
|
||
// No Inheritence
|
||
// Dacl Inheritence
|
||
// Sacl Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Default Sacl Specified (W/Privilege)
|
||
// No Inheritence
|
||
// Dacl & Sacl Inheritence
|
||
//
|
||
// Explicit Sacl Specified (W/O Privilege - should be rejected)
|
||
// Default Sacl Specified (W/O Privilege - should be rejected)
|
||
//
|
||
// Valid Owner Explicitly Specified
|
||
// Invalid Owner Explicitly Specified
|
||
//
|
||
// Explicit Group Specified
|
||
//
|
||
{
|
||
|
||
BOOLEAN CompletionStatus = TRUE;
|
||
|
||
|
||
InitializeObjectAttributes(
|
||
&Event1ObjectAttributes,
|
||
&UnicodeEvent1Name,
|
||
0,
|
||
NULL,
|
||
NULL);
|
||
|
||
DbgPrint("Se: No Security Specified... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
DELETE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
if (NT_SUCCESS(Status)) {
|
||
DbgPrint("Succeeded.\n");
|
||
} else {
|
||
DbgPrint(" **** Failed ****\n");
|
||
CompletionStatus = FALSE;
|
||
}
|
||
ASSERT(NT_SUCCESS(Status));
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Dacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl Inheritence With Creator ID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Empty Security Descriptor Explicitly Specified... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
|
||
RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
|
||
InitializeObjectAttributes(&Event1ObjectAttributes,
|
||
&UnicodeEvent1Name,
|
||
0,
|
||
NULL,
|
||
Event1SecurityDescriptor);
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
DELETE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
if (NT_SUCCESS(Status)) {
|
||
DbgPrint("Succeeded.\n");
|
||
} else {
|
||
DbgPrint(" **** Failed ****\n");
|
||
CompletionStatus = FALSE;
|
||
}
|
||
ASSERT(NT_SUCCESS(Status));
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
|
||
|
||
DbgPrint("Se: Dacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Explicit Dacl Specified... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
|
||
RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
|
||
RtlSetDaclSecurityDescriptor( Event1SecurityDescriptor, TRUE, TDacl, FALSE );
|
||
|
||
InitializeObjectAttributes(&Event1ObjectAttributes,
|
||
&UnicodeEvent1Name,
|
||
0,
|
||
NULL,
|
||
Event1SecurityDescriptor);
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
DELETE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
if (NT_SUCCESS(Status)) {
|
||
DbgPrint("Succeeded.\n");
|
||
} else {
|
||
DbgPrint(" **** Failed ****\n");
|
||
CompletionStatus = FALSE;
|
||
}
|
||
ASSERT(NT_SUCCESS(Status));
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Dacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Explicit Sacl Specified (W/Privilege)... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Default Dacl Specified... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Default Sacl (W/Privilege)... Test\n");
|
||
DbgPrint("Se: No Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Explicit Sacl (W/O Privilege)... Test\n");
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Default Sacl (W/O Privilege)... Test\n");
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Valid Owner Explicitly Specified... Test\n");
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Invalid Owner Explicitly Specified... Test\n");
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Explicit Group Specified... Test\n");
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
|
||
|
||
return CompletionStatus;
|
||
|
||
}
|
||
|
||
BOOLEAN
|
||
TestSeQuerySecurity()
|
||
//
|
||
// Test:
|
||
// No Security Descriptor
|
||
// Query Owner
|
||
// Query Group
|
||
// Query Dacl
|
||
// Query Sacl (Privileged)
|
||
// Query Sacl (Unprivileged - should be rejected)
|
||
//
|
||
// Empty Security Descriptor
|
||
// Query Owner
|
||
// Query Group
|
||
// Query Dacl
|
||
// Query Sacl (Privileged)
|
||
// Query Sacl (Unprivileged - should be rejected)
|
||
//
|
||
// Security Descriptor W/ Owner & Group
|
||
// Query Owner
|
||
// Query Group
|
||
// Query Dacl
|
||
// Query Sacl (Privileged)
|
||
// Query Sacl (Unprivileged - should be rejected)
|
||
//
|
||
// Full Security Descriptor
|
||
// Query Owner
|
||
// Query Group
|
||
// Query Dacl
|
||
// Query Sacl (Privileged)
|
||
// Query Sacl (Unprivileged - should be rejected)
|
||
//
|
||
{
|
||
|
||
BOOLEAN CompletionStatus = TRUE;
|
||
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
#if 0
|
||
DbgPrint("Se: No Security Descriptor... \n");
|
||
DbgPrint("Se: Query Owner... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Dacl... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Empty Security Descriptor... \n");
|
||
DbgPrint("Se: Query Owner... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Dacl... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Security Descriptor W/ Owner & Group... \n");
|
||
DbgPrint("Se: Query Owner... ");
|
||
DbgPrint(" Not Implemented. \n");
|
||
DbgPrint("Se: Query Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Dacl... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Full Security Descriptor...\n");
|
||
DbgPrint("Se: Query Owner... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Dacl... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
#endif //0
|
||
|
||
return CompletionStatus;
|
||
}
|
||
|
||
BOOLEAN
|
||
TestSeSetSecurity()
|
||
//
|
||
// Test:
|
||
// No Security Descriptor
|
||
// Set Valid Owner SID
|
||
// Set Invalid Owner SID
|
||
// Set Group
|
||
// Set Dacl (explicitly granted by dacl)
|
||
// Set Dacl (by virtue of ownership)
|
||
// Set Dacl (invalid attempt)
|
||
// Set Sacl (privileged)
|
||
// Set Sacl (unprivileged - should be rejected)
|
||
//
|
||
// Empty Security Descriptor
|
||
// Set Valid Owner SID
|
||
// Set Invalid Owner SID
|
||
// Set Group
|
||
// Set Dacl (explicitly granted by dacl)
|
||
// Set Dacl (by virtue of ownership)
|
||
// Set Dacl (invalid attempt)
|
||
// Set Sacl (privileged)
|
||
// Set Sacl (unprivileged - should be rejected)
|
||
//
|
||
// Security Descriptor W/ Owner & Group Only
|
||
// Set Valid Owner SID
|
||
// Set Invalid Owner SID
|
||
// Set Group
|
||
// Set Dacl (explicitly granted by dacl)
|
||
// Set Dacl (by virtue of ownership)
|
||
// Set Dacl (invalid attempt)
|
||
// Set Sacl (privileged)
|
||
// Set Sacl (unprivileged - should be rejected)
|
||
//
|
||
// Full Security Descriptor
|
||
// Set Valid Owner SID
|
||
// Set Invalid Owner SID
|
||
// Set Group
|
||
// Set Dacl (explicitly granted by dacl)
|
||
// Set Dacl (by virtue of ownership)
|
||
// Set Dacl (invalid attempt)
|
||
// Set Sacl (privileged)
|
||
// Set Sacl (unprivileged - should be rejected)
|
||
//
|
||
{
|
||
|
||
BOOLEAN CompletionStatus = TRUE;
|
||
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
#if 0
|
||
DbgPrint("Se: No Security Descriptor...\n");
|
||
DbgPrint("Se: Set Valid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Invalid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Empty Security Descriptor...\n");
|
||
DbgPrint("Se: Set Valid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Invalid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Security Descriptor W/ Owner & Group Only...\n");
|
||
DbgPrint("Se: Set Valid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Invalid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Full Security Descriptor...\n");
|
||
DbgPrint("Se: Set Valid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Invalid Owner SID... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Group... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (privileged)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
#endif //0
|
||
|
||
return CompletionStatus;
|
||
|
||
}
|
||
|
||
BOOLEAN
|
||
TestSeAccess()
|
||
//
|
||
// Test:
|
||
//
|
||
// Creation
|
||
// No Access Requested (should be rejected)
|
||
// Specific Access Requested
|
||
// - Attempted Granted
|
||
// - Attempt Ungranted
|
||
// Access System Security
|
||
//
|
||
// Open Existing
|
||
// No Access Requested (should be rejected)
|
||
// Specific Access Requested
|
||
// - Attempted Granted
|
||
// - Attempt Ungranted
|
||
// Access System Security
|
||
//
|
||
|
||
{
|
||
BOOLEAN CompletionStatus = TRUE;
|
||
|
||
DbgPrint(" ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
#if 0
|
||
|
||
DbgPrint("Se: Creation...\n");
|
||
DbgPrint("Se: No Access Requested (should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Specific Access Requested... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: - Attempted Granted... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: - Attempt Ungranted... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Access System Security... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
|
||
DbgPrint("Se: Open Existing...\n");
|
||
DbgPrint("Se: No Access Requested (should be rejected)... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Specific Access Requested... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: - Attempted Granted... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: - Attempt Ungranted... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
DbgPrint("Se: Access System Security... ");
|
||
DbgPrint(" Not Implemented.\n");
|
||
#endif //0
|
||
|
||
#if 0 //old code
|
||
// Without security descriptor
|
||
// Simple desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(!NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test1c... \n"); // Delete object
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Simple desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
(EVENT_MODIFY_STATE | STANDARD_DELETE),
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test2c... \n"); // Delete object
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Generic desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
GENERIC_EXECUTE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test3c... \n"); // Delete object
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Empty desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test4a... \n"); // Empty desired access
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
0,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(!NT_SUCCESS(Status));
|
||
|
||
|
||
RtlCreateSecurityDescriptor( Event1SecurityDescriptor,
|
||
SECURITY_DESCRIPTOR_REVISION);
|
||
InitializeObjectAttributes(&Event1ObjectAttributes,
|
||
NULL, 0, NULL,
|
||
Event1SecurityDescriptor);
|
||
DbgPrint("Se: Empty Security Descriptor... \n");
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Simple desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test1a... \n"); // Create unnamed object
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
STANDARD_DELETE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(!NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test1c... \n"); // Delete object
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Simple desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
(EVENT_MODIFY_STATE | STANDARD_DELETE),
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test2c... \n"); // Delete object
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Generic desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
GENERIC_EXECUTE,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
|
||
Status = NtSetEvent(
|
||
Event1,
|
||
NULL
|
||
);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
DbgPrint("Se: Test3c... \n"); // Delete object
|
||
Status = NtClose(Event1);
|
||
ASSERT(NT_SUCCESS(Status));
|
||
|
||
|
||
//
|
||
// Without security descriptor
|
||
// Empty desired access mask...
|
||
//
|
||
|
||
DbgPrint("Se: Test4a... \n"); // Empty desired access
|
||
Status = NtCreateEvent(
|
||
&Event1,
|
||
0,
|
||
&Event1ObjectAttributes,
|
||
NotificationEvent,
|
||
FALSE
|
||
);
|
||
ASSERT(!NT_SUCCESS(Status));
|
||
#endif // old code
|
||
|
||
return CompletionStatus;
|
||
}
|
||
|
||
BOOLEAN
|
||
TSeAcc()
|
||
{
|
||
BOOLEAN Result = TRUE;
|
||
|
||
DbgPrint("Se: Initialization... ");
|
||
TestSeInitialize();
|
||
DbgPrint("Succeeded.\n");
|
||
|
||
DbgPrint("Se: Unnamed Object Creation Test... Suite\n");
|
||
if (!TestSeUnnamedCreate()) {
|
||
Result = FALSE;
|
||
}
|
||
DbgPrint("Se: Named Object Creation Test... Suite\n");
|
||
if (!TestSeNamedCreate()) {
|
||
Result = FALSE;
|
||
}
|
||
DbgPrint("Se: Query Object Security Descriptor Test... Suite\n");
|
||
if (!TestSeQuerySecurity()) {
|
||
Result = FALSE;
|
||
}
|
||
DbgPrint("Se: Set Object Security Descriptor Test... Suite\n");
|
||
if (!TestSeSetSecurity()) {
|
||
Result = FALSE;
|
||
}
|
||
DbgPrint("Se: Access Test... Suite\n");
|
||
if (!TestSeAccess()) {
|
||
Result = FALSE;
|
||
}
|
||
|
||
DbgPrint("\n");
|
||
DbgPrint("\n");
|
||
DbgPrint(" ********************\n");
|
||
DbgPrint(" ** **\n");
|
||
|
||
if (Result = TRUE) {
|
||
DbgPrint(" ** Test Succeeded **\n");
|
||
} else {
|
||
DbgPrint(" ** Test Failed **\n");
|
||
}
|
||
|
||
DbgPrint(" ** **\n");
|
||
DbgPrint(" ********************\n");
|
||
DbgPrint("\n");
|
||
DbgPrint("\n");
|
||
|
||
return Result;
|
||
}
|
||
|