windows-nt/Source/XPSP1/NT/base/ntos/se/tseum.c
2020-09-26 16:20:57 +08:00

579 lines
13 KiB
C
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
tseum.c
Abstract:
Test program for the security system
Author:
Gary Kimura [GaryKi] 20-Nov-1989
Revision History:
v3: robertre
Updated ACL_REVISION
--*/
#include <stdio.h>
#include <string.h>
#include <nt.h>
#include <ntrtl.h>
#include "sep.h"
#include "ttoken.c"
VOID
RtlDumpAcl(
IN PACL Acl
);
main(
int argc,
char *argv[],
char *envp[]
)
{
HANDLE CurrentProcessHandle;
NTSTATUS Status;
ULONG i;
VOID SeMain();
CurrentProcessHandle = NtCurrentProcess();
Status = STATUS_SUCCESS;
DbgPrint( "Entering User Mode Test Program\n" );
DbgPrint( "argc: %ld\n", argc );
if (argv != NULL) {
for (i=0; i<argc; i++) {
DbgPrint( "argv[ %ld ]: %s\n", i, argv[ i ] );
}
}
if (envp != NULL) {
i = 0;
while (*envp) {
DbgPrint( "envp[ %02ld ]: %s\n", i++, *envp++ );
}
}
SeMain();
DbgPrint( "Exiting User Mode Test Program with Status = %lx\n", Status );
NtTerminateProcess( CurrentProcessHandle, Status );
}
VOID
SeMain(
)
{
BOOLEAN TestCreateAcl();
BOOLEAN TestQueryInformationAcl();
BOOLEAN TestSetInformationAcl();
BOOLEAN TestAddAce();
BOOLEAN TestDeleteAce();
BOOLEAN TestGetAce();
BOOLEAN TestAccessCheck();
BOOLEAN TestGenerateMessage();
DbgPrint("Starting User Mode Security Test\n");
if (!TestCreateAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestQueryInformationAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestSetInformationAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestAddAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestDeleteAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestGetAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestAccessCheck()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestGenerateMessage()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
DbgPrint("Ending User Mode Security Test\n");
return;
}
BOOLEAN
TestCreateAcl()
{
UCHAR Buffer[512];
PACL Acl;
NTSTATUS Status;
Acl = (PACL)Buffer;
//
// Create a good large acl
//
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
return FALSE;
}
//
// Create a good small acl
//
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL), 1))) {
DbgPrint("RtlCreateAcl Error small Acl : %8lx\n", Status);
return FALSE;
}
//
// Create a too small acl
//
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL) - 1, 1))) {
DbgPrint("RtlCreateAcl Error too small Acl : %8lx\n", Status);
return FALSE;
}
//
// Create a bad version acl
//
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 2))) {
DbgPrint("RtlCreateAcl Error bad version : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN
TestQueryInformationAcl()
{
UCHAR Buffer[512];
PACL Acl;
ACL_REVISION_INFORMATION AclRevisionInfo;
ACL_SIZE_INFORMATION AclSizeInfo;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
//
// Query the revision information
//
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
(PVOID)&AclRevisionInfo,
sizeof(ACL_REVISION_INFORMATION),
AclRevisionInformation))) {
DbgPrint("RtlQueryInformationAcl revision info error : %8lx\n", Status);
return FALSE;
}
if (AclRevisionInfo.AclRevision != ACL_REVISION) {
DbgPrint("RtlAclRevision Error\n");
return FALSE;
}
//
// Query size information
//
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
(PVOID)&AclSizeInfo,
sizeof(ACL_SIZE_INFORMATION),
AclSizeInformation))) {
DbgPrint("RtlQueryInformationAcl size info Error : %8lx\n", Status);
return FALSE;
}
if ((AclSizeInfo.AceCount != 6) ||
(AclSizeInfo.AclBytesInUse != (sizeof(ACL)+6*sizeof(STANDARD_ACE))) ||
(AclSizeInfo.AclBytesFree != 512 - AclSizeInfo.AclBytesInUse)) {
DbgPrint("RtlAclSize Error\n");
DbgPrint("AclSizeInfo.AceCount = %8lx\n", AclSizeInfo.AceCount);
DbgPrint("AclSizeInfo.AclBytesInUse = %8lx\n", AclSizeInfo.AclBytesInUse);
DbgPrint("AclSizeInfo.AclBytesFree = %8lx\n", AclSizeInfo.AclBytesFree);
return FALSE;
}
return TRUE;
}
BOOLEAN
TestSetInformationAcl()
{
UCHAR Buffer[512];
PACL Acl;
ACL_REVISION_INFORMATION AclRevisionInfo;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
//
// Set the revision information to the current revision level
//
AclRevisionInfo.AclRevision = ACL_REVISION;
if (!NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
(PVOID)&AclRevisionInfo,
sizeof(ACL_REVISION_INFORMATION),
AclRevisionInformation))) {
DbgPrint("RtlSetInformationAcl revision info error : %8lx\n", Status);
return FALSE;
}
//
// Set the revision information to something wrong
//
AclRevisionInfo.AclRevision = ACL_REVISION+1;
if (NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
(PVOID)&AclRevisionInfo,
sizeof(ACL_REVISION_INFORMATION),
AclRevisionInformation))) {
DbgPrint("RtlSetInformationAcl revision to wrong info error : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN
TestAddAce()
{
UCHAR AclBuffer[512];
PACL Acl;
STANDARD_ACE AceList[2];
NTSTATUS Status;
Acl = (PACL)AclBuffer;
//
// Create a good large acl
//
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
return FALSE;
}
//
// test add ace to add two aces to an empty acl
//
AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x22222222;
CopyGuid(&AceList[0].Guid, &FredGuid);
AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
AceList[1].Header.InheritFlags = 0;
AceList[1].Header.AceFlags = 0;
AceList[1].Mask = 0x44444444;
CopyGuid(&AceList[1].Guid, &WilmaGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
0,
AceList,
2*sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the beginning of an acl
//
AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x11111111;
CopyGuid(&AceList[0].Guid, &PebblesGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
0,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the middle of an acl
//
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x33333333;
CopyGuid(&AceList[0].Guid, &DinoGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
2,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test add ace to add one to the end of an acl
//
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x55555555;
CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl,
1,
MAXULONG,
AceList,
sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN
TestDeleteAce()
{
UCHAR Buffer[512];
PACL Acl;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
//
// test delete first ace
//
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 0))) {
DbgPrint("RtlDeleteAce first ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test delete middle ace
//
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 2))) {
DbgPrint("RtlDeleteAce middle ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// test delete last ace
//
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 3))) {
DbgPrint("RtlDeleteAce last ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN
TestGetAce()
{
UCHAR Buffer[512];
PACL Acl;
STANDARD_ACE Ace;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
//
// Get first ace
//
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 0, (PVOID)&Ace))) {
DbgPrint("RtlGetAce first ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// Get middle ace
//
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 3, (PVOID)&Ace))) {
DbgPrint("RtlGetAce middle ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
//
// Get last ace
//
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 5, (PVOID)&Ace))) {
DbgPrint("RtlGetAce last ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN
TestAccessCheck()
{
UCHAR AclBuffer[1024];
SECURITY_DESCRIPTOR SecurityDescriptor;
PACL Acl;
UCHAR TokenBuffer[512];
PACCESS_TOKEN Token;
NTSTATUS Status;
Acl = (PACL)AclBuffer;
BuildAcl( Fred, Acl, 1024 );
Token = (PACCESS_TOKEN)TokenBuffer;
BuildToken( Fred, Token );
DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
//
// Test should be successful based on aces
//
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
Token,
0x00000001,
NULL ))) {
DbgPrint("NtAccessCheck Error should allow access : %8lx\n", Status);
return FALSE;
}
//
// Test should be successful based on owner
//
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
Token,
READ_CONTROL,
&FredGuid ))) {
DbgPrint("NtAccessCheck Error should allow owner : %8lx\n", Status);
return FALSE;
}
//
// Test should be unsuccessful based on aces
//
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
Token,
0x0000000f,
&FredGuid ))) {
DbgPrint("NtAccessCheck Error shouldn't allow access : %8lx\n", Status);
return FALSE;
}
//
// Test should be unsuccessful based on non owner
//
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
Token,
READ_CONTROL,
&BarneyGuid ))) {
DbgPrint("NtAccessCheck Error shouldn't allow non owner access : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN
TestGenerateMessage()
{
return TRUE;
}