windows-nt/Source/XPSP1/NT/ds/security/authz/test/benchmark/main.cpp
2020-09-26 16:20:57 +08:00

270 lines
6.8 KiB
C++

#include "pch.h"
#pragma hdrstop
#include "ntaccess.h"
#include "azaccess.h"
#include "bmcommon.h"
#include "benchmrk.h"
EXTERN_C AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager;
EXTERN_C AUTHZ_RM_AUDIT_INFO_HANDLE hRmAuditInfo;
double az_time, nt_time;
EXTERN_C PAUTHZ_ACCESS_REPLY pReply, pReplyOT;
EXTERN_C AUTHZ_AUDIT_INFO_HANDLE hAuditInfo;
void DoBenchMarks( IN ULONG NumIter, IN DWORD Flags )
{
DWORD dwError=NO_ERROR;
//
// do NT access checks
//
dwError = InitNtAccessChecks();
if ( dwError != NO_ERROR )
{
goto Cleanup;
}
wprintf(L"NtAccessChecks : ");
fflush(stdout);
timer_start();
dwError = DoNtAccessChecks( NumIter, Flags );
if ( dwError != NO_ERROR )
{
goto Cleanup;
}
timer_stop();
nt_time = timer_time();
wprintf(L"%.2f sec\n", nt_time);
//
// do authz access checks
//
dwError = InitAuthzAccessChecks();
if ( dwError != NO_ERROR )
{
goto Cleanup;
}
wprintf(L"AzAccessChecks : ");
fflush(stdout);
timer_start();
dwError = AuthzDoAccessCheck( NumIter, Flags );
if ( dwError != NO_ERROR )
{
goto Cleanup;
}
timer_stop();
az_time = timer_time();
wprintf(L"%.2f sec\n", az_time);
wprintf(L"perf ratio : %2.2f \n", nt_time/az_time);
//
// make sure that both az and nt returned the same results
//
UINT len;
if ( Flags & BMF_UseObjTypeList )
{
len = ObjectTypeListLength;
for (UINT i=0; i < len; i++)
{
if ((pReplyOT->Error[i] != fNtAccessCheckResult[i]) ||
((pReplyOT->Error[i] == ERROR_SUCCESS) && (pReplyOT->GrantedAccessMask[i] != dwNtGrantedAccess[i])))
{
wprintf(L"AccessCheck mismatch @ %d\n", i);
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
pReplyOT->GrantedAccessMask[i],
pReplyOT->Error[i],
dwNtGrantedAccess[i],
fNtAccessCheckResult[i]);
}
}
}
else
{
if (
((pReply->Error[0] == ERROR_SUCCESS) && (0 == fNtAccessCheckResult[0])) ||
((pReply->Error[0] != ERROR_SUCCESS) && (1 == fNtAccessCheckResult[0])) ||
((pReply->Error[0] == ERROR_SUCCESS) && (pReply->GrantedAccessMask[0] != dwNtGrantedAccess[0]))
)
{
wprintf(L"AccessCheck mismatch\n");
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
pReply->GrantedAccessMask[0],
pReply->Error[0],
dwNtGrantedAccess[0],
fNtAccessCheckResult[0]);
}
}
//
// make sure that both az and nt returned the same results
//
if ( Flags & BMF_UseObjTypeList )
{
len = ObjectTypeListLength;
for (UINT i=0; i < len; i++)
{
if ((pReplyOT->Error[i] != fNtAccessCheckResult[i]) ||
((pReplyOT->Error[i] == ERROR_SUCCESS) && (pReplyOT->GrantedAccessMask[i] != dwNtGrantedAccess[i])))
{
wprintf(L"AccessCheck mismatch @ %d\n", i);
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
pReplyOT->GrantedAccessMask[i],
pReplyOT->Error[i],
dwNtGrantedAccess[i],
fNtAccessCheckResult[i]);
}
}
}
else
{
if (
((pReply->Error[0] == ERROR_SUCCESS) && (0 == fNtAccessCheckResult[0])) ||
((pReply->Error[0] != ERROR_SUCCESS) && (1 == fNtAccessCheckResult[0])) ||
((pReply->Error[0] == ERROR_SUCCESS) && (pReply->GrantedAccessMask[0] != dwNtGrantedAccess[0]))
)
{
wprintf(L"AccessCheck mismatch\n");
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
pReply->GrantedAccessMask[0],
pReply->Error[0],
dwNtGrantedAccess[0],
fNtAccessCheckResult[0]);
}
}
return;
Cleanup:
wprintf(L"DoBenchMarks failed: %lx\n", dwError);
}
#define OTO_OT 1
#define OTO_SO 2
#define OTO_OTSO 3
PWCHAR szUsage = L"Usage: azbm iter-count ot-option access-mask sd-index audit-flag";
extern "C" int __cdecl wmain(int argc, PWSTR argv[])
{
NTSTATUS Status;
ULONG NumChecks = 10000;
BOOLEAN WasEnabled;
ULONG OtOptions;
ACCESS_MASK DesiredAccess;
ULONG SdIndex;
DWORD fGenAudit;
if ( argc != 6 )
{
wprintf(szUsage);
exit(-1);
}
if (1 != swscanf(argv[1], L"%d", &NumChecks))
{
wprintf(L"Bad iteration-count");
exit(-1);
}
if (1 != swscanf(argv[2], L"%d", &OtOptions))
{
wprintf(L"Bad ot-option");
exit(-1);
}
if (1 != swscanf(argv[3], L"%x", &DesiredAccess))
{
wprintf(L"Bad access-mask");
exit(-1);
}
g_DesiredAccess = DesiredAccess;
if (1 != swscanf(argv[4], L"%d", &SdIndex))
{
wprintf(L"Bad sd-index");
exit(-1);
}
g_szSd = g_aszSd[SdIndex];
if (1 != swscanf(argv[5], L"%d", &fGenAudit))
{
wprintf(L"Bad audit-flag");
exit(-1);
}
Status = RtlAdjustPrivilege(
SE_AUDIT_PRIVILEGE,
TRUE, // enable
FALSE, // do it on the thread token
&WasEnabled
);
if (!NT_SUCCESS(Status))
{
wprintf(L"RtlAdjustPrivilege: %lx\n", Status);
}
if ( fGenAudit )
{
if ( OtOptions & OTO_SO )
{
wprintf(L"regular access checks with audit\n");
wprintf(L"---------------------\n");
DoBenchMarks( NumChecks, BMF_GenerateAudit );
}
if ( OtOptions & OTO_OT )
{
wprintf(L"\n\naccess checks with obj-type list with audit\n");
wprintf(L"--------------------------------\n");
DoBenchMarks( NumChecks, BMF_UseObjTypeList | BMF_GenerateAudit );
}
}
else
{
if ( OtOptions & OTO_SO )
{
wprintf(L"regular access checks\n");
wprintf(L"---------------------\n");
DoBenchMarks( NumChecks, 0 );
}
if ( OtOptions & OTO_OT )
{
wprintf(L"\n\naccess checks with obj-type list\n");
wprintf(L"--------------------------------\n");
DoBenchMarks( NumChecks, BMF_UseObjTypeList );
}
}
AuthzFreeAuditInfo(hAuditInfo);
AuthzFreeAuditQueue(NULL);
AuthzFreeResourceManager(hAuthzResourceManager);
UNREFERENCED_PARAMETER(argc);
UNREFERENCED_PARAMETER(argv);
return 0;
}