270 lines
6.8 KiB
C++
270 lines
6.8 KiB
C++
#include "pch.h"
|
|
#pragma hdrstop
|
|
|
|
#include "ntaccess.h"
|
|
#include "azaccess.h"
|
|
#include "bmcommon.h"
|
|
#include "benchmrk.h"
|
|
|
|
EXTERN_C AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager;
|
|
EXTERN_C AUTHZ_RM_AUDIT_INFO_HANDLE hRmAuditInfo;
|
|
double az_time, nt_time;
|
|
EXTERN_C PAUTHZ_ACCESS_REPLY pReply, pReplyOT;
|
|
EXTERN_C AUTHZ_AUDIT_INFO_HANDLE hAuditInfo;
|
|
void DoBenchMarks( IN ULONG NumIter, IN DWORD Flags )
|
|
{
|
|
DWORD dwError=NO_ERROR;
|
|
|
|
//
|
|
// do NT access checks
|
|
//
|
|
dwError = InitNtAccessChecks();
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
wprintf(L"NtAccessChecks : ");
|
|
fflush(stdout);
|
|
|
|
timer_start();
|
|
|
|
dwError = DoNtAccessChecks( NumIter, Flags );
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
timer_stop();
|
|
nt_time = timer_time();
|
|
wprintf(L"%.2f sec\n", nt_time);
|
|
|
|
//
|
|
// do authz access checks
|
|
//
|
|
|
|
dwError = InitAuthzAccessChecks();
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
wprintf(L"AzAccessChecks : ");
|
|
fflush(stdout);
|
|
|
|
timer_start();
|
|
|
|
dwError = AuthzDoAccessCheck( NumIter, Flags );
|
|
|
|
if ( dwError != NO_ERROR )
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
timer_stop();
|
|
az_time = timer_time();
|
|
wprintf(L"%.2f sec\n", az_time);
|
|
wprintf(L"perf ratio : %2.2f \n", nt_time/az_time);
|
|
|
|
//
|
|
// make sure that both az and nt returned the same results
|
|
//
|
|
UINT len;
|
|
|
|
if ( Flags & BMF_UseObjTypeList )
|
|
{
|
|
len = ObjectTypeListLength;
|
|
|
|
for (UINT i=0; i < len; i++)
|
|
{
|
|
if ((pReplyOT->Error[i] != fNtAccessCheckResult[i]) ||
|
|
((pReplyOT->Error[i] == ERROR_SUCCESS) && (pReplyOT->GrantedAccessMask[i] != dwNtGrantedAccess[i])))
|
|
{
|
|
wprintf(L"AccessCheck mismatch @ %d\n", i);
|
|
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
|
|
pReplyOT->GrantedAccessMask[i],
|
|
pReplyOT->Error[i],
|
|
dwNtGrantedAccess[i],
|
|
fNtAccessCheckResult[i]);
|
|
}
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
if (
|
|
((pReply->Error[0] == ERROR_SUCCESS) && (0 == fNtAccessCheckResult[0])) ||
|
|
((pReply->Error[0] != ERROR_SUCCESS) && (1 == fNtAccessCheckResult[0])) ||
|
|
((pReply->Error[0] == ERROR_SUCCESS) && (pReply->GrantedAccessMask[0] != dwNtGrantedAccess[0]))
|
|
)
|
|
{
|
|
wprintf(L"AccessCheck mismatch\n");
|
|
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
|
|
pReply->GrantedAccessMask[0],
|
|
pReply->Error[0],
|
|
dwNtGrantedAccess[0],
|
|
fNtAccessCheckResult[0]);
|
|
}
|
|
}
|
|
|
|
//
|
|
// make sure that both az and nt returned the same results
|
|
//
|
|
|
|
if ( Flags & BMF_UseObjTypeList )
|
|
{
|
|
len = ObjectTypeListLength;
|
|
|
|
for (UINT i=0; i < len; i++)
|
|
{
|
|
|
|
if ((pReplyOT->Error[i] != fNtAccessCheckResult[i]) ||
|
|
((pReplyOT->Error[i] == ERROR_SUCCESS) && (pReplyOT->GrantedAccessMask[i] != dwNtGrantedAccess[i])))
|
|
{
|
|
wprintf(L"AccessCheck mismatch @ %d\n", i);
|
|
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
|
|
pReplyOT->GrantedAccessMask[i],
|
|
pReplyOT->Error[i],
|
|
dwNtGrantedAccess[i],
|
|
fNtAccessCheckResult[i]);
|
|
}
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
|
|
if (
|
|
((pReply->Error[0] == ERROR_SUCCESS) && (0 == fNtAccessCheckResult[0])) ||
|
|
((pReply->Error[0] != ERROR_SUCCESS) && (1 == fNtAccessCheckResult[0])) ||
|
|
((pReply->Error[0] == ERROR_SUCCESS) && (pReply->GrantedAccessMask[0] != dwNtGrantedAccess[0]))
|
|
)
|
|
{
|
|
wprintf(L"AccessCheck mismatch\n");
|
|
wprintf(L"AGA: %08lx\tAE: %08lx\nNGA: %08lx\tNE: %08lx\n",
|
|
pReply->GrantedAccessMask[0],
|
|
pReply->Error[0],
|
|
dwNtGrantedAccess[0],
|
|
fNtAccessCheckResult[0]);
|
|
}
|
|
}
|
|
|
|
return;
|
|
|
|
Cleanup:
|
|
wprintf(L"DoBenchMarks failed: %lx\n", dwError);
|
|
}
|
|
|
|
|
|
#define OTO_OT 1
|
|
#define OTO_SO 2
|
|
#define OTO_OTSO 3
|
|
|
|
PWCHAR szUsage = L"Usage: azbm iter-count ot-option access-mask sd-index audit-flag";
|
|
|
|
|
|
extern "C" int __cdecl wmain(int argc, PWSTR argv[])
|
|
{
|
|
NTSTATUS Status;
|
|
ULONG NumChecks = 10000;
|
|
BOOLEAN WasEnabled;
|
|
ULONG OtOptions;
|
|
ACCESS_MASK DesiredAccess;
|
|
ULONG SdIndex;
|
|
DWORD fGenAudit;
|
|
|
|
if ( argc != 6 )
|
|
{
|
|
wprintf(szUsage);
|
|
exit(-1);
|
|
}
|
|
|
|
if (1 != swscanf(argv[1], L"%d", &NumChecks))
|
|
{
|
|
wprintf(L"Bad iteration-count");
|
|
exit(-1);
|
|
}
|
|
|
|
if (1 != swscanf(argv[2], L"%d", &OtOptions))
|
|
{
|
|
wprintf(L"Bad ot-option");
|
|
exit(-1);
|
|
}
|
|
|
|
if (1 != swscanf(argv[3], L"%x", &DesiredAccess))
|
|
{
|
|
wprintf(L"Bad access-mask");
|
|
exit(-1);
|
|
}
|
|
g_DesiredAccess = DesiredAccess;
|
|
|
|
|
|
if (1 != swscanf(argv[4], L"%d", &SdIndex))
|
|
{
|
|
wprintf(L"Bad sd-index");
|
|
exit(-1);
|
|
}
|
|
g_szSd = g_aszSd[SdIndex];
|
|
|
|
if (1 != swscanf(argv[5], L"%d", &fGenAudit))
|
|
{
|
|
wprintf(L"Bad audit-flag");
|
|
exit(-1);
|
|
}
|
|
|
|
Status = RtlAdjustPrivilege(
|
|
SE_AUDIT_PRIVILEGE,
|
|
TRUE, // enable
|
|
FALSE, // do it on the thread token
|
|
&WasEnabled
|
|
);
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
wprintf(L"RtlAdjustPrivilege: %lx\n", Status);
|
|
}
|
|
|
|
if ( fGenAudit )
|
|
{
|
|
if ( OtOptions & OTO_SO )
|
|
{
|
|
wprintf(L"regular access checks with audit\n");
|
|
wprintf(L"---------------------\n");
|
|
DoBenchMarks( NumChecks, BMF_GenerateAudit );
|
|
}
|
|
|
|
if ( OtOptions & OTO_OT )
|
|
{
|
|
wprintf(L"\n\naccess checks with obj-type list with audit\n");
|
|
wprintf(L"--------------------------------\n");
|
|
DoBenchMarks( NumChecks, BMF_UseObjTypeList | BMF_GenerateAudit );
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if ( OtOptions & OTO_SO )
|
|
{
|
|
wprintf(L"regular access checks\n");
|
|
wprintf(L"---------------------\n");
|
|
DoBenchMarks( NumChecks, 0 );
|
|
}
|
|
|
|
if ( OtOptions & OTO_OT )
|
|
{
|
|
wprintf(L"\n\naccess checks with obj-type list\n");
|
|
wprintf(L"--------------------------------\n");
|
|
DoBenchMarks( NumChecks, BMF_UseObjTypeList );
|
|
}
|
|
}
|
|
AuthzFreeAuditInfo(hAuditInfo);
|
|
AuthzFreeAuditQueue(NULL);
|
|
AuthzFreeResourceManager(hAuthzResourceManager);
|
|
|
|
UNREFERENCED_PARAMETER(argc);
|
|
UNREFERENCED_PARAMETER(argv);
|
|
|
|
return 0;
|
|
}
|