windows-nt/Source/XPSP1/NT/ds/security/winsafer/test/cmptoktst/cmptoktst.cpp

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <winsafer.h>


/*
BOOL WINAPI
CodeAuthzCompareTokenLevels (
        IN HANDLE   ClientAccessToken,
        IN HANDLE   ServerAccessToken,
        OUT PDWORD  pdwResult
        )
*/

void _cdecl main()
{
    static const levelids[4] = {
        AUTHZLEVELID_UNTRUSTED,
        AUTHZLEVELID_CONSTRAINED,
        AUTHZLEVELID_NORMALUSER,
        AUTHZLEVELID_FULLYTRUSTED
    };

    HANDLE hTokens[4];
    BOOL bStatus;
    DWORD i;
    HANDLE hProcessToken;

    bStatus = OpenProcessToken(GetCurrentProcess(),
                               TOKEN_QUERY | TOKEN_DUPLICATE,
                               &hProcessToken);
    if (!bStatus) {
        printf("Failed to open process token (lasterror=%d).\n", GetLastError());
        return;
    }


    for (int i = 0; i < 4; i++)
    {
        HAUTHZLEVEL hCodeAuthLevel;

        bStatus = CreateCodeAuthzLevel(AUTHZSCOPEID_MACHINE,
                                       levelids[i],
                                       AUTHZCRLEV_OPEN,
                                       &hCodeAuthLevel,
                                       NULL);
        if (!bStatus) {
            printf("Failed to create level %d (lasterror=%d)\n", levelids[i], GetLastError());
            return;
        }

        bStatus = ComputeAccessTokenFromCodeAuthzLevel(hCodeAuthLevel,
                                                       hProcessToken,
                                                       &hTokens[i],
                                                       0,
                                                       NULL);
        if (!bStatus) {
            printf("ComputeAccessTokenFromCodeAuthzLevel failed with GLE=%d\n", GetLastError());
            return;
        }

        bStatus = CloseCodeAuthzLevel(hCodeAuthLevel);
        if (!bStatus) {
            printf("Failed to close level.\n");
            return;
        }
    }

    for (int testi = 0; testi < 4; testi++) {
        for (int testj = 0; testj < 4; testj++) {
            DWORD dwCompareResults;
            DWORD dwExpected;

            bStatus = CodeAuthzCompareTokenLevels (
                            hTokens[testi],
                            hTokens[testj],
                            &dwCompareResults);
            if (!bStatus) {
                printf("CompareTokens failed for test %d,%d with error=%d\n",
                       testi, testj, GetLastError());
                continue;
            }

            if (testi == testj) {
                dwExpected = 0;
            } else if (testi < testj) {
                dwExpected = 1;
            } else {
                dwExpected = -1;
            }

            if (dwCompareResults != dwExpected) {
                printf("CompareTokens return wrong value for test %d,%d (actual=%d, expected=%d)\n",
                       testi, testj, dwCompareResults, dwExpected);
            } else {
                printf("CompareTokens passed test %d,%d (returned %d)\n",
                       testi, testj, dwCompareResults);
            }
        }
    }

    return;
}