427 lines
11 KiB
C
427 lines
11 KiB
C
/*++
|
|
Copyright (c) 1989 Microsoft Corporation
|
|
|
|
Module Name:
|
|
tseum.c
|
|
|
|
Abstract:
|
|
Test program for the security system
|
|
|
|
Author:
|
|
Gary Kimura [GaryKi] 20-Nov-1989
|
|
|
|
Revision History:
|
|
v3: robertre
|
|
Updated ACL_REVISION
|
|
--*/
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
|
|
#include "sep.h"
|
|
#include "ttoken.c"
|
|
|
|
|
|
VOID RtlDumpAcl(IN PACL Acl);
|
|
|
|
|
|
main(int argc, char *argv[], char *envp[])
|
|
{
|
|
HANDLE CurrentProcessHandle;
|
|
NTSTATUS Status;
|
|
ULONG i;
|
|
VOID SeMain();
|
|
|
|
CurrentProcessHandle = NtCurrentProcess();
|
|
Status = STATUS_SUCCESS;
|
|
|
|
DbgPrint( "Entering User Mode Test Program\n" );
|
|
|
|
DbgPrint( "argc: %ld\n", argc );
|
|
if (argv != NULL) {
|
|
for (i=0; i<argc; i++) {
|
|
DbgPrint( "argv[ %ld ]: %s\n", i, argv[ i ] );
|
|
}
|
|
}
|
|
|
|
if (envp != NULL) {
|
|
i = 0;
|
|
while (*envp) {
|
|
DbgPrint( "envp[ %02ld ]: %s\n", i++, *envp++ );
|
|
}
|
|
}
|
|
|
|
SeMain();
|
|
|
|
DbgPrint( "Exiting User Mode Test Program with Status = %lx\n", Status );
|
|
|
|
NtTerminateProcess( CurrentProcessHandle, Status );
|
|
}
|
|
|
|
|
|
VOID SeMain()
|
|
{
|
|
BOOLEAN TestCreateAcl();
|
|
BOOLEAN TestQueryInformationAcl();
|
|
BOOLEAN TestSetInformationAcl();
|
|
BOOLEAN TestAddAce();
|
|
BOOLEAN TestDeleteAce();
|
|
BOOLEAN TestGetAce();
|
|
BOOLEAN TestAccessCheck();
|
|
BOOLEAN TestGenerateMessage();
|
|
|
|
DbgPrint("Starting User Mode Security Test\n");
|
|
|
|
if (!TestCreateAcl()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestQueryInformationAcl()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestSetInformationAcl()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestAddAce()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestDeleteAce()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestGetAce()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
|
|
if (!TestAccessCheck()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
if (!TestGenerateMessage()) {
|
|
DbgPrint("TestCreateAcl Error\n");
|
|
return;
|
|
}
|
|
|
|
DbgPrint("Ending User Mode Security Test\n");
|
|
}
|
|
|
|
|
|
BOOLEAN TestCreateAcl()
|
|
{
|
|
UCHAR Buffer[512];
|
|
PACL Acl;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)Buffer;
|
|
|
|
// Create a good large acl
|
|
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
|
|
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Create a good small acl
|
|
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL), 1))) {
|
|
DbgPrint("RtlCreateAcl Error small Acl : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Create a too small acl
|
|
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL) - 1, 1))) {
|
|
DbgPrint("RtlCreateAcl Error too small Acl : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Create a bad version acl
|
|
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 2))) {
|
|
DbgPrint("RtlCreateAcl Error bad version : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestQueryInformationAcl()
|
|
{
|
|
UCHAR Buffer[512];
|
|
PACL Acl;
|
|
ACL_REVISION_INFORMATION AclRevisionInfo;
|
|
ACL_SIZE_INFORMATION AclSizeInfo;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)Buffer;
|
|
BuildAcl( Fred, Acl, 512 );
|
|
|
|
// Query the revision information
|
|
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
|
|
DbgPrint("RtlQueryInformationAcl revision info error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
if (AclRevisionInfo.AclRevision != ACL_REVISION) {
|
|
DbgPrint("RtlAclRevision Error\n");
|
|
return FALSE;
|
|
}
|
|
|
|
// Query size information
|
|
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl, (PVOID)&AclSizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation))) {
|
|
DbgPrint("RtlQueryInformationAcl size info Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
if ((AclSizeInfo.AceCount != 6) || (AclSizeInfo.AclBytesInUse != (sizeof(ACL)+6*sizeof(STANDARD_ACE))) || (AclSizeInfo.AclBytesFree != 512 - AclSizeInfo.AclBytesInUse)) {
|
|
DbgPrint("RtlAclSize Error\n");
|
|
DbgPrint("AclSizeInfo.AceCount = %8lx\n", AclSizeInfo.AceCount);
|
|
DbgPrint("AclSizeInfo.AclBytesInUse = %8lx\n", AclSizeInfo.AclBytesInUse);
|
|
DbgPrint("AclSizeInfo.AclBytesFree = %8lx\n", AclSizeInfo.AclBytesFree);
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestSetInformationAcl()
|
|
{
|
|
UCHAR Buffer[512];
|
|
PACL Acl;
|
|
ACL_REVISION_INFORMATION AclRevisionInfo;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)Buffer;
|
|
BuildAcl( Fred, Acl, 512 );
|
|
|
|
// Set the revision information to the current revision level
|
|
AclRevisionInfo.AclRevision = ACL_REVISION;
|
|
if (!NT_SUCCESS(Status = RtlSetInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
|
|
DbgPrint("RtlSetInformationAcl revision info error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Set the revision information to something wrong
|
|
AclRevisionInfo.AclRevision = ACL_REVISION+1;
|
|
if (NT_SUCCESS(Status = RtlSetInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
|
|
DbgPrint("RtlSetInformationAcl revision to wrong info error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestAddAce()
|
|
{
|
|
UCHAR AclBuffer[512];
|
|
PACL Acl;
|
|
STANDARD_ACE AceList[2];
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)AclBuffer;
|
|
|
|
// Create a good large acl
|
|
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
|
|
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// test add ace to add two aces to an empty acl
|
|
AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
|
|
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
|
|
AceList[0].Header.InheritFlags = 0;
|
|
AceList[0].Header.AceFlags = 0;
|
|
AceList[0].Mask = 0x22222222;
|
|
CopyGuid(&AceList[0].Guid, &FredGuid);
|
|
|
|
AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
|
|
AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
|
|
AceList[1].Header.InheritFlags = 0;
|
|
AceList[1].Header.AceFlags = 0;
|
|
AceList[1].Mask = 0x44444444;
|
|
CopyGuid(&AceList[1].Guid, &WilmaGuid);
|
|
|
|
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, 2*sizeof(STANDARD_ACE)))) {
|
|
DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// test add ace to add one to the beginning of an acl
|
|
AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
|
|
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
|
|
AceList[0].Header.InheritFlags = 0;
|
|
AceList[0].Header.AceFlags = 0;
|
|
AceList[0].Mask = 0x11111111;
|
|
CopyGuid(&AceList[0].Guid, &PebblesGuid);
|
|
|
|
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, sizeof(STANDARD_ACE)))) {
|
|
DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// test add ace to add one to the middle of an acl
|
|
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
|
|
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
|
|
AceList[0].Header.InheritFlags = 0;
|
|
AceList[0].Header.AceFlags = 0;
|
|
AceList[0].Mask = 0x33333333;
|
|
CopyGuid(&AceList[0].Guid, &DinoGuid);
|
|
|
|
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 2, AceList, sizeof(STANDARD_ACE)))) {
|
|
DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// test add ace to add one to the end of an acl
|
|
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
|
|
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
|
|
AceList[0].Header.InheritFlags = 0;
|
|
AceList[0].Header.AceFlags = 0;
|
|
AceList[0].Mask = 0x55555555;
|
|
CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
|
|
|
|
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, MAXULONG, AceList, sizeof(STANDARD_ACE)))) {
|
|
DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestDeleteAce()
|
|
{
|
|
UCHAR Buffer[512];
|
|
PACL Acl;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)Buffer;
|
|
|
|
BuildAcl( Fred, Acl, 512 );
|
|
|
|
// test delete first ace
|
|
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 0))) {
|
|
DbgPrint("RtlDeleteAce first ace Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// test delete middle ace
|
|
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 2))) {
|
|
DbgPrint("RtlDeleteAce middle ace Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// test delete last ace
|
|
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 3))) {
|
|
DbgPrint("RtlDeleteAce last ace Error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestGetAce()
|
|
{
|
|
UCHAR Buffer[512];
|
|
PACL Acl;
|
|
STANDARD_ACE Ace;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)Buffer;
|
|
BuildAcl( Fred, Acl, 512 );
|
|
|
|
// Get first ace
|
|
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 0, (PVOID)&Ace))) {
|
|
DbgPrint("RtlGetAce first ace error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// Get middle ace
|
|
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 3, (PVOID)&Ace))) {
|
|
DbgPrint("RtlGetAce middle ace error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
// Get last ace
|
|
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 5, (PVOID)&Ace))) {
|
|
DbgPrint("RtlGetAce last ace error : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// RtlDumpAcl(Acl);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestAccessCheck()
|
|
{
|
|
UCHAR AclBuffer[1024];
|
|
SECURITY_DESCRIPTOR SecurityDescriptor;
|
|
PACL Acl;
|
|
UCHAR TokenBuffer[512];
|
|
PACCESS_TOKEN Token;
|
|
NTSTATUS Status;
|
|
|
|
Acl = (PACL)AclBuffer;
|
|
BuildAcl( Fred, Acl, 1024 );
|
|
|
|
Token = (PACCESS_TOKEN)TokenBuffer;
|
|
BuildToken( Fred, Token );
|
|
|
|
DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
|
|
|
|
// Test should be successful based on aces
|
|
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, 0x00000001, NULL ))) {
|
|
DbgPrint("NtAccessCheck Error should allow access : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Test should be successful based on owner
|
|
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, READ_CONTROL, &FredGuid ))) {
|
|
DbgPrint("NtAccessCheck Error should allow owner : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Test should be unsuccessful based on aces
|
|
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, 0x0000000f, &FredGuid ))) {
|
|
DbgPrint("NtAccessCheck Error shouldn't allow access : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
// Test should be unsuccessful based on non owner
|
|
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, READ_CONTROL, &BarneyGuid ))) {
|
|
DbgPrint("NtAccessCheck Error shouldn't allow non owner access : %8lx\n", Status);
|
|
return FALSE;
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOLEAN TestGenerateMessage()
|
|
{
|
|
return TRUE;
|
|
} |