Microsoft/Windows2000
Microsoft/Windows2000
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
Windows2000/private/ntos/se/tseum.c
Microsoft 45f4a58588 First commit
2020-09-30 17:12:32 +02:00

427 lines
11 KiB
C
Raw Permalink Blame History

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
tseum.c
Abstract:
Test program for the security system
Author:
Gary Kimura [GaryKi] 20-Nov-1989
Revision History:
v3: robertre
Updated ACL_REVISION
--*/
#include <stdio.h>
#include <string.h>
#include <nt.h>
#include <ntrtl.h>
#include "sep.h"
#include "ttoken.c"
VOID RtlDumpAcl(IN PACL Acl);
main(int argc, char *argv[], char *envp[])
{
HANDLE CurrentProcessHandle;
NTSTATUS Status;
ULONG i;
VOID SeMain();
CurrentProcessHandle = NtCurrentProcess();
Status = STATUS_SUCCESS;
DbgPrint( "Entering User Mode Test Program\n" );
DbgPrint( "argc: %ld\n", argc );
if (argv != NULL) {
for (i=0; i<argc; i++) {
DbgPrint( "argv[ %ld ]: %s\n", i, argv[ i ] );
}
}
if (envp != NULL) {
i = 0;
while (*envp) {
DbgPrint( "envp[ %02ld ]: %s\n", i++, *envp++ );
}
}
SeMain();
DbgPrint( "Exiting User Mode Test Program with Status = %lx\n", Status );
NtTerminateProcess( CurrentProcessHandle, Status );
}
VOID SeMain()
{
BOOLEAN TestCreateAcl();
BOOLEAN TestQueryInformationAcl();
BOOLEAN TestSetInformationAcl();
BOOLEAN TestAddAce();
BOOLEAN TestDeleteAce();
BOOLEAN TestGetAce();
BOOLEAN TestAccessCheck();
BOOLEAN TestGenerateMessage();
DbgPrint("Starting User Mode Security Test\n");
if (!TestCreateAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestQueryInformationAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestSetInformationAcl()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestAddAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestDeleteAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestGetAce()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestAccessCheck()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
if (!TestGenerateMessage()) {
DbgPrint("TestCreateAcl Error\n");
return;
}
DbgPrint("Ending User Mode Security Test\n");
}
BOOLEAN TestCreateAcl()
{
UCHAR Buffer[512];
PACL Acl;
NTSTATUS Status;
Acl = (PACL)Buffer;
// Create a good large acl
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
return FALSE;
}
// Create a good small acl
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL), 1))) {
DbgPrint("RtlCreateAcl Error small Acl : %8lx\n", Status);
return FALSE;
}
// Create a too small acl
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL) - 1, 1))) {
DbgPrint("RtlCreateAcl Error too small Acl : %8lx\n", Status);
return FALSE;
}
// Create a bad version acl
if (NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 2))) {
DbgPrint("RtlCreateAcl Error bad version : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN TestQueryInformationAcl()
{
UCHAR Buffer[512];
PACL Acl;
ACL_REVISION_INFORMATION AclRevisionInfo;
ACL_SIZE_INFORMATION AclSizeInfo;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
// Query the revision information
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
DbgPrint("RtlQueryInformationAcl revision info error : %8lx\n", Status);
return FALSE;
}
if (AclRevisionInfo.AclRevision != ACL_REVISION) {
DbgPrint("RtlAclRevision Error\n");
return FALSE;
}
// Query size information
if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl, (PVOID)&AclSizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation))) {
DbgPrint("RtlQueryInformationAcl size info Error : %8lx\n", Status);
return FALSE;
}
if ((AclSizeInfo.AceCount != 6) || (AclSizeInfo.AclBytesInUse != (sizeof(ACL)+6*sizeof(STANDARD_ACE))) || (AclSizeInfo.AclBytesFree != 512 - AclSizeInfo.AclBytesInUse)) {
DbgPrint("RtlAclSize Error\n");
DbgPrint("AclSizeInfo.AceCount = %8lx\n", AclSizeInfo.AceCount);
DbgPrint("AclSizeInfo.AclBytesInUse = %8lx\n", AclSizeInfo.AclBytesInUse);
DbgPrint("AclSizeInfo.AclBytesFree = %8lx\n", AclSizeInfo.AclBytesFree);
return FALSE;
}
return TRUE;
}
BOOLEAN TestSetInformationAcl()
{
UCHAR Buffer[512];
PACL Acl;
ACL_REVISION_INFORMATION AclRevisionInfo;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
// Set the revision information to the current revision level
AclRevisionInfo.AclRevision = ACL_REVISION;
if (!NT_SUCCESS(Status = RtlSetInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
DbgPrint("RtlSetInformationAcl revision info error : %8lx\n", Status);
return FALSE;
}
// Set the revision information to something wrong
AclRevisionInfo.AclRevision = ACL_REVISION+1;
if (NT_SUCCESS(Status = RtlSetInformationAcl( Acl, (PVOID)&AclRevisionInfo, sizeof(ACL_REVISION_INFORMATION), AclRevisionInformation))) {
DbgPrint("RtlSetInformationAcl revision to wrong info error : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN TestAddAce()
{
UCHAR AclBuffer[512];
PACL Acl;
STANDARD_ACE AceList[2];
NTSTATUS Status;
Acl = (PACL)AclBuffer;
// Create a good large acl
if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
return FALSE;
}
// test add ace to add two aces to an empty acl
AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x22222222;
CopyGuid(&AceList[0].Guid, &FredGuid);
AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
AceList[1].Header.InheritFlags = 0;
AceList[1].Header.AceFlags = 0;
AceList[1].Mask = 0x44444444;
CopyGuid(&AceList[1].Guid, &WilmaGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, 2*sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// test add ace to add one to the beginning of an acl
AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x11111111;
CopyGuid(&AceList[0].Guid, &PebblesGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 0, AceList, sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// test add ace to add one to the middle of an acl
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x33333333;
CopyGuid(&AceList[0].Guid, &DinoGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, 2, AceList, sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// test add ace to add one to the end of an acl
AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
AceList[0].Header.InheritFlags = 0;
AceList[0].Header.AceFlags = 0;
AceList[0].Mask = 0x55555555;
CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
if (!NT_SUCCESS(Status = RtlAddAce( Acl, 1, MAXULONG, AceList, sizeof(STANDARD_ACE)))) {
DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN TestDeleteAce()
{
UCHAR Buffer[512];
PACL Acl;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
// test delete first ace
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 0))) {
DbgPrint("RtlDeleteAce first ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// test delete middle ace
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 2))) {
DbgPrint("RtlDeleteAce middle ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// test delete last ace
if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 3))) {
DbgPrint("RtlDeleteAce last ace Error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN TestGetAce()
{
UCHAR Buffer[512];
PACL Acl;
STANDARD_ACE Ace;
NTSTATUS Status;
Acl = (PACL)Buffer;
BuildAcl( Fred, Acl, 512 );
// Get first ace
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 0, (PVOID)&Ace))) {
DbgPrint("RtlGetAce first ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// Get middle ace
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 3, (PVOID)&Ace))) {
DbgPrint("RtlGetAce middle ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
// Get last ace
if (!NT_SUCCESS(Status = RtlGetAce(Acl, 5, (PVOID)&Ace))) {
DbgPrint("RtlGetAce last ace error : %8lx\n", Status);
return FALSE;
}
// RtlDumpAcl(Acl);
return TRUE;
}
BOOLEAN TestAccessCheck()
{
UCHAR AclBuffer[1024];
SECURITY_DESCRIPTOR SecurityDescriptor;
PACL Acl;
UCHAR TokenBuffer[512];
PACCESS_TOKEN Token;
NTSTATUS Status;
Acl = (PACL)AclBuffer;
BuildAcl( Fred, Acl, 1024 );
Token = (PACCESS_TOKEN)TokenBuffer;
BuildToken( Fred, Token );
DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
// Test should be successful based on aces
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, 0x00000001, NULL ))) {
DbgPrint("NtAccessCheck Error should allow access : %8lx\n", Status);
return FALSE;
}
// Test should be successful based on owner
if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, READ_CONTROL, &FredGuid ))) {
DbgPrint("NtAccessCheck Error should allow owner : %8lx\n", Status);
return FALSE;
}
// Test should be unsuccessful based on aces
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, 0x0000000f, &FredGuid ))) {
DbgPrint("NtAccessCheck Error shouldn't allow access : %8lx\n", Status);
return FALSE;
}
// Test should be unsuccessful based on non owner
if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor, Token, READ_CONTROL, &BarneyGuid ))) {
DbgPrint("NtAccessCheck Error shouldn't allow non owner access : %8lx\n", Status);
return FALSE;
}
return TRUE;
}
BOOLEAN TestGenerateMessage()
{
return TRUE;
}
Reference in New Issue View Git Blame Copy Permalink