|
|
#include "pch.h"
#pragma hdrstop
#include "bmcommon.h"
//
// S-1-5-21-397955417-626881126-188441444-2908314 (kumarp)
//
//WCHAR szSid[] = L"S-1-5-21-397955417-626881126-188441444-2908314";
WCHAR szSid[] = L"S-1-5-21-397955417-626881126-188441444-2101332";
//ULONG Sid[] = {0x00000501, 0x05000000, 0x00000015, 0x17b85159, 0x255d7266, 0x0b3b6364, 0x00201054};
// S-1-5-21-397955417-626881126-188441444-2101332
//ULONG Sid[] = {0x00000501, 0x05000000, 0x00000015, 0x17b85159, 0x255d7266, 0x0b3b6364, 0x00201054};
BOOL b;DWORD AuthzRmAuditFlags = 0;HANDLE hProcessToken=NULL;static HANDLE hToken;DWORD AuthzAuditFlags = 0;PCWSTR ResourceManagerName = L"Speed Test Resource Manager";AUTHZ_RM_AUDIT_INFO_HANDLE hRmAuditInfo = NULL;AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager = NULL;DWORD AuthzRmFlags = 0;AUDIT_EVENT_INFO AuditEventInfo;PCWSTR szOperationType = L"Access Check";PCWSTR szObjectName = L"Joe";PCWSTR szObjectType = L"Kernel Hacker";PCWSTR szAdditionalInfo = L"None";AUTHZ_AUDIT_INFO_HANDLE hAuditInfo = NULL;AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext = NULL;LUID luid = {0xdead,0xbeef};ULONG i;
ULONG NumAccessChecks = 10;AUTHZ_ACCESS_REQUEST RequestOT;AUTHZ_ACCESS_REQUEST Request;UCHAR Buffer[1024];UCHAR Buffer2[1024];UCHAR TypeListBuffer[1024];PAUTHZ_ACCESS_REPLY pReply = (PAUTHZ_ACCESS_REPLY) Buffer;PAUTHZ_ACCESS_REPLY pReplyOT = (PAUTHZ_ACCESS_REPLY) Buffer2;PSECURITY_DESCRIPTOR pSD = NULL;AUTHZ_HANDLE AuthzHandle = 0;AUDIT_PARAMS AuditParams;AUDIT_PARAM ParamArray[11];
PSID pSid;PSID pUserSid;
BOOLAuthzInit( ){ BOOL b;
if (!ConvertStringSidToSid( szSid, &pSid )) { return FALSE; }
AuditEventInfo.Version = AUDIT_TYPE_LEGACY; AuditEventInfo.u.Legacy.CategoryId = SE_CATEGID_OBJECT_ACCESS; AuditEventInfo.u.Legacy.AuditId = SE_AUDITID_OBJECT_OPERATION; AuditEventInfo.u.Legacy.ParameterCount = 3;
//
// init request for obj-type access check
//
RequestOT.DesiredAccess = DESIRED_ACCESS; RequestOT.ObjectTypeList = ObjectTypeList; RequestOT.ObjectTypeListLength = ObjectTypeListLength; RequestOT.OptionalArguments = NULL; RequestOT.PrincipalSelfSid = NULL; //RequestOT.PrincipalSelfSid = g_Sid1;
//
// init non obj-type request
//
Request.DesiredAccess = DESIRED_ACCESS; Request.ObjectTypeList = NULL; Request.ObjectTypeListLength = 0; Request.OptionalArguments = NULL; Request.PrincipalSelfSid = NULL; //Request.PrincipalSelfSid = g_Sid1;
//
// init reply for obj type list
//
pReplyOT->ResultListLength = ObjectTypeListLength; pReplyOT->Error = (PDWORD) (((PCHAR) pReplyOT) + sizeof(AUTHZ_ACCESS_REPLY)); pReplyOT->GrantedAccessMask = (PACCESS_MASK) (pReplyOT->Error + pReplyOT->ResultListLength);
//
// init reply
//
pReply->ResultListLength = 1; pReply->Error = (PDWORD) (((PCHAR) pReply) + sizeof(AUTHZ_ACCESS_REPLY)); pReply->GrantedAccessMask = (PACCESS_MASK) (pReply->Error + pReply->ResultListLength);
b = AuthzInitializeResourceManager( NULL, NULL, NULL, L"Benchmark RM", AuthzRmFlags, &hAuthzResourceManager );
if (!b) { printf("AuthzInitializeResourceManager\n"); return FALSE; }
AuditParams.Parameters = ParamArray;
AuthzInitializeAuditParams( &AuditParams, &pUserSid, L"Authz Speed Tests", APF_AuditSuccess, 1, APT_String, L"Test operation" );
b = AuthzInitializeAuditInfo( &hAuditInfo, 0, hAuthzResourceManager, &AuditEventInfo, &AuditParams, NULL, INFINITE, L"blah", L"blah", L"and", L"blah" );
if (!b) { printf("AuthzInitAuditInfo FAILED with %d.\n", GetLastError()); return 0; }
b = AuthzModifyAuditQueue( NULL, AUTHZ_AUDIT_QUEUE_THREAD_PRIORITY, 0, 0, 0, THREAD_PRIORITY_LOWEST ); if (!b) { printf("AuthzModifyAuditQueue FAILED with %d.\n", GetLastError()); return 0; }
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hProcessToken ) ) { wprintf(L"OpenProcessToken failed %d\n", GetLastError()); return 0; }
b = AuthzInitializeContextFromToken( hProcessToken, hAuthzResourceManager, NULL, luid, 0, NULL, &hAuthzClientContext ); if (!b) { printf("AuthzInitializeContextFromToken failed %d\n", GetLastError()); return FALSE; }
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ) ) { return GetLastError(); }
b = ConvertStringSecurityDescriptorToSecurityDescriptorW(g_szSd, SDDL_REVISION_1, &pSD, NULL);
if (!b) { wprintf(L"SDDL failed with %d\n", GetLastError()); return FALSE; } return TRUE;}
DWORDInitAuthzAccessChecks(){ if (!AuthzInit()) { return GetLastError(); }
return NO_ERROR;}
DWORDAuthzDoAccessCheck( IN ULONG NumAccessChecks, IN DWORD Flags ){ AUTHZ_AUDIT_INFO_HANDLE AdtInfo = Flags & BMF_GenerateAudit ? hAuditInfo : NULL;
if ( Flags & BMF_UseObjTypeList ) { for (i = 0; i < NumAccessChecks; i ++) { b = AuthzAccessCheck( hAuthzClientContext, &RequestOT, AdtInfo, pSD, NULL, 0, pReplyOT, //&AuthzHandle
NULL ); if (!b) { printf("AuthzAccessCheck failed.\n"); return GetLastError(); }// else
// {
// AuthzFreeHandle( AuthzHandle );
// }
} } else { for (i = 0; i < NumAccessChecks; i ++) { b = AuthzAccessCheck( hAuthzClientContext, &Request, AdtInfo, pSD, NULL, 0, pReply, //&AuthzHandle
NULL ); if (!b) { printf("AuthzAccessCheck failed.\n"); return GetLastError(); }// else
// {
// AuthzFreeHandle( AuthzHandle );
// }
} }
return NO_ERROR;}
|
