Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1120 lines
34 KiB

  1. /*++
  2. Copyright (c) 1989 Microsoft Corporation
  3. Module Name:
  4. ctsertl.c
  5. Abstract:
  6. Common security RTL test routines.
  7. These routines are used in both the kernel and user mode RTL tests.
  8. Author:
  9. Jim Kelly (JimK) 23-Mar-1990
  10. Environment:
  11. Test of security.
  12. Revision History:
  13. --*/
  14. #include "tsecomm.c"
  15. ////////////////////////////////////////////////////////////////
  16. // //
  17. // Test routines //
  18. // //
  19. ////////////////////////////////////////////////////////////////
  20. BOOLEAN
  21. TestSeSid()
  22. {
  23. #define TARGET_SID_ARRAY_LENGTH 1024
  24. typedef struct _TALT_SID1 {
  25. ULONG Value[3];
  26. } TALT_SID1;
  27. typedef TALT_SID1 *PTALT_SID1;
  28. NTSTATUS Status;
  29. PVOID Ignore;
  30. PSID TFredSid;
  31. PSID TBarneySid;
  32. PSID TWilmaSid;
  33. PSID TWilmaSubSid;
  34. PSID TNoSubSid;
  35. PSID TTempSid;
  36. PSID_AND_ATTRIBUTES SourceArray;
  37. PSID_AND_ATTRIBUTES TargetArray;
  38. ULONG TargetLength;
  39. ULONG OriginalTargetLength;
  40. ULONG NormalGroupAttributes;
  41. ULONG OwnerGroupAttributes;
  42. // Temporary Hack ...
  43. NormalGroupAttributes = 7;
  44. OwnerGroupAttributes = 15;
  45. // End Temporary Hack...
  46. TFredSid = (PSID)TstAllocatePool( PagedPool, 256 );
  47. TBarneySid = (PSID)TstAllocatePool( PagedPool, 256 );
  48. TWilmaSid = (PSID)TstAllocatePool( PagedPool, 256 );
  49. TWilmaSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
  50. TNoSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
  51. TTempSid = (PSID)TstAllocatePool( PagedPool, 256 );
  52. //
  53. // Valid SID structure test
  54. //
  55. if (!RtlValidSid( TFredSid )) {
  56. DbgPrint("**** Failed **** \n");
  57. DbgPrint("*Se** Failure: RtlValidSid, TFredSid\n");
  58. return FALSE;
  59. }
  60. if (!RtlValidSid( TBarneySid )) {
  61. DbgPrint("**** Failed **** \n");
  62. DbgPrint("*Se** Failure: RtlValidSid, TBarneySid\n");
  63. return FALSE;
  64. }
  65. if (!RtlValidSid( TWilmaSid )) {
  66. DbgPrint("**** Failed **** \n");
  67. DbgPrint("*Se** Failure: RtlValidSid, TWilmaSid\n");
  68. return FALSE;
  69. }
  70. if (!RtlValidSid( TWilmaSubSid )) {
  71. DbgPrint("**** Failed **** \n");
  72. DbgPrint("*Se** Failure: RtlValidSid, TWilmaSubSid\n");
  73. return FALSE;
  74. }
  75. if (!RtlValidSid( TNoSubSid )) {
  76. DbgPrint("**** Failed **** \n");
  77. DbgPrint("*Se** Failure: RtlValidSid, TNoSubSid\n");
  78. return FALSE;
  79. }
  80. //
  81. // Equal SIDs Test
  82. //
  83. if (RtlEqualSid( TFredSid, TBarneySid )) {
  84. DbgPrint("*Se** Failure: RtlEqualSid, TFredSid - TBarneySid\n");
  85. DbgPrint("**** Failed **** \n");
  86. return FALSE;
  87. }
  88. if (!RtlEqualSid( TFredSid, TFredSid )) {
  89. DbgPrint("*Se** Failure: RtlEqualSid, TFredSid - TFredSid\n");
  90. return FALSE;
  91. }
  92. if (RtlEqualSid( TWilmaSid, TWilmaSubSid )) {
  93. DbgPrint("**** Failed **** \n");
  94. DbgPrint("*Se** Failure: RtlEqualSid, TWilmaSid - TWilmaSubSid\n");
  95. return FALSE;
  96. }
  97. if (RtlEqualSid( TWilmaSid, TNoSubSid )) {
  98. DbgPrint("**** Failed **** \n");
  99. DbgPrint("*Se** Failure: RtlEqualSid, TWilmaSid - TNoSubSid\n");
  100. return FALSE;
  101. }
  102. //
  103. // Length Required test
  104. //
  105. if (RtlLengthRequiredSid( 0 ) != 8) {
  106. DbgPrint("**** Failed **** \n");
  107. DbgPrint("*Se** Failure: RtlLengthRequiredSid, 0 SubAuthorities\n");
  108. return FALSE;
  109. }
  110. if (RtlLengthRequiredSid( 1 ) != 12) {
  111. DbgPrint("**** Failed **** \n");
  112. DbgPrint("*Se** Failure: RtlLengthRequiredSid, 1 SubAuthorities\n");
  113. return FALSE;
  114. }
  115. if (RtlLengthRequiredSid( 2 ) != 16) {
  116. DbgPrint("**** Failed **** \n");
  117. DbgPrint("*Se** Failure: RtlLengthRequiredSid, 2 SubAuthorities\n");
  118. return FALSE;
  119. }
  120. //
  121. // Length of SID test
  122. //
  123. if (SeLengthSid( TNoSubSid ) != 8) {
  124. DbgPrint("**** Failed **** \n");
  125. DbgPrint("*Se** Failure: SeLengthSid, TNoSubSid\n");
  126. return FALSE;
  127. }
  128. if (SeLengthSid( TFredSid ) != 12) {
  129. DbgPrint("**** Failed **** \n");
  130. DbgPrint("*Se** Failure: SeLengthSid, TFredSid\n");
  131. return FALSE;
  132. }
  133. if (SeLengthSid( TWilmaSubSid ) != 16) {
  134. DbgPrint("**** Failed **** \n");
  135. DbgPrint("*Se** Failure: SeLengthSid, TWilmaSubSid\n");
  136. return FALSE;
  137. }
  138. //
  139. // Copy SID Test
  140. //
  141. if (NT_SUCCESS(RtlCopySid( 7, TTempSid, TNoSubSid ))) {
  142. DbgPrint("**** Failed **** \n");
  143. DbgPrint("*Se** Failure: RtlCopySid, insufficient TNoSubSid\n");
  144. return FALSE;
  145. }
  146. if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TNoSubSid ))) {
  147. DbgPrint("**** Failed **** \n");
  148. DbgPrint("*Se** Failure: RtlCopySid, TNoSubSid\n");
  149. return FALSE;
  150. }
  151. if (!RtlEqualSid( TTempSid, TNoSubSid )) {
  152. DbgPrint("**** Failed **** \n");
  153. DbgPrint("*Se** Failure: RtlCopySid compare, TNoSubSid\n");
  154. return FALSE;
  155. }
  156. if (NT_SUCCESS(RtlCopySid( 11, TTempSid, TBarneySid ))) {
  157. DbgPrint("**** Failed **** \n");
  158. DbgPrint("*Se** Failure: RtlCopySid, insufficient TBarneySid\n");
  159. return FALSE;
  160. }
  161. if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TBarneySid ))) {
  162. DbgPrint("**** Failed **** \n");
  163. DbgPrint("*Se** Failure: RtlCopySid, TBarneySid\n");
  164. return FALSE;
  165. }
  166. if (!RtlEqualSid( TTempSid, TBarneySid )) {
  167. DbgPrint("**** Failed **** \n");
  168. DbgPrint("*Se** Failure: RtlCopySid compare, TBarneySid\n");
  169. return FALSE;
  170. }
  171. if (NT_SUCCESS(RtlCopySid( 15, TTempSid, TWilmaSubSid ))) {
  172. DbgPrint("**** Failed **** \n");
  173. DbgPrint("*Se** Failure: RtlCopySid, insufficient TWilmaSubSid\n");
  174. return FALSE;
  175. }
  176. if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TWilmaSubSid ))) {
  177. DbgPrint("**** Failed **** \n");
  178. DbgPrint("*Se** Failure: RtlCopySid, TNoSubSid\n");
  179. return FALSE;
  180. }
  181. if (!RtlEqualSid( TTempSid, TWilmaSubSid )) {
  182. DbgPrint("**** Failed **** \n");
  183. DbgPrint("*Se** Failure: RtlCopySid compare, TWilmaSubSid\n");
  184. return FALSE;
  185. }
  186. //
  187. // Validate all the tsevars SIDs
  188. //
  189. //
  190. // Bedrock SIDs
  191. //
  192. if (!RtlValidSid( BedrockDomainSid )) {
  193. DbgPrint("**** Failed **** \n");
  194. DbgPrint("*Se** Failure: RtlValidSid, BedrockDomainSid\n");
  195. return FALSE;
  196. }
  197. if (!RtlValidSid( FredSid )) {
  198. DbgPrint("**** Failed **** \n");
  199. DbgPrint("*Se** Failure: RtlValidSid, FredSid\n");
  200. return FALSE;
  201. }
  202. if (!RtlValidSid( WilmaSid )) {
  203. DbgPrint("**** Failed **** \n");
  204. DbgPrint("*Se** Failure: RtlValidSid, WilmaSid\n");
  205. return FALSE;
  206. }
  207. if (!RtlValidSid( PebblesSid )) {
  208. DbgPrint("**** Failed **** \n");
  209. DbgPrint("*Se** Failure: RtlValidSid, PebblesSid\n");
  210. return FALSE;
  211. }
  212. if (!RtlValidSid( DinoSid )) {
  213. DbgPrint("**** Failed **** \n");
  214. DbgPrint("*Se** Failure: RtlValidSid, DinoSid\n");
  215. return FALSE;
  216. }
  217. if (!RtlValidSid( BarneySid )) {
  218. DbgPrint("**** Failed **** \n");
  219. DbgPrint("*Se** Failure: RtlValidSid, BarneySid\n");
  220. return FALSE;
  221. }
  222. if (!RtlValidSid( BettySid )) {
  223. DbgPrint("**** Failed **** \n");
  224. DbgPrint("*Se** Failure: RtlValidSid, BettySid\n");
  225. return FALSE;
  226. }
  227. if (!RtlValidSid( BambamSid )) {
  228. DbgPrint("**** Failed **** \n");
  229. DbgPrint("*Se** Failure: RtlValidSid, BambamSid\n");
  230. return FALSE;
  231. }
  232. if (!RtlValidSid( FlintstoneSid )) {
  233. DbgPrint("**** Failed **** \n");
  234. DbgPrint("*Se** Failure: RtlValidSid, FlintstoneSid\n");
  235. return FALSE;
  236. }
  237. if (!RtlValidSid( RubbleSid )) {
  238. DbgPrint("**** Failed **** \n");
  239. DbgPrint("*Se** Failure: RtlValidSid, RubbleSid\n");
  240. return FALSE;
  241. }
  242. if (!RtlValidSid( AdultSid )) {
  243. DbgPrint("**** Failed **** \n");
  244. DbgPrint("*Se** Failure: RtlValidSid, AdultSid\n");
  245. return FALSE;
  246. }
  247. if (!RtlValidSid( ChildSid )) {
  248. DbgPrint("**** Failed **** \n");
  249. DbgPrint("*Se** Failure: RtlValidSid, ChildSid\n");
  250. return FALSE;
  251. }
  252. if (!RtlValidSid( NeandertholSid )) {
  253. DbgPrint("**** Failed **** \n");
  254. DbgPrint("*Se** Failure: RtlValidSid, NeandertholSid\n");
  255. return FALSE;
  256. }
  257. //
  258. // Well known SIDs
  259. //
  260. if (!RtlValidSid( NullSid )) {
  261. DbgPrint("**** Failed **** \n");
  262. DbgPrint("*Se** Failure: RtlValidSid, NullSid\n");
  263. return FALSE;
  264. }
  265. if (!RtlValidSid( WorldSid )) {
  266. DbgPrint("**** Failed **** \n");
  267. DbgPrint("*Se** Failure: RtlValidSid, WorldSid\n");
  268. return FALSE;
  269. }
  270. if (!RtlValidSid( LocalSid )) {
  271. DbgPrint("**** Failed **** \n");
  272. DbgPrint("*Se** Failure: RtlValidSid, CreatorSid\n");
  273. return FALSE;
  274. }
  275. if (!RtlValidSid( NtAuthoritySid )) {
  276. DbgPrint("**** Failed **** \n");
  277. DbgPrint("*Se** Failure: RtlValidSid, NtAuthoritySid\n");
  278. return FALSE;
  279. }
  280. if (!RtlValidSid( DialupSid )) {
  281. DbgPrint("**** Failed **** \n");
  282. DbgPrint("*Se** Failure: RtlValidSid, DialupSid\n");
  283. return FALSE;
  284. }
  285. if (!RtlValidSid( NetworkSid )) {
  286. DbgPrint("**** Failed **** \n");
  287. DbgPrint("*Se** Failure: RtlValidSid, NetworkSid\n");
  288. return FALSE;
  289. }
  290. if (!RtlValidSid( BatchSid )) {
  291. DbgPrint("**** Failed **** \n");
  292. DbgPrint("*Se** Failure: RtlValidSid, BatchSid\n");
  293. return FALSE;
  294. }
  295. if (!RtlValidSid( InteractiveSid )) {
  296. DbgPrint("**** Failed **** \n");
  297. DbgPrint("*Se** Failure: RtlValidSid, InteractiveSid\n");
  298. return FALSE;
  299. }
  300. if (!RtlValidSid( LocalSystemSid )) {
  301. DbgPrint("**** Failed **** \n");
  302. DbgPrint("*Se** Failure: RtlValidSid, LocalSystemSid\n");
  303. return FALSE;
  304. }
  305. //
  306. // Test SidAndAttributesArray copy routine
  307. //
  308. SourceArray = (PSID_AND_ATTRIBUTES)TstAllocatePool( PagedPool, 100 );
  309. TargetArray = (PSID_AND_ATTRIBUTES)TstAllocatePool( PagedPool,
  310. TARGET_SID_ARRAY_LENGTH
  311. );
  312. TargetLength = TARGET_SID_ARRAY_LENGTH - (5 * sizeof(PSID_AND_ATTRIBUTES));
  313. OriginalTargetLength = TargetLength;
  314. SourceArray[0].Sid = &PebblesSid;
  315. SourceArray[0].Attributes = 0;
  316. SourceArray[1].Sid = &FlintstoneSid;
  317. SourceArray[1].Attributes = OwnerGroupAttributes;
  318. SourceArray[2].Sid = &ChildSid;
  319. SourceArray[2].Attributes = NormalGroupAttributes;
  320. SourceArray[3].Sid = &NeandertholSid;
  321. SourceArray[3].Attributes = NormalGroupAttributes;
  322. SourceArray[4].Sid = &WorldSid;
  323. SourceArray[4].Attributes = NormalGroupAttributes;
  324. Status = RtlCopySidAndAttributesArray(
  325. 0,
  326. SourceArray,
  327. TargetLength,
  328. TargetArray,
  329. &(TargetArray[5]),
  330. &(PSID)Ignore,
  331. &TargetLength
  332. );
  333. if (!NT_SUCCESS(Status) || TargetLength != OriginalTargetLength ) {
  334. DbgPrint("**** Failed **** \n");
  335. DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray, Zero length.\n");
  336. return FALSE;
  337. }
  338. Status = RtlCopySidAndAttributesArray(
  339. 1,
  340. SourceArray,
  341. 1, // too short buffer
  342. TargetArray,
  343. &(TargetArray[1]),
  344. &(PSID)Ignore,
  345. &TargetLength
  346. );
  347. if (NT_SUCCESS(Status)) {
  348. DbgPrint("**** Failed **** \n");
  349. DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray,\n");
  350. DbgPrint("*Se** Buffer Too Short Test.\n");
  351. return FALSE;
  352. }
  353. TargetLength = TARGET_SID_ARRAY_LENGTH - (5 * sizeof(PSID_AND_ATTRIBUTES));
  354. OriginalTargetLength = TargetLength;
  355. Status = RtlCopySidAndAttributesArray(
  356. 5,
  357. SourceArray,
  358. TargetLength,
  359. TargetArray,
  360. &(TargetArray[5]),
  361. &(PSID)Ignore,
  362. &TargetLength
  363. );
  364. if (!NT_SUCCESS(Status) ||
  365. !RtlEqualSid( SourceArray[0].Sid, TargetArray[0].Sid ) ||
  366. !RtlEqualSid( SourceArray[1].Sid, TargetArray[1].Sid ) ||
  367. !RtlEqualSid( SourceArray[2].Sid, TargetArray[2].Sid ) ||
  368. !RtlEqualSid( SourceArray[3].Sid, TargetArray[3].Sid ) ||
  369. !RtlEqualSid( SourceArray[4].Sid, TargetArray[4].Sid ) ||
  370. ( SourceArray[0].Attributes != TargetArray[0].Attributes ) ||
  371. ( SourceArray[1].Attributes != TargetArray[1].Attributes ) ||
  372. ( SourceArray[2].Attributes != TargetArray[2].Attributes ) ||
  373. ( SourceArray[3].Attributes != TargetArray[3].Attributes ) ||
  374. ( SourceArray[4].Attributes != TargetArray[4].Attributes ) ) {
  375. DbgPrint("**** Failed **** \n");
  376. DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray,\n");
  377. DbgPrint("*Se** Valid copy of 5 SIDs test.\n");
  378. return FALSE;
  379. }
  380. return TRUE;
  381. }
  382. BOOLEAN
  383. TestSeSecurityDescriptor()
  384. {
  385. NTSTATUS Status;
  386. PSECURITY_DESCRIPTOR TFredDescriptor;
  387. PSECURITY_DESCRIPTOR TBarneyDescriptor;
  388. PSECURITY_DESCRIPTOR TWilmaDescriptor;
  389. PSECURITY_DESCRIPTOR TTempDescriptor;
  390. SECURITY_DESCRIPTOR_CONTROL Control;
  391. ULONG Revision;
  392. PACL TDacl;
  393. BOOLEAN TDaclPresent;
  394. BOOLEAN TDaclDefaulted;
  395. PACL TSacl;
  396. BOOLEAN TSaclPresent;
  397. BOOLEAN TSaclDefaulted;
  398. PSID TOwner;
  399. BOOLEAN TOwnerDefaulted;
  400. PSID TGroup;
  401. BOOLEAN TGroupDefaulted;
  402. PSID TFredSid;
  403. PSID TBarneySid;
  404. PSID TWilmaSid;
  405. PSID TWilmaSubSid;
  406. PSID TNoSubSid;
  407. PSID TTempSid;
  408. TFredDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
  409. TBarneyDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
  410. TWilmaDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
  411. TTempDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
  412. TFredSid = (PSID)TstAllocatePool( PagedPool, 256 );
  413. TBarneySid = (PSID)TstAllocatePool( PagedPool, 256 );
  414. TWilmaSid = (PSID)TstAllocatePool( PagedPool, 256 );
  415. TWilmaSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
  416. TNoSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
  417. TTempSid = (PSID)TstAllocatePool( PagedPool, 256 );
  418. //
  419. // Build an ACL or two for use.
  420. TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
  421. TSacl = (PACL)TstAllocatePool( PagedPool, 256 );
  422. TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION;
  423. TDacl->Sbz1=TSacl->Sbz1=0;
  424. TDacl->Sbz2=TSacl->Sbz2=0;
  425. TDacl->AclSize=256;
  426. TSacl->AclSize=8;
  427. TDacl->AceCount=TSacl->AceCount=0;
  428. //
  429. // Create Security Descriptor test
  430. //
  431. if (NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 0 ))) {
  432. DbgPrint("**** Failed **** \n");
  433. DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=0\n");
  434. return FALSE;
  435. }
  436. if (NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 2 ))) {
  437. DbgPrint("**** Failed **** \n");
  438. DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=2\n");
  439. return FALSE;
  440. }
  441. if (!NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 1 ))) {
  442. DbgPrint("**** Failed **** \n");
  443. DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=1\n");
  444. return FALSE;
  445. }
  446. #ifdef NOT_YET_DEBUGGED
  447. //
  448. // Make sure fields have been set properly
  449. //
  450. if (!NT_SUCCESS(RtlGetControlSecurityDescriptor( TTempDescriptor,
  451. &Control,
  452. &Revision))) {
  453. DbgPrint("**** Failed **** \n");
  454. DbgPrint("*Se** Failure: RtlGetControlSecurityDescriptor\n");
  455. DbgPrint("*Se** Call failed. Status = 0x%lx\n", Status);
  456. return FALSE;
  457. }
  458. if ( (Control != 0) || (Revision != 1) ) {
  459. DbgPrint("**** Failed **** \n");
  460. DbgPrint("*Se** Failure: RtlGetControlSecurityDescriptor\n");
  461. DbgPrint("*Se** Bad Control or Revision value. \n");
  462. DbgPrint("*Se** Status = 0x%lx\n", Status);
  463. DbgPrint("*Se** Returned Revision = 0x%lx\n",Revision );
  464. DbgPrint("*Se** Returned Control = 0x%lx\n", (ULONG)Control);
  465. return FALSE;
  466. }
  467. #else
  468. DBG_UNREFERENCED_LOCAL_VARIABLE( Status );
  469. DBG_UNREFERENCED_LOCAL_VARIABLE( Revision );
  470. DBG_UNREFERENCED_LOCAL_VARIABLE( Control );
  471. #endif //NOT_YET_DEFINED
  472. if (!NT_SUCCESS(RtlGetDaclSecurityDescriptor( TTempDescriptor,
  473. &TDaclPresent,
  474. &TDacl,
  475. &TDaclDefaulted))) {
  476. DbgPrint("**** Failed **** \n");
  477. DbgPrint("*Se** Failure: RtlGetDaclSecurityDescriptor, Empty\n");
  478. return FALSE;
  479. }
  480. if (TDaclPresent) {
  481. DbgPrint("**** Failed **** \n");
  482. DbgPrint("*Se** Failure: RtlGetDaclSecurityDescriptor, Empty-TDaclPresent\n");
  483. return FALSE;
  484. }
  485. if (!NT_SUCCESS(RtlGetSaclSecurityDescriptor( TTempDescriptor,
  486. &TSaclPresent,
  487. &TSacl,
  488. &TSaclDefaulted))) {
  489. DbgPrint("**** Failed **** \n");
  490. DbgPrint("*Se** Failure: RtlGetSaclSecurityDescriptor, Empty\n");
  491. return FALSE;
  492. }
  493. if (TSaclPresent) {
  494. DbgPrint("**** Failed **** \n");
  495. DbgPrint("*Se** Failure: RtlGetSaclSecurityDescriptor, Empty-TSaclPresent\n");
  496. return FALSE;
  497. }
  498. if (!NT_SUCCESS(RtlGetOwnerSecurityDescriptor( TTempDescriptor,
  499. &TOwner,
  500. &TOwnerDefaulted))) {
  501. DbgPrint("**** Failed **** \n");
  502. DbgPrint("*Se** Failure: RtlGetOwnerSecurityDescriptor, Empty\n");
  503. return FALSE;
  504. }
  505. if (TOwner != NULL) {
  506. DbgPrint("**** Failed **** \n");
  507. DbgPrint("*Se** Failure: RtlGetOwnerSecurityDescriptor, Empty-TOwner\n");
  508. return FALSE;
  509. }
  510. if (!NT_SUCCESS(RtlGetGroupSecurityDescriptor( TTempDescriptor,
  511. &TGroup,
  512. &TGroupDefaulted))) {
  513. DbgPrint("**** Failed **** \n");
  514. DbgPrint("*Se** Failure: RtlGetGroupSecurityDescriptor, Empty\n");
  515. return FALSE;
  516. }
  517. if (TGroup != NULL) {
  518. DbgPrint("**** Failed **** \n");
  519. DbgPrint("*Se** Failure: RtlGetGroupSecurityDescriptor, Empty-TGroup\n");
  520. return FALSE;
  521. }
  522. //
  523. // Valid Security Descriptor test
  524. //
  525. ((SECURITY_DESCRIPTOR *)TTempDescriptor)->Revision=0;
  526. if (RtlValidSecurityDescriptor( TTempDescriptor )) {
  527. DbgPrint("**** Failed **** \n");
  528. DbgPrint("*Se** Failure: RtlValidSecurityDescriptor, Rev=0\n");
  529. return FALSE;
  530. }
  531. ((SECURITY_DESCRIPTOR *)TTempDescriptor)->Revision=1;
  532. if (!RtlValidSecurityDescriptor( TTempDescriptor )) {
  533. DbgPrint("**** Failed **** \n");
  534. DbgPrint("*Se** Failure: RtlValidSecurityDescriptor, Empty\n");
  535. return FALSE;
  536. }
  537. //
  538. // Length test
  539. //
  540. if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 20) {
  541. DbgPrint("**** Failed **** \n");
  542. DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, Empty\n");
  543. return FALSE;
  544. }
  545. //
  546. // Add in an owner
  547. //
  548. if (!NT_SUCCESS(RtlSetOwnerSecurityDescriptor( TTempDescriptor, TWilmaSid, FALSE ))) {
  549. DbgPrint("**** Failed **** \n");
  550. DbgPrint("*Se** Failure: RtlSetOwnerSecurityDescriptor, TWilmaSid\n");
  551. return FALSE;
  552. }
  553. if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 32) {
  554. DbgPrint("**** Failed **** \n");
  555. DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, Wilma Owner\n");
  556. return FALSE;
  557. }
  558. //
  559. // Add in a Dacl
  560. //
  561. if (!NT_SUCCESS(RtlSetDaclSecurityDescriptor( TTempDescriptor, TRUE,
  562. TDacl, FALSE ))) {
  563. DbgPrint("**** Failed **** \n");
  564. DbgPrint("*Se** Failure: RtlSetDaclSecurityDescriptor, TDacl\n");
  565. return FALSE;
  566. }
  567. if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 40) {
  568. DbgPrint("**** Failed **** \n");
  569. DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, TDacl Dacl\n");
  570. return FALSE;
  571. }
  572. //
  573. // Add in a Sacl
  574. //
  575. if (!NT_SUCCESS(RtlSetSaclSecurityDescriptor( TTempDescriptor, TRUE,
  576. TSacl, FALSE ))) {
  577. DbgPrint("**** Failed **** \n");
  578. DbgPrint("*Se** Failure: RtlSetSaclSecurityDescriptor, TSacl\n");
  579. return FALSE;
  580. }
  581. if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 48) {
  582. DbgPrint("**** Failed **** \n");
  583. DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, TSacl Sacl\n");
  584. return FALSE;
  585. }
  586. //
  587. // Add in a Group (with 2 sub-authorities)
  588. //
  589. if (!NT_SUCCESS(RtlSetGroupSecurityDescriptor( TTempDescriptor, TWilmaSubSid, FALSE ))) {
  590. DbgPrint("**** Failed **** \n");
  591. DbgPrint("*Se** Failure: RtlSetGroupSecurityDescriptor, TWilmaSubSid\n");
  592. return FALSE;
  593. }
  594. if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 64) {
  595. DbgPrint("**** Failed **** \n");
  596. DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, WilmaSub Group\n");
  597. return FALSE;
  598. }
  599. return TRUE;
  600. }
  601. BOOLEAN
  602. TestSeAccessMask()
  603. {
  604. return TRUE;
  605. }
  606. VOID
  607. DumpAclSizeInfo(PACL_SIZE_INFORMATION AclSizeInfo)
  608. {
  609. DbgPrint("\n");
  610. DbgPrint("Acl size info:\n");
  611. DbgPrint("AceCount = %d\n",AclSizeInfo->AceCount);
  612. DbgPrint("AclBytesInUse = %d\n",AclSizeInfo->AclBytesInUse);
  613. DbgPrint("AclBytesFree = %d\n",AclSizeInfo->AclBytesFree);
  614. return;
  615. }
  616. #define NUM_ACE 6
  617. typedef struct _SIMPLE_ACE {
  618. ACE_HEADER Header;
  619. ACCESS_MASK Mask;
  620. SID Sid;
  621. } SIMPLE_ACE, *PSIMPLE_ACE;
  622. BOOLEAN
  623. TestSeAclRtl()
  624. {
  625. PACL TDacl;
  626. NTSTATUS Status;
  627. ACL_REVISION_INFORMATION AclInformation;
  628. ACL_REVISION_INFORMATION AclInformationOut;
  629. ACL_SIZE_INFORMATION AclSizeInfo;
  630. PVOID AceList;
  631. PVOID Ace;
  632. ULONG AceSize;
  633. //
  634. // Define the Dead domain
  635. //
  636. // Dead Domain S-1-54399-23-18-02
  637. // Bobby S-1-54399-23-18-02-2
  638. // Jerry S-1-54399-23-18-02-3
  639. // Phil S-1-54399-23-18-02-4
  640. // Kreutzman S-1-54399-23-18-02-5
  641. // Brent S-1-54399-23-18-02-6
  642. // Micky S-1-54399-23-18-02-7
  643. //
  644. #define DEAD_AUTHORITY {0,0,0,0,212,127}
  645. #define DEAD_SUBAUTHORITY_0 0x00000017L
  646. #define DEAD_SUBAUTHORITY_1 0x00000012L
  647. #define DEAD_SUBAUTHORITY_2 0x00000002L
  648. #define BOBBY_RID 0x00000002
  649. #define JERRY_RID 0x00000003
  650. #define PHIL_RID 0x00000004
  651. #define KREUTZMAN_RID 0x00000005
  652. #define BRENT_RID 0x00000006
  653. #define MICKY_RID 0x00000007
  654. PSID DeadDomainSid;
  655. PSID BobbySid;
  656. PSID JerrySid;
  657. PSID PhilSid;
  658. PSID KreutzmanSid;
  659. PSID BrentSid;
  660. PSID MickySid;
  661. ULONG SidWithZeroSubAuthorities;
  662. ULONG SidWithOneSubAuthority;
  663. ULONG SidWithThreeSubAuthorities;
  664. ULONG SidWithFourSubAuthorities;
  665. SID_IDENTIFIER_AUTHORITY DeadAuthority = DEAD_AUTHORITY;
  666. //
  667. // The following SID sizes need to be allocated
  668. //
  669. SidWithZeroSubAuthorities = RtlLengthRequiredSid( 0 );
  670. SidWithOneSubAuthority = RtlLengthRequiredSid( 1 );
  671. SidWithThreeSubAuthorities = RtlLengthRequiredSid( 3 );
  672. SidWithFourSubAuthorities = RtlLengthRequiredSid( 4 );
  673. DeadDomainSid = (PSID)TstAllocatePool(PagedPool,SidWithThreeSubAuthorities);
  674. BobbySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  675. JerrySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  676. PhilSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  677. KreutzmanSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  678. BrentSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  679. MickySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
  680. RtlInitializeSid( DeadDomainSid, &DeadAuthority, 3 );
  681. *(RtlSubAuthoritySid( DeadDomainSid, 0)) = DEAD_SUBAUTHORITY_0;
  682. *(RtlSubAuthoritySid( DeadDomainSid, 1)) = DEAD_SUBAUTHORITY_1;
  683. *(RtlSubAuthoritySid( DeadDomainSid, 2)) = DEAD_SUBAUTHORITY_2;
  684. RtlCopySid( SidWithFourSubAuthorities, BobbySid, DeadDomainSid);
  685. *(RtlSubAuthorityCountSid( BobbySid )) += 1;
  686. *(RtlSubAuthoritySid( BobbySid, 3)) = BOBBY_RID;
  687. RtlCopySid( SidWithFourSubAuthorities, JerrySid, DeadDomainSid);
  688. *(RtlSubAuthorityCountSid( JerrySid )) += 1;
  689. *(RtlSubAuthoritySid( JerrySid, 3)) = JERRY_RID;
  690. RtlCopySid( SidWithFourSubAuthorities, PhilSid, DeadDomainSid);
  691. *(RtlSubAuthorityCountSid( PhilSid )) += 1;
  692. *(RtlSubAuthoritySid( PhilSid, 3)) = PHIL_RID;
  693. RtlCopySid( SidWithFourSubAuthorities, KreutzmanSid, DeadDomainSid);
  694. *(RtlSubAuthorityCountSid( KreutzmanSid )) += 1;
  695. *(RtlSubAuthoritySid( KreutzmanSid, 3)) = KREUTZMAN_RID;
  696. RtlCopySid( SidWithFourSubAuthorities, BrentSid, DeadDomainSid);
  697. *(RtlSubAuthorityCountSid( BrentSid )) += 1;
  698. *(RtlSubAuthoritySid( BrentSid, 3)) = BRENT_RID;
  699. RtlCopySid( SidWithFourSubAuthorities, MickySid, DeadDomainSid);
  700. *(RtlSubAuthorityCountSid( MickySid )) += 1;
  701. *(RtlSubAuthoritySid( MickySid, 3)) = MICKY_RID;
  702. TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
  703. //DbgBreakPoint();
  704. if (!NT_SUCCESS(Status = RtlCreateAcl( TDacl, 256, ACL_REVISION ))) {
  705. DbgPrint("**** Failed **** \n");
  706. DbgPrint("RtlCreateAcl returned %X \n",Status);
  707. return(FALSE);
  708. }
  709. //DbgBreakPoint();
  710. if (!NT_SUCCESS( Status = RtlValidAcl( TDacl ) )) {
  711. DbgPrint("**** Failed **** \n");
  712. DbgPrint("RtlValidAcl returned %X \n",Status);
  713. return(FALSE);
  714. }
  715. //DbgBreakPoint();
  716. AclInformation.AclRevision = ACL_REVISION;
  717. if (!NT_SUCCESS( Status = RtlSetInformationAcl( TDacl, &AclInformation,
  718. sizeof(AclInformation), AclRevisionInformation ) )) {
  719. DbgPrint("**** Failed **** \n");
  720. DbgPrint("RtlSetInformation returned %X \n",Status);
  721. return(FALSE);
  722. }
  723. if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclInformationOut,
  724. sizeof(AclInformationOut), AclRevisionInformation ) )) {
  725. DbgPrint("**** Failed **** \n");
  726. DbgPrint("RtlQueryInformation returned %X during revision query \n",Status);
  727. return(FALSE);
  728. }
  729. if (AclInformationOut.AclRevision != ACL_REVISION) {
  730. DbgPrint("**** Failed **** \n");
  731. DbgPrint("RtlQueryInformation returned incorrect revision \n");
  732. return(FALSE);
  733. }
  734. if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclSizeInfo,
  735. sizeof(AclSizeInfo), AclSizeInformation ) )) {
  736. DbgPrint("**** Failed **** \n");
  737. DbgPrint("RtlQueryInformation returned %X during size query \n",Status);
  738. return(FALSE);
  739. }
  740. // DumpAclSizeInfo(&AclSizeInfo);
  741. AceSize = 6 * SidWithFourSubAuthorities + 1 * SidWithThreeSubAuthorities
  742. + 7 * (sizeof( ACE_HEADER ) + sizeof( ACCESS_MASK ));
  743. AceList = (PVOID)TstAllocatePool(PagedPool, AceSize);
  744. Ace = AceList;
  745. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  746. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithThreeSubAuthorities +
  747. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  748. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  749. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  750. RtlCopySid(SidWithThreeSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,DeadDomainSid);
  751. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  752. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  753. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  754. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  755. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  756. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  757. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,BobbySid);
  758. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  759. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  760. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  761. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  762. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  763. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  764. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,JerrySid);
  765. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  766. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  767. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  768. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  769. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  770. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  771. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,PhilSid);
  772. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  773. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  774. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  775. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  776. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  777. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  778. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,KreutzmanSid);
  779. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  780. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  781. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  782. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  783. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  784. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  785. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,BrentSid);
  786. (ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
  787. ((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  788. ((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
  789. (USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
  790. ((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
  791. ((PSIMPLE_ACE)Ace)->Mask = DELETE;
  792. RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,MickySid);
  793. //DbgBreakPoint();
  794. RtlAddAce(TDacl, ACL_REVISION, 0, AceList, AceSize);
  795. if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclSizeInfo,
  796. sizeof(AclSizeInfo), AclSizeInformation ) )) {
  797. DbgPrint("**** Failed **** \n");
  798. DbgPrint("RtlQueryInformation returned %X during size query \n",Status);
  799. return(FALSE);
  800. }
  801. #if 0
  802. RtlDumpAcl(TDacl);
  803. #endif
  804. RtlGetAce( TDacl, 5, &Ace );
  805. if ( !RtlEqualSid( &((PSIMPLE_ACE)Ace)->Sid, BrentSid) ) {
  806. DbgPrint("\n **** Failed **** \n");
  807. DbgPrint("RtlGetAce returned wrong Ace\n");
  808. return(FALSE);
  809. }
  810. if (!NT_SUCCESS(RtlDeleteAce (TDacl, 5))) {
  811. DbgPrint("\n **** Failed **** \n");
  812. DbgPrint("RtlDeleteAce failed\n");
  813. return(FALSE);
  814. }
  815. #if 0
  816. RtlDumpAcl(TDacl);
  817. #endif
  818. return(TRUE);
  819. }
  820. BOOLEAN
  821. TestSeRtl()
  822. {
  823. BOOLEAN Result = TRUE;
  824. DbgPrint("Se: Global Variable Initialization... ");
  825. if (TSeVariableInitialization()) {
  826. DbgPrint("Succeeded.\n");
  827. } else {
  828. Result = FALSE;
  829. }
  830. DbgPrint("Se: SID test... ");
  831. if (TestSeSid()) {
  832. DbgPrint("Succeeded.\n");
  833. } else {
  834. Result = FALSE;
  835. }
  836. DbgPrint("Se: SECURITY_DESCRIPTOR test... ");
  837. if (TestSeSecurityDescriptor()) {
  838. DbgPrint("Succeeded.\n");
  839. } else {
  840. Result = FALSE;
  841. }
  842. DbgPrint("Se: ACCESS_MASK test... ");
  843. if (TestSeAccessMask()) {
  844. DbgPrint("Succeeded.\n");
  845. } else {
  846. Result = FALSE;
  847. }
  848. DbgPrint("Se: ACL test... ");
  849. if (TestSeAclRtl()) {
  850. DbgPrint("Succeeded.\n");
  851. } else {
  852. Result = FALSE;
  853. }
  854. DbgPrint("\n");
  855. DbgPrint("\n");
  856. DbgPrint(" ********************\n");
  857. DbgPrint(" ** **\n");
  858. if (Result = TRUE) {
  859. DbgPrint(" ** Test Succeeded **\n");
  860. } else {
  861. DbgPrint(" ** Test Failed **\n");
  862. }
  863. DbgPrint(" ** **\n");
  864. DbgPrint(" ********************\n");
  865. DbgPrint("\n");
  866. DbgPrint("\n");
  867. return Result;
  868. }