archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/ntos/se/tseum.c

578 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. tseum.c
  9. Abstract:
  11. Test program for the security system
  13. Author:
  15. Gary Kimura [GaryKi] 20-Nov-1989
  17. Revision History:
  19. v3: robertre
  20. Updated ACL_REVISION
  22. --*/
  24. #include <stdio.h>
  25. #include <string.h>
  27. #include <nt.h>
  28. #include <ntrtl.h>
  30. #include "sep.h"
  31. #include "ttoken.c"
  33. VOID
  34. RtlDumpAcl(
  35. IN PACL Acl
  36. );
  39. main(
  40. int argc,
  41. char *argv[],
  42. char *envp[]
  43. )
  44. {
  45. HANDLE CurrentProcessHandle;
  46. NTSTATUS Status;
  47. ULONG i;
  48. VOID SeMain();
  50. CurrentProcessHandle = NtCurrentProcess();
  51. Status = STATUS_SUCCESS;
  53. DbgPrint( "Entering User Mode Test Program\n" );
  55. DbgPrint( "argc: %ld\n", argc );
  56. if (argv != NULL) {
  57. for (i=0; i<argc; i++) {
  58. DbgPrint( "argv[ %ld ]: %s\n", i, argv[ i ] );
  59. }
  60. }
  62. if (envp != NULL) {
  63. i = 0;
  64. while (*envp) {
  65. DbgPrint( "envp[ %02ld ]: %s\n", i++, *envp++ );
  66. }
  67. }
  69. SeMain();
  71. DbgPrint( "Exiting User Mode Test Program with Status = %lx\n", Status );
  73. NtTerminateProcess( CurrentProcessHandle, Status );
  74. }
  77. VOID
  78. SeMain(
  79. )
  80. {
  81. BOOLEAN TestCreateAcl();
  82. BOOLEAN TestQueryInformationAcl();
  83. BOOLEAN TestSetInformationAcl();
  84. BOOLEAN TestAddAce();
  85. BOOLEAN TestDeleteAce();
  86. BOOLEAN TestGetAce();
  88. BOOLEAN TestAccessCheck();
  89. BOOLEAN TestGenerateMessage();
  91. DbgPrint("Starting User Mode Security Test\n");
  93. if (!TestCreateAcl()) {
  94. DbgPrint("TestCreateAcl Error\n");
  95. return;
  96. }
  97. if (!TestQueryInformationAcl()) {
  98. DbgPrint("TestCreateAcl Error\n");
  99. return;
  100. }
  101. if (!TestSetInformationAcl()) {
  102. DbgPrint("TestCreateAcl Error\n");
  103. return;
  104. }
  105. if (!TestAddAce()) {
  106. DbgPrint("TestCreateAcl Error\n");
  107. return;
  108. }
  109. if (!TestDeleteAce()) {
  110. DbgPrint("TestCreateAcl Error\n");
  111. return;
  112. }
  113. if (!TestGetAce()) {
  114. DbgPrint("TestCreateAcl Error\n");
  115. return;
  116. }
  118. if (!TestAccessCheck()) {
  119. DbgPrint("TestCreateAcl Error\n");
  120. return;
  121. }
  122. if (!TestGenerateMessage()) {
  123. DbgPrint("TestCreateAcl Error\n");
  124. return;
  125. }
  127. DbgPrint("Ending User Mode Security Test\n");
  129. return;
  130. }
  133. BOOLEAN
  134. TestCreateAcl()
  135. {
  136. UCHAR Buffer[512];
  137. PACL Acl;
  139. NTSTATUS Status;
  141. Acl = (PACL)Buffer;
  143. //
  144. // Create a good large acl
  145. //
  147. if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
  148. DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
  149. return FALSE;
  150. }
  152. //
  153. // Create a good small acl
  154. //
  156. if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL), 1))) {
  157. DbgPrint("RtlCreateAcl Error small Acl : %8lx\n", Status);
  158. return FALSE;
  159. }
  161. //
  162. // Create a too small acl
  163. //
  165. if (NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL) - 1, 1))) {
  166. DbgPrint("RtlCreateAcl Error too small Acl : %8lx\n", Status);
  167. return FALSE;
  168. }
  170. //
  171. // Create a bad version acl
  172. //
  174. if (NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 2))) {
  175. DbgPrint("RtlCreateAcl Error bad version : %8lx\n", Status);
  176. return FALSE;
  177. }
  179. return TRUE;
  180. }
  183. BOOLEAN
  184. TestQueryInformationAcl()
  185. {
  186. UCHAR Buffer[512];
  187. PACL Acl;
  188. ACL_REVISION_INFORMATION AclRevisionInfo;
  189. ACL_SIZE_INFORMATION AclSizeInfo;
  191. NTSTATUS Status;
  193. Acl = (PACL)Buffer;
  195. BuildAcl( Fred, Acl, 512 );
  197. //
  198. // Query the revision information
  199. //
  201. if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
  202. (PVOID)&AclRevisionInfo,
  203. sizeof(ACL_REVISION_INFORMATION),
  204. AclRevisionInformation))) {
  205. DbgPrint("RtlQueryInformationAcl revision info error : %8lx\n", Status);
  206. return FALSE;
  207. }
  208. if (AclRevisionInfo.AclRevision != ACL_REVISION) {
  209. DbgPrint("RtlAclRevision Error\n");
  210. return FALSE;
  211. }
  213. //
  214. // Query size information
  215. //
  217. if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
  218. (PVOID)&AclSizeInfo,
  219. sizeof(ACL_SIZE_INFORMATION),
  220. AclSizeInformation))) {
  221. DbgPrint("RtlQueryInformationAcl size info Error : %8lx\n", Status);
  222. return FALSE;
  223. }
  224. if ((AclSizeInfo.AceCount != 6) ||
  225. (AclSizeInfo.AclBytesInUse != (sizeof(ACL)+6*sizeof(STANDARD_ACE))) ||
  226. (AclSizeInfo.AclBytesFree != 512 - AclSizeInfo.AclBytesInUse)) {
  227. DbgPrint("RtlAclSize Error\n");
  228. DbgPrint("AclSizeInfo.AceCount = %8lx\n", AclSizeInfo.AceCount);
  229. DbgPrint("AclSizeInfo.AclBytesInUse = %8lx\n", AclSizeInfo.AclBytesInUse);
  230. DbgPrint("AclSizeInfo.AclBytesFree = %8lx\n", AclSizeInfo.AclBytesFree);
  231. return FALSE;
  232. }
  234. return TRUE;
  235. }
  238. BOOLEAN
  239. TestSetInformationAcl()
  240. {
  241. UCHAR Buffer[512];
  242. PACL Acl;
  243. ACL_REVISION_INFORMATION AclRevisionInfo;
  245. NTSTATUS Status;
  247. Acl = (PACL)Buffer;
  249. BuildAcl( Fred, Acl, 512 );
  251. //
  252. // Set the revision information to the current revision level
  253. //
  255. AclRevisionInfo.AclRevision = ACL_REVISION;
  256. if (!NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
  257. (PVOID)&AclRevisionInfo,
  258. sizeof(ACL_REVISION_INFORMATION),
  259. AclRevisionInformation))) {
  260. DbgPrint("RtlSetInformationAcl revision info error : %8lx\n", Status);
  261. return FALSE;
  262. }
  264. //
  265. // Set the revision information to something wrong
  266. //
  268. AclRevisionInfo.AclRevision = ACL_REVISION+1;
  269. if (NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
  270. (PVOID)&AclRevisionInfo,
  271. sizeof(ACL_REVISION_INFORMATION),
  272. AclRevisionInformation))) {
  273. DbgPrint("RtlSetInformationAcl revision to wrong info error : %8lx\n", Status);
  274. return FALSE;
  275. }
  277. return TRUE;
  278. }
  281. BOOLEAN
  282. TestAddAce()
  283. {
  284. UCHAR AclBuffer[512];
  285. PACL Acl;
  287. STANDARD_ACE AceList[2];
  289. NTSTATUS Status;
  291. Acl = (PACL)AclBuffer;
  293. //
  294. // Create a good large acl
  295. //
  297. if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
  298. DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
  299. return FALSE;
  300. }
  302. //
  303. // test add ace to add two aces to an empty acl
  304. //
  306. AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  307. AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
  308. AceList[0].Header.InheritFlags = 0;
  309. AceList[0].Header.AceFlags = 0;
  310. AceList[0].Mask = 0x22222222;
  311. CopyGuid(&AceList[0].Guid, &FredGuid);
  313. AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  314. AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
  315. AceList[1].Header.InheritFlags = 0;
  316. AceList[1].Header.AceFlags = 0;
  317. AceList[1].Mask = 0x44444444;
  318. CopyGuid(&AceList[1].Guid, &WilmaGuid);
  320. if (!NT_SUCCESS(Status = RtlAddAce( Acl,
  321. 1,
  322. 0,
  323. AceList,
  324. 2*sizeof(STANDARD_ACE)))) {
  325. DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
  326. return FALSE;
  327. }
  329. // RtlDumpAcl(Acl);
  331. //
  332. // test add ace to add one to the beginning of an acl
  333. //
  335. AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
  336. AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
  337. AceList[0].Header.InheritFlags = 0;
  338. AceList[0].Header.AceFlags = 0;
  339. AceList[0].Mask = 0x11111111;
  340. CopyGuid(&AceList[0].Guid, &PebblesGuid);
  342. if (!NT_SUCCESS(Status = RtlAddAce( Acl,
  343. 1,
  344. 0,
  345. AceList,
  346. sizeof(STANDARD_ACE)))) {
  347. DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
  348. return FALSE;
  349. }
  351. // RtlDumpAcl(Acl);
  353. //
  354. // test add ace to add one to the middle of an acl
  355. //
  357. AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
  358. AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
  359. AceList[0].Header.InheritFlags = 0;
  360. AceList[0].Header.AceFlags = 0;
  361. AceList[0].Mask = 0x33333333;
  362. CopyGuid(&AceList[0].Guid, &DinoGuid);
  364. if (!NT_SUCCESS(Status = RtlAddAce( Acl,
  365. 1,
  366. 2,
  367. AceList,
  368. sizeof(STANDARD_ACE)))) {
  369. DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
  370. return FALSE;
  371. }
  373. // RtlDumpAcl(Acl);
  375. //
  376. // test add ace to add one to the end of an acl
  377. //
  379. AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
  380. AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
  381. AceList[0].Header.InheritFlags = 0;
  382. AceList[0].Header.AceFlags = 0;
  383. AceList[0].Mask = 0x55555555;
  384. CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
  386. if (!NT_SUCCESS(Status = RtlAddAce( Acl,
  387. 1,
  388. MAXULONG,
  389. AceList,
  390. sizeof(STANDARD_ACE)))) {
  391. DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
  392. return FALSE;
  393. }
  395. // RtlDumpAcl(Acl);
  397. return TRUE;
  398. }
  401. BOOLEAN
  402. TestDeleteAce()
  403. {
  404. UCHAR Buffer[512];
  405. PACL Acl;
  407. NTSTATUS Status;
  409. Acl = (PACL)Buffer;
  411. BuildAcl( Fred, Acl, 512 );
  413. //
  414. // test delete first ace
  415. //
  417. if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 0))) {
  418. DbgPrint("RtlDeleteAce first ace Error : %8lx\n", Status);
  419. return FALSE;
  420. }
  422. // RtlDumpAcl(Acl);
  424. //
  425. // test delete middle ace
  426. //
  428. if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 2))) {
  429. DbgPrint("RtlDeleteAce middle ace Error : %8lx\n", Status);
  430. return FALSE;
  431. }
  433. // RtlDumpAcl(Acl);
  435. //
  436. // test delete last ace
  437. //
  439. if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 3))) {
  440. DbgPrint("RtlDeleteAce last ace Error : %8lx\n", Status);
  441. return FALSE;
  442. }
  444. // RtlDumpAcl(Acl);
  446. return TRUE;
  447. }
  450. BOOLEAN
  451. TestGetAce()
  452. {
  453. UCHAR Buffer[512];
  454. PACL Acl;
  456. STANDARD_ACE Ace;
  458. NTSTATUS Status;
  460. Acl = (PACL)Buffer;
  462. BuildAcl( Fred, Acl, 512 );
  464. //
  465. // Get first ace
  466. //
  468. if (!NT_SUCCESS(Status = RtlGetAce(Acl, 0, (PVOID)&Ace))) {
  469. DbgPrint("RtlGetAce first ace error : %8lx\n", Status);
  470. return FALSE;
  471. }
  473. // RtlDumpAcl(Acl);
  475. //
  476. // Get middle ace
  477. //
  479. if (!NT_SUCCESS(Status = RtlGetAce(Acl, 3, (PVOID)&Ace))) {
  480. DbgPrint("RtlGetAce middle ace error : %8lx\n", Status);
  481. return FALSE;
  482. }
  484. // RtlDumpAcl(Acl);
  486. //
  487. // Get last ace
  488. //
  490. if (!NT_SUCCESS(Status = RtlGetAce(Acl, 5, (PVOID)&Ace))) {
  491. DbgPrint("RtlGetAce last ace error : %8lx\n", Status);
  492. return FALSE;
  493. }
  495. // RtlDumpAcl(Acl);
  497. return TRUE;
  498. }
  501. BOOLEAN
  502. TestAccessCheck()
  503. {
  504. UCHAR AclBuffer[1024];
  505. SECURITY_DESCRIPTOR SecurityDescriptor;
  506. PACL Acl;
  508. UCHAR TokenBuffer[512];
  509. PACCESS_TOKEN Token;
  511. NTSTATUS Status;
  513. Acl = (PACL)AclBuffer;
  514. BuildAcl( Fred, Acl, 1024 );
  516. Token = (PACCESS_TOKEN)TokenBuffer;
  517. BuildToken( Fred, Token );
  519. DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
  521. //
  522. // Test should be successful based on aces
  523. //
  525. if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
  526. Token,
  527. 0x00000001,
  528. NULL ))) {
  529. DbgPrint("NtAccessCheck Error should allow access : %8lx\n", Status);
  530. return FALSE;
  531. }
  533. //
  534. // Test should be successful based on owner
  535. //
  537. if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
  538. Token,
  539. READ_CONTROL,
  540. &FredGuid ))) {
  541. DbgPrint("NtAccessCheck Error should allow owner : %8lx\n", Status);
  542. return FALSE;
  543. }
  545. //
  546. // Test should be unsuccessful based on aces
  547. //
  549. if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
  550. Token,
  551. 0x0000000f,
  552. &FredGuid ))) {
  553. DbgPrint("NtAccessCheck Error shouldn't allow access : %8lx\n", Status);
  554. return FALSE;
  555. }
  557. //
  558. // Test should be unsuccessful based on non owner
  559. //
  561. if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
  562. Token,
  563. READ_CONTROL,
  564. &BarneyGuid ))) {
  565. DbgPrint("NtAccessCheck Error shouldn't allow non owner access : %8lx\n", Status);
  566. return FALSE;
  567. }
  569. return TRUE;
  570. }
  573. BOOLEAN
  574. TestGenerateMessage()
  575. {
  576. return TRUE;
  577. }