#include "pch.h" #include PSID pSid = NULL; void _cdecl wmain(int argc, WCHAR * argv[]) { LONG i = 0; LONG ii = 0; LONG j = 0; LONG Iterations = 0; BOOL b = TRUE; AUTHZ_AUDIT_EVENT_HANDLE hAAI1 = NULL; AUTHZ_AUDIT_EVENT_HANDLE hAAI2 = NULL; AUTHZ_AUDIT_EVENT_HANDLE hOA = NULL; AUTHZ_RESOURCE_MANAGER_HANDLE hRM = NULL; AUTHZ_AUDIT_QUEUE_HANDLE hAAQ = NULL; AUTHZ_CLIENT_CONTEXT_HANDLE hCC = NULL; PSECURITY_DESCRIPTOR pSD = NULL; PSECURITY_DESCRIPTOR pSD2 = NULL; PSECURITY_DESCRIPTOR pASD[2]; PWCHAR StringSD = L"O:BAG:BUD:(A;;0x40;;;s-1-2-2)(A;;0x1;;;BA)(OA;;0x2;6da8a4ff-0e52-11d0-a286-00aa00304900;;BA)(OA;;0x4;6da8a4ff-0e52-11d0-a286-00aa00304901;;BA)(OA;;0x8;6da8a4ff-0e52-11d0-a286-00aa00304903;;AU)(OA;;0x10;6da8a4ff-0e52-11d0-a286-00aa00304904;;BU)(OA;;0x20;6da8a4ff-0e52-11d0-a286-00aa00304905;;AU)(A;;0x40;;;PS)S:(AU;IDSAFA;0xFFFFFF;;;WD)"; HANDLE hToken = NULL; UCHAR Buffer[256]; AUTHZ_ACCESS_REQUEST Request = {0}; PAUTHZ_ACCESS_REPLY pReply = (PAUTHZ_ACCESS_REPLY) Buffer; LUID Luid = {0xdead,0xbeef}; PAUDIT_PARAMS pParams = NULL; AUTHZ_AUDIT_EVENT_TYPE_HANDLE pAEI = NULL; AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hCache = NULL; if (argc != 2) { wprintf(L"usage: %s iterations\n", argv[0]); exit(0); } Iterations = wcstol(argv[1], NULL, 10); wprintf(L"Log Stress with queues. Default and specific queue each with %d audits. Press a key to start.\n", Iterations); getchar(); if (!b) { wprintf(L"SDDL failed with %d\n", GetLastError()); return; } b = AuthzInitializeResourceManager( 0, NULL, NULL, NULL, L"Jeff's RM", &hRM ); if (!b) { wprintf(L"AuthzInitializeResourceManager failed with %d\n", GetLastError()); return; } // // Create a client context from the current token. // OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ); b = AuthzInitializeContextFromToken( 0, hToken, hRM, NULL, Luid, NULL, &hCC ); if (!b) { wprintf(L"AuthzInitializeContextFromToken failed with 0x%x\n", GetLastError()); return; } for (i = 0; i < Iterations; i++) { // // Create the SD for the access checks // b = ConvertStringSecurityDescriptorToSecurityDescriptorW( StringSD, SDDL_REVISION_1, &pSD, NULL ); pASD[0] = pSD; pASD[1] = pSD; AuthzInitializeObjectAccessAuditEvent( 0, NULL, L"op", L"object type", L"object name", L"info", &hOA, 0 ); if (!b) { wprintf(L"AuthzInitializeObjectAccessAuditEvent failed with %d\n", GetLastError()); return; } b = AuthziInitializeAuditEvent( AUTHZ_NO_ALLOC_STRINGS | AUTHZ_DS_CATEGORY_FLAG, hRM, NULL, NULL, NULL, INFINITE, L"This is with the default RM queue.", L"This is with the default RM queue.", L"This is with the default RM queue.", L"This is with the default RM queue.", &hAAI1 ); if (!b) { wprintf(L"AuthzInitializeAuditInfo (no queue) failed with %d\n", GetLastError()); return; } b = AuthziInitializeAuditQueue( AUTHZ_MONITOR_AUDIT_QUEUE_SIZE, 1000, 100, NULL, &hAAQ ); if (!b) { wprintf(L"AuthziInitializeAuditQueue failed with %d\n", GetLastError()); return; } b = AuthziAllocateAuditParams( &pParams, 1 ); if (!b) { wprintf(L"AuthzAllocateAuditParams failed with %d\n", GetLastError()); } b = AuthziInitializeAuditParams( 0, pParams, &pSid, L"foo", 1, APT_String, L"This audit was with a custom AUDIT_EVENT_INFO, AUDIT_PARAMS, and queue." ); // b = AuthziInitializeAuditParamsWithRM( // 0, // hRM, // 1, // pParams, // APT_String, L"This audit was with a custom AUDIT_EVENT_INFO, AUDIT_PARAMS, and queue." // ); if (!b) { wprintf(L"AuthzInitializeAuditParamsWithRM failed with %d\n", GetLastError()); } b = AuthziInitializeAuditEventType( 0, SE_CATEGID_OBJECT_ACCESS, 567, 1, &pAEI ); if (!b) { wprintf(L"AuthzInitializeAuditEvent failed with %d\n", GetLastError()); } b = AuthziInitializeAuditEvent( AUTHZ_NO_RM_AUDIT, NULL, //hRM, pAEI, pParams, NULL, INFINITE, L"This is with a specific queue and params.", L"This is with a specific queue and params.", L"This is with a specific queue and params.", L"This is with a specific queue and params.", &hAAI2 ); if (!b) { wprintf(L"AuthziInitializeAuditEvent (with queue) failed with %d\n", GetLastError()); return; } for (ii = 0; ii < 100; ii++) { b = AuthziLogAuditEvent( 0, hAAI2, NULL ); if (!b) { wprintf(L"log failed with %d \n", GetLastError()); return; } } Request.ObjectTypeList = NULL; Request.PrincipalSelfSid = NULL; Request.DesiredAccess = MAXIMUM_ALLOWED; pReply->ResultListLength = 1; pReply->Error = (PDWORD) (((PCHAR) pReply) + sizeof(AUTHZ_ACCESS_REPLY)); pReply->GrantedAccessMask = (PACCESS_MASK) (pReply->Error + pReply->ResultListLength); pReply->SaclEvaluationResults = (PDWORD) pReply->GrantedAccessMask + (sizeof(ACCESS_MASK) * pReply->ResultListLength); b = AuthzAccessCheck( 0, hCC, &Request, hOA, pSD, pASD, 2, pReply, &hCache ); if (!b) { wprintf(L"AuthzAccessCheck (with queue) failed with %d\n", GetLastError()); return; } pSD2 = pSD; pSD = NULL; for (j = 0; j < 100; j++) { b = AuthzCachedAccessCheck( 0, hCache, &Request, hOA, pReply ); b = AuthzCachedAccessCheck( 0, hCache, &Request, hAAI1, pReply ); b = AuthzCachedAccessCheck( 0, hCache, &Request, hAAI1, pReply ); if (!b) { wprintf(L"CachedAuthzAccessCheck (no queue) failed with %d\n", GetLastError()); return; } } b = AuthzFreeAuditEvent( hAAI2 ); b = AuthzFreeAuditEvent( hAAI1 ); b = AuthzFreeAuditEvent( hOA ); if (!b) { wprintf(L"AuthzFreeAuditInfo (no queue) failed with %d\n", GetLastError()); return; } b = AuthziFreeAuditEventType( pAEI ); if (!b) { wprintf(L"AuthzFreeAuditEventType failed with %d\n", GetLastError()); return; } b = AuthziFreeAuditParams( pParams ); if (!b) { wprintf(L"AuthzFreeAuditParams failed with %d\n", GetLastError()); return; } b = AuthziFreeAuditQueue( hAAQ ); if (!b) { wprintf(L"AuthzFreeAuditQueue failed with %d\n", GetLastError()); return; } b = AuthzFreeHandle( hCache ); if (!b) { wprintf(L"AuthzFreeHandle failed with %d\n", GetLastError()); return; } } b = AuthzFreeContext( hCC ); if (!b) { wprintf(L"AuthzFreeContext failed with %d\n", GetLastError()); return; } b = AuthzFreeResourceManager( hRM ); if (!b) { wprintf(L"AuthzFreeResourceManager failed with %d\n", GetLastError()); return; } wprintf(L"Done. Press a key.\n"); getchar(); }