Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1120 lines
34 KiB

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
ctsertl.c
Abstract:
Common security RTL test routines.
These routines are used in both the kernel and user mode RTL tests.
Author:
Jim Kelly (JimK) 23-Mar-1990
Environment:
Test of security.
Revision History:
--*/
#include "tsecomm.c"
////////////////////////////////////////////////////////////////
// //
// Test routines //
// //
////////////////////////////////////////////////////////////////
BOOLEAN
TestSeSid()
{
#define TARGET_SID_ARRAY_LENGTH 1024
typedef struct _TALT_SID1 {
ULONG Value[3];
} TALT_SID1;
typedef TALT_SID1 *PTALT_SID1;
NTSTATUS Status;
PVOID Ignore;
PSID TFredSid;
PSID TBarneySid;
PSID TWilmaSid;
PSID TWilmaSubSid;
PSID TNoSubSid;
PSID TTempSid;
PSID_AND_ATTRIBUTES SourceArray;
PSID_AND_ATTRIBUTES TargetArray;
ULONG TargetLength;
ULONG OriginalTargetLength;
ULONG NormalGroupAttributes;
ULONG OwnerGroupAttributes;
// Temporary Hack ...
NormalGroupAttributes = 7;
OwnerGroupAttributes = 15;
// End Temporary Hack...
TFredSid = (PSID)TstAllocatePool( PagedPool, 256 );
TBarneySid = (PSID)TstAllocatePool( PagedPool, 256 );
TWilmaSid = (PSID)TstAllocatePool( PagedPool, 256 );
TWilmaSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
TNoSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
TTempSid = (PSID)TstAllocatePool( PagedPool, 256 );
//
// Valid SID structure test
//
if (!RtlValidSid( TFredSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, TFredSid\n");
return FALSE;
}
if (!RtlValidSid( TBarneySid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, TBarneySid\n");
return FALSE;
}
if (!RtlValidSid( TWilmaSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, TWilmaSid\n");
return FALSE;
}
if (!RtlValidSid( TWilmaSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, TWilmaSubSid\n");
return FALSE;
}
if (!RtlValidSid( TNoSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, TNoSubSid\n");
return FALSE;
}
//
// Equal SIDs Test
//
if (RtlEqualSid( TFredSid, TBarneySid )) {
DbgPrint("*Se** Failure: RtlEqualSid, TFredSid - TBarneySid\n");
DbgPrint("**** Failed **** \n");
return FALSE;
}
if (!RtlEqualSid( TFredSid, TFredSid )) {
DbgPrint("*Se** Failure: RtlEqualSid, TFredSid - TFredSid\n");
return FALSE;
}
if (RtlEqualSid( TWilmaSid, TWilmaSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlEqualSid, TWilmaSid - TWilmaSubSid\n");
return FALSE;
}
if (RtlEqualSid( TWilmaSid, TNoSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlEqualSid, TWilmaSid - TNoSubSid\n");
return FALSE;
}
//
// Length Required test
//
if (RtlLengthRequiredSid( 0 ) != 8) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthRequiredSid, 0 SubAuthorities\n");
return FALSE;
}
if (RtlLengthRequiredSid( 1 ) != 12) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthRequiredSid, 1 SubAuthorities\n");
return FALSE;
}
if (RtlLengthRequiredSid( 2 ) != 16) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthRequiredSid, 2 SubAuthorities\n");
return FALSE;
}
//
// Length of SID test
//
if (SeLengthSid( TNoSubSid ) != 8) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: SeLengthSid, TNoSubSid\n");
return FALSE;
}
if (SeLengthSid( TFredSid ) != 12) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: SeLengthSid, TFredSid\n");
return FALSE;
}
if (SeLengthSid( TWilmaSubSid ) != 16) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: SeLengthSid, TWilmaSubSid\n");
return FALSE;
}
//
// Copy SID Test
//
if (NT_SUCCESS(RtlCopySid( 7, TTempSid, TNoSubSid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, insufficient TNoSubSid\n");
return FALSE;
}
if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TNoSubSid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, TNoSubSid\n");
return FALSE;
}
if (!RtlEqualSid( TTempSid, TNoSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid compare, TNoSubSid\n");
return FALSE;
}
if (NT_SUCCESS(RtlCopySid( 11, TTempSid, TBarneySid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, insufficient TBarneySid\n");
return FALSE;
}
if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TBarneySid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, TBarneySid\n");
return FALSE;
}
if (!RtlEqualSid( TTempSid, TBarneySid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid compare, TBarneySid\n");
return FALSE;
}
if (NT_SUCCESS(RtlCopySid( 15, TTempSid, TWilmaSubSid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, insufficient TWilmaSubSid\n");
return FALSE;
}
if (!NT_SUCCESS(RtlCopySid( 256, TTempSid, TWilmaSubSid ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid, TNoSubSid\n");
return FALSE;
}
if (!RtlEqualSid( TTempSid, TWilmaSubSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCopySid compare, TWilmaSubSid\n");
return FALSE;
}
//
// Validate all the tsevars SIDs
//
//
// Bedrock SIDs
//
if (!RtlValidSid( BedrockDomainSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, BedrockDomainSid\n");
return FALSE;
}
if (!RtlValidSid( FredSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, FredSid\n");
return FALSE;
}
if (!RtlValidSid( WilmaSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, WilmaSid\n");
return FALSE;
}
if (!RtlValidSid( PebblesSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, PebblesSid\n");
return FALSE;
}
if (!RtlValidSid( DinoSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, DinoSid\n");
return FALSE;
}
if (!RtlValidSid( BarneySid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, BarneySid\n");
return FALSE;
}
if (!RtlValidSid( BettySid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, BettySid\n");
return FALSE;
}
if (!RtlValidSid( BambamSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, BambamSid\n");
return FALSE;
}
if (!RtlValidSid( FlintstoneSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, FlintstoneSid\n");
return FALSE;
}
if (!RtlValidSid( RubbleSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, RubbleSid\n");
return FALSE;
}
if (!RtlValidSid( AdultSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, AdultSid\n");
return FALSE;
}
if (!RtlValidSid( ChildSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, ChildSid\n");
return FALSE;
}
if (!RtlValidSid( NeandertholSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, NeandertholSid\n");
return FALSE;
}
//
// Well known SIDs
//
if (!RtlValidSid( NullSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, NullSid\n");
return FALSE;
}
if (!RtlValidSid( WorldSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, WorldSid\n");
return FALSE;
}
if (!RtlValidSid( LocalSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, CreatorSid\n");
return FALSE;
}
if (!RtlValidSid( NtAuthoritySid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, NtAuthoritySid\n");
return FALSE;
}
if (!RtlValidSid( DialupSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, DialupSid\n");
return FALSE;
}
if (!RtlValidSid( NetworkSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, NetworkSid\n");
return FALSE;
}
if (!RtlValidSid( BatchSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, BatchSid\n");
return FALSE;
}
if (!RtlValidSid( InteractiveSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, InteractiveSid\n");
return FALSE;
}
if (!RtlValidSid( LocalSystemSid )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSid, LocalSystemSid\n");
return FALSE;
}
//
// Test SidAndAttributesArray copy routine
//
SourceArray = (PSID_AND_ATTRIBUTES)TstAllocatePool( PagedPool, 100 );
TargetArray = (PSID_AND_ATTRIBUTES)TstAllocatePool( PagedPool,
TARGET_SID_ARRAY_LENGTH
);
TargetLength = TARGET_SID_ARRAY_LENGTH - (5 * sizeof(PSID_AND_ATTRIBUTES));
OriginalTargetLength = TargetLength;
SourceArray[0].Sid = &PebblesSid;
SourceArray[0].Attributes = 0;
SourceArray[1].Sid = &FlintstoneSid;
SourceArray[1].Attributes = OwnerGroupAttributes;
SourceArray[2].Sid = &ChildSid;
SourceArray[2].Attributes = NormalGroupAttributes;
SourceArray[3].Sid = &NeandertholSid;
SourceArray[3].Attributes = NormalGroupAttributes;
SourceArray[4].Sid = &WorldSid;
SourceArray[4].Attributes = NormalGroupAttributes;
Status = RtlCopySidAndAttributesArray(
0,
SourceArray,
TargetLength,
TargetArray,
&(TargetArray[5]),
&(PSID)Ignore,
&TargetLength
);
if (!NT_SUCCESS(Status) || TargetLength != OriginalTargetLength ) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray, Zero length.\n");
return FALSE;
}
Status = RtlCopySidAndAttributesArray(
1,
SourceArray,
1, // too short buffer
TargetArray,
&(TargetArray[1]),
&(PSID)Ignore,
&TargetLength
);
if (NT_SUCCESS(Status)) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray,\n");
DbgPrint("*Se** Buffer Too Short Test.\n");
return FALSE;
}
TargetLength = TARGET_SID_ARRAY_LENGTH - (5 * sizeof(PSID_AND_ATTRIBUTES));
OriginalTargetLength = TargetLength;
Status = RtlCopySidAndAttributesArray(
5,
SourceArray,
TargetLength,
TargetArray,
&(TargetArray[5]),
&(PSID)Ignore,
&TargetLength
);
if (!NT_SUCCESS(Status) ||
!RtlEqualSid( SourceArray[0].Sid, TargetArray[0].Sid ) ||
!RtlEqualSid( SourceArray[1].Sid, TargetArray[1].Sid ) ||
!RtlEqualSid( SourceArray[2].Sid, TargetArray[2].Sid ) ||
!RtlEqualSid( SourceArray[3].Sid, TargetArray[3].Sid ) ||
!RtlEqualSid( SourceArray[4].Sid, TargetArray[4].Sid ) ||
( SourceArray[0].Attributes != TargetArray[0].Attributes ) ||
( SourceArray[1].Attributes != TargetArray[1].Attributes ) ||
( SourceArray[2].Attributes != TargetArray[2].Attributes ) ||
( SourceArray[3].Attributes != TargetArray[3].Attributes ) ||
( SourceArray[4].Attributes != TargetArray[4].Attributes ) ) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtLCopySidAndAttributesArray,\n");
DbgPrint("*Se** Valid copy of 5 SIDs test.\n");
return FALSE;
}
return TRUE;
}
BOOLEAN
TestSeSecurityDescriptor()
{
NTSTATUS Status;
PSECURITY_DESCRIPTOR TFredDescriptor;
PSECURITY_DESCRIPTOR TBarneyDescriptor;
PSECURITY_DESCRIPTOR TWilmaDescriptor;
PSECURITY_DESCRIPTOR TTempDescriptor;
SECURITY_DESCRIPTOR_CONTROL Control;
ULONG Revision;
PACL TDacl;
BOOLEAN TDaclPresent;
BOOLEAN TDaclDefaulted;
PACL TSacl;
BOOLEAN TSaclPresent;
BOOLEAN TSaclDefaulted;
PSID TOwner;
BOOLEAN TOwnerDefaulted;
PSID TGroup;
BOOLEAN TGroupDefaulted;
PSID TFredSid;
PSID TBarneySid;
PSID TWilmaSid;
PSID TWilmaSubSid;
PSID TNoSubSid;
PSID TTempSid;
TFredDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
TBarneyDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
TWilmaDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
TTempDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
TFredSid = (PSID)TstAllocatePool( PagedPool, 256 );
TBarneySid = (PSID)TstAllocatePool( PagedPool, 256 );
TWilmaSid = (PSID)TstAllocatePool( PagedPool, 256 );
TWilmaSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
TNoSubSid = (PSID)TstAllocatePool( PagedPool, 256 );
TTempSid = (PSID)TstAllocatePool( PagedPool, 256 );
//
// Build an ACL or two for use.
TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
TSacl = (PACL)TstAllocatePool( PagedPool, 256 );
TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION;
TDacl->Sbz1=TSacl->Sbz1=0;
TDacl->Sbz2=TSacl->Sbz2=0;
TDacl->AclSize=256;
TSacl->AclSize=8;
TDacl->AceCount=TSacl->AceCount=0;
//
// Create Security Descriptor test
//
if (NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 0 ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=0\n");
return FALSE;
}
if (NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 2 ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=2\n");
return FALSE;
}
if (!NT_SUCCESS(RtlCreateSecurityDescriptor( TTempDescriptor, 1 ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlCreateSecurityDescriptor, Rev=1\n");
return FALSE;
}
#ifdef NOT_YET_DEBUGGED
//
// Make sure fields have been set properly
//
if (!NT_SUCCESS(RtlGetControlSecurityDescriptor( TTempDescriptor,
&Control,
&Revision))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetControlSecurityDescriptor\n");
DbgPrint("*Se** Call failed. Status = 0x%lx\n", Status);
return FALSE;
}
if ( (Control != 0) || (Revision != 1) ) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetControlSecurityDescriptor\n");
DbgPrint("*Se** Bad Control or Revision value. \n");
DbgPrint("*Se** Status = 0x%lx\n", Status);
DbgPrint("*Se** Returned Revision = 0x%lx\n",Revision );
DbgPrint("*Se** Returned Control = 0x%lx\n", (ULONG)Control);
return FALSE;
}
#else
DBG_UNREFERENCED_LOCAL_VARIABLE( Status );
DBG_UNREFERENCED_LOCAL_VARIABLE( Revision );
DBG_UNREFERENCED_LOCAL_VARIABLE( Control );
#endif //NOT_YET_DEFINED
if (!NT_SUCCESS(RtlGetDaclSecurityDescriptor( TTempDescriptor,
&TDaclPresent,
&TDacl,
&TDaclDefaulted))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetDaclSecurityDescriptor, Empty\n");
return FALSE;
}
if (TDaclPresent) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetDaclSecurityDescriptor, Empty-TDaclPresent\n");
return FALSE;
}
if (!NT_SUCCESS(RtlGetSaclSecurityDescriptor( TTempDescriptor,
&TSaclPresent,
&TSacl,
&TSaclDefaulted))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetSaclSecurityDescriptor, Empty\n");
return FALSE;
}
if (TSaclPresent) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetSaclSecurityDescriptor, Empty-TSaclPresent\n");
return FALSE;
}
if (!NT_SUCCESS(RtlGetOwnerSecurityDescriptor( TTempDescriptor,
&TOwner,
&TOwnerDefaulted))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetOwnerSecurityDescriptor, Empty\n");
return FALSE;
}
if (TOwner != NULL) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetOwnerSecurityDescriptor, Empty-TOwner\n");
return FALSE;
}
if (!NT_SUCCESS(RtlGetGroupSecurityDescriptor( TTempDescriptor,
&TGroup,
&TGroupDefaulted))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetGroupSecurityDescriptor, Empty\n");
return FALSE;
}
if (TGroup != NULL) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlGetGroupSecurityDescriptor, Empty-TGroup\n");
return FALSE;
}
//
// Valid Security Descriptor test
//
((SECURITY_DESCRIPTOR *)TTempDescriptor)->Revision=0;
if (RtlValidSecurityDescriptor( TTempDescriptor )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSecurityDescriptor, Rev=0\n");
return FALSE;
}
((SECURITY_DESCRIPTOR *)TTempDescriptor)->Revision=1;
if (!RtlValidSecurityDescriptor( TTempDescriptor )) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlValidSecurityDescriptor, Empty\n");
return FALSE;
}
//
// Length test
//
if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 20) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, Empty\n");
return FALSE;
}
//
// Add in an owner
//
if (!NT_SUCCESS(RtlSetOwnerSecurityDescriptor( TTempDescriptor, TWilmaSid, FALSE ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlSetOwnerSecurityDescriptor, TWilmaSid\n");
return FALSE;
}
if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 32) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, Wilma Owner\n");
return FALSE;
}
//
// Add in a Dacl
//
if (!NT_SUCCESS(RtlSetDaclSecurityDescriptor( TTempDescriptor, TRUE,
TDacl, FALSE ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlSetDaclSecurityDescriptor, TDacl\n");
return FALSE;
}
if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 40) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, TDacl Dacl\n");
return FALSE;
}
//
// Add in a Sacl
//
if (!NT_SUCCESS(RtlSetSaclSecurityDescriptor( TTempDescriptor, TRUE,
TSacl, FALSE ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlSetSaclSecurityDescriptor, TSacl\n");
return FALSE;
}
if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 48) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, TSacl Sacl\n");
return FALSE;
}
//
// Add in a Group (with 2 sub-authorities)
//
if (!NT_SUCCESS(RtlSetGroupSecurityDescriptor( TTempDescriptor, TWilmaSubSid, FALSE ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlSetGroupSecurityDescriptor, TWilmaSubSid\n");
return FALSE;
}
if (RtlLengthSecurityDescriptor( TTempDescriptor ) != 64) {
DbgPrint("**** Failed **** \n");
DbgPrint("*Se** Failure: RtlLengthSecurityDescriptor, WilmaSub Group\n");
return FALSE;
}
return TRUE;
}
BOOLEAN
TestSeAccessMask()
{
return TRUE;
}
VOID
DumpAclSizeInfo(PACL_SIZE_INFORMATION AclSizeInfo)
{
DbgPrint("\n");
DbgPrint("Acl size info:\n");
DbgPrint("AceCount = %d\n",AclSizeInfo->AceCount);
DbgPrint("AclBytesInUse = %d\n",AclSizeInfo->AclBytesInUse);
DbgPrint("AclBytesFree = %d\n",AclSizeInfo->AclBytesFree);
return;
}
#define NUM_ACE 6
typedef struct _SIMPLE_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
SID Sid;
} SIMPLE_ACE, *PSIMPLE_ACE;
BOOLEAN
TestSeAclRtl()
{
PACL TDacl;
NTSTATUS Status;
ACL_REVISION_INFORMATION AclInformation;
ACL_REVISION_INFORMATION AclInformationOut;
ACL_SIZE_INFORMATION AclSizeInfo;
PVOID AceList;
PVOID Ace;
ULONG AceSize;
//
// Define the Dead domain
//
// Dead Domain S-1-54399-23-18-02
// Bobby S-1-54399-23-18-02-2
// Jerry S-1-54399-23-18-02-3
// Phil S-1-54399-23-18-02-4
// Kreutzman S-1-54399-23-18-02-5
// Brent S-1-54399-23-18-02-6
// Micky S-1-54399-23-18-02-7
//
#define DEAD_AUTHORITY {0,0,0,0,212,127}
#define DEAD_SUBAUTHORITY_0 0x00000017L
#define DEAD_SUBAUTHORITY_1 0x00000012L
#define DEAD_SUBAUTHORITY_2 0x00000002L
#define BOBBY_RID 0x00000002
#define JERRY_RID 0x00000003
#define PHIL_RID 0x00000004
#define KREUTZMAN_RID 0x00000005
#define BRENT_RID 0x00000006
#define MICKY_RID 0x00000007
PSID DeadDomainSid;
PSID BobbySid;
PSID JerrySid;
PSID PhilSid;
PSID KreutzmanSid;
PSID BrentSid;
PSID MickySid;
ULONG SidWithZeroSubAuthorities;
ULONG SidWithOneSubAuthority;
ULONG SidWithThreeSubAuthorities;
ULONG SidWithFourSubAuthorities;
SID_IDENTIFIER_AUTHORITY DeadAuthority = DEAD_AUTHORITY;
//
// The following SID sizes need to be allocated
//
SidWithZeroSubAuthorities = RtlLengthRequiredSid( 0 );
SidWithOneSubAuthority = RtlLengthRequiredSid( 1 );
SidWithThreeSubAuthorities = RtlLengthRequiredSid( 3 );
SidWithFourSubAuthorities = RtlLengthRequiredSid( 4 );
DeadDomainSid = (PSID)TstAllocatePool(PagedPool,SidWithThreeSubAuthorities);
BobbySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
JerrySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
PhilSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
KreutzmanSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
BrentSid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
MickySid = (PSID)TstAllocatePool(PagedPool,SidWithFourSubAuthorities);
RtlInitializeSid( DeadDomainSid, &DeadAuthority, 3 );
*(RtlSubAuthoritySid( DeadDomainSid, 0)) = DEAD_SUBAUTHORITY_0;
*(RtlSubAuthoritySid( DeadDomainSid, 1)) = DEAD_SUBAUTHORITY_1;
*(RtlSubAuthoritySid( DeadDomainSid, 2)) = DEAD_SUBAUTHORITY_2;
RtlCopySid( SidWithFourSubAuthorities, BobbySid, DeadDomainSid);
*(RtlSubAuthorityCountSid( BobbySid )) += 1;
*(RtlSubAuthoritySid( BobbySid, 3)) = BOBBY_RID;
RtlCopySid( SidWithFourSubAuthorities, JerrySid, DeadDomainSid);
*(RtlSubAuthorityCountSid( JerrySid )) += 1;
*(RtlSubAuthoritySid( JerrySid, 3)) = JERRY_RID;
RtlCopySid( SidWithFourSubAuthorities, PhilSid, DeadDomainSid);
*(RtlSubAuthorityCountSid( PhilSid )) += 1;
*(RtlSubAuthoritySid( PhilSid, 3)) = PHIL_RID;
RtlCopySid( SidWithFourSubAuthorities, KreutzmanSid, DeadDomainSid);
*(RtlSubAuthorityCountSid( KreutzmanSid )) += 1;
*(RtlSubAuthoritySid( KreutzmanSid, 3)) = KREUTZMAN_RID;
RtlCopySid( SidWithFourSubAuthorities, BrentSid, DeadDomainSid);
*(RtlSubAuthorityCountSid( BrentSid )) += 1;
*(RtlSubAuthoritySid( BrentSid, 3)) = BRENT_RID;
RtlCopySid( SidWithFourSubAuthorities, MickySid, DeadDomainSid);
*(RtlSubAuthorityCountSid( MickySid )) += 1;
*(RtlSubAuthoritySid( MickySid, 3)) = MICKY_RID;
TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
//DbgBreakPoint();
if (!NT_SUCCESS(Status = RtlCreateAcl( TDacl, 256, ACL_REVISION ))) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlCreateAcl returned %X \n",Status);
return(FALSE);
}
//DbgBreakPoint();
if (!NT_SUCCESS( Status = RtlValidAcl( TDacl ) )) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlValidAcl returned %X \n",Status);
return(FALSE);
}
//DbgBreakPoint();
AclInformation.AclRevision = ACL_REVISION;
if (!NT_SUCCESS( Status = RtlSetInformationAcl( TDacl, &AclInformation,
sizeof(AclInformation), AclRevisionInformation ) )) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlSetInformation returned %X \n",Status);
return(FALSE);
}
if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclInformationOut,
sizeof(AclInformationOut), AclRevisionInformation ) )) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlQueryInformation returned %X during revision query \n",Status);
return(FALSE);
}
if (AclInformationOut.AclRevision != ACL_REVISION) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlQueryInformation returned incorrect revision \n");
return(FALSE);
}
if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclSizeInfo,
sizeof(AclSizeInfo), AclSizeInformation ) )) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlQueryInformation returned %X during size query \n",Status);
return(FALSE);
}
// DumpAclSizeInfo(&AclSizeInfo);
AceSize = 6 * SidWithFourSubAuthorities + 1 * SidWithThreeSubAuthorities
+ 7 * (sizeof( ACE_HEADER ) + sizeof( ACCESS_MASK ));
AceList = (PVOID)TstAllocatePool(PagedPool, AceSize);
Ace = AceList;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithThreeSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithThreeSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,DeadDomainSid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,BobbySid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,JerrySid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,PhilSid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,KreutzmanSid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,BrentSid);
(ULONG)Ace += ((PSIMPLE_ACE)Ace)->Header.AceSize;
((PSIMPLE_ACE)Ace)->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
((PSIMPLE_ACE)Ace)->Header.AceSize = (USHORT)SidWithFourSubAuthorities +
(USHORT)sizeof(ACE_HEADER) + (USHORT)sizeof( ACCESS_MASK );
((PSIMPLE_ACE)Ace)->Header.AceFlags = OBJECT_INHERIT_ACE;
((PSIMPLE_ACE)Ace)->Mask = DELETE;
RtlCopySid(SidWithFourSubAuthorities,&((PSIMPLE_ACE)Ace)->Sid,MickySid);
//DbgBreakPoint();
RtlAddAce(TDacl, ACL_REVISION, 0, AceList, AceSize);
if (!NT_SUCCESS( Status = RtlQueryInformationAcl( TDacl, (PVOID)&AclSizeInfo,
sizeof(AclSizeInfo), AclSizeInformation ) )) {
DbgPrint("**** Failed **** \n");
DbgPrint("RtlQueryInformation returned %X during size query \n",Status);
return(FALSE);
}
#if 0
RtlDumpAcl(TDacl);
#endif
RtlGetAce( TDacl, 5, &Ace );
if ( !RtlEqualSid( &((PSIMPLE_ACE)Ace)->Sid, BrentSid) ) {
DbgPrint("\n **** Failed **** \n");
DbgPrint("RtlGetAce returned wrong Ace\n");
return(FALSE);
}
if (!NT_SUCCESS(RtlDeleteAce (TDacl, 5))) {
DbgPrint("\n **** Failed **** \n");
DbgPrint("RtlDeleteAce failed\n");
return(FALSE);
}
#if 0
RtlDumpAcl(TDacl);
#endif
return(TRUE);
}
BOOLEAN
TestSeRtl()
{
BOOLEAN Result = TRUE;
DbgPrint("Se: Global Variable Initialization... ");
if (TSeVariableInitialization()) {
DbgPrint("Succeeded.\n");
} else {
Result = FALSE;
}
DbgPrint("Se: SID test... ");
if (TestSeSid()) {
DbgPrint("Succeeded.\n");
} else {
Result = FALSE;
}
DbgPrint("Se: SECURITY_DESCRIPTOR test... ");
if (TestSeSecurityDescriptor()) {
DbgPrint("Succeeded.\n");
} else {
Result = FALSE;
}
DbgPrint("Se: ACCESS_MASK test... ");
if (TestSeAccessMask()) {
DbgPrint("Succeeded.\n");
} else {
Result = FALSE;
}
DbgPrint("Se: ACL test... ");
if (TestSeAclRtl()) {
DbgPrint("Succeeded.\n");
} else {
Result = FALSE;
}
DbgPrint("\n");
DbgPrint("\n");
DbgPrint(" ********************\n");
DbgPrint(" ** **\n");
if (Result = TRUE) {
DbgPrint(" ** Test Succeeded **\n");
} else {
DbgPrint(" ** Test Failed **\n");
}
DbgPrint(" ** **\n");
DbgPrint(" ********************\n");
DbgPrint("\n");
DbgPrint("\n");
return Result;
}