windows-server-2003/ds/security/authz/test/qt/main.c

#include "pch.h"

AUTHZ_AUDIT_EVENT_TYPE_HANDLE hAET;
UCHAR                Buffer[2048];
AUTHZ_ACCESS_REQUEST Request       = {0};
PAUTHZ_ACCESS_REPLY  pReply        = (PAUTHZ_ACCESS_REPLY) Buffer;
BOOL                 b             = TRUE;
HANDLE               hToken        = NULL;
LUID                 Luid          = {0xdead,0xbeef};
NTSTATUS             Status        = STATUS_SUCCESS;
PAUDIT_PARAMS        pParams = NULL;

PHANDLE     pThreads           = NULL;
ACCESS_MASK DesiredAccess      = 0;
DWORD       dwThreads          = 0;
DWORD       dwThreadsRemaining = 0;
DWORD       dwAuditsPerThread  = 0;
BOOL        bAudit             = 0;
DWORD       i                  = 0;

PSECURITY_DESCRIPTOR pSD      = NULL;
PWCHAR               StringSD = L"O:BAG:DUD:(A;;0x40;;;s-1-2-2)(A;;0x1;;;BA)(OA;;0x2;6da8a4ff-0e52-11d0-a286-00aa00304900;;BA)(OA;;0x4;6da8a4ff-0e52-11d0-a286-00aa00304901;;BA)(OA;;0x8;6da8a4ff-0e52-11d0-a286-00aa00304903;;AU)(OA;;0x10;6da8a4ff-0e52-11d0-a286-00aa00304904;;BU)(OA;;0x20;6da8a4ff-0e52-11d0-a286-00aa00304905;;AU)(A;;0x40;;;PS)S:(AU;IDSAFA;0xFFFFFF;;;WD)";

AUTHZ_AUDIT_EVENT_HANDLE       hAuditEvent1  = NULL;
AUTHZ_AUDIT_EVENT_HANDLE       hAuditEvent2  = NULL;
AUTHZ_RESOURCE_MANAGER_HANDLE  hRM          = NULL;
AUTHZ_CLIENT_CONTEXT_HANDLE    hCC          = NULL;
AUTHZ_ACCESS_CHECK_RESULTS_HANDLE hAuthzCache  = NULL;
AUTHZ_AUDIT_QUEUE_HANDLE       hAAQ         = NULL;    


ULONG                      
AccessCheckAuditWork(
    LPVOID lpParameter
    )
{
    
    DWORD i   = 0;
    DWORD num = *((PDWORD)lpParameter);

    for (i = 0; i < dwAuditsPerThread; i++)
    {
        b = AuthzAccessCheck(
                0,
                hCC,
                &Request,
                hAuditEvent2,
                pSD,
                NULL,
                0,
                pReply,
                NULL
                );

        b = AuthzAccessCheck(
                0,
                hCC,
                &Request,
                hAuditEvent1,
                pSD,
                NULL,
                0,
                pReply,
                NULL
                );

    }

    InterlockedDecrement( 
        &dwThreadsRemaining
        );

    wprintf(L"Thread Done %d (%d left).\n", num, dwThreadsRemaining);
    return TRUE;
}


void _cdecl wmain(int argc, WCHAR * argv[])
{
    if (argc != 5)
    {
        wprintf(L"usage: %s AccessMask dwThreads dwAuditsPerThread bAudit\n", argv[0]);
        exit(0);
    }

    DesiredAccess      = wcstol(argv[1], NULL, 16);
    dwThreads          = wcstol(argv[2], NULL, 10);
    dwAuditsPerThread  = wcstol(argv[3], NULL, 10);
    bAudit             = wcstol(argv[4], NULL, 10);

    dwThreadsRemaining = dwThreads;

    pThreads = LocalAlloc(
                   0, 
                   sizeof(HANDLE) * dwThreads
                   );

    if (NULL == pThreads)
    {
        wprintf(L"LocalAlloc failed with %d\n", GetLastError());
        return;
    }

    //
    // Create the SD for the access checks
    //

    b = ConvertStringSecurityDescriptorToSecurityDescriptorW(
            StringSD, 
            SDDL_REVISION_1, 
            &pSD, 
            NULL
            );

    if (!b)
    {
        wprintf(L"SDDL failed with %d\n", GetLastError());
        return;
    }



    //
    // Authz stuff
    //

    b = AuthzInitializeResourceManager(
            0,
            NULL,
            NULL,
            NULL,
            L"Jeff's RM",
            &hRM
            );

    if (!b)
    {
        wprintf(L"AuthzInitializeResourceManager failed with %d\n", GetLastError());
        return;
    }
    
    b = AuthziInitializeAuditQueue(
            AUTHZ_MONITOR_AUDIT_QUEUE_SIZE,
            10000,
            500,
            NULL,
            &hAAQ
            );

    if (!b)
    {
        printf("AuthzInitializeAuditQueue failed with %d.\n", GetLastError());
        return;
    }

    b = AuthziInitializeAuditEventType(
            0,
            SE_CATEGID_OBJECT_ACCESS,
            777,
            1,
            &hAET
            );

    if (!b)
    {
        wprintf(L"initaet returned %d\n", GetLastError());
        return;
    }

    b = AuthziAllocateAuditParams(
            &pParams,
            1
            );

    AuthziInitializeAuditParamsWithRM(
        0,
        hRM,
        1,
        pParams,
        APT_String, L"Hello???"
        );

    b = AuthziInitializeAuditEvent(
            AUTHZ_NO_ALLOC_STRINGS,
            hRM,
            hAET, //NULL,     // event
            pParams, //NULL,     // params
            hAAQ,     // queue
            INFINITE, // timeout
            L"op type",
            L"object type",
            L"object name",
            L"some additional info",
            &hAuditEvent2
            );

    b = AuthziInitializeAuditEvent(
            0,
            hRM,
            NULL,     // event
            NULL,     // params
            NULL,     // queue
            INFINITE, // timeout
            L"op type1",
            L"object type1",
            L"object name1",
            L"some additional info1",
            &hAuditEvent1
            );
    if (!b)
    {
        printf("AuthzInitializeAuditInfo failed with %d.\n", GetLastError());
        return;
    }

    //
    // Create a client context from the current token.
    //

    OpenProcessToken( 
        GetCurrentProcess(), 
        TOKEN_QUERY, 
        &hToken
        );

    b = AuthzInitializeContextFromToken(
            0,
            hToken,
            hRM,
            NULL,
            Luid,
            NULL,
            &hCC
            );

    if (!b)
    {
        wprintf(L"AuthzInitializeContextFromToken failed with 0x%x\n", GetLastError());
        return;
    }            

    //
    // Now do the access check.
    //

    Request.ObjectTypeList = NULL;
    Request.PrincipalSelfSid = NULL;
    Request.DesiredAccess = DesiredAccess;

    pReply->ResultListLength = 1;
    pReply->Error = (PDWORD) (((PCHAR) pReply) + sizeof(AUTHZ_ACCESS_REPLY));
    pReply->GrantedAccessMask = (PACCESS_MASK) (pReply->Error + pReply->ResultListLength);
    pReply->SaclEvaluationResults = (PDWORD) (pReply->GrantedAccessMask + (pReply->ResultListLength * sizeof(ACCESS_MASK)));

    wprintf(L"* AccessCheck (PrincipalSelfSid == NULL, ResultListLength == 8)\n");
    
    b = AuthzAccessCheck(
            0,
            hCC,
            &Request,
            NULL,
            pSD,
            NULL,
            0,
            pReply,
            &hAuthzCache
            );

    if (!b)
    {
        wprintf(L"Initial AuthzAccessCheck failed with %d\n", GetLastError());
        return;
    }
    else
    {
        wprintf(L"Initial AuthzAccessCheck succeeded.  Here are results:\n");

        for (i = 0; i < pReply->ResultListLength; i++)
        {
            wprintf(L"ObjectType %d :: AccessMask = 0x%x, Error = %d\n",
                    i, pReply->GrantedAccessMask[i], pReply->Error[i]);
        }
    }

    wprintf(L"\nBeginning creation of audit threads.\n");

    for (i = 0; i < dwThreads; i++)
    {
        pThreads[i] = CreateThread(
                          NULL,
                          0,
                          AccessCheckAuditWork,
                          &i,
                          CREATE_SUSPENDED,
                          NULL
                          );
        
        if (pThreads[i] == NULL)
        {
            wprintf(L"CreateThread failed for thread %d with %d\n", i, GetLastError());
            return;
        }
    }

    for (i = 0; i < dwThreads; i++)
    {
        if (-1 == ResumeThread(
                      pThreads[i]
                      ))
        {
            wprintf(L"ResumeThread failed on thread %d with %d\n", i, GetLastError());
            fflush(stdout);
        }
    }

    Status = WaitForMultipleObjects(
                i, 
                pThreads, 
                TRUE, 
                INFINITE
                );

    if (!NT_SUCCESS(Status))
    {
        wprintf(L"Wait failed %d.\n", GetLastError());
    }

    wprintf(L"Done waiting for all threads.\n");
    
    AuthzFreeAuditEvent(
        hAuditEvent2
        );

    AuthziFreeAuditQueue(hAAQ);

    AuthzFreeContext(hCC);

    return;
}