|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1996.
//
// File: FILE.C
//
// Contents: Unit test for file propagation, issues
//
// History: 14-Sep-96 MacM Created
//
// Notes:
//
//----------------------------------------------------------------------------
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <stdlib.h>
#include <stdio.h>
#include <aclapi.h>
#include <seopaque.h>
#include <ntrtl.h>
#define FLAG_ON(flags,bit) ((flags) & (bit))
#define DEFAULT_ACCESS ACTRL_SVC_GET_INFO | ACTRL_SVC_SET_INFO | \
ACTRL_SVC_STATUS | ACTRL_SVC_LIST | \ ACTRL_SVC_START | ACTRL_SVC_STOP | \ ACTRL_SVC_PAUSE | ACTRL_SVC_INTERROGATE
#define HANDLE_CLOSE(h) if((h) != NULL) { CloseServiceHandle(h); (h) = NULL;}
//
// Flags for tests
//
#define STEST_READ 0x00000001
#define STEST_CACHE 0x00000002
DWORDAddAE ( IN PWSTR pwszUser, IN ACCESS_RIGHTS AccessRights, IN INHERIT_FLAGS Inherit, IN ULONG fAccess, IN PACTRL_ACCESS pExistingAccess, OUT PACTRL_ACCESS *ppNewAccess )/*++
Routine Description:
Initialize an access entry
Arguments:
pwszUser - User to set AccessRights - Access rights to set Inherit - Any inheritance flags fAccess - Allowed or denied node? pExistingAccess - Access Entry to add to ppNewAccess - Where the new access is returned
Return Value:
ERROR_SUCCESS - Success
--*/{ DWORD dwErr = ERROR_SUCCESS; ACTRL_ACCESS_ENTRY AAE;
BuildTrusteeWithNameW(&(AAE.Trustee), pwszUser); AAE.fAccessFlags = fAccess; AAE.Access = AccessRights; AAE.ProvSpecificAccess = 0; AAE.Inheritance = Inherit; AAE.lpInheritProperty = NULL;
dwErr = SetEntriesInAccessListW(1, &AAE, GRANT_ACCESS, NULL, pExistingAccess, ppNewAccess); if(dwErr != ERROR_SUCCESS) { printf(" Failed to add new access entry: %lu\n", dwErr); }
return(dwErr);}
VOIDUsage ( IN PSTR pszExe )/*++
Routine Description:
Displays the usage
Arguments:
pszExe - Name of the exe
Return Value:
VOID
--*/{ printf("%s service user [/C] [/O] [/I] [/P] [/test] [/H]\n", pszExe); printf(" where services is the display name of the service\n"); printf(" user is the name of a user to set access for\n"); printf(" /test indicates which test to run:\n"); printf(" /READ (Simple read/write)\n"); printf(" /CACHE (Cache matching)\n"); printf(" if test is not specified, all variations are run\n"); printf(" /H indicates to use the handle version of the APIs\n"); printf(" /C is Container Inherit\n"); printf(" /O is Object Inherit\n"); printf(" /I is InheritOnly\n"); printf(" /P is Inherit No Propagate\n");
return;}
//
// Conceptually, this is a companion function for GetSecurityForPath
//
#define SetSecurityForService(svc,usehandle,handle,access) \
(usehandle == TRUE ? \ SetSecurityInfoExW(handle, \ SE_SERVICE, \ DACL_SECURITY_INFORMATION, \ NULL, \ access, \ NULL, \ NULL, \ NULL, \ NULL) : \ SetNamedSecurityInfoExW(svc, \ SE_SERVICE, \ DACL_SECURITY_INFORMATION, \ NULL, \ access, \ NULL, \ NULL, \ NULL, \ NULL))
DWORDGetSecurityForService ( IN PWSTR pwszService, IN BOOL fUseHandle, OUT HANDLE *phObj, OUT PACTRL_ACCESSW *ppAccess )/*++
Routine Description:
Reads the dacl off the specified service object
Arguments:
pwszService -- Service to read fUseHandle -- Use handle or path based API phObj -- Handle to object ppAccess -- Where the access is returned
Return Value:
ERROR_SUCCESS -- Success
--*/{ DWORD dwErr = ERROR_SUCCESS; SC_HANDLE hSC;
if(fUseHandle == TRUE) { //
// Open the object
//
if(*phObj == NULL) { hSC = OpenSCManager(NULL, NULL, GENERIC_READ); if(hSC == NULL) { dwErr = GetLastError(); } else { //
// Open the service
//
*phObj = OpenService(hSC, pwszService, READ_CONTROL | WRITE_DAC); if(*phObj == NULL) { dwErr = GetLastError(); } } }
if(dwErr == ERROR_SUCCESS) { dwErr = GetSecurityInfoExW(*phObj, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, ppAccess, NULL, NULL, NULL); if(dwErr != ERROR_SUCCESS) { HANDLE_CLOSE(*phObj); }
}
} else { dwErr = GetNamedSecurityInfoExW(pwszService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, ppAccess, NULL, NULL, NULL); if(phObj != NULL) { *phObj = NULL; } }
return(dwErr);}
DWORDDoReadTest ( IN PWSTR pwszService, IN PWSTR pwszUser, IN BOOL fDoHandle )/*++
Routine Description:
Does the simple read test
Arguments:
pwszService -- Service name pwszUser -- User to run with fDoHandle -- If true, use the handle based APIs
Return Value:
ERROR_SUCCESS -- Success
--*/{ DWORD dwErr = ERROR_SUCCESS; PACTRL_ACCESS pCurrent; PACTRL_ACCESS pNew; HANDLE hObj;
printf("Simple read/write test\n");
printf(" Processing service %ws\n", pwszService); hObj = NULL;
dwErr = GetSecurityForService(pwszService, fDoHandle, &hObj, &pCurrent); if(dwErr != ERROR_SUCCESS) { printf(" Failed to read the DACL off %ws: %lu\n", pwszService, dwErr); } else { //
// Ok, now add the entry for our user
//
dwErr = AddAE(pwszUser, DEFAULT_ACCESS, 0, ACTRL_ACCESS_ALLOWED, pCurrent, &pNew); if(dwErr == ERROR_SUCCESS) { //
// Set it
//
dwErr = SetSecurityForService(pwszService, fDoHandle, hObj, pNew);
if(dwErr != ERROR_SUCCESS) { printf(" Set failed: %lu\n", dwErr); } LocalFree(pNew); }
//
// If that worked, reread the new security, and see if it's correct
//
if(dwErr == ERROR_SUCCESS) { HANDLE_CLOSE(hObj);
dwErr = GetSecurityForService(pwszService, fDoHandle, &hObj, &pNew); if(dwErr != ERROR_SUCCESS) { printf(" Failed to read the 2nd DACL off %ws: %lu\n", pwszService, dwErr); } else { //
// We should only have one property, so cheat...
//
ULONG cExpected = 1 + pCurrent->pPropertyAccessList[0]. pAccessEntryList->cEntries; ULONG cGot = pNew->pPropertyAccessList[0]. pAccessEntryList->cEntries; if(cExpected != cGot) { printf(" Expected %lu entries, got %lu\n", cExpected, cGot); dwErr = ERROR_INVALID_FUNCTION; }
LocalFree(pNew); }
//
// Restore the current security
//
SetNamedSecurityInfoExW(pwszService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, pCurrent, NULL, NULL, NULL, NULL); }
LocalFree(pCurrent); }
HANDLE_CLOSE(hObj);
return(dwErr);}
DWORDDoCacheTest ( IN PWSTR pwszService, IN PWSTR pwszUser, IN BOOL fDoHandle )/*++
Routine Description:
Does the marta cache matching test
Arguments:
pwszService -- Service name pwszUser -- User to run with fDoHandle -- If true, use the handle based APIs
Return Value:
ERROR_SUCCESS -- Success
--*/{ DWORD dwErr = ERROR_SUCCESS; PACTRL_ACCESS pCurrent; INT i; SE_OBJECT_TYPE SeList[] = {SE_FILE_OBJECT, SE_SERVICE, SE_PRINTER, SE_REGISTRY_KEY, SE_LMSHARE, SE_KERNEL_OBJECT, SE_WINDOW_OBJECT, SE_DS_OBJECT, SE_DS_OBJECT_ALL}; PSTR pszSeList[] = {"SE_FILE_OBJECT", "SE_SERVICE", "SE_PRINTER", "SE_REGISTRY_KEY", "SE_LMSHARE", "SE_KERNEL_OBJECT", "SE_WINDOW_OBJECT", "SE_DS_OBJECT", "SE_DS_OBJECT_ALL"};
ASSERT(sizeof(SeList) / sizeof(SE_OBJECT_TYPE) == sizeof(pszSeList) / sizeof(PSTR));
printf("Marta cache matching test\n");
printf(" Processing service %ws\n", pwszService);
//
// Prime the cache...
//
dwErr = GetNamedSecurityInfoExW(pwszService, SE_SERVICE, DACL_SECURITY_INFORMATION, NULL, NULL, &pCurrent, NULL, NULL, NULL); if(dwErr != ERROR_SUCCESS) { printf(" Failed to read the DACL off %ws: %lu\n", pwszService, dwErr); } else { LocalFree(pCurrent);
//
// Now, open it as an another object type...
//
for(i = 0; i < sizeof(pszSeList) / sizeof(PSTR); i++) { printf(" Processing %ws as a %s\n", pwszService, pszSeList[i]);
if(GetNamedSecurityInfoExW(pwszService, SeList[i], DACL_SECURITY_INFORMATION, NULL, NULL, &pCurrent, NULL, NULL, NULL) == ERROR_SUCCESS) { LocalFree(pCurrent); } }
//
// In order to check this, we'll set the debugger on NTMARTA, turn on cache tracing,
// and see how many hits we have. Tacky, no doubt, but we have little choice
//
}
//
// Now, create a file of the same name, and do the same code
//
if(dwErr == ERROR_SUCCESS) { HANDLE hFile; printf(" Processing file %ws\n", pwszService);
hFile = CreateFile(pwszService, GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); if(hFile == INVALID_HANDLE_VALUE) { dwErr = GetLastError(); printf(" CreateEvent on %ws failed with %lu\n", pwszService, dwErr); } else { for(i = 0; i < sizeof(pszSeList) / sizeof(PSTR); i++) { printf(" Processing %ws as a %s\n", pwszService, pszSeList[i]);
if(GetNamedSecurityInfoExW(pwszService, SeList[i], DACL_SECURITY_INFORMATION, NULL, NULL, &pCurrent, NULL, NULL, NULL) == ERROR_SUCCESS) { LocalFree(pCurrent); } }
if(GetNamedSecurityInfoExW(pwszService, SE_FILE_OBJECT, DACL_SECURITY_INFORMATION, NULL, NULL, &pCurrent, NULL, NULL, NULL) == ERROR_SUCCESS) { LocalFree(pCurrent); } CloseHandle(hFile); DeleteFile(pwszService); } }
return(dwErr);}
__cdecl main ( IN INT argc, IN CHAR *argv[])/*++
Routine Description:
The main
Arguments:
argc -- Count of arguments argv -- List of arguments
Return Value:
0 -- Success non-0 -- Failure
--*/{
DWORD dwErr = ERROR_SUCCESS; WCHAR wszService[MAX_PATH + 1]; WCHAR wszUser[MAX_PATH + 1]; INHERIT_FLAGS Inherit = 0; ULONG Tests = 0; INT i; BOOL fHandle = FALSE;
srand((ULONG)(GetTickCount() * GetCurrentThreadId()));
if(argc < 3) { Usage(argv[0]); exit(1); }
mbstowcs(wszService, argv[1], strlen(argv[1]) + 1); mbstowcs(wszUser, argv[2], strlen(argv[2]) + 1);
//
// process the command line
//
for(i = 3; i < argc; i++) { if(_stricmp(argv[i], "/h") == 0) { fHandle = TRUE; } else if(_stricmp(argv[i],"/C") == 0) { Inherit |= SUB_CONTAINERS_ONLY_INHERIT; } else if(_stricmp(argv[i],"/O") == 0) { Inherit |= SUB_OBJECTS_ONLY_INHERIT; } else if(_stricmp(argv[i],"/I") == 0) { Inherit |= INHERIT_ONLY; } else if(_stricmp(argv[i],"/P") == 0) { Inherit |= INHERIT_NO_PROPAGATE; } else if(_stricmp(argv[i],"/READ") == 0) { Tests |= STEST_READ; } else if(_stricmp(argv[i],"/CACHE") == 0) { Tests |= STEST_CACHE; } else { Usage(argv[0]); exit(1); break; } }
if(Tests == 0) { Tests = STEST_READ; }
//
// Build the tree
//
if(dwErr == ERROR_SUCCESS && FLAG_ON(Tests, STEST_READ)) { dwErr = DoReadTest(wszService, wszUser, fHandle); }
if(dwErr == ERROR_SUCCESS && FLAG_ON(Tests, STEST_CACHE)) { dwErr = DoCacheTest(wszService, wszUser, fHandle); }
printf("%s\n", dwErr == ERROR_SUCCESS ? "success" : "failed"); return(dwErr);}
|
