|
|
�//////////////////////////////////////////////////////////////////////////////
// //
// Global Definitions //
// //
//////////////////////////////////////////////////////////////////////////////
�//////////////////////////////////////////////////////////////////////////////
// //
// Global Variables //
// //
//////////////////////////////////////////////////////////////////////////////
NTSTATUS Status; OBJECT_ATTRIBUTES ObjectAttributes; STRING EventName; UNICODE_STRING UnicodeEventName; HANDLE EventHandle; UNICODE_STRING PortName; HANDLE EarPort; HANDLE TalkPort; PORT_MESSAGE RequestMessage; SECURITY_QUALITY_OF_SERVICE SecurityQos; ULONG RequestCount; HANDLE ClientToken; TOKEN_STATISTICS ClientTokenStatistics; ULONG IgnoreLength;
HANDLE SepServerThread;
�//////////////////////////////////////////////////////////////////////////////
// //
// Test Routine Definitions //
// //
//////////////////////////////////////////////////////////////////////////////
BOOLEANSepClientTestStatic(VOID);
BOOLEANSepClientTestDynamic(VOID);
BOOLEANSepClientTestEffectiveOnly( BOOLEAN StaticTest );
BOOLEANSepClientTestNotEffectiveOnly( BOOLEAN StaticTest );
BOOLEANSepClientTestAnonymous( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
BOOLEANSepClientTestIdentification( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
BOOLEANSepClientTestImpersonation( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
VOIDSepClientConnect( SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, SECURITY_CONTEXT_TRACKING_MODE TrackingMode, BOOLEAN EffectiveOnly );
VOIDSepClientMakeRemoteCall( VOID );
VOIDSepClientDropConnection( VOID );
BOOLEANSepClientTest(VOID);
NTSTATUSSepClientInitialize( );
BOOLEANSepServerTestStatic(VOID);
BOOLEANSepServerTestDynamic(VOID);
BOOLEANSepServerTestEffectiveOnly( BOOLEAN StaticTest );
BOOLEANSepServerTestNotEffectiveOnly( BOOLEAN StaticTest );
BOOLEANSepServerTestAnonymous( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
BOOLEANSepServerTestIdentification( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
BOOLEANSepServerTestImpersonation( BOOLEAN StaticTest, BOOLEAN EffectiveOnly );
VOIDSepServerWaitForNextConnect( VOID );
VOIDSepServerGetNextMessage( VOID );
VOIDSepServerCompleteMessage( VOID );
VOIDSepServerDropConnection( VOID );
BOOLEANSepServerTest(VOID);
NTSTATUSSepServerInitialize( );
VOIDSepServerSpawnClientProcess(VOID);
BOOLEANCtLpcQos (VOID);
�//////////////////////////////////////////////////////////////////////////////
// //
// Client-Side Test Routines //
// //
//////////////////////////////////////////////////////////////////////////////
VOIDSepClientConnect( SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, SECURITY_CONTEXT_TRACKING_MODE TrackingMode, BOOLEAN EffectiveOnly )
{
SecurityQos.ImpersonationLevel = ImpersonationLevel; SecurityQos.ContextTrackingMode = TrackingMode; SecurityQos.EffectiveOnly = EffectiveOnly;
Status = NtConnectPort( &TalkPort, &PortName, &SecurityQos, 0L, NULL, NULL, NULL, NULL, NULL ); SEASSERT_SUCCESS(Status);
return;}
�VOIDSepClientMakeRemoteCall( VOID )
{ PORT_MESSAGE ReplyMessage;
Status = NtRequestWaitReplyPort( TalkPort, &RequestMessage, &ReplyMessage );
RequestCount += 1;
return;}
�VOIDSepClientDropConnection( VOID )
{
Status = NtClose( TalkPort ); SEASSERT_SUCCESS(Status);
return;
}
�BOOLEANSepClientTestStatic(VOID)
{
BOOLEAN CompletionStatus;
//
// Static Context Tracking ... Suite
//
CompletionStatus = SepClientTestEffectiveOnly( TRUE );
if (CompletionStatus == TRUE) {
CompletionStatus = SepClientTestNotEffectiveOnly( TRUE ); }
return CompletionStatus;
}
�BOOLEANSepClientTestDynamic(VOID)
{ BOOLEAN CompletionStatus;
//
// Dynamic Context Tracking ... Suite
//
CompletionStatus = SepClientTestEffectiveOnly( FALSE );
if (CompletionStatus == TRUE) {
CompletionStatus = SepClientTestNotEffectiveOnly( FALSE ); }
return CompletionStatus;
}
�BOOLEANSepClientTestEffectiveOnly( BOOLEAN StaticTest )
{
BOOLEAN CompletionStatus;
//
// Effective Only ... Test
//
CompletionStatus = SepClientTestAnonymous( StaticTest, TRUE ); if (CompletionStatus == TRUE) { CompletionStatus = SepClientTestIdentification( StaticTest, TRUE ); } if (CompletionStatus == TRUE) { CompletionStatus = SepClientTestImpersonation( StaticTest, TRUE ); }
return CompletionStatus;
}
�BOOLEANSepClientTestNotEffectiveOnly( BOOLEAN StaticTest )
{ BOOLEAN CompletionStatus;
//
// Not Effective Only ... Test
//
CompletionStatus = SepClientTestAnonymous( StaticTest, FALSE ); if (CompletionStatus == TRUE) { CompletionStatus = SepClientTestIdentification( StaticTest, FALSE ); } if (CompletionStatus == TRUE) { CompletionStatus = SepClientTestImpersonation( StaticTest, FALSE ); }
return CompletionStatus;
}
�BOOLEANSepClientTestAnonymous( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{
//////////////////////////////////////////////////////////////////////////
// //
// Anonymous Use Test //
// //
//////////////////////////////////////////////////////////////////////////
SECURITY_CONTEXT_TRACKING_MODE TrackingMode;
if (StaticTest) { TrackingMode = SECURITY_STATIC_TRACKING; } else { TrackingMode = SECURITY_DYNAMIC_TRACKING; }
if (!StaticTest) { //
// No action for dynamic test
//
return TRUE; }
//
// Anonymous Use ... Test
//
SepClientConnect( SecurityAnonymous, TrackingMode, EffectiveOnly );
SepClientMakeRemoteCall();
SepClientDropConnection();
return TRUE;}
�BOOLEANSepClientTestIdentification( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{
//////////////////////////////////////////////////////////////////////////
// //
// Identification Use Test //
// //
//////////////////////////////////////////////////////////////////////////
SECURITY_CONTEXT_TRACKING_MODE TrackingMode;
if (StaticTest) { TrackingMode = SECURITY_STATIC_TRACKING; } else { TrackingMode = SECURITY_DYNAMIC_TRACKING; }
//
// Identification Use ... Test
//
SepClientConnect( SecurityIdentification, TrackingMode, EffectiveOnly );
SepClientMakeRemoteCall();
SepClientDropConnection();
return TRUE;
}
�BOOLEANSepClientTestImpersonation( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{
//////////////////////////////////////////////////////////////////////////
// //
// Impersonation Use Test //
// //
//////////////////////////////////////////////////////////////////////////
SECURITY_CONTEXT_TRACKING_MODE TrackingMode;
if (StaticTest) { TrackingMode = SECURITY_STATIC_TRACKING; } else { TrackingMode = SECURITY_DYNAMIC_TRACKING; }
//
// Impersonation Use ... Test
//
SepClientConnect( SecurityImpersonation, TrackingMode, EffectiveOnly );
SepClientMakeRemoteCall();
SepClientDropConnection();
return TRUE;
}
�BOOLEANSepClientTest(VOID)//
// Tests:
//
// Static Context Tracking Tests
// Effective Only
// Anonymous
// Identification
// Impersonation
// Not Effective Only
// Anonymous
// Identification
// Impersonation
//
// Dynamic Context Tracking Tests
// Effective Only
// Identification
// Impersonation
// Not Effective Only
// Identification
// Impersonation
//
{
BOOLEAN CompletionStatus;
//
// Run the static test suite...
//
CompletionStatus = SepClientTestStatic();
//
// Run the dynamic test suite...
//
if (CompletionStatus == TRUE) { CompletionStatus = SepClientTestDynamic(); }
DbgPrint("Se: Client Test Complete.\n");
return CompletionStatus;}
�NTSTATUSSepClientInitialize( )
{
DbgPrint("Se: Client Initializing ...\n");
//
// Initialize global variables
//
RequestMessage.u1.s1.DataLength = 0; RequestMessage.u1.s1.TotalLength = (CSHORT)sizeof(PORT_MESSAGE); RequestMessage.u2.ZeroInit = 0;
RequestCount = 0;
//
// Signal the named event to start the test
//
DbgPrint("Se: Client Starting Test ...\n"); Status = NtSetEvent( EventHandle, NULL ); SEASSERT_SUCCESS(Status);
Status = NtClose( EventHandle ); SEASSERT_SUCCESS(Status);
return STATUS_SUCCESS;}
�//////////////////////////////////////////////////////////////////////////////
// //
// Server-Side Test Routines //
// //
//////////////////////////////////////////////////////////////////////////////
VOIDSepServerWaitForNextConnect( VOID ){
CONNECTION_REQUEST ConnectionRequest;
ConnectionRequest.Length = (ULONG)sizeof(CONNECTION_REQUEST);
//
// Wait for the client to connect to the port
//
Status = NtListenPort( EarPort, &ConnectionRequest, NULL, 0L ); SEASSERT_SUCCESS(Status);
Status = NtAcceptConnectPort( &TalkPort, NULL, &ConnectionRequest, TRUE, NULL, NULL, NULL, 0L ); SEASSERT_SUCCESS(Status);
Status = NtCompleteConnectPort( TalkPort ); SEASSERT_SUCCESS(Status);
return;
}�VOIDSepServerGetNextMessage( VOID )
{
//
// Wait for the next message to come in...
//
Status = NtReplyWaitReceivePort( EarPort, NULL, NULL, &RequestMessage ); SEASSERT_SUCCESS(Status);
RequestCount += 1;
return;}�VOIDSepServerCompleteMessage( VOID )
{ PORT_MESSAGE ReplyMessage;
ReplyMessage.u1.s1.DataLength = 0; ReplyMessage.u1.s1.TotalLength = (CSHORT)sizeof(PORT_MESSAGE); ReplyMessage.u2.ZeroInit = 0; ReplyMessage.ClientId = RequestMessage.ClientId; ReplyMessage.MessageId = RequestMessage.MessageId;
//
// Send the response message
//
Status = NtReplyPort( EarPort, &ReplyMessage ); SEASSERT_SUCCESS(Status);
return;}�VOIDSepServerImpersonateClient( VOID )
{
Status = NtImpersonateClientOfPort( TalkPort, &RequestMessage ); SEASSERT_SUCCESS(Status);
}
�VOIDSepServerRevertToSelf( VOID )
{ NTSTATUS TmpStatus; HANDLE NullHandle;
NullHandle = NULL; TmpStatus = NtSetInformationThread( SepServerThread, ThreadImpersonationToken, (PVOID)&NullHandle, (ULONG)sizeof(HANDLE) ); SEASSERT_SUCCESS(TmpStatus);
}
�VOIDSepServerDropConnection( VOID )
{ Status = NtClose( TalkPort ); SEASSERT_SUCCESS(Status);
return;}�BOOLEANSepServerTestStatic(VOID)
{ BOOLEAN CompletionStatus;
DbgPrint("Se: Static Context Tracking ... Suite\n");
CompletionStatus = SepServerTestEffectiveOnly( TRUE );
if (CompletionStatus == TRUE) {
CompletionStatus = SepServerTestNotEffectiveOnly( TRUE ); }
return CompletionStatus;
}
�BOOLEANSepServerTestDynamic(VOID)
{ BOOLEAN CompletionStatus;
DbgPrint("Se: Dynamic Context Tracking ... Suite\n");
CompletionStatus = SepServerTestEffectiveOnly( FALSE );
if (CompletionStatus == TRUE) {
CompletionStatus = SepServerTestNotEffectiveOnly( FALSE ); }
return CompletionStatus;
}
�BOOLEANSepServerTestEffectiveOnly( BOOLEAN StaticTest )
{
BOOLEAN CompletionStatus;
DbgPrint("Se: Effective Only ... Test\n");
CompletionStatus = SepServerTestAnonymous( StaticTest, TRUE ); if (CompletionStatus == TRUE) { CompletionStatus = SepServerTestIdentification( StaticTest, TRUE ); } if (CompletionStatus == TRUE) { CompletionStatus = SepServerTestImpersonation( StaticTest, TRUE ); }
return CompletionStatus;
}
�BOOLEANSepServerTestNotEffectiveOnly( BOOLEAN StaticTest )
{
BOOLEAN CompletionStatus;
DbgPrint("Se: Not Effective Only ... Test\n");
CompletionStatus = SepServerTestAnonymous( StaticTest, FALSE ); if (CompletionStatus == TRUE) { CompletionStatus = SepServerTestIdentification( StaticTest, FALSE ); } if (CompletionStatus == TRUE) { CompletionStatus = SepServerTestImpersonation( StaticTest, FALSE ); }
return CompletionStatus;
}
�BOOLEANSepServerTestAnonymous( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{ BOOLEAN CompletionStatus = TRUE;
//////////////////////////////////////////////////////////////////////////
// //
// Anonymous Use Test //
// //
//////////////////////////////////////////////////////////////////////////
if (!StaticTest) { //
// No action for dynamic test
//
return TRUE; }
DbgPrint("Se: Anonymous Use ... ");
SepServerWaitForNextConnect();
SepServerGetNextMessage();
SepServerImpersonateClient(); Status = NtOpenThreadToken( SepServerThread, TOKEN_ALL_ACCESS, TRUE, &ClientToken ); SepServerRevertToSelf(); if (Status == STATUS_CANT_OPEN_ANONYMOUS) {
DbgPrint(" Succeeded\n");
} else { DbgPrint("* ! FAILED (srvr) ! *\n"); DbgPrint("Status is: 0x%lx \n", Status ); CompletionStatus = FALSE; }
SepServerCompleteMessage();
SepServerDropConnection();
//
// Appease the compiler Gods..
//
if (EffectiveOnly) {;}
return CompletionStatus;
}
�BOOLEANSepServerTestIdentification( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{
BOOLEAN CompletionStatus = TRUE; //////////////////////////////////////////////////////////////////////////
// //
// Identification Use Test //
// //
//////////////////////////////////////////////////////////////////////////
DbgPrint("Se: Identification Use ... ");
SepServerWaitForNextConnect();
SepServerGetNextMessage();
SepServerImpersonateClient(); Status = NtOpenThreadToken( SepServerThread, TOKEN_ALL_ACCESS, TRUE, &ClientToken ); SEASSERT_SUCCESS(Status); SepServerRevertToSelf(); Status = NtQueryInformationToken( ClientToken, TokenStatistics, &ClientTokenStatistics, (ULONG)sizeof(TOKEN_STATISTICS), &IgnoreLength ); SEASSERT_SUCCESS(Status);
if ( (ClientTokenStatistics.TokenType == TokenImpersonation) && (ClientTokenStatistics.ImpersonationLevel == SecurityIdentification) ) { DbgPrint(" Succeeded\n");
} else { DbgPrint("* ! FAILED (srvr) ! *\n"); CompletionStatus = FALSE; }
SepServerCompleteMessage();
SepServerDropConnection();
//
// Appease the compiler Gods..
//
if (StaticTest) {;} if (EffectiveOnly) {;}
return CompletionStatus;}
�BOOLEANSepServerTestImpersonation( BOOLEAN StaticTest, BOOLEAN EffectiveOnly )
{ BOOLEAN CompletionStatus = TRUE;
//////////////////////////////////////////////////////////////////////////
// //
// Impersonation Use Test //
// //
//////////////////////////////////////////////////////////////////////////
DbgPrint("Se: Impersonation Use ... ");
SepServerWaitForNextConnect();
SepServerGetNextMessage();
SepServerImpersonateClient(); Status = NtOpenThreadToken( SepServerThread, TOKEN_ALL_ACCESS, TRUE, &ClientToken ); SEASSERT_SUCCESS(Status); SepServerRevertToSelf(); Status = NtQueryInformationToken( ClientToken, TokenStatistics, &ClientTokenStatistics, (ULONG)sizeof(TOKEN_STATISTICS), &IgnoreLength ); SEASSERT_SUCCESS(Status);
if ( (ClientTokenStatistics.TokenType == TokenImpersonation) && (ClientTokenStatistics.ImpersonationLevel == SecurityImpersonation) ) { DbgPrint(" Succeeded\n");
} else { DbgPrint("* ! FAILED (srvr) ! *\n"); CompletionStatus = FALSE; }
SepServerCompleteMessage();
SepServerDropConnection();
//
// Appease the compiler gods
//
if (StaticTest) {;} if (EffectiveOnly) {;}
return CompletionStatus;}
�BOOLEANSepServerTest(VOID)//
// Tests:
//
// Static Context Tracking Tests
// Effective Only
// Anonymous
// Identification
// Impersonation
// Not Effective Only
// Anonymous
// Identification
// Impersonation
//
// Dynamic Context Tracking Tests
// Effective Only
// Identification
// Impersonation
// Not Effective Only
// Identification
// Impersonation
//
{
BOOLEAN CompletionStatus;
DbgPrint("Se: Server Starting Test ...\n");
//
// Run the static test suite...
//
CompletionStatus = SepServerTestStatic();
//
// Run the dynamic test suite...
//
if (CompletionStatus == TRUE) { CompletionStatus = SepServerTestDynamic(); }
DbgPrint("Se: Server Test Complete.\n");
//
// Print test results
//
DbgPrint("\n"); DbgPrint("\n"); DbgPrint("**********************\n"); DbgPrint("** **\n");
if (CompletionStatus == TRUE) { DbgPrint("** Test Succeeded **\n"); } else { DbgPrint("** Test Failed !! **\n"); }
DbgPrint("** **\n"); DbgPrint("**********************\n");
return CompletionStatus;
}�NTSTATUSSepServerInitialize( )
{
NTSTATUS Status; OBJECT_ATTRIBUTES ThreadAttributes; PTEB CurrentTeb;
DbgPrint("Se: Server Initializing ...\n");
//
// Initialize global variables
//
RequestCount = 0;
//
// Get a handle to our thread to so that we can access our thread
// even when impersonating an anonymous client (which we can't do
// using NtCurrentThread()).
//
CurrentTeb = NtCurrentTeb(); InitializeObjectAttributes(&ThreadAttributes, NULL, 0, NULL, NULL); Status = NtOpenThread( &SepServerThread, // TargetHandle
THREAD_ALL_ACCESS, // DesiredAccess
&ThreadAttributes, // ObjectAttributes
&CurrentTeb->ClientId // ClientId
); ASSERT( NT_SUCCESS(Status) );
//
// Create the server's port
//
InitializeObjectAttributes( &ObjectAttributes, &PortName, 0, NULL, NULL );
Status = NtCreatePort( &EarPort, &ObjectAttributes, 0, 4, 4 * 256 ); SEASSERT_SUCCESS(Status);
//
// Spawn a copy of ourselves...
//
DbgPrint("Se: Server Spawning client process ...\n"); SepServerSpawnClientProcess();
DbgPrint("Se: Server waiting for start of test signal ...\n");
Status = NtWaitForSingleObject( EventHandle, TRUE, NULL ); SEASSERT_SUCCESS(Status);
Status = NtClose( EventHandle ); SEASSERT_SUCCESS(Status);
return STATUS_SUCCESS;}�VOIDSepServerSpawnClientProcess(VOID)
{
RTL_USER_PROCESS_INFORMATION ProcessInformation; STRING ImagePathName, ProgramName; UNICODE_STRING UnicodeImagePathName, UnicodeProgramName; PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
RtlInitString( &ProgramName, "\\SystemRoot\\Bin\\utlpcqos.exe" ); Status = RtlAnsiStringToUnicodeString( &UnicodeProgramName, &ProgramName, TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) ); RtlInitString( &ImagePathName, "utlpcqos.exe"); Status = RtlAnsiStringToUnicodeString( &UnicodeImagePathName, &ImagePathName, TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
Status = RtlCreateProcessParameters( &ProcessParameters, &ImagePathName, //UNICODEFIX &UnicodeImagePathName,
NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL );
SEASSERT_SUCCESS(Status);
Status = RtlCreateUserProcess( &ProgramName, // UNICODEFIX &UnicodeProgramName,
ProcessParameters, // ProcessParameters
NULL, // ProcessSecurityDescriptor
NULL, // ThreadSecurityDescriptor
NtCurrentProcess(), // ParentProcess
FALSE, // InheritHandles
NULL, // DebugPort
NULL, // ExceptionPort
&ProcessInformation // ProcessInformation
); SEASSERT_SUCCESS(Status);
Status = NtResumeThread( ProcessInformation.Thread, NULL ); SEASSERT_SUCCESS(Status);
RtlDestroyProcessParameters( ProcessParameters ); RtlFreeUnicodeString( &UnicodeProgramName ); RtlFreeUnicodeString( &UnicodeImagePathName );
}
�
//////////////////////////////////////////////////////////////////////////////
// //
// Main Program Entry Routine //
// //
//////////////////////////////////////////////////////////////////////////////
BOOLEANCtLpcQos (VOID){
BOOLEAN Result = TRUE;
RtlInitUnicodeString( &PortName, L"\\TestLpcQosServerPort" );
//
// Determine whether we are the client or server side of the test.
// This is done by creating or opening a named event object. If the
// event does not yet exist, then we are the client, and must create
// the server process. Otherwise, we are the server and the client
// is waiting for us to signal the event.
//
RtlInitString( &EventName, "\\TestLpcQosEvent" ); Status = RtlAnsiStringToUnicodeString( &UnicodeEventName, &EventName, TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) ); InitializeObjectAttributes( &ObjectAttributes, &UnicodeEventName, OBJ_OPENIF, NULL, NULL ); Status = NtCreateEvent( &EventHandle, EVENT_ALL_ACCESS, &ObjectAttributes, SynchronizationEvent, FALSE );
if (Status == STATUS_OBJECT_NAME_EXISTS) {
//
// Server is already running, therefore, this process gets to be
// the client.
//
Status = SepClientInitialize(); SEASSERT_SUCCESS(Status); Result = SepClientTest();
} else {
SEASSERT_SUCCESS(Status);
//
// Event wasn't yet there, so we must be the server.
//
DbgPrint("Se: Starting LPC Impersonation Test.\n");
Status = SepServerInitialize(); SEASSERT_SUCCESS(Status); Result = SepServerTest();
DbgPrint("Se: End Test.\n");
}
Status = NtTerminateThread( NtCurrentThread(), STATUS_SUCCESS); SEASSERT_SUCCESS(Status);
return Result;
}
|
