Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

927 lines
29 KiB

  1. /*++
  2. Copyright (c) 1989 Microsoft Corporation
  3. Module Name:
  4. ctseacc.c
  5. Abstract:
  6. Common security accessibility test routines.
  7. These routines are used in both the kernel and user mode RTL tests.
  8. This test assumes the security runtime library routines are
  9. functioning correctly.
  10. Author:
  11. Jim Kelly (JimK) 23-Mar-1990
  12. Environment:
  13. Test of security.
  14. Revision History:
  15. v5: robertre
  16. Updated ACL_REVISION
  17. --*/
  18. #include "tsecomm.c" // Mode dependent macros and routines.
  19. ////////////////////////////////////////////////////////////////
  20. // //
  21. // Module wide variables //
  22. // //
  23. ////////////////////////////////////////////////////////////////
  24. NTSTATUS Status;
  25. STRING Event1Name, Process1Name;
  26. UNICODE_STRING UnicodeEvent1Name, UnicodeProcess1Name;
  27. OBJECT_ATTRIBUTES NullObjectAttributes;
  28. HANDLE Event1;
  29. OBJECT_ATTRIBUTES Event1ObjectAttributes;
  30. PSECURITY_DESCRIPTOR Event1SecurityDescriptor;
  31. PSID Event1Owner;
  32. PSID Event1Group;
  33. PACL Event1Dacl;
  34. PACL Event1Sacl;
  35. PACL TDacl;
  36. BOOLEAN TDaclPresent;
  37. BOOLEAN TDaclDefaulted;
  38. PACL TSacl;
  39. BOOLEAN TSaclPresent;
  40. BOOLEAN TSaclDefaulted;
  41. PSID TOwner;
  42. BOOLEAN TOwnerDefaulted;
  43. PSID TGroup;
  44. BOOLEAN TGroupDefaulted;
  45. HANDLE Process1;
  46. OBJECT_ATTRIBUTES Process1ObjectAttributes;
  47. ////////////////////////////////////////////////////////////////
  48. // //
  49. // Initialization Routine //
  50. // //
  51. ////////////////////////////////////////////////////////////////
  52. BOOLEAN
  53. TestSeInitialize()
  54. {
  55. Event1SecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
  56. RtlInitString(&Event1Name, "\\SecurityTestEvent1");
  57. Status = RtlAnsiStringToUnicodeString(
  58. &UnicodeEvent1Name,
  59. &Event1Name,
  60. TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
  61. RtlInitString(&Process1Name, "\\SecurityTestProcess1");
  62. Status = RtlAnsiStringToUnicodeString(
  63. &UnicodeProcess1Name,
  64. &Process1Name,
  65. TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
  66. InitializeObjectAttributes(&NullObjectAttributes, NULL, 0, NULL, NULL);
  67. //
  68. // Build an ACL or two for use.
  69. TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
  70. TSacl = (PACL)TstAllocatePool( PagedPool, 256 );
  71. TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION;
  72. TDacl->Sbz1=TSacl->Sbz1=0;
  73. TDacl->Sbz2=TSacl->Sbz2=0;
  74. TDacl->AclSize=256;
  75. TSacl->AclSize=8;
  76. TDacl->AceCount=TSacl->AceCount=0;
  77. return TRUE;
  78. }
  79. ////////////////////////////////////////////////////////////////
  80. // //
  81. // Test routines //
  82. // //
  83. ////////////////////////////////////////////////////////////////
  84. BOOLEAN
  85. TestSeUnnamedCreate()
  86. //
  87. // Test:
  88. // No Security Specified
  89. // No Inheritence
  90. // Dacl Inheritence
  91. // Sacl Inheritence
  92. // Dacl Inheritence With Creator ID
  93. // Dacl & Sacl Inheritence
  94. //
  95. // Empty Security Descriptor Explicitly Specified
  96. // No Inheritence
  97. // Dacl Inheritence
  98. // Sacl Inheritence
  99. // Dacl & Sacl Inheritence
  100. //
  101. // Explicit Dacl Specified
  102. // No Inheritence
  103. // Dacl Inheritence
  104. // Sacl Inheritence
  105. // Dacl & Sacl Inheritence
  106. //
  107. // Explicit Sacl Specified (W/Privilege)
  108. // No Inheritence
  109. // Dacl & Sacl Inheritence
  110. //
  111. // Default Dacl Specified
  112. // No Inheritence
  113. // Dacl Inheritence
  114. // Sacl Inheritence
  115. // Dacl & Sacl Inheritence
  116. //
  117. // Default Sacl Specified (W/Privilege)
  118. // No Inheritence
  119. // Dacl & Sacl Inheritence
  120. //
  121. // Explicit Sacl Specified (W/O Privilege - should be rejected)
  122. // Default Sacl Specified (W/O Privilege - should be rejected)
  123. //
  124. // Valid Owner Explicitly Specified
  125. // Invalid Owner Explicitly Specified
  126. //
  127. // Explicit Group Specified
  128. //
  129. {
  130. BOOLEAN CompletionStatus = TRUE;
  131. InitializeObjectAttributes(&Event1ObjectAttributes, NULL, 0, NULL, NULL);
  132. DbgPrint("Se: No Security Descriptor... Test\n");
  133. DbgPrint("Se: No Inheritence... ");
  134. Status = NtCreateEvent(
  135. &Event1,
  136. DELETE,
  137. &Event1ObjectAttributes,
  138. NotificationEvent,
  139. FALSE
  140. );
  141. if (NT_SUCCESS(Status)) {
  142. DbgPrint("Succeeded.\n");
  143. } else {
  144. DbgPrint(" **** Failed ****\n");
  145. CompletionStatus = FALSE;
  146. }
  147. ASSERT(NT_SUCCESS(Status));
  148. Status = NtClose(Event1);
  149. ASSERT(NT_SUCCESS(Status));
  150. DbgPrint("Se: Dacl Inheritence... ");
  151. DbgPrint(" Not Implemented.\n");
  152. DbgPrint("Se: Sacl Inheritence... ");
  153. DbgPrint(" Not Implemented.\n");
  154. DbgPrint("Se: Dacl Inheritence W/ Creator ID... ");
  155. DbgPrint(" Not Implemented.\n");
  156. DbgPrint("Se: Dacl And Sacl Inheritence... ");
  157. DbgPrint(" Not Implemented.\n");
  158. return CompletionStatus;
  159. }
  160. BOOLEAN
  161. TestSeNamedCreate()
  162. //
  163. // Test:
  164. // No Security Specified
  165. // No Inheritence
  166. // Dacl Inheritence
  167. // Sacl Inheritence
  168. // Dacl Inheritence With Creator ID
  169. // Dacl & Sacl Inheritence
  170. //
  171. // Empty Security Descriptor Explicitly Specified
  172. // No Inheritence
  173. // Dacl Inheritence
  174. // Sacl Inheritence
  175. // Dacl & Sacl Inheritence
  176. //
  177. // Explicit Dacl Specified
  178. // No Inheritence
  179. // Dacl Inheritence
  180. // Sacl Inheritence
  181. // Dacl & Sacl Inheritence
  182. //
  183. // Explicit Sacl Specified (W/Privilege)
  184. // No Inheritence
  185. // Dacl & Sacl Inheritence
  186. //
  187. // Default Dacl Specified
  188. // No Inheritence
  189. // Dacl Inheritence
  190. // Sacl Inheritence
  191. // Dacl & Sacl Inheritence
  192. //
  193. // Default Sacl Specified (W/Privilege)
  194. // No Inheritence
  195. // Dacl & Sacl Inheritence
  196. //
  197. // Explicit Sacl Specified (W/O Privilege - should be rejected)
  198. // Default Sacl Specified (W/O Privilege - should be rejected)
  199. //
  200. // Valid Owner Explicitly Specified
  201. // Invalid Owner Explicitly Specified
  202. //
  203. // Explicit Group Specified
  204. //
  205. {
  206. BOOLEAN CompletionStatus = TRUE;
  207. InitializeObjectAttributes(
  208. &Event1ObjectAttributes,
  209. &UnicodeEvent1Name,
  210. 0,
  211. NULL,
  212. NULL);
  213. DbgPrint("Se: No Security Specified... Test\n");
  214. DbgPrint("Se: No Inheritence... ");
  215. Status = NtCreateEvent(
  216. &Event1,
  217. DELETE,
  218. &Event1ObjectAttributes,
  219. NotificationEvent,
  220. FALSE
  221. );
  222. if (NT_SUCCESS(Status)) {
  223. DbgPrint("Succeeded.\n");
  224. } else {
  225. DbgPrint(" **** Failed ****\n");
  226. CompletionStatus = FALSE;
  227. }
  228. ASSERT(NT_SUCCESS(Status));
  229. Status = NtClose(Event1);
  230. ASSERT(NT_SUCCESS(Status));
  231. DbgPrint("Se: Dacl Inheritence... ");
  232. DbgPrint(" Not Implemented.\n");
  233. DbgPrint("Se: Sacl Inheritence... ");
  234. DbgPrint(" Not Implemented.\n");
  235. DbgPrint("Se: Dacl Inheritence With Creator ID... ");
  236. DbgPrint(" Not Implemented.\n");
  237. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  238. DbgPrint(" Not Implemented.\n");
  239. DbgPrint("Se: Empty Security Descriptor Explicitly Specified... Test\n");
  240. DbgPrint("Se: No Inheritence... ");
  241. RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
  242. InitializeObjectAttributes(&Event1ObjectAttributes,
  243. &UnicodeEvent1Name,
  244. 0,
  245. NULL,
  246. Event1SecurityDescriptor);
  247. Status = NtCreateEvent(
  248. &Event1,
  249. DELETE,
  250. &Event1ObjectAttributes,
  251. NotificationEvent,
  252. FALSE
  253. );
  254. if (NT_SUCCESS(Status)) {
  255. DbgPrint("Succeeded.\n");
  256. } else {
  257. DbgPrint(" **** Failed ****\n");
  258. CompletionStatus = FALSE;
  259. }
  260. ASSERT(NT_SUCCESS(Status));
  261. Status = NtClose(Event1);
  262. ASSERT(NT_SUCCESS(Status));
  263. DbgPrint("Se: Dacl Inheritence... ");
  264. DbgPrint(" Not Implemented.\n");
  265. DbgPrint("Se: Sacl Inheritence... ");
  266. DbgPrint(" Not Implemented.\n");
  267. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  268. DbgPrint(" Not Implemented.\n");
  269. DbgPrint("Se: Explicit Dacl Specified... Test\n");
  270. DbgPrint("Se: No Inheritence... ");
  271. RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
  272. RtlSetDaclSecurityDescriptor( Event1SecurityDescriptor, TRUE, TDacl, FALSE );
  273. InitializeObjectAttributes(&Event1ObjectAttributes,
  274. &UnicodeEvent1Name,
  275. 0,
  276. NULL,
  277. Event1SecurityDescriptor);
  278. Status = NtCreateEvent(
  279. &Event1,
  280. DELETE,
  281. &Event1ObjectAttributes,
  282. NotificationEvent,
  283. FALSE
  284. );
  285. if (NT_SUCCESS(Status)) {
  286. DbgPrint("Succeeded.\n");
  287. } else {
  288. DbgPrint(" **** Failed ****\n");
  289. CompletionStatus = FALSE;
  290. }
  291. ASSERT(NT_SUCCESS(Status));
  292. Status = NtClose(Event1);
  293. ASSERT(NT_SUCCESS(Status));
  294. DbgPrint("Se: Dacl Inheritence... ");
  295. DbgPrint(" Not Implemented.\n");
  296. DbgPrint("Se: Sacl Inheritence... ");
  297. DbgPrint(" Not Implemented.\n");
  298. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  299. DbgPrint(" Not Implemented.\n");
  300. DbgPrint("Se: Explicit Sacl Specified (W/Privilege)... Test\n");
  301. DbgPrint("Se: No Inheritence... ");
  302. DbgPrint(" Not Implemented.\n");
  303. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  304. DbgPrint(" Not Implemented.\n");
  305. DbgPrint("Se: Default Dacl Specified... Test\n");
  306. DbgPrint("Se: No Inheritence... ");
  307. DbgPrint(" Not Implemented.\n");
  308. DbgPrint("Se: Dacl Inheritence... ");
  309. DbgPrint(" Not Implemented.\n");
  310. DbgPrint("Se: Sacl Inheritence... ");
  311. DbgPrint(" Not Implemented.\n");
  312. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  313. DbgPrint(" Not Implemented.\n");
  314. DbgPrint("Se: Default Sacl (W/Privilege)... Test\n");
  315. DbgPrint("Se: No Inheritence... ");
  316. DbgPrint(" Not Implemented.\n");
  317. DbgPrint("Se: Dacl & Sacl Inheritence... ");
  318. DbgPrint(" Not Implemented.\n");
  319. DbgPrint("Se: Explicit Sacl (W/O Privilege)... Test\n");
  320. DbgPrint(" ");
  321. DbgPrint(" Not Implemented.\n");
  322. DbgPrint("Se: Default Sacl (W/O Privilege)... Test\n");
  323. DbgPrint(" ");
  324. DbgPrint(" Not Implemented.\n");
  325. DbgPrint("Se: Valid Owner Explicitly Specified... Test\n");
  326. DbgPrint(" ");
  327. DbgPrint(" Not Implemented.\n");
  328. DbgPrint("Se: Invalid Owner Explicitly Specified... Test\n");
  329. DbgPrint(" ");
  330. DbgPrint(" Not Implemented.\n");
  331. DbgPrint("Se: Explicit Group Specified... Test\n");
  332. DbgPrint(" ");
  333. DbgPrint(" Not Implemented.\n");
  334. return CompletionStatus;
  335. }
  336. BOOLEAN
  337. TestSeQuerySecurity()
  338. //
  339. // Test:
  340. // No Security Descriptor
  341. // Query Owner
  342. // Query Group
  343. // Query Dacl
  344. // Query Sacl (Privileged)
  345. // Query Sacl (Unprivileged - should be rejected)
  346. //
  347. // Empty Security Descriptor
  348. // Query Owner
  349. // Query Group
  350. // Query Dacl
  351. // Query Sacl (Privileged)
  352. // Query Sacl (Unprivileged - should be rejected)
  353. //
  354. // Security Descriptor W/ Owner & Group
  355. // Query Owner
  356. // Query Group
  357. // Query Dacl
  358. // Query Sacl (Privileged)
  359. // Query Sacl (Unprivileged - should be rejected)
  360. //
  361. // Full Security Descriptor
  362. // Query Owner
  363. // Query Group
  364. // Query Dacl
  365. // Query Sacl (Privileged)
  366. // Query Sacl (Unprivileged - should be rejected)
  367. //
  368. {
  369. BOOLEAN CompletionStatus = TRUE;
  370. DbgPrint(" ");
  371. DbgPrint(" Not Implemented.\n");
  372. #if 0
  373. DbgPrint("Se: No Security Descriptor... \n");
  374. DbgPrint("Se: Query Owner... ");
  375. DbgPrint(" Not Implemented.\n");
  376. DbgPrint("Se: Query Group... ");
  377. DbgPrint(" Not Implemented.\n");
  378. DbgPrint("Se: Query Dacl... ");
  379. DbgPrint(" Not Implemented.\n");
  380. DbgPrint("Se: Query Sacl (Privileged)... ");
  381. DbgPrint(" Not Implemented.\n");
  382. DbgPrint("Se: Query Sacl (Unprivileged)... ");
  383. DbgPrint(" Not Implemented.\n");
  384. DbgPrint("Se: Empty Security Descriptor... \n");
  385. DbgPrint("Se: Query Owner... ");
  386. DbgPrint(" Not Implemented.\n");
  387. DbgPrint("Se: Query Group... ");
  388. DbgPrint(" Not Implemented.\n");
  389. DbgPrint("Se: Query Dacl... ");
  390. DbgPrint(" Not Implemented.\n");
  391. DbgPrint("Se: Query Sacl (Privileged)... ");
  392. DbgPrint(" Not Implemented.\n");
  393. DbgPrint("Se: Query Sacl (Unprivileged)... ");
  394. DbgPrint(" Not Implemented.\n");
  395. DbgPrint("Se: Security Descriptor W/ Owner & Group... \n");
  396. DbgPrint("Se: Query Owner... ");
  397. DbgPrint(" Not Implemented. \n");
  398. DbgPrint("Se: Query Group... ");
  399. DbgPrint(" Not Implemented.\n");
  400. DbgPrint("Se: Query Dacl... ");
  401. DbgPrint(" Not Implemented.\n");
  402. DbgPrint("Se: Query Sacl (Privileged)... ");
  403. DbgPrint(" Not Implemented.\n");
  404. DbgPrint("Se: Query Sacl (Unprivileged)... ");
  405. DbgPrint(" Not Implemented.\n");
  406. DbgPrint("Se: Full Security Descriptor...\n");
  407. DbgPrint("Se: Query Owner... ");
  408. DbgPrint(" Not Implemented.\n");
  409. DbgPrint("Se: Query Group... ");
  410. DbgPrint(" Not Implemented.\n");
  411. DbgPrint("Se: Query Dacl... ");
  412. DbgPrint(" Not Implemented.\n");
  413. DbgPrint("Se: Query Sacl (Privileged)... ");
  414. DbgPrint(" Not Implemented.\n");
  415. DbgPrint("Se: Query Sacl (Unprivileged)... ");
  416. DbgPrint(" Not Implemented.\n");
  417. #endif //0
  418. return CompletionStatus;
  419. }
  420. BOOLEAN
  421. TestSeSetSecurity()
  422. //
  423. // Test:
  424. // No Security Descriptor
  425. // Set Valid Owner SID
  426. // Set Invalid Owner SID
  427. // Set Group
  428. // Set Dacl (explicitly granted by dacl)
  429. // Set Dacl (by virtue of ownership)
  430. // Set Dacl (invalid attempt)
  431. // Set Sacl (privileged)
  432. // Set Sacl (unprivileged - should be rejected)
  433. //
  434. // Empty Security Descriptor
  435. // Set Valid Owner SID
  436. // Set Invalid Owner SID
  437. // Set Group
  438. // Set Dacl (explicitly granted by dacl)
  439. // Set Dacl (by virtue of ownership)
  440. // Set Dacl (invalid attempt)
  441. // Set Sacl (privileged)
  442. // Set Sacl (unprivileged - should be rejected)
  443. //
  444. // Security Descriptor W/ Owner & Group Only
  445. // Set Valid Owner SID
  446. // Set Invalid Owner SID
  447. // Set Group
  448. // Set Dacl (explicitly granted by dacl)
  449. // Set Dacl (by virtue of ownership)
  450. // Set Dacl (invalid attempt)
  451. // Set Sacl (privileged)
  452. // Set Sacl (unprivileged - should be rejected)
  453. //
  454. // Full Security Descriptor
  455. // Set Valid Owner SID
  456. // Set Invalid Owner SID
  457. // Set Group
  458. // Set Dacl (explicitly granted by dacl)
  459. // Set Dacl (by virtue of ownership)
  460. // Set Dacl (invalid attempt)
  461. // Set Sacl (privileged)
  462. // Set Sacl (unprivileged - should be rejected)
  463. //
  464. {
  465. BOOLEAN CompletionStatus = TRUE;
  466. DbgPrint(" ");
  467. DbgPrint(" Not Implemented.\n");
  468. #if 0
  469. DbgPrint("Se: No Security Descriptor...\n");
  470. DbgPrint("Se: Set Valid Owner SID... ");
  471. DbgPrint(" Not Implemented.\n");
  472. DbgPrint("Se: Set Invalid Owner SID... ");
  473. DbgPrint(" Not Implemented.\n");
  474. DbgPrint("Se: Set Group... ");
  475. DbgPrint(" Not Implemented.\n");
  476. DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
  477. DbgPrint(" Not Implemented.\n");
  478. DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
  479. DbgPrint(" Not Implemented.\n");
  480. DbgPrint("Se: Set Dacl (invalid attempt)... ");
  481. DbgPrint(" Not Implemented.\n");
  482. DbgPrint("Se: Set Sacl (privileged)... ");
  483. DbgPrint(" Not Implemented.\n");
  484. DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
  485. DbgPrint(" Not Implemented.\n");
  486. DbgPrint("Se: Empty Security Descriptor...\n");
  487. DbgPrint("Se: Set Valid Owner SID... ");
  488. DbgPrint(" Not Implemented.\n");
  489. DbgPrint("Se: Set Invalid Owner SID... ");
  490. DbgPrint(" Not Implemented.\n");
  491. DbgPrint("Se: Set Group... ");
  492. DbgPrint(" Not Implemented.\n");
  493. DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
  494. DbgPrint(" Not Implemented.\n");
  495. DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
  496. DbgPrint(" Not Implemented.\n");
  497. DbgPrint("Se: Set Dacl (invalid attempt)... ");
  498. DbgPrint(" Not Implemented.\n");
  499. DbgPrint("Se: Set Sacl (privileged)... ");
  500. DbgPrint(" Not Implemented.\n");
  501. DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
  502. DbgPrint(" Not Implemented.\n");
  503. DbgPrint("Se: Security Descriptor W/ Owner & Group Only...\n");
  504. DbgPrint("Se: Set Valid Owner SID... ");
  505. DbgPrint(" Not Implemented.\n");
  506. DbgPrint("Se: Set Invalid Owner SID... ");
  507. DbgPrint(" Not Implemented.\n");
  508. DbgPrint("Se: Set Group... ");
  509. DbgPrint(" Not Implemented.\n");
  510. DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
  511. DbgPrint(" Not Implemented.\n");
  512. DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
  513. DbgPrint(" Not Implemented.\n");
  514. DbgPrint("Se: Set Dacl (invalid attempt)... ");
  515. DbgPrint(" Not Implemented.\n");
  516. DbgPrint("Se: Set Sacl (privileged)... ");
  517. DbgPrint(" Not Implemented.\n");
  518. DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
  519. DbgPrint(" Not Implemented.\n");
  520. DbgPrint("Se: Full Security Descriptor...\n");
  521. DbgPrint("Se: Set Valid Owner SID... ");
  522. DbgPrint(" Not Implemented.\n");
  523. DbgPrint("Se: Set Invalid Owner SID... ");
  524. DbgPrint(" Not Implemented.\n");
  525. DbgPrint("Se: Set Group... ");
  526. DbgPrint(" Not Implemented.\n");
  527. DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
  528. DbgPrint(" Not Implemented.\n");
  529. DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
  530. DbgPrint(" Not Implemented.\n");
  531. DbgPrint("Se: Set Dacl (invalid attempt)... ");
  532. DbgPrint(" Not Implemented.\n");
  533. DbgPrint("Se: Set Sacl (privileged)... ");
  534. DbgPrint(" Not Implemented.\n");
  535. DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
  536. DbgPrint(" Not Implemented.\n");
  537. #endif //0
  538. return CompletionStatus;
  539. }
  540. BOOLEAN
  541. TestSeAccess()
  542. //
  543. // Test:
  544. //
  545. // Creation
  546. // No Access Requested (should be rejected)
  547. // Specific Access Requested
  548. // - Attempted Granted
  549. // - Attempt Ungranted
  550. // Access System Security
  551. //
  552. // Open Existing
  553. // No Access Requested (should be rejected)
  554. // Specific Access Requested
  555. // - Attempted Granted
  556. // - Attempt Ungranted
  557. // Access System Security
  558. //
  559. {
  560. BOOLEAN CompletionStatus = TRUE;
  561. DbgPrint(" ");
  562. DbgPrint(" Not Implemented.\n");
  563. #if 0
  564. DbgPrint("Se: Creation...\n");
  565. DbgPrint("Se: No Access Requested (should be rejected)... ");
  566. DbgPrint(" Not Implemented.\n");
  567. DbgPrint("Se: Specific Access Requested... ");
  568. DbgPrint(" Not Implemented.\n");
  569. DbgPrint("Se: - Attempted Granted... ");
  570. DbgPrint(" Not Implemented.\n");
  571. DbgPrint("Se: - Attempt Ungranted... ");
  572. DbgPrint(" Not Implemented.\n");
  573. DbgPrint("Se: Access System Security... ");
  574. DbgPrint(" Not Implemented.\n");
  575. DbgPrint("Se: Open Existing...\n");
  576. DbgPrint("Se: No Access Requested (should be rejected)... ");
  577. DbgPrint(" Not Implemented.\n");
  578. DbgPrint("Se: Specific Access Requested... ");
  579. DbgPrint(" Not Implemented.\n");
  580. DbgPrint("Se: - Attempted Granted... ");
  581. DbgPrint(" Not Implemented.\n");
  582. DbgPrint("Se: - Attempt Ungranted... ");
  583. DbgPrint(" Not Implemented.\n");
  584. DbgPrint("Se: Access System Security... ");
  585. DbgPrint(" Not Implemented.\n");
  586. #endif //0
  587. #if 0 //old code
  588. // Without security descriptor
  589. // Simple desired access mask...
  590. //
  591. DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
  592. Status = NtSetEvent(
  593. Event1,
  594. NULL
  595. );
  596. ASSERT(!NT_SUCCESS(Status));
  597. DbgPrint("Se: Test1c... \n"); // Delete object
  598. Status = NtClose(Event1);
  599. ASSERT(NT_SUCCESS(Status));
  600. //
  601. // Without security descriptor
  602. // Simple desired access mask...
  603. //
  604. DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
  605. Status = NtCreateEvent(
  606. &Event1,
  607. (EVENT_MODIFY_STATE | STANDARD_DELETE),
  608. &Event1ObjectAttributes,
  609. NotificationEvent,
  610. FALSE
  611. );
  612. ASSERT(NT_SUCCESS(Status));
  613. DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
  614. Status = NtSetEvent(
  615. Event1,
  616. NULL
  617. );
  618. ASSERT(NT_SUCCESS(Status));
  619. DbgPrint("Se: Test2c... \n"); // Delete object
  620. //
  621. // Without security descriptor
  622. // Generic desired access mask...
  623. //
  624. DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
  625. Status = NtCreateEvent(
  626. &Event1,
  627. GENERIC_EXECUTE,
  628. &Event1ObjectAttributes,
  629. NotificationEvent,
  630. FALSE
  631. );
  632. ASSERT(NT_SUCCESS(Status));
  633. DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
  634. Status = NtSetEvent(
  635. Event1,
  636. NULL
  637. );
  638. ASSERT(NT_SUCCESS(Status));
  639. DbgPrint("Se: Test3c... \n"); // Delete object
  640. Status = NtClose(Event1);
  641. ASSERT(NT_SUCCESS(Status));
  642. //
  643. // Without security descriptor
  644. // Empty desired access mask...
  645. //
  646. DbgPrint("Se: Test4a... \n"); // Empty desired access
  647. Status = NtCreateEvent(
  648. &Event1,
  649. 0,
  650. &Event1ObjectAttributes,
  651. NotificationEvent,
  652. FALSE
  653. );
  654. ASSERT(!NT_SUCCESS(Status));
  655. RtlCreateSecurityDescriptor( Event1SecurityDescriptor,
  656. SECURITY_DESCRIPTOR_REVISION);
  657. InitializeObjectAttributes(&Event1ObjectAttributes,
  658. NULL, 0, NULL,
  659. Event1SecurityDescriptor);
  660. DbgPrint("Se: Empty Security Descriptor... \n");
  661. //
  662. // Without security descriptor
  663. // Simple desired access mask...
  664. //
  665. DbgPrint("Se: Test1a... \n"); // Create unnamed object
  666. Status = NtCreateEvent(
  667. &Event1,
  668. STANDARD_DELETE,
  669. &Event1ObjectAttributes,
  670. NotificationEvent,
  671. FALSE
  672. );
  673. ASSERT(NT_SUCCESS(Status));
  674. DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
  675. Status = NtSetEvent(
  676. Event1,
  677. NULL
  678. );
  679. ASSERT(!NT_SUCCESS(Status));
  680. DbgPrint("Se: Test1c... \n"); // Delete object
  681. Status = NtClose(Event1);
  682. ASSERT(NT_SUCCESS(Status));
  683. //
  684. // Without security descriptor
  685. // Simple desired access mask...
  686. //
  687. DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
  688. Status = NtCreateEvent(
  689. &Event1,
  690. (EVENT_MODIFY_STATE | STANDARD_DELETE),
  691. &Event1ObjectAttributes,
  692. NotificationEvent,
  693. FALSE
  694. );
  695. ASSERT(NT_SUCCESS(Status));
  696. DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
  697. Status = NtSetEvent(
  698. Event1,
  699. NULL
  700. );
  701. ASSERT(NT_SUCCESS(Status));
  702. DbgPrint("Se: Test2c... \n"); // Delete object
  703. Status = NtClose(Event1);
  704. ASSERT(NT_SUCCESS(Status));
  705. //
  706. // Without security descriptor
  707. // Generic desired access mask...
  708. //
  709. DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
  710. Status = NtCreateEvent(
  711. &Event1,
  712. GENERIC_EXECUTE,
  713. &Event1ObjectAttributes,
  714. NotificationEvent,
  715. FALSE
  716. );
  717. ASSERT(NT_SUCCESS(Status));
  718. DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
  719. Status = NtSetEvent(
  720. Event1,
  721. NULL
  722. );
  723. ASSERT(NT_SUCCESS(Status));
  724. DbgPrint("Se: Test3c... \n"); // Delete object
  725. Status = NtClose(Event1);
  726. ASSERT(NT_SUCCESS(Status));
  727. //
  728. // Without security descriptor
  729. // Empty desired access mask...
  730. //
  731. DbgPrint("Se: Test4a... \n"); // Empty desired access
  732. Status = NtCreateEvent(
  733. &Event1,
  734. 0,
  735. &Event1ObjectAttributes,
  736. NotificationEvent,
  737. FALSE
  738. );
  739. ASSERT(!NT_SUCCESS(Status));
  740. #endif // old code
  741. return CompletionStatus;
  742. }
  743. BOOLEAN
  744. TSeAcc()
  745. {
  746. BOOLEAN Result = TRUE;
  747. DbgPrint("Se: Initialization... ");
  748. TestSeInitialize();
  749. DbgPrint("Succeeded.\n");
  750. DbgPrint("Se: Unnamed Object Creation Test... Suite\n");
  751. if (!TestSeUnnamedCreate()) {
  752. Result = FALSE;
  753. }
  754. DbgPrint("Se: Named Object Creation Test... Suite\n");
  755. if (!TestSeNamedCreate()) {
  756. Result = FALSE;
  757. }
  758. DbgPrint("Se: Query Object Security Descriptor Test... Suite\n");
  759. if (!TestSeQuerySecurity()) {
  760. Result = FALSE;
  761. }
  762. DbgPrint("Se: Set Object Security Descriptor Test... Suite\n");
  763. if (!TestSeSetSecurity()) {
  764. Result = FALSE;
  765. }
  766. DbgPrint("Se: Access Test... Suite\n");
  767. if (!TestSeAccess()) {
  768. Result = FALSE;
  769. }
  770. DbgPrint("\n");
  771. DbgPrint("\n");
  772. DbgPrint(" ********************\n");
  773. DbgPrint(" ** **\n");
  774. if (Result = TRUE) {
  775. DbgPrint(" ** Test Succeeded **\n");
  776. } else {
  777. DbgPrint(" ** Test Failed **\n");
  778. }
  779. DbgPrint(" ** **\n");
  780. DbgPrint(" ********************\n");
  781. DbgPrint("\n");
  782. DbgPrint("\n");
  783. return Result;
  784. }