mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
104 lines
3.1 KiB
104 lines
3.1 KiB
#include <windows.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <winsafer.h>
|
|
|
|
|
|
/*
|
|
BOOL WINAPI
|
|
CodeAuthzCompareTokenLevels (
|
|
IN HANDLE ClientAccessToken,
|
|
IN HANDLE ServerAccessToken,
|
|
OUT PDWORD pdwResult
|
|
)
|
|
*/
|
|
|
|
void _cdecl main()
|
|
{
|
|
static const levelids[4] = {
|
|
AUTHZLEVELID_UNTRUSTED,
|
|
AUTHZLEVELID_CONSTRAINED,
|
|
AUTHZLEVELID_NORMALUSER,
|
|
AUTHZLEVELID_FULLYTRUSTED
|
|
};
|
|
|
|
HANDLE hTokens[4];
|
|
BOOL bStatus;
|
|
DWORD i;
|
|
HANDLE hProcessToken;
|
|
|
|
bStatus = OpenProcessToken(GetCurrentProcess(),
|
|
TOKEN_QUERY | TOKEN_DUPLICATE,
|
|
&hProcessToken);
|
|
if (!bStatus) {
|
|
printf("Failed to open process token (lasterror=%d).\n", GetLastError());
|
|
return;
|
|
}
|
|
|
|
|
|
for (int i = 0; i < 4; i++)
|
|
{
|
|
HAUTHZLEVEL hCodeAuthLevel;
|
|
|
|
bStatus = CreateCodeAuthzLevel(AUTHZSCOPEID_MACHINE,
|
|
levelids[i],
|
|
AUTHZCRLEV_OPEN,
|
|
&hCodeAuthLevel,
|
|
NULL);
|
|
if (!bStatus) {
|
|
printf("Failed to create level %d (lasterror=%d)\n", levelids[i], GetLastError());
|
|
return;
|
|
}
|
|
|
|
bStatus = ComputeAccessTokenFromCodeAuthzLevel(hCodeAuthLevel,
|
|
hProcessToken,
|
|
&hTokens[i],
|
|
0,
|
|
NULL);
|
|
if (!bStatus) {
|
|
printf("ComputeAccessTokenFromCodeAuthzLevel failed with GLE=%d\n", GetLastError());
|
|
return;
|
|
}
|
|
|
|
bStatus = CloseCodeAuthzLevel(hCodeAuthLevel);
|
|
if (!bStatus) {
|
|
printf("Failed to close level.\n");
|
|
return;
|
|
}
|
|
}
|
|
|
|
for (int testi = 0; testi < 4; testi++) {
|
|
for (int testj = 0; testj < 4; testj++) {
|
|
DWORD dwCompareResults;
|
|
DWORD dwExpected;
|
|
|
|
bStatus = CodeAuthzCompareTokenLevels (
|
|
hTokens[testi],
|
|
hTokens[testj],
|
|
&dwCompareResults);
|
|
if (!bStatus) {
|
|
printf("CompareTokens failed for test %d,%d with error=%d\n",
|
|
testi, testj, GetLastError());
|
|
continue;
|
|
}
|
|
|
|
if (testi == testj) {
|
|
dwExpected = 0;
|
|
} else if (testi < testj) {
|
|
dwExpected = 1;
|
|
} else {
|
|
dwExpected = -1;
|
|
}
|
|
|
|
if (dwCompareResults != dwExpected) {
|
|
printf("CompareTokens return wrong value for test %d,%d (actual=%d, expected=%d)\n",
|
|
testi, testj, dwCompareResults, dwExpected);
|
|
} else {
|
|
printf("CompareTokens passed test %d,%d (returned %d)\n",
|
|
testi, testj, dwCompareResults);
|
|
}
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|