mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
277 lines
6.7 KiB
277 lines
6.7 KiB
#include "pch.h"
|
|
#pragma hdrstop
|
|
|
|
#include "bmcommon.h"
|
|
|
|
//
|
|
// S-1-5-21-397955417-626881126-188441444-2908314 (kumarp)
|
|
//
|
|
//WCHAR szSid[] = L"S-1-5-21-397955417-626881126-188441444-2908314";
|
|
WCHAR szSid[] = L"S-1-5-21-397955417-626881126-188441444-2101332";
|
|
|
|
//ULONG Sid[] = {0x00000501, 0x05000000, 0x00000015, 0x17b85159, 0x255d7266, 0x0b3b6364, 0x00201054};
|
|
|
|
// S-1-5-21-397955417-626881126-188441444-2101332
|
|
//ULONG Sid[] = {0x00000501, 0x05000000, 0x00000015, 0x17b85159, 0x255d7266, 0x0b3b6364, 0x00201054};
|
|
|
|
BOOL b;
|
|
DWORD AuthzRmAuditFlags = 0;
|
|
HANDLE hProcessToken=NULL;
|
|
static HANDLE hToken;
|
|
DWORD AuthzAuditFlags = 0;
|
|
PCWSTR ResourceManagerName = L"Speed Test Resource Manager";
|
|
AUTHZ_RM_AUDIT_INFO_HANDLE hRmAuditInfo = NULL;
|
|
AUTHZ_RESOURCE_MANAGER_HANDLE hAuthzResourceManager = NULL;
|
|
DWORD AuthzRmFlags = 0;
|
|
AUDIT_EVENT_INFO AuditEventInfo;
|
|
PCWSTR szOperationType = L"Access Check";
|
|
PCWSTR szObjectName = L"Joe";
|
|
PCWSTR szObjectType = L"Kernel Hacker";
|
|
PCWSTR szAdditionalInfo = L"None";
|
|
AUTHZ_AUDIT_INFO_HANDLE hAuditInfo = NULL;
|
|
AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext = NULL;
|
|
LUID luid = {0xdead,0xbeef};
|
|
ULONG i;
|
|
|
|
ULONG NumAccessChecks = 10;
|
|
AUTHZ_ACCESS_REQUEST RequestOT;
|
|
AUTHZ_ACCESS_REQUEST Request;
|
|
UCHAR Buffer[1024];
|
|
UCHAR Buffer2[1024];
|
|
UCHAR TypeListBuffer[1024];
|
|
PAUTHZ_ACCESS_REPLY pReply = (PAUTHZ_ACCESS_REPLY) Buffer;
|
|
PAUTHZ_ACCESS_REPLY pReplyOT = (PAUTHZ_ACCESS_REPLY) Buffer2;
|
|
PSECURITY_DESCRIPTOR pSD = NULL;
|
|
AUTHZ_HANDLE AuthzHandle = 0;
|
|
AUDIT_PARAMS AuditParams;
|
|
AUDIT_PARAM ParamArray[11];
|
|
|
|
PSID pSid;
|
|
PSID pUserSid;
|
|
|
|
BOOL
|
|
AuthzInit( )
|
|
{
|
|
BOOL b;
|
|
|
|
if (!ConvertStringSidToSid( szSid, &pSid ))
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
AuditEventInfo.Version = AUDIT_TYPE_LEGACY;
|
|
AuditEventInfo.u.Legacy.CategoryId = SE_CATEGID_OBJECT_ACCESS;
|
|
AuditEventInfo.u.Legacy.AuditId = SE_AUDITID_OBJECT_OPERATION;
|
|
AuditEventInfo.u.Legacy.ParameterCount = 3;
|
|
|
|
//
|
|
// init request for obj-type access check
|
|
//
|
|
|
|
RequestOT.DesiredAccess = DESIRED_ACCESS;
|
|
RequestOT.ObjectTypeList = ObjectTypeList;
|
|
RequestOT.ObjectTypeListLength = ObjectTypeListLength;
|
|
RequestOT.OptionalArguments = NULL;
|
|
RequestOT.PrincipalSelfSid = NULL;
|
|
//RequestOT.PrincipalSelfSid = g_Sid1;
|
|
|
|
//
|
|
// init non obj-type request
|
|
//
|
|
|
|
Request.DesiredAccess = DESIRED_ACCESS;
|
|
Request.ObjectTypeList = NULL;
|
|
Request.ObjectTypeListLength = 0;
|
|
Request.OptionalArguments = NULL;
|
|
Request.PrincipalSelfSid = NULL;
|
|
//Request.PrincipalSelfSid = g_Sid1;
|
|
|
|
//
|
|
// init reply for obj type list
|
|
//
|
|
pReplyOT->ResultListLength = ObjectTypeListLength;
|
|
pReplyOT->Error = (PDWORD) (((PCHAR) pReplyOT) + sizeof(AUTHZ_ACCESS_REPLY));
|
|
pReplyOT->GrantedAccessMask = (PACCESS_MASK) (pReplyOT->Error + pReplyOT->ResultListLength);
|
|
|
|
//
|
|
// init reply
|
|
//
|
|
|
|
pReply->ResultListLength = 1;
|
|
pReply->Error = (PDWORD) (((PCHAR) pReply) + sizeof(AUTHZ_ACCESS_REPLY));
|
|
pReply->GrantedAccessMask = (PACCESS_MASK) (pReply->Error + pReply->ResultListLength);
|
|
|
|
b = AuthzInitializeResourceManager(
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
L"Benchmark RM",
|
|
AuthzRmFlags,
|
|
&hAuthzResourceManager
|
|
);
|
|
|
|
if (!b)
|
|
{
|
|
printf("AuthzInitializeResourceManager\n");
|
|
return FALSE;
|
|
}
|
|
|
|
AuditParams.Parameters = ParamArray;
|
|
|
|
AuthzInitializeAuditParams(
|
|
&AuditParams,
|
|
&pUserSid,
|
|
L"Authz Speed Tests",
|
|
APF_AuditSuccess,
|
|
1,
|
|
APT_String, L"Test operation"
|
|
);
|
|
|
|
b = AuthzInitializeAuditInfo(
|
|
&hAuditInfo,
|
|
0,
|
|
hAuthzResourceManager,
|
|
&AuditEventInfo,
|
|
&AuditParams,
|
|
NULL,
|
|
INFINITE,
|
|
L"blah",
|
|
L"blah",
|
|
L"and",
|
|
L"blah"
|
|
);
|
|
|
|
if (!b)
|
|
{
|
|
printf("AuthzInitAuditInfo FAILED with %d.\n", GetLastError());
|
|
return 0;
|
|
}
|
|
|
|
b = AuthzModifyAuditQueue(
|
|
NULL,
|
|
AUTHZ_AUDIT_QUEUE_THREAD_PRIORITY,
|
|
0,
|
|
0,
|
|
0,
|
|
THREAD_PRIORITY_LOWEST
|
|
);
|
|
if (!b)
|
|
{
|
|
printf("AuthzModifyAuditQueue FAILED with %d.\n", GetLastError());
|
|
return 0;
|
|
}
|
|
|
|
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY,
|
|
&hProcessToken ) )
|
|
{
|
|
wprintf(L"OpenProcessToken failed %d\n", GetLastError());
|
|
return 0;
|
|
}
|
|
|
|
|
|
b = AuthzInitializeContextFromToken(
|
|
hProcessToken,
|
|
hAuthzResourceManager,
|
|
NULL,
|
|
luid,
|
|
0,
|
|
NULL,
|
|
&hAuthzClientContext
|
|
);
|
|
|
|
if (!b)
|
|
{
|
|
printf("AuthzInitializeContextFromToken failed %d\n", GetLastError());
|
|
return FALSE;
|
|
}
|
|
|
|
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ) )
|
|
{
|
|
return GetLastError();
|
|
}
|
|
|
|
b = ConvertStringSecurityDescriptorToSecurityDescriptorW(g_szSd, SDDL_REVISION_1, &pSD, NULL);
|
|
|
|
if (!b)
|
|
{
|
|
wprintf(L"SDDL failed with %d\n", GetLastError());
|
|
return FALSE;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
DWORD
|
|
InitAuthzAccessChecks()
|
|
{
|
|
if (!AuthzInit())
|
|
{
|
|
return GetLastError();
|
|
}
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
DWORD
|
|
AuthzDoAccessCheck(
|
|
IN ULONG NumAccessChecks,
|
|
IN DWORD Flags
|
|
)
|
|
{
|
|
AUTHZ_AUDIT_INFO_HANDLE AdtInfo = Flags & BMF_GenerateAudit ? hAuditInfo : NULL;
|
|
|
|
if ( Flags & BMF_UseObjTypeList )
|
|
{
|
|
for (i = 0; i < NumAccessChecks; i ++)
|
|
{
|
|
b = AuthzAccessCheck(
|
|
hAuthzClientContext,
|
|
&RequestOT,
|
|
AdtInfo,
|
|
pSD,
|
|
NULL,
|
|
0,
|
|
pReplyOT,
|
|
//&AuthzHandle
|
|
NULL
|
|
);
|
|
if (!b)
|
|
{
|
|
printf("AuthzAccessCheck failed.\n");
|
|
return GetLastError();
|
|
}
|
|
// else
|
|
// {
|
|
// AuthzFreeHandle( AuthzHandle );
|
|
// }
|
|
}
|
|
}
|
|
else
|
|
{
|
|
for (i = 0; i < NumAccessChecks; i ++)
|
|
{
|
|
b = AuthzAccessCheck(
|
|
hAuthzClientContext,
|
|
&Request,
|
|
AdtInfo,
|
|
pSD,
|
|
NULL,
|
|
0,
|
|
pReply,
|
|
//&AuthzHandle
|
|
NULL
|
|
);
|
|
if (!b)
|
|
{
|
|
printf("AuthzAccessCheck failed.\n");
|
|
return GetLastError();
|
|
}
|
|
// else
|
|
// {
|
|
// AuthzFreeHandle( AuthzHandle );
|
|
// }
|
|
}
|
|
}
|
|
|
|
return NO_ERROR;
|
|
}
|