mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
927 lines
29 KiB
927 lines
29 KiB
/*++
|
|
|
|
Copyright (c) 1989 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ctseacc.c
|
|
|
|
Abstract:
|
|
|
|
Common security accessibility test routines.
|
|
|
|
These routines are used in both the kernel and user mode RTL tests.
|
|
|
|
This test assumes the security runtime library routines are
|
|
functioning correctly.
|
|
|
|
|
|
|
|
Author:
|
|
|
|
Jim Kelly (JimK) 23-Mar-1990
|
|
|
|
Environment:
|
|
|
|
Test of security.
|
|
|
|
Revision History:
|
|
|
|
v5: robertre
|
|
Updated ACL_REVISION
|
|
|
|
--*/
|
|
|
|
#include "tsecomm.c" // Mode dependent macros and routines.
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Module wide variables //
|
|
// //
|
|
////////////////////////////////////////////////////////////////
|
|
|
|
NTSTATUS Status;
|
|
STRING Event1Name, Process1Name;
|
|
UNICODE_STRING UnicodeEvent1Name, UnicodeProcess1Name;
|
|
|
|
OBJECT_ATTRIBUTES NullObjectAttributes;
|
|
|
|
HANDLE Event1;
|
|
OBJECT_ATTRIBUTES Event1ObjectAttributes;
|
|
PSECURITY_DESCRIPTOR Event1SecurityDescriptor;
|
|
PSID Event1Owner;
|
|
PSID Event1Group;
|
|
PACL Event1Dacl;
|
|
PACL Event1Sacl;
|
|
|
|
PACL TDacl;
|
|
BOOLEAN TDaclPresent;
|
|
BOOLEAN TDaclDefaulted;
|
|
|
|
PACL TSacl;
|
|
BOOLEAN TSaclPresent;
|
|
BOOLEAN TSaclDefaulted;
|
|
|
|
PSID TOwner;
|
|
BOOLEAN TOwnerDefaulted;
|
|
PSID TGroup;
|
|
BOOLEAN TGroupDefaulted;
|
|
|
|
|
|
HANDLE Process1;
|
|
OBJECT_ATTRIBUTES Process1ObjectAttributes;
|
|
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Initialization Routine //
|
|
// //
|
|
////////////////////////////////////////////////////////////////
|
|
|
|
BOOLEAN
|
|
TestSeInitialize()
|
|
{
|
|
|
|
Event1SecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 );
|
|
|
|
RtlInitString(&Event1Name, "\\SecurityTestEvent1");
|
|
Status = RtlAnsiStringToUnicodeString(
|
|
&UnicodeEvent1Name,
|
|
&Event1Name,
|
|
TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
|
|
RtlInitString(&Process1Name, "\\SecurityTestProcess1");
|
|
Status = RtlAnsiStringToUnicodeString(
|
|
&UnicodeProcess1Name,
|
|
&Process1Name,
|
|
TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) );
|
|
|
|
InitializeObjectAttributes(&NullObjectAttributes, NULL, 0, NULL, NULL);
|
|
|
|
//
|
|
// Build an ACL or two for use.
|
|
|
|
TDacl = (PACL)TstAllocatePool( PagedPool, 256 );
|
|
TSacl = (PACL)TstAllocatePool( PagedPool, 256 );
|
|
|
|
TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION;
|
|
TDacl->Sbz1=TSacl->Sbz1=0;
|
|
TDacl->Sbz2=TSacl->Sbz2=0;
|
|
TDacl->AclSize=256;
|
|
TSacl->AclSize=8;
|
|
TDacl->AceCount=TSacl->AceCount=0;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
|
|
////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Test routines //
|
|
// //
|
|
////////////////////////////////////////////////////////////////
|
|
|
|
BOOLEAN
|
|
TestSeUnnamedCreate()
|
|
//
|
|
// Test:
|
|
// No Security Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl Inheritence With Creator ID
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Empty Security Descriptor Explicitly Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Dacl Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Sacl Specified (W/Privilege)
|
|
// No Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Default Dacl Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Default Sacl Specified (W/Privilege)
|
|
// No Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Sacl Specified (W/O Privilege - should be rejected)
|
|
// Default Sacl Specified (W/O Privilege - should be rejected)
|
|
//
|
|
// Valid Owner Explicitly Specified
|
|
// Invalid Owner Explicitly Specified
|
|
//
|
|
// Explicit Group Specified
|
|
//
|
|
{
|
|
|
|
|
|
BOOLEAN CompletionStatus = TRUE;
|
|
|
|
InitializeObjectAttributes(&Event1ObjectAttributes, NULL, 0, NULL, NULL);
|
|
DbgPrint("Se: No Security Descriptor... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
DELETE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
DbgPrint("Succeeded.\n");
|
|
} else {
|
|
DbgPrint(" **** Failed ****\n");
|
|
CompletionStatus = FALSE;
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Dacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl Inheritence W/ Creator ID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl And Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
return CompletionStatus;
|
|
|
|
}
|
|
|
|
BOOLEAN
|
|
TestSeNamedCreate()
|
|
//
|
|
// Test:
|
|
// No Security Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl Inheritence With Creator ID
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Empty Security Descriptor Explicitly Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Dacl Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Sacl Specified (W/Privilege)
|
|
// No Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Default Dacl Specified
|
|
// No Inheritence
|
|
// Dacl Inheritence
|
|
// Sacl Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Default Sacl Specified (W/Privilege)
|
|
// No Inheritence
|
|
// Dacl & Sacl Inheritence
|
|
//
|
|
// Explicit Sacl Specified (W/O Privilege - should be rejected)
|
|
// Default Sacl Specified (W/O Privilege - should be rejected)
|
|
//
|
|
// Valid Owner Explicitly Specified
|
|
// Invalid Owner Explicitly Specified
|
|
//
|
|
// Explicit Group Specified
|
|
//
|
|
{
|
|
|
|
BOOLEAN CompletionStatus = TRUE;
|
|
|
|
|
|
InitializeObjectAttributes(
|
|
&Event1ObjectAttributes,
|
|
&UnicodeEvent1Name,
|
|
0,
|
|
NULL,
|
|
NULL);
|
|
|
|
DbgPrint("Se: No Security Specified... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
DELETE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
DbgPrint("Succeeded.\n");
|
|
} else {
|
|
DbgPrint(" **** Failed ****\n");
|
|
CompletionStatus = FALSE;
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Dacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl Inheritence With Creator ID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Empty Security Descriptor Explicitly Specified... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
|
|
RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
|
|
InitializeObjectAttributes(&Event1ObjectAttributes,
|
|
&UnicodeEvent1Name,
|
|
0,
|
|
NULL,
|
|
Event1SecurityDescriptor);
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
DELETE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
DbgPrint("Succeeded.\n");
|
|
} else {
|
|
DbgPrint(" **** Failed ****\n");
|
|
CompletionStatus = FALSE;
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
|
|
|
|
DbgPrint("Se: Dacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Explicit Dacl Specified... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
|
|
RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 );
|
|
RtlSetDaclSecurityDescriptor( Event1SecurityDescriptor, TRUE, TDacl, FALSE );
|
|
|
|
InitializeObjectAttributes(&Event1ObjectAttributes,
|
|
&UnicodeEvent1Name,
|
|
0,
|
|
NULL,
|
|
Event1SecurityDescriptor);
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
DELETE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
if (NT_SUCCESS(Status)) {
|
|
DbgPrint("Succeeded.\n");
|
|
} else {
|
|
DbgPrint(" **** Failed ****\n");
|
|
CompletionStatus = FALSE;
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Dacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Explicit Sacl Specified (W/Privilege)... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Default Dacl Specified... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Default Sacl (W/Privilege)... Test\n");
|
|
DbgPrint("Se: No Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Dacl & Sacl Inheritence... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Explicit Sacl (W/O Privilege)... Test\n");
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Default Sacl (W/O Privilege)... Test\n");
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Valid Owner Explicitly Specified... Test\n");
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Invalid Owner Explicitly Specified... Test\n");
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Explicit Group Specified... Test\n");
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
|
|
|
|
return CompletionStatus;
|
|
|
|
}
|
|
|
|
BOOLEAN
|
|
TestSeQuerySecurity()
|
|
//
|
|
// Test:
|
|
// No Security Descriptor
|
|
// Query Owner
|
|
// Query Group
|
|
// Query Dacl
|
|
// Query Sacl (Privileged)
|
|
// Query Sacl (Unprivileged - should be rejected)
|
|
//
|
|
// Empty Security Descriptor
|
|
// Query Owner
|
|
// Query Group
|
|
// Query Dacl
|
|
// Query Sacl (Privileged)
|
|
// Query Sacl (Unprivileged - should be rejected)
|
|
//
|
|
// Security Descriptor W/ Owner & Group
|
|
// Query Owner
|
|
// Query Group
|
|
// Query Dacl
|
|
// Query Sacl (Privileged)
|
|
// Query Sacl (Unprivileged - should be rejected)
|
|
//
|
|
// Full Security Descriptor
|
|
// Query Owner
|
|
// Query Group
|
|
// Query Dacl
|
|
// Query Sacl (Privileged)
|
|
// Query Sacl (Unprivileged - should be rejected)
|
|
//
|
|
{
|
|
|
|
BOOLEAN CompletionStatus = TRUE;
|
|
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
#if 0
|
|
DbgPrint("Se: No Security Descriptor... \n");
|
|
DbgPrint("Se: Query Owner... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Dacl... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Empty Security Descriptor... \n");
|
|
DbgPrint("Se: Query Owner... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Dacl... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Security Descriptor W/ Owner & Group... \n");
|
|
DbgPrint("Se: Query Owner... ");
|
|
DbgPrint(" Not Implemented. \n");
|
|
DbgPrint("Se: Query Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Dacl... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Full Security Descriptor...\n");
|
|
DbgPrint("Se: Query Owner... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Dacl... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Query Sacl (Unprivileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
#endif //0
|
|
|
|
return CompletionStatus;
|
|
}
|
|
|
|
BOOLEAN
|
|
TestSeSetSecurity()
|
|
//
|
|
// Test:
|
|
// No Security Descriptor
|
|
// Set Valid Owner SID
|
|
// Set Invalid Owner SID
|
|
// Set Group
|
|
// Set Dacl (explicitly granted by dacl)
|
|
// Set Dacl (by virtue of ownership)
|
|
// Set Dacl (invalid attempt)
|
|
// Set Sacl (privileged)
|
|
// Set Sacl (unprivileged - should be rejected)
|
|
//
|
|
// Empty Security Descriptor
|
|
// Set Valid Owner SID
|
|
// Set Invalid Owner SID
|
|
// Set Group
|
|
// Set Dacl (explicitly granted by dacl)
|
|
// Set Dacl (by virtue of ownership)
|
|
// Set Dacl (invalid attempt)
|
|
// Set Sacl (privileged)
|
|
// Set Sacl (unprivileged - should be rejected)
|
|
//
|
|
// Security Descriptor W/ Owner & Group Only
|
|
// Set Valid Owner SID
|
|
// Set Invalid Owner SID
|
|
// Set Group
|
|
// Set Dacl (explicitly granted by dacl)
|
|
// Set Dacl (by virtue of ownership)
|
|
// Set Dacl (invalid attempt)
|
|
// Set Sacl (privileged)
|
|
// Set Sacl (unprivileged - should be rejected)
|
|
//
|
|
// Full Security Descriptor
|
|
// Set Valid Owner SID
|
|
// Set Invalid Owner SID
|
|
// Set Group
|
|
// Set Dacl (explicitly granted by dacl)
|
|
// Set Dacl (by virtue of ownership)
|
|
// Set Dacl (invalid attempt)
|
|
// Set Sacl (privileged)
|
|
// Set Sacl (unprivileged - should be rejected)
|
|
//
|
|
{
|
|
|
|
BOOLEAN CompletionStatus = TRUE;
|
|
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
#if 0
|
|
DbgPrint("Se: No Security Descriptor...\n");
|
|
DbgPrint("Se: Set Valid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Invalid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Empty Security Descriptor...\n");
|
|
DbgPrint("Se: Set Valid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Invalid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Security Descriptor W/ Owner & Group Only...\n");
|
|
DbgPrint("Se: Set Valid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Invalid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Full Security Descriptor...\n");
|
|
DbgPrint("Se: Set Valid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Invalid Owner SID... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Group... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (explicitly granted by dacl)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (by virtue of ownership)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Dacl (invalid attempt)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (privileged)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
#endif //0
|
|
|
|
return CompletionStatus;
|
|
|
|
}
|
|
|
|
BOOLEAN
|
|
TestSeAccess()
|
|
//
|
|
// Test:
|
|
//
|
|
// Creation
|
|
// No Access Requested (should be rejected)
|
|
// Specific Access Requested
|
|
// - Attempted Granted
|
|
// - Attempt Ungranted
|
|
// Access System Security
|
|
//
|
|
// Open Existing
|
|
// No Access Requested (should be rejected)
|
|
// Specific Access Requested
|
|
// - Attempted Granted
|
|
// - Attempt Ungranted
|
|
// Access System Security
|
|
//
|
|
|
|
{
|
|
BOOLEAN CompletionStatus = TRUE;
|
|
|
|
DbgPrint(" ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
#if 0
|
|
|
|
DbgPrint("Se: Creation...\n");
|
|
DbgPrint("Se: No Access Requested (should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Specific Access Requested... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: - Attempted Granted... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: - Attempt Ungranted... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Access System Security... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
|
|
DbgPrint("Se: Open Existing...\n");
|
|
DbgPrint("Se: No Access Requested (should be rejected)... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Specific Access Requested... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: - Attempted Granted... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: - Attempt Ungranted... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
DbgPrint("Se: Access System Security... ");
|
|
DbgPrint(" Not Implemented.\n");
|
|
#endif //0
|
|
|
|
#if 0 //old code
|
|
// Without security descriptor
|
|
// Simple desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test1c... \n"); // Delete object
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Simple desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
(EVENT_MODIFY_STATE | STANDARD_DELETE),
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test2c... \n"); // Delete object
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Generic desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
GENERIC_EXECUTE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test3c... \n"); // Delete object
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Empty desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test4a... \n"); // Empty desired access
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
0,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
|
|
|
|
RtlCreateSecurityDescriptor( Event1SecurityDescriptor,
|
|
SECURITY_DESCRIPTOR_REVISION);
|
|
InitializeObjectAttributes(&Event1ObjectAttributes,
|
|
NULL, 0, NULL,
|
|
Event1SecurityDescriptor);
|
|
DbgPrint("Se: Empty Security Descriptor... \n");
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Simple desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test1a... \n"); // Create unnamed object
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
STANDARD_DELETE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test1b... \n"); // Attempt ungranted access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test1c... \n"); // Delete object
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Simple desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test2a... \n"); // unnamed object, specific access
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
(EVENT_MODIFY_STATE | STANDARD_DELETE),
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test2b... \n"); // Attempt granted specific access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test2c... \n"); // Delete object
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Generic desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
GENERIC_EXECUTE,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test3b... \n"); // Attempt implied granted access
|
|
Status = NtSetEvent(
|
|
Event1,
|
|
NULL
|
|
);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
DbgPrint("Se: Test3c... \n"); // Delete object
|
|
Status = NtClose(Event1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
|
|
//
|
|
// Without security descriptor
|
|
// Empty desired access mask...
|
|
//
|
|
|
|
DbgPrint("Se: Test4a... \n"); // Empty desired access
|
|
Status = NtCreateEvent(
|
|
&Event1,
|
|
0,
|
|
&Event1ObjectAttributes,
|
|
NotificationEvent,
|
|
FALSE
|
|
);
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
#endif // old code
|
|
|
|
return CompletionStatus;
|
|
}
|
|
|
|
BOOLEAN
|
|
TSeAcc()
|
|
{
|
|
BOOLEAN Result = TRUE;
|
|
|
|
DbgPrint("Se: Initialization... ");
|
|
TestSeInitialize();
|
|
DbgPrint("Succeeded.\n");
|
|
|
|
DbgPrint("Se: Unnamed Object Creation Test... Suite\n");
|
|
if (!TestSeUnnamedCreate()) {
|
|
Result = FALSE;
|
|
}
|
|
DbgPrint("Se: Named Object Creation Test... Suite\n");
|
|
if (!TestSeNamedCreate()) {
|
|
Result = FALSE;
|
|
}
|
|
DbgPrint("Se: Query Object Security Descriptor Test... Suite\n");
|
|
if (!TestSeQuerySecurity()) {
|
|
Result = FALSE;
|
|
}
|
|
DbgPrint("Se: Set Object Security Descriptor Test... Suite\n");
|
|
if (!TestSeSetSecurity()) {
|
|
Result = FALSE;
|
|
}
|
|
DbgPrint("Se: Access Test... Suite\n");
|
|
if (!TestSeAccess()) {
|
|
Result = FALSE;
|
|
}
|
|
|
|
DbgPrint("\n");
|
|
DbgPrint("\n");
|
|
DbgPrint(" ********************\n");
|
|
DbgPrint(" ** **\n");
|
|
|
|
if (Result = TRUE) {
|
|
DbgPrint(" ** Test Succeeded **\n");
|
|
} else {
|
|
DbgPrint(" ** Test Failed **\n");
|
|
}
|
|
|
|
DbgPrint(" ** **\n");
|
|
DbgPrint(" ********************\n");
|
|
DbgPrint("\n");
|
|
DbgPrint("\n");
|
|
|
|
return Result;
|
|
}
|
|
|