diff options
Diffstat (limited to '')
-rw-r--r-- | private/ntos/se/ctseacc.c | 927 |
1 files changed, 927 insertions, 0 deletions
diff --git a/private/ntos/se/ctseacc.c b/private/ntos/se/ctseacc.c new file mode 100644 index 000000000..09b24096e --- /dev/null +++ b/private/ntos/se/ctseacc.c @@ -0,0 +1,927 @@ +/*++ + +Copyright (c) 1989 Microsoft Corporation + +Module Name: + + ctseacc.c + +Abstract: + + Common security accessibility test routines. + + These routines are used in both the kernel and user mode RTL tests. + + This test assumes the security runtime library routines are + functioning correctly. + + + +Author: + + Jim Kelly (JimK) 23-Mar-1990 + +Environment: + + Test of security. + +Revision History: + + v5: robertre + Updated ACL_REVISION + +--*/ + +#include "tsecomm.c" // Mode dependent macros and routines. + + + +//////////////////////////////////////////////////////////////// +// // +// Module wide variables // +// // +//////////////////////////////////////////////////////////////// + + NTSTATUS Status; + STRING Event1Name, Process1Name; + UNICODE_STRING UnicodeEvent1Name, UnicodeProcess1Name; + + OBJECT_ATTRIBUTES NullObjectAttributes; + + HANDLE Event1; + OBJECT_ATTRIBUTES Event1ObjectAttributes; + PSECURITY_DESCRIPTOR Event1SecurityDescriptor; + PSID Event1Owner; + PSID Event1Group; + PACL Event1Dacl; + PACL Event1Sacl; + + PACL TDacl; + BOOLEAN TDaclPresent; + BOOLEAN TDaclDefaulted; + + PACL TSacl; + BOOLEAN TSaclPresent; + BOOLEAN TSaclDefaulted; + + PSID TOwner; + BOOLEAN TOwnerDefaulted; + PSID TGroup; + BOOLEAN TGroupDefaulted; + + +HANDLE Process1; +OBJECT_ATTRIBUTES Process1ObjectAttributes; + + + + +//////////////////////////////////////////////////////////////// +// // +// Initialization Routine // +// // +//////////////////////////////////////////////////////////////// + +BOOLEAN +TestSeInitialize() +{ + + Event1SecurityDescriptor = (PSECURITY_DESCRIPTOR)TstAllocatePool( PagedPool, 1024 ); + + RtlInitString(&Event1Name, "\\SecurityTestEvent1"); + Status = RtlAnsiStringToUnicodeString( + &UnicodeEvent1Name, + &Event1Name, + TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) ); + RtlInitString(&Process1Name, "\\SecurityTestProcess1"); + Status = RtlAnsiStringToUnicodeString( + &UnicodeProcess1Name, + &Process1Name, + TRUE ); SEASSERT_SUCCESS( NT_SUCCESS(Status) ); + + InitializeObjectAttributes(&NullObjectAttributes, NULL, 0, NULL, NULL); + + // + // Build an ACL or two for use. + + TDacl = (PACL)TstAllocatePool( PagedPool, 256 ); + TSacl = (PACL)TstAllocatePool( PagedPool, 256 ); + + TDacl->AclRevision=TSacl->AclRevision=ACL_REVISION; + TDacl->Sbz1=TSacl->Sbz1=0; + TDacl->Sbz2=TSacl->Sbz2=0; + TDacl->AclSize=256; + TSacl->AclSize=8; + TDacl->AceCount=TSacl->AceCount=0; + + return TRUE; +} + + + +//////////////////////////////////////////////////////////////// +// // +// Test routines // +// // +//////////////////////////////////////////////////////////////// + +BOOLEAN +TestSeUnnamedCreate() +// +// Test: +// No Security Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl Inheritence With Creator ID +// Dacl & Sacl Inheritence +// +// Empty Security Descriptor Explicitly Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Dacl Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Sacl Specified (W/Privilege) +// No Inheritence +// Dacl & Sacl Inheritence +// +// Default Dacl Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Default Sacl Specified (W/Privilege) +// No Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Sacl Specified (W/O Privilege - should be rejected) +// Default Sacl Specified (W/O Privilege - should be rejected) +// +// Valid Owner Explicitly Specified +// Invalid Owner Explicitly Specified +// +// Explicit Group Specified +// +{ + + + BOOLEAN CompletionStatus = TRUE; + + InitializeObjectAttributes(&Event1ObjectAttributes, NULL, 0, NULL, NULL); + DbgPrint("Se: No Security Descriptor... Test\n"); + DbgPrint("Se: No Inheritence... "); + + Status = NtCreateEvent( + &Event1, + DELETE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + if (NT_SUCCESS(Status)) { + DbgPrint("Succeeded.\n"); + } else { + DbgPrint(" **** Failed ****\n"); + CompletionStatus = FALSE; + } + ASSERT(NT_SUCCESS(Status)); + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Dacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl Inheritence W/ Creator ID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl And Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + return CompletionStatus; + +} + +BOOLEAN +TestSeNamedCreate() +// +// Test: +// No Security Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl Inheritence With Creator ID +// Dacl & Sacl Inheritence +// +// Empty Security Descriptor Explicitly Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Dacl Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Sacl Specified (W/Privilege) +// No Inheritence +// Dacl & Sacl Inheritence +// +// Default Dacl Specified +// No Inheritence +// Dacl Inheritence +// Sacl Inheritence +// Dacl & Sacl Inheritence +// +// Default Sacl Specified (W/Privilege) +// No Inheritence +// Dacl & Sacl Inheritence +// +// Explicit Sacl Specified (W/O Privilege - should be rejected) +// Default Sacl Specified (W/O Privilege - should be rejected) +// +// Valid Owner Explicitly Specified +// Invalid Owner Explicitly Specified +// +// Explicit Group Specified +// +{ + + BOOLEAN CompletionStatus = TRUE; + + + InitializeObjectAttributes( + &Event1ObjectAttributes, + &UnicodeEvent1Name, + 0, + NULL, + NULL); + + DbgPrint("Se: No Security Specified... Test\n"); + DbgPrint("Se: No Inheritence... "); + Status = NtCreateEvent( + &Event1, + DELETE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + if (NT_SUCCESS(Status)) { + DbgPrint("Succeeded.\n"); + } else { + DbgPrint(" **** Failed ****\n"); + CompletionStatus = FALSE; + } + ASSERT(NT_SUCCESS(Status)); + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Dacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl Inheritence With Creator ID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Empty Security Descriptor Explicitly Specified... Test\n"); + DbgPrint("Se: No Inheritence... "); + + RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 ); + InitializeObjectAttributes(&Event1ObjectAttributes, + &UnicodeEvent1Name, + 0, + NULL, + Event1SecurityDescriptor); + Status = NtCreateEvent( + &Event1, + DELETE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + if (NT_SUCCESS(Status)) { + DbgPrint("Succeeded.\n"); + } else { + DbgPrint(" **** Failed ****\n"); + CompletionStatus = FALSE; + } + ASSERT(NT_SUCCESS(Status)); + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + + + DbgPrint("Se: Dacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Explicit Dacl Specified... Test\n"); + DbgPrint("Se: No Inheritence... "); + + RtlCreateSecurityDescriptor( Event1SecurityDescriptor, 1 ); + RtlSetDaclSecurityDescriptor( Event1SecurityDescriptor, TRUE, TDacl, FALSE ); + + InitializeObjectAttributes(&Event1ObjectAttributes, + &UnicodeEvent1Name, + 0, + NULL, + Event1SecurityDescriptor); + Status = NtCreateEvent( + &Event1, + DELETE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + if (NT_SUCCESS(Status)) { + DbgPrint("Succeeded.\n"); + } else { + DbgPrint(" **** Failed ****\n"); + CompletionStatus = FALSE; + } + ASSERT(NT_SUCCESS(Status)); + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Dacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Explicit Sacl Specified (W/Privilege)... Test\n"); + DbgPrint("Se: No Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Default Dacl Specified... Test\n"); + DbgPrint("Se: No Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Default Sacl (W/Privilege)... Test\n"); + DbgPrint("Se: No Inheritence... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Dacl & Sacl Inheritence... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Explicit Sacl (W/O Privilege)... Test\n"); + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Default Sacl (W/O Privilege)... Test\n"); + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Valid Owner Explicitly Specified... Test\n"); + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Invalid Owner Explicitly Specified... Test\n"); + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Explicit Group Specified... Test\n"); + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + + + + return CompletionStatus; + +} + +BOOLEAN +TestSeQuerySecurity() +// +// Test: +// No Security Descriptor +// Query Owner +// Query Group +// Query Dacl +// Query Sacl (Privileged) +// Query Sacl (Unprivileged - should be rejected) +// +// Empty Security Descriptor +// Query Owner +// Query Group +// Query Dacl +// Query Sacl (Privileged) +// Query Sacl (Unprivileged - should be rejected) +// +// Security Descriptor W/ Owner & Group +// Query Owner +// Query Group +// Query Dacl +// Query Sacl (Privileged) +// Query Sacl (Unprivileged - should be rejected) +// +// Full Security Descriptor +// Query Owner +// Query Group +// Query Dacl +// Query Sacl (Privileged) +// Query Sacl (Unprivileged - should be rejected) +// +{ + + BOOLEAN CompletionStatus = TRUE; + + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); + +#if 0 + DbgPrint("Se: No Security Descriptor... \n"); + DbgPrint("Se: Query Owner... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Dacl... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Unprivileged)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Empty Security Descriptor... \n"); + DbgPrint("Se: Query Owner... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Dacl... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Unprivileged)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Security Descriptor W/ Owner & Group... \n"); + DbgPrint("Se: Query Owner... "); + DbgPrint(" Not Implemented. \n"); + DbgPrint("Se: Query Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Dacl... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Unprivileged)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Full Security Descriptor...\n"); + DbgPrint("Se: Query Owner... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Dacl... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Query Sacl (Unprivileged)... "); + DbgPrint(" Not Implemented.\n"); +#endif //0 + + return CompletionStatus; +} + +BOOLEAN +TestSeSetSecurity() +// +// Test: +// No Security Descriptor +// Set Valid Owner SID +// Set Invalid Owner SID +// Set Group +// Set Dacl (explicitly granted by dacl) +// Set Dacl (by virtue of ownership) +// Set Dacl (invalid attempt) +// Set Sacl (privileged) +// Set Sacl (unprivileged - should be rejected) +// +// Empty Security Descriptor +// Set Valid Owner SID +// Set Invalid Owner SID +// Set Group +// Set Dacl (explicitly granted by dacl) +// Set Dacl (by virtue of ownership) +// Set Dacl (invalid attempt) +// Set Sacl (privileged) +// Set Sacl (unprivileged - should be rejected) +// +// Security Descriptor W/ Owner & Group Only +// Set Valid Owner SID +// Set Invalid Owner SID +// Set Group +// Set Dacl (explicitly granted by dacl) +// Set Dacl (by virtue of ownership) +// Set Dacl (invalid attempt) +// Set Sacl (privileged) +// Set Sacl (unprivileged - should be rejected) +// +// Full Security Descriptor +// Set Valid Owner SID +// Set Invalid Owner SID +// Set Group +// Set Dacl (explicitly granted by dacl) +// Set Dacl (by virtue of ownership) +// Set Dacl (invalid attempt) +// Set Sacl (privileged) +// Set Sacl (unprivileged - should be rejected) +// +{ + + BOOLEAN CompletionStatus = TRUE; + + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); +#if 0 + DbgPrint("Se: No Security Descriptor...\n"); + DbgPrint("Se: Set Valid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Invalid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (explicitly granted by dacl)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (by virtue of ownership)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (invalid attempt)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Empty Security Descriptor...\n"); + DbgPrint("Se: Set Valid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Invalid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (explicitly granted by dacl)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (by virtue of ownership)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (invalid attempt)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Security Descriptor W/ Owner & Group Only...\n"); + DbgPrint("Se: Set Valid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Invalid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (explicitly granted by dacl)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (by virtue of ownership)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (invalid attempt)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Full Security Descriptor...\n"); + DbgPrint("Se: Set Valid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Invalid Owner SID... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Group... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (explicitly granted by dacl)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (by virtue of ownership)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Dacl (invalid attempt)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (privileged)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Set Sacl (unprivileged - should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + +#endif //0 + + return CompletionStatus; + +} + +BOOLEAN +TestSeAccess() +// +// Test: +// +// Creation +// No Access Requested (should be rejected) +// Specific Access Requested +// - Attempted Granted +// - Attempt Ungranted +// Access System Security +// +// Open Existing +// No Access Requested (should be rejected) +// Specific Access Requested +// - Attempted Granted +// - Attempt Ungranted +// Access System Security +// + +{ + BOOLEAN CompletionStatus = TRUE; + + DbgPrint(" "); + DbgPrint(" Not Implemented.\n"); +#if 0 + + DbgPrint("Se: Creation...\n"); + DbgPrint("Se: No Access Requested (should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Specific Access Requested... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: - Attempted Granted... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: - Attempt Ungranted... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Access System Security... "); + DbgPrint(" Not Implemented.\n"); + + DbgPrint("Se: Open Existing...\n"); + DbgPrint("Se: No Access Requested (should be rejected)... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Specific Access Requested... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: - Attempted Granted... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: - Attempt Ungranted... "); + DbgPrint(" Not Implemented.\n"); + DbgPrint("Se: Access System Security... "); + DbgPrint(" Not Implemented.\n"); +#endif //0 + +#if 0 //old code +// Without security descriptor +// Simple desired access mask... +// + + DbgPrint("Se: Test1b... \n"); // Attempt ungranted access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(!NT_SUCCESS(Status)); + + DbgPrint("Se: Test1c... \n"); // Delete object + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + // + // Without security descriptor + // Simple desired access mask... + // + + DbgPrint("Se: Test2a... \n"); // unnamed object, specific access + Status = NtCreateEvent( + &Event1, + (EVENT_MODIFY_STATE | STANDARD_DELETE), + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test2b... \n"); // Attempt granted specific access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test2c... \n"); // Delete object + + + // + // Without security descriptor + // Generic desired access mask... + // + + DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask + Status = NtCreateEvent( + &Event1, + GENERIC_EXECUTE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test3b... \n"); // Attempt implied granted access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test3c... \n"); // Delete object + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + // + // Without security descriptor + // Empty desired access mask... + // + + DbgPrint("Se: Test4a... \n"); // Empty desired access + Status = NtCreateEvent( + &Event1, + 0, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(!NT_SUCCESS(Status)); + + + RtlCreateSecurityDescriptor( Event1SecurityDescriptor, + SECURITY_DESCRIPTOR_REVISION); + InitializeObjectAttributes(&Event1ObjectAttributes, + NULL, 0, NULL, + Event1SecurityDescriptor); + DbgPrint("Se: Empty Security Descriptor... \n"); + + // + // Without security descriptor + // Simple desired access mask... + // + + DbgPrint("Se: Test1a... \n"); // Create unnamed object + Status = NtCreateEvent( + &Event1, + STANDARD_DELETE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test1b... \n"); // Attempt ungranted access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(!NT_SUCCESS(Status)); + + DbgPrint("Se: Test1c... \n"); // Delete object + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + // + // Without security descriptor + // Simple desired access mask... + // + + DbgPrint("Se: Test2a... \n"); // unnamed object, specific access + Status = NtCreateEvent( + &Event1, + (EVENT_MODIFY_STATE | STANDARD_DELETE), + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test2b... \n"); // Attempt granted specific access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test2c... \n"); // Delete object + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + // + // Without security descriptor + // Generic desired access mask... + // + + DbgPrint("Se: Test3a... \n"); // Unnamed object, generic mask + Status = NtCreateEvent( + &Event1, + GENERIC_EXECUTE, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test3b... \n"); // Attempt implied granted access + Status = NtSetEvent( + Event1, + NULL + ); + ASSERT(NT_SUCCESS(Status)); + + DbgPrint("Se: Test3c... \n"); // Delete object + Status = NtClose(Event1); + ASSERT(NT_SUCCESS(Status)); + + + // + // Without security descriptor + // Empty desired access mask... + // + + DbgPrint("Se: Test4a... \n"); // Empty desired access + Status = NtCreateEvent( + &Event1, + 0, + &Event1ObjectAttributes, + NotificationEvent, + FALSE + ); + ASSERT(!NT_SUCCESS(Status)); +#endif // old code + + return CompletionStatus; +} + +BOOLEAN +TSeAcc() +{ + BOOLEAN Result = TRUE; + + DbgPrint("Se: Initialization... "); + TestSeInitialize(); + DbgPrint("Succeeded.\n"); + + DbgPrint("Se: Unnamed Object Creation Test... Suite\n"); + if (!TestSeUnnamedCreate()) { + Result = FALSE; + } + DbgPrint("Se: Named Object Creation Test... Suite\n"); + if (!TestSeNamedCreate()) { + Result = FALSE; + } + DbgPrint("Se: Query Object Security Descriptor Test... Suite\n"); + if (!TestSeQuerySecurity()) { + Result = FALSE; + } + DbgPrint("Se: Set Object Security Descriptor Test... Suite\n"); + if (!TestSeSetSecurity()) { + Result = FALSE; + } + DbgPrint("Se: Access Test... Suite\n"); + if (!TestSeAccess()) { + Result = FALSE; + } + + DbgPrint("\n"); + DbgPrint("\n"); + DbgPrint(" ********************\n"); + DbgPrint(" ** **\n"); + + if (Result = TRUE) { + DbgPrint(" ** Test Succeeded **\n"); + } else { + DbgPrint(" ** Test Failed **\n"); + } + + DbgPrint(" ** **\n"); + DbgPrint(" ********************\n"); + DbgPrint("\n"); + DbgPrint("\n"); + + return Result; +} + |