summaryrefslogtreecommitdiffstats
path: root/private/ntos/se/tse.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--private/ntos/se/tse.c579
1 files changed, 579 insertions, 0 deletions
diff --git a/private/ntos/se/tse.c b/private/ntos/se/tse.c
new file mode 100644
index 000000000..cd6a6a6e0
--- /dev/null
+++ b/private/ntos/se/tse.c
@@ -0,0 +1,579 @@
+//////////////////////////////////////////////////////////////////////////
+// WARNING - WARNING - WARNING - WARNING - WARNING - WARNING - WARNING //
+// //
+// This test file is not current with the security implementation. //
+// This file contains references to data types and APIs that do not //
+// exist. //
+// //
+//////////////////////////////////////////////////////////////////////////
+
+/*++
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ tse.c
+
+Abstract:
+
+ Test program for the SE subcomponent of the NTOS project
+
+Author:
+
+ Gary Kimura (garyki) 20-Nov-1989
+
+Revision History:
+
+--*/
+
+#include <stdio.h>
+
+#include "sep.h"
+#include <zwapi.h>
+
+BOOLEAN SeTest();
+
+#include "ttoken.c"
+
+int
+main(
+ int argc,
+ char *argv[]
+ )
+{
+ VOID KiSystemStartup();
+
+ TestFunction = SeTest;
+ KiSystemStartup();
+ return( 0 );
+}
+
+
+BOOLEAN
+SeTest()
+{
+ BOOLEAN TestMakeSystemToken();
+ BOOLEAN TestTokenCopy();
+ BOOLEAN TestTokenSize();
+ BOOLEAN TestDefaultObjectMethod();
+ BOOLEAN TestCaptureSecurityDescriptor();
+ BOOLEAN TestAssignSecurity();
+ BOOLEAN TestAccessCheck();
+ BOOLEAN TestGenerateMessage();
+
+ DbgPrint("Start SeTest()\n");
+
+ if (!TestMakeSystemToken()) {
+ DbgPrint("TestMakeSystemToken() Error\n");
+ return FALSE;
+ }
+ if (!TestTokenCopy()) {
+ DbgPrint("TestTokenCopy() Error\n");
+ return FALSE;
+ }
+ if (!TestTokenSize()) {
+ DbgPrint("TestTokenSize() Error\n");
+ return FALSE;
+ }
+ if (!TestDefaultObjectMethod()) {
+ DbgPrint("TestDefaultObjectMethod() Error\n");
+ return FALSE;
+ }
+ if (!TestCaptureSecurityDescriptor()) {
+ DbgPrint("TestCaptureSecurityDescriptor() Error\n");
+ return FALSE;
+ }
+ if (!TestAssignSecurity()) {
+ DbgPrint("TestAssignSecurity() Error\n");
+ return FALSE;
+ }
+ if (!TestAccessCheck()) {
+ DbgPrint("TestAccessCheck() Error\n");
+ return FALSE;
+ }
+ if (!TestGenerateMessage()) {
+ DbgPrint("TestGenerateMessage() Error\n");
+ return FALSE;
+ }
+
+ DbgPrint("End SeTest()\n");
+ return TRUE;
+}
+
+
+BOOLEAN
+TestMakeSystemToken()
+{
+ PACCESS_TOKEN Token;
+
+ //
+ // Make the system token
+ //
+
+ Token = (PACCESS_TOKEN)SeMakeSystemToken( PagedPool );
+
+ //
+ // and check its contents
+ //
+
+ if (!SepIsSystemToken( Token, ((ACCESS_TOKEN *)Token)->Size )) {
+ DbgPrint("SepIsSystemToken Error\n");
+ return FALSE;
+ }
+
+ ExFreePool( Token );
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestTokenCopy()
+{
+ PACCESS_TOKEN InToken;
+ PACCESS_TOKEN OutToken;
+
+ NTSTATUS Status;
+
+ ULONG i;
+
+ //
+ // Allocate Buffers, and build a token
+ //
+
+ InToken = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512);
+ OutToken = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512);
+
+ BuildToken( Fred, InToken );
+
+ //
+ // Make a copy of the token
+ //
+
+ if (!NT_SUCCESS(Status = SeTokenCopy( InToken, OutToken, 512))) {
+ DbgPrint("SeTokenCopy Error: %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // check both tokens for equality
+ //
+
+ for (i = 0; i < ((ACCESS_TOKEN *)InToken)->Size; i += 1) {
+ if (*((PUCHAR)InToken + 1) != *((PUCHAR)OutToken + 1)) {
+ DbgPrint("Token copy error\n");
+ return FALSE;
+ }
+ }
+
+ ExFreePool( InToken );
+ ExFreePool( OutToken );
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestTokenSize()
+{
+ PACCESS_TOKEN Token;
+
+ //
+ // Allocate and build a token
+ //
+
+ Token = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512);
+
+ BuildToken( Wilma, Token );
+
+ //
+ // Get the token size
+ //
+
+ if (SeTokenSize(Token) != ((ACCESS_TOKEN *)Token)->Size) {
+ DbgPrint("SeTokenSize error\n");
+ return FALSE;
+ }
+
+ ExFreePool( Token );
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestDefaultObjectMethod()
+{
+ SECURITY_DESCRIPTOR SecurityDescriptor;
+ PSECURITY_DESCRIPTOR Buffer;
+ PACL Acl;
+ NTSTATUS Status;
+ PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor;
+ ULONG Length;
+
+ Acl = (PACL)ExAllocatePool( PagedPool, 1024 );
+ Buffer = (PSECURITY_DESCRIPTOR)ExAllocatePool( PagedPool, 1024 );
+
+ BuildAcl( Fred, Acl, 1024 );
+ DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
+
+ ObjectsSecurityDescriptor = NULL;
+
+ //
+ // Set the descriptor
+ //
+
+ if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL,
+ SetSecurityDescriptor,
+ &SecurityDescriptor,
+ 0,
+ NULL,
+ &ObjectsSecurityDescriptor,
+ PagedPool ))) {
+
+ DbgPrint("SeDefaultObjectMethod setting error: %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Query the descriptor
+ //
+
+ if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL,
+ QuerySecurityDescriptor,
+ Buffer,
+ AllAclInformation,
+ &Length,
+ &ObjectsSecurityDescriptor,
+ PagedPool ))) {
+
+ DbgPrint("SeDefaultObjectMethod reading error: %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Replace the descriptor
+ //
+
+ BuildAcl( Wilma, Acl, 1024 );
+
+ if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL,
+ SetSecurityDescriptor,
+ &SecurityDescriptor,
+ AllAclInformation,
+ &Length,
+ &ObjectsSecurityDescriptor,
+ PagedPool ))) {
+
+ DbgPrint("SeDefaultObjectMethod reading error: %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Delete the descriptor
+ //
+
+ if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL,
+ DeleteSecurityDescriptor,
+ NULL,
+ 0,
+ NULL,
+ &ObjectsSecurityDescriptor,
+ PagedPool ))) {
+
+ DbgPrint("SeDefaultObjectMethod deleting error: %8lx\n", Status );
+ return FALSE;
+ }
+
+ ExFreePool(Acl);
+ ExFreePool(Buffer);
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestCaptureSecurityDescriptor()
+{
+ SECURITY_DESCRIPTOR SecurityDescriptor;
+ PACL Sacl;
+ PACL Dacl;
+ PSECURITY_DESCRIPTOR NewDescriptor;
+ NTSTATUS Status;
+
+ Sacl = (PACL)ExAllocatePool( PagedPool, 1024 );
+ Dacl = (PACL)ExAllocatePool( PagedPool, 1024 );
+ BuildAcl( Pebbles, Sacl, 1024 );
+ BuildAcl( Barney, Dacl, 1024 );
+
+ DiscretionarySecurityDescriptor( &SecurityDescriptor, Dacl );
+ SecurityDescriptor.SecurityInformationClass = AllAclInformation;
+ SecurityDescriptor.SystemAcl = Sacl;
+
+ //
+ // Capture kernel mode and don't force
+ //
+
+ if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor,
+ KernelMode,
+ PagedPool,
+ FALSE,
+ &NewDescriptor ))) {
+ DbgPrint("SeCapture Error, KernelMode, FALSE : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Capture kernel mode and force
+ //
+
+ if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor,
+ KernelMode,
+ PagedPool,
+ TRUE,
+ &NewDescriptor ))) {
+ DbgPrint("SeCapture Error, KernelMode, TRUE : %8lx\n", Status );
+ return FALSE;
+ } else {
+ ExFreePool( NewDescriptor );
+ }
+
+ //
+ // Capture user mode
+ //
+
+ if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor,
+ UserMode,
+ PagedPool,
+ TRUE,
+ &NewDescriptor ))) {
+ DbgPrint("SeCapture Error, UserMode, FALSE : %8lx\n", Status );
+ return FALSE;
+ } else {
+ ExFreePool( NewDescriptor );
+ }
+
+ return TRUE;
+}
+
+BOOLEAN
+TestAssignSecurity()
+{
+ SECURITY_DESCRIPTOR SecurityDescriptor;
+ PACL Acl;
+
+ PACCESS_TOKEN Token;
+
+ GENERIC_MAPPING GenericMapping;
+
+ PSECURITY_DESCRIPTOR NewDescriptor;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)ExAllocatePool( PagedPool, 1024 );
+ BuildAcl( Fred, Acl, 1024 );
+
+ Token = (PACCESS_TOKEN)ExAllocatePool( PagedPool, 512 );
+ BuildToken( Fred, Token );
+
+ DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
+
+ //
+ // Kernel mode, non dir, and no new
+ //
+
+ NewDescriptor = NULL;
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ FALSE,
+ Token,
+ &GenericMapping,
+ KernelMode ))) {
+ DbgPrint("SeAssign Error NoNew, NoDir, Kernel : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Kernel mode, non dir, and new
+ //
+
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ FALSE,
+ Token,
+ &GenericMapping,
+ KernelMode ))) {
+ DbgPrint("SeAssign Error New, NoDir, Kernel : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Kernel mode, dir, and no new
+ //
+
+ NewDescriptor = NULL;
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ TRUE,
+ Token,
+ &GenericMapping,
+ KernelMode ))) {
+ DbgPrint("SeAssign Error NoNew, Dir, Kernel : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // Kernel mode, dir, and new
+ //
+
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ TRUE,
+ Token,
+ &GenericMapping,
+ KernelMode ))) {
+ DbgPrint("SeAssign Error New, Dir, Kernel : %8lx\n", Status );
+ return FALSE;
+ }
+
+
+ //
+ // User mode, non dir, and no new
+ //
+
+ NewDescriptor = NULL;
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ FALSE,
+ Token,
+ &GenericMapping,
+ UserMode ))) {
+ DbgPrint("SeAssign Error NoNew, NoDir, User : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // User mode, non dir, and new
+ //
+
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ FALSE,
+ Token,
+ &GenericMapping,
+ UserMode ))) {
+ DbgPrint("SeAssign Error New, NoDir, User : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // User mode, dir, and no new
+ //
+
+ NewDescriptor = NULL;
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ TRUE,
+ Token,
+ &GenericMapping,
+ UserMode ))) {
+ DbgPrint("SeAssign Error NoNew, Dir, User : %8lx\n", Status );
+ return FALSE;
+ }
+
+ //
+ // User mode, dir, and new
+ //
+
+ if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor,
+ &NewDescriptor,
+ TRUE,
+ Token,
+ &GenericMapping,
+ UserMode ))) {
+ DbgPrint("SeAssign Error New, Dir, User : %8lx\n", Status );
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestAccessCheck()
+{
+ SECURITY_DESCRIPTOR SecurityDescriptor;
+ PACL Acl;
+
+ PACCESS_TOKEN Token;
+
+ Acl = (PACL)ExAllocatePool( PagedPool, 1024 );
+ BuildAcl( Fred, Acl, 1024 );
+
+ Token = (PACCESS_TOKEN)ExAllocatePool( PagedPool, 512 );
+ BuildToken( Fred, Token );
+
+ DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
+
+ //
+ // Test should be successful based on aces
+ //
+
+ if (!SeAccessCheck( &SecurityDescriptor,
+ Token,
+ 0x00000001,
+ NULL,
+ UserMode )) {
+ DbgPrint("SeAccessCheck Error should allow access\n");
+ return FALSE;
+ }
+
+ //
+ // Test should be successful based on owner
+ //
+
+ if (!SeAccessCheck( &SecurityDescriptor,
+ Token,
+ READ_CONTROL,
+ &FredGuid,
+ UserMode )) {
+ DbgPrint("SeAccessCheck Error should allow owner\n");
+ return FALSE;
+ }
+
+ //
+ // Test should be unsuccessful based on aces
+ //
+
+ if (SeAccessCheck( &SecurityDescriptor,
+ Token,
+ 0x0000000f,
+ &FredGuid,
+ UserMode )) {
+ DbgPrint("SeAccessCheck Error shouldn't allow access\n");
+ return FALSE;
+ }
+
+ //
+ // Test should be unsuccessful based on non owner
+ //
+
+ if (SeAccessCheck( &SecurityDescriptor,
+ Token,
+ READ_CONTROL,
+ &BarneyGuid,
+ UserMode )) {
+ DbgPrint("SeAccessCheck Error shouldn't allow non owner access\n");
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestGenerateMessage()
+{
+ return TRUE;
+}
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 00:07:06 +0200