summaryrefslogtreecommitdiffstats
path: root/private/ntos/se/tseum.c
diff options
context:
space:
mode:
Diffstat (limited to 'private/ntos/se/tseum.c')
-rw-r--r--private/ntos/se/tseum.c578
1 files changed, 578 insertions, 0 deletions
diff --git a/private/ntos/se/tseum.c b/private/ntos/se/tseum.c
new file mode 100644
index 000000000..0eb17ea34
--- /dev/null
+++ b/private/ntos/se/tseum.c
@@ -0,0 +1,578 @@
+/*++
+
+Copyright (c) 1989 Microsoft Corporation
+
+Module Name:
+
+ tseum.c
+
+Abstract:
+
+ Test program for the security system
+
+Author:
+
+ Gary Kimura [GaryKi] 20-Nov-1989
+
+Revision History:
+
+ v3: robertre
+ Updated ACL_REVISION
+
+--*/
+
+#include <stdio.h>
+#include <string.h>
+
+#include <nt.h>
+#include <ntrtl.h>
+
+#include "sep.h"
+#include "ttoken.c"
+
+VOID
+RtlDumpAcl(
+ IN PACL Acl
+ );
+
+
+main(
+ int argc,
+ char *argv[],
+ char *envp[]
+ )
+{
+ HANDLE CurrentProcessHandle;
+ NTSTATUS Status;
+ ULONG i;
+ VOID SeMain();
+
+ CurrentProcessHandle = NtCurrentProcess();
+ Status = STATUS_SUCCESS;
+
+ DbgPrint( "Entering User Mode Test Program\n" );
+
+ DbgPrint( "argc: %ld\n", argc );
+ if (argv != NULL) {
+ for (i=0; i<argc; i++) {
+ DbgPrint( "argv[ %ld ]: %s\n", i, argv[ i ] );
+ }
+ }
+
+ if (envp != NULL) {
+ i = 0;
+ while (*envp) {
+ DbgPrint( "envp[ %02ld ]: %s\n", i++, *envp++ );
+ }
+ }
+
+ SeMain();
+
+ DbgPrint( "Exiting User Mode Test Program with Status = %lx\n", Status );
+
+ NtTerminateProcess( CurrentProcessHandle, Status );
+}
+
+
+VOID
+SeMain(
+ )
+{
+ BOOLEAN TestCreateAcl();
+ BOOLEAN TestQueryInformationAcl();
+ BOOLEAN TestSetInformationAcl();
+ BOOLEAN TestAddAce();
+ BOOLEAN TestDeleteAce();
+ BOOLEAN TestGetAce();
+
+ BOOLEAN TestAccessCheck();
+ BOOLEAN TestGenerateMessage();
+
+ DbgPrint("Starting User Mode Security Test\n");
+
+ if (!TestCreateAcl()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestQueryInformationAcl()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestSetInformationAcl()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestAddAce()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestDeleteAce()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestGetAce()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+
+ if (!TestAccessCheck()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+ if (!TestGenerateMessage()) {
+ DbgPrint("TestCreateAcl Error\n");
+ return;
+ }
+
+ DbgPrint("Ending User Mode Security Test\n");
+
+ return;
+}
+
+
+BOOLEAN
+TestCreateAcl()
+{
+ UCHAR Buffer[512];
+ PACL Acl;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)Buffer;
+
+ //
+ // Create a good large acl
+ //
+
+ if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
+ DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Create a good small acl
+ //
+
+ if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL), 1))) {
+ DbgPrint("RtlCreateAcl Error small Acl : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Create a too small acl
+ //
+
+ if (NT_SUCCESS(Status = RtlCreateAcl( Acl, sizeof(ACL) - 1, 1))) {
+ DbgPrint("RtlCreateAcl Error too small Acl : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Create a bad version acl
+ //
+
+ if (NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 2))) {
+ DbgPrint("RtlCreateAcl Error bad version : %8lx\n", Status);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestQueryInformationAcl()
+{
+ UCHAR Buffer[512];
+ PACL Acl;
+ ACL_REVISION_INFORMATION AclRevisionInfo;
+ ACL_SIZE_INFORMATION AclSizeInfo;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)Buffer;
+
+ BuildAcl( Fred, Acl, 512 );
+
+ //
+ // Query the revision information
+ //
+
+ if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
+ (PVOID)&AclRevisionInfo,
+ sizeof(ACL_REVISION_INFORMATION),
+ AclRevisionInformation))) {
+ DbgPrint("RtlQueryInformationAcl revision info error : %8lx\n", Status);
+ return FALSE;
+ }
+ if (AclRevisionInfo.AclRevision != ACL_REVISION) {
+ DbgPrint("RtlAclRevision Error\n");
+ return FALSE;
+ }
+
+ //
+ // Query size information
+ //
+
+ if (!NT_SUCCESS(Status = RtlQueryInformationAcl( Acl,
+ (PVOID)&AclSizeInfo,
+ sizeof(ACL_SIZE_INFORMATION),
+ AclSizeInformation))) {
+ DbgPrint("RtlQueryInformationAcl size info Error : %8lx\n", Status);
+ return FALSE;
+ }
+ if ((AclSizeInfo.AceCount != 6) ||
+ (AclSizeInfo.AclBytesInUse != (sizeof(ACL)+6*sizeof(STANDARD_ACE))) ||
+ (AclSizeInfo.AclBytesFree != 512 - AclSizeInfo.AclBytesInUse)) {
+ DbgPrint("RtlAclSize Error\n");
+ DbgPrint("AclSizeInfo.AceCount = %8lx\n", AclSizeInfo.AceCount);
+ DbgPrint("AclSizeInfo.AclBytesInUse = %8lx\n", AclSizeInfo.AclBytesInUse);
+ DbgPrint("AclSizeInfo.AclBytesFree = %8lx\n", AclSizeInfo.AclBytesFree);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestSetInformationAcl()
+{
+ UCHAR Buffer[512];
+ PACL Acl;
+ ACL_REVISION_INFORMATION AclRevisionInfo;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)Buffer;
+
+ BuildAcl( Fred, Acl, 512 );
+
+ //
+ // Set the revision information to the current revision level
+ //
+
+ AclRevisionInfo.AclRevision = ACL_REVISION;
+ if (!NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
+ (PVOID)&AclRevisionInfo,
+ sizeof(ACL_REVISION_INFORMATION),
+ AclRevisionInformation))) {
+ DbgPrint("RtlSetInformationAcl revision info error : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Set the revision information to something wrong
+ //
+
+ AclRevisionInfo.AclRevision = ACL_REVISION+1;
+ if (NT_SUCCESS(Status = RtlSetInformationAcl( Acl,
+ (PVOID)&AclRevisionInfo,
+ sizeof(ACL_REVISION_INFORMATION),
+ AclRevisionInformation))) {
+ DbgPrint("RtlSetInformationAcl revision to wrong info error : %8lx\n", Status);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestAddAce()
+{
+ UCHAR AclBuffer[512];
+ PACL Acl;
+
+ STANDARD_ACE AceList[2];
+
+ NTSTATUS Status;
+
+ Acl = (PACL)AclBuffer;
+
+ //
+ // Create a good large acl
+ //
+
+ if (!NT_SUCCESS(Status = RtlCreateAcl( Acl, 512, 1))) {
+ DbgPrint("RtlCreateAcl Error large Acl : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // test add ace to add two aces to an empty acl
+ //
+
+ AceList[0].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
+ AceList[0].Header.InheritFlags = 0;
+ AceList[0].Header.AceFlags = 0;
+ AceList[0].Mask = 0x22222222;
+ CopyGuid(&AceList[0].Guid, &FredGuid);
+
+ AceList[1].Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ AceList[1].Header.AceSize = sizeof(STANDARD_ACE);
+ AceList[1].Header.InheritFlags = 0;
+ AceList[1].Header.AceFlags = 0;
+ AceList[1].Mask = 0x44444444;
+ CopyGuid(&AceList[1].Guid, &WilmaGuid);
+
+ if (!NT_SUCCESS(Status = RtlAddAce( Acl,
+ 1,
+ 0,
+ AceList,
+ 2*sizeof(STANDARD_ACE)))) {
+ DbgPrint("RtlAddAce to empty acl Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // test add ace to add one to the beginning of an acl
+ //
+
+ AceList[0].Header.AceType = SYSTEM_AUDIT_ACE_TYPE;
+ AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
+ AceList[0].Header.InheritFlags = 0;
+ AceList[0].Header.AceFlags = 0;
+ AceList[0].Mask = 0x11111111;
+ CopyGuid(&AceList[0].Guid, &PebblesGuid);
+
+ if (!NT_SUCCESS(Status = RtlAddAce( Acl,
+ 1,
+ 0,
+ AceList,
+ sizeof(STANDARD_ACE)))) {
+ DbgPrint("RtlAddAce to beginning of acl Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // test add ace to add one to the middle of an acl
+ //
+
+ AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
+ AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
+ AceList[0].Header.InheritFlags = 0;
+ AceList[0].Header.AceFlags = 0;
+ AceList[0].Mask = 0x33333333;
+ CopyGuid(&AceList[0].Guid, &DinoGuid);
+
+ if (!NT_SUCCESS(Status = RtlAddAce( Acl,
+ 1,
+ 2,
+ AceList,
+ sizeof(STANDARD_ACE)))) {
+ DbgPrint("RtlAddAce to middle of acl Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // test add ace to add one to the end of an acl
+ //
+
+ AceList[0].Header.AceType = ACCESS_DENIED_ACE_TYPE;
+ AceList[0].Header.AceSize = sizeof(STANDARD_ACE);
+ AceList[0].Header.InheritFlags = 0;
+ AceList[0].Header.AceFlags = 0;
+ AceList[0].Mask = 0x55555555;
+ CopyGuid(&AceList[0].Guid, &FlintstoneGuid);
+
+ if (!NT_SUCCESS(Status = RtlAddAce( Acl,
+ 1,
+ MAXULONG,
+ AceList,
+ sizeof(STANDARD_ACE)))) {
+ DbgPrint("RtlAddAce to end of an acl Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestDeleteAce()
+{
+ UCHAR Buffer[512];
+ PACL Acl;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)Buffer;
+
+ BuildAcl( Fred, Acl, 512 );
+
+ //
+ // test delete first ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 0))) {
+ DbgPrint("RtlDeleteAce first ace Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // test delete middle ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 2))) {
+ DbgPrint("RtlDeleteAce middle ace Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // test delete last ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlDeleteAce(Acl, 3))) {
+ DbgPrint("RtlDeleteAce last ace Error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestGetAce()
+{
+ UCHAR Buffer[512];
+ PACL Acl;
+
+ STANDARD_ACE Ace;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)Buffer;
+
+ BuildAcl( Fred, Acl, 512 );
+
+ //
+ // Get first ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlGetAce(Acl, 0, (PVOID)&Ace))) {
+ DbgPrint("RtlGetAce first ace error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // Get middle ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlGetAce(Acl, 3, (PVOID)&Ace))) {
+ DbgPrint("RtlGetAce middle ace error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ //
+ // Get last ace
+ //
+
+ if (!NT_SUCCESS(Status = RtlGetAce(Acl, 5, (PVOID)&Ace))) {
+ DbgPrint("RtlGetAce last ace error : %8lx\n", Status);
+ return FALSE;
+ }
+
+// RtlDumpAcl(Acl);
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestAccessCheck()
+{
+ UCHAR AclBuffer[1024];
+ SECURITY_DESCRIPTOR SecurityDescriptor;
+ PACL Acl;
+
+ UCHAR TokenBuffer[512];
+ PACCESS_TOKEN Token;
+
+ NTSTATUS Status;
+
+ Acl = (PACL)AclBuffer;
+ BuildAcl( Fred, Acl, 1024 );
+
+ Token = (PACCESS_TOKEN)TokenBuffer;
+ BuildToken( Fred, Token );
+
+ DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl );
+
+ //
+ // Test should be successful based on aces
+ //
+
+ if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
+ Token,
+ 0x00000001,
+ NULL ))) {
+ DbgPrint("NtAccessCheck Error should allow access : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Test should be successful based on owner
+ //
+
+ if (!NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
+ Token,
+ READ_CONTROL,
+ &FredGuid ))) {
+ DbgPrint("NtAccessCheck Error should allow owner : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Test should be unsuccessful based on aces
+ //
+
+ if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
+ Token,
+ 0x0000000f,
+ &FredGuid ))) {
+ DbgPrint("NtAccessCheck Error shouldn't allow access : %8lx\n", Status);
+ return FALSE;
+ }
+
+ //
+ // Test should be unsuccessful based on non owner
+ //
+
+ if (NT_SUCCESS(Status = NtAccessCheck( &SecurityDescriptor,
+ Token,
+ READ_CONTROL,
+ &BarneyGuid ))) {
+ DbgPrint("NtAccessCheck Error shouldn't allow non owner access : %8lx\n", Status);
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
+
+BOOLEAN
+TestGenerateMessage()
+{
+ return TRUE;
+}
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 05:32:47 +0200