test: tse.c File Reference

00043 { 00044 VOID KiSystemStartup(); 00045 00046 TestFunction = SeTest; 00047 KiSystemStartup(); 00048 return( 0 ); 00049 }

00054 { 00055 BOOLEAN TestMakeSystemToken(); 00056 BOOLEAN TestTokenCopy(); 00057 BOOLEAN TestTokenSize(); 00058 BOOLEAN TestDefaultObjectMethod(); 00059 BOOLEAN TestCaptureSecurityDescriptor(); 00060 BOOLEAN TestAssignSecurity(); 00061 BOOLEAN TestAccessCheck(); 00062 BOOLEAN TestGenerateMessage(); 00063 00064 DbgPrint("Start SeTest()\n"); 00065 00066 if (!TestMakeSystemToken()) { 00067 DbgPrint("TestMakeSystemToken() Error\n"); 00068 return FALSE; 00069 } 00070 if (!TestTokenCopy()) { 00071 DbgPrint("TestTokenCopy() Error\n"); 00072 return FALSE; 00073 } 00074 if (!TestTokenSize()) { 00075 DbgPrint("TestTokenSize() Error\n"); 00076 return FALSE; 00077 } 00078 if (!TestDefaultObjectMethod()) { 00079 DbgPrint("TestDefaultObjectMethod() Error\n"); 00080 return FALSE; 00081 } 00082 if (!TestCaptureSecurityDescriptor()) { 00083 DbgPrint("TestCaptureSecurityDescriptor() Error\n"); 00084 return FALSE; 00085 } 00086 if (!TestAssignSecurity()) { 00087 DbgPrint("TestAssignSecurity() Error\n"); 00088 return FALSE; 00089 } 00090 if (!TestAccessCheck()) { 00091 DbgPrint("TestAccessCheck() Error\n"); 00092 return FALSE; 00093 } 00094 if (!TestGenerateMessage()) { 00095 DbgPrint("TestGenerateMessage() Error\n"); 00096 return FALSE; 00097 } 00098 00099 DbgPrint("End SeTest()\n"); 00100 return TRUE; 00101 }

00504 { 00505 SECURITY_DESCRIPTOR SecurityDescriptor; 00506 PACL Acl; 00507 00508 PACCESS_TOKEN Token; 00509 00510 Acl = (PACL)ExAllocatePool( PagedPool, 1024 ); 00511 BuildAcl( Fred, Acl, 1024 ); 00512 00513 Token = (PACCESS_TOKEN)ExAllocatePool( PagedPool, 512 ); 00514 BuildToken( Fred, Token ); 00515 00516 DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl ); 00517 00518 // 00519 // Test should be successful based on aces 00520 // 00521 00522 if (!SeAccessCheck( &SecurityDescriptor, 00523 Token, 00524 0x00000001, 00525 NULL, 00526 UserMode )) { 00527 DbgPrint("SeAccessCheck Error should allow access\n"); 00528 return FALSE; 00529 } 00530 00531 // 00532 // Test should be successful based on owner 00533 // 00534 00535 if (!SeAccessCheck( &SecurityDescriptor, 00536 Token, 00537 READ_CONTROL, 00538 &FredGuid, 00539 UserMode )) { 00540 DbgPrint("SeAccessCheck Error should allow owner\n"); 00541 return FALSE; 00542 } 00543 00544 // 00545 // Test should be unsuccessful based on aces 00546 // 00547 00548 if (SeAccessCheck( &SecurityDescriptor, 00549 Token, 00550 0x0000000f, 00551 &FredGuid, 00552 UserMode )) { 00553 DbgPrint("SeAccessCheck Error shouldn't allow access\n"); 00554 return FALSE; 00555 } 00556 00557 // 00558 // Test should be unsuccessful based on non owner 00559 // 00560 00561 if (SeAccessCheck( &SecurityDescriptor, 00562 Token, 00563 READ_CONTROL, 00564 &BarneyGuid, 00565 UserMode )) { 00566 DbgPrint("SeAccessCheck Error shouldn't allow non owner access\n"); 00567 return FALSE; 00568 } 00569 00570 return TRUE; 00571 }

00361 { 00362 SECURITY_DESCRIPTOR SecurityDescriptor; 00363 PACL Acl; 00364 00365 PACCESS_TOKEN Token; 00366 00367 GENERIC_MAPPING GenericMapping; 00368 00369 PSECURITY_DESCRIPTOR NewDescriptor; 00370 00371 NTSTATUS Status; 00372 00373 Acl = (PACL)ExAllocatePool( PagedPool, 1024 ); 00374 BuildAcl( Fred, Acl, 1024 ); 00375 00376 Token = (PACCESS_TOKEN)ExAllocatePool( PagedPool, 512 ); 00377 BuildToken( Fred, Token ); 00378 00379 DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl ); 00380 00381 // 00382 // Kernel mode, non dir, and no new 00383 // 00384 00385 NewDescriptor = NULL; 00386 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00387 &NewDescriptor, 00388 FALSE, 00389 Token, 00390 &GenericMapping, 00391 KernelMode ))) { 00392 DbgPrint("SeAssign Error NoNew, NoDir, Kernel : %8lx\n", Status ); 00393 return FALSE; 00394 } 00395 00396 // 00397 // Kernel mode, non dir, and new 00398 // 00399 00400 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00401 &NewDescriptor, 00402 FALSE, 00403 Token, 00404 &GenericMapping, 00405 KernelMode ))) { 00406 DbgPrint("SeAssign Error New, NoDir, Kernel : %8lx\n", Status ); 00407 return FALSE; 00408 } 00409 00410 // 00411 // Kernel mode, dir, and no new 00412 // 00413 00414 NewDescriptor = NULL; 00415 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00416 &NewDescriptor, 00417 TRUE, 00418 Token, 00419 &GenericMapping, 00420 KernelMode ))) { 00421 DbgPrint("SeAssign Error NoNew, Dir, Kernel : %8lx\n", Status ); 00422 return FALSE; 00423 } 00424 00425 // 00426 // Kernel mode, dir, and new 00427 // 00428 00429 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00430 &NewDescriptor, 00431 TRUE, 00432 Token, 00433 &GenericMapping, 00434 KernelMode ))) { 00435 DbgPrint("SeAssign Error New, Dir, Kernel : %8lx\n", Status ); 00436 return FALSE; 00437 } 00438 00439 00440 // 00441 // User mode, non dir, and no new 00442 // 00443 00444 NewDescriptor = NULL; 00445 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00446 &NewDescriptor, 00447 FALSE, 00448 Token, 00449 &GenericMapping, 00450 UserMode ))) { 00451 DbgPrint("SeAssign Error NoNew, NoDir, User : %8lx\n", Status ); 00452 return FALSE; 00453 } 00454 00455 // 00456 // User mode, non dir, and new 00457 // 00458 00459 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00460 &NewDescriptor, 00461 FALSE, 00462 Token, 00463 &GenericMapping, 00464 UserMode ))) { 00465 DbgPrint("SeAssign Error New, NoDir, User : %8lx\n", Status ); 00466 return FALSE; 00467 } 00468 00469 // 00470 // User mode, dir, and no new 00471 // 00472 00473 NewDescriptor = NULL; 00474 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00475 &NewDescriptor, 00476 TRUE, 00477 Token, 00478 &GenericMapping, 00479 UserMode ))) { 00480 DbgPrint("SeAssign Error NoNew, Dir, User : %8lx\n", Status ); 00481 return FALSE; 00482 } 00483 00484 // 00485 // User mode, dir, and new 00486 // 00487 00488 if (!NT_SUCCESS(Status = SeAssignSecurity( &SecurityDescriptor, 00489 &NewDescriptor, 00490 TRUE, 00491 Token, 00492 &GenericMapping, 00493 UserMode ))) { 00494 DbgPrint("SeAssign Error New, Dir, User : %8lx\n", Status ); 00495 return FALSE; 00496 } 00497 00498 return TRUE; 00499 }

00297 { 00298 SECURITY_DESCRIPTOR SecurityDescriptor; 00299 PACL Sacl; 00300 PACL Dacl; 00301 PSECURITY_DESCRIPTOR NewDescriptor; 00302 NTSTATUS Status; 00303 00304 Sacl = (PACL)ExAllocatePool( PagedPool, 1024 ); 00305 Dacl = (PACL)ExAllocatePool( PagedPool, 1024 ); 00306 BuildAcl( Pebbles, Sacl, 1024 ); 00307 BuildAcl( Barney, Dacl, 1024 ); 00308 00309 DiscretionarySecurityDescriptor( &SecurityDescriptor, Dacl ); 00310 SecurityDescriptor.SecurityInformationClass = AllAclInformation; 00311 SecurityDescriptor.SystemAcl = Sacl; 00312 00313 // 00314 // Capture kernel mode and don't force 00315 // 00316 00317 if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor, 00318 KernelMode, 00319 PagedPool, 00320 FALSE, 00321 &NewDescriptor ))) { 00322 DbgPrint("SeCapture Error, KernelMode, FALSE : %8lx\n", Status ); 00323 return FALSE; 00324 } 00325 00326 // 00327 // Capture kernel mode and force 00328 // 00329 00330 if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor, 00331 KernelMode, 00332 PagedPool, 00333 TRUE, 00334 &NewDescriptor ))) { 00335 DbgPrint("SeCapture Error, KernelMode, TRUE : %8lx\n", Status ); 00336 return FALSE; 00337 } else { 00338 ExFreePool( NewDescriptor ); 00339 } 00340 00341 // 00342 // Capture user mode 00343 // 00344 00345 if (!NT_SUCCESS(Status = SeCaptureSecurityDescriptor( &SecurityDescriptor, 00346 UserMode, 00347 PagedPool, 00348 TRUE, 00349 &NewDescriptor ))) { 00350 DbgPrint("SeCapture Error, UserMode, FALSE : %8lx\n", Status ); 00351 return FALSE; 00352 } else { 00353 ExFreePool( NewDescriptor ); 00354 } 00355 00356 return TRUE; 00357 }

00206 { 00207 SECURITY_DESCRIPTOR SecurityDescriptor; 00208 PSECURITY_DESCRIPTOR Buffer; 00209 PACL Acl; 00210 NTSTATUS Status; 00211 PSECURITY_DESCRIPTOR ObjectsSecurityDescriptor; 00212 ULONG Length; 00213 00214 Acl = (PACL)ExAllocatePool( PagedPool, 1024 ); 00215 Buffer = (PSECURITY_DESCRIPTOR)ExAllocatePool( PagedPool, 1024 ); 00216 00217 BuildAcl( Fred, Acl, 1024 ); 00218 DiscretionarySecurityDescriptor( &SecurityDescriptor, Acl ); 00219 00220 ObjectsSecurityDescriptor = NULL; 00221 00222 // 00223 // Set the descriptor 00224 // 00225 00226 if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL, 00227 SetSecurityDescriptor, 00228 &SecurityDescriptor, 00229 0, 00230 NULL, 00231 &ObjectsSecurityDescriptor, 00232 PagedPool ))) { 00233 00234 DbgPrint("SeDefaultObjectMethod setting error: %8lx\n", Status ); 00235 return FALSE; 00236 } 00237 00238 // 00239 // Query the descriptor 00240 // 00241 00242 if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL, 00243 QuerySecurityDescriptor, 00244 Buffer, 00245 AllAclInformation, 00246 &Length, 00247 &ObjectsSecurityDescriptor, 00248 PagedPool ))) { 00249 00250 DbgPrint("SeDefaultObjectMethod reading error: %8lx\n", Status ); 00251 return FALSE; 00252 } 00253 00254 // 00255 // Replace the descriptor 00256 // 00257 00258 BuildAcl( Wilma, Acl, 1024 ); 00259 00260 if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL, 00261 SetSecurityDescriptor, 00262 &SecurityDescriptor, 00263 AllAclInformation, 00264 &Length, 00265 &ObjectsSecurityDescriptor, 00266 PagedPool ))) { 00267 00268 DbgPrint("SeDefaultObjectMethod reading error: %8lx\n", Status ); 00269 return FALSE; 00270 } 00271 00272 // 00273 // Delete the descriptor 00274 // 00275 00276 if (!NT_SUCCESS(Status = SeDefaultObjectMethod( NULL, 00277 DeleteSecurityDescriptor, 00278 NULL, 00279 0, 00280 NULL, 00281 &ObjectsSecurityDescriptor, 00282 PagedPool ))) { 00283 00284 DbgPrint("SeDefaultObjectMethod deleting error: %8lx\n", Status ); 00285 return FALSE; 00286 } 00287 00288 ExFreePool(Acl); 00289 ExFreePool(Buffer); 00290 00291 return TRUE; 00292 }

00576 { 00577 return TRUE; 00578 }

00106 { 00107 PACCESS_TOKEN Token; 00108 00109 // 00110 // Make the system token 00111 // 00112 00113 Token = (PACCESS_TOKEN)SeMakeSystemToken( PagedPool ); 00114 00115 // 00116 // and check its contents 00117 // 00118 00119 if (!SepIsSystemToken( Token, ((ACCESS_TOKEN *)Token)->Size )) { 00120 DbgPrint("SepIsSystemToken Error\n"); 00121 return FALSE; 00122 } 00123 00124 ExFreePool( Token ); 00125 00126 return TRUE; 00127 }

00132 { 00133 PACCESS_TOKEN InToken; 00134 PACCESS_TOKEN OutToken; 00135 00136 NTSTATUS Status; 00137 00138 ULONG i; 00139 00140 // 00141 // Allocate Buffers, and build a token 00142 // 00143 00144 InToken = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512); 00145 OutToken = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512); 00146 00147 BuildToken( Fred, InToken ); 00148 00149 // 00150 // Make a copy of the token 00151 // 00152 00153 if (!NT_SUCCESS(Status = SeTokenCopy( InToken, OutToken, 512))) { 00154 DbgPrint("SeTokenCopy Error: %8lx\n", Status); 00155 return FALSE; 00156 } 00157 00158 // 00159 // check both tokens for equality 00160 // 00161 00162 for (i = 0; i < ((ACCESS_TOKEN *)InToken)->Size; i += 1) { 00163 if (*((PUCHAR)InToken + 1) != *((PUCHAR)OutToken + 1)) { 00164 DbgPrint("Token copy error\n"); 00165 return FALSE; 00166 } 00167 } 00168 00169 ExFreePool( InToken ); 00170 ExFreePool( OutToken ); 00171 00172 return TRUE; 00173 }

00178 { 00179 PACCESS_TOKEN Token; 00180 00181 // 00182 // Allocate and build a token 00183 // 00184 00185 Token = (PACCESS_TOKEN)ExAllocatePool(PagedPool, 512); 00186 00187 BuildToken( Wilma, Token ); 00188 00189 // 00190 // Get the token size 00191 // 00192 00193 if (SeTokenSize(Token) != ((ACCESS_TOKEN *)Token)->Size) { 00194 DbgPrint("SeTokenSize error\n"); 00195 return FALSE; 00196 } 00197 00198 ExFreePool( Token ); 00199 00200 return TRUE; 00201 }


Functions
BOOLEAN	SeTest ()
int	main (int argc, char *argv[])
BOOLEAN	TestMakeSystemToken ()
BOOLEAN	TestTokenCopy ()
BOOLEAN	TestTokenSize ()
BOOLEAN	TestDefaultObjectMethod ()
BOOLEAN	TestCaptureSecurityDescriptor ()
BOOLEAN	TestAssignSecurity ()
BOOLEAN	TestAccessCheck ()
BOOLEAN	TestGenerateMessage ()

tse.c File Reference

Functions

Function Documentation