#define NDEBUG
#include <debug.h>
-//------------------------------------------------------------------------------//
-// Functions required forWorking with ACCESS_STATE structure //
-//------------------------------------------------------------------------------//
-
-NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState(
- PACCESS_STATE AccessState,
- PVOID AuxData,
- ACCESS_MASK DesiredAccess,
- PGENERIC_MAPPING Mapping
- );
-
-NTKERNELAPI VOID NTAPI SeDeleteAccessState(
- PACCESS_STATE AccessState
- );
-
//------------------------------------------------------------------------------//
// Testing Functions //
//------------------------------------------------------------------------------//
PTOKEN_STATISTICS TStats;
PTOKEN_TYPE TType;
PTOKEN_USER TUser;
+ BOOLEAN Flag;
+ ULONG i;
//----------------------------------------------------------------//
// Testing SeQueryInformationToken with various args //
if (Token == NULL) return;
Status = SeQueryInformationToken(Token, TokenOwner, &Buffer);
- ok((Status == STATUS_SUCCESS), "SQIT with TokenOwner arg fails with status 0x%X\n", Status);
+ ok((Status == STATUS_SUCCESS), "SQIT with TokenOwner arg fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenOwner arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenOwner arg. But Buffer == NULL\n");
if (Buffer)
{
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenDefaultDacl, &Buffer);
- ok(Status == STATUS_SUCCESS, "SQIT with TokenDefaultDacl fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "SQIT with TokenDefaultDacl fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenDefaultDacl arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenDefaultDacl arg. But Buffer == NULL\n");
if (Buffer)
{
TDefDacl = (PTOKEN_DEFAULT_DACL)Buffer;
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenGroups, &Buffer);
- ok(Status == STATUS_SUCCESS, "SQIT with TokenGroups fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "SQIT with TokenGroups fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenGroups arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenGroups arg. But Buffer == NULL\n");
if (Buffer)
{
TGroups = (PTOKEN_GROUPS)Buffer;
GroupCount = TGroups->GroupCount;
- int flag = 1;
- int i;
+ Flag = TRUE;
for (i = 0; i < GroupCount; i++)
{
sid = TGroups->Groups[i].Sid;
if (!RtlValidSid(sid))
{
- flag = 0;
+ Flag = FALSE;
break;
}
}
- ok((flag == TRUE), "TokenGroup's SIDs are not valid\n");
+ ok((Flag == TRUE), "TokenGroup's SIDs are not valid\n");
ExFreePool(Buffer);
}
}
// Call SQIT with TokenImpersonationLevel argument
//
// What's up? Why SQIT fails with right arg?
+ // Because your token has Token->TokenType != TokenImpersonation. -hbelusca
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenImpersonationLevel, &Buffer);
- ok(Status == STATUS_SUCCESS, "SQIT with TokenImpersonationLevel fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "SQIT with TokenImpersonationLevel fails with status 0x%08X\n", Status);
+ if (Buffer) ExFreePool(Buffer);
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenImpersonationLevel, &Buffer);
- ok(Status == STATUS_SUCCESS, "and again: SQIT with TokenImpersonationLevel fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "and again: SQIT with TokenImpersonationLevel fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenImpersonationLevel arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenImpersonationLevel arg. But Buffer == NULL\n");
} else {
- ok(Buffer == NULL, "Wrong. SQIT call is't success. But Buffer != NULL\n");
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
}
+ if (Buffer) ExFreePool(Buffer);
+
+ //----------------------------------------------------------------//
+
+ // Call SQIT with the 4 classes (TokenOrigin, TokenGroupsAndPrivileges,
+ // TokenRestrictedSids and TokenSandBoxInert) are not supported by
+ // SeQueryInformationToken (only NtQueryInformationToken supports them).
+ //
+
+ Buffer = NULL;
+ Status = SeQueryInformationToken(Token, TokenOrigin, &Buffer);
+ ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenOrigin failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
+
+ Buffer = NULL;
+ Status = SeQueryInformationToken(Token, TokenGroupsAndPrivileges, &Buffer);
+ ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenGroupsAndPrivileges failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
+
+ Buffer = NULL;
+ Status = SeQueryInformationToken(Token, TokenRestrictedSids, &Buffer);
+ ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenRestrictedSids failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
+
+ Buffer = NULL;
+ Status = SeQueryInformationToken(Token, TokenSandBoxInert, &Buffer);
+ ok(Status == STATUS_INVALID_INFO_CLASS, "SQIT with TokenSandBoxInert failed with Status 0x%08X; expected STATUS_INVALID_INFO_CLASS\n", Status);
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
//----------------------------------------------------------------//
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenStatistics, &Buffer);
- ok(Status == STATUS_SUCCESS, "SQIT with TokenStatistics fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "SQIT with TokenStatistics fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenStatistics arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenStatistics arg. But Buffer == NULL\n");
if (Buffer)
{
TStats = (PTOKEN_STATISTICS)Buffer;
- // just put 0 into 1st arg or use trace to print TokenStatistics f
+ // just put 0 into 1st arg or use trace to print TokenStatistics
ok(1, "print statistics:\n\tTokenID = %u_%d\n\tSecurityImperLevel = %d\n\tPrivCount = %d\n\tGroupCount = %d\n\n", TStats->TokenId.LowPart,
TStats->TokenId.HighPart,
TStats->ImpersonationLevel,
TStats->PrivilegeCount,
TStats->GroupCount
);
- ExFreePool(TStats);
+ ExFreePool(Buffer);
}
} else {
- ok(Buffer == NULL, "Wrong. SQIT call is't success. But Buffer != NULL\n");
+ ok(Buffer == NULL, "Wrong. SQIT call failed. But Buffer != NULL\n");
}
//----------------------------------------------------------------//
Buffer = NULL;
Status = SeQueryInformationToken(Token, TokenType, &Buffer);
- ok(Status == STATUS_SUCCESS, "SQIT with TokenType fails with status 0x%X\n", Status);
+ ok(Status == STATUS_SUCCESS, "SQIT with TokenType fails with status 0x%08X\n", Status);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenType arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenType arg. But Buffer == NULL\n");
if (Buffer)
{
TType = (PTOKEN_TYPE)Buffer;
ok((*TType == TokenPrimary || *TType == TokenImpersonation), "TokenType in not a primary nor impersonation. FAILED\n");
- ExFreePool(TType);
+ ExFreePool(Buffer);
}
}
ok(Status == STATUS_SUCCESS, "SQIT with TokenUser fails\n");
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenUser arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenUser arg. But Buffer == NULL\n");
if (Buffer)
{
TUser = (PTOKEN_USER)Buffer;
ok(RtlValidSid(TUser->User.Sid), "TokenUser has an invalid Sid\n");
- ExFreePool(TUser);
+ ExFreePool(Buffer);
}
}
PVOID Buffer;
POBJECT_TYPE PsProcessType = NULL;
PGENERIC_MAPPING GenericMapping;
+ ULONG i;
SubjectContext = ExAllocatePool(PagedPool, sizeof(SECURITY_SUBJECT_CONTEXT));
SeCaptureSubjectContext(&AccessState->SubjectSecurityContext);
SeLockSubjectContext(&AccessState->SubjectSecurityContext);
-
Token = SeQuerySubjectContextToken(&AccessState->SubjectSecurityContext);
// Testing SQIT with AccessState Token
// Testing SeFreePrivileges //
//----------------------------------------------------------------//
- Privileges = ExAllocatePool(PagedPool, AuxData->PrivilegeSet->PrivilegeCount*sizeof(PRIVILEGE_SET));
-
+ Privileges = NULL;
Checker = SeAccessCheck(
AccessState->SecurityDescriptor,
&AccessState->SubjectSecurityContext,
);
ok(Checker, "Checker is NULL\n");
ok((Privileges != NULL), "Privileges is NULL\n");
+ if (Privileges)
+ {
+ trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
+ AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
+ }
if (Privileges) SeFreePrivileges(Privileges);
Status = SeQueryInformationToken(Token, TokenPrivileges, &Buffer);
if (Status == STATUS_SUCCESS)
{
- ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenPrivileges arg. But Buffer = NULL\n");
+ ok(Buffer != NULL, "Wrong. SQIT call was successful with TokenPrivileges arg. But Buffer == NULL\n");
if (Buffer)
{
TPrivileges = (PTOKEN_PRIVILEGES)(Buffer);
ok((SeAppendPrivileges(AccessState, NewPrivilegeSet)) == STATUS_SUCCESS, "SeAppendPrivileges failed\n");
ok((AuxData->PrivilegeSet->PrivilegeCount == 20),"PrivelegeCount must be 20, but it is %d\n", AuxData->PrivilegeSet->PrivilegeCount);
ExFreePool(NewPrivilegeSet);
- int i;
for (i = 0; i < AuxData->PrivilegeSet->PrivilegeCount; i++)
{
AuxData->PrivilegeSet->Privilege[i].Attributes = TPrivileges->Privileges[i].Attributes;
// Call SeFreePrivileges again
- Privileges = ExAllocatePool(PagedPool, 20*sizeof(PRIVILEGE_SET));
-
+ Privileges = NULL;
Checker = SeAccessCheck(
AccessState->SecurityDescriptor,
&AccessState->SubjectSecurityContext,
);
ok(Checker, "Checker is NULL\n");
ok((Privileges != NULL), "Privileges is NULL\n");
+ if (Privileges)
+ {
+ trace("AuxData->PrivilegeSet->PrivilegeCount = %d ; Privileges->PrivilegeCount = %d\n",
+ AuxData->PrivilegeSet->PrivilegeCount, Privileges->PrivilegeCount);
+ }
if (Privileges) SeFreePrivileges(Privileges);
//----------------------------------------------------------------//