ReactOS  0.4.15-dev-3163-gf17c2c0
Macros | Functions
NtImpersonateAnonymousToken.c File Reference
#include "precomp.h"
#include <winreg.h>
Include dependency graph for NtImpersonateAnonymousToken.c:

Go to the source code of this file.

Macros

#define TOKEN_WITH_EVERYONE_GROUP   1
 
#define TOKEN_WITHOUT_EVERYONE_GROUP   0
 

Functions

static HANDLE GetThreadFromCurrentProcess (_In_ DWORD DesiredAccess)
 
static VOID ImpersonateTokenWithEveryoneOrWithout (_In_ DWORD Value)
 
 START_TEST (NtImpersonateAnonymousToken)
 

Macro Definition Documentation

◆ TOKEN_WITH_EVERYONE_GROUP

#define TOKEN_WITH_EVERYONE_GROUP   1

Definition at line 11 of file NtImpersonateAnonymousToken.c.

◆ TOKEN_WITHOUT_EVERYONE_GROUP

#define TOKEN_WITHOUT_EVERYONE_GROUP   0

Definition at line 12 of file NtImpersonateAnonymousToken.c.

Function Documentation

◆ GetThreadFromCurrentProcess()

static HANDLE GetThreadFromCurrentProcess ( _In_ DWORD  DesiredAccess)
static

Definition at line 16 of file NtImpersonateAnonymousToken.c.

17 {
18  HANDLE Thread;
19 
20  Thread = OpenThread(DesiredAccess, FALSE, GetCurrentThreadId());
21  if (!Thread)
22  {
23  skip("OpenThread() has failed to open the current process' thread (error code: %lu)\n", GetLastError());
24  return NULL;
25  }
26 
27  return Thread;
28 }
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
FALSE
#define FALSE
Definition: types.h:117
GetCurrentThreadId
DWORD WINAPI GetCurrentThreadId(VOID)
Definition: thread.c:458
Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652
OpenThread
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:402
NULL
#define NULL
Definition: types.h:112
skip
#define skip(...)
Definition: atltest.h:64

Referenced by START_TEST().

◆ ImpersonateTokenWithEveryoneOrWithout()

static VOID ImpersonateTokenWithEveryoneOrWithout ( _In_ DWORD  Value)
static

Definition at line 32 of file NtImpersonateAnonymousToken.c.

33 {
34  LONG Result;
35  HKEY Key;
36 
37  Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
38  L"SYSTEM\\CurrentControlSet\\Control\\Lsa",
39  0,
40  KEY_SET_VALUE,
41  &Key);
42  if (Result != ERROR_SUCCESS)
43  {
44  skip("RegOpenKeyExW() has failed to open the key (error code: %li)\n", Result);
45  return;
46  }
47 
48  Result = RegSetValueExW(Key,
49  L"EveryoneIncludesAnonymous",
50  0,
51  REG_DWORD,
52  (PBYTE)&Value,
53  sizeof(Value));
54  if (Result != ERROR_SUCCESS)
55  {
56  skip("RegSetValueExW() has failed to set the value (error code: %li)\n", Result);
57  RegCloseKey(Key);
58  return;
59  }
60 
61  RegCloseKey(Key);
62 }
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017
RegCloseKey
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423
LONG
long LONG
Definition: pedump.c:60
Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426
Key
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_ WDFKEY * Key
Definition: wdfdevice.h:2654
Value
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:406
RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4895
L
static const WCHAR L[]
Definition: oid.c:1250
skip
#define skip(...)
Definition: atltest.h:64
RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
PBYTE
BYTE * PBYTE
Definition: pedump.c:66
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by START_TEST().

◆ START_TEST()

START_TEST ( NtImpersonateAnonymousToken  )

Definition at line 64 of file NtImpersonateAnonymousToken.c.

65 {
66  NTSTATUS Status;
67  BOOL Success;
68  HANDLE ThreadHandle;
69 
70  ThreadHandle = GetThreadFromCurrentProcess(THREAD_IMPERSONATE);
71 
72  /* We give an invalid thread handle */
73  Status = NtImpersonateAnonymousToken(NULL);
74  ok_hex(Status, STATUS_INVALID_HANDLE);
75 
76  /* We want to impersonate the token including Everyone Group SID */
77  ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITH_EVERYONE_GROUP);
78 
79  /* Impersonate the anonymous logon token */
80  Status = NtImpersonateAnonymousToken(ThreadHandle);
81  ok_hex(Status, STATUS_SUCCESS);
82 
83  /* Now revert to the previous security properties */
84  Success = RevertToSelf();
85  ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());
86 
87  /* Return to default setting -- token without Everyone Group SID */
88  ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITHOUT_EVERYONE_GROUP);
89 
90  /* Impersonate the anonymous logon token again */
91  Status = NtImpersonateAnonymousToken(ThreadHandle);
92  ok_hex(Status, STATUS_SUCCESS);
93 
94  /* Now revert to the previous security properties */
95  Success = RevertToSelf();
96  ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());
97 
98  /*
99  * Invalidate the handle and open a new one. This time
100  * with the wrong access right mask, the function will
101  * outright fail on impersonating the token.
102  */
103  CloseHandle(ThreadHandle);
104  ThreadHandle = GetThreadFromCurrentProcess(SYNCHRONIZE);
105 
106  /* The thread handle has incorrect right access */
107  Status = NtImpersonateAnonymousToken(ThreadHandle);
108  ok_hex(Status, STATUS_ACCESS_DENIED);
109 
110  /* We're done with the tests */
111  CloseHandle(ThreadHandle);
112 }
TOKEN_WITHOUT_EVERYONE_GROUP
#define TOKEN_WITHOUT_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:12
CloseHandle
#define CloseHandle
Definition: compat.h:598
THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151
TRUE
#define TRUE
Definition: types.h:120
RevertToSelf
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1487
ImpersonateTokenWithEveryoneOrWithout
static VOID ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)
Definition: NtImpersonateAnonymousToken.c:32
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94
STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
NtImpersonateAnonymousToken
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:5441
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
Status
Status
Definition: gdiplustypes.h:24
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
GetThreadFromCurrentProcess
static HANDLE GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)
Definition: NtImpersonateAnonymousToken.c:16
ok
#define ok(value,...)
Definition: atltest.h:57
NULL
#define NULL
Definition: types.h:112
TOKEN_WITH_EVERYONE_GROUP
#define TOKEN_WITH_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:11
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65