d8/dff/NtImpersonateAnonymousToken_8c_source.html

 /*
  * PROJECT:         ReactOS API tests
  * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
  * PURPOSE:         Tests for the NtImpersonateAnonymousToken API
  * COPYRIGHT:       Copyright 2021 George Bișoc <george.bisoc@reactos.org>
  */

 #include "precomp.h"
 #include <winreg.h>

 #define TOKEN_WITH_EVERYONE_GROUP    1
 #define TOKEN_WITHOUT_EVERYONE_GROUP 0

 static
 HANDLE
 GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)
 {
     HANDLE Thread;

     Thread = OpenThread(DesiredAccess, FALSE, GetCurrentThreadId());
     if (!Thread)
     {
         skip("OpenThread() has failed to open the current process' thread (error code: %lu)\n", GetLastError());
         return NULL;
     }

     return Thread;
 }

 static
 VOID
 ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)
 {
     LONG Result;
     HKEY Key;

     Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
                            L"SYSTEM\\CurrentControlSet\\Control\\Lsa",
                            0,
                            KEY_SET_VALUE,
                            &Key);
     if (Result != ERROR_SUCCESS)
     {
         skip("RegOpenKeyExW() has failed to open the key (error code: %li)\n", Result);
         return;
     }

     Result = RegSetValueExW(Key,
                             L"EveryoneIncludesAnonymous",
                             0,
                             REG_DWORD,
                             (PBYTE)&Value,
                             sizeof(Value));
     if (Result != ERROR_SUCCESS)
     {
         skip("RegSetValueExW() has failed to set the value (error code: %li)\n", Result);
         RegCloseKey(Key);
         return;
     }

     RegCloseKey(Key);
 }

 START_TEST(NtImpersonateAnonymousToken)
 {
     NTSTATUS Status;
     BOOL Success;
     HANDLE ThreadHandle;

     ThreadHandle = GetThreadFromCurrentProcess(THREAD_IMPERSONATE);

     /* We give an invalid thread handle */
     Status = NtImpersonateAnonymousToken(NULL);
     ok_hex(Status, STATUS_INVALID_HANDLE);

     /* We want to impersonate the token including Everyone Group SID */
     ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITH_EVERYONE_GROUP);

     /* Impersonate the anonymous logon token */
     Status = NtImpersonateAnonymousToken(ThreadHandle);
     ok_hex(Status, STATUS_SUCCESS);

     /* Now revert to the previous security properties */
     Success = RevertToSelf();
     ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());

     /* Return to default setting -- token without Everyone Group SID */
     ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITHOUT_EVERYONE_GROUP);

     /* Impersonate the anonymous logon token again */
     Status = NtImpersonateAnonymousToken(ThreadHandle);
     ok_hex(Status, STATUS_SUCCESS);

     /* Now revert to the previous security properties */
     Success = RevertToSelf();
     ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());

     /*
      * Invalidate the handle and open a new one. This time
      * with the wrong access right mask, the function will
      * outright fail on impersonating the token.
      */
     CloseHandle(ThreadHandle);
     ThreadHandle = GetThreadFromCurrentProcess(SYNCHRONIZE);

     /* The thread handle has incorrect right access */
     Status = NtImpersonateAnonymousToken(ThreadHandle);
     ok_hex(Status, STATUS_ACCESS_DENIED);

     /* We're done with the tests */
     CloseHandle(ThreadHandle);
 }
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654

TOKEN_WITHOUT_EVERYONE_GROUP
#define TOKEN_WITHOUT_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:12

CloseHandle
#define CloseHandle
Definition: compat.h:598

ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10

KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017

START_TEST
START_TEST(NtImpersonateAnonymousToken)
Definition: NtImpersonateAnonymousToken.c:64

THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151

TRUE
#define TRUE
Definition: types.h:120

RevertToSelf
BOOL WINAPI RevertToSelf(VOID)
Definition: security.c:1487

ImpersonateTokenWithEveryoneOrWithout
static VOID ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)
Definition: NtImpersonateAnonymousToken.c:32

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040

ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94

STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245

precomp.h

NtImpersonateAnonymousToken
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:4561

RegCloseKey
LONG WINAPI RegCloseKey(HKEY hKey)
Definition: reg.c:423

FALSE
#define FALSE
Definition: types.h:117

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

LONG
long LONG
Definition: pedump.c:60

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426

_In_
#define _In_
Definition: ms_sal.h:308

Key
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_ WDFKEY * Key
Definition: wdfdevice.h:2654

GetCurrentThreadId
DWORD WINAPI GetCurrentThreadId(VOID)
Definition: thread.c:458

Value
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:406

Status
Status
Definition: gdiplustypes.h:24

RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4895

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2652

STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

Success
Definition: eventcreate.c:712

L
static const WCHAR L[]
Definition: oid.c:1250

OpenThread
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:402

SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61

winreg.h

GetThreadFromCurrentProcess
static HANDLE GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)
Definition: NtImpersonateAnonymousToken.c:16

Key
Definition: find_test.cpp:51

ok
#define ok(value,...)
Definition: atltest.h:57

NULL
#define NULL
Definition: types.h:112

TOKEN_WITH_EVERYONE_GROUP
#define TOKEN_WITH_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:11

skip
#define skip(...)
Definition: atltest.h:64

RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3366

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

void
Definition: nsiface.idl:2306

REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12