ReactOS 0.4.16-dev-197-g92996da
NtImpersonateAnonymousToken.c
Go to the documentation of this file.
1/*
2 * PROJECT: ReactOS API tests
3 * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4 * PURPOSE: Tests for the NtImpersonateAnonymousToken API
5 * COPYRIGHT: Copyright 2021 George Bișoc <george.bisoc@reactos.org>
6 */
7
8#include "precomp.h"
9#include <winreg.h>
10
11#define TOKEN_WITH_EVERYONE_GROUP 1
12#define TOKEN_WITHOUT_EVERYONE_GROUP 0
13
14static
17{
19
21 if (!Thread)
22 {
23 skip("OpenThread() has failed to open the current process' thread (error code: %lu)\n", GetLastError());
24 return NULL;
25 }
26
27 return Thread;
28}
29
30static
31VOID
33{
35 HKEY Key;
36
38 L"SYSTEM\\CurrentControlSet\\Control\\Lsa",
39 0,
41 &Key);
42 if (Result != ERROR_SUCCESS)
43 {
44 skip("RegOpenKeyExW() has failed to open the key (error code: %li)\n", Result);
45 return;
46 }
47
49 L"EveryoneIncludesAnonymous",
50 0,
52 (PBYTE)&Value,
53 sizeof(Value));
54 if (Result != ERROR_SUCCESS)
55 {
56 skip("RegSetValueExW() has failed to set the value (error code: %li)\n", Result);
58 return;
59 }
60
62}
63
65{
68 HANDLE ThreadHandle;
69
71
72 /* We give an invalid thread handle */
75
76 /* We want to impersonate the token including Everyone Group SID */
78
79 /* Impersonate the anonymous logon token */
80 Status = NtImpersonateAnonymousToken(ThreadHandle);
82
83 /* Now revert to the previous security properties */
85 ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());
86
87 /* Return to default setting -- token without Everyone Group SID */
89
90 /* Impersonate the anonymous logon token again */
91 Status = NtImpersonateAnonymousToken(ThreadHandle);
93
94 /* Now revert to the previous security properties */
96 ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());
97
98 /*
99 * Invalidate the handle and open a new one. This time
100 * with the wrong access right mask, the function will
101 * outright fail on impersonating the token.
102 */
103 CloseHandle(ThreadHandle);
105
106 /* The thread handle has incorrect right access */
107 Status = NtImpersonateAnonymousToken(ThreadHandle);
109
110 /* We're done with the tests */
111 CloseHandle(ThreadHandle);
112}
static HANDLE GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)
#define TOKEN_WITHOUT_EVERYONE_GROUP
#define TOKEN_WITH_EVERYONE_GROUP
static VOID ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)
#define ok_hex(expression, result)
Definition: atltest.h:94
#define ok(value,...)
Definition: atltest.h:57
#define skip(...)
Definition: atltest.h:64
#define START_TEST(x)
Definition: atltest.h:75
LONG NTSTATUS
Definition: precomp.h:26
#define RegCloseKey(hKey)
Definition: registry.h:49
#define STATUS_INVALID_HANDLE
Definition: d3dkmdt.h:40
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3333
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4882
#define CloseHandle
Definition: compat.h:739
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:403
@ Success
Definition: eventcreate.c:712
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653
Status
Definition: gdiplustypes.h:25
#define THREAD_IMPERSONATE
Definition: pstypes.h:152
#define _In_
Definition: ms_sal.h:308
#define SYNCHRONIZE
Definition: nt_native.h:61
#define KEY_SET_VALUE
Definition: nt_native.h:1017
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2612
#define L(x)
Definition: ntvdm.h:50
BYTE * PBYTE
Definition: pedump.c:66
long LONG
Definition: pedump.c:60
#define REG_DWORD
Definition: sdbapi.c:596
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
DWORD WINAPI GetCurrentThreadId(void)
Definition: thread.c:459
BOOL WINAPI RevertToSelf(void)
Definition: security.c:1608
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:409