d8/dff/NtImpersonateAnonymousToken_8c_source.html

/*

 * PROJECT:         ReactOS API tests

 * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)

 * PURPOSE:         Tests for the NtImpersonateAnonymousToken API

 * COPYRIGHT:       Copyright 2021 George Bișoc <george.bisoc@reactos.org>

 */


#include "precomp.h"

#include <winreg.h>


#define TOKEN_WITH_EVERYONE_GROUP    1

#define TOKEN_WITHOUT_EVERYONE_GROUP 0


static

HANDLE

GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)

{

    HANDLE Thread;


    Thread = OpenThread(DesiredAccess, FALSE, GetCurrentThreadId());

    if (!Thread)

    {

        skip("OpenThread() has failed to open the current process' thread (error code: %lu)\n", GetLastError());

        return NULL;

    }


    return Thread;

}


static

VOID

ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)

{

    LONG Result;

    HKEY Key;


    Result = RegOpenKeyExW(HKEY_LOCAL_MACHINE,

                           L"SYSTEM\\CurrentControlSet\\Control\\Lsa",

                           0,

                           KEY_SET_VALUE,

                           &Key);

    if (Result != ERROR_SUCCESS)

    {

        skip("RegOpenKeyExW() has failed to open the key (error code: %li)\n", Result);

        return;

    }


    Result = RegSetValueExW(Key,

                            L"EveryoneIncludesAnonymous",

                            0,

                            REG_DWORD,

                            (PBYTE)&Value,

                            sizeof(Value));

    if (Result != ERROR_SUCCESS)

    {

        skip("RegSetValueExW() has failed to set the value (error code: %li)\n", Result);

        RegCloseKey(Key);

        return;

    }


    RegCloseKey(Key);

}


START_TEST(NtImpersonateAnonymousToken)

{

    NTSTATUS Status;

    BOOL Success;

    HANDLE ThreadHandle;


    ThreadHandle = GetThreadFromCurrentProcess(THREAD_IMPERSONATE);


    /* We give an invalid thread handle */

    Status = NtImpersonateAnonymousToken(NULL);

    ok_hex(Status, STATUS_INVALID_HANDLE);


    /* We want to impersonate the token including Everyone Group SID */

    ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITH_EVERYONE_GROUP);


    /* Impersonate the anonymous logon token */

    Status = NtImpersonateAnonymousToken(ThreadHandle);

    ok_hex(Status, STATUS_SUCCESS);


    /* Now revert to the previous security properties */

    Success = RevertToSelf();

    ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());


    /* Return to default setting -- token without Everyone Group SID */

    ImpersonateTokenWithEveryoneOrWithout(TOKEN_WITHOUT_EVERYONE_GROUP);


    /* Impersonate the anonymous logon token again */

    Status = NtImpersonateAnonymousToken(ThreadHandle);

    ok_hex(Status, STATUS_SUCCESS);


    /* Now revert to the previous security properties */

    Success = RevertToSelf();

    ok(Success == TRUE, "We should have terminated the impersonation but we couldn't (error code: %lu)\n", GetLastError());


    /*

     * Invalidate the handle and open a new one. This time

     * with the wrong access right mask, the function will

     * outright fail on impersonating the token.

     */

    CloseHandle(ThreadHandle);

    ThreadHandle = GetThreadFromCurrentProcess(SYNCHRONIZE);


    /* The thread handle has incorrect right access */

    Status = NtImpersonateAnonymousToken(ThreadHandle);

    ok_hex(Status, STATUS_ACCESS_DENIED);


    /* We're done with the tests */

    CloseHandle(ThreadHandle);

}

GetThreadFromCurrentProcess
static HANDLE GetThreadFromCurrentProcess(_In_ DWORD DesiredAccess)
Definition: NtImpersonateAnonymousToken.c:16

TOKEN_WITHOUT_EVERYONE_GROUP
#define TOKEN_WITHOUT_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:12

TOKEN_WITH_EVERYONE_GROUP
#define TOKEN_WITH_EVERYONE_GROUP
Definition: NtImpersonateAnonymousToken.c:11

ImpersonateTokenWithEveryoneOrWithout
static VOID ImpersonateTokenWithEveryoneOrWithout(_In_ DWORD Value)
Definition: NtImpersonateAnonymousToken.c:32

ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94

ok
#define ok(value,...)
Definition: atltest.h:57

skip
#define skip(...)
Definition: atltest.h:64

START_TEST
#define START_TEST(x)
Definition: atltest.h:75

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:47

ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3356

RegSetValueExW
LONG WINAPI RegSetValueExW(_In_ HKEY hKey, _In_ LPCWSTR lpValueName, _In_ DWORD Reserved, _In_ DWORD dwType, _In_ CONST BYTE *lpData, _In_ DWORD cbData)
Definition: reg.c:4900

CloseHandle
#define CloseHandle
Definition: compat.h:739

OpenThread
HANDLE WINAPI OpenThread(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN DWORD dwThreadId)
Definition: thread.c:403

Success
@ Success
Definition: eventcreate.c:712

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

Thread
_In_opt_ PFILE_OBJECT _In_opt_ PETHREAD Thread
Definition: fltkernel.h:2653

Status
Status
Definition: gdiplustypes.h:25

THREAD_IMPERSONATE
#define THREAD_IMPERSONATE
Definition: pstypes.h:151

void
Definition: nsiface.idl:2307

_In_
#define _In_
Definition: ms_sal.h:308

SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61

KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017

NtImpersonateAnonymousToken
NTSTATUS NTAPI NtImpersonateAnonymousToken(_In_ HANDLE ThreadHandle)
Allows the calling thread to impersonate the system's anonymous logon token.
Definition: token.c:2419

STATUS_INVALID_HANDLE
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245

L
#define L(x)
Definition: ntvdm.h:50

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

LONG
long LONG
Definition: pedump.c:60

REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

Key
Definition: find_test.cpp:52

STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145

DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

Value
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413

precomp.h

GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1040

GetCurrentThreadId
DWORD WINAPI GetCurrentThreadId(void)
Definition: thread.c:459

RevertToSelf
BOOL WINAPI RevertToSelf(void)
Definition: security.c:1610

winreg.h

HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Result
_At_(*)(_In_ PWSK_CLIENT Client, _In_opt_ PUNICODE_STRING NodeName, _In_opt_ PUNICODE_STRING ServiceName, _In_opt_ ULONG NameSpace, _In_opt_ GUID *Provider, _In_opt_ PADDRINFOEXW Hints, _Outptr_ PADDRINFOEXW *Result, _In_opt_ PEPROCESS OwningProcess, _In_opt_ PETHREAD OwningThread, _Inout_ PIRP Irp Result)(Mem)) NTSTATUS(WSKAPI *PFN_WSK_GET_ADDRESS_INFO
Definition: wsk.h:426