ReactOS  0.4.15-dev-3182-g7b62228
NtCompareTokens.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS API tests
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Tests for the NtCompareTokens API
5  * COPYRIGHT: Copyright 2021 George BiČ™oc <george.bisoc@reactos.org>
6  */
7 
8 #include "precomp.h"
9 
10 static
11 HANDLE
13 {
14  BOOL Success;
15  HANDLE Token;
16 
19  &Token);
20  if (!Success)
21  {
22  skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
23  return NULL;
24  }
25 
26  return Token;
27 }
28 
29 static
30 HANDLE
32 {
33  BOOL Success;
34  HANDLE ReturnedToken;
35 
37  if (!Success)
38  {
39  skip("DuplicateToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
40  return NULL;
41  }
42 
43  return ReturnedToken;
44 }
45 
46 static
47 VOID
49 {
50  BOOL Success;
51 
53  if (!Success)
54  {
55  skip("AdjustTokenPrivileges() has failed to disable the privileges (error code: %lu)!\n", GetLastError());
56  return;
57  }
58 }
59 
61 {
63  HANDLE ProcessToken = NULL;
64  HANDLE DuplicatedToken = NULL;
66 
67  /* Obtain some tokens from current process */
68  ProcessToken = GetTokenFromCurrentProcess();
69  DuplicatedToken = GetDuplicateToken(ProcessToken);
70 
71  /*
72  * Give invalid token handles and don't output
73  * the returned value in the last parameter.
74  */
77 
78  /*
79  * Token handles are valid but don't output
80  * the returned value.
81  */
82  Status = NtCompareTokens(ProcessToken, ProcessToken, NULL);
84 
85  /* The tokens are the same */
86  Status = NtCompareTokens(ProcessToken, ProcessToken, &IsEqual);
88  ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);
89 
90  /* A token is duplicated with equal SIDs and privileges */
91  Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
93  ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);
94 
95  /* Disable all the privileges for token. */
96  DisableTokenPrivileges(ProcessToken);
97 
98  /*
99  * The main token has privileges disabled but the
100  * duplicated one has them enabled still.
101  */
102  Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
104  ok(IsEqual == FALSE, "Tokens mustn't be equal (current value: %u)!\n", IsEqual);
105 
106  /* We finished our tests, close the tokens */
107  CloseHandle(ProcessToken);
108  CloseHandle(DuplicatedToken);
109 }
static VOID DisableTokenPrivileges(_In_ HANDLE Token)
#define CloseHandle
Definition: compat.h:598
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:5293
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
START_TEST(NtCompareTokens)
#define ok_hex(expression, result)
Definition: atltest.h:94
static HANDLE GetDuplicateToken(_In_ HANDLE Token)
#define FALSE
Definition: types.h:117
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned char BOOLEAN
#define _In_
Definition: ms_sal.h:308
Status
Definition: gdiplustypes.h:24
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3454
#define TOKEN_DUPLICATE
Definition: setypes.h:891
#define TOKEN_READ
Definition: setypes.h:916
#define GetCurrentProcess()
Definition: compat.h:618
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
static HANDLE GetTokenFromCurrentProcess(VOID)
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
#define ok(value,...)
Definition: atltest.h:57
#define NULL
Definition: types.h:112
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
#define skip(...)
Definition: atltest.h:64
#define STATUS_SUCCESS
Definition: shellext.h:65
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:895