ReactOS  0.4.15-dev-2703-g05fb0f1
NtCompareTokens.c
Go to the documentation of this file.
1 /*
2  * PROJECT: ReactOS API tests
3  * LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
4  * PURPOSE: Tests for the NtCompareTokens API
5  * COPYRIGHT: Copyright 2021 George BiČ™oc <george.bisoc@reactos.org>
6  */
7 
8 #include "precomp.h"
9 
10 static
11 HANDLE
12 GetTokenFromCurrentProcess(VOID)
13 {
14  BOOL Success;
15  HANDLE Token;
16 
17  Success = OpenProcessToken(GetCurrentProcess(),
18  TOKEN_READ | TOKEN_ADJUST_PRIVILEGES | TOKEN_DUPLICATE,
19  &Token);
20  if (!Success)
21  {
22  skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
23  return NULL;
24  }
25 
26  return Token;
27 }
28 
29 static
30 HANDLE
31 GetDuplicateToken(_In_ HANDLE Token)
32 {
33  BOOL Success;
34  HANDLE ReturnedToken;
35 
36  Success = DuplicateToken(Token, SecurityIdentification, &ReturnedToken);
37  if (!Success)
38  {
39  skip("DuplicateToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
40  return NULL;
41  }
42 
43  return ReturnedToken;
44 }
45 
46 static
47 VOID
48 DisableTokenPrivileges(_In_ HANDLE Token)
49 {
50  BOOL Success;
51 
52  Success = AdjustTokenPrivileges(Token, TRUE, NULL, 0, NULL, NULL);
53  if (!Success)
54  {
55  skip("AdjustTokenPrivileges() has failed to disable the privileges (error code: %lu)!\n", GetLastError());
56  return;
57  }
58 }
59 
60 START_TEST(NtCompareTokens)
61 {
62  NTSTATUS Status;
63  HANDLE ProcessToken = NULL;
64  HANDLE DuplicatedToken = NULL;
65  BOOLEAN IsEqual = FALSE;
66 
67  /* Obtain some tokens from current process */
68  ProcessToken = GetTokenFromCurrentProcess();
69  DuplicatedToken = GetDuplicateToken(ProcessToken);
70 
71  /*
72  * Give invalid token handles and don't output
73  * the returned value in the last parameter.
74  */
75  Status = NtCompareTokens(NULL, NULL, NULL);
76  ok_hex(Status, STATUS_ACCESS_VIOLATION);
77 
78  /*
79  * Token handles are valid but don't output
80  * the returned value.
81  */
82  Status = NtCompareTokens(ProcessToken, ProcessToken, NULL);
83  ok_hex(Status, STATUS_ACCESS_VIOLATION);
84 
85  /* The tokens are the same */
86  Status = NtCompareTokens(ProcessToken, ProcessToken, &IsEqual);
87  ok_hex(Status, STATUS_SUCCESS);
88  ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);
89 
90  /* A token is duplicated with equal SIDs and privileges */
91  Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
92  ok_hex(Status, STATUS_SUCCESS);
93  ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);
94 
95  /* Disable all the privileges for token. */
96  DisableTokenPrivileges(ProcessToken);
97 
98  /*
99  * The main token has privileges disabled but the
100  * duplicated one has them enabled still.
101  */
102  Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
103  ok_hex(Status, STATUS_SUCCESS);
104  ok(IsEqual == FALSE, "Tokens mustn't be equal (current value: %u)!\n", IsEqual);
105 
106  /* We finished our tests, close the tokens */
107  CloseHandle(ProcessToken);
108  CloseHandle(DuplicatedToken);
109 }
DisableTokenPrivileges
static VOID DisableTokenPrivileges(_In_ HANDLE Token)
Definition: NtCompareTokens.c:48
CloseHandle
#define CloseHandle
Definition: compat.h:598
TRUE
#define TRUE
Definition: types.h:120
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711
NtCompareTokens
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:4421
GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040
START_TEST
START_TEST(NtCompareTokens)
Definition: NtCompareTokens.c:60
ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94
GetDuplicateToken
static HANDLE GetDuplicateToken(_In_ HANDLE Token)
Definition: NtCompareTokens.c:31
FALSE
#define FALSE
Definition: types.h:117
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
Status
Status
Definition: gdiplustypes.h:24
DuplicateToken
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3454
TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:872
TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:897
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:618
AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376
_In_
#define _In_
Definition: no_sal2.h:158
GetTokenFromCurrentProcess
static HANDLE GetTokenFromCurrentProcess(VOID)
Definition: NtCompareTokens.c:12
STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242
ok
#define ok(value,...)
Definition: atltest.h:57
NULL
#define NULL
Definition: types.h:112
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
skip
#define skip(...)
Definition: atltest.h:64
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
TOKEN_ADJUST_PRIVILEGES
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:876