d9/d72/NtCompareTokens_8c_source.html

 /*
  * PROJECT:         ReactOS API tests
  * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
  * PURPOSE:         Tests for the NtCompareTokens API
  * COPYRIGHT:       Copyright 2021 George Bișoc <george.bisoc@reactos.org>
  */

 #include "precomp.h"

 static
 HANDLE
 GetTokenFromCurrentProcess(VOID)
 {
     BOOL Success;
     HANDLE Token;

     Success = OpenProcessToken(GetCurrentProcess(),
                                TOKEN_READ | TOKEN_ADJUST_PRIVILEGES | TOKEN_DUPLICATE,
                                &Token);
     if (!Success)
     {
         skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
         return NULL;
     }

     return Token;
 }

 static
 HANDLE
 GetDuplicateToken(_In_ HANDLE Token)
 {
     BOOL Success;
     HANDLE ReturnedToken;

     Success = DuplicateToken(Token, SecurityIdentification, &ReturnedToken);
     if (!Success)
     {
         skip("DuplicateToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());
         return NULL;
     }

     return ReturnedToken;
 }

 static
 VOID
 DisableTokenPrivileges(_In_ HANDLE Token)
 {
     BOOL Success;

     Success = AdjustTokenPrivileges(Token, TRUE, NULL, 0, NULL, NULL);
     if (!Success)
     {
         skip("AdjustTokenPrivileges() has failed to disable the privileges (error code: %lu)!\n", GetLastError());
         return;
     }
 }

 START_TEST(NtCompareTokens)
 {
     NTSTATUS Status;
     HANDLE ProcessToken = NULL;
     HANDLE DuplicatedToken = NULL;
     BOOLEAN IsEqual = FALSE;

     /* Obtain some tokens from current process */
     ProcessToken = GetTokenFromCurrentProcess();
     DuplicatedToken = GetDuplicateToken(ProcessToken);

     /*
      * Give invalid token handles and don't output
      * the returned value in the last parameter.
      */
     Status = NtCompareTokens(NULL, NULL, NULL);
     ok_hex(Status, STATUS_ACCESS_VIOLATION);

     /*
      * Token handles are valid but don't output
      * the returned value.
      */
     Status = NtCompareTokens(ProcessToken, ProcessToken, NULL);
     ok_hex(Status, STATUS_ACCESS_VIOLATION);

     /* The tokens are the same */
     Status = NtCompareTokens(ProcessToken, ProcessToken, &IsEqual);
     ok_hex(Status, STATUS_SUCCESS);
     ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);

     /* A token is duplicated with equal SIDs and privileges */
     Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
     ok_hex(Status, STATUS_SUCCESS);
     ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);

     /* Disable all the privileges for token. */
     DisableTokenPrivileges(ProcessToken);

     /*
      * The main token has privileges disabled but the
      * duplicated one has them enabled still.
      */
     Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);
     ok_hex(Status, STATUS_SUCCESS);
     ok(IsEqual == FALSE, "Tokens mustn't be equal (current value: %u)!\n", IsEqual);

     /* We finished our tests, close the tokens */
     CloseHandle(ProcessToken);
     CloseHandle(DuplicatedToken);
 }
DisableTokenPrivileges
static VOID DisableTokenPrivileges(_In_ HANDLE Token)
Definition: NtCompareTokens.c:48

CloseHandle
#define CloseHandle
Definition: compat.h:598

TRUE
#define TRUE
Definition: types.h:120

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Token
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE Token
Definition: ntifs.template.h:711

NtCompareTokens
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:5293

GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040

START_TEST
START_TEST(NtCompareTokens)
Definition: NtCompareTokens.c:60

ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94

GetDuplicateToken
static HANDLE GetDuplicateToken(_In_ HANDLE Token)
Definition: NtCompareTokens.c:31

precomp.h

SecurityIdentification
Definition: lsa.idl:56

FALSE
#define FALSE
Definition: types.h:117

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

_In_
#define _In_
Definition: ms_sal.h:308

Status
Status
Definition: gdiplustypes.h:24

DuplicateToken
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3454

Success
Definition: eventcreate.c:712

TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:891

TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:916

GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:618

AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376

GetTokenFromCurrentProcess
static HANDLE GetTokenFromCurrentProcess(VOID)
Definition: NtCompareTokens.c:12

STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242

ok
#define ok(value,...)
Definition: atltest.h:57

NULL
#define NULL
Definition: types.h:112

OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296

skip
#define skip(...)
Definition: atltest.h:64

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

void
Definition: nsiface.idl:2306

IsEqual
Definition: fatprocs.h:1886

TOKEN_ADJUST_PRIVILEGES
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:895