d9/d72/NtCompareTokens_8c_source.html

/*

 * PROJECT:         ReactOS API tests

 * LICENSE:         GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)

 * PURPOSE:         Tests for the NtCompareTokens API

 * COPYRIGHT:       Copyright 2021 George Bișoc <george.bisoc@reactos.org>

 */


#include "precomp.h"


static

HANDLE

GetTokenFromCurrentProcess(VOID)

{

    BOOL Success;

    HANDLE Token;


    Success = OpenProcessToken(GetCurrentProcess(),

                               TOKEN_READ | TOKEN_ADJUST_PRIVILEGES | TOKEN_DUPLICATE,

                               &Token);

    if (!Success)

    {

        skip("OpenProcessToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());

        return NULL;

    }


    return Token;

}


static

HANDLE

GetDuplicateToken(_In_ HANDLE Token)

{

    BOOL Success;

    HANDLE ReturnedToken;


    Success = DuplicateToken(Token, SecurityIdentification, &ReturnedToken);

    if (!Success)

    {

        skip("DuplicateToken() has failed to get the process' token (error code: %lu)!\n", GetLastError());

        return NULL;

    }


    return ReturnedToken;

}


static

VOID

DisableTokenPrivileges(_In_ HANDLE Token)

{

    BOOL Success;


    Success = AdjustTokenPrivileges(Token, TRUE, NULL, 0, NULL, NULL);

    if (!Success)

    {

        skip("AdjustTokenPrivileges() has failed to disable the privileges (error code: %lu)!\n", GetLastError());

        return;

    }

}


START_TEST(NtCompareTokens)

{

    NTSTATUS Status;

    HANDLE ProcessToken = NULL;

    HANDLE DuplicatedToken = NULL;

    BOOLEAN IsEqual = FALSE;


    /* Obtain some tokens from current process */

    ProcessToken = GetTokenFromCurrentProcess();

    DuplicatedToken = GetDuplicateToken(ProcessToken);


    /*

     * Give invalid token handles and don't output

     * the returned value in the last parameter.

     */

    Status = NtCompareTokens(NULL, NULL, NULL);

    ok_hex(Status, STATUS_ACCESS_VIOLATION);


    /*

     * Token handles are valid but don't output

     * the returned value.

     */

    Status = NtCompareTokens(ProcessToken, ProcessToken, NULL);

    ok_hex(Status, STATUS_ACCESS_VIOLATION);


    /* The tokens are the same */

    Status = NtCompareTokens(ProcessToken, ProcessToken, &IsEqual);

    ok_hex(Status, STATUS_SUCCESS);

    ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);


    /* A token is duplicated with equal SIDs and privileges */

    Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);

    ok_hex(Status, STATUS_SUCCESS);

    ok(IsEqual == TRUE, "Equal tokens expected but they aren't (current value: %u)!\n", IsEqual);


    /* Disable all the privileges for token. */

    DisableTokenPrivileges(ProcessToken);


    /*

     * The main token has privileges disabled but the

     * duplicated one has them enabled still.

     */

    Status = NtCompareTokens(ProcessToken, DuplicatedToken, &IsEqual);

    ok_hex(Status, STATUS_SUCCESS);

    ok(IsEqual == FALSE, "Tokens mustn't be equal (current value: %u)!\n", IsEqual);


    /* We finished our tests, close the tokens */

    CloseHandle(ProcessToken);

    CloseHandle(DuplicatedToken);

}

DisableTokenPrivileges
static VOID DisableTokenPrivileges(_In_ HANDLE Token)
Definition: NtCompareTokens.c:48

GetDuplicateToken
static HANDLE GetDuplicateToken(_In_ HANDLE Token)
Definition: NtCompareTokens.c:31

GetTokenFromCurrentProcess
static HANDLE GetTokenFromCurrentProcess(VOID)
Definition: NtCompareTokens.c:12

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

ok_hex
#define ok_hex(expression, result)
Definition: atltest.h:94

ok
#define ok(value,...)
Definition: atltest.h:57

skip
#define skip(...)
Definition: atltest.h:64

START_TEST
#define START_TEST(x)
Definition: atltest.h:75

NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26

Token
Definition: tokenizer.hpp:28

NULL
#define NULL
Definition: types.h:112

TRUE
#define TRUE
Definition: types.h:120

FALSE
#define FALSE
Definition: types.h:117

AdjustTokenPrivileges
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
Definition: security.c:376

OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296

DuplicateToken
BOOL WINAPI DuplicateToken(IN HANDLE ExistingTokenHandle, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, OUT PHANDLE DuplicateTokenHandle)
Definition: security.c:3662

CloseHandle
#define CloseHandle
Definition: compat.h:739

GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759

Success
@ Success
Definition: eventcreate.c:712

IsEqual
@ IsEqual
Definition: fatprocs.h:1886

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

Status
Status
Definition: gdiplustypes.h:25

void
Definition: nsiface.idl:2307

SecurityIdentification
@ SecurityIdentification
Definition: lsa.idl:56

_In_
#define _In_
Definition: ms_sal.h:308

NtCompareTokens
NTSTATUS NTAPI NtCompareTokens(_In_ HANDLE FirstTokenHandle, _In_ HANDLE SecondTokenHandle, _Out_ PBOOLEAN Equal)
Compares tokens if they're equal or not.
Definition: token.c:2310

STATUS_ACCESS_VIOLATION
#define STATUS_ACCESS_VIOLATION
Definition: ntstatus.h:242

STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65

precomp.h

GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1040

TOKEN_DUPLICATE
#define TOKEN_DUPLICATE
Definition: setypes.h:922

TOKEN_ADJUST_PRIVILEGES
#define TOKEN_ADJUST_PRIVILEGES
Definition: setypes.h:926

TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:947