public void AccessCheckByTypeAndAuditAlarmTest()
{
using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, siNoSacl))
using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
{
var gm = GENERIC_MAPPING.GenericFileMapping;
ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
MapGenericMask(ref accessMask, gm);
var otl = new[] { new OBJECT_TYPE_LIST(ObjectTypeListLevel.ACCESS_OBJECT_GUID) };
Assert.That(AccessCheckByTypeAndAuditAlarm(subSys, default, objType, null, pSD, pCurSid, accessMask, AUDIT_EVENT_TYPE.AuditEventObjectAccess,
public void AccessCheckAndAuditAlarmTest()
{
using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, AdvApi32Tests.AllSI))
{
var gm = GENERIC_MAPPING.GenericFileMapping;
ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
MapGenericMask(ref accessMask, gm);
Assert.That(AccessCheckAndAuditAlarm(subSys, IntPtr.Zero, objType, null, pSD, accessMask, gm, false, out var access, out var status, out var gen), ResultIs.FailureCode(Win32Error.ERROR_NO_IMPERSONATION_TOKEN));
//Assert.That(access, Is.EqualTo((uint)FileAccess.FILE_GENERIC_READ));
//Assert.That(status, Is.True);
}
}
public void AccessCheckByTypeResultListTest()
{
using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
{
var ps = PRIVILEGE_SET.InitializeWithCapacity(100);
var psSz = ps.SizeInBytes;
var gm = GENERIC_MAPPING.GenericFileMapping;
ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
MapGenericMask(ref accessMask, gm);
var otl = new[] { new OBJECT_TYPE_LIST(ObjectTypeListLevel.ACCESS_OBJECT_GUID) };
var access = new uint[otl.Length];
var status = new uint[otl.Length];
Assert.That(AccessCheckByTypeResultList(pSD, default, hTok, accessMask, otl, (uint)otl.Length, gm, ps, ref psSz, access, status), ResultIs.Successful);
public void AuthzAccessCheckAndCachedTest()
{
using SafeAUTHZ_RESOURCE_MANAGER_HANDLE hRM = GetAuthzInitializeResourceManager();
using SafeAUTHZ_CLIENT_CONTEXT_HANDLE hCtx = GetCurrentUserAuthContext(hRM);
using SafeAUTHZ_AUDIT_EVENT_HANDLE hEvt = GetAuthzInitializeObjectAccessAuditEvent();
using SafePSECURITY_DESCRIPTOR psd = AdvApi32Tests.GetSD(TestCaseSources.SmallFile);
using AUTHZ_ACCESS_REPLY reply = new(1);
AUTHZ_ACCESS_REQUEST req = new(ACCESS_MASK.MAXIMUM_ALLOWED);
Assert.That(AuthzAccessCheck(AuthzAccessCheckFlags.NONE, hCtx, req, hEvt, psd, null, 0, reply, out SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE hRes), ResultIs.Successful);
Assert.That(reply.GrantedAccessMask, Is.Not.EqualTo(IntPtr.Zero));
TestContext.WriteLine($"Access:{string.Join(",", reply.GrantedAccessMaskValues.Select(u => ((FileAccess)u).ToString()))}");
Assert.That(AuthzCachedAccessCheck(0, hRes, req, default, reply), Is.True);
public void AuthzAccessCheckAndCachedTest()
{
using (var hRM = GetAuthzInitializeResourceManager())
using (var hCtx = GetCurrentUserAuthContext(hRM))
using (var hEvt = GetAuthzInitializeObjectAccessAuditEvent())
using (var psd = AdvApi32Tests.GetSD(@"C:\Temp\help.ico"))
using (var reply = new AUTHZ_ACCESS_REPLY(1))
{
var req = new AUTHZ_ACCESS_REQUEST((uint)ACCESS_MASK.MAXIMUM_ALLOWED);
var b = AuthzAccessCheck(AuthzAccessCheckFlags.NONE, hCtx, req, hEvt, psd, null, 0, reply, out var hRes);
if (!b)
{
TestContext.WriteLine($"AuthzAccessCheck:{Win32Error.GetLastError()}");
}
Assert.That(b);
Assert.That(reply.GrantedAccessMask, Is.Not.EqualTo(IntPtr.Zero));
TestContext.WriteLine($"Access:{string.Join(",", reply.GrantedAccessMaskValues.Select(u => ((FileAccess)u).ToString()))}");
Assert.That(AuthzCachedAccessCheck(0, hRes, req, default, reply), Is.True);
static AclApiTests()
{
using (new ElevPriv("SeSecurityPrivilege"))
pSd = AdvApi32Tests.GetSD(AdvApi32Tests.fn, SecInfoAll);
}