Beispiel #1
0
 public void AccessCheckByTypeAndAuditAlarmTest()
 {
     using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, siNoSacl))
         using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
         {
             var         gm         = GENERIC_MAPPING.GenericFileMapping;
             ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
             MapGenericMask(ref accessMask, gm);
             var otl = new[] { new OBJECT_TYPE_LIST(ObjectTypeListLevel.ACCESS_OBJECT_GUID) };
             Assert.That(AccessCheckByTypeAndAuditAlarm(subSys, default, objType, null, pSD, pCurSid, accessMask, AUDIT_EVENT_TYPE.AuditEventObjectAccess,
Beispiel #2
0
 public void AccessCheckAndAuditAlarmTest()
 {
     using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, AdvApi32Tests.AllSI))
     {
         var         gm         = GENERIC_MAPPING.GenericFileMapping;
         ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
         MapGenericMask(ref accessMask, gm);
         Assert.That(AccessCheckAndAuditAlarm(subSys, IntPtr.Zero, objType, null, pSD, accessMask, gm, false, out var access, out var status, out var gen), ResultIs.FailureCode(Win32Error.ERROR_NO_IMPERSONATION_TOKEN));
         //Assert.That(access, Is.EqualTo((uint)FileAccess.FILE_GENERIC_READ));
         //Assert.That(status, Is.True);
     }
 }
Beispiel #3
0
 public void AccessCheckByTypeResultListTest()
 {
     using (var pSD = AdvApi32Tests.GetSD(AdvApi32Tests.fn, SECURITY_INFORMATION.DACL_SECURITY_INFORMATION | SECURITY_INFORMATION.OWNER_SECURITY_INFORMATION | SECURITY_INFORMATION.GROUP_SECURITY_INFORMATION))
         using (var hTok = SafeHTOKEN.FromProcess(GetCurrentProcess(), TokenAccess.TOKEN_IMPERSONATE | TokenAccess.TOKEN_DUPLICATE | TokenAccess.TOKEN_READ).Duplicate(SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation))
         {
             var         ps         = PRIVILEGE_SET.InitializeWithCapacity(100);
             var         psSz       = ps.SizeInBytes;
             var         gm         = GENERIC_MAPPING.GenericFileMapping;
             ACCESS_MASK accessMask = ACCESS_MASK.GENERIC_READ;
             MapGenericMask(ref accessMask, gm);
             var otl    = new[] { new OBJECT_TYPE_LIST(ObjectTypeListLevel.ACCESS_OBJECT_GUID) };
             var access = new uint[otl.Length];
             var status = new uint[otl.Length];
             Assert.That(AccessCheckByTypeResultList(pSD, default, hTok, accessMask, otl, (uint)otl.Length, gm, ps, ref psSz, access, status), ResultIs.Successful);
Beispiel #4
0
        public void AuthzAccessCheckAndCachedTest()
        {
            using SafeAUTHZ_RESOURCE_MANAGER_HANDLE hRM = GetAuthzInitializeResourceManager();
            using SafeAUTHZ_CLIENT_CONTEXT_HANDLE hCtx  = GetCurrentUserAuthContext(hRM);
            using SafeAUTHZ_AUDIT_EVENT_HANDLE hEvt     = GetAuthzInitializeObjectAccessAuditEvent();
            using SafePSECURITY_DESCRIPTOR psd          = AdvApi32Tests.GetSD(TestCaseSources.SmallFile);
            using AUTHZ_ACCESS_REPLY reply = new(1);
            AUTHZ_ACCESS_REQUEST req = new(ACCESS_MASK.MAXIMUM_ALLOWED);

            Assert.That(AuthzAccessCheck(AuthzAccessCheckFlags.NONE, hCtx, req, hEvt, psd, null, 0, reply, out SafeAUTHZ_ACCESS_CHECK_RESULTS_HANDLE hRes), ResultIs.Successful);
            Assert.That(reply.GrantedAccessMask, Is.Not.EqualTo(IntPtr.Zero));
            TestContext.WriteLine($"Access:{string.Join(",", reply.GrantedAccessMaskValues.Select(u => ((FileAccess)u).ToString()))}");

            Assert.That(AuthzCachedAccessCheck(0, hRes, req, default, reply), Is.True);
Beispiel #5
0
        public void AuthzAccessCheckAndCachedTest()
        {
            using (var hRM = GetAuthzInitializeResourceManager())
                using (var hCtx = GetCurrentUserAuthContext(hRM))
                    using (var hEvt = GetAuthzInitializeObjectAccessAuditEvent())
                        using (var psd = AdvApi32Tests.GetSD(@"C:\Temp\help.ico"))
                            using (var reply = new AUTHZ_ACCESS_REPLY(1))
                            {
                                var req = new AUTHZ_ACCESS_REQUEST((uint)ACCESS_MASK.MAXIMUM_ALLOWED);
                                var b   = AuthzAccessCheck(AuthzAccessCheckFlags.NONE, hCtx, req, hEvt, psd, null, 0, reply, out var hRes);
                                if (!b)
                                {
                                    TestContext.WriteLine($"AuthzAccessCheck:{Win32Error.GetLastError()}");
                                }
                                Assert.That(b);
                                Assert.That(reply.GrantedAccessMask, Is.Not.EqualTo(IntPtr.Zero));
                                TestContext.WriteLine($"Access:{string.Join(",", reply.GrantedAccessMaskValues.Select(u => ((FileAccess)u).ToString()))}");

                                Assert.That(AuthzCachedAccessCheck(0, hRes, req, default, reply), Is.True);
Beispiel #6
0
 static AclApiTests()
 {
     using (new ElevPriv("SeSecurityPrivilege"))
         pSd = AdvApi32Tests.GetSD(AdvApi32Tests.fn, SecInfoAll);
 }