![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to check_sd.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [WindowsNT SDKs] / q_a / samples / check_sd|
Return to check_sd.c CVS log | Up to [WindowsNT SDKs] / q_a / samples / check_sd |
1.1 ! root 1: ! 2: /******************************************************************************\ ! 3: * This is a part of the Microsoft Source Code Samples. ! 4: * Copyright (C) 1993 Microsoft Corporation. ! 5: * All rights reserved. ! 6: * This source code is only intended as a supplement to ! 7: * Microsoft Development Tools and/or WinHelp documentation. ! 8: * See these sources for detailed information regarding the ! 9: * Microsoft samples programs. ! 10: \******************************************************************************/ ! 11: ! 12: /****************************************************************************\ ! 13: * ! 14: * MODULE: check_sd.c ! 15: * ! 16: * In the Win32 .hlp file, if you click on Search, goto "Security ! 17: * Overview", then choose from the list of topics under ! 18: * Security Overview the sub-topic "Allowing Access", you'll ! 19: * find the comment ! 20: * ! 21: * Note: It is fine to write code like this that builds ! 22: * security descriptors from scratch. It is, however, a good ! 23: * practice for people who write code that builds or ! 24: * manipulates security descriptors to first write code that ! 25: * explores the default security descriptors that Windows NT ! 26: * places on objects. For example, if Windows NT by default ! 27: * includes in a DACL an ACE granting the Local Logon SID ! 28: * certain access, it's good to know that, so that a decision ! 29: * not to grant any access to the Local Logon SID would be a ! 30: * conscious decision ! 31: * ! 32: * PURPOSE: The comment in the .hlp file is accurate, however, for many ! 33: * people this task of examining the SD is easier if there is ! 34: * sample code to start from. So, the purpose of this sample ! 35: * is to assist people by providing sample code people can ! 36: * start from as they examine SD(s). This sample as is ! 37: * examines the SD on files, and this code can be modified to ! 38: * examine the SD on other objects ! 39: * ! 40: * This sample is not a supported utility ! 41: * ! 42: * TO RUN: Type Check_sd to check the SD on the \\.\A: device ! 43: * ! 44: * Type Check_sd d:\a.fil to check the SD on the d:\a.fil file. ! 45: * In this case d: must be formatted NTFS, because only NTFS ! 46: * files have SD(s) ! 47: * ! 48: \****************************************************************************/ ! 49: ! 50: /****************************************************************************\ ! 51: * INCLUDES, DEFINES ! 52: \****************************************************************************/ ! 53: #define STRICT ! 54: #include <windows.h> ! 55: #include <stdlib.h> ! 56: #include <stdio.h> ! 57: ! 58: #define PERR(api) printf("\n%s: Error %d from %s on line %d", \ ! 59: __FILE__, GetLastError(), api, __LINE__); ! 60: #define PMSG(msg) printf("\n%s line %d: %s", \ ! 61: __FILE__, __LINE__, msg); ! 62: ! 63: /****************************************************************************\ ! 64: * GLOBAL VARIABLES AND TYPEDEFS ! 65: \****************************************************************************/ ! 66: ! 67: typedef enum _KINDS_OF_ACCESSMASKS_DECODED { ! 68: FileAccessMask, ! 69: ProcessAccessMask, ! 70: WindowStationAccessMask, ! 71: RegKeyAccessMask, ! 72: ServiceAccessMask, ! 73: DefaultDaclInAccessTokenAccessMask ! 74: } KINDS_OF_ACCESSMASKS_DECODED, * PKINDS_OF_ACCESSMASKS_DECODED; ! 75: ! 76: // These hold the well-known SIDs ! 77: ! 78: PSID psidNullSid; ! 79: PSID psidWorldSid; ! 80: PSID psidLocalSid; ! 81: PSID psidCreatorOwnerSid; ! 82: PSID psidCreatorGroupSid; ! 83: PSID psidNtAuthoritySid; ! 84: PSID psidDialupSid; ! 85: PSID psidNetworkSid; ! 86: PSID psidBatchSid; ! 87: PSID psidInteractiveSid; ! 88: PSID psidLogonIdsSid; // But the X and Y values are bogus at first!!! (See below) ! 89: PSID psidServiceSid; ! 90: PSID psidLocalSystemSid; ! 91: PSID psidBuiltinDomainSid; ! 92: ! 93: /****************************************************************************\ ! 94: * FUNCTION PROTOTYPES ! 95: \****************************************************************************/ ! 96: ! 97: VOID ExamineAccessToken(HANDLE hAccessToken); ! 98: BOOL ExamineSD (PSECURITY_DESCRIPTOR psdSD, ! 99: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask); ! 100: BOOL ExamineACL (PACL paclACL, LPTSTR lpszOldIndent, ! 101: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask); ! 102: VOID ExamineMask (ACCESS_MASK amMask, LPTSTR lpszOldIndent, ! 103: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask); ! 104: BOOL LookupSIDName(PSID psidSID, LPTSTR lpszOldIndent); ! 105: BOOL SIDStringName(PSID psidSID, LPTSTR lpszSIDStringName); ! 106: BOOL SetPrivilegeInAccessToken(VOID); ! 107: VOID InitializeWellKnownSIDs(VOID); ! 108: VOID DisplayHelp(VOID); ! 109: ! 110: UINT main(UINT argc, char *argv[]) ! 111: { ! 112: ! 113: HANDLE hProcess; ! 114: HANDLE hAccessToken; ! 115: #define DEFAULT_FILE_TO_CHECK "\\\\.\\A:" ! 116: #define SZ_NAME_BUF MAX_PATH ! 117: UCHAR ucPathBuf[SZ_NAME_BUF]; ! 118: LPTSTR lpszFullName = (LPTSTR)&ucPathBuf; ! 119: #define SZ_SD_BUF 8096 ! 120: UCHAR ucBuf [SZ_SD_BUF] = ""; ! 121: DWORD dwSDLength = SZ_SD_BUF; ! 122: DWORD dwSDLengthNeeded; ! 123: PSECURITY_DESCRIPTOR psdSD = (PSECURITY_DESCRIPTOR)&ucBuf; ! 124: DWORD dwErrorMode; ! 125: ! 126: /**************************************************************************\ ! 127: * ! 128: * This sample is not inside a Win32 service, however if this code were to be ! 129: * moved inside a Win32 service, the following defines and code that ! 130: * redirects stdout will be handy, because services cannot write to the ! 131: * screen ! 132: * ! 133: * You may wish to choose a different file name for the output file if you ! 134: * use this mechanism - note that the "w+" will destroy an existing file! ! 135: * ! 136: \**************************************************************************/ ! 137: ! 138: #define WE_ARE_IN_A_SERVICE_SO_REDIRECT_STDOUT (0==1) ! 139: #define FILE_TO_REDIRECT_STDOUT_TO "c:\\check_sd.out" ! 140: ! 141: if (WE_ARE_IN_A_SERVICE_SO_REDIRECT_STDOUT) ! 142: { freopen(FILE_TO_REDIRECT_STDOUT_TO,"w+",stdout); ! 143: } ! 144: ! 145: ! 146: if (1 == argc) ! 147: { strcpy(lpszFullName,DEFAULT_FILE_TO_CHECK); ! 148: } ! 149: else if (2 == argc) ! 150: { strcpy(lpszFullName,argv[1]); ! 151: } ! 152: else ! 153: { DisplayHelp(); ! 154: return(0); ! 155: } ! 156: ! 157: /**************************************************************************\ ! 158: * ! 159: * Set up the well-known SID(s) in global variables, and enable the privilege ! 160: * needed in the access token to work with SACL(s) ! 161: * ! 162: \**************************************************************************/ ! 163: ! 164: InitializeWellKnownSIDs(); ! 165: ! 166: if (!SetPrivilegeInAccessToken()) ! 167: { return(1); ! 168: } ! 169: ! 170: /**************************************************************************\ ! 171: * ! 172: * This sample's primary purpose is to explore Security Descriptors. ! 173: * However, it is all too easy to over-focus on SD(s), while losing isght ! 174: * of the importance of Access Tokens. So, we will now digress briefly to ! 175: * examine the access token of the current process ! 176: * ! 177: \**************************************************************************/ ! 178: ! 179: hProcess = GetCurrentProcess(); ! 180: if (!hProcess) ! 181: { PERR("GetCurrentProcess"); ! 182: return(1); ! 183: } ! 184: ! 185: if (!OpenProcessToken(hProcess, ! 186: (TOKEN_READ | TOKEN_QUERY_SOURCE), ! 187: &hAccessToken)) ! 188: { PERR("OpenProcessToken"); ! 189: return(1); ! 190: } ! 191: ! 192: ExamineAccessToken(hAccessToken); ! 193: ! 194: /**************************************************************************\ ! 195: * ! 196: * Back to examining SD(s) ! 197: * ! 198: \**************************************************************************/ ! 199: ! 200: printf("\nChecking SD on %s",lpszFullName); ! 201: ! 202: /**************************************************************************\ ! 203: * ! 204: * SetErrorMode so we don't get the error due to no floppy disk in the floppy ! 205: * drive ! 206: * ! 207: \**************************************************************************/ ! 208: ! 209: dwErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS); ! 210: ! 211: if (!GetFileSecurity ! 212: (lpszFullName, ! 213: (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION ! 214: | GROUP_SECURITY_INFORMATION ! 215: | DACL_SECURITY_INFORMATION ! 216: | SACL_SECURITY_INFORMATION), ! 217: psdSD, ! 218: dwSDLength, ! 219: (LPDWORD)&dwSDLengthNeeded)) ! 220: { PERR("GetFileSecurity"); ! 221: return(1); ! 222: } ! 223: ! 224: SetErrorMode(dwErrorMode); ! 225: ! 226: if(!ExamineSD(psdSD,FileAccessMask)) ! 227: { PERR("ExamineSD failed"); ! 228: return(1); ! 229: } ! 230: ! 231: /**************************************************************************\ ! 232: * ! 233: * The above code showed how to examine an SD on a file. There are SDs on ! 234: * other objects that could be examined by the function ExamineSD (and the ! 235: * other functions it calls). The following are one example call each of ! 236: * the other four api's that are used to retrieve the SD from each of the ! 237: * types of Win32 objects that can have an SD ! 238: * ! 239: * These calls will execute properly without any work on your part, however, ! 240: * some work on your part will be required to get the sample calls below to ! 241: * show the SD for the objects your program uses! You would need to make ! 242: * copy of this sample in a new directory, and write the code to get a ! 243: * handle to the object you're interested in, so you can pass that handle ! 244: * to the applicable api call below ! 245: * ! 246: * To insert the SD checking code into your own code you would do ! 247: * something like ! 248: * ! 249: * 1) Add the global variables above in your globals ! 250: * ! 251: * 2) Add the function prototypes above in your globals ! 252: * ! 253: * 3) Add the includes and PERR/PMSG macroes above to your code ! 254: * ! 255: * 4) Add all the functions defined below (except DisplayHelp and except ! 256: * ExamineAccessToken) to your code ! 257: * ! 258: * 5) Add a call sequence such as that in main() above that gets an ! 259: * SD and passes it to Examine SD. Or add a call sequence such as ! 260: * one of those that follows that gets a handle, gets the SD on the ! 261: * object the handle addresses, then calls ExamineSD ! 262: * ! 263: * 6) If you are examining a type SD not already listed in ! 264: * KINDS_OF_ACCESSMASKS_DECODED, then you will have to add the new type to ! 265: * KINDS_OF_ACCESSMASKS_DECODED, and add to ExamineMask() the necessary ! 266: * code to crack that type of SD's access mask bits into the defines ! 267: * ! 268: \**************************************************************************/ ! 269: ! 270: #define I_DO_NOT_WANT_THIS_CODE_TO_CLUTTER_THIS_PROGRAM_S_OUTPUT (0==0) ! 271: ! 272: if (!I_DO_NOT_WANT_THIS_CODE_TO_CLUTTER_THIS_PROGRAM_S_OUTPUT) ! 273: { HANDLE hProcess; ! 274: HANDLE hWindowStation; ! 275: HKEY hKey; ! 276: SC_HANDLE schService; ! 277: SC_HANDLE schSCManager; ! 278: SECURITY_INFORMATION siSInfo = ! 279: (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION ! 280: | GROUP_SECURITY_INFORMATION ! 281: | DACL_SECURITY_INFORMATION ! 282: | SACL_SECURITY_INFORMATION); ! 283: ! 284: printf("\n\nChecking SD on current process"); ! 285: ! 286: hProcess = GetCurrentProcess(); ! 287: if (!hProcess) ! 288: { PERR("GetCurrentProcess"); ! 289: return(1); ! 290: } ! 291: ! 292: dwSDLength = SZ_SD_BUF; ! 293: ! 294: if (!GetKernelObjectSecurity ! 295: (hProcess, ! 296: (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION ! 297: | GROUP_SECURITY_INFORMATION ! 298: | DACL_SECURITY_INFORMATION), ! 299: psdSD, ! 300: dwSDLength, ! 301: (LPDWORD)&dwSDLengthNeeded)) ! 302: { PERR("GetKernelObjectSecurity"); ! 303: return(1); ! 304: } ! 305: ! 306: /************************************************************************\ ! 307: * ! 308: * It is important to close all handles as soon as your code no longer ! 309: * needs them. This conserves system resources. In a sample such as ! 310: * this one, the practical effect is close to nil, since as soon as the ! 311: * sample exits (which only takes a few seconds, Windows NT destroys the ! 312: * process this sample was running in, which reclaims all resources ! 313: * ! 314: * However, in a program that creates many objects (such as threads), or ! 315: * where that program will be running for a long time, closing handles as ! 316: * soon as the program no longer needs them can save significant ! 317: * resources ! 318: * ! 319: * It is a good coding practice to make a habit of closing handles as soon ! 320: * as your code no longer needs the handle ! 321: * ! 322: \************************************************************************/ ! 323: ! 324: CloseHandle(hProcess); ! 325: ! 326: if(!ExamineSD(psdSD,ProcessAccessMask)) ! 327: { PERR("ExamineSD failed"); ! 328: return(1); ! 329: } ! 330: ! 331: ! 332: printf("\n\nChecking SD on current Window-station"); ! 333: ! 334: hWindowStation = GetProcessWindowStation(); ! 335: if (INVALID_HANDLE_VALUE == hWindowStation) ! 336: { PERR("GetProcessWindowStation"); ! 337: return(1); ! 338: } ! 339: ! 340: dwSDLength = SZ_SD_BUF; ! 341: ! 342: if (!GetUserObjectSecurity ! 343: (hWindowStation, ! 344: &siSInfo, ! 345: psdSD, ! 346: dwSDLength, ! 347: (LPDWORD)&dwSDLengthNeeded)) ! 348: { PERR("GetUserObjectSecurity"); ! 349: return(1); ! 350: } ! 351: ! 352: CloseHandle(hWindowStation); ! 353: ! 354: if(!ExamineSD(psdSD,WindowStationAccessMask)) ! 355: { PERR("ExamineSD failed"); ! 356: return(1); ! 357: } ! 358: ! 359: ! 360: printf("\n\nChecking SD on registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet"); ! 361: ! 362: if (ERROR_SUCCESS != RegOpenKeyEx(HKEY_LOCAL_MACHINE, ! 363: "SYSTEM\\CurrentControlSet", ! 364: 0, ! 365: KEY_READ, ! 366: &hKey)) ! 367: { PERR("RegOpenKeyEx"); ! 368: return(1); ! 369: } ! 370: ! 371: dwSDLength = SZ_SD_BUF; ! 372: ! 373: if (ERROR_SUCCESS != RegGetKeySecurity ! 374: (hKey, ! 375: (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION ! 376: | GROUP_SECURITY_INFORMATION ! 377: | DACL_SECURITY_INFORMATION), ! 378: psdSD, ! 379: &dwSDLength)) ! 380: { PERR("RegGetKeySecurity"); ! 381: return(1); ! 382: } ! 383: ! 384: RegCloseKey(hKey); ! 385: ! 386: if(!ExamineSD(psdSD,RegKeyAccessMask)) ! 387: { PERR("ExamineSD failed"); ! 388: return(1); ! 389: } ! 390: ! 391: ! 392: /************************************************************************\ ! 393: * ! 394: * Any service will do here, just be sure to pick one that is in the ! 395: * Service Control Manager's database, and use the service name, not the ! 396: * service's display name. For example, ClipSrv is displayed as Clipbook ! 397: * in the Services Control Panel applet ! 398: * ! 399: \************************************************************************/ ! 400: ! 401: printf("\n\nChecking SD on service Clipbook"); ! 402: ! 403: schSCManager = OpenSCManager( ! 404: NULL, // machine (NULL == local) ! 405: NULL, // database (NULL == default) ! 406: SC_MANAGER_ALL_ACCESS // access required ! 407: ); ! 408: ! 409: if (!schSCManager) ! 410: { PERR("OpenSCManager"); ! 411: return(1); ! 412: } ! 413: ! 414: schService = OpenService(schSCManager,"ClipSrv",SERVICE_ALL_ACCESS); ! 415: if (!schService) ! 416: { PERR("OpenService"); ! 417: return(1); ! 418: } ! 419: ! 420: CloseServiceHandle(schSCManager); ! 421: ! 422: dwSDLength = SZ_SD_BUF; ! 423: ! 424: if (!QueryServiceObjectSecurity ! 425: (schService, ! 426: (SECURITY_INFORMATION)( OWNER_SECURITY_INFORMATION ! 427: | GROUP_SECURITY_INFORMATION ! 428: | DACL_SECURITY_INFORMATION), ! 429: psdSD, ! 430: dwSDLength, ! 431: (LPDWORD)&dwSDLengthNeeded)) ! 432: { PERR("QueryServiceObjectSecurity"); ! 433: return(1); ! 434: } ! 435: ! 436: CloseServiceHandle(schService); ! 437: ! 438: if(!ExamineSD(psdSD,ServiceAccessMask)) ! 439: { PERR("ExamineSD failed"); ! 440: return(1); ! 441: } ! 442: } ! 443: ! 444: return(0); ! 445: } ! 446: ! 447: /****************************************************************************\ ! 448: * ! 449: * FUNCTION: ExamineSD ! 450: * ! 451: \****************************************************************************/ ! 452: ! 453: BOOL ExamineSD (PSECURITY_DESCRIPTOR psdSD, ! 454: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask) ! 455: { ! 456: ! 457: PACL paclDACL; ! 458: PACL paclSACL; ! 459: BOOL bHasDACL = FALSE; ! 460: BOOL bHasSACL = FALSE; ! 461: BOOL bDaclDefaulted = FALSE; ! 462: BOOL bSaclDefaulted = FALSE; ! 463: BOOL bOwnerDefaulted = FALSE; ! 464: BOOL bGroupDefaulted = FALSE; ! 465: PSID psidOwner; ! 466: PSID psidGroup; ! 467: SECURITY_DESCRIPTOR_CONTROL sdcSDControl; ! 468: DWORD dwSDRevision; ! 469: DWORD dwSDLength; ! 470: ! 471: if (!IsValidSecurityDescriptor(psdSD)) ! 472: { PERR("IsValidSecurityDescriptor"); ! 473: return(FALSE); ! 474: } ! 475: ! 476: dwSDLength = GetSecurityDescriptorLength(psdSD); ! 477: ! 478: if (!GetSecurityDescriptorDacl(psdSD, ! 479: (LPBOOL)&bHasDACL, ! 480: (PACL *)&paclDACL, ! 481: (LPBOOL)&bDaclDefaulted)) ! 482: { PERR("GetSecurityDescriptorDacl"); ! 483: return(FALSE); ! 484: } ! 485: ! 486: if (!GetSecurityDescriptorSacl(psdSD, ! 487: (LPBOOL)&bHasSACL, ! 488: (PACL *)&paclSACL, ! 489: (LPBOOL)&bSaclDefaulted)) ! 490: { PERR("GetSecurityDescriptorSacl"); ! 491: return(FALSE); ! 492: } ! 493: ! 494: if (!GetSecurityDescriptorOwner(psdSD, ! 495: (PSID *)&psidOwner, ! 496: (LPBOOL)&bOwnerDefaulted)) ! 497: { PERR("GetSecurityDescriptorOwner"); ! 498: return(FALSE); ! 499: } ! 500: ! 501: if (!GetSecurityDescriptorGroup(psdSD, ! 502: (PSID *)&psidGroup, ! 503: (LPBOOL)&bGroupDefaulted)) ! 504: { PERR("GetSecurityDescriptorGroup"); ! 505: return(FALSE); ! 506: } ! 507: ! 508: if (!GetSecurityDescriptorControl(psdSD, ! 509: (PSECURITY_DESCRIPTOR_CONTROL)&sdcSDControl, ! 510: (LPDWORD)&dwSDRevision)) ! 511: { PERR("GetSecurityDescriptorControl"); ! 512: return(FALSE); ! 513: } ! 514: ! 515: printf("\nSD is valid. SD is %d bytes long. SD revision is %d == ",dwSDLength,dwSDRevision); ! 516: ! 517: switch (dwSDRevision) ! 518: { ! 519: case SECURITY_DESCRIPTOR_REVISION1 : ! 520: { printf("SECURITY_DESCRIPTOR_REVISION1"); ! 521: break; ! 522: } ! 523: default : ! 524: { printf("! SD Revision is an IMPOSSIBLE SD revision!!! Perhaps a new revision was added..."); ! 525: return(FALSE); ! 526: } ! 527: } ! 528: ! 529: if (SE_SELF_RELATIVE & sdcSDControl) ! 530: printf("\nSD is in self-relative format (all SDs returned by the system are)"); ! 531: ! 532: if (NULL == psidOwner) ! 533: { printf("\nSD's Owner is NULL, so SE_OWNER_DEFAULTED is ignored"); ! 534: } ! 535: else ! 536: { printf("\nSD's Owner is Not NULL"); ! 537: if (bOwnerDefaulted ) ! 538: { printf("\nSD's Owner-Defaulted flag is TRUE"); ! 539: } ! 540: else ! 541: { printf("\nSD's Owner-Defaulted flag is FALSE"); ! 542: } ! 543: if(!LookupSIDName(psidOwner,"")) ! 544: { PERR("LookupSIDName failed"); ! 545: } ! 546: } ! 547: ! 548: /**************************************************************************\ ! 549: * ! 550: * The other use for psidGroup is for Macintosh client support ! 551: * ! 552: \**************************************************************************/ ! 553: ! 554: if (NULL == psidGroup) ! 555: { printf("\nSD's Group is NULL, so SE_GROUP_DEFAULTED is ignored"); ! 556: printf("\nSD's Group being NULL is typical, GROUP in SD(s) is mainly for POSIX compliance"); ! 557: } ! 558: else ! 559: { if (bGroupDefaulted) ! 560: { printf("\nSD's Group-Defaulted flag is TRUE"); ! 561: } ! 562: else ! 563: { printf("\nSD's Group-Defaulted flag is FALSE"); ! 564: } ! 565: if(!LookupSIDName(psidGroup,"")) ! 566: { PERR("LookupSIDName failed"); ! 567: } ! 568: } ! 569: ! 570: if (SE_DACL_PRESENT & sdcSDControl) ! 571: { printf("\nSD's DACL is Present"); ! 572: if (bDaclDefaulted) ! 573: { printf("\nSD's DACL-Defaulted flag is TRUE"); ! 574: } ! 575: else ! 576: { printf("\nSD's DACL-Defaulted flag is FALSE"); ! 577: } ! 578: ! 579: if (NULL == paclDACL) ! 580: { printf("\nSD has a NULL DACL explicitly specified (allows all access to Everyone)"); ! 581: printf("\n This does not apply to this SD, but for comparison,"); ! 582: printf("\n a non-NULL DACL pointer to a 0-length ACL allows no access to anyone"); ! 583: } ! 584: else if(!ExamineACL(paclDACL,"",kamKindOfMask)) ! 585: { PERR("ExamineACL failed"); ! 586: } ! 587: } ! 588: else ! 589: { printf("\nSD's DACL is Not Present, so SE_DACL_DEFAULTED is ignored"); ! 590: printf("\nSD has no DACL at all (allows all access to Everyone)"); ! 591: } ! 592: ! 593: if (SE_SACL_PRESENT & sdcSDControl) ! 594: { printf("\nSD's SACL is Present"); ! 595: if (bSaclDefaulted) ! 596: { printf("\nSD's SACL-Defaulted flag is TRUE"); ! 597: } ! 598: else ! 599: { printf("\nSD's SACL-Defaulted flag is FALSE"); ! 600: } ! 601: ! 602: if (NULL == paclSACL) ! 603: { printf("\nSD has a NULL SACL explicitly specified"); ! 604: } ! 605: else if(!ExamineACL(paclSACL,"",kamKindOfMask)) ! 606: { PERR("ExamineACL failed"); ! 607: } ! 608: } ! 609: else ! 610: { printf("\nSD's SACL is Not Present, so SE_SACL_DEFAULTED is ignored"); ! 611: printf("\nSD has no SACL at all (or we did not request to see it)"); ! 612: } ! 613: } ! 614: ! 615: /****************************************************************************\ ! 616: * ! 617: * FUNCTION: ExamineACL ! 618: * ! 619: \****************************************************************************/ ! 620: ! 621: BOOL ExamineACL (PACL paclACL, LPTSTR lpszOldIndent, ! 622: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask) ! 623: { ! 624: #define SZ_INDENT_BUF 80 ! 625: UCHAR ucIndentBuf[SZ_INDENT_BUF] = ""; ! 626: ACL_SIZE_INFORMATION asiAclSize; ! 627: ACL_REVISION_INFORMATION ariAclRevision; ! 628: DWORD dwBufLength; ! 629: DWORD dwAcl_i; ! 630: ACCESS_ALLOWED_ACE *paaAllowedAce; ! 631: ! 632: strcpy(ucIndentBuf,lpszOldIndent); ! 633: strcat(ucIndentBuf," "); ! 634: ! 635: if (!IsValidAcl(paclACL)) ! 636: { PERR("IsValidAcl"); ! 637: return(FALSE); ! 638: } ! 639: ! 640: dwBufLength = sizeof(asiAclSize); ! 641: ! 642: if (!GetAclInformation(paclACL, ! 643: (LPVOID)&asiAclSize, ! 644: (DWORD)dwBufLength, ! 645: (ACL_INFORMATION_CLASS)AclSizeInformation)) ! 646: { PERR("GetAclInformation"); ! 647: return(FALSE); ! 648: } ! 649: ! 650: dwBufLength = sizeof(ariAclRevision); ! 651: ! 652: if (!GetAclInformation(paclACL, ! 653: (LPVOID)&ariAclRevision, ! 654: (DWORD)dwBufLength, ! 655: (ACL_INFORMATION_CLASS)AclRevisionInformation)) ! 656: { PERR("GetAclInformation"); ! 657: return(FALSE); ! 658: } ! 659: ! 660: printf("\n%sACL has %d ACE(s), %d bytes used, %d bytes free",ucIndentBuf, ! 661: asiAclSize.AceCount, ! 662: asiAclSize.AclBytesInUse, ! 663: asiAclSize.AclBytesFree); ! 664: ! 665: printf("\n%sACL revision is %d == ",ucIndentBuf,ariAclRevision.AclRevision); ! 666: ! 667: switch (ariAclRevision.AclRevision) ! 668: { ! 669: case ACL_REVISION1 : ! 670: { printf("ACL_REVISION1"); ! 671: break; ! 672: } ! 673: case ACL_REVISION2 : ! 674: { printf("ACL_REVISION2"); ! 675: break; ! 676: } ! 677: default : ! 678: { printf("\n%sACL Revision is an IMPOSSIBLE ACL revision!!! Perhaps a new revision was added...",ucIndentBuf); ! 679: return(FALSE); ! 680: } ! 681: } ! 682: ! 683: for (dwAcl_i = 0; dwAcl_i < asiAclSize.AceCount; dwAcl_i++) ! 684: { ! 685: if (!GetAce(paclACL, ! 686: dwAcl_i, ! 687: (LPVOID *)&paaAllowedAce)) ! 688: { PERR("GetAce"); ! 689: return(FALSE); ! 690: } ! 691: ! 692: printf("\n%sACE %d size %d",ucIndentBuf,dwAcl_i,paaAllowedAce->Header.AceSize); ! 693: ! 694: { DWORD dwAceFlags = paaAllowedAce->Header.AceFlags; ! 695: ! 696: printf("\n%sACE %d flags 0x%.2x",ucIndentBuf,dwAcl_i,dwAceFlags); ! 697: ! 698: if (dwAceFlags) ! 699: { ! 700: DWORD dwExtraBits; ! 701: UCHAR ucIndentBitsBuf[SZ_INDENT_BUF] = ""; ! 702: ! 703: strcpy(ucIndentBitsBuf,ucIndentBuf); ! 704: strcat(ucIndentBitsBuf," "); ! 705: ! 706: if ((dwAceFlags & OBJECT_INHERIT_ACE ) == OBJECT_INHERIT_ACE ) ! 707: { printf("\n%s0x01 OBJECT_INHERIT_ACE ",ucIndentBitsBuf); ! 708: } ! 709: if ((dwAceFlags & CONTAINER_INHERIT_ACE ) == CONTAINER_INHERIT_ACE ) ! 710: { printf("\n%s0x02 CONTAINER_INHERIT_ACE ",ucIndentBitsBuf); ! 711: } ! 712: if ((dwAceFlags & NO_PROPAGATE_INHERIT_ACE ) == NO_PROPAGATE_INHERIT_ACE ) ! 713: { printf("\n%s0x04 NO_PROPAGATE_INHERIT_ACE ",ucIndentBitsBuf); ! 714: } ! 715: if ((dwAceFlags & INHERIT_ONLY_ACE ) == INHERIT_ONLY_ACE ) ! 716: { printf("\n%s0x08 INHERIT_ONLY_ACE ",ucIndentBitsBuf); ! 717: } ! 718: if ((dwAceFlags & VALID_INHERIT_FLAGS ) == VALID_INHERIT_FLAGS ) ! 719: { printf("\n%s0x0F VALID_INHERIT_FLAGS ",ucIndentBitsBuf); ! 720: } ! 721: if ((dwAceFlags & SUCCESSFUL_ACCESS_ACE_FLAG) == SUCCESSFUL_ACCESS_ACE_FLAG) ! 722: { printf("\n%s0x40 SUCCESSFUL_ACCESS_ACE_FLAG",ucIndentBitsBuf); ! 723: } ! 724: if ((dwAceFlags & FAILED_ACCESS_ACE_FLAG ) == FAILED_ACCESS_ACE_FLAG ) ! 725: { printf("\n%s0x80 FAILED_ACCESS_ACE_FLAG ",ucIndentBitsBuf); ! 726: } ! 727: ! 728: dwExtraBits = dwAceFlags & ( ~( OBJECT_INHERIT_ACE ! 729: | CONTAINER_INHERIT_ACE ! 730: | NO_PROPAGATE_INHERIT_ACE ! 731: | INHERIT_ONLY_ACE ! 732: | VALID_INHERIT_FLAGS ! 733: | SUCCESSFUL_ACCESS_ACE_FLAG ! 734: | FAILED_ACCESS_ACE_FLAG) ); ! 735: if (dwExtraBits) ! 736: { printf("\n%sExtra AceFlag bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 737: } ! 738: } ! 739: } ! 740: ! 741: switch (paaAllowedAce->Header.AceType) ! 742: { ! 743: case ACCESS_ALLOWED_ACE_TYPE : ! 744: { printf("\n%sACE %d is an ACCESS_ALLOWED_ACE_TYPE",ucIndentBuf,dwAcl_i); ! 745: break; ! 746: } ! 747: case ACCESS_DENIED_ACE_TYPE : ! 748: { printf("\n%sACE %d is an ACCESS_DENIED_ACE_TYPE",ucIndentBuf,dwAcl_i); ! 749: break; ! 750: } ! 751: case SYSTEM_AUDIT_ACE_TYPE : ! 752: { printf("\n%sACE %d is a SYSTEM_AUDIT_ACE_TYPE",ucIndentBuf,dwAcl_i); ! 753: break; ! 754: } ! 755: case SYSTEM_ALARM_ACE_TYPE : ! 756: { printf("\n%sACE %d is a SYSTEM_ALARM_ACE_TYPE",ucIndentBuf,dwAcl_i); ! 757: break; ! 758: } ! 759: default : ! 760: { printf("\n%sACE %d is an IMPOSSIBLE ACE_TYPE!!! Run debugger, examine value!",ucIndentBuf,dwAcl_i); ! 761: return(FALSE); ! 762: } ! 763: } ! 764: ! 765: printf("\n%sACE %d mask == 0x%.8x",ucIndentBuf,dwAcl_i,paaAllowedAce->Mask); ! 766: ! 767: ExamineMask(paaAllowedAce->Mask,ucIndentBuf,kamKindOfMask); ! 768: ! 769: if(!LookupSIDName((PSID)&(paaAllowedAce->SidStart),ucIndentBuf)) ! 770: { PERR("LookupSIDName failed"); ! 771: } ! 772: } ! 773: } ! 774: ! 775: /****************************************************************************\ ! 776: * ! 777: * FUNCTION: ExamineMask ! 778: * ! 779: \****************************************************************************/ ! 780: ! 781: VOID ExamineMask (ACCESS_MASK amMask, LPTSTR lpszOldIndent, ! 782: KINDS_OF_ACCESSMASKS_DECODED kamKindOfMask) ! 783: { ! 784: #define STANDARD_RIGHTS_ALL_THE_BITS 0x00FF0000L ! 785: #define GENERIC_RIGHTS_ALL_THE_BITS 0xF0000000L ! 786: UCHAR ucIndentBuf[SZ_INDENT_BUF] = ""; ! 787: UCHAR ucIndentBitsBuf[SZ_INDENT_BUF] = ""; ! 788: DWORD dwGenericBits; ! 789: DWORD dwStandardBits; ! 790: DWORD dwSpecificBits; ! 791: DWORD dwAccessSystemSecurityBit; ! 792: DWORD dwExtraBits; ! 793: ! 794: strcpy(ucIndentBuf, lpszOldIndent); ! 795: strcat(ucIndentBuf, " "); ! 796: strcpy(ucIndentBitsBuf,lpszOldIndent); ! 797: strcat(ucIndentBitsBuf," "); ! 798: ! 799: dwStandardBits = (amMask & STANDARD_RIGHTS_ALL_THE_BITS); ! 800: dwSpecificBits = (amMask & SPECIFIC_RIGHTS_ALL ); ! 801: dwAccessSystemSecurityBit = (amMask & ACCESS_SYSTEM_SECURITY ); ! 802: dwGenericBits = (amMask & GENERIC_RIGHTS_ALL_THE_BITS ); ! 803: ! 804: /**************************************************************************\ ! 805: * ! 806: * Print then decode the standard rights bits ! 807: * ! 808: \**************************************************************************/ ! 809: ! 810: printf("\n%sStandard Rights == 0x%.8x",ucIndentBuf,dwStandardBits); ! 811: ! 812: if (dwStandardBits) ! 813: { ! 814: if ((dwStandardBits & DELETE ) == DELETE ) ! 815: { printf("\n%s0x00010000 DELETE ",ucIndentBitsBuf); ! 816: } ! 817: if ((dwStandardBits & READ_CONTROL ) == READ_CONTROL ) ! 818: { printf("\n%s0x00020000 READ_CONTROL ",ucIndentBitsBuf); ! 819: } ! 820: if ((dwStandardBits & STANDARD_RIGHTS_READ ) == STANDARD_RIGHTS_READ ) ! 821: { printf("\n%s0x00020000 STANDARD_RIGHTS_READ ",ucIndentBitsBuf); ! 822: } ! 823: if ((dwStandardBits & STANDARD_RIGHTS_WRITE ) == STANDARD_RIGHTS_WRITE ) ! 824: { printf("\n%s0x00020000 STANDARD_RIGHTS_WRITE ",ucIndentBitsBuf); ! 825: } ! 826: if ((dwStandardBits & STANDARD_RIGHTS_EXECUTE ) == STANDARD_RIGHTS_EXECUTE ) ! 827: { printf("\n%s0x00020000 STANDARD_RIGHTS_EXECUTE ",ucIndentBitsBuf); ! 828: } ! 829: if ((dwStandardBits & WRITE_DAC ) == WRITE_DAC ) ! 830: { printf("\n%s0x00040000 WRITE_DAC ",ucIndentBitsBuf); ! 831: } ! 832: if ((dwStandardBits & WRITE_OWNER ) == WRITE_OWNER ) ! 833: { printf("\n%s0x00080000 WRITE_OWNER ",ucIndentBitsBuf); ! 834: } ! 835: if ((dwStandardBits & SYNCHRONIZE ) == SYNCHRONIZE ) ! 836: { printf("\n%s0x00100000 SYNCHRONIZE ",ucIndentBitsBuf); ! 837: } ! 838: if ((dwStandardBits & STANDARD_RIGHTS_REQUIRED) == STANDARD_RIGHTS_REQUIRED) ! 839: { printf("\n%s0x000F0000 STANDARD_RIGHTS_REQUIRED",ucIndentBitsBuf); ! 840: } ! 841: if ((dwStandardBits & STANDARD_RIGHTS_ALL ) == STANDARD_RIGHTS_ALL ) ! 842: { printf("\n%s0x001F0000 STANDARD_RIGHTS_ALL ",ucIndentBitsBuf); ! 843: } ! 844: ! 845: dwExtraBits = dwStandardBits & ( ~( DELETE ! 846: | READ_CONTROL ! 847: | STANDARD_RIGHTS_READ ! 848: | STANDARD_RIGHTS_WRITE ! 849: | STANDARD_RIGHTS_EXECUTE ! 850: | WRITE_DAC ! 851: | WRITE_OWNER ! 852: | SYNCHRONIZE ! 853: | STANDARD_RIGHTS_REQUIRED ! 854: | STANDARD_RIGHTS_ALL) ); ! 855: if (dwExtraBits) ! 856: { printf("\n%sExtra standard bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 857: } ! 858: } ! 859: ! 860: /**************************************************************************\ ! 861: * ! 862: * Print then decode the specific rights bits ! 863: * ! 864: \**************************************************************************/ ! 865: ! 866: printf("\n%sSpecific Rights == 0x%.8x",ucIndentBuf,dwSpecificBits); ! 867: ! 868: if (dwSpecificBits) ! 869: { ! 870: if (FileAccessMask == kamKindOfMask) ! 871: { ! 872: if ((dwSpecificBits & FILE_READ_DATA ) == FILE_READ_DATA ) ! 873: { printf("\n%s0x00000001 FILE_READ_DATA (file & pipe) ",ucIndentBitsBuf); ! 874: } ! 875: if ((dwSpecificBits & FILE_LIST_DIRECTORY ) == FILE_LIST_DIRECTORY ) ! 876: { printf("\n%s0x00000001 FILE_LIST_DIRECTORY (directory) ",ucIndentBitsBuf); ! 877: } ! 878: if ((dwSpecificBits & FILE_WRITE_DATA ) == FILE_WRITE_DATA ) ! 879: { printf("\n%s0x00000002 FILE_WRITE_DATA (file & pipe) ",ucIndentBitsBuf); ! 880: } ! 881: if ((dwSpecificBits & FILE_ADD_FILE ) == FILE_ADD_FILE ) ! 882: { printf("\n%s0x00000002 FILE_ADD_FILE (directory) ",ucIndentBitsBuf); ! 883: } ! 884: if ((dwSpecificBits & FILE_APPEND_DATA ) == FILE_APPEND_DATA ) ! 885: { printf("\n%s0x00000004 FILE_APPEND_DATA (file) ",ucIndentBitsBuf); ! 886: } ! 887: if ((dwSpecificBits & FILE_ADD_SUBDIRECTORY ) == FILE_ADD_SUBDIRECTORY ) ! 888: { printf("\n%s0x00000004 FILE_ADD_SUBDIRECTORY (directory) ",ucIndentBitsBuf); ! 889: } ! 890: if ((dwSpecificBits & FILE_CREATE_PIPE_INSTANCE) == FILE_CREATE_PIPE_INSTANCE) ! 891: { printf("\n%s0x00000004 FILE_CREATE_PIPE_INSTANCE (named pipe) ",ucIndentBitsBuf); ! 892: } ! 893: if ((dwSpecificBits & FILE_READ_EA ) == FILE_READ_EA ) ! 894: { printf("\n%s0x00000008 FILE_READ_EA (file & directory)",ucIndentBitsBuf); ! 895: } ! 896: if ((dwSpecificBits & FILE_WRITE_EA ) == FILE_WRITE_EA ) ! 897: { printf("\n%s0x00000010 FILE_WRITE_EA (file & directory)",ucIndentBitsBuf); ! 898: } ! 899: if ((dwSpecificBits & FILE_EXECUTE ) == FILE_EXECUTE ) ! 900: { printf("\n%s0x00000020 FILE_EXECUTE (file) ",ucIndentBitsBuf); ! 901: } ! 902: if ((dwSpecificBits & FILE_TRAVERSE ) == FILE_TRAVERSE ) ! 903: { printf("\n%s0x00000020 FILE_TRAVERSE (directory) ",ucIndentBitsBuf); ! 904: } ! 905: if ((dwSpecificBits & FILE_DELETE_CHILD ) == FILE_DELETE_CHILD ) ! 906: { printf("\n%s0x00000040 FILE_DELETE_CHILD (directory) ",ucIndentBitsBuf); ! 907: } ! 908: if ((dwSpecificBits & FILE_READ_ATTRIBUTES ) == FILE_READ_ATTRIBUTES ) ! 909: { printf("\n%s0x00000080 FILE_READ_ATTRIBUTES (all) ",ucIndentBitsBuf); ! 910: } ! 911: if ((dwSpecificBits & FILE_WRITE_ATTRIBUTES ) == FILE_WRITE_ATTRIBUTES ) ! 912: { printf("\n%s0x00000100 FILE_WRITE_ATTRIBUTES (all) ",ucIndentBitsBuf); ! 913: } ! 914: ! 915: if (((dwStandardBits | dwSpecificBits ) ! 916: & FILE_ALL_ACCESS ) == FILE_ALL_ACCESS ) ! 917: { printf("\n%s0x001F01FF FILE_ALL_ACCESS == (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)",ucIndentBitsBuf); ! 918: } ! 919: if (((dwStandardBits | dwSpecificBits ) ! 920: & FILE_GENERIC_READ ) == FILE_GENERIC_READ ) ! 921: { printf("\n%s0x00120089 FILE_GENERIC_READ == (STANDARD_RIGHTS_READ | FILE_READ_DATA | FILE_READ_ATTRIBUTES | FILE_READ_EA | SYNCHRONIZE)",ucIndentBitsBuf); ! 922: } ! 923: if (((dwStandardBits | dwSpecificBits ) ! 924: & FILE_GENERIC_WRITE ) == FILE_GENERIC_WRITE ) ! 925: { printf("\n%s0x00120116 FILE_GENERIC_WRITE == (STANDARD_RIGHTS_WRITE | FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | FILE_APPEND_DATA | SYNCHRONIZE)",ucIndentBitsBuf); ! 926: } ! 927: if (((dwStandardBits | dwSpecificBits ) ! 928: & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE) ! 929: { printf("\n%s0x001200A0 FILE_GENERIC_EXECUTE == (STANDARD_RIGHTS_EXECUTE | FILE_READ_ATTRIBUTES | FILE_EXECUTE | SYNCHRONIZE)",ucIndentBitsBuf); ! 930: } ! 931: ! 932: dwExtraBits = dwSpecificBits & ( ~( FILE_READ_DATA ! 933: | FILE_LIST_DIRECTORY ! 934: | FILE_WRITE_DATA ! 935: | FILE_ADD_FILE ! 936: | FILE_APPEND_DATA ! 937: | FILE_ADD_SUBDIRECTORY ! 938: | FILE_CREATE_PIPE_INSTANCE ! 939: | FILE_READ_EA ! 940: | FILE_WRITE_EA ! 941: | FILE_EXECUTE ! 942: | FILE_TRAVERSE ! 943: | FILE_DELETE_CHILD ! 944: | FILE_READ_ATTRIBUTES ! 945: | FILE_WRITE_ATTRIBUTES ! 946: | (FILE_ALL_ACCESS & SPECIFIC_RIGHTS_ALL) ! 947: | (FILE_GENERIC_READ & SPECIFIC_RIGHTS_ALL) ! 948: | (FILE_GENERIC_WRITE & SPECIFIC_RIGHTS_ALL) ! 949: | (FILE_GENERIC_EXECUTE & SPECIFIC_RIGHTS_ALL) ) ); ! 950: if (dwExtraBits) ! 951: { printf("\n%sExtra specific bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 952: } ! 953: } ! 954: else if (ProcessAccessMask == kamKindOfMask) ! 955: { ! 956: if ((dwSpecificBits & PROCESS_TERMINATE ) == PROCESS_TERMINATE ) ! 957: { printf("\n%s0x00000001 PROCESS_TERMINATE ",ucIndentBitsBuf); ! 958: } ! 959: if ((dwSpecificBits & PROCESS_CREATE_THREAD ) == PROCESS_CREATE_THREAD ) ! 960: { printf("\n%s0x00000002 PROCESS_CREATE_THREAD ",ucIndentBitsBuf); ! 961: } ! 962: if ((dwSpecificBits & PROCESS_VM_OPERATION ) == PROCESS_VM_OPERATION ) ! 963: { printf("\n%s0x00000008 PROCESS_VM_OPERATION ",ucIndentBitsBuf); ! 964: } ! 965: if ((dwSpecificBits & PROCESS_VM_READ ) == PROCESS_VM_READ ) ! 966: { printf("\n%s0x00000010 PROCESS_VM_READ ",ucIndentBitsBuf); ! 967: } ! 968: if ((dwSpecificBits & PROCESS_VM_WRITE ) == PROCESS_VM_WRITE ) ! 969: { printf("\n%s0x00000020 PROCESS_VM_WRITE ",ucIndentBitsBuf); ! 970: } ! 971: if ((dwSpecificBits & PROCESS_DUP_HANDLE ) == PROCESS_DUP_HANDLE ) ! 972: { printf("\n%s0x00000040 PROCESS_DUP_HANDLE ",ucIndentBitsBuf); ! 973: } ! 974: if ((dwSpecificBits & PROCESS_CREATE_PROCESS ) == PROCESS_CREATE_PROCESS ) ! 975: { printf("\n%s0x00000080 PROCESS_CREATE_PROCESS ",ucIndentBitsBuf); ! 976: } ! 977: if ((dwSpecificBits & PROCESS_SET_INFORMATION ) == PROCESS_SET_INFORMATION ) ! 978: { printf("\n%s0x00000200 PROCESS_SET_INFORMATION ",ucIndentBitsBuf); ! 979: } ! 980: if ((dwSpecificBits & PROCESS_QUERY_INFORMATION) == PROCESS_QUERY_INFORMATION) ! 981: { printf("\n%s0x00000400 PROCESS_QUERY_INFORMATION",ucIndentBitsBuf); ! 982: } ! 983: ! 984: if (((dwStandardBits | dwSpecificBits ) ! 985: & PROCESS_ALL_ACCESS) == PROCESS_ALL_ACCESS) ! 986: { printf("\n%s0x001F0FFF PROCESS_ALL_ACCESS == (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x00000FFF) ",ucIndentBitsBuf); ! 987: } ! 988: ! 989: dwExtraBits = dwSpecificBits & ( ~( PROCESS_TERMINATE ! 990: | PROCESS_CREATE_THREAD ! 991: | PROCESS_VM_OPERATION ! 992: | PROCESS_VM_READ ! 993: | PROCESS_VM_WRITE ! 994: | PROCESS_DUP_HANDLE ! 995: | PROCESS_CREATE_PROCESS ! 996: | PROCESS_SET_INFORMATION ! 997: | PROCESS_QUERY_INFORMATION ! 998: | (PROCESS_ALL_ACCESS & SPECIFIC_RIGHTS_ALL) ) ); ! 999: if (dwExtraBits) ! 1000: { printf("\n%sExtra specific bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 1001: } ! 1002: } ! 1003: else if (WindowStationAccessMask == kamKindOfMask) ! 1004: { ! 1005: if ((dwSpecificBits & WINSTA_ENUMDESKTOPS ) == WINSTA_ENUMDESKTOPS ) ! 1006: { printf("\n%s0x00000001 WINSTA_ENUMDESKTOPS ",ucIndentBitsBuf); ! 1007: } ! 1008: if ((dwSpecificBits & WINSTA_READATTRIBUTES ) == WINSTA_READATTRIBUTES ) ! 1009: { printf("\n%s0x00000002 WINSTA_READATTRIBUTES ",ucIndentBitsBuf); ! 1010: } ! 1011: if ((dwSpecificBits & WINSTA_ACCESSCLIPBOARD ) == WINSTA_ACCESSCLIPBOARD ) ! 1012: { printf("\n%s0x00000004 WINSTA_ACCESSCLIPBOARD ",ucIndentBitsBuf); ! 1013: } ! 1014: if ((dwSpecificBits & WINSTA_CREATEDESKTOP ) == WINSTA_CREATEDESKTOP ) ! 1015: { printf("\n%s0x00000008 WINSTA_CREATEDESKTOP ",ucIndentBitsBuf); ! 1016: } ! 1017: if ((dwSpecificBits & WINSTA_WRITEATTRIBUTES ) == WINSTA_WRITEATTRIBUTES ) ! 1018: { printf("\n%s0x00000010 WINSTA_WRITEATTRIBUTES ",ucIndentBitsBuf); ! 1019: } ! 1020: if ((dwSpecificBits & WINSTA_ACCESSGLOBALATOMS) == WINSTA_ACCESSGLOBALATOMS) ! 1021: { printf("\n%s0x00000020 WINSTA_ACCESSGLOBALATOMS",ucIndentBitsBuf); ! 1022: } ! 1023: if ((dwSpecificBits & WINSTA_EXITWINDOWS ) == WINSTA_EXITWINDOWS ) ! 1024: { printf("\n%s0x00000040 WINSTA_EXITWINDOWS ",ucIndentBitsBuf); ! 1025: } ! 1026: if ((dwSpecificBits & WINSTA_ENUMERATE ) == WINSTA_ENUMERATE ) ! 1027: { printf("\n%s0x00000100 WINSTA_ENUMERATE ",ucIndentBitsBuf); ! 1028: } ! 1029: if ((dwSpecificBits & WINSTA_READSCREEN ) == WINSTA_READSCREEN ) ! 1030: { printf("\n%s0x00000200 WINSTA_READSCREEN ",ucIndentBitsBuf); ! 1031: } ! 1032: ! 1033: dwExtraBits = dwSpecificBits & ( ~( WINSTA_ENUMDESKTOPS ! 1034: | WINSTA_READATTRIBUTES ! 1035: | WINSTA_ACCESSCLIPBOARD ! 1036: | WINSTA_CREATEDESKTOP ! 1037: | WINSTA_WRITEATTRIBUTES ! 1038: | WINSTA_ACCESSGLOBALATOMS ! 1039: | WINSTA_EXITWINDOWS ! 1040: | WINSTA_ENUMERATE ! 1041: | WINSTA_READSCREEN) ); ! 1042: if (dwExtraBits) ! 1043: { printf("\n%sExtra specific bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 1044: } ! 1045: } ! 1046: else if (RegKeyAccessMask == kamKindOfMask) ! 1047: { ! 1048: if ((dwSpecificBits & KEY_QUERY_VALUE ) == KEY_QUERY_VALUE ) ! 1049: { printf("\n%s0x00000001 KEY_QUERY_VALUE ",ucIndentBitsBuf); ! 1050: } ! 1051: if ((dwSpecificBits & KEY_SET_VALUE ) == KEY_SET_VALUE ) ! 1052: { printf("\n%s0x00000002 KEY_SET_VALUE ",ucIndentBitsBuf); ! 1053: } ! 1054: if ((dwSpecificBits & KEY_CREATE_SUB_KEY ) == KEY_CREATE_SUB_KEY ) ! 1055: { printf("\n%s0x00000004 KEY_CREATE_SUB_KEY ",ucIndentBitsBuf); ! 1056: } ! 1057: if ((dwSpecificBits & KEY_ENUMERATE_SUB_KEYS) == KEY_ENUMERATE_SUB_KEYS) ! 1058: { printf("\n%s0x00000008 KEY_ENUMERATE_SUB_KEYS",ucIndentBitsBuf); ! 1059: } ! 1060: if ((dwSpecificBits & KEY_NOTIFY ) == KEY_NOTIFY ) ! 1061: { printf("\n%s0x00000010 KEY_NOTIFY ",ucIndentBitsBuf); ! 1062: } ! 1063: if ((dwSpecificBits & KEY_CREATE_LINK ) == KEY_CREATE_LINK ) ! 1064: { printf("\n%s0x00000020 KEY_CREATE_LINK ",ucIndentBitsBuf); ! 1065: } ! 1066: ! 1067: if (((dwStandardBits | dwSpecificBits ) ! 1068: & KEY_READ ) == KEY_READ ) ! 1069: { printf("\n%s0x00020019 KEY_READ == ((STANDARD_RIGHTS_READ | KEY_QUERY_VALUE | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY) & (~SYNCHRONIZE))",ucIndentBitsBuf); ! 1070: } ! 1071: if (((dwStandardBits | dwSpecificBits ) ! 1072: & KEY_WRITE ) == KEY_WRITE ) ! 1073: { printf("\n%s0x00020006 KEY_WRITE == ((STANDARD_RIGHTS_WRITE | KEY_SET_VALUE | KEY_CREATE_SUB_KEY) & (~SYNCHRONIZE))",ucIndentBitsBuf); ! 1074: } ! 1075: if (((dwStandardBits | dwSpecificBits ) ! 1076: & KEY_EXECUTE ) == KEY_EXECUTE ) ! 1077: { printf("\n%s0x00020019 KEY_EXECUTE == ((KEY_READ) & (~SYNCHRONIZE))",ucIndentBitsBuf); ! 1078: } ! 1079: if (((dwStandardBits | dwSpecificBits ) ! 1080: & KEY_ALL_ACCESS) == KEY_ALL_ACCESS) ! 1081: { printf("\n%s0x000F003F KEY_ALL_ACCESS == ((STANDARD_RIGHTS_ALL | KEY_QUERY_VALUE | KEY_SET_VALUE | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY | KEY_CREATE_LINK) & (~SYNCHRONIZE))",ucIndentBitsBuf); ! 1082: } ! 1083: ! 1084: dwExtraBits = dwSpecificBits & ( ~( KEY_QUERY_VALUE ! 1085: | KEY_SET_VALUE ! 1086: | KEY_CREATE_SUB_KEY ! 1087: | KEY_ENUMERATE_SUB_KEYS ! 1088: | KEY_NOTIFY ! 1089: | KEY_CREATE_LINK ! 1090: | (KEY_READ & SPECIFIC_RIGHTS_ALL) ! 1091: | (KEY_WRITE & SPECIFIC_RIGHTS_ALL) ! 1092: | (KEY_EXECUTE & SPECIFIC_RIGHTS_ALL) ! 1093: | (KEY_ALL_ACCESS & SPECIFIC_RIGHTS_ALL) ) ); ! 1094: if (dwExtraBits) ! 1095: { printf("\n%sExtra specific bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 1096: } ! 1097: } ! 1098: else if (ServiceAccessMask == kamKindOfMask) ! 1099: { ! 1100: if ((dwSpecificBits & SERVICE_QUERY_CONFIG ) == SERVICE_QUERY_CONFIG ) ! 1101: { printf("\n%s0x00000001 SERVICE_QUERY_CONFIG ",ucIndentBitsBuf); ! 1102: } ! 1103: if ((dwSpecificBits & SERVICE_CHANGE_CONFIG ) == SERVICE_CHANGE_CONFIG ) ! 1104: { printf("\n%s0x00000002 SERVICE_CHANGE_CONFIG ",ucIndentBitsBuf); ! 1105: } ! 1106: if ((dwSpecificBits & SERVICE_QUERY_STATUS ) == SERVICE_QUERY_STATUS ) ! 1107: { printf("\n%s0x00000004 SERVICE_QUERY_STATUS ",ucIndentBitsBuf); ! 1108: } ! 1109: if ((dwSpecificBits & SERVICE_ENUMERATE_DEPENDENTS) == SERVICE_ENUMERATE_DEPENDENTS) ! 1110: { printf("\n%s0x00000008 SERVICE_ENUMERATE_DEPENDENTS",ucIndentBitsBuf); ! 1111: } ! 1112: if ((dwSpecificBits & SERVICE_START ) == SERVICE_START ) ! 1113: { printf("\n%s0x00000010 SERVICE_START ",ucIndentBitsBuf); ! 1114: } ! 1115: if ((dwSpecificBits & SERVICE_STOP ) == SERVICE_STOP ) ! 1116: { printf("\n%s0x00000020 SERVICE_STOP ",ucIndentBitsBuf); ! 1117: } ! 1118: if ((dwSpecificBits & SERVICE_PAUSE_CONTINUE ) == SERVICE_PAUSE_CONTINUE ) ! 1119: { printf("\n%s0x00000040 SERVICE_PAUSE_CONTINUE ",ucIndentBitsBuf); ! 1120: } ! 1121: if ((dwSpecificBits & SERVICE_INTERROGATE ) == SERVICE_INTERROGATE ) ! 1122: { printf("\n%s0x00000080 SERVICE_INTERROGATE ",ucIndentBitsBuf); ! 1123: } ! 1124: if ((dwSpecificBits & SERVICE_USER_DEFINED_CONTROL) == SERVICE_USER_DEFINED_CONTROL) ! 1125: { printf("\n%s0x00000100 SERVICE_USER_DEFINED_CONTROL",ucIndentBitsBuf,ucIndentBitsBuf); ! 1126: } ! 1127: ! 1128: if (((dwStandardBits | dwSpecificBits ) ! 1129: & SERVICE_ALL_ACCESS) == SERVICE_ALL_ACCESS) ! 1130: { printf("\n%s0x000F01FF SERVICE_ALL_ACCESS == (STANDARD_RIGHTS_REQUIRED | SERVICE_QUERY_CONFIG | SERVICE_CHANGE_CONFIG | ", ucIndentBitsBuf ); ! 1131: printf("%s", "SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_INTERROGATE | SERVICE_USER_DEFINED_CONTROL)" ); ! 1132: } ! 1133: ! 1134: dwExtraBits = dwSpecificBits & ( ~( SERVICE_QUERY_CONFIG ! 1135: | SERVICE_CHANGE_CONFIG ! 1136: | SERVICE_QUERY_STATUS ! 1137: | SERVICE_ENUMERATE_DEPENDENTS ! 1138: | SERVICE_START ! 1139: | SERVICE_STOP ! 1140: | SERVICE_PAUSE_CONTINUE ! 1141: | SERVICE_INTERROGATE ! 1142: | SERVICE_USER_DEFINED_CONTROL ! 1143: | (SERVICE_ALL_ACCESS & SPECIFIC_RIGHTS_ALL) ) ); ! 1144: if (dwExtraBits) ! 1145: { printf("\n%sExtra specific bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 1146: } ! 1147: } ! 1148: else if (DefaultDaclInAccessTokenAccessMask == kamKindOfMask) ! 1149: { ! 1150: printf("\n%sSpecific bits in default Dacl(s) in token not broken down into defines",ucIndentBitsBuf); ! 1151: } ! 1152: else ! 1153: { printf("\n%sYou will need to write some code (such as that directly",ucIndentBuf); ! 1154: printf("\n%s above the code that wrote out this message) to decode",ucIndentBuf); ! 1155: printf("\n%s this kind of access mask",ucIndentBuf); ! 1156: } ! 1157: } ! 1158: ! 1159: /**************************************************************************\ ! 1160: * ! 1161: * Print then decode the ACCESS_SYSTEM_SECURITY bit ! 1162: * ! 1163: \**************************************************************************/ ! 1164: ! 1165: printf("\n%sAccess System Security == 0x%.8x",ucIndentBuf,dwAccessSystemSecurityBit); ! 1166: ! 1167: /**************************************************************************\ ! 1168: * ! 1169: * Print then decode the generic rights bits, which will rarely be on ! 1170: * ! 1171: * Generic bits are nearly always mapped by Windows NT before it tries to do ! 1172: * anything with them. You can ignore the fact that generic bits are ! 1173: * special in any way, although it helps to keep track of what the mappings ! 1174: * are so that you don't have any surprises ! 1175: * ! 1176: * The only time the generic bits are not mapped immediately is if they are ! 1177: * placed in an inheritable ACE in an ACL, or in an ACL that will be ! 1178: * assigned by default (such as the default DACL in an access token). In ! 1179: * that case they're mapped when the child object is created (or when the ! 1180: * default DACL is used at object creation time) ! 1181: * ! 1182: \**************************************************************************/ ! 1183: ! 1184: printf("\n%sGeneric Rights == 0x%.8x",ucIndentBuf,dwGenericBits); ! 1185: ! 1186: if (dwGenericBits) ! 1187: { ! 1188: if ((dwGenericBits & GENERIC_READ ) == GENERIC_READ ) ! 1189: { printf("\n%s0x80000000 GENERIC_READ ",ucIndentBitsBuf); ! 1190: } ! 1191: if ((dwGenericBits & GENERIC_WRITE ) == GENERIC_WRITE ) ! 1192: { printf("\n%s0x40000000 GENERIC_WRITE ",ucIndentBitsBuf); ! 1193: } ! 1194: if ((dwGenericBits & GENERIC_EXECUTE) == GENERIC_EXECUTE) ! 1195: { printf("\n%s0x20000000 GENERIC_EXECUTE",ucIndentBitsBuf); ! 1196: } ! 1197: if ((dwGenericBits & GENERIC_ALL ) == GENERIC_ALL ) ! 1198: { printf("\n%s0x10000000 GENERIC_ALL ",ucIndentBitsBuf); ! 1199: } ! 1200: ! 1201: dwExtraBits = dwGenericBits & ( ~( GENERIC_READ ! 1202: | GENERIC_WRITE ! 1203: | GENERIC_EXECUTE ! 1204: | GENERIC_ALL) ); ! 1205: if (dwExtraBits) ! 1206: { printf("\n%sExtra generic bits == 0x%.8x <-This is a problem, should be all 0s",ucIndentBuf,dwExtraBits); ! 1207: } ! 1208: } ! 1209: } ! 1210: ! 1211: /****************************************************************************\ ! 1212: * ! 1213: * FUNCTION: LookupSIDName ! 1214: * ! 1215: \****************************************************************************/ ! 1216: ! 1217: BOOL LookupSIDName(PSID psidSID, LPTSTR lpszOldIndent) ! 1218: { ! 1219: UCHAR ucIndentBuf [SZ_INDENT_BUF] = ""; ! 1220: #define SZ_ACCT_NAME_BUF 60 ! 1221: UCHAR ucNameBuf [SZ_ACCT_NAME_BUF] = ""; ! 1222: DWORD dwNameLength = SZ_ACCT_NAME_BUF; ! 1223: #define SZ_DMN_NAME_BUF 60 ! 1224: UCHAR ucDomainNmBuf [SZ_DMN_NAME_BUF] = ""; ! 1225: DWORD dwDNameLength = SZ_DMN_NAME_BUF; ! 1226: #define SZ_SID_STRING_BUF 150 ! 1227: UCHAR ucSIDStringBuf [SZ_SID_STRING_BUF] = ""; ! 1228: SID_NAME_USE peAcctNameUse = SidTypeInvalid; ! 1229: DWORD dwLookupStatus; ! 1230: BOOL bGotBadLookupThatIsNotLocalLogonSID; ! 1231: ! 1232: strcpy(ucIndentBuf,lpszOldIndent); ! 1233: strcat(ucIndentBuf," "); ! 1234: ! 1235: if (!IsValidSid(psidSID)) ! 1236: { PERR("IsValidSid"); ! 1237: return(FALSE); ! 1238: } ! 1239: ! 1240: if (!SIDStringName(psidSID,ucSIDStringBuf)) ! 1241: { PERR("SIDStringName"); ! 1242: return(FALSE); ! 1243: } ! 1244: ! 1245: if (!LookupAccountSid( ! 1246: (LPTSTR)"", // Look on local machine ! 1247: psidSID, ! 1248: (LPTSTR)&ucNameBuf, ! 1249: (LPDWORD)&dwNameLength, ! 1250: (LPTSTR)&ucDomainNmBuf, ! 1251: (LPDWORD)&dwDNameLength, ! 1252: (PSID_NAME_USE)&peAcctNameUse)) ! 1253: { ! 1254: dwLookupStatus = GetLastError(); ! 1255: ! 1256: /************************************************************************\ ! 1257: * ! 1258: * Got a bad Lookup, so check is SID the Local Logon SID? ! 1259: * ! 1260: * The problem is that LookupAccountSid api will find all the well-known ! 1261: * SIDs except the Local Logon SID. The last two sub-authorities are ! 1262: * always different, so to check to see if the SID we're looking at is ! 1263: * the Local Logon SID, we take the psidLogonIdsSid variable we built at ! 1264: * initialization time, and blast into it's last two sub-authorities the ! 1265: * last two sub-authorities that we have. Then compare for EqualSid ! 1266: * ! 1267: \************************************************************************/ ! 1268: ! 1269: // Must have same number of sub authorities ! 1270: ! 1271: bGotBadLookupThatIsNotLocalLogonSID = FALSE; // Assume the best :) ! 1272: ! 1273: if ( ( *(GetSidSubAuthorityCount(psidLogonIdsSid))) != ! 1274: ( *(GetSidSubAuthorityCount(psidSID ))) ) ! 1275: { // Not same number of sub-authorities, so can't be a match ! 1276: bGotBadLookupThatIsNotLocalLogonSID = TRUE; ! 1277: } ! 1278: else ! 1279: { ! 1280: // Force the last two sub-authorities to match ! 1281: *(GetSidSubAuthority( psidLogonIdsSid, 1 )) = ! 1282: *(GetSidSubAuthority( psidSID , 1 )); ! 1283: *(GetSidSubAuthority( psidLogonIdsSid, 2 )) = ! 1284: *(GetSidSubAuthority( psidSID , 2 )); ! 1285: ! 1286: /**********************************************************************\ ! 1287: * ! 1288: * EqualPrefixSid could be used instead if we want to blast in all but ! 1289: * the last sub-authority. For demonstration purposes, as long as we ! 1290: * did one of the two previous assignment statements, we may as well to ! 1291: * the other and use EqualSID ! 1292: * ! 1293: \**********************************************************************/ ! 1294: ! 1295: if (EqualSid(psidSID,psidLogonIdsSid)) ! 1296: { printf("\n%sSID is the Local Logon SID %s",ucIndentBuf,ucSIDStringBuf); ! 1297: } ! 1298: else ! 1299: { bGotBadLookupThatIsNotLocalLogonSID = TRUE; ! 1300: } ! 1301: } ! 1302: if (bGotBadLookupThatIsNotLocalLogonSID) ! 1303: { ! 1304: /**********************************************************************\ ! 1305: * ! 1306: * ERROR_NONE_MAPPED means account unknown. RegEdt32.exe will show ! 1307: * 1332-error-type accounts as Account Unknown, so we will also ! 1308: * ! 1309: \**********************************************************************/ ! 1310: ! 1311: if (ERROR_NONE_MAPPED == dwLookupStatus) ! 1312: { printf("\n%sSID domain == %s, Name == %s (Account Unknown) %s",ucIndentBuf,ucDomainNmBuf,ucNameBuf,ucSIDStringBuf); ! 1313: } ! 1314: else ! 1315: { SetLastError(dwLookupStatus); ! 1316: PERR("LookupAccountSid"); ! 1317: return(FALSE); ! 1318: } ! 1319: } ! 1320: } ! 1321: else ! 1322: { // Got good Lookup, so SID Is NOT the Local Logon SID ! 1323: printf("\n%sSID domain == %s, Name == %s %s",ucIndentBuf,ucDomainNmBuf,ucNameBuf,ucSIDStringBuf); ! 1324: ! 1325: /************************************************************************\ ! 1326: * ! 1327: * For demonstration purposes see which well-known SID it might be ! 1328: * For demonstration purposes do a silly search demonstrating ! 1329: * no two well-known SIDs are equal ! 1330: * ! 1331: \************************************************************************/ ! 1332: ! 1333: if (EqualSid(psidSID,psidNullSid)) ! 1334: { printf("\n%sSID is the Null SID",ucIndentBuf); ! 1335: } ! 1336: if (EqualSid(psidSID,psidWorldSid)) ! 1337: { printf("\n%sSID is the World SID",ucIndentBuf); ! 1338: } ! 1339: if (EqualSid(psidSID,psidLocalSid)) ! 1340: { printf("\n%sSID is the Local SID",ucIndentBuf); ! 1341: } ! 1342: if (EqualSid(psidSID,psidCreatorOwnerSid)) ! 1343: { printf("\n%sSID is the CreatorOwner SID",ucIndentBuf); ! 1344: } ! 1345: if (EqualSid(psidSID,psidCreatorGroupSid)) ! 1346: { printf("\n%sSID is the CreatorGroup SID",ucIndentBuf); ! 1347: } ! 1348: if (EqualSid(psidSID,psidNtAuthoritySid)) ! 1349: { printf("\n%sSID is the NtAuthority SID",ucIndentBuf); ! 1350: } ! 1351: if (EqualSid(psidSID,psidDialupSid)) ! 1352: { printf("\n%sSID is the DialUp SID",ucIndentBuf); ! 1353: } ! 1354: if (EqualSid(psidSID,psidNetworkSid)) ! 1355: { printf("\n%sSID is the Network SID",ucIndentBuf); ! 1356: } ! 1357: if (EqualSid(psidSID,psidBatchSid)) ! 1358: { printf("\n%sSID is the Batch SID",ucIndentBuf); ! 1359: } ! 1360: if (EqualSid(psidSID,psidInteractiveSid)) ! 1361: { printf("\n%sSID is the Interactive SID",ucIndentBuf); ! 1362: } ! 1363: if (EqualSid(psidSID,psidServiceSid)) ! 1364: { printf("\n%sSID is the Service SID",ucIndentBuf); ! 1365: } ! 1366: if (EqualSid(psidSID,psidLocalSystemSid)) ! 1367: { printf("\n%sSID is the LocalSystem SID",ucIndentBuf); ! 1368: } ! 1369: if (EqualSid(psidSID,psidBuiltinDomainSid)) ! 1370: { printf("\n%sSID is the Builtin Domain SID",ucIndentBuf); ! 1371: } ! 1372: } ! 1373: ! 1374: switch (peAcctNameUse) ! 1375: { case SidTypeUser : ! 1376: printf("\n%sSID type is SidTypeUser" ,ucIndentBuf); ! 1377: break; ! 1378: case SidTypeGroup : ! 1379: printf("\n%sSID type is SidTypeGroup" ,ucIndentBuf); ! 1380: break; ! 1381: case SidTypeDomain : ! 1382: printf("\n%sSID type is SidTypeDomain" ,ucIndentBuf); ! 1383: break; ! 1384: case SidTypeAlias : ! 1385: printf("\n%sSID type is SidTypeAlias" ,ucIndentBuf); ! 1386: break; ! 1387: case SidTypeWellKnownGroup : ! 1388: printf("\n%sSID type is SidTypeWellKnownGroup",ucIndentBuf); ! 1389: break; ! 1390: case SidTypeDeletedAccount : ! 1391: printf("\n%sSID type is SidTypeDeletedAccount",ucIndentBuf); ! 1392: break; ! 1393: case SidTypeInvalid : ! 1394: printf("\n%sSID type is SidTypeInvalid" ,ucIndentBuf); ! 1395: break; ! 1396: case SidTypeUnknown : ! 1397: printf("\n%sSID type is SidTypeUnknown" ,ucIndentBuf); ! 1398: break; ! 1399: default : ! 1400: printf("\n%sSID type is IMPOSSIBLE!!!! Run debugger, see value!",ucIndentBuf); ! 1401: break; ! 1402: } ! 1403: } ! 1404: ! 1405: /****************************************************************************\ ! 1406: * ! 1407: * FUNCTION: SIDStringName ! 1408: * ! 1409: \****************************************************************************/ ! 1410: ! 1411: BOOL SIDStringName(PSID psidSID, LPTSTR lpszSIDStringName) ! 1412: { ! 1413: /**************************************************************************\ ! 1414: * ! 1415: * Unfortunately there is no api to return the SID Revision, and the number ! 1416: * of bytes in the Identifier Authority must be expressed as a define ! 1417: * (since the == operator won't operate on structures so mempcy has to be ! 1418: * used for the identifier authority compares) ! 1419: * ! 1420: \**************************************************************************/ ! 1421: ! 1422: DWORD dwNumSubAuthorities; ! 1423: DWORD dwLen; ! 1424: DWORD dwSubAuthorityI; ! 1425: #define BytesInIdentifierAuthority 6 ! 1426: SID_IDENTIFIER_AUTHORITY siaSidAuthority; ! 1427: SID_IDENTIFIER_AUTHORITY siaNullSidAuthority = SECURITY_NULL_SID_AUTHORITY; ! 1428: SID_IDENTIFIER_AUTHORITY siaWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; ! 1429: SID_IDENTIFIER_AUTHORITY siaLocalSidAuthority = SECURITY_LOCAL_SID_AUTHORITY; ! 1430: SID_IDENTIFIER_AUTHORITY siaCreatorSidAuthority = SECURITY_CREATOR_SID_AUTHORITY; ! 1431: SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY; ! 1432: ! 1433: dwLen = sprintf(lpszSIDStringName,"S-%d-",SID_REVISION); ! 1434: ! 1435: if (SID_REVISION != ((PISID)psidSID)->Revision) ! 1436: { dwLen += sprintf(lpszSIDStringName+dwLen,"bad_revision==%d",((PISID)psidSID)->Revision); ! 1437: } ! 1438: ! 1439: siaSidAuthority = *(GetSidIdentifierAuthority(psidSID)); ! 1440: ! 1441: if (0==memcmp(&siaSidAuthority,&siaNullSidAuthority ,BytesInIdentifierAuthority)) ! 1442: { dwLen += sprintf(lpszSIDStringName+dwLen,"0"); ! 1443: } ! 1444: else if (0==memcmp(&siaSidAuthority,&siaWorldSidAuthority ,BytesInIdentifierAuthority)) ! 1445: { dwLen += sprintf(lpszSIDStringName+dwLen,"1"); ! 1446: } ! 1447: else if (0==memcmp(&siaSidAuthority,&siaLocalSidAuthority ,BytesInIdentifierAuthority)) ! 1448: { dwLen += sprintf(lpszSIDStringName+dwLen,"2"); ! 1449: } ! 1450: else if (0==memcmp(&siaSidAuthority,&siaCreatorSidAuthority,BytesInIdentifierAuthority)) ! 1451: { dwLen += sprintf(lpszSIDStringName+dwLen,"3"); ! 1452: } ! 1453: else if (0==memcmp(&siaSidAuthority,&siaNtAuthority ,BytesInIdentifierAuthority)) ! 1454: { dwLen += sprintf(lpszSIDStringName+dwLen,"5"); ! 1455: } ! 1456: else ! 1457: { dwLen += sprintf(lpszSIDStringName+dwLen,"UnknownAuthority!"); ! 1458: } ! 1459: ! 1460: dwNumSubAuthorities = (DWORD)( *(GetSidSubAuthorityCount(psidSID)) ); ! 1461: ! 1462: for (dwSubAuthorityI=0; dwSubAuthorityI<dwNumSubAuthorities; dwSubAuthorityI++) ! 1463: { dwLen += sprintf(lpszSIDStringName+dwLen,"-%d",*(GetSidSubAuthority(psidSID,dwSubAuthorityI))); ! 1464: } ! 1465: ! 1466: return(TRUE); ! 1467: } ! 1468: ! 1469: /****************************************************************************\ ! 1470: * ! 1471: * FUNCTION: ExamineAccessToken ! 1472: * ! 1473: \****************************************************************************/ ! 1474: ! 1475: VOID ExamineAccessToken(HANDLE hAccessToken) ! 1476: { TOKEN_INFORMATION_CLASS ticInfoClass; ! 1477: #define SZ_TOK_INFO_BUF 2000 ! 1478: UCHAR ucTokInfoBuf [SZ_TOK_INFO_BUF] = ""; ! 1479: DWORD dwTokInfoBufSz; ! 1480: PTOKEN_USER ptuTokenUser = (PTOKEN_USER )&ucTokInfoBuf; ! 1481: PTOKEN_GROUPS ptgTokenGroups = (PTOKEN_GROUPS )&ucTokInfoBuf; ! 1482: PTOKEN_PRIVILEGES ptpTokenPrivileges = (PTOKEN_PRIVILEGES )&ucTokInfoBuf; ! 1483: PTOKEN_OWNER ptoTokenOwner = (PTOKEN_OWNER )&ucTokInfoBuf; ! 1484: PTOKEN_PRIMARY_GROUP ptgTokenPrimaryGroup = (PTOKEN_PRIMARY_GROUP)&ucTokInfoBuf; ! 1485: PTOKEN_DEFAULT_DACL ptdTokenDefaultDacl = (PTOKEN_DEFAULT_DACL )&ucTokInfoBuf; ! 1486: PTOKEN_SOURCE ptsTokenSource = (PTOKEN_SOURCE )&ucTokInfoBuf; ! 1487: PTOKEN_TYPE pttTokenType = (PTOKEN_TYPE )&ucTokInfoBuf; ! 1488: PSECURITY_IMPERSONATION_LEVEL psilSecurityImpersonationLevel = (PSECURITY_IMPERSONATION_LEVEL)&ucTokInfoBuf; ! 1489: PTOKEN_STATISTICS ptsTokenStatistics = (PTOKEN_STATISTICS )&ucTokInfoBuf; ! 1490: DWORD dwGroupI; ! 1491: DWORD dwPrivilegeI; ! 1492: #define SZ_PRIV_INFO_BUF 250 ! 1493: UCHAR ucPrivInfoBuf[SZ_PRIV_INFO_BUF] = ""; ! 1494: DWORD dwPrivInfoBufSz; ! 1495: DWORD dwExtraBits; ! 1496: UCHAR ucIndentBitsBuf[SZ_INDENT_BUF] = ""; ! 1497: ! 1498: strcpy(ucIndentBitsBuf,""); ! 1499: strcat(ucIndentBitsBuf," "); ! 1500: ! 1501: ! 1502: if (!I_DO_NOT_WANT_THIS_CODE_TO_CLUTTER_THIS_PROGRAM_S_OUTPUT) ! 1503: { ! 1504: ticInfoClass = TokenUser; ! 1505: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1506: ! 1507: if (!GetTokenInformation(hAccessToken, ! 1508: ticInfoClass, ! 1509: ucTokInfoBuf, ! 1510: (DWORD)SZ_TOK_INFO_BUF, ! 1511: &dwTokInfoBufSz)) ! 1512: { PERR("GetTokenInformation"); ! 1513: return; ! 1514: } ! 1515: ! 1516: printf("\nToken's User SID"); ! 1517: printf("\n (this is a SID that is used to compare to SIDs in DACL(s) and SACL(s)"); ! 1518: ! 1519: if(!LookupSIDName( (*ptuTokenUser).User.Sid,"")) ! 1520: { PERR("LookupSIDName failed"); ! 1521: } ! 1522: ! 1523: printf("\nToken's User SID Attributes == 0x%.8x",(*ptuTokenUser).User.Attributes); ! 1524: printf("\n These should always be 0 - see \\mstools\\h\\winnt.h right after"); ! 1525: printf("\n the defines such as SE_GROUP_LOGON_ID - there are no user"); ! 1526: printf("\n attributes yet defined"); ! 1527: ! 1528: ! 1529: ! 1530: ticInfoClass = TokenGroups; ! 1531: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1532: ! 1533: if (!GetTokenInformation(hAccessToken, ! 1534: ticInfoClass, ! 1535: ucTokInfoBuf, ! 1536: (DWORD)SZ_TOK_INFO_BUF, ! 1537: &dwTokInfoBufSz)) ! 1538: { PERR("GetTokenInformation"); ! 1539: return; ! 1540: } ! 1541: ! 1542: printf("\nToken groups (%d)",(*ptgTokenGroups).GroupCount); ! 1543: printf("\n (these SID(s) also are used to compare to SIDs in DACL(s) and SACL(s)"); ! 1544: ! 1545: for (dwGroupI=0; dwGroupI<(*ptgTokenGroups).GroupCount; dwGroupI++) ! 1546: { ! 1547: DWORD dwAttributeBits = (*ptgTokenGroups).Groups[dwGroupI].Attributes; ! 1548: printf("\n Token group (%d)",dwGroupI); ! 1549: ! 1550: if(!LookupSIDName( (*ptgTokenGroups).Groups[dwGroupI].Sid," ")) ! 1551: { PERR("LookupSIDName failed"); ! 1552: } ! 1553: printf("\n Token's group (%d) attributes == 0x%.8x",dwGroupI,dwAttributeBits); ! 1554: ! 1555: if (dwAttributeBits) ! 1556: { ! 1557: if ((dwAttributeBits & SE_GROUP_MANDATORY ) == SE_GROUP_MANDATORY ) ! 1558: { printf("\n%s0x00000001 SE_GROUP_MANDATORY ",ucIndentBitsBuf); ! 1559: } ! 1560: if ((dwAttributeBits & SE_GROUP_ENABLED_BY_DEFAULT) == SE_GROUP_ENABLED_BY_DEFAULT) ! 1561: { printf("\n%s0x00000002 SE_GROUP_ENABLED_BY_DEFAULT",ucIndentBitsBuf); ! 1562: } ! 1563: if ((dwAttributeBits & SE_GROUP_ENABLED ) == SE_GROUP_ENABLED ) ! 1564: { printf("\n%s0x00000004 SE_GROUP_ENABLED ",ucIndentBitsBuf); ! 1565: } ! 1566: if ((dwAttributeBits & SE_GROUP_OWNER ) == SE_GROUP_OWNER ) ! 1567: { printf("\n%s0x00000008 SE_GROUP_OWNER ",ucIndentBitsBuf); ! 1568: } ! 1569: if ((dwAttributeBits & SE_GROUP_LOGON_ID ) == SE_GROUP_LOGON_ID ) ! 1570: { printf("\n%s0xC0000000 SE_GROUP_LOGON_ID ",ucIndentBitsBuf); ! 1571: } ! 1572: ! 1573: dwExtraBits = dwAttributeBits & ( ~( SE_GROUP_MANDATORY ! 1574: | SE_GROUP_ENABLED_BY_DEFAULT ! 1575: | SE_GROUP_ENABLED ! 1576: | SE_GROUP_OWNER ! 1577: | SE_GROUP_LOGON_ID) ); ! 1578: if (0 != dwExtraBits) ! 1579: { printf("\n Extra attribute bits == 0x%.8x <-This is a problem, should be all 0s",dwExtraBits); ! 1580: } ! 1581: } ! 1582: } ! 1583: ! 1584: ! 1585: ! 1586: ticInfoClass = TokenPrivileges; ! 1587: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1588: ! 1589: if (!GetTokenInformation(hAccessToken, ! 1590: ticInfoClass, ! 1591: ucTokInfoBuf, ! 1592: (DWORD)SZ_TOK_INFO_BUF, ! 1593: &dwTokInfoBufSz)) ! 1594: { PERR("GetTokenInformation"); ! 1595: return; ! 1596: } ! 1597: ! 1598: printf("\nToken privileges (%d)",(*ptpTokenPrivileges).PrivilegeCount); ! 1599: printf("\n NOTE: Most token privileges are not enabled by default."); ! 1600: printf("\n For example the privilege to reboot or logoff is not."); ! 1601: printf("\n 0x00000000 for attributes implies the privilege is not enabled."); ! 1602: printf("\n Use care when enabling privileges. Enable only those needed,"); ! 1603: printf("\n and leave them enabled only for as long as they are needed."); ! 1604: ! 1605: for (dwPrivilegeI=0; dwPrivilegeI<(*ptpTokenPrivileges).PrivilegeCount; dwPrivilegeI++) ! 1606: { ! 1607: LUID luidTokenLuid = (*ptpTokenPrivileges).Privileges[dwPrivilegeI].Luid; ! 1608: DWORD dwAttributeBits = (*ptpTokenPrivileges).Privileges[dwPrivilegeI].Attributes; ! 1609: ! 1610: dwPrivInfoBufSz = SZ_PRIV_INFO_BUF; ! 1611: ! 1612: if (!LookupPrivilegeName(NULL, ! 1613: (PLUID)&luidTokenLuid, ! 1614: (LPTSTR)ucPrivInfoBuf, ! 1615: (LPDWORD)&dwPrivInfoBufSz)) ! 1616: { PERR("LookUpPrivilegeName"); ! 1617: return; ! 1618: } ! 1619: ! 1620: printf("\n Token's privilege (%.2d) name == %s",dwPrivilegeI,ucPrivInfoBuf); ! 1621: ! 1622: printf("\n Token's privilege (%.2d) attributes == 0x%.8x",dwPrivilegeI,dwAttributeBits); ! 1623: ! 1624: if (dwAttributeBits) ! 1625: { ! 1626: if ((dwAttributeBits & SE_PRIVILEGE_ENABLED_BY_DEFAULT) == SE_PRIVILEGE_ENABLED_BY_DEFAULT) ! 1627: { printf("\n%s 0x00000001 SE_PRIVILEGE_ENABLED_BY_DEFAULT",ucIndentBitsBuf); ! 1628: } ! 1629: if ((dwAttributeBits & SE_PRIVILEGE_ENABLED ) == SE_PRIVILEGE_ENABLED ) ! 1630: { printf("\n%s 0x00000002 SE_PRIVILEGE_ENABLED ",ucIndentBitsBuf); ! 1631: } ! 1632: if ((dwAttributeBits & SE_PRIVILEGE_USED_FOR_ACCESS ) == SE_PRIVILEGE_USED_FOR_ACCESS ) ! 1633: { printf("\n%s 0x80000000 SE_PRIVILEGE_USED_FOR_ACCESS ",ucIndentBitsBuf); ! 1634: } ! 1635: ! 1636: dwExtraBits = dwAttributeBits & ( ~( SE_PRIVILEGE_ENABLED_BY_DEFAULT ! 1637: | SE_PRIVILEGE_ENABLED ! 1638: | SE_PRIVILEGE_USED_FOR_ACCESS ) ); ! 1639: if (0 != dwExtraBits) ! 1640: { printf("\n Extra attribute bits == 0x%.8x <-This is a problem, should be all 0s",dwExtraBits); ! 1641: } ! 1642: } ! 1643: } ! 1644: ! 1645: ! 1646: ! 1647: ticInfoClass = TokenOwner; ! 1648: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1649: ! 1650: if (!GetTokenInformation(hAccessToken, ! 1651: ticInfoClass, ! 1652: ucTokInfoBuf, ! 1653: (DWORD)SZ_TOK_INFO_BUF, ! 1654: &dwTokInfoBufSz)) ! 1655: { PERR("GetTokenInformation"); ! 1656: return; ! 1657: } ! 1658: ! 1659: printf("\nToken's default-owner-SID for created objects"); ! 1660: printf("\n (this is NOT a SID that is used to compare to SIDs in DACL(s) and SACL(s)"); ! 1661: ! 1662: if(!LookupSIDName((*ptoTokenOwner).Owner,"")) ! 1663: { PERR("LookupSIDName failed"); ! 1664: } ! 1665: ! 1666: ! 1667: ! 1668: ticInfoClass = TokenPrimaryGroup; ! 1669: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1670: ! 1671: if (!GetTokenInformation(hAccessToken, ! 1672: ticInfoClass, ! 1673: ucTokInfoBuf, ! 1674: (DWORD)SZ_TOK_INFO_BUF, ! 1675: &dwTokInfoBufSz)) ! 1676: { PERR("GetTokenInformation"); ! 1677: return; ! 1678: } ! 1679: ! 1680: printf("\nToken's Primary Group SID"); ! 1681: printf("\n (Current uses are Posix and Macintosh client support)"); ! 1682: ! 1683: if(!LookupSIDName((*ptgTokenPrimaryGroup).PrimaryGroup,"")) ! 1684: { PERR("LookupSIDName failed"); ! 1685: } ! 1686: ! 1687: ! 1688: ! 1689: ticInfoClass = TokenDefaultDacl; ! 1690: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1691: ! 1692: if (!GetTokenInformation(hAccessToken, ! 1693: ticInfoClass, ! 1694: ucTokInfoBuf, ! 1695: (DWORD)SZ_TOK_INFO_BUF, ! 1696: &dwTokInfoBufSz)) ! 1697: { PERR("GetTokenInformation"); ! 1698: return; ! 1699: } ! 1700: ! 1701: if (NULL == (*ptdTokenDefaultDacl).DefaultDacl) ! 1702: { printf("\nToken has a NULL Default DACL explicitly specified (allows all access to"); ! 1703: printf("\n Everyone, only on objects that are created where the object's Dacl is"); ! 1704: printf("\n assigned by default from this default Dacl in this access token)"); ! 1705: } ! 1706: else ! 1707: { printf("\nToken's default-DACL for created objects"); ! 1708: if(!ExamineACL((*ptdTokenDefaultDacl).DefaultDacl,"",DefaultDaclInAccessTokenAccessMask)) ! 1709: { PERR("ExamineACL failed"); ! 1710: } ! 1711: } ! 1712: ! 1713: ! 1714: ! 1715: ticInfoClass = TokenSource; ! 1716: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1717: ! 1718: if (!GetTokenInformation(hAccessToken, ! 1719: ticInfoClass, ! 1720: ucTokInfoBuf, ! 1721: (DWORD)SZ_TOK_INFO_BUF, ! 1722: &dwTokInfoBufSz)) ! 1723: { PERR("GetTokenInformation"); ! 1724: return; ! 1725: } ! 1726: ! 1727: printf("\nToken's Source"); ! 1728: printf("\n Source Name == %.8s",(*ptsTokenSource).SourceName); ! 1729: printf("\n Source Identifier == 0x%.8x%.8x", ! 1730: (*ptsTokenSource).SourceIdentifier.HighPart, ! 1731: (*ptsTokenSource).SourceIdentifier.LowPart); ! 1732: ! 1733: ! 1734: ! 1735: ticInfoClass = TokenType; ! 1736: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1737: ! 1738: if (!GetTokenInformation(hAccessToken, ! 1739: ticInfoClass, ! 1740: ucTokInfoBuf, ! 1741: (DWORD)SZ_TOK_INFO_BUF, ! 1742: &dwTokInfoBufSz)) ! 1743: { PERR("GetTokenInformation"); ! 1744: return; ! 1745: } ! 1746: ! 1747: switch (*pttTokenType) ! 1748: { case TokenPrimary : ! 1749: printf("\nToken's Type is TokenPrimary"); ! 1750: break; ! 1751: case TokenImpersonation : ! 1752: printf("\nToken's Type is TokenImpersonation"); ! 1753: printf("\n Hence the token's TokenImpersonationLevel can be examined"); ! 1754: ! 1755: ticInfoClass = TokenImpersonationLevel; ! 1756: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1757: ! 1758: if (!GetTokenInformation(hAccessToken, ! 1759: ticInfoClass, ! 1760: ucTokInfoBuf, ! 1761: (DWORD)SZ_TOK_INFO_BUF, ! 1762: &dwTokInfoBufSz)) ! 1763: { PERR("GetTokenInformation"); ! 1764: return; ! 1765: } ! 1766: ! 1767: switch (*psilSecurityImpersonationLevel) ! 1768: { case SecurityAnonymous : ! 1769: printf("\n Token is a SecurityAnonymous impersonation token"); ! 1770: break; ! 1771: case SecurityIdentification : ! 1772: printf("\n Token is a SecurityIdentification impersonation token"); ! 1773: break; ! 1774: case SecurityImpersonation : ! 1775: printf("\n Token is a SecurityImpersonation impersonation token"); ! 1776: break; ! 1777: case SecurityDelegation : ! 1778: printf("\n Token is a SecurityDelegation impersonation token"); ! 1779: break; ! 1780: default : ! 1781: printf("\n Token is an ILLEGAL KIND OF impersonation token!!! == 0x%.8x",*psilSecurityImpersonationLevel); ! 1782: break; ! 1783: } ! 1784: ! 1785: default : ! 1786: printf("\nToken's Type is ILLEGAL!!! == 0x%.8x",*pttTokenType); ! 1787: break; ! 1788: } ! 1789: ! 1790: ! 1791: ! 1792: ticInfoClass = TokenStatistics; ! 1793: dwTokInfoBufSz = SZ_TOK_INFO_BUF; ! 1794: ! 1795: if (!GetTokenInformation(hAccessToken, ! 1796: ticInfoClass, ! 1797: ucTokInfoBuf, ! 1798: (DWORD)SZ_TOK_INFO_BUF, ! 1799: &dwTokInfoBufSz)) ! 1800: { PERR("GetTokenInformation"); ! 1801: return; ! 1802: } ! 1803: ! 1804: printf("\nToken's Statistics"); ! 1805: printf("\n TokenId == 0x%.8x%.8x", ! 1806: (*ptsTokenStatistics).TokenId.HighPart, ! 1807: (*ptsTokenStatistics).TokenId.LowPart); ! 1808: printf("\n AuthenticationId == 0x%.8x%.8x", ! 1809: (*ptsTokenStatistics).AuthenticationId.HighPart, ! 1810: (*ptsTokenStatistics).AuthenticationId.LowPart); ! 1811: printf("\n ExpirationTime == (not supported in this release of Windows NT)"); ! 1812: printf("\n TokenType == See token type above"); ! 1813: printf("\n ImpersonationLevel == See impersonation level above (only if TokenType is not TokenPrimary)"); ! 1814: printf("\n DynamicCharged == %ld",(*ptsTokenStatistics).DynamicCharged ); ! 1815: printf("\n DynamicAvailable == %ld",(*ptsTokenStatistics).DynamicAvailable ); ! 1816: printf("\n GroupCount == %d",(*ptsTokenStatistics).GroupCount ); ! 1817: printf("\n PrivilegeCount == %d",(*ptsTokenStatistics).PrivilegeCount ); ! 1818: printf("\n ModifiedId == 0x%.8x%.8x", ! 1819: (*ptsTokenStatistics).ModifiedId.HighPart, ! 1820: (*ptsTokenStatistics).ModifiedId.LowPart); ! 1821: ! 1822: ! 1823: ! 1824: printf("\n\n"); ! 1825: ! 1826: } ! 1827: } ! 1828: ! 1829: /****************************************************************************\ ! 1830: * ! 1831: * FUNCTION: SetPrivilegeInAccessToken ! 1832: * ! 1833: \****************************************************************************/ ! 1834: ! 1835: BOOL SetPrivilegeInAccessToken(VOID) ! 1836: { ! 1837: HANDLE hProcess; ! 1838: HANDLE hAccessToken; ! 1839: LUID luidPrivilegeLUID; ! 1840: TOKEN_PRIVILEGES tpTokenPrivilege; ! 1841: ! 1842: hProcess = GetCurrentProcess(); ! 1843: if (!hProcess) ! 1844: { PERR("GetCurrentProcess"); ! 1845: return(FALSE); ! 1846: } ! 1847: ! 1848: if (!OpenProcessToken(hProcess, ! 1849: TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ! 1850: &hAccessToken)) ! 1851: { PERR("OpenProcessToken"); ! 1852: return(FALSE); ! 1853: } ! 1854: ! 1855: /**************************************************************************\ ! 1856: * ! 1857: * Get LUID of SeSecurityPrivilege privilege ! 1858: * ! 1859: \**************************************************************************/ ! 1860: ! 1861: if (!LookupPrivilegeValue(NULL, ! 1862: "SeSecurityPrivilege", ! 1863: &luidPrivilegeLUID)) ! 1864: { PERR("LookupPrivilegeValue"); ! 1865: printf("\nThe above error means you need to log on as an Administrator"); ! 1866: return(FALSE); ! 1867: } ! 1868: ! 1869: /**************************************************************************\ ! 1870: * ! 1871: * Enable the SeSecurityPrivilege privilege using the LUID just ! 1872: * obtained ! 1873: * ! 1874: \**************************************************************************/ ! 1875: ! 1876: tpTokenPrivilege.PrivilegeCount = 1; ! 1877: tpTokenPrivilege.Privileges[0].Luid = luidPrivilegeLUID; ! 1878: tpTokenPrivilege.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; ! 1879: ! 1880: AdjustTokenPrivileges (hAccessToken, ! 1881: FALSE, // Do not disable all ! 1882: &tpTokenPrivilege, ! 1883: sizeof(TOKEN_PRIVILEGES), ! 1884: NULL, // Ignore previous info ! 1885: NULL); // Ignore previous info ! 1886: ! 1887: if ( GetLastError() != NO_ERROR ) ! 1888: { PERR("AdjustTokenPrivileges"); ! 1889: return(FALSE); ! 1890: } ! 1891: ! 1892: return(TRUE); ! 1893: } ! 1894: ! 1895: /****************************************************************************\ ! 1896: * ! 1897: * FUNCTION: InitializeWellKnownSIDs ! 1898: * ! 1899: \****************************************************************************/ ! 1900: ! 1901: VOID InitializeWellKnownSIDs(VOID) ! 1902: { ! 1903: DWORD dwSidWith0SubAuthorities; ! 1904: DWORD dwSidWith1SubAuthority; ! 1905: DWORD dwSidWith2SubAuthorities; ! 1906: DWORD dwSidWith3SubAuthorities; ! 1907: DWORD dwSidWith4SubAuthorities; ! 1908: ! 1909: SID_IDENTIFIER_AUTHORITY siaNullSidAuthority = SECURITY_NULL_SID_AUTHORITY; ! 1910: SID_IDENTIFIER_AUTHORITY siaWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; ! 1911: SID_IDENTIFIER_AUTHORITY siaLocalSidAuthority = SECURITY_LOCAL_SID_AUTHORITY; ! 1912: SID_IDENTIFIER_AUTHORITY siaCreatorSidAuthority = SECURITY_CREATOR_SID_AUTHORITY; ! 1913: SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY; ! 1914: ! 1915: // These SID sizes need to be allocated ! 1916: ! 1917: dwSidWith0SubAuthorities = GetSidLengthRequired( 0 ); ! 1918: dwSidWith1SubAuthority = GetSidLengthRequired( 1 ); ! 1919: dwSidWith2SubAuthorities = GetSidLengthRequired( 2 ); ! 1920: dwSidWith3SubAuthorities = GetSidLengthRequired( 3 ); ! 1921: dwSidWith4SubAuthorities = GetSidLengthRequired( 4 ); ! 1922: ! 1923: // Allocate and initialize the universal SIDs ! 1924: ! 1925: psidNullSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1926: psidWorldSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1927: psidLocalSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1928: psidCreatorOwnerSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1929: psidCreatorGroupSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1930: ! 1931: InitializeSid( psidNullSid, &siaNullSidAuthority, 1 ); ! 1932: InitializeSid( psidWorldSid, &siaWorldSidAuthority, 1 ); ! 1933: InitializeSid( psidLocalSid, &siaLocalSidAuthority, 1 ); ! 1934: InitializeSid( psidCreatorOwnerSid, &siaCreatorSidAuthority, 1 ); ! 1935: InitializeSid( psidCreatorGroupSid, &siaCreatorSidAuthority, 1 ); ! 1936: ! 1937: *(GetSidSubAuthority( psidNullSid, 0 )) = SECURITY_NULL_RID; ! 1938: *(GetSidSubAuthority( psidWorldSid, 0 )) = SECURITY_WORLD_RID; ! 1939: *(GetSidSubAuthority( psidLocalSid, 0 )) = SECURITY_LOCAL_RID; ! 1940: *(GetSidSubAuthority( psidCreatorOwnerSid, 0 )) = SECURITY_CREATOR_OWNER_RID; ! 1941: *(GetSidSubAuthority( psidCreatorGroupSid, 0 )) = SECURITY_CREATOR_GROUP_RID; ! 1942: ! 1943: // Allocate and initialize the NT defined SIDs ! 1944: ! 1945: psidNtAuthoritySid = (PSID)LocalAlloc(LPTR,dwSidWith0SubAuthorities); ! 1946: psidDialupSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1947: psidNetworkSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1948: psidBatchSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1949: psidInteractiveSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1950: psidLogonIdsSid = (PSID)LocalAlloc(LPTR,dwSidWith3SubAuthorities); ! 1951: psidServiceSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1952: psidLocalSystemSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1953: psidBuiltinDomainSid = (PSID)LocalAlloc(LPTR,dwSidWith1SubAuthority); ! 1954: ! 1955: InitializeSid( psidNtAuthoritySid, &siaNtAuthority, 0 ); ! 1956: InitializeSid( psidDialupSid, &siaNtAuthority, 1 ); ! 1957: InitializeSid( psidNetworkSid, &siaNtAuthority, 1 ); ! 1958: InitializeSid( psidBatchSid, &siaNtAuthority, 1 ); ! 1959: InitializeSid( psidInteractiveSid, &siaNtAuthority, 1 ); ! 1960: InitializeSid( psidLogonIdsSid, &siaNtAuthority, 3 ); ! 1961: InitializeSid( psidServiceSid, &siaNtAuthority, 1 ); ! 1962: InitializeSid( psidLocalSystemSid, &siaNtAuthority, 1 ); ! 1963: InitializeSid( psidBuiltinDomainSid, &siaNtAuthority, 1 ); ! 1964: ! 1965: *(GetSidSubAuthority( psidDialupSid, 0 )) = SECURITY_DIALUP_RID; ! 1966: *(GetSidSubAuthority( psidNetworkSid, 0 )) = SECURITY_NETWORK_RID; ! 1967: *(GetSidSubAuthority( psidBatchSid, 0 )) = SECURITY_BATCH_RID; ! 1968: *(GetSidSubAuthority( psidInteractiveSid, 0 )) = SECURITY_INTERACTIVE_RID; ! 1969: *(GetSidSubAuthority( psidLogonIdsSid, 0 )) = SECURITY_LOGON_IDS_RID; ! 1970: *(GetSidSubAuthority( psidLogonIdsSid, 1 )) = 0; // Bogus! ! 1971: *(GetSidSubAuthority( psidLogonIdsSid, 2 )) = 0; // Also bogus! ! 1972: *(GetSidSubAuthority( psidServiceSid, 0 )) = SECURITY_SERVICE_RID; ! 1973: *(GetSidSubAuthority( psidLocalSystemSid, 0 )) = SECURITY_LOCAL_SYSTEM_RID; ! 1974: *(GetSidSubAuthority( psidBuiltinDomainSid, 0 )) = SECURITY_BUILTIN_DOMAIN_RID; ! 1975: } ! 1976: ! 1977: /****************************************************************************\ ! 1978: * ! 1979: * FUNCTION: DisplayHelp ! 1980: * ! 1981: \****************************************************************************/ ! 1982: ! 1983: VOID DisplayHelp(VOID) ! 1984: { ! 1985: printf("\nTo run type CHECK_SD and 0 or 1 parameters. Syntax:"); ! 1986: printf("\n CHECK_SD"); ! 1987: printf("\n or"); ! 1988: printf("\n CHECK_SD filename"); ! 1989: printf("\n filename is the name of the file that is passed"); ! 1990: printf("\n to GetFileSecurity() to fetch the SD to examine"); ! 1991: printf("\nExamples:"); ! 1992: printf("\n CHECK_SD Checks the SD on A: (this is the default)"); ! 1993: printf("\n CHECK_SD \\\\.\\A: Checks the SD on A:"); ! 1994: printf("\n CHECK_SD d:\\a.fil Checks the SD on d:\a.fil"); ! 1995: printf("\n CHECK_SD A: Checks the SD on the A: root, but that"); ! 1996: printf("\n is not where the DACL is that controls"); ! 1997: printf("\n access to the floppy, so don't do this"); ! 1998: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.