392 lines
13 KiB
C++
392 lines
13 KiB
C++
//+------------------------------------------------------------------
|
|
//
|
|
// Copyright (C) 1993, Microsoft Corporation.
|
|
//
|
|
// File:
|
|
//
|
|
// Contents:
|
|
//
|
|
// Classes:
|
|
//
|
|
// History: Dec 06, 1995 SuChang Created.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
extern "C"
|
|
{
|
|
#include <windows.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
}
|
|
|
|
#include <accctrl.h>
|
|
#include <aclapi.h>
|
|
|
|
#define Add2Ptr(pv, cb) ((BYTE *) pv + cb)
|
|
|
|
void printface(ACE_HEADER *paceh);
|
|
void printfmask(ULONG mask, UCHAR acetype);
|
|
void displaysid(SID *psid);
|
|
void DmpBin(BYTE *buf, ULONG length);
|
|
//----------------------------------------------------------------------------
|
|
int strtowcs(WCHAR *wpto, CHAR *pfrom)
|
|
{
|
|
WCHAR *wp;
|
|
CHAR *p;
|
|
for (wp = wpto, p = pfrom; *wp = (WCHAR)(*p); wp++,p++);
|
|
return(p-pfrom);
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
__cdecl main(INT argc, char *argv[])
|
|
{
|
|
PSID Owner = NULL, Group = NULL;
|
|
PACL Dacl = NULL, Sacl = NULL;
|
|
PSECURITY_DESCRIPTOR psd;
|
|
HANDLE Handle = NULL;
|
|
int cacethissid = 0;
|
|
ACE_HEADER *pah;
|
|
DWORD ret;
|
|
|
|
//
|
|
// Create some kernel objects and then set/get security information
|
|
// from them.
|
|
//
|
|
|
|
Handle = CreateEvent( NULL, FALSE, FALSE, L"SuChangEvent");
|
|
if (Handle == NULL)
|
|
{
|
|
printf("Unable to create an event. (%d) \n", GetLastError() );
|
|
}
|
|
|
|
if (ERROR_SUCCESS != (ret = GetNamedSecurityInfo(L"SuChangEvent",
|
|
SE_KERNEL_OBJECT,
|
|
OWNER_SECURITY_INFORMATION |
|
|
GROUP_SECURITY_INFORMATION |
|
|
DACL_SECURITY_INFORMATION |
|
|
SACL_SECURITY_INFORMATION,
|
|
&Owner,
|
|
&Group,
|
|
&Dacl,
|
|
&Sacl,
|
|
&psd)))
|
|
{
|
|
printf("failed to get a security descriptor (%d)", ret);
|
|
exit(1);
|
|
}
|
|
|
|
if (Owner)
|
|
{
|
|
printf("========================================================================\nOWNER =");
|
|
displaysid((PISID)Owner);
|
|
}
|
|
else
|
|
{
|
|
printf("No OWNER for object.\n");
|
|
}
|
|
|
|
if (Group)
|
|
{
|
|
printf("\n========================================================================\nGROUP =");
|
|
displaysid((PISID)Group);
|
|
}
|
|
else
|
|
{
|
|
printf("No GROUP for object.\n");
|
|
}
|
|
|
|
// Display Dacl
|
|
if (Dacl)
|
|
{
|
|
printf("\n========================================================================\n");
|
|
printf("Dacl Revision = %d, DaclSize = %x, Dacl AceCount = %d\n",
|
|
Dacl->AclRevision, Dacl->AclSize, Dacl->AceCount);
|
|
|
|
for ( pah = (ACE_HEADER *)Add2Ptr(Dacl, sizeof(ACL));
|
|
cacethissid < Dacl->AceCount;
|
|
cacethissid++, pah = (ACE_HEADER *)Add2Ptr(pah, pah->AceSize))
|
|
{
|
|
printface(pah);
|
|
printf("------------------------------------------------------------------------\n");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
printf("No DACL for object. \n");
|
|
}
|
|
|
|
// Display Sacl
|
|
if (Sacl)
|
|
{
|
|
printf("\n========================================================================\n");
|
|
printf("Sacl Revision = %d, SaclSize = %x, Sacl AceCount = %d\n",
|
|
Sacl->AclRevision, Sacl->AclSize, Sacl->AceCount);
|
|
|
|
cacethissid = 0;
|
|
for ( pah = (ACE_HEADER *)Add2Ptr(Sacl, sizeof(ACL));
|
|
cacethissid < Sacl->AceCount;
|
|
cacethissid++, pah = (ACE_HEADER *)Add2Ptr(pah, pah->AceSize))
|
|
{
|
|
printface(pah);
|
|
printf("------------------------------------------------------------------------\n");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
printf("No SACL for object. \n");
|
|
}
|
|
|
|
AccFree(psd);
|
|
return(0);
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Function: displaysid
|
|
//
|
|
// Synopsis: prints a NT SID
|
|
//
|
|
// Arguments: IN [psid] - pointer to the sid to print
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
#define SECURITY_KERBEROS_RID (0x00000030L)
|
|
void displaysid(SID *psid)
|
|
{
|
|
printf("S-%lx",psid->Revision);
|
|
|
|
|
|
if ( (psid->IdentifierAuthority.Value[0] != 0) ||
|
|
(psid->IdentifierAuthority.Value[1] != 0) )
|
|
{
|
|
printf("- 0x%02hx%02hx%02hx%02hx%02hx%02hx",
|
|
(USHORT)psid->IdentifierAuthority.Value[0],
|
|
(USHORT)psid->IdentifierAuthority.Value[1],
|
|
(USHORT)psid->IdentifierAuthority.Value[2],
|
|
(USHORT)psid->IdentifierAuthority.Value[3],
|
|
(USHORT)psid->IdentifierAuthority.Value[4],
|
|
(USHORT)psid->IdentifierAuthority.Value[5] );
|
|
} else if ( ( 0 < psid->SubAuthorityCount ) &&
|
|
( psid->SubAuthority[0] == SECURITY_KERBEROS_RID ) )
|
|
{
|
|
GUID *pguid = (GUID *)&(psid->SubAuthority[1]);
|
|
|
|
printf("-[%08x %04x %04x %02x %02x %02x %02x %02x %02x %02x %02x]",
|
|
pguid->Data1,
|
|
pguid->Data2,
|
|
pguid->Data3,
|
|
pguid->Data4[0],
|
|
pguid->Data4[1],
|
|
pguid->Data4[2],
|
|
pguid->Data4[3],
|
|
pguid->Data4[4],
|
|
pguid->Data4[5],
|
|
pguid->Data4[6],
|
|
pguid->Data4[7]);
|
|
|
|
} else
|
|
{
|
|
printf("-%lu",
|
|
(ULONG)psid->IdentifierAuthority.Value[5] +
|
|
(ULONG)(psid->IdentifierAuthority.Value[4] << 8) +
|
|
(ULONG)(psid->IdentifierAuthority.Value[3] << 16) +
|
|
(ULONG)(psid->IdentifierAuthority.Value[2] << 24) );
|
|
}
|
|
|
|
if ( ( 0 < psid->SubAuthorityCount ) &&
|
|
( psid->SubAuthority[0] != SECURITY_KERBEROS_RID ) )
|
|
{
|
|
for (int k = 0; k < psid->SubAuthorityCount; k++ )
|
|
{
|
|
printf("-%d",psid->SubAuthority[k]);
|
|
}
|
|
}
|
|
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Function: printface
|
|
//
|
|
// Synopsis: prints the specifed ace
|
|
//
|
|
// Arguments: IN [paceh] - input ace (header)
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
void printface(ACE_HEADER *paceh)
|
|
{
|
|
if (paceh->AceType == ACCESS_DENIED_ACE_TYPE)
|
|
printf("DENIED ACE = ");
|
|
else
|
|
printf("ALLOWED ACE = ");
|
|
|
|
printf(" ");
|
|
ACCESS_ALLOWED_ACE *paaa = (ACCESS_ALLOWED_ACE *)paceh;
|
|
displaysid((SID *)&(paaa->SidStart));
|
|
|
|
if (paceh->AceFlags & OBJECT_INHERIT_ACE ) printf("(OI)");
|
|
if (paceh->AceFlags & CONTAINER_INHERIT_ACE ) printf("(CI)");
|
|
if (paceh->AceFlags & NO_PROPAGATE_INHERIT_ACE) printf("(NP)");
|
|
if (paceh->AceFlags & INHERIT_ONLY_ACE ) printf("(IO)");
|
|
|
|
printfmask(paaa->Mask, paceh->AceType);
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
//
|
|
// Function: printfmask
|
|
//
|
|
// Synopsis: prints the access mask
|
|
//
|
|
// Arguments: IN [mask] - the access mask
|
|
// IN [acetype] - allowed/denied
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
CHAR *aRightsStr[] = { "STANDARD_RIGHTS_ALL",
|
|
"DELETE",
|
|
"READ_CONTROL",
|
|
"WRITE_DAC",
|
|
"WRITE_OWNER",
|
|
"SYNCHRONIZE",
|
|
"STANDARD_RIGHTS_REQUIRED",
|
|
"SPECIFIC_RIGHTS_ALL",
|
|
"ACCESS_SYSTEM_SECURITY",
|
|
"MAXIMUM_ALLOWED",
|
|
"GENERIC_READ",
|
|
"GENERIC_WRITE",
|
|
"GENERIC_EXECUTE",
|
|
"GENERIC_ALL",
|
|
"FILE_GENERIC_READ",
|
|
"FILE_GENERIC_WRITE",
|
|
"FILE_GENERIC_EXECUTE",
|
|
"FILE_READ_DATA",
|
|
//FILE_LIST_DIRECTORY
|
|
"FILE_WRITE_DATA",
|
|
//FILE_ADD_FILE
|
|
"FILE_APPEND_DATA",
|
|
//FILE_ADD_SUBDIRECTORY
|
|
"FILE_READ_EA",
|
|
"FILE_WRITE_EA",
|
|
"FILE_EXECUTE",
|
|
//FILE_TRAVERSE
|
|
"FILE_DELETE_CHILD",
|
|
"FILE_READ_ATTRIBUTES",
|
|
"FILE_WRITE_ATTRIBUTES" };
|
|
|
|
#define NUMRIGHTS 26
|
|
ULONG aRights[NUMRIGHTS] = { STANDARD_RIGHTS_ALL ,
|
|
DELETE ,
|
|
READ_CONTROL ,
|
|
WRITE_DAC ,
|
|
WRITE_OWNER ,
|
|
SYNCHRONIZE ,
|
|
STANDARD_RIGHTS_REQUIRED ,
|
|
SPECIFIC_RIGHTS_ALL ,
|
|
ACCESS_SYSTEM_SECURITY ,
|
|
MAXIMUM_ALLOWED ,
|
|
GENERIC_READ ,
|
|
GENERIC_WRITE ,
|
|
GENERIC_EXECUTE ,
|
|
GENERIC_ALL ,
|
|
FILE_GENERIC_READ ,
|
|
FILE_GENERIC_WRITE ,
|
|
FILE_GENERIC_EXECUTE ,
|
|
FILE_READ_DATA ,
|
|
//FILE_LIST_DIRECTORY ,
|
|
FILE_WRITE_DATA ,
|
|
//FILE_ADD_FILE ,
|
|
FILE_APPEND_DATA ,
|
|
//FILE_ADD_SUBDIRECTORY ,
|
|
FILE_READ_EA ,
|
|
FILE_WRITE_EA ,
|
|
FILE_EXECUTE ,
|
|
//FILE_TRAVERSE ,
|
|
FILE_DELETE_CHILD ,
|
|
FILE_READ_ATTRIBUTES ,
|
|
FILE_WRITE_ATTRIBUTES };
|
|
|
|
void printfmask(ULONG mask, UCHAR acetype)
|
|
{
|
|
ULONG savmask = mask;
|
|
printf("mask = %08lx\n", mask);
|
|
#if 0
|
|
printf(" ");
|
|
|
|
if ((acetype == ACCESS_ALLOWED_ACE_TYPE) &&
|
|
(mask == (FILE_GENERIC_READ | FILE_EXECUTE)))
|
|
{
|
|
printf("R");
|
|
} else if ((acetype == ACCESS_ALLOWED_ACE_TYPE) &&
|
|
(mask == (FILE_GENERIC_WRITE | FILE_GENERIC_READ | FILE_EXECUTE | DELETE)))
|
|
{
|
|
printf("C");
|
|
} else if ((acetype == ACCESS_ALLOWED_ACE_TYPE) &&
|
|
(mask == ( STANDARD_RIGHTS_ALL |
|
|
FILE_READ_DATA |
|
|
FILE_WRITE_DATA |
|
|
FILE_APPEND_DATA |
|
|
FILE_READ_EA |
|
|
FILE_WRITE_EA |
|
|
FILE_EXECUTE |
|
|
FILE_DELETE_CHILD |
|
|
FILE_READ_ATTRIBUTES |
|
|
FILE_WRITE_ATTRIBUTES )) )
|
|
{
|
|
printf("A");
|
|
} else if ((acetype == ACCESS_ALLOWED_ACE_TYPE) &&
|
|
(mask == GENERIC_ALL))
|
|
{
|
|
printf("a");
|
|
} else if ((acetype == ACCESS_DENIED_ACE_TYPE) &&
|
|
(mask == GENERIC_ALL))
|
|
{
|
|
printf("n");
|
|
} else if ((acetype == ACCESS_DENIED_ACE_TYPE) &&
|
|
(mask == ( STANDARD_RIGHTS_ALL |
|
|
FILE_READ_DATA |
|
|
FILE_WRITE_DATA |
|
|
FILE_APPEND_DATA |
|
|
FILE_READ_EA |
|
|
FILE_WRITE_EA |
|
|
FILE_EXECUTE |
|
|
FILE_DELETE_CHILD |
|
|
FILE_READ_ATTRIBUTES |
|
|
FILE_WRITE_ATTRIBUTES )) )
|
|
{
|
|
printf("N");
|
|
}
|
|
printf(" ");
|
|
#endif
|
|
}
|
|
//----------------------------------------------------------------------------
|
|
void DmpBin(BYTE *buf, ULONG length)
|
|
{
|
|
ULONG k,l;
|
|
|
|
for (k=0;k<length ;k++ ) {
|
|
printf("%0.2x ", *(buf+k));
|
|
if (k%16 == 15 ) {
|
|
printf(" *");
|
|
for (l=k-15;l%16<15;l++ ) {
|
|
if ( (*(buf+l) >= 32 ) &&
|
|
(*(buf+l) <= 125 ) ) {
|
|
printf("%c", *(buf+l));
|
|
} else {
|
|
printf(".");
|
|
}
|
|
}
|
|
printf("*\n");
|
|
}
|
|
|
|
}
|
|
if (k%16 != 15 ) {
|
|
printf("%*c *",3*(16-k%16),' ');
|
|
for (l=k-k%16;l%16<k%16;l++ ) {
|
|
if ( (*(buf+l) >= 32 ) &&
|
|
(*(buf+l) <= 125 ) ) {
|
|
printf("%c", *(buf+l));
|
|
} else {
|
|
printf(".");
|
|
}
|
|
}
|
|
printf("*\n");
|
|
}
|
|
}
|
|
|
|
|