BOOL PLUGIN_GENERIC_INITIALIZE( _In_ PLUGIN_API_TABLE const * const api ) { BOOL bResult = FALSE; PTCHAR pptAttrsListForCsv[MMR_OUTFILE_HEADER_COUNT] = MMR_OUTFILE_HEADER; bResult = ApiHeapCreateX(&gs_hHeapMasterSlave, MASTERMAILBOX_HEAP_NAME, NULL); if (API_FAILED(bResult)) { return ERROR_VALUE; } gs_outfileName = api->Common.GetPluginOption(_T("mmrout"), FALSE); if (!gs_outfileName) { gs_outfileName = DEFAULT_MMR_OUTFILE; } gs_outDenyfileName = ApiHeapAllocX(gs_hHeapMasterSlave, (DWORD)((_tcslen(gs_outfileName) + 10) * sizeof(TCHAR))); _stprintf_s(gs_outDenyfileName, _tcslen(gs_outfileName) + 10, _T("%s.deny.csv"), gs_outfileName); API_LOG(Info, _T("Outfiles are <%s>/<%s>"), gs_outfileName, gs_outDenyfileName); bResult = api->InputCsv.CsvOpenWrite(gs_outfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutfile); if (!bResult) { API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outfileName, api->InputCsv.CsvGetLastError(gs_hOutfile)); } bResult = api->InputCsv.CsvOpenWrite(gs_outDenyfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutDenyfile); if (!bResult) { API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outDenyfileName, api->InputCsv.CsvGetLastError(gs_hOutDenyfile)); } return TRUE; }
BOOL PLUGIN_GENERIC_INITIALIZE( _In_ PLUGIN_API_TABLE const * const api ) { DWORD dwWritten = 0; BOOL bResult = FALSE; gs_outfileName = api->Common.GetPluginOption(_T("msrout"), FALSE); if (!gs_outfileName) { gs_outfileName = DEFAULT_MSR_OUTFILE; } API_LOG(Info, _T("Outfile is <%s>"), gs_outfileName); gs_hOutfile = CreateFile(gs_outfileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY, NULL); if (gs_hOutfile == INVALID_HANDLE_VALUE) { API_FATAL(_T("Failed to create outfile <%s> : <%u>"), gs_outfileName, GetLastError()); } bResult = WriteFile(gs_hOutfile, MSR_OUTFILE_HEADER, (DWORD)_tcslen(MSR_OUTFILE_HEADER), &dwWritten, NULL); if (!bResult) { API_FATAL(_T("Failed to write header to outfile <%s> : <%u>"), gs_outfileName, GetLastError()); } return TRUE; }
BOOL PLUGIN_FILTER_FILTERACE( _In_ PLUGIN_API_TABLE const * const api, _Inout_ PIMPORTED_ACE ace ) { PSID trusteeSidAce = api->Ace.GetTrustee(ace); if (gs_TrusteeFilter == NULL && gs_TrusteeDnFilter != NULL) { PIMPORTED_OBJECT object = api->Resolver.GetObjectByDn(gs_TrusteeDnFilter); if (!object) { API_FATAL(_T("Cannot resolve DN <%s>"), gs_TrusteeDnFilter); } gs_TrusteeFilter = &object->imported.sid; } return EqualSid(trusteeSidAce, gs_TrusteeFilter); }
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void WriteRelation( _In_ PLUGIN_API_TABLE const * const api, _In_ LPTSTR master, _In_ LPTSTR slave, _In_ LPTSTR relationKeyword, _In_ CSV_HANDLE outFile ) { LPTSTR csvRecord[3]; BOOL bResult = FALSE; DWORD csvRecordNumber = 3; csvRecord[0] = master; csvRecord[1] = slave; csvRecord[2] = relationKeyword; bResult = api->InputCsv.CsvWriteNextRecord(outFile, csvRecord, &csvRecordNumber); if (!bResult) API_FATAL(_T("Failed to write CSV outfile: <err:%#08x>"), api->InputCsv.CsvGetLastError(outFile)); }
BOOL PLUGIN_GENERIC_INITIALIZE( _In_ PLUGIN_API_TABLE const * const api ) { BOOL bResult = FALSE; LPTSTR trustee = api->Common.GetPluginOption(_T("trustee"), TRUE); if (_tcsncmp(SID_STR_PREFIX, trustee, strlen(SID_STR_PREFIX)) == 0) { bResult = ConvertStringSidToSid(trustee, &gs_TrusteeFilter); if (!bResult) { API_FATAL(_T("Failed to convert SID <%s> to its binary form : <%u>"), trustee, GetLastError()); } API_LOG(Info, _T("Filtering trustee by SID <%s>"), trustee); } else { // Resolution will take place later since resolver has not been activated yet gs_TrusteeDnFilter = trustee; API_LOG(Info, _T("Filtering trustee by DN <%s>"), trustee); } return TRUE; }
BOOL PLUGIN_GENERIC_INITIALIZE( _In_ PLUGIN_API_TABLE const * const api ) { BOOL bResult = FALSE; LPTSTR inhobjty = api->Common.GetPluginOption(_T("inhobjtype"), FALSE); // TODO : guid resolution from resolved str form could be nice here if (!inhobjty) { API_LOG(Info, _T("Filtering empty inheritedObjectType")); gs_EmptyInhObjType = TRUE; } else { bResult = api->Common.ConvertStrGuidToGuid(inhobjty, &gs_InhObjectTypeFilter); gs_EmptyInhObjType = FALSE; if (bResult != NOERROR) { API_FATAL(_T("Error while converting inherited object type guid <%s> to its binary form : <%#08x)"), inhobjty, bResult); } else { API_LOG(Info, _T("Filtering inheritedObjectType <%s>"), inhobjty); } } return TRUE; }