void DumpSecurityDescriptor(CSecurityDesc& sd, SECURITY_INFORMATION si, Mapping* pAccessMappings) { CIndent scope; CSid sidOwner; CSid sidGroup; CDacl dacl; CSacl sacl; bool bPresent = false; bool bDefaulted = false; if (LOBYTE(LOWORD(::GetVersion())) >= 5) { // only works on Windows 2000 or greater CString strSD; if (sd.ToString(&strSD, si)) Log(_T("%s"), (LPCTSTR)strSD); } if ((si & OWNER_SECURITY_INFORMATION) && sd.GetOwner(&sidOwner, &bDefaulted)) { Log(_T("Owner: %s"), bDefaulted ? _T("[Defaulted]") : _T("")); DumpSid(sidOwner); } if ((si & GROUP_SECURITY_INFORMATION) && sd.GetGroup(&sidGroup, &bDefaulted)) { Log(_T("Group: %s"), bDefaulted ? _T("[Defaulted]") : _T("")); DumpSid(sidGroup); } if ((si & DACL_SECURITY_INFORMATION) && sd.GetDacl(&dacl, &bPresent, &bDefaulted)) { Log(_T("Dacl: %s %s"), bPresent ? _T("") : _T("[Not Present]"), bDefaulted ? _T("[Defaulted]") : _T("")); DumpAcl(dacl, pAccessMappings); } if ((si & SACL_SECURITY_INFORMATION) && sd.GetSacl(&sacl, &bPresent, &bDefaulted)) { Log(_T("Sacl: %s %s"), bPresent ? _T("") : _T("[Not Present]"), bDefaulted ? _T("[Defaulted]") : _T("")); DumpAcl(sacl, pAccessMappings); } }
//***************************************************************************** //* Function Name: DumpTokenLogonSid //* Description: //***************************************************************************** void DumpTokenLogonSid ( HANDLE p_hToken, LPVOID p_pTokenInformation, DWORD p_dwTokenInformationLength) { PSID l_pTokenLogonSid = reinterpret_cast<PSID>(p_pTokenInformation); DumpSid (l_pTokenLogonSid, _T("TokenLogonSid")); }
void DumpAce(CSid& sid, ACCESS_MASK mask, BYTE type, BYTE flags, GUID guidObjectType, GUID guidInheritedObjectType, Mapping* pAccessMappings) { CIndent scope; Log(_T("Sid:")); DumpSid(sid); Log(_T("Mask:")); DumpAccessMask(mask, pAccessMappings); Log(_T("Type:")); DumpAceType(type); Log(_T("Flags:")); DumpAceFlags(flags); if (!InlineIsEqualGUID(GUID_NULL, guidObjectType)) { Log(_T("Object Type:")); CStringW str; if (StringFromGUID2(guidObjectType, CStrBufW(str, 128), 128)) Log(CW2CT(str)); else Log(_T("Failure converting GUID to String")); } if (!InlineIsEqualGUID(GUID_NULL, guidInheritedObjectType)) { Log(_T("Inherited Object Type:")); CStringW str; if (StringFromGUID2(guidInheritedObjectType, CStrBufW(str, 128), 128)) Log(CW2CT(str)); else Log(_T("Failure converting GUID to String")); } }
void DumpGroups(CTokenGroups& groups) { CIndent scope; CSid::CSidArray sids; CAtlArray<DWORD> attrs; groups.GetSidsAndAttributes(&sids, &attrs); ATLASSERT(groups.GetCount() == sids.GetCount()); ATLASSERT(groups.GetCount() == attrs.GetCount()); Log(_T("Group Count: %d"), groups.GetCount()); for (UINT i=0; i<groups.GetCount(); i++) { Log(_T("Group %d:"), i); Log(_T("Sid:")); DumpSid(sids[i]); Log(_T("Attributes:")); DumpGroupAttributes(attrs[i]); } }
void DumpAccessToken(CAccessToken& at) { CIndent scope; CSid sidUser; if (!at.GetUser(&sidUser)) Log(_T("Failure retrieving User from Token")); else { Log(_T("User:"******"Failure retrieving Groups from Token")); else { Log(_T("Groups:")); DumpGroups(groups); } CTokenPrivileges priv; if (!at.GetPrivileges(&priv)) Log(_T("Failure retrieving Privileges from Token")); else { Log(_T("Privileges:")); DumpPrivileges(priv); } CSid sidOwner; if (!at.GetOwner(&sidOwner)) Log(_T("Failure retrieving Owner from Token")); else { Log(_T("Default Owner:")); DumpSid(sidOwner); } CSid sidPrimaryGroup; if (!at.GetOwner(&sidPrimaryGroup)) Log(_T("Failure retrieving Primary Group from Token")); else { Log(_T("Primary Group:")); DumpSid(sidPrimaryGroup); } CDacl dacl; if (!at.GetDefaultDacl(&dacl)) Log(_T("Failure retrieving Default Dacl from Token")); else { Log(_T("Default Dacl:")); DumpAcl(dacl, mapGenericAccess); } TOKEN_SOURCE source; if (!at.GetSource(&source)) Log(_T("Failure retrieving Source from Token")); else { Log(_T("Source:")); Log(_T("Source Name: %.8s"), CString(source.SourceName)); Log(_T("Source Identifier: 0x%.8x%.8x"), source.SourceIdentifier.HighPart, source.SourceIdentifier.LowPart); } TOKEN_TYPE type; if (!at.GetType(&type)) Log(_T("Failure retrieving Type from Token")); else Log(_T("Type: %s"), (LPCTSTR)GetTokenType(type)); if (type == TokenImpersonation) { SECURITY_IMPERSONATION_LEVEL sil; if (!at.GetImpersonationLevel(&sil)) Log(_T("Failure retrieving Impersonation Level from Token")); else Log(_T("Impersonation Level: %s"), (LPCTSTR)GetImpersonationLevel(sil)); } TOKEN_STATISTICS stats; if (!at.GetStatistics(&stats)) Log(_T("Failure retrieving Statistics from Token")); else { Log(_T("Statistics:")); DumpStatistics(stats); } }