/* Internal sid binary to string translation, see MSKB Q131320.
* Several user related operations require our SID to access
* the registry, but in a string format. All error handling
* depends on IsValidSid(), which internally we better test long
* before we get here!
*/
void get_sid_string(char *buf, apr_size_t blen, apr_uid_t id)
{
PSID_IDENTIFIER_AUTHORITY psia;
DWORD nsa;
DWORD sa;
int slen;
/* Determine authority values (these is a big-endian value,
* and NT records the value as hex if the value is > 2^32.)
*/
psia = GetSidIdentifierAuthority(id);
nsa = (DWORD)(psia->Value[5]) + ((DWORD)(psia->Value[4]) << 8)
+ ((DWORD)(psia->Value[3]) << 16) + ((DWORD)(psia->Value[2]) << 24);
sa = (DWORD)(psia->Value[1]) + ((DWORD)(psia->Value[0]) << 8);
if (sa) {
slen = apr_snprintf(buf, blen, "S-%lu-0x%04x%08x",
SID_REVISION, sa, nsa);
} else {
slen = apr_snprintf(buf, blen, "S-%lu-%lu",
SID_REVISION, nsa);
}
/* Now append all the subauthority strings.
*/
nsa = *GetSidSubAuthorityCount(id);
for (sa = 0; sa < nsa; ++sa) {
slen += apr_snprintf(buf + slen, blen - slen, "-%lu",
*GetSidSubAuthority(id, sa));
}
}
BOOL make_relative_sid(PSID* answer, PSID base, ULONG relative_id)
{
int count;
int i;
if (answer == NULL)
return print_error(L"Error in make_relative_sid: answer is NULL.\n");
if (base == NULL)
return print_error(L"Error in make_relative_sid: base is NULL.\n");
if (!IsValidSid(base))
return print_error(L"Error in make_relative_sid: base is not a valid SID.\n");
count = *GetSidSubAuthorityCount(base);
if (count > 7)
return print_error(L"Error in make_relative_sid: base has too many sub-authorities.\n");
if (!AllocateAndInitializeSid( GetSidIdentifierAuthority(base)
, 1 + count
, 0, 0, 0, 0, 0, 0, 0, 0, answer))
return win_error(GetLastError(), L"AllocateAndInitializeSid");
for(i=0; i<count; i++)
{
*GetSidSubAuthority(*answer, i) = *GetSidSubAuthority(base, i);
}
*GetSidSubAuthority(*answer, count) = relative_id;
return TRUE;
}
bool AddSid(LPCWSTR sid_str)
{
if (_wcsicmp(sid_str, L"CU") == 0)
{
return AddSid(GetCurrentUserSid().c_str());
}
else
{
PSID p = nullptr;
if (!::ConvertStringSidToSid(sid_str, &p))
{
return false;
}
std::unique_ptr<void, LocalFreeDeleter> buf(p);
SID_IDENTIFIER_AUTHORITY il_id_auth = { { 0,0,0,0,0,0x10 } };
PSID_IDENTIFIER_AUTHORITY sid_id_auth = GetSidIdentifierAuthority(p);
if (memcmp(il_id_auth.Value, sid_id_auth->Value, sizeof(il_id_auth.Value)) == 0)
{
return !!AddIntegrityLabelToBoundaryDescriptor(&boundary_desc_, p);
}
else
{
return !!AddSIDToBoundaryDescriptor(&boundary_desc_, p);
}
}
}
BOOL IsLogonSid( PSID ps )
{
static SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
// a logon SID has: sia = 5, subauth count = 3, first subauth = 5
// the following three lines test these three conditions
if ( ! memcmp( GetSidIdentifierAuthority( ps ), &sia, sizeof sia ) && // is sia == 5?
*GetSidSubAuthorityCount( ps ) == 3 && // is subauth count == 3?
*GetSidSubAuthority( ps, 0 ) == 5 ) // first subauth == 5?
return TRUE;
else
return FALSE;
}
/*
(in) PSID
(in/out) char
(in) size_t
return
0 - success
-1 - error
*/
int get_textual_sid(PSID pSid,char * buf,size_t len)
{
/*FROM MSDN Converting a Binary SID to String Format in C++*/
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwSidRev = SID_REVISION;
DWORD dwCounter;
DWORD dwSidSize;
if (!IsValidSid(pSid)){
SetLastError(ERROR_INVALID_DATA);
return -1;
}
psia = GetSidIdentifierAuthority(pSid);
dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
dwSidSize = (15 + 12 + (12 * dwSubAuthorities) +1) * sizeof(char);
if (len < dwSidSize){
SetLastError(ERROR_INSUFFICIENT_BUFFER);
return -1;
}
_snprintf(buf,len,"S-%lu-",dwSidRev);
if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) ){
_snprintf(buf + strlen(buf),len-(strlen(buf)+1),
"0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT) psia->Value[0],
(USHORT) psia->Value[1],
(USHORT) psia->Value[2],
(USHORT) psia->Value[3],
(USHORT) psia->Value[4],
(USHORT) psia->Value[5]);
}else {
_snprintf(buf + strlen(buf),len - (strlen(buf)+1),
"%lu",
(USHORT) (psia->Value[5]) +
(USHORT) (psia->Value[4] << 8)+
(USHORT) (psia->Value[3] << 16)+
(USHORT) (psia->Value[2] << 24));
}
for (dwCounter = 0; dwCounter < dwSubAuthorities; dwCounter++){
_snprintf(buf + strlen(buf),len - (strlen(buf)+1),"-%lu",
*GetSidSubAuthority(pSid,dwCounter));
}
return 0;
}
static void PrintSidText(PSID psid, BPRINT_BUFFER & bp)
{
//
// test if parameters passed in are valid, IsValidSid can not take
// a NULL parameter
//
if ( ! psid)
return;
// obtain SidIdentifierAuthority
// obtain sidsubauthority count
PSID_IDENTIFIER_AUTHORITY psia = GetSidIdentifierAuthority(psid);
DWORD cSubAs = *GetSidSubAuthorityCount(psid);
//
// S-SID_REVISION-
//
bprintf(bp, TEXT("S-%lu-"), SID_REVISION);
//
// append SidIdentifierAuthority
//
if (psia->Value[0] || psia->Value[1])
{
bprintf(bp, TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
(USHORT)psia->Value[0],
(USHORT)psia->Value[1],
(USHORT)psia->Value[2],
(USHORT)psia->Value[3],
(USHORT)psia->Value[4],
(USHORT)psia->Value[5]);
}
else
{
bprintf(bp, TEXT("%lu"),
(ULONG)(psia->Value[5] ) +
(ULONG)(psia->Value[4] << 8) +
(ULONG)(psia->Value[3] << 16) +
(ULONG)(psia->Value[2] << 24));
}
//
// append SidSubAuthorities
//
for (UINT ix = 0 ; ix < cSubAs; ++ix)
{
bprintf(bp, TEXT("-%lu"), *GetSidSubAuthority(psid, ix));
}
}
BOOL IsDomainSid(
_In_ PSID pSid
) {
static const SID_IDENTIFIER_AUTHORITY sSidIdAuthNtSecurity = SECURITY_NT_AUTHORITY;
PUCHAR n = GetSidSubAuthorityCount(pSid);
if (*n >= 1) {
SID_IDENTIFIER_AUTHORITY *pIdAuth = GetSidIdentifierAuthority(pSid);
if (memcmp(pIdAuth, &sSidIdAuthNtSecurity, sizeof(SID_IDENTIFIER_AUTHORITY) == 0)) {
PDWORD pdwAuth = GetSidSubAuthority(pSid, 0);
if ((*pdwAuth == SECURITY_NT_NON_UNIQUE) || (*pdwAuth == SECURITY_BUILTIN_DOMAIN_RID)) {
return TRUE;
}
}
}
return FALSE;
}
static char *
put_sid (PSID psid)
{
static char s[512];
char t[32];
DWORD i;
strcpy (s, "S-1-");
sprintf(t, "%u", GetSidIdentifierAuthority (psid)->Value[5]);
strcat (s, t);
for (i = 0; i < *GetSidSubAuthorityCount (psid); ++i)
{
sprintf(t, "-%" PRIu32 , (unsigned int) *GetSidSubAuthority (psid, i));
strcat (s, t);
}
return s;
}
//
// Function : sidToText
// Role : Converts a binary SID to a nice one
// Notes : http://win32.mvps.org/security/dumpacl/dumpacl.cpp
//
const char *sidToTextTok( PSID psid )
{
// S-rev- + SIA + subauthlen*maxsubauth + terminator
static char buf[15 + 12 + 12*SID_MAX_SUB_AUTHORITIES + 1];
char *p = &buf[0];
PSID_IDENTIFIER_AUTHORITY psia;
DWORD numSubAuths, i;
// Validate the binary SID.
if ( ! IsValidSid( psid ) )
return FALSE;
psia = GetSidIdentifierAuthority( psid );
p = buf;
p += _snprintf_s( p, 15 + 12 + 12*SID_MAX_SUB_AUTHORITIES + 1, &buf[sizeof buf] - p, "S-%lu-", 0x0f & *( (byte *) psid ) );
if ( ( psia->Value[0] != 0 ) || ( psia->Value[1] != 0 ) )
p += _snprintf_s( p,15 + 12 + 12*SID_MAX_SUB_AUTHORITIES + 1, &buf[sizeof buf] - p, "0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT) psia->Value[0], (USHORT) psia->Value[1],
(USHORT) psia->Value[2], (USHORT) psia->Value[3],
(USHORT) psia->Value[4], (USHORT) psia->Value[5] );
else
p += _snprintf_s( p, 15 + 12 + 12*SID_MAX_SUB_AUTHORITIES + 1, &buf[sizeof buf] - p, "%lu", (ULONG) ( psia->Value[5] ) +
(ULONG) ( psia->Value[4] << 8 ) + (ULONG) ( psia->Value[3] << 16 ) +
(ULONG) ( psia->Value[2] << 24 ) );
// Add SID subauthorities to the string.
numSubAuths = *GetSidSubAuthorityCount( psid );
for ( i = 0; i < numSubAuths; ++ i )
p += _snprintf_s( p, 15 + 12 + 12*SID_MAX_SUB_AUTHORITIES + 1,&buf[sizeof buf] - p, "-%lu", *GetSidSubAuthority( psid, i ) );
return buf;
}
BOOL
LookupUserGroupFromRid(
LPWSTR TargetComputer,
DWORD Rid,
LPWSTR Name,
PDWORD cchName
)
{
PUSER_MODALS_INFO_2 umi2;
NET_API_STATUS nas;
UCHAR SubAuthorityCount;
PSID pSid;
SID_NAME_USE snu;
WCHAR DomainName[DNLEN+1];
DWORD cchDomainName = DNLEN;
BOOL bSuccess = FALSE; // assume failure
//
// get the account domain Sid on the target machine
// note: if you were looking up multiple sids based on the same
// account domain, only need to call this once.
//
nas = NetUserModalsGet(TargetComputer, 2, (LPBYTE *)&umi2);
if(nas != NERR_Success) {
SetLastError(nas);
return FALSE;
}
SubAuthorityCount = *GetSidSubAuthorityCount
(umi2->usrmod2_domain_id);
//
// allocate storage for new Sid. account domain Sid + account Rid
//
pSid = (PSID)HeapAlloc(GetProcessHeap(), 0,
GetSidLengthRequired((UCHAR)(SubAuthorityCount + 1)));
if(pSid != NULL) {
if(InitializeSid(
pSid,
GetSidIdentifierAuthority(umi2->usrmod2_domain_id),
(BYTE)(SubAuthorityCount+1)
)) {
DWORD SubAuthIndex = 0;
//
// copy existing subauthorities from account domain Sid into
// new Sid
//
for( ; SubAuthIndex < SubAuthorityCount ; SubAuthIndex++) {
*GetSidSubAuthority(pSid, SubAuthIndex) =
*GetSidSubAuthority(umi2->usrmod2_domain_id,
SubAuthIndex);
}
//
// append Rid to new Sid
//
*GetSidSubAuthority(pSid, SubAuthorityCount) = Rid;
bSuccess = LookupAccountSidW(
TargetComputer,
pSid,
Name,
cchName,
DomainName,
&cchDomainName,
&snu
);
}
HeapFree(GetProcessHeap(), 0, pSid);
}
NetApiBufferFree(umi2);
return bSuccess;
}
sal_Bool SAL_CALL osl_getUserIdent(oslSecurity Security, rtl_uString **strIdent)
{
if (Security != NULL)
{
oslSecurityImpl *pSecImpl = (oslSecurityImpl*)Security;
HANDLE hAccessToken = pSecImpl->m_hToken;
if (hAccessToken == NULL)
OpenProcessToken(GetCurrentProcess(), TOKEN_DUP_QUERY, &hAccessToken);
if (hAccessToken)
{
sal_Char *Ident;
DWORD nInfoBuffer = 512;
UCHAR* pInfoBuffer = malloc(nInfoBuffer);
while (!GetTokenInformation(hAccessToken, TokenUser,
pInfoBuffer, nInfoBuffer, &nInfoBuffer))
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
pInfoBuffer = realloc(pInfoBuffer, nInfoBuffer);
else
{
free(pInfoBuffer);
pInfoBuffer = NULL;
break;
}
}
if (pSecImpl->m_hToken == NULL)
CloseHandle(hAccessToken);
if (pInfoBuffer)
{
PSID pSid = ((PTOKEN_USER)pInfoBuffer)->User.Sid;
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwSidRev=SID_REVISION;
DWORD dwCounter;
DWORD dwSidSize;
PUCHAR pSSACount;
/* obtain SidIdentifierAuthority */
psia=GetSidIdentifierAuthority(pSid);
/* obtain sidsubauthority count */
pSSACount = GetSidSubAuthorityCount(pSid);
dwSubAuthorities = (*pSSACount < 5) ? *pSSACount : 5;
/* buffer length: S-SID_REVISION- + identifierauthority- + subauthorities- + NULL */
Ident=malloc(88*sizeof(sal_Char));
/* prepare S-SID_REVISION- */
dwSidSize=wsprintf(Ident, TEXT("S-%lu-"), dwSidRev);
/* prepare SidIdentifierAuthority */
if ((psia->Value[0] != 0) || (psia->Value[1] != 0))
{
dwSidSize+=wsprintf(Ident + strlen(Ident),
TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
(USHORT)psia->Value[0],
(USHORT)psia->Value[1],
(USHORT)psia->Value[2],
(USHORT)psia->Value[3],
(USHORT)psia->Value[4],
(USHORT)psia->Value[5]);
}
else
{
dwSidSize+=wsprintf(Ident + strlen(Ident),
TEXT("%lu"),
(ULONG)(psia->Value[5] ) +
(ULONG)(psia->Value[4] << 8) +
(ULONG)(psia->Value[3] << 16) +
(ULONG)(psia->Value[2] << 24) );
}
/* loop through SidSubAuthorities */
for (dwCounter=0; dwCounter < dwSubAuthorities; dwCounter++)
{
dwSidSize+=wsprintf(Ident + dwSidSize, TEXT("-%lu"),
*GetSidSubAuthority(pSid, dwCounter) );
}
rtl_uString_newFromAscii( strIdent, Ident );
free(pInfoBuffer);
free(Ident);
return sal_True;
}
}
else
{
DWORD needed=0;
sal_Unicode *Ident;
WNetGetUserA(NULL, NULL, &needed);
if (needed < 16)
{
needed = 16;
}
Ident=malloc(needed*sizeof(sal_Unicode));
if (WNetGetUserW(NULL, Ident, &needed) != NO_ERROR)
{
wcscpy(Ident, L"unknown");
Ident[7] = L'\0';
}
rtl_uString_newFromStr( strIdent, Ident);
free(Ident);
return sal_True;
}
}
return sal_False;
}
// nearly straight from the SDK
BOOL Sid2Text( PSID ps, char *buf, int bufSize )
{
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwSidRev = SID_REVISION;
DWORD i;
int n, size;
char *p;
// Validate the binary SID.
if ( ! IsValidSid( ps ) )
return FALSE;
// Get the identifier authority value from the SID.
psia = GetSidIdentifierAuthority( ps );
// Get the number of subauthorities in the SID.
dwSubAuthorities = *GetSidSubAuthorityCount( ps );
// Compute the buffer length.
// S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
size = 15 + 12 + ( 12 * dwSubAuthorities ) + 1;
// Check input buffer length.
// If too small, indicate the proper size and set last error.
if ( bufSize < size )
{
SetLastError( ERROR_INSUFFICIENT_BUFFER );
return FALSE;
}
// Add 'S' prefix and revision number to the string.
size = wsprintf( buf, "S-%lu-", dwSidRev );
p = buf + size;
// Add SID identifier authority to the string.
if ( psia->Value[0] != 0 || psia->Value[1] != 0 )
{
n = wsprintf( p, "0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT) psia->Value[0], (USHORT) psia->Value[1],
(USHORT) psia->Value[2], (USHORT) psia->Value[3],
(USHORT) psia->Value[4], (USHORT) psia->Value[5] );
size += n;
p += n;
}
else
{
n = wsprintf( p, "%lu", ( (ULONG) psia->Value[5] ) +
( (ULONG) psia->Value[4] << 8 ) + ( (ULONG) psia->Value[3] << 16 ) +
( (ULONG) psia->Value[2] << 24 ) );
size += n;
p += n;
}
// Add SID subauthorities to the string.
for ( i = 0; i < dwSubAuthorities; ++ i )
{
n = wsprintf( p, "-%lu", *GetSidSubAuthority( ps, i ) );
size += n;
p += n;
}
return TRUE;
}
/*
** Wrapper around the access() system call. This code was copied from Tcl
** 8.6 and then modified.
*/
int win32_access(const char *zFilename, int flags){
int rc = 0;
PSECURITY_DESCRIPTOR pSd = NULL;
unsigned long size;
PSID pSid = NULL;
BOOL sidDefaulted;
BOOL impersonated = FALSE;
SID_IDENTIFIER_AUTHORITY unmapped = {{0, 0, 0, 0, 0, 22}};
GENERIC_MAPPING genMap;
HANDLE hToken = NULL;
DWORD desiredAccess = 0, grantedAccess = 0;
BOOL accessYesNo = FALSE;
PRIVILEGE_SET privSet;
DWORD privSetSize = sizeof(PRIVILEGE_SET);
wchar_t *zMbcs = fossil_utf8_to_filename(zFilename);
DWORD attr = GetFileAttributesW(zMbcs);
if( attr==INVALID_FILE_ATTRIBUTES ){
/*
* File might not exist.
*/
if( GetLastError()!=ERROR_SHARING_VIOLATION ){
rc = -1; goto done;
}
}
if( flags==F_OK ){
/*
* File exists, nothing else to check.
*/
goto done;
}
if( (flags & W_OK)
&& (attr & FILE_ATTRIBUTE_READONLY)
&& !(attr & FILE_ATTRIBUTE_DIRECTORY) ){
/*
* The attributes say the file is not writable. If the file is a
* regular file (i.e., not a directory), then the file is not
* writable, full stop. For directories, the read-only bit is
* (mostly) ignored by Windows, so we can't ascertain anything about
* directory access from the attrib data.
*/
rc = -1; goto done;
}
/*
* It looks as if the permissions are ok, but if we are on NT, 2000 or XP,
* we have a more complex permissions structure so we try to check that.
* The code below is remarkably complex for such a simple thing as finding
* what permissions the OS has set for a file.
*/
/*
* First find out how big the buffer needs to be.
*/
size = 0;
GetFileSecurityW(zMbcs,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
0, 0, &size);
/*
* Should have failed with ERROR_INSUFFICIENT_BUFFER
*/
if( GetLastError()!=ERROR_INSUFFICIENT_BUFFER ){
/*
* Most likely case is ERROR_ACCESS_DENIED, which we will convert to
* EACCES - just what we want!
*/
rc = -1; goto done;
}
/*
* Now size contains the size of buffer needed.
*/
pSd = (PSECURITY_DESCRIPTOR)HeapAlloc(GetProcessHeap(), 0, size);
if( pSd==NULL ){
rc = -1; goto done;
}
/*
* Call GetFileSecurity() for real.
*/
if( !GetFileSecurityW(zMbcs,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
pSd, size, &size) ){
/*
* Error getting owner SD
*/
rc = -1; goto done;
}
/*
* As of Samba 3.0.23 (10-Jul-2006), unmapped users and groups are
* assigned to SID domains S-1-22-1 and S-1-22-2, where "22" is the
* top-level authority. If the file owner and group is unmapped then
* the ACL access check below will only test against world access,
* which is likely to be more restrictive than the actual access
* restrictions. Since the ACL tests are more likely wrong than
* right, skip them. Moreover, the unix owner access permissions are
* usually mapped to the Windows attributes, so if the user is the
* file owner then the attrib checks above are correct (as far as they
* go).
*/
if( !GetSecurityDescriptorOwner(pSd, &pSid, &sidDefaulted) ||
memcmp(GetSidIdentifierAuthority(pSid), &unmapped,
sizeof(SID_IDENTIFIER_AUTHORITY))==0 ){
goto done; /* Attrib tests say access allowed. */
}
/*
* Perform security impersonation of the user and open the resulting
* thread token.
*/
if( !ImpersonateSelf(SecurityImpersonation) ){
/*
* Unable to perform security impersonation.
*/
rc = -1; goto done;
}
impersonated = TRUE;
if( !OpenThreadToken(GetCurrentThread(),
TOKEN_DUPLICATE | TOKEN_QUERY, FALSE, &hToken) ){
/*
* Unable to get current thread's token.
*/
rc = -1; goto done;
}
/*
* Setup desiredAccess according to the access priveleges we are
* checking.
*/
if( flags & R_OK ){
desiredAccess |= FILE_GENERIC_READ;
}
if( flags & W_OK){
desiredAccess |= FILE_GENERIC_WRITE;
}
memset(&genMap, 0, sizeof(GENERIC_MAPPING));
genMap.GenericRead = FILE_GENERIC_READ;
genMap.GenericWrite = FILE_GENERIC_WRITE;
genMap.GenericExecute = FILE_GENERIC_EXECUTE;
genMap.GenericAll = FILE_ALL_ACCESS;
/*
* Perform access check using the token.
*/
if( !AccessCheck(pSd, hToken, desiredAccess, &genMap, &privSet,
&privSetSize, &grantedAccess, &accessYesNo) ){
/*
* Unable to perform access check.
*/
rc = -1; goto done;
}
if( !accessYesNo ) rc = -1;
done:
if( hToken != NULL ){
CloseHandle(hToken);
}
if( impersonated ){
RevertToSelf();
impersonated = FALSE;
}
if( pSd!=NULL ){
HeapFree(GetProcessHeap(), 0, pSd);
}
fossil_filename_free(zMbcs);
return rc;
}
void GetTextualSid(
PSID pSid, // binary Sid
PTCHAR TextualSid) // buffer for Textual representation of Sid
{
PSID_IDENTIFIER_AUTHORITY psia;
DWORD dwSubAuthorities;
DWORD dwSidRev=SID_REVISION;
DWORD dwCounter;
DWORD dwSidSize;
// Validate the binary SID.
if(!IsValidSid(pSid)) return;
// Get the identifier authority value from the SID.
psia = GetSidIdentifierAuthority(pSid);
// Get the number of subauthorities in the SID.
dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
// Compute the buffer length.
// S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
// Add 'S' prefix and revision number to the string.
dwSidSize= _stprintf(TextualSid, _T("S-%lu-"), dwSidRev );
// Add SID identifier authority to the string.
if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) ) {
dwSidSize += _stprintf(TextualSid + lstrlen(TextualSid),
_T("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
(USHORT)psia->Value[0],
(USHORT)psia->Value[1],
(USHORT)psia->Value[2],
(USHORT)psia->Value[3],
(USHORT)psia->Value[4],
(USHORT)psia->Value[5]);
} else {
dwSidSize += _stprintf(TextualSid + lstrlen(TextualSid),
_T("%lu"),
(ULONG)(psia->Value[5] ) +
(ULONG)(psia->Value[4] << 8) +
(ULONG)(psia->Value[3] << 16) +
(ULONG)(psia->Value[2] << 24) );
}
// Add SID subauthorities to the string.
//
for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++) {
dwSidSize+= _stprintf(TextualSid + dwSidSize, _T("-%lu"),
*GetSidSubAuthority(pSid, dwCounter) );
}
}
void RegistryLogAceSidStart(PSID SidStart)
{
LogIncIndent();
if (FALSE == IsValidSid(SidStart))
{
LOG(L"Invalid Sid given, cannot parse\n");
LogDecIndent();
return;
}
LPTSTR stringSid = NULL;
if(FALSE == ConvertSidToStringSid(SidStart,&stringSid))
{
LOG(L"Could not convert SID to SIDString\n");
LogDecIndent();
return;
}
LOG(L"SID = %s\n",stringSid);
PSID_IDENTIFIER_AUTHORITY sidia = GetSidIdentifierAuthority(SidStart);
PUCHAR pSubAuthorityCount = GetSidSubAuthorityCount(SidStart);
UCHAR counter = 0;
for(; counter < *pSubAuthorityCount ; counter++)
{
PDWORD pSidSubAuthority = GetSidSubAuthority(SidStart,counter);
BYTE nullauthorityValue[6] = SECURITY_NULL_SID_AUTHORITY;
BYTE worldauthorityValue[6] = SECURITY_WORLD_SID_AUTHORITY;
BYTE localauthorityValue[6] = SECURITY_LOCAL_SID_AUTHORITY;
BYTE creatorauthorityValue[6] = SECURITY_CREATOR_SID_AUTHORITY;
BYTE ntauthorityValue[6] = SECURITY_NT_AUTHORITY;
if(memcmp(sidia->Value,nullauthorityValue,6) == 0)
{
switch(*pSidSubAuthority)
{
case SECURITY_NULL_RID:
LOG(L"SECURITY_NULL\n");
break;
default:
RegistryLogGeneralRIDS(L"SECURITY_NULL_SID_AUTHORITY",*pSidSubAuthority);
break;
};
}
else if (memcmp(sidia->Value,worldauthorityValue,6) == 0)
{
switch(*pSidSubAuthority)
{
case SECURITY_WORLD_RID:
LOG(L"EVERYONE\n");
break;
default:
RegistryLogGeneralRIDS(L"SECURITY_WORLD_SID_AUTHORITY",*pSidSubAuthority);
break;
};
}
else if (memcmp(sidia->Value,localauthorityValue,6) == 0)
{
switch(*pSidSubAuthority)
{
case SECURITY_LOCAL_RID:
LOG(L"SECURITY_LOCAL_SID_AUTHORITY SECURITY_LOCAL_RID\n");
break;
case SECURITY_LOCAL_LOGON_RID:
LOG(L"SECURITY_LOCAL_SID_AUTHORITY SECURITY_LOCAL_LOGON_RID\n");
break;
default:
RegistryLogGeneralRIDS(L"SECURITY_LOCAL_SID_AUTHORITY",*pSidSubAuthority);
break;
};
}
else if (memcmp(sidia->Value,creatorauthorityValue,6) == 0)
{
switch(*pSidSubAuthority)
{
case SECURITY_CREATOR_OWNER_RID:
LOG(L"CREATOR_OWNER\n");
//LOG(L"SECURITY_CREATOR_SID_AUTHORITY SECURITY_CREATOR_OWNER_RID\n");
break;
case SECURITY_CREATOR_GROUP_RID:
LOG(L"CREATOR_GROUP\n");
//LOG(L"SECURITY_CREATOR_SID_AUTHORITY SECURITY_CREATOR_GROUP_RID\n");
break;
default:
RegistryLogGeneralRIDS(L"SECURITY_CREATOR_SID_AUTHORITY",*pSidSubAuthority);
break;
};
}
else if (memcmp(sidia->Value,ntauthorityValue,6) == 0)
{
switch(*pSidSubAuthority)
{
case SECURITY_DIALUP_RID:
LOG(L"DIALUP\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_DIALUP_RID: Users who log on to terminals using a dial-up modem. This is a group identifier\n");
break;
case SECURITY_NETWORK_RID:
LOG(L"NETWORK\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_NETWORK_RID: Users who log on across a network. This is a group identifier\n");
break;
case SECURITY_BATCH_RID:
LOG(L"BATCH\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_BATCH_RID: Users who log on using a batch queue facility. This is a group identifier\n");
break;
case SECURITY_INTERACTIVE_RID:
LOG(L"INTERACTIVE\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_INTERACTIVE_RID: Users who log on for interactive operation. This is a group identifier\n");
break;
case SECURITY_LOGON_IDS_RID:
LOG(L"LOGON_IDS\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_LOGON_IDS_RID: A logon session\n");
break;
case SECURITY_SERVICE_RID:
LOG(L"SERVICE\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_SERVICE_RID: Accounts authorized to log on as a service. This is a group identifier\n");
break;
case SECURITY_ANONYMOUS_LOGON_RID:
LOG(L"ANONYMOUS\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_ANONYMOUS_LOGON_RID: Anonymous logon, or null session logon\n");
break;
case SECURITY_PROXY_RID:
LOG(L"PROXY\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_PROXY_RID: Proxy\n");
break;
case SECURITY_ENTERPRISE_CONTROLLERS_RID:
LOG(L"ENTERPRISE_CONTROLLERS\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_ENTERPRISE_CONTROLLERS_RID: Enterprise controllers\n");
break;
case SECURITY_PRINCIPAL_SELF_RID:
LOG(L"PRINCIPAL_SELF\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_PRINCIPAL_SELF_RID: The PRINCIPAL_SELF security identifier\n");
break;
case SECURITY_AUTHENTICATED_USER_RID:
LOG(L"AUTHENTICATED_USER\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_AUTHENTICATED_USER_RID: The authenticated users\n");
break;
case SECURITY_RESTRICTED_CODE_RID:
LOG(L"RESTRICTED_CODE\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_RESTRICTED_CODE_RID: Restricted code\n");
break;
case SECURITY_TERMINAL_SERVER_RID:
LOG(L"TERMINAL_SERVER\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_TERMINAL_SERVER_RID: Terminal Services\n");
break;
case SECURITY_LOCAL_SYSTEM_RID:
LOG(L"LOCAL_SYSTEM\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_LOCAL_SYSTEM_RID: A special account used by the operating system\n");
break;
case SECURITY_NT_NON_UNIQUE:
LOG(L"NT_NON_UNIQUE\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_NT_NON_UNIQUE: SIDS are not unique\n");
break;
case SECURITY_BUILTIN_DOMAIN_RID:
LOG(L"BUILTIN_DOMAIN\n");
//LOG(L"SECURITY_NT_AUTHORITY SECURITY_BUILTIN_DOMAIN_RID: Buildin Domain\n");
break;
default:
RegistryLogGeneralRIDS(L"SECURITY_NT_AUTHORITY",*pSidSubAuthority);
break;
};
}
}
LogDecIndent();
}
void vsyslog(int pri, const char *fmt, va_list ap)
/*
* Purpose:
* Does the actual logging to the NT event log.
* This is actually never called directly by the user
* but always through syslog()
*
* Precondition:
* dto. syslog()
*
* Postcondition:
* dto. syslog()
*
* Mods:
* 05/11/97 (CVP)
*/
{
char *aszMsg[1], *p;
WORD nt_prio = 0;
BYTE sidBuffer[SLG_BUFSIZE];
PSID psid = (PSID) &sidBuffer;
PSID PNtSid_ = NULL;
DWORD sidBufferSize = SLG_BUFSIZE * sizeof(BYTE);
TCHAR domainBuffer[SLG_BUFSIZE];
DWORD domainBufferSize = SLG_BUFSIZE * sizeof(TCHAR);
SID_NAME_USE snu;
UCHAR SubAuthorityCount = 0;
BOOL retBOOL = TRUE;
DWORD SubAuthIndex = 0;
int saved_errno = 0;
int nt_pid = _getpid();
char tbuf[SLG_BUFSIZE];
char fmt_cpy[SLG_BUFSIZE];
DWORD bufsize = SLG_BUFSIZE;
BOOL resBOOL = 0;
char ch, *t1, *t2;
DWORD retDWORD = 0;
saved_errno = errno;
/*
* Username retrieval
*/
if (*username == 0) {
retBOOL = GetUserName(username, &bufsize);
if (retBOOL == 0) {
SLG_DEBUG(fprintf(SLG_DEBUG_OUT, SLG01, GetLastError()));
SLG_PANIC();
}
}
ZeroMemory(sidBuffer, SLG_BUFSIZE);
LookupAccountName(
NULL,
username,
sidBuffer,
&sidBufferSize,
domainBuffer,
&domainBufferSize,
&snu);
SubAuthorityCount = *GetSidSubAuthorityCount(psid);
retBOOL = AllocateAndInitializeSid (
GetSidIdentifierAuthority(psid),
SubAuthorityCount,
0,0,0,0,0,0,0,0,
&PNtSid_
);
if (retBOOL != 0) {
for( ; SubAuthIndex < SubAuthorityCount ; SubAuthIndex++) {
*GetSidSubAuthority(PNtSid_, SubAuthIndex) =
*GetSidSubAuthority(psid, SubAuthIndex);
}
}
/*
* in case of error, PNtSid_ will remain NULL,
* which is OK anyway
*/
(void)sprintf(tbuf, "[pid %d / user %s] ", nt_pid, username);
for (p = tbuf; *p; ++p);
/*
* build the message
* substitute error message for %m
*/
for (t1 = fmt_cpy; ch = *fmt; ++fmt) {
if (ch == '%' && fmt[1] == 'm') {
++fmt;
for (t2 = strerror(saved_errno); *t1 = *t2++; ++t1);
}
else
*t1++ = ch;
}
*t1 = '\0';
vsprintf(p, fmt_cpy, ap);
aszMsg[0] = tbuf;
/*
* consider the event types:
* EVENTLOG_ERROR_TYPE
* EVENTLOG_WARNING_TYPE
* EVENTLOG_INFORMATION_TYPE
*
*/
switch(pri) {
case LOG_EMERG: /* system is unusable */
case LOG_ALERT: /* action must be taken immediately */
case LOG_CRIT: /* critical conditions */
case LOG_ERR: /* error conditions */
nt_prio = EVENTLOG_ERROR_TYPE;
break;
case LOG_WARNING: /* warning conditions */
case LOG_NOTICE: /* normal but significant condition */
nt_prio = EVENTLOG_WARNING_TYPE;
break;
case LOG_INFO: /* informational */
case LOG_DEBUG: /* debug-level messages */
nt_prio = EVENTLOG_INFORMATION_TYPE;
break;
}
if (!ReportEvent(
h, /* event log handle */
nt_prio, /* event type */
SLG_ONE, /* category identifier */
SLG_01, /* event identifier */
PNtSid_, /* user security identifier */
1, /* one substitution string */
0, /* no data */
(LPTSTR *) aszMsg, /* address of string array */
NULL) /* address of data */
) {
SLG_DEBUG(fprintf(SLG_DEBUG_OUT, SLG02));
SLG_PANIC();
}
}