/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackSdOwner(
_In_ HANDLE hOutfile,
_Inout_ PLDAP_RETRIEVED_DATA pLdapRetreivedData
) {
BOOL bResult = FALSE;
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
PACL pDacl = { 0 };
PSECURITY_DESCRIPTOR pSd = (PSECURITY_DESCRIPTOR)pLdapRetreivedData->ppbData[0];
if (!IsValidSecurityDescriptor(pSd)) {
LOG(Err, _T("Invalid security descriptor"));
return;
}
bResult = ControlWriteOwnerOutline(hOutfile, pSd, pLdapRetreivedData->tDN, CONTROL_AD_OWNER_KEYWORD);
if (!bResult) {
LOG(Err, _T("Cannot write owner control relation for <%s>"), pLdapRetreivedData->tDN);
}
bResult = GetSecurityDescriptorDacl(pSd, &bDaclPresent, &pDacl, &bDaclDefaulted);
if (bResult == FALSE) {
LOG(Err, _T("Failed to get DACL <%u>"), GetLastError());
return;
}
if (bDaclPresent == FALSE || pDacl == NULL) {
LOG(Info, "Null or no DACL for element <%s>", pLdapRetreivedData->tDN);
bResult = ControlWriteOutline(hOutfile, gs_ptSidEveryone, pLdapRetreivedData->tDN, CONTROL_AD_NULL_DACL_KEYWORD);
if (bResult == FALSE) {
LOG(Err, _T("Cannot write null-dacl control relation for <%s>"), pLdapRetreivedData->tDN);
return;
}
}
}
static int
iwin32_file_set_sid (const char *file, PSID sid)
{
char file_sd_buf [256];
PSECURITY_DESCRIPTOR file_sd = (PSECURITY_DESCRIPTOR) &file_sd_buf;
if (!InitializeSecurityDescriptor (file_sd, SECURITY_DESCRIPTOR_REVISION)) return 0;
if (!SetSecurityDescriptorOwner (file_sd, sid, FALSE)) return 0;
if (!IsValidSecurityDescriptor (file_sd)) return 0;
if (!SetFileSecurity (file, (SECURITY_INFORMATION)(OWNER_SECURITY_INFORMATION),
file_sd)) return 0;
return 1;
}
BOOL ValidateSecurity(uch *securitydata)
{
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)securitydata;
PACL pAcl;
PSID pSid;
BOOL bAclPresent;
BOOL bDefaulted;
if(!IsWinNT()) return TRUE; /* don't do anything if not on WinNT */
if(!IsValidSecurityDescriptor(sd)) return FALSE;
/* verify Dacl integrity */
if(!GetSecurityDescriptorDacl(sd, &bAclPresent, &pAcl, &bDefaulted))
return FALSE;
if(bAclPresent && pAcl!=NULL) {
if(!IsValidAcl(pAcl)) return FALSE;
}
/* verify Sacl integrity */
if(!GetSecurityDescriptorSacl(sd, &bAclPresent, &pAcl, &bDefaulted))
return FALSE;
if(bAclPresent && pAcl!=NULL) {
if(!IsValidAcl(pAcl)) return FALSE;
}
/* verify owner integrity */
if(!GetSecurityDescriptorOwner(sd, &pSid, &bDefaulted))
return FALSE;
if(pSid != NULL) {
if(!IsValidSid(pSid)) return FALSE;
}
/* verify group integrity */
if(!GetSecurityDescriptorGroup(sd, &pSid, &bDefaulted))
return FALSE;
if(pSid != NULL) {
if(!IsValidSid(pSid)) return FALSE;
}
return TRUE;
}
//Code taken from http://stackoverflow.com/questions/1453497/discover-if-user-has-admin-rights Have not checked if it is valid yet.... TODO!!!
bool RemoteDesktop::IsUserAdmin(){
struct Data
{
PACL pACL;
PSID psidAdmin;
HANDLE hToken;
HANDLE hImpersonationToken;
PSECURITY_DESCRIPTOR psdAdmin;
Data() : pACL(NULL), psidAdmin(NULL), hToken(NULL),
hImpersonationToken(NULL), psdAdmin(NULL)
{}
~Data()
{
if (pACL)
LocalFree(pACL);
if (psdAdmin)
LocalFree(psdAdmin);
if (psidAdmin)
FreeSid(psidAdmin);
if (hImpersonationToken)
CloseHandle(hImpersonationToken);
if (hToken)
CloseHandle(hToken);
}
} data;
BOOL fReturn = FALSE;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE | TOKEN_QUERY, TRUE, &data.hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
return false;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &data.hToken))
return false;
}
if (!DuplicateToken(data.hToken, SecurityImpersonation, &data.hImpersonationToken))
return false;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &data.psidAdmin))
return false;
data.psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (data.psdAdmin == NULL)
return false;
if (!InitializeSecurityDescriptor(data.psdAdmin, SECURITY_DESCRIPTOR_REVISION))
return false;
// Compute size needed for the ACL.
auto dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(data.psidAdmin) - sizeof(DWORD);
data.pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (data.pACL == NULL)
return false;
if (!InitializeAcl(data.pACL, dwACLSize, ACL_REVISION2))
return false;
DWORD dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(data.pACL, ACL_REVISION2, dwAccessMask, data.psidAdmin))
return false;
if (!SetSecurityDescriptorDacl(data.psdAdmin, TRUE, data.pACL, FALSE))
return false;
// AccessCheck validates a security descriptor somewhat; set the group
// and owner so that enough of the security descriptor is filled out
// to make AccessCheck happy.
SetSecurityDescriptorGroup(data.psdAdmin, data.psidAdmin, FALSE);
SetSecurityDescriptorOwner(data.psdAdmin, data.psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(data.psdAdmin))
return false;
DWORD dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
DWORD dwStatus = 0;
if (!AccessCheck(data.psdAdmin, data.hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
return false;
}
return fReturn == TRUE;
}
// Basically Microsoft 118626
// Needed for vista as it fakes the admin rights on the registry and screws everything up
bool CGlobalSettings::isAdmin()
{
static int isAd = 0;
bool fReturn = false;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if(isAd)
return isAd>0?true:false;
__try
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation, &hImpersonationToken))
__leave;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
BOOL bRet;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bRet))
__leave;
fReturn = bRet?true:false;
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
}
isAd=fReturn?1:-1;
return fReturn;
}
void CheckNddeShare()
{
DWORD dwAvail;
WORD wItems=0;
BYTE buffer[200];
//LPBYTE buffer;
CHAR szres[255];
DWORD err=0;
char szerror[16];
char *sztopiclist = {"bugboard|bugboard\0bugboard|bugboard\0bugboard|bugboard\0\0"};
//FARPROC fpNDdeShareGetInfo;
PSID pworldsid;
PACL pacl;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_WORLD_SID_AUTHORITY;
SECURITY_DESCRIPTOR sd;
//HINSTANCE hinstNDDEAPI=NULL;
SetErrorMode(SEM_FAILCRITICALERRORS); //_NOOPENFILEERRORBOX);
HINSTANCE hinstNDDEAPI = LoadLibrary("NDDEAPI.DLL");
if (NULL == hinstNDDEAPI) // <= HINSTANCE_ERROR)
{
MessageBox(NULL, "NDDEAPI.DLL not found in path", "bugboard.exe", MB_OK | MB_ICONSTOP);
return;
}
SGIPROC fpNDdeShareGetInfo = (SGIPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareGetInfoA");
if (fpNDdeShareGetInfo == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
UINT ret = (*fpNDdeShareGetInfo)(NULL, "bugboard$", 2,
buffer, sizeof(buffer), &dwAvail, &wItems);
if (ret != NDDE_SHARE_NOT_EXIST) {
return;
}
NDDESHAREINFO *pnddeInfo = (NDDESHAREINFO *)buffer;
SAPROC lpfnNDdeShareAdd =
(SAPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareAddA");
if (lpfnNDdeShareAdd == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
/* this is all different for win32 (NT)
lstrcpy(pnddeInfo->szShareName, "bugboard$");
pnddeInfo->lpszTargetApp = "bugboard";
pnddeInfo->lpszTargetTopic = "bugboard";
pnddeInfo->lpbPassword1 = (LPBYTE) "";
pnddeInfo->cbPassword1 = 0;
pnddeInfo->dwPermissions1 = 15;
pnddeInfo->lpbPassword2 = (LPBYTE) "";
pnddeInfo->cbPassword2 = 0;
pnddeInfo->dwPermissions2 = 0;
pnddeInfo->lpszItem = "";
pnddeInfo->cAddItems = 0;
pnddeInfo->lpNDdeShareItemInfo = NULL;
*/
// current structure
pnddeInfo->lRevision = 1L;
pnddeInfo->lpszShareName = _strdup("bugboard$");
pnddeInfo->lShareType = SHARE_TYPE_NEW | SHARE_TYPE_OLD | SHARE_TYPE_STATIC;
pnddeInfo->lpszAppTopicList = (LPTSTR)sztopiclist;
pnddeInfo->fSharedFlag = 1;
pnddeInfo->fService = 0;
pnddeInfo->fStartAppFlag = 0;
pnddeInfo->nCmdShow = SW_SHOWMAXIMIZED;
pnddeInfo->qModifyId[0] = 0;
pnddeInfo->qModifyId[1] = 0;
pnddeInfo->cNumItems = 0;
pnddeInfo->lpszItemList = "\0";
if (!AllocateAndInitializeSid( &IdentifierAuthority,
1,
SECURITY_WORLD_RID,
0,0,0,0,0,0,0,
&pworldsid))
{
FreeLibrary(hinstNDDEAPI);
return;
}
pacl = (ACL*)malloc(sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD) ) ;
InitializeAcl(pacl,
sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD),
ACL_REVISION);
if (!IsValidAcl) {
MessageBox(NULL, "ACL not valid", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!AddAccessAllowedAce(pacl,
ACL_REVISION,
STANDARD_RIGHTS_ALL | MAXIMUM_ALLOWED | GENERIC_ALL | ACCESS_SYSTEM_SECURITY,
pworldsid)) {
MessageBox(NULL, "Add ACE failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
MessageBox(NULL, "Init sd failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorOwner(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorGroup(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!IsValidSecurityDescriptor(&sd))
{
MessageBox(NULL, "Invalid sd", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
ret = (*lpfnNDdeShareAdd)(NULL, 2, &sd, buffer, sizeof(buffer));
if (ret != NDDE_NO_ERROR && ret != NDDE_SHARE_ALREADY_EXIST) {
SGSPROC lpfnNDdeGetErrorString =
(SGSPROC) GetProcAddress(hinstNDDEAPI, "NDdeGetErrorStringA");
if (lpfnNDdeGetErrorString == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
(*lpfnNDdeGetErrorString)(ret, (LPSTR)szres, 255);
MessageBox(NULL, (LPSTR)szres, "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
SSTPROC lpfnNDdeSetTrustedShare =
(SSTPROC) GetProcAddress(hinstNDDEAPI, "NDdeSetTrustedShareA");
if (NDDE_NO_ERROR != ((*lpfnNDdeSetTrustedShare)(NULL, pnddeInfo->lpszShareName, NDDE_TRUST_SHARE_INIT)))
{
MessageBox(NULL, "Unable to set trusted share", "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
}
FreeLibrary(hinstNDDEAPI);
}
BOOL OsIsAdmin(void)
{
BOOL fReturn = FALSE;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
__try
{
/*
AccessCheck() requires an impersonation token. We first get a
primary
token and then create a duplicate impersonation token. The
impersonation token is not actually assigned to the thread, but is
used in the call to AccessCheck. Thus, this function itself never
impersonates, but does use the identity of the thread. If the
thread
was impersonating already, this function uses that impersonation
context.
*/
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY,
TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation,
&hImpersonationToken))
__leave;
/*
Create the binary representation of the well-known SID that
represents the local administrators group. Then create the
security
descriptor and DACL with an ACE that allows only local admins
access.
After that, perform the access check. This will determine whether
the current user is a local admin.
*/
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask= ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask,
psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
/*
AccessCheck validates a security descriptor somewhat; set the
group
and owner so that enough of the security descriptor is filled out
to
make AccessCheck happy.
*/
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
/*
Initialize GenericMapping structure even though you
do not use generic rights.
*/
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
fReturn = FALSE;
__leave;
}
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return fReturn;
}
// https://ru.wikipedia.org/wiki/DACL + https://github.com/hfiref0x/WinObjEx64/tree/master/Source
BOOL AddAllowSidForDevice(PWCHAR wchPath, PSID lpSid, DWORD dwSidLength) {
OBJECT_ATTRIBUTES ObjAtt;
RtlZeroMemory(&ObjAtt, sizeof(ObjAtt));
UNICODE_STRING UserModeDeviceName;
WCHAR PathBuffer[MAX_PATH] = { 0 };
wcscpy_s(PathBuffer, L"\\??\\");
wcscat_s(PathBuffer, wchPath);
UserModeDeviceName.Buffer = PathBuffer;
UserModeDeviceName.Length = (USHORT)(wcslen(PathBuffer) * sizeof(WCHAR));
UserModeDeviceName.MaximumLength = (USHORT)(UserModeDeviceName.Length + sizeof(WCHAR));
InitializeObjectAttributes(&ObjAtt, &UserModeDeviceName, 0, 0, 0);
HANDLE hFile;
IO_STATUS_BLOCK IoStatusBlock;
NTSTATUS status = ntdll_ZwOpenFile(&hFile, WRITE_DAC | READ_CONTROL, &ObjAtt, &IoStatusBlock, 0, 0);
if (status != STATUS_SUCCESS) {
DebugOut("ZwOpenFile(..., %S,...) failed! (status=%x)\n", wchPath, status);
return FALSE;
}
DWORD LastError;
SECURITY_DESCRIPTOR *lpSd = NULL; // адрес дескриптора безопасности
DWORD dwSdLength = 0; // длина SD
if (!GetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, NULL, dwSdLength, &dwSdLength)) {
LastError = GetLastError();
if (LastError == ERROR_INSUFFICIENT_BUFFER) {
dwSdLength += 1000; // !! FIX_ME
lpSd = (SECURITY_DESCRIPTOR*)malloc(dwSdLength);
if (!GetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, lpSd, dwSdLength, &dwSdLength)) {
DebugOut("GetKernelObjectSecurity[2](...) failed! (LastError=0x%x)\n", GetLastError());
CloseHandle(hFile);
return FALSE;
}
} else {
DebugOut("GetKernelObjectSecurity[1](...) failed! (LastError=0x%x)\n", LastError);
CloseHandle(hFile);
return FALSE;
}
}
ACL* lpOldDacl; // указатель на старый DACL
BOOL bDaclPresent; // признак присутствия списка DACL
BOOL bDaclDefaulted; // признак списка DACL по умолчанию
if (!GetSecurityDescriptorDacl(lpSd, &bDaclPresent, &lpOldDacl, &bDaclDefaulted)) { // получаем список DACL из дескриптора безопасности
DebugOut("GetSecurityDescriptorDacl(...) failed! (LastError=0x%x)\n", GetLastError());
CloseHandle(hFile);
return FALSE;
}
DWORD dwDaclLength = lpOldDacl->AclSize + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + dwSidLength; // определяем длину нового DACL
ACL* lpNewDacl = (ACL*)malloc(dwDaclLength);
if (!InitializeAcl(lpNewDacl, dwDaclLength, ACL_REVISION)) { // инициализируем новый DACL
DebugOut("InitializeAcl(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!AddAccessAllowedAce(lpNewDacl, ACL_REVISION,ACCOUNT_ALLOW_RIGHTS, lpSid)) { // добавляем новый элемент в новый DACL
DebugOut("AddAccessAllowedAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
LPVOID lpAce; // указатель на элемент ACE
if (!GetAce(lpOldDacl, 0, &lpAce)) { // получаем адрес первого ACE в старом списке DACL
DebugOut("GetAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
// переписываем элементы из старого DACL в новый DACL
if (bDaclPresent) {
if (!AddAce(lpNewDacl, ACL_REVISION, MAXDWORD, lpAce, lpOldDacl->AclSize - sizeof(ACL))) {
DebugOut("AddAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
}
if (!IsValidAcl(lpNewDacl)) { // проверяем достоверность DACL
DebugOut("IsValidAcl(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
SECURITY_DESCRIPTOR sdAbsoluteSd; // абсолютный формат SD
if (!InitializeSecurityDescriptor(&sdAbsoluteSd, SECURITY_DESCRIPTOR_REVISION)) { // создаем новый дескриптор безопасности в абсолютной форме
DebugOut("InitializeSecurityDescriptor(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!SetSecurityDescriptorDacl(&sdAbsoluteSd, TRUE, lpNewDacl, FALSE)) { // устанавливаем DACL в новый дескриптор безопасности
DebugOut("SetSecurityDescriptorDacl(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
// проверяем структуру дескриптора безопасности
if (!IsValidSecurityDescriptor(&sdAbsoluteSd)) {
DebugOut("IsValidSecurityDescriptor(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!SetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, &sdAbsoluteSd)) { // устанавливаем новый дескриптор безопасности
DebugOut("IsValidSecurityDescriptor(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
free(lpNewDacl);
CloseHandle(hFile);
DebugOut("ACL Rules applyed to \"%S\"\n", PathBuffer);
return TRUE;
}
BOOL SecuritySet(char *resource, PVOLUMECAPS VolumeCaps, uch *securitydata)
{
HANDLE hFile;
DWORD dwDesiredAccess = 0;
DWORD dwFlags = 0;
PSECURITY_DESCRIPTOR sd = (PSECURITY_DESCRIPTOR)securitydata;
SECURITY_DESCRIPTOR_CONTROL sdc;
SECURITY_INFORMATION RequestedInfo = 0;
DWORD dwRev;
BOOL bRestorePrivilege = FALSE;
BOOL bSaclPrivilege = FALSE;
BOOL bSuccess;
if(!bInitialized) if(!Initialize()) return FALSE;
/* defer directory processing */
if(VolumeCaps->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
/* opening a directory requires FILE_FLAG_BACKUP_SEMANTICS */
dwFlags |= FILE_FLAG_BACKUP_SEMANTICS;
}
/* evaluate the input security descriptor and act accordingly */
if(!IsValidSecurityDescriptor(sd))
return FALSE;
if(!GetSecurityDescriptorControl(sd, &sdc, &dwRev))
return FALSE;
/* setup privilege usage based on if told we can use privileges, and if so,
what privileges we have */
if(VolumeCaps->bUsePrivileges) {
if(VolumeCaps->bRemote) {
/* use remotely determined privileges */
if(VolumeCaps->dwRemotePrivileges & OVERRIDE_RESTORE)
bRestorePrivilege = TRUE;
if(VolumeCaps->dwRemotePrivileges & OVERRIDE_SACL)
bSaclPrivilege = TRUE;
} else {
/* use local privileges */
bRestorePrivilege = g_bRestorePrivilege;
bSaclPrivilege = g_bSaclPrivilege;
}
}
/* if a Dacl is present write Dacl out */
/* if we have SeRestorePrivilege, write owner and group info out */
if(sdc & SE_DACL_PRESENT) {
dwDesiredAccess |= WRITE_DAC;
RequestedInfo |= DACL_SECURITY_INFORMATION;
if(bRestorePrivilege) {
dwDesiredAccess |= WRITE_OWNER;
RequestedInfo |= (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION);
}
}
/* if a Sacl is present and we have either SeRestorePrivilege or
SeSystemSecurityPrivilege try to write Sacl out */
if((sdc & SE_SACL_PRESENT) && (bRestorePrivilege || bSaclPrivilege)) {
dwDesiredAccess |= ACCESS_SYSTEM_SECURITY;
RequestedInfo |= SACL_SECURITY_INFORMATION;
}
if(RequestedInfo == 0) /* nothing to do */
return FALSE;
if(bRestorePrivilege)
dwFlags |= FILE_FLAG_BACKUP_SEMANTICS;
hFile = CreateFileA(
resource,
dwDesiredAccess,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,/* max sharing */
NULL,
OPEN_EXISTING,
dwFlags,
NULL
);
if(hFile == INVALID_HANDLE_VALUE)
return FALSE;
bSuccess = SetKernelObjectSecurity(hFile, RequestedInfo, sd);
CloseHandle(hFile);
return bSuccess;
}
//**********************************************************************
//
// FUNCTION: IsAdmin - This function checks the token of the
// calling thread to see if the caller belongs to
// the Administrators group.
//
// PARAMETERS: none
//
// RETURN VALUE: TRUE if the caller is an administrator on the local
// machine. Otherwise, FALSE.
//
//**********************************************************************
BOOL IsAdmin(void)
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
__try {
// AccessCheck() requires an impersonation token.
ImpersonateSelf(SecurityImpersonation);
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN) __leave;
// If the thread does not have an access token, we'll
// examine the access token associated with the process.
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) __leave;
}
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL) __leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION)) __leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
// Allocate memory for ACL.
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL) __leave;
// Initialize the new ACL.
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2)) __leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
// Add the access-allowed ACE to the DACL.
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin)) __leave;
// Set the DACL to the SD.
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE)) __leave;
// AccessCheck is sensitive about what is in the SD; set
// the group and owner.
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin)) __leave;
dwAccessDesired = ACCESS_READ;
//
// Initialize GenericMapping structure even though you
// do not use generic rights.
//
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bReturn))
{
printf("AccessCheck() failed with error %lu\n", GetLastError());
__leave;
}
RevertToSelf();
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return bReturn;
}
int main(int argc, char * argv[]) {
//Linked list to contain the datatable columns metadata
typedef struct _COLUMNLIST {
int type;
int id;
char name[NAME_SIZE];
struct _COLUMNLIST * next;
}COLUMNLIST;
COLUMNLIST *columnList;
COLUMNLIST *listHead = (COLUMNLIST *)malloc(sizeof(COLUMNLIST));
JET_ERR err;
JET_INSTANCE instance = JET_instanceNil;
JET_SESID sesid;
JET_DBID dbid;
JET_TABLEID tableid ;
/*
JET_COLUMNDEF *columndefid = malloc(sizeof(JET_COLUMNDEF));
JET_COLUMNDEF *columndeftype = malloc(sizeof(JET_COLUMNDEF));
JET_COLUMNDEF *columndeftypecol = malloc(sizeof(JET_COLUMNDEF));
JET_COLUMNDEF *columndefname = malloc(sizeof(JET_COLUMNDEF));
JET_COLUMNDEF *columndefobjid = malloc(sizeof(JET_COLUMNDEF));
*/
JET_COLUMNDEF _columndefid;
JET_COLUMNDEF _columndeftype;
JET_COLUMNDEF _columndeftypecol;
JET_COLUMNDEF _columndefname;
JET_COLUMNDEF _columndefobjid;
JET_COLUMNDEF *columndefid = &_columndefid;
JET_COLUMNDEF *columndeftype = &_columndeftype;
JET_COLUMNDEF *columndeftypecol = &_columndeftypecol;
JET_COLUMNDEF *columndefname = &_columndefname;
JET_COLUMNDEF *columndefobjid = &_columndefobjid;
unsigned long a,b,c,d,e;
long bufferid[16];
char buffertype[256];
char buffertypecol[8];
char buffername[NAME_SIZE];
long bufferobjid[8];
//Actually max buffer size should depend on the page size but it doesn't. Further investigation required.
unsigned char jetBuffer[JET_BUFFER_SIZE];
unsigned long jetSize;
char *baseName = argv[2];
char *targetTable;
char *tableName;
unsigned int datatableId = 0xffffffff;
unsigned int i;
FILE *dump;
char dumpFileName[64];
//SYSTEMTIME lt;
RPC_WSTR Guid = NULL;
LPWSTR stringSid = NULL;
long long sd_id = 0;
listHead->next = NULL;
columnList = listHead;
if( argc < 3)
PrintUsage();
if(!strcmp(argv[1],"ad") || !strcmp(argv[1],"sid") || !strcmp(argv[1],"att") || !strcmp(argv[1],"cat") || !strcmp(argv[1],"users"))
targetTable = "datatable";
else if(!strcmp(argv[1],"ace"))
targetTable = "sd_table";
else
PrintUsage();
if(!strcmp(argv[1],"sid"))
{
printf("To dump Exchange Mailbox security descriptors, \nenter the ATT value for your specific Exchange Schema:\n(msDS-IntId value for msExchMailboxSecurityDescriptor, \nfound in 'esent_dump att' results)\n");
printf("Otherwise just input anything and press enter\n");
scanf_s("%s",&exchangeMailboxSDCol[4], 28);
}
//Our result file, don't modify if you want to use auto import scripts from dbbrowser
//GetLocalTime(<);
//sprintf_s(dumpFileName, 64, "%s_ntds_%02d-%02d-%04d_%02dh%02d.csv",argv[1], lt.wDay, lt.wMonth, lt.wYear, lt.wHour, lt.wMinute);
sprintf_s(dumpFileName, 64, "%s-ntds.dit-dump.csv", argv[1]);
fopen_s(&dump, dumpFileName, "w");
if (dump == 0)
{
printf("Could not open csv file for writing\n");
return(-1);
}
if(!strcmp(argv[1],"ace"))
fprintf(dump, "sd_id\tPrimaryOwner\tPrimaryGroup\tACEType\tACEFlags\tAccessMask\tFlags\tObjectType\tInheritedObjectType\tTrusteeSID\n");
// Initialize ESENT.
// See http://msdn.microsoft.com/en-us/library/windows/desktop/gg269297(v=exchg.10).aspx for error codes
err = JetSetSystemParameter(0, JET_sesidNil, JET_paramDatabasePageSize, 8192, NULL);
err = JetCreateInstance(&instance, "blabla");
err = JetInit(&instance);
err = JetBeginSession(instance, &sesid, 0, 0);
err = JetAttachDatabase(sesid, baseName, JET_bitDbReadOnly);
if (err != 0)
{
printf("JetAttachDatabase : %i\n", err);
return(-1);
}
err = JetOpenDatabase(sesid, baseName, 0, &dbid, 0);
if (err != 0)
{
printf("JetOpenDatabase : %i\n", err);
return(-1);
}
//Let's enumerate the metadata about datatable (AD table)
tableName = "MSysObjects";
err = JetOpenTable(sesid, dbid, tableName, 0, 0, JET_bitTableReadOnly, &tableid);
printf("[*]Opened table: %s\n", tableName);
//Obtain structures with necessary information to retrieve column values
err = JetGetColumnInfo(sesid, dbid, tableName, "Id", columndefid, sizeof(JET_COLUMNDEF), JET_ColInfo);
err = JetGetColumnInfo(sesid, dbid, tableName, "Type", columndeftype, sizeof(JET_COLUMNDEF), JET_ColInfo);
err = JetGetColumnInfo(sesid, dbid, tableName, "ColtypOrPgnoFDP", columndeftypecol, sizeof(JET_COLUMNDEF), JET_ColInfo);
err = JetGetColumnInfo(sesid, dbid, tableName, "Name", columndefname, sizeof(JET_COLUMNDEF), JET_ColInfo);
err = JetGetColumnInfo(sesid, dbid, tableName, "ObjIdTable", columndefobjid, sizeof(JET_COLUMNDEF), JET_ColInfo);
//printf("Type de colonne :%d, de longueur : %d", columndef->coltyp, columndef->cbMax);
//Position the cursor at the first record
JetMove(sesid, tableid, JET_MoveFirst, 0);
//Retrieve columns metadata
do
{
JetRetrieveColumn(sesid, tableid, columndefid->columnid, 0, 0, &a, 0, 0);
JetRetrieveColumn(sesid, tableid, columndefid->columnid, bufferid, a, 0, 0, 0);
JetRetrieveColumn(sesid, tableid, columndeftype->columnid, 0, 0, &b, 0, 0);
JetRetrieveColumn(sesid, tableid, columndeftype->columnid, buffertype, b, 0, 0, 0);
JetRetrieveColumn(sesid, tableid, columndeftypecol->columnid, 0, 0, &e, 0, 0);
JetRetrieveColumn(sesid, tableid, columndeftypecol->columnid, buffertypecol, e, 0, 0, 0);
JetRetrieveColumn(sesid, tableid, columndefname->columnid, 0, 0, &c, 0, 0);
JetRetrieveColumn(sesid, tableid, columndefname->columnid, buffername, c, 0, 0, 0);
buffername[c]='\0';
if(datatableId == 0xffffffff && !strcmp(buffername, targetTable))
{
//We found the target table in the metadata, pickup its id and make another pass
datatableId = bufferid[0];
printf("[*]%s tableID found : %d\n", buffername, datatableId);
JetMove(sesid, tableid, JET_MoveFirst, 0);
continue;
}
JetRetrieveColumn(sesid, tableid, columndefobjid->columnid, 0, 0, &d, 0, 0);
JetRetrieveColumn(sesid, tableid, columndefobjid->columnid, bufferobjid, d, 0, 0, 0);
//We got the correct type and table id, let's dump the column name and add it to the column list
if(buffertype[0] == 2 && bufferobjid[0] == datatableId)
{
unsigned int j;
columnList->next = (COLUMNLIST *)malloc(sizeof(COLUMNLIST));
if(!columnList->next) {
printf("Memory allocation failed during metadata dump\n");
return(-1);
}
columnList = columnList->next;
columnList->next = NULL;
for(j=0;j<c;j++)
columnList->name[j] = buffername[j];
columnList->name[c] = '\0';
columnList->type = buffertypecol[0];
columnList->id = bufferid[0];
}
}while(JetMove(sesid, tableid, JET_MoveNext, 0) == JET_errSuccess);
JetCloseTable(sesid, tableid);
//Let's use our metadata to dump the whole AD schema
tableName = targetTable;
err = JetOpenTable(sesid, dbid, tableName, 0, 0, JET_bitTableReadOnly, &tableid);
printf("[*]Opened table: %s\n", tableName);
printf("Dumping %s column names...\n", tableName);
columnList = listHead;
while(columnList->next)
{
columnList = columnList->next;
if(!strcmp("ad",argv[1]))
fprintf(dump,"%d:%s\t",columnList->type,columnList->name);
else
if(ValidateColumn(argv[1], columnList->name))
fprintf(dump, "%s\t", translateATT(columnList->name));
};
fprintf(dump,"\n");
printf("Dumping content...\n");
JetMove(sesid, tableid, JET_MoveFirst, 0);
do
{
columnList = listHead;
while(columnList->next)
{
columnList = columnList->next;
if(ValidateColumn(argv[1], columnList->name))
{
//NOTE that this approach implies post processing multi valued columns if you re-use this code...
err = JetRetrieveColumn(sesid, tableid, columnList->id, 0, 0, &jetSize, 0, 0);
#ifdef _DEBUG
//positive are warnings, -1047 is invalid buffer size which is expected here
if (err < 0 && err != -1047) {
printf("JetRetrieveColumn error : %i, jetSize : %d\n", err, jetSize);
return(-2);
}
if (jetSize > JET_BUFFER_SIZE) {
printf("Jet Buffer incorrect size preset: %d bytes are needed\n",jetSize);
return(-2);
}
#endif
memset(jetBuffer,0,JET_BUFFER_SIZE);
switch(columnList->type) {
//signed int types
case 4:
JetRetrieveColumn(sesid, tableid, columnList->id, jetBuffer, jetSize, 0, 0, 0);
//Specific useraccountcontrol code, currently dead code
if(!strcmp("users",argv[1]) && !strcmp("ATTj589832",columnList->name))
{
if(jetBuffer[0] & ADS_UF_ACCOUNTDISABLE)
fprintf(dump,"disabled ");
if(jetBuffer[0] & ADS_UF_DONT_EXPIRE_PASSWD)
fprintf(dump,"dontexpire ");
if(jetBuffer[0] & ADS_UF_LOCKOUT)
fprintf(dump,"lockedout ");
if(jetBuffer[0] & ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED)
fprintf(dump,"reversiblepwd ");
}
else
fprintf(dump,"%d",*(int *)jetBuffer);
/*
fprintf(dump,"%u_",*(unsigned int *)jetBuffer);
for(unsigned int i=0;i<jetSize;i++)
fprintf(dump,"%.2X",jetBuffer[i]);
*/
break;
//signed long long type
case 5:
JetRetrieveColumn(sesid, tableid, columnList->id, jetBuffer, jetSize, 0, 0, 0);
if(!strcmp("sd_id",columnList->name))
sd_id = *(long long *)jetBuffer;
else
fprintf(dump,"%lld",*(long long *)jetBuffer);
break;
//Raw binary types
case 9:
JetRetrieveColumn(sesid, tableid, columnList->id, jetBuffer, jetSize, 0, 0, 0);
for(i=0;i<jetSize;i++)
fprintf(dump,"%.2X",jetBuffer[i]);
break;
case 11:
/* We check matches on security descriptor, then SID
* to display accordingly, otherwise hex dump
*/
JetRetrieveColumn(sesid, tableid, columnList->id, jetBuffer, jetSize, 0, 0, 0);
if(!strcmp("sd_value",columnList->name) && IsValidSecurityDescriptor(jetBuffer))
{
//Correct sd_id because sd_id column is before sd_value column in sd_table
DumpACE(sd_id, jetBuffer, dump);
}
else if(!strcmp("ATTr589970",columnList->name) && IsValidSid(jetBuffer))
{
//AD SID storage swaps endianness in RID bytes (yeah !)
unsigned char temp;
temp = jetBuffer[24];
jetBuffer[24] = jetBuffer[27];
jetBuffer[27] = temp;
temp = jetBuffer[25];
jetBuffer[25] = jetBuffer[26];
jetBuffer[26] = temp;
ConvertSidToStringSid((PSID)jetBuffer, &stringSid);
fwprintf(dump, L"%s", stringSid);
LocalFree(stringSid);
stringSid = NULL;
}
//NT Security Descriptor index to lookup in sd_table
else if(!strcmp("sid",argv[1]) && ( !strcmp("ATTp131353",columnList->name) || !strcmp(exchangeMailboxSDCol,columnList->name) ))
{
fprintf(dump,"%d",*(int *)jetBuffer);
}
//Schema-Id-Guid
else if(!strcmp("sid",argv[1]) && !strcmp("ATTk589972",columnList->name) )
{
UuidToString((UUID *)jetBuffer, &Guid);
fwprintf(dump,L"%s",Guid);
RpcStringFree(&Guid);
Guid = NULL;
}
else //hex dump
for(i=0;i<jetSize;i++)
fprintf(dump,"%.2X",jetBuffer[i]);
/* dumping type 11 as int (?)
else
{
fprintf(dump,"%d",*(int *)jetBuffer);
printf("dump type 11 as int : %d\n", *(int *)jetBuffer);
}
*/
break;
//widechar text types
case 10:
case 12:
JetRetrieveColumn(sesid, tableid, columnList->id, jetBuffer, jetSize, 0, 0, 0);
for(i=0;i<jetSize/2;i++)
if((wchar_t)jetBuffer[2*i] != '\t' || (wchar_t)jetBuffer[2*i] != '\n' || (wchar_t)jetBuffer[2*i] != '\r')
fwprintf(dump,L"%c",(wchar_t)jetBuffer[2*i]);
break;
};
if(strcmp("ace",argv[1]))
fprintf(dump,"\t");
}
}
if(strcmp("ace",argv[1]))
fprintf(dump,"\n");
}while(JetMove(sesid, tableid, JET_MoveNext, 0) == JET_errSuccess);
// cleanup
printf("cleaning...\n");
JetCloseTable(sesid, tableid);
JetEndSession(sesid, 0);
JetTerm(instance);
fclose(dump);
return 0;
}
bool SecurityDescriptor::isValid()
{
return IsValidSecurityDescriptor(&m_sd) == TRUE;
}
/*))
// NOTE!!! that does not check for length of Security Descriptor
\\ so if buffer is unsufficient memory will be messed
// To obtain size of buffer use XFSSecurityDescriptorSize()
((*/
LIB_EXPORT
rc_t CC
XFSSecurityDescriptor (
SECURITY_INFORMATION SecInfo,
const char * Permissions,
XFSNType NodeType,
PSECURITY_DESCRIPTOR Descriptor,
ULONG DescriptorLength
)
{
rc_t RCt;
SECURITY_DESCRIPTOR AbsDescriptor;
const struct XFSPerm * Perm;
DWORD DscLen;
RCt = 0;
Perm = NULL;
DscLen = DescriptorLength;
if ( Permissions == NULL || Descriptor == NULL ) {
return XFS_RC ( rcNull );
}
RCt = XFSPermMake ( Permissions, & Perm );
if ( RCt != 0 || Perm == NULL ) {
return XFS_RC ( rcInvalid );
}
RCt = _SD_Set ( SecInfo, Perm, NodeType, & AbsDescriptor );
if ( RCt == 0 ) {
/*)) Checking if SD is valid
((*/
if ( IsValidSecurityDescriptor ( & AbsDescriptor ) == 0 ) {
RCt = XFS_RC ( rcInvalid );
}
else {
/*)) we should convert absolute to selfrelative
((*/
if ( MakeSelfRelativeSD (
& AbsDescriptor,
Descriptor,
& DscLen
) == 0
) {
RCt = XFS_RC ( rcInvalid );
}
}
}
/*
_SD_SR_Dump ( & AbsDescriptor );
_SD_AB_Dump ( Descriptor, DescriptorLength );
*/
free ( ( struct XFSPerm * ) Perm );
_SD_Dispose ( & AbsDescriptor );
return RCt;
} /* XFSSecurityDescriptor () */
gboolean
isadmin_win32()
{
BOOL bRet;
PACL pACL;
DWORD dwLen, dwStatus;
PSID psidAdmin;
HANDLE hTok, hItok;
PRIVILEGE_SET ps;
PSECURITY_DESCRIPTOR psdAdmin;
GENERIC_MAPPING gmap = {ACCESS_READ, ACCESS_WRITE, 0, ACCESS_READ | ACCESS_WRITE};
SID_IDENTIFIER_AUTHORITY SSidAuth = {SECURITY_NT_AUTHORITY};
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE | TOKEN_QUERY, TRUE, &hTok)) {
if (GetLastError() != ERROR_NO_TOKEN)
return FALSE;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &hTok))
return FALSE;
}
if (!DuplicateToken(hTok, SecurityImpersonation, &hItok))
return FALSE;
if (!AllocateAndInitializeSid(&SSidAuth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdmin))
return FALSE;
if (!(psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH)))
return FALSE;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
return FALSE;
dwLen = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
if (!(pACL = (PACL)LocalAlloc(LPTR, dwLen)))
return FALSE;
if (!InitializeAcl(pACL, dwLen, ACL_REVISION2))
return FALSE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, ACCESS_READ | ACCESS_WRITE, psidAdmin))
return FALSE;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
return FALSE;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
return FALSE;
dwLen = sizeof(PRIVILEGE_SET);
if (!AccessCheck(psdAdmin, hItok, ACCESS_READ, &gmap, &ps, &dwLen, &dwStatus, &bRet)) {
bRet = FALSE;
g_print("ERROR: %lu\n", GetLastError());
}
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hItok) CloseHandle(hItok);
if (hTok) CloseHandle(hTok);
return (gboolean)bRet;
}
bool StoreSD(IWbemServices * pSession, PSECURITY_DESCRIPTOR pSD)
{
bool bRet = false;
HRESULT hr;
if (!IsValidSecurityDescriptor(pSD))
return false;
// Get the class object
IWbemClassObject * pClass = NULL;
_bstr_t InstPath(L"__systemsecurity=@");
_bstr_t ClassPath(L"__systemsecurity");
hr = pSession->GetObject(ClassPath, 0, NULL, &pClass, NULL);
if(FAILED(hr))
return false;
// Get the input parameter class
_bstr_t MethName(L"SetSD");
IWbemClassObject * pInClassSig = NULL;
hr = pClass->GetMethod(MethName,0, &pInClassSig, NULL);
pClass->Release();
if(FAILED(hr))
return false;
// spawn an instance of the input parameter class
IWbemClassObject * pInArg = NULL;
pInClassSig->SpawnInstance(0, &pInArg);
pInClassSig->Release();
if(FAILED(hr))
return false;
// move the SD into a variant.
SAFEARRAY FAR* psa;
SAFEARRAYBOUND rgsabound[1]; rgsabound[0].lLbound = 0;
long lSize = GetSecurityDescriptorLength(pSD);
rgsabound[0].cElements = lSize;
psa = SafeArrayCreate( VT_UI1, 1 , rgsabound );
if(psa == NULL)
{
pInArg->Release();
return false;
}
char * pData = NULL;
hr = SafeArrayAccessData(psa, (void HUGEP* FAR*)&pData);
if(FAILED(hr))
{
pInArg->Release();
return false;
}
memcpy(pData, pSD, lSize);
SafeArrayUnaccessData(psa);
_variant_t var;
var.vt = VT_I4|VT_ARRAY;
var.parray = psa;
// put the property
hr = pInArg->Put(L"SD" , 0, &var, 0);
if(FAILED(hr))
{
pInArg->Release();
return false;
}
// Execute the method
IWbemClassObject * pOutParams = NULL;
hr = pSession->ExecMethod(InstPath,
MethName,
0,
NULL, pInArg,
NULL, NULL);
if(FAILED(hr))
printf("\nPut failed, returned 0x%x",hr);
return bRet;
}
HRESULT COpcSecurity::Attach(PSECURITY_DESCRIPTOR pSelfRelativeSD)
{
PACL pDACL = NULL;
PACL pSACL = NULL;
BOOL bDACLPresent, bSACLPresent;
BOOL bDefaulted;
PACL m_pDACL = NULL;
ACCESS_ALLOWED_ACE* pACE;
HRESULT hr;
PSID pUserSid;
PSID pGroupSid;
hr = Initialize();
if(FAILED(hr))
return hr;
// get the existing DACL.
if (!GetSecurityDescriptorDacl(pSelfRelativeSD, &bDACLPresent, &pDACL, &bDefaulted))
goto failed;
if (bDACLPresent)
{
if (pDACL)
{
// allocate new DACL.
m_pDACL = (PACL) malloc(pDACL->AclSize);
if (m_pDACL == NULL)
{
hr = E_OUTOFMEMORY;
goto failedMemory;
}
// initialize the DACL
if (!InitializeAcl(m_pDACL, pDACL->AclSize, ACL_REVISION))
goto failed;
// copy the ACES
for (int i = 0; i < pDACL->AceCount; i++)
{
if (!GetAce(pDACL, i, (void **)&pACE))
goto failed;
if (!AddAccessAllowedAce(m_pDACL, ACL_REVISION, pACE->Mask, (PSID)&(pACE->SidStart)))
goto failed;
}
if (!IsValidAcl(m_pDACL))
goto failed;
}
// set the DACL
if (!SetSecurityDescriptorDacl(m_pSD, m_pDACL ? TRUE : FALSE, m_pDACL, bDefaulted))
goto failed;
}
// get the existing SACL.
if (!GetSecurityDescriptorSacl(pSelfRelativeSD, &bSACLPresent, &pSACL, &bDefaulted))
goto failed;
if (bSACLPresent)
{
if (pSACL)
{
// allocate new SACL.
m_pSACL = (PACL) malloc(pSACL->AclSize);
if (m_pSACL == NULL)
{
hr = E_OUTOFMEMORY;
goto failedMemory;
}
// initialize the SACL
if (!InitializeAcl(m_pSACL, pSACL->AclSize, ACL_REVISION))
goto failed;
// copy the ACES
for (int i = 0; i < pSACL->AceCount; i++)
{
if (!GetAce(pSACL, i, (void **)&pACE))
goto failed;
if (!AddAccessAllowedAce(m_pSACL, ACL_REVISION, pACE->Mask, (PSID)&(pACE->SidStart)))
goto failed;
}
if (!IsValidAcl(m_pSACL))
goto failed;
}
// set the SACL
if (!SetSecurityDescriptorSacl(m_pSD, m_pSACL ? TRUE : FALSE, m_pSACL, bDefaulted))
goto failed;
}
if (!GetSecurityDescriptorOwner(m_pSD, &pUserSid, &bDefaulted))
goto failed;
if (FAILED(SetOwner(pUserSid, bDefaulted)))
goto failed;
if (!GetSecurityDescriptorGroup(m_pSD, &pGroupSid, &bDefaulted))
goto failed;
if (FAILED(SetGroup(pGroupSid, bDefaulted)))
goto failed;
if (!IsValidSecurityDescriptor(m_pSD))
goto failed;
return hr;
failed:
hr = HRESULT_FROM_WIN32(hr);
failedMemory:
if (m_pDACL)
{
free(m_pDACL);
m_pDACL = NULL;
}
if (m_pSD)
{
free(m_pSD);
m_pSD = NULL;
}
return hr;
}
BOOL
CreateSecurityDescriptor(const char* pUserName, IN OUT SECURITY_DESCRIPTOR * psd)
{
BOOL fReturnCode = FALSE;
PSID psidAdmins = NULL;
PACL paclKey = NULL;
DWORD cbReferencedDomain = 16;
DWORD cbSid = 128;
LPSTR lpReferencedDomain = NULL;
PSID psidUser = NULL;
SID_NAME_USE sidNameUse;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
// Here we're creating a System Identifier (SID) to represent
// the Admin group.
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmins))
{
goto cleanup;
}
// Now we'll find the System Identifier which represents
// the specified user
if((psidUser = HeapAlloc(GetProcessHeap(), 0, cbSid)) == NULL)
{
goto cleanup;
}
if((lpReferencedDomain = (LPSTR) HeapAlloc(GetProcessHeap(), 0,
cbReferencedDomain)) == NULL)
{
goto cleanup;
}
if (!LookupAccountName(NULL, // local system
pUserName, // account name
psidUser, // receive SID of the account
&cbSid, // size of the SID
lpReferencedDomain, // buffer to receive user's domain
&cbReferencedDomain, // size of UserDomain buffer
&sidNameUse)) // type of the user account
{
fReturnCode = FALSE;
goto cleanup;
}
if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
{
goto cleanup;
}
// We want the admin group to own this key.
if (!SetSecurityDescriptorOwner(psd, psidAdmins, 0))
{
goto cleanup;
}
// Finally we must allocate and construct the discretionary
// access control list (DACL) for the key.
// Note that _alloca allocates memory on the stack frame
// which will automatically be deallocated when this routine
// exits.
//if (!(paclKey = (PACL) _alloca(ACL_BUFFER_SIZE)))
//{
// goto cleanup;
//}
if (!(paclKey = (PACL) malloc(ACL_BUFFER_SIZE)))
{
goto cleanup;
}
if (!InitializeAcl(paclKey, ACL_BUFFER_SIZE, ACL_REVISION))
{
goto cleanup;
}
// Our DACL will contain two access control entries (ACEs). One which allows
// members of the Admin group complete access to the key, and one which gives
// read-only access to everyone.
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidAdmins))
{
goto cleanup;
}
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidUser))
{
goto cleanup;
}
if (!IsValidAcl(paclKey))
{
goto cleanup;
}
// We must bind this DACL to the security descriptor...
if (!SetSecurityDescriptorDacl(psd, TRUE, paclKey, FALSE))
{
goto cleanup;
}
if (!IsValidSecurityDescriptor(psd))
{
goto cleanup;
}
fReturnCode = TRUE;
cleanup:
if (paclKey)
{
free(paclKey);
paclKey = NULL;
}
return fReturnCode;
}
