VOID * QueueHashLookup(Queue *pQueue, PSID Sid, BOOL EnterCritSec) {
VOID * pValue;
QueueNode *pNextNode;
ASSERT(pQueue != NULL);
if (pQueue->lpCriticalSection != NULL && EnterCritSec) EnterCriticalSection(pQueue->lpCriticalSection);
#ifdef DEBUG2
DbgMsgRecord(TEXT("-> QueueHashLookup\n"));
#endif
pValue = NULL;
for (QueueNode *pNode = pQueue->pFirst; pNode != NULL; pNode = pNextNode) {
pNextNode = pNode->pNext;
if (EqualSid(((QueueHashNode *)(pNode->pData))->pKey, Sid) == TRUE) {
pValue = ((QueueHashNode *)(pNode->pData))->pValue;
break;
}
}
#ifdef DEBUG2
DbgMsgRecord(TEXT("<- QueueHashLookup\n"));
#endif
if (pQueue->lpCriticalSection != NULL && EnterCritSec) LeaveCriticalSection(pQueue->lpCriticalSection);
return pValue;
}
int
is_root( void )
{
int root = 0;
#if 1
PSID psid = my_user_Sid();
if( ! psid ) {
dprintf( D_ALWAYS,
"ERROR in is_root(): my_user_Sid() returned NULL\n" );
return 0;
}
root = EqualSid(psid, const_cast<SID*>(&sids.LocalSystem));
free (psid);
#else
char* user = my_username( 0 );
if( ! user ) {
dprintf( D_ALWAYS,
"ERROR in is_root(): my_username() returned NULL\n" );
return 0;
}
if( !strcasecmp(user, "SYSTEM") ) {
root = 1;
}
free( user );
#endif
return root;
}
/***********************************************************************
* IsNTAdmin (ADVPACK.@)
*
* Checks if the user has admin privileges.
*
* PARAMS
* reserved [I] Reserved. Must be 0.
* pReserved [I] Reserved. Must be NULL.
*
* RETURNS
* TRUE if user has admin rights, FALSE otherwise.
*/
BOOL WINAPI IsNTAdmin(DWORD reserved, LPDWORD pReserved)
{
SID_IDENTIFIER_AUTHORITY SidAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS pTokenGroups;
BOOL bSidFound = FALSE;
DWORD dwSize, i;
HANDLE hToken;
PSID pSid;
TRACE("(%d, %p)\n", reserved, pReserved);
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return FALSE;
if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
CloseHandle(hToken);
return FALSE;
}
}
pTokenGroups = HeapAlloc(GetProcessHeap(), 0, dwSize);
if (!pTokenGroups)
{
CloseHandle(hToken);
return FALSE;
}
if (!GetTokenInformation(hToken, TokenGroups, pTokenGroups, dwSize, &dwSize))
{
HeapFree(GetProcessHeap(), 0, pTokenGroups);
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
if (!AllocateAndInitializeSid(&SidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSid))
{
HeapFree(GetProcessHeap(), 0, pTokenGroups);
return FALSE;
}
for (i = 0; i < pTokenGroups->GroupCount; i++)
{
if (EqualSid(pSid, pTokenGroups->Groups[i].Sid))
{
bSidFound = TRUE;
break;
}
}
HeapFree(GetProcessHeap(), 0, pTokenGroups);
FreeSid(pSid);
return bSidFound;
}
static int
iwin32_uid_compare (user_id_t a, user_id_t b)
{
assert (a.value != NULL);
assert (b.value != NULL);
return EqualSid (a.value, b.value);
}
static int
iwin32_gid_compare (group_id_t a, group_id_t b)
{
assert (a.value != NULL);
assert (b.value != NULL);
return EqualSid (a.value, b.value);
}
JBoolean
JUserIsAdmin()
{
HANDLE tokenHandle;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &tokenHandle))
{
return kJFalse;
}
DWORD returnLength;
GetTokenInformation(tokenHandle, TokenGroups, NULL, 0, &returnLength);
if (returnLength > 65535)
{
CloseHandle(tokenHandle);
return kJFalse;
}
TOKEN_GROUPS* groupList = (TOKEN_GROUPS*) malloc(returnLength);
if (groupList == NULL)
{
CloseHandle(tokenHandle);
return kJFalse;
}
if (!GetTokenInformation(tokenHandle, TokenGroups,
groupList, returnLength, &returnLength))
{
CloseHandle(tokenHandle);
free(groupList);
return kJFalse;
}
CloseHandle(tokenHandle);
SID_IDENTIFIER_AUTHORITY siaNtAuth = SECURITY_NT_AUTHORITY;
PSID adminSid;
if (!AllocateAndInitializeSid(&siaNtAuth, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
&adminSid))
{
free(groupList);
return kJFalse;
}
JBoolean found = kJFalse;
for (DWORD i = 0; i < groupList->GroupCount; i++)
{
if (EqualSid(adminSid, groupList->Groups[i].Sid))
{
found = kJTrue;
break;
}
}
FreeSid(adminSid);
free(groupList);
return found;
}
BOOL uac::Am_I_In_Admin_Group(BOOL bCheckAdminMode /*= FALSE*/)
{
BOOL fAdmin;
HANDLE hThread;
TOKEN_GROUPS *ptg = NULL;
DWORD cbTokenGroups;
DWORD dwGroup;
PSID psidAdmin;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hThread))
{
if (GetLastError() == ERROR_NO_TOKEN)
{
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY,
&hThread))
return (FALSE);
}
else
return (FALSE);
}
if (GetTokenInformation(hThread, TokenGroups, NULL, 0, &cbTokenGroups))
return (FALSE);
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
return (FALSE);
if (!(ptg = (TOKEN_GROUPS*)_alloca(cbTokenGroups)))
return (FALSE);
if (!GetTokenInformation(hThread, TokenGroups, ptg, cbTokenGroups,
&cbTokenGroups))
return (FALSE);
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
return (FALSE);
fAdmin = FALSE;
for (dwGroup = 0; dwGroup < ptg->GroupCount; dwGroup++)
{
if (EqualSid(ptg->Groups[dwGroup].Sid, psidAdmin))
{
if (bCheckAdminMode)
{
if ((ptg->Groups[dwGroup].Attributes) & SE_GROUP_ENABLED)
{
fAdmin = TRUE;
}
}
else
{
fAdmin = TRUE;
}
break;
}
}
FreeSid(psidAdmin);
return (fAdmin);
}
/*-----------------------------------------------------------------------------
Kill any Dr. Watson windows that are open (we already killed the browser process)
-----------------------------------------------------------------------------*/
void CurlBlastDlg::KillProcs(void)
{
#ifndef _DEBUG
WTS_PROCESS_INFO * proc = NULL;
DWORD count = 0;
if( WTSEnumerateProcesses(WTS_CURRENT_SERVER_HANDLE, 0, 1, &proc, &count) )
{
for( DWORD i = 0; i < count; i++ )
{
bool terminate = false;
// check for Dr. Watson
if( !lstrcmpi(PathFindFileName(proc[i].pProcessName), _T("dwwin.exe")) )
{
if( !bDrWatson )
{
log.LogEvent(event_KilledDrWatson);
bDrWatson = true;
}
terminate = true;
}
else if(lstrcmpi(PathFindFileName(proc[i].pProcessName), _T("iexplore.exe")))
{
if (worker) {
EnterCriticalSection( &(worker->cs) );
// make sure it's not the browser we launched
if( proc[i].ProcessId != worker->browserPID
&& worker->userSID && proc[i].pUserSid
&& IsValidSid(worker->userSID) && IsValidSid(proc[i].pUserSid) )
{
// see if the SID matches
if( EqualSid(proc[i].pUserSid, worker->userSID ) )
terminate = true;
}
LeaveCriticalSection( &(worker->cs) );
}
}
if( terminate )
{
HANDLE hProc = OpenProcess(PROCESS_TERMINATE, FALSE, proc[i].ProcessId);
if( hProc )
{
TerminateProcess(hProc, 0);
CloseHandle(hProc);
}
}
}
WTSFreeMemory(proc);
}
#endif
}
APR_DECLARE(apr_status_t) apr_uid_compare(apr_uid_t left, apr_uid_t right)
{
if (!left || !right)
return APR_EINVAL;
#ifndef _WIN32_WCE
if (!IsValidSid(left) || !IsValidSid(right))
return APR_EINVAL;
if (!EqualSid(left, right))
return APR_EMISMATCH;
#endif
return APR_SUCCESS;
}
BOOL IsLocalSid( PSID ps )
{
static PSID pComparisonSid = NULL;
if ( pComparisonSid == NULL )
{
// build "BUILTIN\LOCAL" SID for comparison: S-1-2-0
SID_IDENTIFIER_AUTHORITY sia = SECURITY_LOCAL_SID_AUTHORITY;
AllocateAndInitializeSid( &sia, 1, 0, 0, 0, 0, 0, 0, 0, 0, &pComparisonSid );
}
return EqualSid( ps, pComparisonSid );
}
const wchar_t* GetNameFromSIDCache(PSID Sid)
{
LPCWSTR Result=nullptr;
for(SIDCacheItem** i=SIDCache.First();i;i=SIDCache.Next(i))
{
if (EqualSid((*i)->Sid,Sid))
{
Result=(*i)->strUserName;
break;
}
}
return Result;
}
BOOL IsInteractiveSid( PSID ps )
{
static PSID pComparisonSid = NULL;
if ( pComparisonSid == NULL )
{
// build "BUILTIN\LOCAL" SID for comparison: S-1-5-4
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY; // "-5-"
AllocateAndInitializeSid( &sia, 1, 4, 0, 0, 0, 0, 0, 0, 0, &pComparisonSid );
}
return EqualSid( ps, pComparisonSid );
}
QString DiagnosticsDialog::getUserRights() const
{
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PSID AdministratorsGroup = NULL;
HANDLE hToken = NULL;
DWORD dwIndex, dwLength = 0;
PTOKEN_GROUPS pGroup = NULL;
QString rights = tr( "User" );
if ( !OpenThreadToken( GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken ) )
{
if ( GetLastError() != ERROR_NO_TOKEN )
return tr( "Unknown - error %1" ).arg( GetLastError() );
if ( !OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ) )
return tr( "Unknown - error %1" ).arg( GetLastError() );
}
if ( !GetTokenInformation( hToken, TokenGroups, NULL, dwLength, &dwLength ) )
{
if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
return tr( "Unknown - error %1" ).arg( GetLastError() );
}
pGroup = (PTOKEN_GROUPS)GlobalAlloc( GPTR, dwLength );
if ( !GetTokenInformation( hToken, TokenGroups, pGroup, dwLength, &dwLength ) )
{
if ( pGroup )
GlobalFree( pGroup );
return tr( "Unknown - error %1" ).arg( GetLastError() );;
}
if( AllocateAndInitializeSid( &NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &AdministratorsGroup ) )
{
for ( dwIndex = 0; dwIndex < pGroup->GroupCount; dwIndex++ )
{
if ( EqualSid( AdministratorsGroup, pGroup->Groups[dwIndex].Sid ) )
{
rights = tr( "Administrator" );
break;
}
}
}
if ( AdministratorsGroup )
FreeSid( AdministratorsGroup );
if ( pGroup )
GlobalFree( pGroup );
return rights;
}
VOID
WINAPI
CachedGetUserFromSid(
PSID pSid,
LPWSTR pUserName,
PULONG pcwcUserName)
{
PLIST_ENTRY pCur;
PSIDTOUSERNAME pEntry;
ULONG cbSid, cwcUserName;
cwcUserName = *pcwcUserName;
/* Walk through the list */
for(pCur = SidToUserNameHead.Flink;
pCur != &SidToUserNameHead;
pCur = pCur->Flink)
{
pEntry = CONTAINING_RECORD(pCur, SIDTOUSERNAME, List);
if (EqualSid((PSID)&pEntry->Data, pSid))
{
wcsncpy(pUserName, pEntry->pszName, cwcUserName);
*pcwcUserName = cwcUserName;
return;
}
}
/* We didn't find the SID in the list, get the name conventional */
SidToUserName(pSid, pUserName, cwcUserName);
/* Allocate a new entry */
*pcwcUserName = wcslen(pUserName);
cwcUserName = *pcwcUserName + 1;
cbSid = GetLengthSid(pSid);
pEntry = HeapAlloc(GetProcessHeap(), 0, sizeof(SIDTOUSERNAME) + cbSid + cwcUserName * sizeof(WCHAR));
/* Copy the Sid and name to our entry */
CopySid(cbSid, (PSID)&pEntry->Data, pSid);
pEntry->pszName = (LPWSTR)(pEntry->Data + cbSid);
wcsncpy(pEntry->pszName, pUserName, cwcUserName);
/* Insert the new entry */
pEntry->List.Flink = &SidToUserNameHead;
pEntry->List.Blink = SidToUserNameHead.Blink;
SidToUserNameHead.Blink->Flink = &pEntry->List;
SidToUserNameHead.Blink = &pEntry->List;
return;
}
/*
* Returns JNI_TRUE if the specified owner is the only SID will access
* to the file.
*/
static jboolean isAccessUserOnly(JNIEnv* env, SID* owner, ACL* acl) {
ACL_SIZE_INFORMATION acl_size_info;
DWORD i;
/*
* If there's no DACL then there's no access to the file
*/
if (acl == NULL) {
return JNI_TRUE;
}
/*
* Get the ACE count
*/
if (!GetAclInformation(acl, (void *) &acl_size_info, sizeof(acl_size_info),
AclSizeInformation)) {
JNU_ThrowIOExceptionWithLastError(env, "GetAclInformation failed");
return JNI_FALSE;
}
/*
* Iterate over the ACEs. For each "allow" type check that the SID
* matches the owner, and check that the access is read only.
*/
for (i = 0; i < acl_size_info.AceCount; i++) {
void* ace;
ACCESS_ALLOWED_ACE *access;
SID* sid;
if (!GetAce(acl, i, &ace)) {
JNU_ThrowIOExceptionWithLastError(env, "GetAce failed");
return -1;
}
if (((ACCESS_ALLOWED_ACE *)ace)->Header.AceType != ACCESS_ALLOWED_ACE_TYPE) {
continue;
}
access = (ACCESS_ALLOWED_ACE *)ace;
sid = (SID *) &access->SidStart;
if (!EqualSid(owner, sid)) {
/*
* If the ACE allows any access then the file is not secure.
*/
if (access->Mask & ANY_ACCESS) {
return JNI_FALSE;
}
}
}
return JNI_TRUE;
}
BOOL IsCurrentUserAdmin()
{
HANDLE hAccessToken;
BYTE * InfoBuffer = new BYTE[1024];
PTOKEN_GROUPS ptgGroups;
DWORD dwInfoBufferSize;
PSID psidAdministrators;
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&hAccessToken))
{
delete InfoBuffer;
return FALSE;
}
if(!GetTokenInformation(hAccessToken,TokenGroups,InfoBuffer,1024,&dwInfoBufferSize))
{
delete InfoBuffer;
CloseHandle(hAccessToken);
return FALSE;
}
CloseHandle(hAccessToken);
if(!AllocateAndInitializeSid(&siaNtAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,0,0,0,0,0,
&psidAdministrators))
{
delete InfoBuffer;
return FALSE;
}
ptgGroups = (PTOKEN_GROUPS)InfoBuffer;
for(UINT i = 0; i < ptgGroups->GroupCount; i++)
{
if(EqualSid(psidAdministrators,ptgGroups->Groups[i].Sid))
{
FreeSid(psidAdministrators);
delete InfoBuffer;
return TRUE;
}
}
return FALSE;
}
BOOL PLUGIN_FILTER_FILTERACE(
_In_ PLUGIN_API_TABLE const * const api,
_Inout_ PIMPORTED_ACE ace
) {
PSID trusteeSidAce = api->Ace.GetTrustee(ace);
if (gs_TrusteeFilter == NULL && gs_TrusteeDnFilter != NULL) {
PIMPORTED_OBJECT object = api->Resolver.GetObjectByDn(gs_TrusteeDnFilter);
if (!object) {
API_FATAL(_T("Cannot resolve DN <%s>"), gs_TrusteeDnFilter);
}
gs_TrusteeFilter = &object->imported.sid;
}
return EqualSid(trusteeSidAce, gs_TrusteeFilter);
}
static BOOL is_token_admin(HANDLE token)
{
PSID administrators = NULL;
SID_IDENTIFIER_AUTHORITY nt_authority = { SECURITY_NT_AUTHORITY };
DWORD groups_size;
PTOKEN_GROUPS groups;
DWORD group_index;
/* Create a well-known SID for the Administrators group. */
if (! AllocateAndInitializeSid(&nt_authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
&administrators))
return FALSE;
/* Get the group info from the token */
groups_size = 0;
GetTokenInformation(token, TokenGroups, NULL, 0, &groups_size);
groups = HeapAlloc(GetProcessHeap(), 0, groups_size);
if (groups == NULL)
{
FreeSid(administrators);
return FALSE;
}
if (! GetTokenInformation(token, TokenGroups, groups, groups_size, &groups_size))
{
HeapFree(GetProcessHeap(), 0, groups);
FreeSid(administrators);
return FALSE;
}
/* Now check if the token groups include the Administrators group */
for (group_index = 0; group_index < groups->GroupCount; group_index++)
{
if (EqualSid(groups->Groups[group_index].Sid, administrators))
{
HeapFree(GetProcessHeap(), 0, groups);
FreeSid(administrators);
return TRUE;
}
}
/* If we end up here we didn't find the Administrators group */
HeapFree(GetProcessHeap(), 0, groups);
FreeSid(administrators);
return FALSE;
}
// checks user SID in both tokens for equality
bool SecurityHelper::IsSameUser(HANDLE hToken1, HANDLE hToken2, bool* pbIsSameUser)
{
*pbIsSameUser = false;
bool result = false;
const DWORD bufSize = sizeof(TOKEN_USER) + SECURITY_MAX_SID_SIZE;
char buf1[bufSize];
char buf2[bufSize];
DWORD cb;
if (GetTokenInformation(hToken1, TokenUser, buf1, bufSize, &cb) &&
GetTokenInformation(hToken2, TokenUser, buf2, bufSize, &cb))
{
*pbIsSameUser = EqualSid(((TOKEN_USER*)buf1)->User.Sid, ((TOKEN_USER*)buf2)->User.Sid) ? true : false;
result = true;
}
else LCF1(L"GetTokenInformation failed: %d", GetLastError());
return result;
}
static void get_sid_cache(PSID sid,bool full,wchar_t **username)
{
*username=NULL;
CacheRecord *tmp_rec=sid_cache;
while(tmp_rec)
{
if(EqualSid(tmp_rec->sid,sid))
{
if(full)
{
*username=tmp_rec->username;
}
else
{
*username=tmp_rec->username_only;
}
break;
}
tmp_rec=tmp_rec->next;
}
}
static BOOL
RunningAsSYSTEM(VOID)
{
/* S-1-5-18 -- Local System */
static SID SystemSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
BOOL bRet = FALSE;
PTOKEN_USER pTokenUser;
HANDLE hToken;
DWORD cbTokenBuffer = 0;
/* Get the process token */
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return FALSE;
/* Retrieve token's information */
if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &cbTokenBuffer) &&
GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
goto Quit;
}
pTokenUser = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, cbTokenBuffer);
if (!pTokenUser)
goto Quit;
if (GetTokenInformation(hToken, TokenUser, pTokenUser, cbTokenBuffer, &cbTokenBuffer))
{
/* Compare with SYSTEM SID */
bRet = EqualSid(pTokenUser->User.Sid, &SystemSid);
}
HeapFree(GetProcessHeap(), 0, pTokenUser);
Quit:
CloseHandle(hToken);
return bRet;
}
void ProcessList::init()
{
HANDLE h;
PROCESSENTRY32 pe32;
h = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if (h == INVALID_HANDLE_VALUE) {
return;
}
pe32.dwSize = sizeof(PROCESSENTRY32);
if (!Process32First(h, &pe32)) {
return;
}
do {
HANDLE hProcess = getProcessHandle(pe32.th32ProcessID);
if (!hProcess) {
continue;
}
QString name = getProcessName(pe32.th32ProcessID);
#ifndef _WIN32_WCE
PSID sid = getProcessOwner(hProcess);
if (!sid || m_userId && !EqualSid(m_userId, sid)) {
freeSid(sid);
continue;
}
#else
PSID sid = 0;
#endif
m_processes << new ProcessListEntry(hProcess, name, pe32.th32ProcessID, sid);
} while (Process32Next(h, &pe32));
#ifndef _WIN32_WCE
CloseHandle(h);
#else
CloseToolhelp32Snapshot(h);
#endif
}
/*
* Returns nonzero if the current user has administrative privileges,
* or zero if not.
*
* Note: this cannot use ereport() because it's called too early during
* startup.
*/
int
pgwin32_is_admin(void)
{
HANDLE AccessToken;
char *InfoBuffer = NULL;
char errbuf[256];
PTOKEN_GROUPS Groups;
PSID AdministratorsSid;
PSID PowerUsersSid;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
UINT x;
BOOL success;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &AccessToken))
{
write_stderr("could not open process token: error code %d\n",
(int) GetLastError());
exit(1);
}
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenGroups,
&InfoBuffer, errbuf, sizeof(errbuf)))
{
write_stderr(errbuf);
exit(1);
}
Groups = (PTOKEN_GROUPS) InfoBuffer;
CloseHandle(AccessToken);
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0,
0, &AdministratorsSid))
{
write_stderr("could not get SID for Administrators group: error code %d\n",
(int) GetLastError());
exit(1);
}
if (!AllocateAndInitializeSid(&NtAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0, 0, 0, 0, 0,
0, &PowerUsersSid))
{
write_stderr("could not get SID for PowerUsers group: error code %d\n",
(int) GetLastError());
exit(1);
}
success = FALSE;
for (x = 0; x < Groups->GroupCount; x++)
{
if ((EqualSid(AdministratorsSid, Groups->Groups[x].Sid) && (Groups->Groups[x].Attributes & SE_GROUP_ENABLED)) ||
(EqualSid(PowerUsersSid, Groups->Groups[x].Sid) && (Groups->Groups[x].Attributes & SE_GROUP_ENABLED)))
{
success = TRUE;
break;
}
}
free(InfoBuffer);
FreeSid(AdministratorsSid);
FreeSid(PowerUsersSid);
return success;
}
/*
* We consider ourselves running as a service if one of the following is
* true:
*
* 1) We are running as Local System (only used by services)
* 2) Our token contains SECURITY_SERVICE_RID (automatically added to the
* process token by the SCM when starting a service)
*
* Return values:
* 0 = Not service
* 1 = Service
* -1 = Error
*
* Note: we can't report errors via either ereport (we're called too early)
* or write_stderr (because that calls this). We are therefore reduced to
* writing directly on stderr, which sucks, but we have few alternatives.
*/
int
pgwin32_is_service(void)
{
static int _is_service = -1;
HANDLE AccessToken;
char *InfoBuffer = NULL;
char errbuf[256];
PTOKEN_GROUPS Groups;
PTOKEN_USER User;
PSID ServiceSid;
PSID LocalSystemSid;
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
UINT x;
/* Only check the first time */
if (_is_service != -1)
return _is_service;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &AccessToken))
{
fprintf(stderr, "could not open process token: error code %d\n",
(int) GetLastError());
return -1;
}
/* First check for local system */
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenUser, &InfoBuffer,
errbuf, sizeof(errbuf)))
{
fprintf(stderr, errbuf);
return -1;
}
User = (PTOKEN_USER) InfoBuffer;
if (!AllocateAndInitializeSid(&NtAuthority, 1,
SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0,
&LocalSystemSid))
{
fprintf(stderr, "could not get SID for local system account\n");
CloseHandle(AccessToken);
return -1;
}
if (EqualSid(LocalSystemSid, User->User.Sid))
{
FreeSid(LocalSystemSid);
free(InfoBuffer);
CloseHandle(AccessToken);
_is_service = 1;
return _is_service;
}
FreeSid(LocalSystemSid);
free(InfoBuffer);
/* Now check for group SID */
if (!pgwin32_get_dynamic_tokeninfo(AccessToken, TokenGroups, &InfoBuffer,
errbuf, sizeof(errbuf)))
{
fprintf(stderr, errbuf);
return -1;
}
Groups = (PTOKEN_GROUPS) InfoBuffer;
if (!AllocateAndInitializeSid(&NtAuthority, 1,
SECURITY_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0,
&ServiceSid))
{
fprintf(stderr, "could not get SID for service group\n");
free(InfoBuffer);
CloseHandle(AccessToken);
return -1;
}
_is_service = 0;
for (x = 0; x < Groups->GroupCount; x++)
{
if (EqualSid(ServiceSid, Groups->Groups[x].Sid))
{
_is_service = 1;
break;
}
}
free(InfoBuffer);
FreeSid(ServiceSid);
CloseHandle(AccessToken);
return _is_service;
}
BOOL RemoveAceFromDesktop(HDESK hdesk, PSID psid)
{
// Obtain the security descriptor for the desktop object.
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
DWORD sd_size = 0;
if (!GetUserObjectSecurity(hdesk, &si, NULL, 0, &sd_size)) {
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
}
auto_buffer<PSECURITY_DESCRIPTOR> psd(sd_size);
if (!GetUserObjectSecurity(hdesk, &si, psd.get(), sd_size, &sd_size)) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
// Create a new security descriptor.
auto_buffer<PSECURITY_DESCRIPTOR> psd_new(sd_size);
if (!InitializeSecurityDescriptor(psd_new.get(), SECURITY_DESCRIPTOR_REVISION)) {
printf("InitializeSecurityDescriptor() failed: %d\n", GetLastError());
return FALSE;
}
// Obtain the DACL from the security descriptor.
BOOL bDaclPresent;
PACL pacl;
BOOL bDaclExist;
if (!GetSecurityDescriptorDacl(psd.get(), &bDaclPresent, &pacl, &bDaclExist)) {
printf("GetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Initialize.
ACL_SIZE_INFORMATION aclSizeInfo = {};
aclSizeInfo.AclBytesInUse = sizeof(ACL);
if (pacl != NULL) {
// Determine the size of the ACL information.
if (!GetAclInformation(pacl, (LPVOID)&aclSizeInfo, sizeof aclSizeInfo, AclSizeInformation)) {
printf("GetAclInformation() failed: %d\n", GetLastError());
return FALSE;
}
}
// Allocate buffer for the new ACL.
DWORD dwNewAclSize = aclSizeInfo.AclBytesInUse -
(sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psid) - sizeof(DWORD));
auto_buffer<PACL> new_acl(dwNewAclSize);
// Initialize the new ACL.
if (!InitializeAcl(new_acl.get(), dwNewAclSize, ACL_REVISION)) {
printf("InitializeAcl() failed: %d\n", GetLastError());
return FALSE;
}
// If DACL is present, copy it to a new DACL.
if (bDaclPresent) {
// Copy the ACEs to the new ACL.
for (DWORD i = 0; i != aclSizeInfo.AceCount; ++i) {
// Get an ACE.
ACCESS_ALLOWED_ACE* pace;
if (!GetAce(pacl, i, (void**)&pace)) {
printf("GetAce() failed: %d\n", GetLastError());
return FALSE;
}
if (!EqualSid(psid, &pace->SidStart)) {
// Add the ACE to the new ACL.
if (!AddAce(new_acl.get(), ACL_REVISION,MAXDWORD, pace,
pace->Header.AceSize)) {
printf("AddAce() failed: %d\n", GetLastError());
return FALSE;
}
}
}
}
// Set new DACL to the new security descriptor.
if (!SetSecurityDescriptorDacl(psd_new.get(), TRUE, new_acl.get(), FALSE)) {
printf("SetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Set the new security descriptor for the desktop object.
if (!SetUserObjectSecurity(hdesk, &si, psd_new.get())) {
printf("SetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
return TRUE;
}
BOOL RemoveAceFromWindowStation(HWINSTA hwinsta, PSID psid)
{
// Obtain the DACL for the window station.
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
DWORD sd_length = 0;
if (!GetUserObjectSecurity(hwinsta, &si, NULL, 0, &sd_length)) {
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
}
auto_buffer<PSECURITY_DESCRIPTOR> psd(sd_length);
if (!GetUserObjectSecurity(hwinsta, &si, psd.get(), sd_length, &sd_length)) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
// Create a new DACL.
auto_buffer<PSECURITY_DESCRIPTOR> psd_new(sd_length);
if (!InitializeSecurityDescriptor(psd_new.get(), SECURITY_DESCRIPTOR_REVISION)) {
printf("InitializeSecurityDescriptor() failed: %d\n", GetLastError());
return FALSE;
}
// Get the DACL from the security descriptor.
BOOL bDaclPresent;
PACL pacl;
BOOL bDaclExist;
if (!GetSecurityDescriptorDacl(psd.get(), &bDaclPresent, &pacl, &bDaclExist)) {
printf("GetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Initialize the ACL.
ACL_SIZE_INFORMATION aclSizeInfo = {};
aclSizeInfo.AclBytesInUse = sizeof(ACL);
if (NULL != pacl) {
// get the file ACL size info
if (!GetAclInformation(pacl, &aclSizeInfo, sizeof aclSizeInfo, AclSizeInformation)) {
printf("GetAclInformation() failed: %d\n", GetLastError());
return FALSE;
}
}
// Compute the size of the new ACL.
DWORD new_acl_size = aclSizeInfo.AclBytesInUse -
((2 * sizeof(ACCESS_ALLOWED_ACE)) +
(2 * GetLengthSid(psid)) - (2 * sizeof(DWORD)));
auto_buffer<PACL> new_acl(new_acl_size);
// Initialize the new DACL.
if (!InitializeAcl(new_acl.get(), new_acl_size, ACL_REVISION)) {
printf("InitializeAcl() failed: %d\n", GetLastError());
return FALSE;
}
// If DACL is present, copy it to a new DACL.
if (bDaclPresent) {
// Copy the ACEs to the new ACL.
for (DWORD i = 0; i != aclSizeInfo.AceCount; ++i) {
ACCESS_ALLOWED_ACE* pace;
if (!GetAce(pacl, i, (void**)&pace)) {
printf("GetAce() failed: %d\n", GetLastError());
return FALSE;
}
if (!EqualSid(psid, &pace->SidStart)) {
if (!AddAce(new_acl.get(), ACL_REVISION, MAXDWORD,
pace, pace->Header.AceSize)) {
printf("AddAce() failed: %d\n", GetLastError());
return FALSE;
}
}
}
}
// Set a new DACL for the security descriptor.
if (!SetSecurityDescriptorDacl(psd_new.get(), TRUE, new_acl.get(), FALSE)) {
printf("SetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Set the new security descriptor for the window station.
if (!SetUserObjectSecurity(hwinsta, &si, psd_new.get())) {
printf("SetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
return TRUE;
}
HRESULT COpcSecurity::RemovePrincipalFromACL(PACL pAcl, LPCTSTR pszPrincipal)
{
ACL_SIZE_INFORMATION aclSizeInfo;
ULONG i;
LPVOID ace;
ACCESS_ALLOWED_ACE *accessAllowedAce;
ACCESS_DENIED_ACE *accessDeniedAce;
SYSTEM_AUDIT_ACE *systemAuditAce;
PSID principalSID;
DWORD returnValue;
ACE_HEADER *aceHeader;
returnValue = GetPrincipalSID(pszPrincipal, &principalSID);
if (FAILED(returnValue))
return returnValue;
GetAclInformation(pAcl, (LPVOID) &aclSizeInfo, (DWORD) sizeof(ACL_SIZE_INFORMATION), AclSizeInformation);
for (i = 0; i < aclSizeInfo.AceCount; i++)
{
if (!GetAce(pAcl, i, &ace))
{
free(principalSID);
return HRESULT_FROM_WIN32(GetLastError());
}
aceHeader = (ACE_HEADER *) ace;
if (aceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
{
accessAllowedAce = (ACCESS_ALLOWED_ACE *) ace;
if (EqualSid(principalSID, (PSID) &accessAllowedAce->SidStart))
{
DeleteAce(pAcl, i);
free(principalSID);
return S_OK;
}
} else
if (aceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
{
accessDeniedAce = (ACCESS_DENIED_ACE *) ace;
if (EqualSid(principalSID, (PSID) &accessDeniedAce->SidStart))
{
DeleteAce(pAcl, i);
free(principalSID);
return S_OK;
}
} else
if (aceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE)
{
systemAuditAce = (SYSTEM_AUDIT_ACE *) ace;
if (EqualSid(principalSID, (PSID) &systemAuditAce->SidStart))
{
DeleteAce(pAcl, i);
free(principalSID);
return S_OK;
}
}
}
free(principalSID);
return S_OK;
}
/**************************************************************************
* IsUserAdmin [SETUPAPI.@]
*
* Checks whether the current user is a member of the Administrators group.
*
* PARAMS
* None
*
* RETURNS
* Success: TRUE
* Failure: FALSE
*/
BOOL WINAPI IsUserAdmin(VOID)
{
SID_IDENTIFIER_AUTHORITY Authority = {SECURITY_NT_AUTHORITY};
HANDLE hToken;
DWORD dwSize;
PTOKEN_GROUPS lpGroups;
PSID lpSid;
DWORD i;
BOOL bResult = FALSE;
TRACE("\n");
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
return FALSE;
}
if (!GetTokenInformation(hToken, TokenGroups, NULL, 0, &dwSize))
{
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER)
{
CloseHandle(hToken);
return FALSE;
}
}
lpGroups = MyMalloc(dwSize);
if (lpGroups == NULL)
{
CloseHandle(hToken);
return FALSE;
}
if (!GetTokenInformation(hToken, TokenGroups, lpGroups, dwSize, &dwSize))
{
MyFree(lpGroups);
CloseHandle(hToken);
return FALSE;
}
CloseHandle(hToken);
if (!AllocateAndInitializeSid(&Authority, 2, SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0,
&lpSid))
{
MyFree(lpGroups);
return FALSE;
}
for (i = 0; i < lpGroups->GroupCount; i++)
{
if (EqualSid(lpSid, lpGroups->Groups[i].Sid))
{
bResult = TRUE;
break;
}
}
FreeSid(lpSid);
MyFree(lpGroups);
return bResult;
}
bool operator ()(const sid& Sid1, const sid& Sid2) const
{
return EqualSid(Sid1.get(), Sid2.get()) != FALSE;
}
bool IsAdmin()
{
DWORD dwSize = 0;
HANDLE hToken;
PTOKEN_GROUPS pGroupInfo;
BYTE sidBuffer[100];
PSID pSID = (PSID)&sidBuffer;
SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
// Open a handle to the access token for the calling process.
if (!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken ))
{
LogTheError(_T("OpenProcessToken Error"));
return false;
}
// Call GetTokenInformation to get the buffer size.
if(!GetTokenInformation(hToken, TokenGroups, NULL, dwSize, &dwSize))
{
if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
{
LogTheError(_T("GetTokenInformation Error"));
return false;
}
}
// Call GetTokenInformation again to get the group information.
pGroupInfo = (PTOKEN_GROUPS) GlobalAlloc( GPTR, dwSize );
if(! GetTokenInformation(hToken, TokenGroups, pGroupInfo, dwSize, &dwSize ) )
{
LogTheError(_T("GetTokenInformation Error"));
if ( pGroupInfo )
GlobalFree( pGroupInfo );
return false;
}
// Create a SID for the BUILTIN\Administrators group.
if(! AllocateAndInitializeSid( &SIDAuth, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &pSID) )
{
LogTheError(_T("AllocateAndInitializeSid Error"));
if (pSID)
FreeSid(pSID);
if ( pGroupInfo )
GlobalFree( pGroupInfo );
return false;
}
// Loop through the group SIDs looking for the administrator SID.
bool bFound = false;
for(DWORD i=0; i<pGroupInfo->GroupCount; i++)
{
if ( EqualSid(pSID, pGroupInfo->Groups[i].Sid) )
bFound = true;
}
if (pSID)
FreeSid(pSID);
if ( pGroupInfo )
GlobalFree( pGroupInfo );
return bFound;
}
