BOOL SetFileDacl(LPCWSTR path) { BOOL bRet = FALSE; WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'}; PSECURITY_DESCRIPTOR pSD = NULL; LPWSTR pszUserSid; if(GetUserSid(&pszUserSid)) { _snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)", (IsVersion62AndOver() ? L"(A;;FR;;;AC)" : L""), pszUserSid); LocalFree(pszUserSid); } if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &pSD, NULL)) { if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, pSD)) { bRet = TRUE; } LocalFree(pSD); } return bRet; }
BOOL SetFileDacl(LPCWSTR path) { BOOL bRet = FALSE; WCHAR sddl[MAX_KRNLOBJNAME] = {L'\0'}; PSECURITY_DESCRIPTOR psd = nullptr; LPWSTR pszUserSid; if(GetUserSid(&pszUserSid)) { // SDDL_ALL_APP_PACKAGES / SDDL_RESTRICTED_CODE / SDDL_LOCAL_SYSTEM / SDDL_BUILTIN_ADMINISTRATORS / User SID _snwprintf_s(sddl, _TRUNCATE, L"D:%s(A;;FR;;;RC)(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;%s)", (IsWindowsVersion62OrLater() ? L"(A;;FR;;;AC)" : L""), pszUserSid); LocalFree(pszUserSid); } if(ConvertStringSecurityDescriptorToSecurityDescriptorW(sddl, SDDL_REVISION_1, &psd, nullptr)) { if(SetFileSecurityW(path, DACL_SECURITY_INFORMATION, psd)) { bRet = TRUE; } LocalFree(psd); } return bRet; }
void CreateIpcName() { ZeroMemory(krnlobjsddl, sizeof(krnlobjsddl)); ZeroMemory(mgrpipename, sizeof(mgrpipename)); ZeroMemory(mgrmutexname, sizeof(mgrmutexname)); LPWSTR pszUserSid = nullptr; if(GetUserSid(&pszUserSid)) { // SDDL_ALL_APP_PACKAGES / SDDL_RESTRICTED_CODE / SDDL_LOCAL_SYSTEM / SDDL_BUILTIN_ADMINISTRATORS / User SID _snwprintf_s(krnlobjsddl, _TRUNCATE, L"D:%s(A;;GA;;;RC)(A;;GA;;;SY)(A;;GA;;;BA)(A;;GA;;;%s)", (IsWindowsVersion62OrLater() ? L"(A;;GA;;;AC)" : L""), pszUserSid); // (SDDL_MANDATORY_LABEL, SDDL_NO_WRITE_UP, SDDL_ML_LOW) wcsncat_s(krnlobjsddl, L"S:(ML;;NW;;;LW)", _TRUNCATE); LocalFree(pszUserSid); } LPWSTR pszUserUUID = nullptr; if(GetUserUUID(&pszUserUUID)) { _snwprintf_s(mgrpipename, _TRUNCATE, L"%s%s", IMCRVMGRPIPE, pszUserUUID); _snwprintf_s(mgrmutexname, _TRUNCATE, L"%s%s", IMCRVMGRMUTEX, pszUserUUID); LocalFree(pszUserUUID); } }
void CreateConfigPath() { WCHAR appdata[MAX_PATH]; pathconfigxml[0] = L'\0'; if(SHGetFolderPathW(NULL, CSIDL_APPDATA | CSIDL_FLAG_DONT_VERIFY, NULL, SHGFP_TYPE_CURRENT, appdata) != S_OK) { appdata[0] = L'\0'; return; } wcsncat_s(appdata, L"\\", _TRUNCATE); wcsncat_s(appdata, TextServiceDesc, _TRUNCATE); wcsncat_s(appdata, L"\\", _TRUNCATE); _wmkdir(appdata); SetCurrentDirectoryW(appdata); _snwprintf_s(pathconfigxml, _TRUNCATE, L"%s%s", appdata, fnconfigxml); LPWSTR pszUserSid; WCHAR szDigest[32+1]; MD5_DIGEST digest; int i; ZeroMemory(cnfmutexname, sizeof(cnfmutexname)); ZeroMemory(szDigest, sizeof(szDigest)); if(GetUserSid(&pszUserSid)) { if(GetMD5(&digest, (CONST BYTE *)pszUserSid, (DWORD)wcslen(pszUserSid)*sizeof(WCHAR))) { for(i=0; i<_countof(digest.digest); i++) { _snwprintf_s(&szDigest[i*2], _countof(szDigest)-i*2, _TRUNCATE, L"%02x", digest.digest[i]); } } LocalFree(pszUserSid); } _snwprintf_s(cnfmutexname, _TRUNCATE, L"%s%s", VIMCNFMUTEX, szDigest); }
// Initialize the User Conversation Interface. DWORD InitConvInterface ( VOID ) { HANDLE hThread, hThreadTcpip; DWORD dwThreadID, dwThreadIDTcpip; PSID pOwnerSid = NULL, pGroupSid = NULL; BOOL fSuccess = TRUE; PACL pAcl = NULL; DWORD cbAcl; DWORD dwRetCode; PSID pSystemSid = NULL, pAnonymousSid = NULL, pInteractiveSid = NULL; __try { #ifndef TREESVR_STANDALONE pOwnerSid = GetUserSid(); if( pOwnerSid == NULL ) __leave; /* fSuccess = GetAccountSid( NULL, "TreeServer Users", &pGroupSid ); if ( !fSuccess ) __leave; */ pGroupSid = CreateWorldSid(); if( pGroupSid == NULL ) __leave; pSystemSid = CreateSystemSid(); if( pSystemSid == NULL ) __leave; pAnonymousSid = CreateAnonymousSid(); if( pAnonymousSid == NULL ) __leave; pInteractiveSid = CreateInteractiveSid(); if( pInteractiveSid == NULL ) __leave; cbAcl = GetLengthSid( pOwnerSid ) + GetLengthSid( pGroupSid ) + GetLengthSid( pSystemSid ) + GetLengthSid( pAnonymousSid ) + GetLengthSid( pInteractiveSid ) + sizeof(ACL) + (5 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))); pAcl = (PACL) HeapAlloc(GetProcessHeap(), 0, cbAcl); if (NULL == pAcl) __leave; fSuccess = InitializeAcl(pAcl, cbAcl, ACL_REVISION); if (FALSE == fSuccess) __leave; fSuccess = AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pOwnerSid); if (FALSE == fSuccess) __leave; fSuccess = AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL,//GENERIC_READ|GENERIC_WRITE, pGroupSid); if (FALSE == fSuccess) __leave; fSuccess = AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pSystemSid); if (FALSE == fSuccess) __leave; fSuccess = AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid); if (FALSE == fSuccess) __leave; fSuccess = AddAccessAllowedAce(pAcl, ACL_REVISION, GENERIC_ALL, pAnonymousSid); if (FALSE == fSuccess) __leave; InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION ); fSuccess = SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE); if (FALSE == fSuccess) __leave; fSuccess = SetSecurityDescriptorOwner( &sd, pOwnerSid, FALSE ); if ( !fSuccess ) __leave; fSuccess = SetSecurityDescriptorGroup( &sd, pGroupSid, FALSE ); if ( !fSuccess ) __leave; sa.nLength = sizeof( SECURITY_ATTRIBUTES ); sa.lpSecurityDescriptor = (LPVOID)&sd; sa.bInheritHandle = FALSE; #endif // Create the NamedPipe server thread, Process the user's connection. hThread = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)PipeSelectConnectThread, (LPVOID)NULL, 0, &dwThreadID ); // If operation not completed, return the system error code. if( hThread == NULL ) { fSuccess = FALSE; __leave; } #ifndef TREESVR_STANDALONE hThreadTcpip = CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)TcpipSelectConnectThread, (LPVOID)NULL, 0, &dwThreadIDTcpip ); // If operation not completed, return the system error code. if( hThreadTcpip == NULL ) { fSuccess = FALSE; __leave; } #endif } __finally { if( fSuccess ) { // Set the thread Prority Class. SetThreadPriority( hThread, THREAD_PRIORITY_ABOVE_NORMAL ); SystemResInfo.hConvThread = hThread; SystemResInfo.dwConvThreadId = dwThreadID; #ifndef TREESVR_STANDALONE // Set the thread Prority Class. SetThreadPriority( hThreadTcpip, THREAD_PRIORITY_ABOVE_NORMAL ); SystemResInfo.hConvThreadTcpip = hThreadTcpip; SystemResInfo.dwConvThreadIdTcpip = dwThreadIDTcpip; #endif dwRetCode = TERR_SUCCESS; } else { if( hThread != NULL ) { CloseHandle( hThread ); } dwRetCode = GetLastError(); if( pOwnerSid ) HeapFree( GetProcessHeap(), 0, pOwnerSid ); if( pGroupSid ) HeapFree( GetProcessHeap(), 0, pGroupSid ); if( pSystemSid ) HeapFree( GetProcessHeap(), 0, pSystemSid ); if( pInteractiveSid ) HeapFree( GetProcessHeap(), 0, pInteractiveSid ); if( pAnonymousSid ) HeapFree( GetProcessHeap(), 0, pAnonymousSid ); if( pAcl ) HeapFree( GetProcessHeap(), 0, pAcl ); } } return dwRetCode; }
// // Create a primary access token for specified user account // HANDLE CreateToken(LPCTSTR szUserName) { SID_IDENTIFIER_AUTHORITY nt = SECURITY_NT_AUTHORITY; SECURITY_QUALITY_OF_SERVICE sqos = { sizeof(sqos), SecurityAnonymous, SECURITY_STATIC_TRACKING, FALSE }; HANDLE hToken; PSID sid; TOKEN_USER user; LUID authid = SYSTEM_LUID; OBJECT_ATTRIBUTES oa = { sizeof(oa), 0, 0, 0, 0, &sqos }; TOKEN_SOURCE source = {{'*', '*', 'A', 'N', 'O', 'N', '*', '*'}, {0, 0}}; HANDLE hToken2 = 0; PTOKEN_STATISTICS stats; PVOID tokarr[5]; int i; DWORD status; // Get address of Nt/ZwCreateToken from NTDLL.DLL ZwCreateToken = (PVOID)GetProcAddress(GetModuleHandle("ntdll.dll"), "ZwCreateToken"); RtlNtStatusToDosError = (PVOID)GetProcAddress(GetModuleHandle("ntdll.dll"), "RtlNtStatusToDosError"); if(ZwCreateToken == 0 || RtlNtStatusToDosError == 0) return 0; // Must have SeCreateToken privilege if(!EnablePrivilege(SE_CREATE_TOKEN_NAME, TRUE)){ DBG("EnablePrivilege failed\n"); } // Use an existing process token as our basic for a new token if(!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY | TOKEN_QUERY_SOURCE, &hToken)) return 0; // Convert username to a SID if((sid = GetUserSid(szUserName)) == 0) { CloseHandle(hToken); return 0; } user.User.Attributes = 0; user.User.Sid = sid; if(!AllocateLocallyUniqueId(&source.SourceIdentifier)) { free(sid); CloseHandle(hToken); return 0; } if(!GetTokenInfo(hToken, TokenStatistics, &stats)) { free(sid); CloseHandle(hToken); return 0; } // // Undocumented ZwCreateToken service: will not work for us // under WIN2003, will need to do this from WINLOGON process in future? // status = ZwCreateToken(&hToken2, TOKEN_ALL_ACCESS, &oa, TokenPrimary, (PLUID)&authid, (PLARGE_INTEGER)&stats->ExpirationTime, &user, (PTOKEN_GROUPS) GetTokenInfo(hToken, TokenGroups, &tokarr[0]), (PTOKEN_PRIVILEGES) GetTokenInfo(hToken, TokenPrivileges, &tokarr[1]), (PTOKEN_OWNER) GetTokenInfo(hToken, TokenOwner, &tokarr[2]), (PTOKEN_PRIMARY_GROUP) GetTokenInfo(hToken, TokenPrimaryGroup, &tokarr[3]), (PTOKEN_DEFAULT_DACL) GetTokenInfo(hToken, TokenDefaultDacl, &tokarr[4]), &source); for(i = 0; i < 5; i++) free(tokarr[i]); free(stats); free(sid); CloseHandle(hToken); SetLastError(RtlNtStatusToDosError(status)); return hToken2; }
static BOOL GetUserAndDomainName(IN HANDLE hToken, OUT LPWSTR *UserName, OUT LPWSTR *DomainName) { BOOL bRet = TRUE; PSID Sid = NULL; LPWSTR lpUserName = NULL; LPWSTR lpDomainName = NULL; DWORD cbUserName = 0; DWORD cbDomainName = 0; SID_NAME_USE SidNameUse; Sid = GetUserSid(hToken); if (Sid == NULL) { DPRINT1("GetUserSid() failed\n"); return FALSE; } if (!LookupAccountSidW(NULL, Sid, NULL, &cbUserName, NULL, &cbDomainName, &SidNameUse)) { if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) { bRet = FALSE; goto done; } } lpUserName = LocalAlloc(LPTR, cbUserName * sizeof(WCHAR)); if (lpUserName == NULL) { bRet = FALSE; goto done; } lpDomainName = LocalAlloc(LPTR, cbDomainName * sizeof(WCHAR)); if (lpDomainName == NULL) { bRet = FALSE; goto done; } if (!LookupAccountSidW(NULL, Sid, lpUserName, &cbUserName, lpDomainName, &cbDomainName, &SidNameUse)) { bRet = FALSE; goto done; } *UserName = lpUserName; *DomainName = lpDomainName; done: if (bRet == FALSE) { if (lpUserName != NULL) LocalFree(lpUserName); if (lpDomainName != NULL) LocalFree(lpDomainName); } LocalFree(Sid); return bRet; }