bool OperationPrintDescriptor::ProcessSdAction(std::wstring & sFileName, ObjectEntry & tObjectEntry, PSECURITY_DESCRIPTOR & tDescriptor, bool & bDescReplacement) { // convert the current security descriptor to a string WCHAR * sInfo = NULL; if (ConvertSecurityDescriptorToStringSecurityDescriptor(tDescriptor, SDDL_REVISION_1, DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION, &sInfo, NULL) == 0) { InputOutput::AddError(L"Unable to generate string security descriptor."); return false; } // write to screen InputOutput::AddInfo(L"SD: " + std::wstring(sInfo), L"", true); LocalFree(sInfo); return false; }
int EDT_UtilReg_LogPermissions(HKEY hRootKey, const wchar_t *wzKey) { int iReturnCode = EDT_OK; int err = ERROR_SUCCESS; HKEY hRegKey; LOG_ENTER(); LOG_TIME(L"registry key (%ls\\%ls) --> \n",hRootKey==HKEY_CURRENT_USER?L"HKCU":L"HKLM",wzKey); if(ERROR_SUCCESS != (err = RegOpenKeyEx(hRootKey, wzKey, 0L, KEY_READ , &hRegKey))) { if(err != ERROR_FILE_NOT_FOUND) { LOG_ERRORCODE(L"RegOpenKeyEx failed",err); return EDT_ERR_REGISTRY_READ_FAILED; } else { LOG_EXIT(L"NOT FOUND\n"); return EDT_ERR_REGISTRY_NOT_FOUND; } } PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL; DWORD lcbSecurityDescriptor = 0; if(ERROR_INSUFFICIENT_BUFFER == (err = RegGetKeySecurity(hRegKey, DACL_SECURITY_INFORMATION, pSecurityDescriptor, &lcbSecurityDescriptor))) { pSecurityDescriptor = (PSECURITY_DESCRIPTOR)malloc(lcbSecurityDescriptor); if(ERROR_SUCCESS != (err = RegGetKeySecurity(hRegKey, DACL_SECURITY_INFORMATION, pSecurityDescriptor, &lcbSecurityDescriptor))) { LOG_ERRORCODE(L"RegQueryValueEx failed",err); iReturnCode = EDT_ERR_REGISTRY_READ_FAILED; } else { BOOL bDaclPresent = FALSE; BOOL bDaclDefaulted = FALSE; PACL pDacl = NULL; GetSecurityDescriptorDacl(pSecurityDescriptor, &bDaclPresent, &pDacl, &bDaclDefaulted); if(bDaclPresent == TRUE) { if(pDacl == NULL) { LOG(L"A NULL discretionary access control list (DACL) found \nA NULL DACL implicitly allows all access to an object.\n"); } else { LOG(L"A discretionary access control list (DACL) was found with Length = %d\n",pDacl->AclSize); LOG(L"Number of Access Control Elements (ACE's): %d\n",pDacl->AceCount); registryLogAces(pDacl); } } else { LOG(L"No discretionary access control list (DACL) found \n"); } LPTSTR StringSecurityDescriptor; ULONG StringSecurityDescriptorLen; ConvertSecurityDescriptorToStringSecurityDescriptor(pSecurityDescriptor,SDDL_REVISION_1,DACL_SECURITY_INFORMATION, &StringSecurityDescriptor,&StringSecurityDescriptorLen); LOG(L"%s\n",(const wchar_t*)StringSecurityDescriptor); //parse info see http://msdn.microsoft.com/en-us/library/aa379570%28v=vs.85%29.aspx LocalFree(StringSecurityDescriptor); } free(pSecurityDescriptor); } else { LOG_ERRORCODE(L"RegGetKeySecurity failed",err); } if(ERROR_SUCCESS != (err = RegCloseKey(hRegKey))) { LOG_ERRORCODE(L"RegCloseKey failed",err); } LOG_EXIT(iReturnCode); return iReturnCode; }
static NTSTATUS DOKAN_CALLBACK FuseGetFileSecurity(LPCWSTR FileName, PSECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor, ULONG BufferLength, PULONG LengthNeeded, PDOKAN_FILE_INFO DokanFileInfo) { impl_fuse_context *impl = the_impl; if (impl->debug()) FPRINTF(stderr, "GetFileSecurity: " PRIxDWORD "\n", *SecurityInformation); BY_HANDLE_FILE_INFORMATION byHandleFileInfo; ZeroMemory(&byHandleFileInfo, sizeof(BY_HANDLE_FILE_INFORMATION)); int ret; { impl_chain_guard guard(impl, DokanFileInfo->ProcessId); ret = impl->get_file_information(FileName, &byHandleFileInfo, DokanFileInfo); } if (0 != ret) { return errno_to_ntstatus_error(ret); } if (byHandleFileInfo.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) { // We handle directories for the Explorer's // context menu. (New Folder, ...) // Authenticated users rights PSECURITY_DESCRIPTOR SecurityDescriptorTmp = nullptr; ULONG Size = 0; if (!ConvertStringSecurityDescriptorToSecurityDescriptor( "D:PAI(A;OICI;FA;;;AU)", SDDL_REVISION_1, &SecurityDescriptorTmp, &Size)) { return STATUS_NOT_IMPLEMENTED; } LPTSTR pStringBuffer = nullptr; if (!ConvertSecurityDescriptorToStringSecurityDescriptor( SecurityDescriptorTmp, SDDL_REVISION_1, *SecurityInformation, &pStringBuffer, nullptr)) { return STATUS_NOT_IMPLEMENTED; } LocalFree(SecurityDescriptorTmp); SecurityDescriptorTmp = nullptr; Size = 0; if (!ConvertStringSecurityDescriptorToSecurityDescriptor( pStringBuffer, SDDL_REVISION_1, &SecurityDescriptorTmp, &Size)) { return STATUS_NOT_IMPLEMENTED; } if (Size > BufferLength) { *LengthNeeded = Size; return STATUS_BUFFER_OVERFLOW; } memcpy(SecurityDescriptor, SecurityDescriptorTmp, Size); *LengthNeeded = Size; if (pStringBuffer != nullptr) LocalFree(pStringBuffer); if (SecurityDescriptorTmp != nullptr) LocalFree(SecurityDescriptorTmp); return STATUS_SUCCESS; } return STATUS_NOT_IMPLEMENTED; }