int main(int argc, char* argv[]) #endif { if (GetVersion() & 0x80000000) { _tprintf(_T("This application only runs on Windows NT/2000 or later")); return 0; } if (!ParseCommandLine(argc, argv)) return 0; if (g_eat != ExamineAccessTokenNo) { CAccessToken at; if (!at.GetProcessToken(TOKEN_READ | TOKEN_QUERY_SOURCE)) Log(_T("Could not open process token")); else { Log(_T("Process Access Token:")); DumpAccessToken(at); } } for (size_t i=0; i<g_aObjects.GetCount(); i++) { Log(_T("Security Descriptor for object %s:"), (LPCTSTR)g_aObjects[i]); switch (g_eot) { case ExamineObjectTypeDefault: case ExamineObjectTypeFile: DumpSecurityDescriptor(g_aObjects[i], SE_FILE_OBJECT, mapFileAccess); break; case ExamineObjectTypeRegkey: DumpSecurityDescriptor(g_aObjects[i], SE_REGISTRY_KEY, mapRegkeyAccess); break; case ExamineObjectTypeService: DumpSecurityDescriptor(g_aObjects[i], SE_SERVICE, mapServiceAccess); break; case ExamineObjectTypeKernel: DumpSecurityDescriptor(g_aObjects[i], SE_KERNEL_OBJECT, mapKernelAccess); break; case ExamineObjectTypePrinter: DumpSecurityDescriptor(g_aObjects[i], SE_PRINTER, mapPrinterAccess); break; default: ATLASSERT(FALSE); } } return 0; }
//-------------------------------------------------------------------------------- bool CSecurityClient::HasPermission(DWORD nTokenId, UINT nBit) { if(GetDongleMode() == DongleOnly) return IsValidDongle(); CWriteLock lock(&m_container); if(m_container.m_pCert == NULL) return false; if(m_container.m_pCert == NULL) return false; CAccessToken* pToken = m_container.m_pCert->GetToken(nTokenId); if(pToken == NULL) return false; return pToken->IsBitSet(nBit); }
// run until parent process exit bool CSessionHost::ThreadLoop() { if(m_hParent == 0) { return false; } CoInitializeEx(0,COINIT_MULTITHREADED); { CComQIPtr<IWinRobotService>pService; HRESULT hr = pService.CoCreateInstance(__uuidof(ServiceHost)); if ( FAILED(hr) ) { DebugOutF(filelog::log_error,"CoCreateInstance Service failed with 0x%x",hr); return false; } CComPtr<IWinRobotSession>pSession; hr = pSession.CoCreateInstance(__uuidof(WinRobotSession)); if ( FAILED(hr) ) { DebugOutF(filelog::log_error,"CoCreateInstance WinRobotSession failed with 0x%x",hr); return false; } CAccessToken token; if(!token.GetProcessToken(TOKEN_ALL_ACCESS)) { DebugOutF(filelog::log_error,"GetProcessToken failed with %d",GetLastError()); return false; } DWORD sid = 0; if(!token.GetTerminalServicesSessionId(&sid)) { DebugOutF(filelog::log_error,"GetTerminalServicesSessionId failed with %d",GetLastError()); return false; } pService->RegSession(sid,GetCurrentProcessId(),pSession); WaitForSingleObject(m_hParent,-1); } //CoUninitialize(); return false; }
BOOL CImageUtility::CreateMediumIntegrityProcess(PCTSTR pszApplicationName, PTSTR pszCommandLine, PPROCESS_INFORMATION pPI, BOOL bShowWnd) { BOOL bRet = FALSE; CAccessToken ProcToken; CAccessToken PrimaryToken; PSID pSid = NULL; STARTUPINFO si = { sizeof(si) }; if (!ProcToken.GetEffectiveToken(TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY)) { goto FUNC_EXIT; } if (!ProcToken.CreatePrimaryToken(&PrimaryToken)) { goto FUNC_EXIT; } TCHAR szIntegritySid[20] = _T("S-1-16-8192"); ConvertStringSidToSid(szIntegritySid, &pSid); TOKEN_MANDATORY_LABEL TIL; TIL.Label.Attributes = SE_GROUP_INTEGRITY; TIL.Label.Sid = pSid; if (!SetTokenInformation(PrimaryToken.GetHandle(), (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pSid))) { goto FUNC_EXIT; } GetStartupInfo(&si); si.dwFlags = si.dwFlags|STARTF_USESHOWWINDOW; si.wShowWindow = SW_HIDE; bRet = CreateProcessAsUser(PrimaryToken.GetHandle(), pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI); FUNC_EXIT: if (pSid != NULL) { LocalFree(pSid); } if (!bRet) { bRet = CreateProcess(pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI); } return bRet; }
void DumpAccessToken(CAccessToken& at) { CIndent scope; CSid sidUser; if (!at.GetUser(&sidUser)) Log(_T("Failure retrieving User from Token")); else { Log(_T("User:"******"Failure retrieving Groups from Token")); else { Log(_T("Groups:")); DumpGroups(groups); } CTokenPrivileges priv; if (!at.GetPrivileges(&priv)) Log(_T("Failure retrieving Privileges from Token")); else { Log(_T("Privileges:")); DumpPrivileges(priv); } CSid sidOwner; if (!at.GetOwner(&sidOwner)) Log(_T("Failure retrieving Owner from Token")); else { Log(_T("Default Owner:")); DumpSid(sidOwner); } CSid sidPrimaryGroup; if (!at.GetOwner(&sidPrimaryGroup)) Log(_T("Failure retrieving Primary Group from Token")); else { Log(_T("Primary Group:")); DumpSid(sidPrimaryGroup); } CDacl dacl; if (!at.GetDefaultDacl(&dacl)) Log(_T("Failure retrieving Default Dacl from Token")); else { Log(_T("Default Dacl:")); DumpAcl(dacl, mapGenericAccess); } TOKEN_SOURCE source; if (!at.GetSource(&source)) Log(_T("Failure retrieving Source from Token")); else { Log(_T("Source:")); Log(_T("Source Name: %.8s"), CString(source.SourceName)); Log(_T("Source Identifier: 0x%.8x%.8x"), source.SourceIdentifier.HighPart, source.SourceIdentifier.LowPart); } TOKEN_TYPE type; if (!at.GetType(&type)) Log(_T("Failure retrieving Type from Token")); else Log(_T("Type: %s"), (LPCTSTR)GetTokenType(type)); if (type == TokenImpersonation) { SECURITY_IMPERSONATION_LEVEL sil; if (!at.GetImpersonationLevel(&sil)) Log(_T("Failure retrieving Impersonation Level from Token")); else Log(_T("Impersonation Level: %s"), (LPCTSTR)GetImpersonationLevel(sil)); } TOKEN_STATISTICS stats; if (!at.GetStatistics(&stats)) Log(_T("Failure retrieving Statistics from Token")); else { Log(_T("Statistics:")); DumpStatistics(stats); } }
//-------------------------------------------------------------------------------- void CSystemMonitorHandlerThread::DoListAll() { CString sTemp; CReadLock lock(GetSystem()->GetDBSubSystem()->GetCertMasters(), false); if(! lock.Lock(10000)) { sTemp = "Can't lock the certificate database right now )\r\n"; m_socket.Send(sTemp, CSmallSocket::WAITFORWOULDBLOCK); return; } POSITION pos = GetSystem()->GetDBSubSystem()->GetCertMasters()->GetHeadPosition(); if(pos == NULL) { sTemp = "there are currently 0 connections\r\n"; m_socket.Send(sTemp, CSmallSocket::WAITFORWOULDBLOCK); return; } CReadLock lock2(GetSystem()->GetDBSubSystem()->GetTokenInfoMap(), false); if(! lock2.Lock(1000)) { sTemp = "Can't lock the token database right now\r\n"; m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK); return; } sTemp = "IP Last Refresh Cert ID User Class Token Name\r\n"; m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK); while(pos != NULL) { CCertificateMaster* pCert = (CCertificateMaster*) GetSystem()->GetDBSubSystem()->GetCertMasters()->GetNext(pos); if(! pCert) break; CReadLock lock(pCert, false); if(! lock.Lock(1000)) { sTemp = "Can't lock one of the certificates right now\r\n"; m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK); continue; } POSITION pos = pCert->GetTokenMap()->GetStartPosition(); LPCTSTR pFormat = "%-15s %-20s %8ld %10ld %-16s\r\n"; if(pos == NULL) { sTemp.Format(pFormat, pCert->GetIP(), (LPCTSTR) pCert->GetLastRefresh().Format("%c"), pCert->GetId(), pCert->GetUserClass(), ""); m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK); } else { while(pos != NULL) { CAccessToken* pTok; ULONG nId; pCert->GetTokenMap()->GetNextAssoc(pos, nId, pTok); if(pTok == NULL) break; sTemp.Format(pFormat, pCert->GetIP(), (LPCTSTR) pCert->GetLastRefresh().Format("%c"), pCert->GetId(), pCert->GetUserClass(), pTok->GetName()); m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK); } } } }