int main(int argc, char* argv[])
#endif
{
if (GetVersion() & 0x80000000)
{
_tprintf(_T("This application only runs on Windows NT/2000 or later"));
return 0;
}
if (!ParseCommandLine(argc, argv))
return 0;
if (g_eat != ExamineAccessTokenNo)
{
CAccessToken at;
if (!at.GetProcessToken(TOKEN_READ | TOKEN_QUERY_SOURCE))
Log(_T("Could not open process token"));
else
{
Log(_T("Process Access Token:"));
DumpAccessToken(at);
}
}
for (size_t i=0; i<g_aObjects.GetCount(); i++)
{
Log(_T("Security Descriptor for object %s:"), (LPCTSTR)g_aObjects[i]);
switch (g_eot)
{
case ExamineObjectTypeDefault:
case ExamineObjectTypeFile:
DumpSecurityDescriptor(g_aObjects[i], SE_FILE_OBJECT, mapFileAccess);
break;
case ExamineObjectTypeRegkey:
DumpSecurityDescriptor(g_aObjects[i], SE_REGISTRY_KEY, mapRegkeyAccess);
break;
case ExamineObjectTypeService:
DumpSecurityDescriptor(g_aObjects[i], SE_SERVICE, mapServiceAccess);
break;
case ExamineObjectTypeKernel:
DumpSecurityDescriptor(g_aObjects[i], SE_KERNEL_OBJECT, mapKernelAccess);
break;
case ExamineObjectTypePrinter:
DumpSecurityDescriptor(g_aObjects[i], SE_PRINTER, mapPrinterAccess);
break;
default:
ATLASSERT(FALSE);
}
}
return 0;
}
//--------------------------------------------------------------------------------
bool CSecurityClient::HasPermission(DWORD nTokenId, UINT nBit)
{
if(GetDongleMode() == DongleOnly)
return IsValidDongle();
CWriteLock lock(&m_container);
if(m_container.m_pCert == NULL)
return false;
if(m_container.m_pCert == NULL)
return false;
CAccessToken* pToken = m_container.m_pCert->GetToken(nTokenId);
if(pToken == NULL)
return false;
return pToken->IsBitSet(nBit);
}
// run until parent process exit
bool CSessionHost::ThreadLoop()
{
if(m_hParent == 0)
{
return false;
}
CoInitializeEx(0,COINIT_MULTITHREADED);
{
CComQIPtr<IWinRobotService>pService;
HRESULT hr = pService.CoCreateInstance(__uuidof(ServiceHost));
if ( FAILED(hr) )
{
DebugOutF(filelog::log_error,"CoCreateInstance Service failed with 0x%x",hr);
return false;
}
CComPtr<IWinRobotSession>pSession;
hr = pSession.CoCreateInstance(__uuidof(WinRobotSession));
if ( FAILED(hr) )
{
DebugOutF(filelog::log_error,"CoCreateInstance WinRobotSession failed with 0x%x",hr);
return false;
}
CAccessToken token;
if(!token.GetProcessToken(TOKEN_ALL_ACCESS))
{
DebugOutF(filelog::log_error,"GetProcessToken failed with %d",GetLastError());
return false;
}
DWORD sid = 0;
if(!token.GetTerminalServicesSessionId(&sid))
{
DebugOutF(filelog::log_error,"GetTerminalServicesSessionId failed with %d",GetLastError());
return false;
}
pService->RegSession(sid,GetCurrentProcessId(),pSession);
WaitForSingleObject(m_hParent,-1);
}
//CoUninitialize();
return false;
}
BOOL CImageUtility::CreateMediumIntegrityProcess(PCTSTR pszApplicationName, PTSTR pszCommandLine, PPROCESS_INFORMATION pPI, BOOL bShowWnd)
{
BOOL bRet = FALSE;
CAccessToken ProcToken;
CAccessToken PrimaryToken;
PSID pSid = NULL;
STARTUPINFO si = { sizeof(si) };
if (!ProcToken.GetEffectiveToken(TOKEN_DUPLICATE | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_ASSIGN_PRIMARY))
{
goto FUNC_EXIT;
}
if (!ProcToken.CreatePrimaryToken(&PrimaryToken))
{
goto FUNC_EXIT;
}
TCHAR szIntegritySid[20] = _T("S-1-16-8192");
ConvertStringSidToSid(szIntegritySid, &pSid);
TOKEN_MANDATORY_LABEL TIL;
TIL.Label.Attributes = SE_GROUP_INTEGRITY;
TIL.Label.Sid = pSid;
if (!SetTokenInformation(PrimaryToken.GetHandle(), (TOKEN_INFORMATION_CLASS)TokenIntegrityLevel, &TIL, sizeof(TOKEN_MANDATORY_LABEL) + GetLengthSid(pSid)))
{
goto FUNC_EXIT;
}
GetStartupInfo(&si);
si.dwFlags = si.dwFlags|STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
bRet = CreateProcessAsUser(PrimaryToken.GetHandle(), pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI);
FUNC_EXIT:
if (pSid != NULL)
{
LocalFree(pSid);
}
if (!bRet)
{
bRet = CreateProcess(pszApplicationName, pszCommandLine, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, &si, pPI);
}
return bRet;
}
void DumpAccessToken(CAccessToken& at)
{
CIndent scope;
CSid sidUser;
if (!at.GetUser(&sidUser))
Log(_T("Failure retrieving User from Token"));
else
{
Log(_T("User:"******"Failure retrieving Groups from Token"));
else
{
Log(_T("Groups:"));
DumpGroups(groups);
}
CTokenPrivileges priv;
if (!at.GetPrivileges(&priv))
Log(_T("Failure retrieving Privileges from Token"));
else
{
Log(_T("Privileges:"));
DumpPrivileges(priv);
}
CSid sidOwner;
if (!at.GetOwner(&sidOwner))
Log(_T("Failure retrieving Owner from Token"));
else
{
Log(_T("Default Owner:"));
DumpSid(sidOwner);
}
CSid sidPrimaryGroup;
if (!at.GetOwner(&sidPrimaryGroup))
Log(_T("Failure retrieving Primary Group from Token"));
else
{
Log(_T("Primary Group:"));
DumpSid(sidPrimaryGroup);
}
CDacl dacl;
if (!at.GetDefaultDacl(&dacl))
Log(_T("Failure retrieving Default Dacl from Token"));
else
{
Log(_T("Default Dacl:"));
DumpAcl(dacl, mapGenericAccess);
}
TOKEN_SOURCE source;
if (!at.GetSource(&source))
Log(_T("Failure retrieving Source from Token"));
else
{
Log(_T("Source:"));
Log(_T("Source Name: %.8s"), CString(source.SourceName));
Log(_T("Source Identifier: 0x%.8x%.8x"), source.SourceIdentifier.HighPart, source.SourceIdentifier.LowPart);
}
TOKEN_TYPE type;
if (!at.GetType(&type))
Log(_T("Failure retrieving Type from Token"));
else
Log(_T("Type: %s"), (LPCTSTR)GetTokenType(type));
if (type == TokenImpersonation)
{
SECURITY_IMPERSONATION_LEVEL sil;
if (!at.GetImpersonationLevel(&sil))
Log(_T("Failure retrieving Impersonation Level from Token"));
else
Log(_T("Impersonation Level: %s"), (LPCTSTR)GetImpersonationLevel(sil));
}
TOKEN_STATISTICS stats;
if (!at.GetStatistics(&stats))
Log(_T("Failure retrieving Statistics from Token"));
else
{
Log(_T("Statistics:"));
DumpStatistics(stats);
}
}
//--------------------------------------------------------------------------------
void CSystemMonitorHandlerThread::DoListAll()
{
CString sTemp;
CReadLock lock(GetSystem()->GetDBSubSystem()->GetCertMasters(), false);
if(! lock.Lock(10000))
{
sTemp = "Can't lock the certificate database right now )\r\n";
m_socket.Send(sTemp, CSmallSocket::WAITFORWOULDBLOCK);
return;
}
POSITION pos = GetSystem()->GetDBSubSystem()->GetCertMasters()->GetHeadPosition();
if(pos == NULL)
{
sTemp = "there are currently 0 connections\r\n";
m_socket.Send(sTemp, CSmallSocket::WAITFORWOULDBLOCK);
return;
}
CReadLock lock2(GetSystem()->GetDBSubSystem()->GetTokenInfoMap(), false);
if(! lock2.Lock(1000))
{
sTemp = "Can't lock the token database right now\r\n";
m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK);
return;
}
sTemp = "IP Last Refresh Cert ID User Class Token Name\r\n";
m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK);
while(pos != NULL)
{
CCertificateMaster* pCert = (CCertificateMaster*) GetSystem()->GetDBSubSystem()->GetCertMasters()->GetNext(pos);
if(! pCert)
break;
CReadLock lock(pCert, false);
if(! lock.Lock(1000))
{
sTemp = "Can't lock one of the certificates right now\r\n";
m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK);
continue;
}
POSITION pos = pCert->GetTokenMap()->GetStartPosition();
LPCTSTR pFormat = "%-15s %-20s %8ld %10ld %-16s\r\n";
if(pos == NULL)
{
sTemp.Format(pFormat,
pCert->GetIP(),
(LPCTSTR) pCert->GetLastRefresh().Format("%c"),
pCert->GetId(),
pCert->GetUserClass(),
"");
m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK);
}
else
{
while(pos != NULL)
{
CAccessToken* pTok;
ULONG nId;
pCert->GetTokenMap()->GetNextAssoc(pos, nId, pTok);
if(pTok == NULL)
break;
sTemp.Format(pFormat,
pCert->GetIP(),
(LPCTSTR) pCert->GetLastRefresh().Format("%c"),
pCert->GetId(),
pCert->GetUserClass(),
pTok->GetName());
m_socket.Send(sTemp, sTemp.GetLength(), CSmallSocket::WAITFORWOULDBLOCK);
}
}
}
}
