PACL generate_acl()
{
PACL pAcl = NULL;
DWORD szAcl = 0;
PSID sids[2];
DWORD AceMask;
sids[0] = name_to_PSID("everyone");
sids[1] = name_to_PSID("administrators");
szAcl =
sizeof(ACL)+
((sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))*sizeof(sids)/sizeof(PSID))+
GetLengthSid(sids[0])+
GetLengthSid(sids[1]);
pAcl = (PACL) LocalAlloc(LPTR, szAcl);
if ( 0==InitializeAcl(pAcl, szAcl, ACL_REVISION) ) {
LocalFree(pAcl);
return NULL;
}
AceMask = (1<<30) | (1<<31);
if ( FALSE==AddAccessAllowedAce(pAcl, ACL_REVISION, AceMask, sids[0]) ) {
LocalFree(pAcl);
return NULL;
}
AceMask = (1<<28);
if ( FALSE==AddAccessAllowedAce(pAcl, ACL_REVISION, AceMask, sids[1]) ) {
LocalFree(pAcl);
return NULL;
}
return pAcl;
};
static SECURITY_ATTRIBUTES* security_attributes(void)
{
static int initialized;
static SECURITY_ATTRIBUTES asa;
static int aclbuf[512];
static ACL* acl = (ACL*)&aclbuf[0];
static SECURITY_DESCRIPTOR asd;
static int sid[SID_BUF_MAX];
if (initialized < 0)
return 0;
if (initialized > 0)
return &asa;
initialized = -1;
CopySid(sizeof(sid), (SID*)sid, &admins_sid_hdr);
*GetSidSubAuthority((SID*)sid, 1) = DOMAIN_ALIAS_RID_ADMINS;
InitializeSecurityDescriptor(&asd, SECURITY_DESCRIPTOR_REVISION);
if (!SetSecurityDescriptorGroup(&asd, (SID*)sid, 0))
return 0;
if (!InitializeAcl(acl, sizeof(ACL) + 2 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetLengthSid((SID*)sid) + GetLengthSid(&worldsid), ACL_REVISION))
return 0;
if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_ALL|READ_CONTROL|WRITE_DAC, (SID*)sid))
return 0;
if (!AddAccessAllowedAce(acl, ACL_REVISION, GENERIC_READ, &worldsid))
return 0;
if (!SetSecurityDescriptorDacl(&asd, 1, acl, 0))
return 0;
asa.nLength = sizeof(asa);
asa.bInheritHandle = 0;
asa.lpSecurityDescriptor = &asd;
initialized = 1;
return &asa;
}
/* Do some black magic with the NT security API.
* We prepare a DACL (Discretionary Access Control List) so that
* we, the creator, are allowed all access, while "Everyone Else"
* is only allowed to read and write to the pipe.
* This avoids security issues on shared hosts where a luser messes
* with the lower-level pipe settings and screws up the FastCGI service.
*/
static PACL prepare_named_pipe_acl(PSECURITY_DESCRIPTOR sd, LPSECURITY_ATTRIBUTES sa)
{
DWORD req_acl_size;
char everyone_buf[32], owner_buf[32];
PSID sid_everyone, sid_owner;
SID_IDENTIFIER_AUTHORITY
siaWorld = SECURITY_WORLD_SID_AUTHORITY,
siaCreator = SECURITY_CREATOR_SID_AUTHORITY;
PACL acl;
sid_everyone = (PSID)&everyone_buf;
sid_owner = (PSID)&owner_buf;
req_acl_size = sizeof(ACL) +
(2 * ((sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) + GetSidLengthRequired(1)));
acl = malloc(req_acl_size);
if (acl == NULL) {
return NULL;
}
if (!InitializeSid(sid_everyone, &siaWorld, 1)) {
goto out_fail;
}
*GetSidSubAuthority(sid_everyone, 0) = SECURITY_WORLD_RID;
if (!InitializeSid(sid_owner, &siaCreator, 1)) {
goto out_fail;
}
*GetSidSubAuthority(sid_owner, 0) = SECURITY_CREATOR_OWNER_RID;
if (!InitializeAcl(acl, req_acl_size, ACL_REVISION)) {
goto out_fail;
}
if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_GENERIC_READ | FILE_GENERIC_WRITE, sid_everyone)) {
goto out_fail;
}
if (!AddAccessAllowedAce(acl, ACL_REVISION, FILE_ALL_ACCESS, sid_owner)) {
goto out_fail;
}
if (!InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION)) {
goto out_fail;
}
if (!SetSecurityDescriptorDacl(sd, TRUE, acl, FALSE)) {
goto out_fail;
}
sa->lpSecurityDescriptor = sd;
return acl;
out_fail:
free(acl);
return NULL;
}
//设置注册表键读取的权限(KEY_READ||KEY_WRITE||KEY_ALL_ACCESS)
int SetKeySecurityEx(HKEY MainKey,LPCTSTR SubKey,DWORD security)
{
HKEY hKey;
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
PSID pSystemSid = NULL;
PSID pUserSid = NULL;
SECURITY_DESCRIPTOR sd;
PACL pDacl = NULL;
DWORD dwAclSize;
int iResult = 0;
__try
{
if(RegOpenKeyEx(MainKey, SubKey, 0, WRITE_DAC, &hKey)!= ERROR_SUCCESS)
__leave;
if(!AllocateAndInitializeSid(&sia,1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &pSystemSid ))
__leave;
if(!AllocateAndInitializeSid( &sia, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &pUserSid))
__leave;
dwAclSize = sizeof(ACL) + 2 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) + GetLengthSid(pSystemSid) + GetLengthSid(pUserSid) ;
pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
if(pDacl == NULL)
__leave;
if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
__leave;
if(!AddAccessAllowedAce( pDacl, ACL_REVISION, KEY_ALL_ACCESS, pSystemSid ))
__leave;
if(!AddAccessAllowedAce( pDacl, ACL_REVISION, (unsigned long)security, pUserSid ))
__leave;
if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
__leave;
if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE))
__leave;
if(RegSetKeySecurity(hKey, (SECURITY_INFORMATION)DACL_SECURITY_INFORMATION, &sd)!= ERROR_SUCCESS)
__leave;
iResult =1;
}
__finally
{
RegCloseKey(MainKey);
RegCloseKey(hKey);
if(pDacl !=NULL)
HeapFree(GetProcessHeap(), 0, pDacl);
if(pSystemSid !=NULL)
FreeSid(pSystemSid);
if(pUserSid !=NULL)
FreeSid(pUserSid);
}
return iResult;
}
PACL vncImportACL::BuildACL(){
PACL pACL = NULL;
// Need canonical order and normalization??
// Solution canonical order: aceAllowStart and aceDenyStart?
// Solution normalization: Check for multiple occurrance of SID
// in allow list and deny list and merge them.
long aclSize = 8; // For ACL header
for (ACE_DATA *i = lastDenyACE; i != NULL; i = i->next){
aclSize += GetLengthSid(i->pSID) + sizeof(ACCESS_DENIED_ACE) - sizeof(DWORD);
}
for (ACE_DATA *j = lastAllowACE; j != NULL; j = j->next){
aclSize += GetLengthSid(j->pSID) + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD);
}
pACL = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, aclSize);
// Initialize the new ACL.
if (InitializeAcl(pACL, aclSize, ACL_REVISION)) {
// Add the access-denied ACEs to the ACL.
for (ACE_DATA *i = lastDenyACE; i != NULL; i = i->next){
//Todo: add error handling.
AddAccessDeniedAce(pACL, ACL_REVISION, i->mask, i->pSID);
}
for (ACE_DATA *j = lastAllowACE; j != NULL; j = j->next){
//Todo: add error handling.
AddAccessAllowedAce(pACL, ACL_REVISION, j->mask, j->pSID);
}
}
return pACL;
}
DWORD
AddAccessAllowedACEToACL (
PACL *Acl,
DWORD PermissionMask,
LPTSTR Principal
)
{
ACL_SIZE_INFORMATION aclSizeInfo;
int aclSize;
DWORD returnValue;
PSID principalSID;
PACL oldACL, newACL;
oldACL = *Acl;
returnValue = GetPrincipalSID (Principal, &principalSID);
if (returnValue != ERROR_SUCCESS)
return returnValue;
GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
aclSize = aclSizeInfo.AclBytesInUse +
sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) +
GetLengthSid (principalSID) - sizeof (DWORD);
newACL = (PACL) new BYTE [aclSize];
if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
{
free (principalSID);
return GetLastError();
}
returnValue = CopyACL (oldACL, newACL);
if (returnValue != ERROR_SUCCESS)
{
free (principalSID);
return returnValue;
}
if (!AddAccessAllowedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
{
free (principalSID);
return GetLastError();
}
*Acl = newACL;
free (principalSID);
return ERROR_SUCCESS;
}
HRESULT COpcSecurity::AddAccessAllowedACEToACL(PACL *ppAcl, LPCTSTR pszPrincipal, DWORD dwAccessMask)
{
ACL_SIZE_INFORMATION aclSizeInfo;
int aclSize;
DWORD returnValue;
PSID principalSID;
PACL oldACL, newACL = NULL;
oldACL = *ppAcl;
returnValue = GetPrincipalSID(pszPrincipal, &principalSID);
if (FAILED(returnValue))
return returnValue;
aclSizeInfo.AclBytesInUse = 0;
if (*ppAcl != NULL)
GetAclInformation(oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof(ACL_SIZE_INFORMATION), AclSizeInformation);
aclSize = aclSizeInfo.AclBytesInUse + sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(principalSID) - sizeof(DWORD);
OPCTRY(newACL = (PACL) new BYTE[aclSize]);
if (newACL == NULL)
return E_OUTOFMEMORY;
if (!InitializeAcl(newACL, aclSize, ACL_REVISION))
{
free(principalSID);
return HRESULT_FROM_WIN32(GetLastError());
}
returnValue = CopyACL(newACL, oldACL);
if (FAILED(returnValue))
{
free(principalSID);
return returnValue;
}
if (!AddAccessAllowedAce(newACL, ACL_REVISION2, dwAccessMask, principalSID))
{
free(principalSID);
return HRESULT_FROM_WIN32(GetLastError());
}
*ppAcl = newACL;
if (oldACL != NULL)
free(oldACL);
free(principalSID);
return S_OK;
}
bool MWinAccessControlList::AddAccessAllow(const char *accountname,DWORD permission)
{
BYTE sidbuffer[100];
PSID psid=(SID *)&sidbuffer;
DWORD sidsize=sizeof(sidbuffer);
char domainbuffer[100];
DWORD domainbuffersize=sizeof(domainbuffer);
SID_NAME_USE snu;
if(LookupAccountNameA(NULL,accountname,psid,&sidsize
,(LPSTR)&domainbuffer,&domainbuffersize,&snu)==FALSE)
{
return false;
}
if(AddAccessAllowedAce(mpACL,ACL_REVISION,permission,psid)==false)
{
return false;
}
return true;
}
static BOOL new_acl(SaveAclStruct *save_acl){
HANDLE tokenh;
TOKEN_DEFAULT_DACL newdacl;
DWORD required;
PACL oldacl;
PACL newacl;
int i;
ACL_SIZE_INFORMATION si;
size_t newsize;
PSID extra_sid;
SID_IDENTIFIER_AUTHORITY nt_auth = SECURITY_NT_AUTHORITY;
TOKEN_DEFAULT_DACL dummy;
save_acl->initialized = FALSE;
if(!OpenProcessToken(GetCurrentProcess(),
TOKEN_READ|TOKEN_WRITE,&tokenh)){
log_warning("Failed to open access token.");
return FALSE;
}
save_acl->defdacl = &dummy;
required = sizeof(TOKEN_DEFAULT_DACL);
GetTokenInformation(tokenh,
TokenDefaultDacl,
&(save_acl->defdacl),
sizeof(TOKEN_DEFAULT_DACL),
&required);
if(required == 0){
log_warning("Failed to get any ACL info from token.");
CloseHandle(tokenh);
return FALSE;
}
save_acl->defdacl = LocalAlloc(LPTR,required);
if(!GetTokenInformation(tokenh,
TokenDefaultDacl,
save_acl->defdacl,
required,
&required)){
#ifdef HARDDEBUG
{
char *mes;
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
GetLastError(),
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(LPTSTR) &mes,
0,
NULL );
log_info(mes);
LocalFree(mes);
}
#endif
log_warning("Failed to get default ACL from token.");
CloseHandle(tokenh);
return FALSE;
}
oldacl = save_acl->defdacl->DefaultDacl;
if(!GetAclInformation(oldacl, &si, sizeof(si),
AclSizeInformation)){
log_warning("Failed to get size information for ACL");
CloseHandle(tokenh);
return FALSE;
}
if(!AllocateAndInitializeSid(&nt_auth,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,
0,
0,
0,
0,
0,
&extra_sid)){
log_warning("Failed to initialize administrator SID.");
CloseHandle(tokenh);
return FALSE;
}
newsize = si.AclBytesInUse + sizeof(ACL) +
sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(extra_sid);
newacl = LocalAlloc(LPTR,newsize);
if(!InitializeAcl(newacl, newsize, ACL_REVISION)){
log_warning("Failed to initialize new ACL.");
LocalFree(newacl);
FreeSid(extra_sid);
CloseHandle(tokenh);
return FALSE;
}
for(i=0;i<((int)si.AceCount);++i){
ACE_HEADER *ace_header;
if (!GetAce (oldacl, i, &ace_header)){
log_warning("Failed to get ACE from old ACL.");
LocalFree(newacl);
FreeSid(extra_sid);
CloseHandle(tokenh);
return FALSE;
}
if(!AddAce(newacl,ACL_REVISION,0xffffffff,ace_header,
ace_header->AceSize)){
log_warning("Failed to set ACE in new ACL.");
LocalFree(newacl);
FreeSid(extra_sid);
CloseHandle(tokenh);
return FALSE;
}
}
if(!AddAccessAllowedAce(newacl,
ACL_REVISION2,
PROCESS_ALL_ACCESS,
extra_sid)){
log_warning("Failed to add system ACE to new ACL.");
LocalFree(newacl);
FreeSid(extra_sid);
return FALSE;
}
newdacl.DefaultDacl = newacl;
if(!SetTokenInformation(tokenh,
TokenDefaultDacl,
&newdacl,
sizeof(newdacl))){
log_warning("Failed to set token information");
LocalFree(newacl);
FreeSid(extra_sid);
CloseHandle(tokenh);
return FALSE;
}
save_acl->initialized = TRUE;
save_acl->newacl = newacl;
save_acl->adminsid = extra_sid;
CloseHandle(tokenh);
return TRUE;
}
BOOL
CreateWindowStationAndDesktops(
IN OUT PWLSESSION Session)
{
BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE];
BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE];
PSID pLocalSystemSid = (PSID)&LocalSystemBuffer;
PSID pInteractiveSid = (PSID)InteractiveBuffer;
DWORD SidSize, AclSize;
PACL pDefaultAcl = NULL;
PACL pUserDesktopAcl = NULL;
SECURITY_DESCRIPTOR DefaultSecurityDescriptor;
SECURITY_ATTRIBUTES DefaultSecurity;
SECURITY_DESCRIPTOR UserDesktopSecurityDescriptor;
SECURITY_ATTRIBUTES UserDesktopSecurity;
BOOL ret = FALSE;
/*
* Prepare information for ACLs we will apply
*/
SidSize = SECURITY_MAX_SID_SIZE;
if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize))
{
ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
goto cleanup;
}
SidSize = SECURITY_MAX_SID_SIZE;
if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize))
{
ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
goto cleanup;
}
AclSize = sizeof(ACL)
+ FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid)
+ FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid);
pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
if (!pDefaultAcl || !pUserDesktopAcl)
{
ERR("WL: HeapAlloc() failed\n");
goto cleanup;
}
if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION)
|| !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION))
{
ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/*
* Create default ACL (window station, winlogon desktop, screen saver desktop)
*/
if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
|| !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid))
{
ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/*
* Create the default security descriptor
*/
if (!InitializeSecurityDescriptor(&DefaultSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
{
ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
goto cleanup;
}
if (!SetSecurityDescriptorDacl(&DefaultSecurityDescriptor, TRUE, pDefaultAcl, FALSE))
{
ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
goto cleanup;
}
DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
DefaultSecurity.lpSecurityDescriptor = &DefaultSecurityDescriptor;
DefaultSecurity.bInheritHandle = TRUE;
/*
* Create user desktop ACL
*/
if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
|| !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid))
{
ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/*
* Create the user desktop security descriptor
*/
if (!InitializeSecurityDescriptor(&UserDesktopSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION))
{
ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
goto cleanup;
}
if (!SetSecurityDescriptorDacl(&UserDesktopSecurityDescriptor, TRUE, pUserDesktopAcl, FALSE))
{
ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
goto cleanup;
}
UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
UserDesktopSecurity.lpSecurityDescriptor = &UserDesktopSecurityDescriptor;
UserDesktopSecurity.bInheritHandle = TRUE;
/*
* Create the interactive window station
*/
Session->InteractiveWindowStationName = L"WinSta0";
Session->InteractiveWindowStation = CreateWindowStationW(
Session->InteractiveWindowStationName,
0,
MAXIMUM_ALLOWED,
&DefaultSecurity);
if (!Session->InteractiveWindowStation)
{
ERR("WL: Failed to create window station (%lu)\n", GetLastError());
goto cleanup;
}
if (!SetProcessWindowStation(Session->InteractiveWindowStation))
{
ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/*
* Create the application desktop
*/
Session->ApplicationDesktop = CreateDesktopW(
L"Default",
NULL,
NULL,
0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
MAXIMUM_ALLOWED,
&UserDesktopSecurity);
if (!Session->ApplicationDesktop)
{
ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError());
goto cleanup;
}
/*
* Create the winlogon desktop
*/
Session->WinlogonDesktop = CreateDesktopW(
L"Winlogon",
NULL,
NULL,
0,
MAXIMUM_ALLOWED,
&DefaultSecurity);
if (!Session->WinlogonDesktop)
{
ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError());
goto cleanup;
}
/*
* Create the screen saver desktop
*/
Session->ScreenSaverDesktop = CreateDesktopW(
L"Screen-Saver",
NULL,
NULL,
0,
MAXIMUM_ALLOWED,
&DefaultSecurity);
if(!Session->ScreenSaverDesktop)
{
ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError());
goto cleanup;
}
/*
* Switch to winlogon desktop
*/
if (!SetThreadDesktop(Session->WinlogonDesktop) ||
!SwitchDesktop(Session->WinlogonDesktop))
{
ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError());
goto cleanup;
}
ret = TRUE;
cleanup:
if (!ret)
{
if (Session->ApplicationDesktop)
{
CloseDesktop(Session->ApplicationDesktop);
Session->ApplicationDesktop = NULL;
}
if (Session->WinlogonDesktop)
{
CloseDesktop(Session->WinlogonDesktop);
Session->WinlogonDesktop = NULL;
}
if (Session->ScreenSaverDesktop)
{
CloseDesktop(Session->ScreenSaverDesktop);
Session->ScreenSaverDesktop = NULL;
}
if (Session->InteractiveWindowStation)
{
CloseWindowStation(Session->InteractiveWindowStation);
Session->InteractiveWindowStation = NULL;
}
}
HeapFree(GetProcessHeap(), 0, pDefaultAcl);
HeapFree(GetProcessHeap(), 0, pUserDesktopAcl);
return ret;
}
BOOL
AddAceToDesktop(
IN HDESK Desktop,
IN PSID WinlogonSid,
IN PSID UserSid)
{
DWORD AclSize;
SECURITY_INFORMATION SecurityInformation;
PACL Acl = NULL;
PSECURITY_DESCRIPTOR DesktopSd = NULL;
BOOL Ret = FALSE;
/* Allocate ACL */
AclSize = sizeof(ACL)
+ FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(WinlogonSid);
/* Take user's sid into account */
if (UserSid)
AclSize += FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(UserSid);
Acl = HeapAlloc(GetProcessHeap(), 0, AclSize);
if (!Acl)
{
ERR("WL: HeapAlloc() failed\n");
goto cleanup;
}
/* Initialize ACL */
if (!InitializeAcl(Acl, AclSize, ACL_REVISION))
{
ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Add full desktop access ACE for winlogon */
if (!AddAccessAllowedAce(Acl, ACL_REVISION, DESKTOP_ALL, WinlogonSid))
{
ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Add full desktop access ACE for a user (if provided) */
if (UserSid && !AddAccessAllowedAce(Acl, ACL_REVISION, DESKTOP_ALL, UserSid))
{
ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Initialize new security descriptor */
DesktopSd = HeapAlloc(GetProcessHeap(), 0, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!InitializeSecurityDescriptor(DesktopSd, SECURITY_DESCRIPTOR_REVISION))
{
ERR("WL: InitializeSecurityDescriptor() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Add ACL to the security descriptor */
if (!SetSecurityDescriptorDacl(DesktopSd, TRUE, Acl, FALSE))
{
ERR("WL: SetSecurityDescriptorDacl() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Apply security to the window station */
SecurityInformation = DACL_SECURITY_INFORMATION;
if (!SetUserObjectSecurity(Desktop, &SecurityInformation, DesktopSd))
{
ERR("WL: SetUserObjectSecurity() failed (error %lu)\n", GetLastError());
goto cleanup;
}
/* Indicate success */
Ret = TRUE;
cleanup:
/* Free allocated stuff */
if (Acl) HeapFree(GetProcessHeap(), 0, Acl);
if (DesktopSd) HeapFree(GetProcessHeap(), 0, DesktopSd);
return Ret;
}
void ServiceStart(BOOL aService)
{
DWORD ThreadID,i;
wchar_t filename[MAX_PATH],access_filename[MAX_PATH];
InitInfo();
InitNotify();
{
HANDLE token; PTOKEN_USER token_user=NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthSystem={SECURITY_NT_AUTHORITY}; PSID pSystemSid=NULL;
if(AllocateAndInitializeSid(&SIDAuthSystem,1,SECURITY_LOCAL_SYSTEM_RID,0,0,0,0,0,0,0,&pSystemSid))
{
if(OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&token))
{
token_user=(PTOKEN_USER)DefaultTokenInformation(token,TokenUser);
if(token_user)
{
if((token_user->User.Sid)&&(pSystemSid)&&(IsValidSid(token_user->User.Sid))&&(IsValidSid(pSystemSid))&&(EqualSid(token_user->User.Sid,pSystemSid)))
IsSystem=TRUE;
free(token_user);
}
CloseHandle(token);
}
FreeSid(pSystemSid);
}
}
//get security from file.
EnablePrivilege(L"SeSecurityPrivilege");
if(!pipe_sd&&GetModuleFileNameW(NULL,filename,sizeofa(filename)))
{
wchar_t *filename_ptr;
DWORD res=GetFullPathNameW(filename,sizeofa(access_filename),access_filename,&filename_ptr);
if(res&&(res<sizeofa(access_filename))&&filename_ptr)
{
DWORD needed;
wcscpy(filename_ptr,ACCESS_NAMEW);
if(!GetFileSecurityW(access_filename,DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION,NULL,0,&needed))
if(GetLastError()==ERROR_INSUFFICIENT_BUFFER)
{
pipe_sd=(PSECURITY_DESCRIPTOR)malloc(needed);
if(pipe_sd)
{
if(!GetFileSecurityW(access_filename,DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION,pipe_sd,needed,&needed))
{
free(pipe_sd);
pipe_sd=NULL;
}
}
}
}
}
//create default security
if(!pipe_sd)
{
PSID pAccessSid=NULL;
PSID pSystemSid=NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthLocal={SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SIDAuthEveryone={SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SIDAuthSystem={SECURITY_NT_AUTHORITY};
DWORD sd_size=SECURITY_DESCRIPTOR_MIN_LENGTH+sizeof(ACL);
PACL pAcl=NULL;
if(GetAllowNetwork()?AllocateAndInitializeSid(&SIDAuthEveryone,1,SECURITY_WORLD_RID,0,0,0,0,0,0,0,&pAccessSid):AllocateAndInitializeSid(&SIDAuthLocal,1,SECURITY_LOCAL_RID,0,0,0,0,0,0,0,&pAccessSid))
{
if(AllocateAndInitializeSid(&SIDAuthSystem,1,SECURITY_LOCAL_SYSTEM_RID,0,0,0,0,0,0,0,&pSystemSid))
{
sd_size+=2*(sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD))+GetLengthSid(pAccessSid)+GetLengthSid(pSystemSid);
pipe_sd=(PSECURITY_DESCRIPTOR)malloc(sd_size);
if(pipe_sd)
{
pAcl=(PACL)(((char *)pipe_sd)+SECURITY_DESCRIPTOR_MIN_LENGTH);
if(!(InitializeAcl(pAcl,sd_size-SECURITY_DESCRIPTOR_MIN_LENGTH,ACL_REVISION)&&AddAccessAllowedAce(pAcl,ACL_REVISION,FILE_ALL_ACCESS,pAccessSid)&&AddAccessAllowedAce(pAcl,ACL_REVISION,FILE_ALL_ACCESS,pSystemSid)&&InitializeSecurityDescriptor(pipe_sd,SECURITY_DESCRIPTOR_REVISION)&&SetSecurityDescriptorDacl(pipe_sd,TRUE,pAcl,FALSE)))
{
free(pipe_sd);
pipe_sd=NULL;
}
}
FreeSid(pSystemSid);
}
FreeSid(pAccessSid);
}
}
for(i=0;i<GetThreadCount();i++)
{
threads[i]=CreateThread(NULL,0,ServiceStartThread,(void *)(DWORD_PTR)i,CREATE_SUSPENDED,&ThreadID);
if(threads[i])
{
SetThreadPriority(threads[i],GetHearPriority());
ResumeThread(threads[i]);
}
}
WaitStartEvent(aService);
if(aService) ReportStatusToSCMgr(SERVICE_RUNNING,NO_ERROR,0);
}
/**
* This function adjusts the specified Desktop to include the specfied
* user.
*
* See: http://msdn2.microsoft.com/en-us/library/aa379608(VS.85).aspx
**/
BOOL AddAceToDesktop(HDESK hdesk, PSID psid)
{
ACL_SIZE_INFORMATION aclSizeInfo;
BOOL bDaclExist;
BOOL bDaclPresent;
BOOL bSuccess = FALSE;
DWORD dwNewAclSize;
DWORD dwSidSize = 0;
DWORD dwSdSizeNeeded;
PACL pacl = NULL;
PACL pNewAcl = NULL;
PSECURITY_DESCRIPTOR psd = NULL;
PSECURITY_DESCRIPTOR psdNew = NULL;
PVOID pTempAce;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
unsigned int i;
try
{
// Obtain the security descriptor for the desktop object.
if (!GetUserObjectSecurity(
hdesk,
&si,
psd,
dwSidSize,
&dwSdSizeNeeded))
{
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
{
psd = (PSECURITY_DESCRIPTOR)HeapAlloc(
GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwSdSizeNeeded );
if (psd == NULL)
throw;
psdNew = (PSECURITY_DESCRIPTOR)HeapAlloc(
GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwSdSizeNeeded);
if (psdNew == NULL)
throw;
dwSidSize = dwSdSizeNeeded;
if (!GetUserObjectSecurity(
hdesk,
&si,
psd,
dwSidSize,
&dwSdSizeNeeded)
)
throw;
}
else
throw;
}
// Create a new security descriptor.
if (!InitializeSecurityDescriptor(
psdNew,
SECURITY_DESCRIPTOR_REVISION)
)
throw;
// Obtain the DACL from the security descriptor.
if (!GetSecurityDescriptorDacl(
psd,
&bDaclPresent,
&pacl,
&bDaclExist)
)
throw;
// Initialize.
ZeroMemory(&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION));
aclSizeInfo.AclBytesInUse = sizeof(ACL);
// Call only if NULL DACL.
if (pacl != NULL)
{
// Determine the size of the ACL information.
if (!GetAclInformation(
pacl,
(LPVOID)&aclSizeInfo,
sizeof(ACL_SIZE_INFORMATION),
AclSizeInformation)
)
throw;
}
// Compute the size of the new ACL.
dwNewAclSize = aclSizeInfo.AclBytesInUse +
sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psid) - sizeof(DWORD);
// Allocate buffer for the new ACL.
pNewAcl = (PACL)HeapAlloc(
GetProcessHeap(),
HEAP_ZERO_MEMORY,
dwNewAclSize);
if (pNewAcl == NULL)
throw;
// Initialize the new ACL.
if (!InitializeAcl(pNewAcl, dwNewAclSize, ACL_REVISION))
throw;
// If DACL is present, copy it to a new DACL.
if (bDaclPresent)
{
// Copy the ACEs to the new ACL.
if (aclSizeInfo.AceCount)
{
for (i=0; i < aclSizeInfo.AceCount; i++)
{
// Get an ACE.
if (!GetAce(pacl, i, &pTempAce))
throw;
// Add the ACE to the new ACL.
if (!AddAce(
pNewAcl,
ACL_REVISION,
MAXDWORD,
pTempAce,
((PACE_HEADER)pTempAce)->AceSize)
)
throw;
}
}
}
// Add ACE to the DACL.
if (!AddAccessAllowedAce(
pNewAcl,
ACL_REVISION,
GENERIC_ALL,
psid)
)
throw;
// Set new DACL to the new security descriptor.
if (!SetSecurityDescriptorDacl(
psdNew,
TRUE,
pNewAcl,
FALSE)
)
throw;
// Set the new security descriptor for the desktop object.
if (!SetUserObjectSecurity(hdesk, &si, psdNew))
throw;
// Indicate success.
bSuccess = TRUE;
}
catch(...)
{
// Free buffers.
if (pNewAcl != NULL)
HeapFree(GetProcessHeap(), 0, (LPVOID)pNewAcl);
if (psd != NULL)
HeapFree(GetProcessHeap(), 0, (LPVOID)psd);
if (psdNew != NULL)
HeapFree(GetProcessHeap(), 0, (LPVOID)psdNew);
}
return bSuccess;
}
isc_result_t
NTFS_Access_Control(const char *filename, const char *user, int access,
isc_boolean_t isdir) {
SECURITY_DESCRIPTOR sd;
BYTE aclBuffer[1024];
PACL pacl=(PACL)&aclBuffer;
BYTE sidBuffer[100];
PSID psid=(PSID) &sidBuffer;
DWORD sidBufferSize = sizeof(sidBuffer);
BYTE adminSidBuffer[100];
PSID padminsid=(PSID) &adminSidBuffer;
DWORD adminSidBufferSize = sizeof(adminSidBuffer);
BYTE otherSidBuffer[100];
PSID pothersid=(PSID) &otherSidBuffer;
DWORD otherSidBufferSize = sizeof(otherSidBuffer);
char domainBuffer[100];
DWORD domainBufferSize = sizeof(domainBuffer);
SID_NAME_USE snu;
DWORD NTFSbits;
int caccess;
/* Initialize an ACL */
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
return (ISC_R_NOPERM);
if (!InitializeAcl(pacl, sizeof(aclBuffer), ACL_REVISION))
return (ISC_R_NOPERM);
if (!LookupAccountName(0, user, psid, &sidBufferSize, domainBuffer,
&domainBufferSize, &snu))
return (ISC_R_NOPERM);
domainBufferSize = sizeof(domainBuffer);
if (!LookupAccountName(0, "Administrators", padminsid,
&adminSidBufferSize, domainBuffer, &domainBufferSize, &snu)) {
(void)GetLastError();
return (ISC_R_NOPERM);
}
domainBufferSize = sizeof(domainBuffer);
if (!LookupAccountName(0, "Everyone", pothersid,
&otherSidBufferSize, domainBuffer, &domainBufferSize, &snu)) {
(void)GetLastError();
return (ISC_R_NOPERM);
}
caccess = access;
/* Owner check */
NTFSbits = 0;
if (caccess & ISC_FSACCESS_READ)
NTFSbits |= FILE_GENERIC_READ;
if (caccess & ISC_FSACCESS_WRITE)
NTFSbits |= FILE_GENERIC_WRITE;
if (caccess & ISC_FSACCESS_EXECUTE)
NTFSbits |= FILE_GENERIC_EXECUTE;
/* For directories check the directory-specific bits */
if (isdir == ISC_TRUE) {
if (caccess & ISC_FSACCESS_CREATECHILD)
NTFSbits |= FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE;
if (caccess & ISC_FSACCESS_DELETECHILD)
NTFSbits |= FILE_DELETE_CHILD;
if (caccess & ISC_FSACCESS_LISTDIRECTORY)
NTFSbits |= FILE_LIST_DIRECTORY;
if (caccess & ISC_FSACCESS_ACCESSCHILD)
NTFSbits |= FILE_TRAVERSE;
}
if (NTFSbits == (FILE_GENERIC_READ | FILE_GENERIC_WRITE
| FILE_GENERIC_EXECUTE))
NTFSbits |= FILE_ALL_ACCESS;
/*
* Owner and Administrator also get STANDARD_RIGHTS_ALL
* to ensure that they have full control
*/
NTFSbits |= STANDARD_RIGHTS_ALL;
/* Add the ACE to the ACL */
if (!AddAccessAllowedAce(pacl, ACL_REVISION, NTFSbits, psid))
return (ISC_R_NOPERM);
if (!AddAccessAllowedAce(pacl, ACL_REVISION, NTFSbits, padminsid))
return (ISC_R_NOPERM);
/*
* Group is ignored since we can be in multiple groups or no group
* and its meaning is not clear on Win32
*/
caccess = caccess >> STEP;
/*
* Other check. We translate this to be the same as Everyone
*/
caccess = caccess >> STEP;
NTFSbits = 0;
if (caccess & ISC_FSACCESS_READ)
NTFSbits |= FILE_GENERIC_READ;
if (caccess & ISC_FSACCESS_WRITE)
NTFSbits |= FILE_GENERIC_WRITE;
if (caccess & ISC_FSACCESS_EXECUTE)
NTFSbits |= FILE_GENERIC_EXECUTE;
/* For directories check the directory-specific bits */
if (isdir == TRUE) {
if (caccess & ISC_FSACCESS_CREATECHILD)
NTFSbits |= FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE;
if (caccess & ISC_FSACCESS_DELETECHILD)
NTFSbits |= FILE_DELETE_CHILD;
if (caccess & ISC_FSACCESS_LISTDIRECTORY)
NTFSbits |= FILE_LIST_DIRECTORY;
if (caccess & ISC_FSACCESS_ACCESSCHILD)
NTFSbits |= FILE_TRAVERSE;
}
/* Add the ACE to the ACL */
if (!AddAccessAllowedAce(pacl, ACL_REVISION, NTFSbits,
pothersid))
return (ISC_R_NOPERM);
if (!SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE))
return (ISC_R_NOPERM);
if (!SetFileSecurity(filename, DACL_SECURITY_INFORMATION, &sd)) {
return (ISC_R_NOPERM);
}
return(ISC_R_SUCCESS);
}
// Initialize the User Conversation Interface.
DWORD InitConvInterface ( VOID )
{
HANDLE hThread, hThreadTcpip;
DWORD dwThreadID, dwThreadIDTcpip;
PSID pOwnerSid = NULL, pGroupSid = NULL;
BOOL fSuccess = TRUE;
PACL pAcl = NULL;
DWORD cbAcl;
DWORD dwRetCode;
PSID pSystemSid = NULL, pAnonymousSid = NULL, pInteractiveSid = NULL;
__try {
#ifndef TREESVR_STANDALONE
pOwnerSid = GetUserSid();
if( pOwnerSid == NULL )
__leave;
/*
fSuccess = GetAccountSid( NULL, "TreeServer Users", &pGroupSid );
if ( !fSuccess )
__leave;
*/
pGroupSid = CreateWorldSid();
if( pGroupSid == NULL )
__leave;
pSystemSid = CreateSystemSid();
if( pSystemSid == NULL )
__leave;
pAnonymousSid = CreateAnonymousSid();
if( pAnonymousSid == NULL )
__leave;
pInteractiveSid = CreateInteractiveSid();
if( pInteractiveSid == NULL )
__leave;
cbAcl = GetLengthSid( pOwnerSid ) + GetLengthSid( pGroupSid ) +
GetLengthSid( pSystemSid ) + GetLengthSid( pAnonymousSid ) + GetLengthSid( pInteractiveSid ) +
sizeof(ACL) + (5 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)));
pAcl = (PACL) HeapAlloc(GetProcessHeap(), 0, cbAcl);
if (NULL == pAcl)
__leave;
fSuccess = InitializeAcl(pAcl,
cbAcl,
ACL_REVISION);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pOwnerSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,//GENERIC_READ|GENERIC_WRITE,
pGroupSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pSystemSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pInteractiveSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pAnonymousSid);
if (FALSE == fSuccess)
__leave;
InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION );
fSuccess = SetSecurityDescriptorDacl(&sd,
TRUE,
pAcl,
FALSE);
if (FALSE == fSuccess)
__leave;
fSuccess = SetSecurityDescriptorOwner(
&sd,
pOwnerSid,
FALSE );
if ( !fSuccess )
__leave;
fSuccess = SetSecurityDescriptorGroup(
&sd,
pGroupSid,
FALSE );
if ( !fSuccess )
__leave;
sa.nLength = sizeof( SECURITY_ATTRIBUTES );
sa.lpSecurityDescriptor = (LPVOID)&sd;
sa.bInheritHandle = FALSE;
#endif
// Create the NamedPipe server thread, Process the user's connection.
hThread = CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)PipeSelectConnectThread,
(LPVOID)NULL,
0,
&dwThreadID );
// If operation not completed, return the system error code.
if( hThread == NULL )
{
fSuccess = FALSE;
__leave;
}
#ifndef TREESVR_STANDALONE
hThreadTcpip = CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)TcpipSelectConnectThread,
(LPVOID)NULL,
0,
&dwThreadIDTcpip );
// If operation not completed, return the system error code.
if( hThreadTcpip == NULL )
{
fSuccess = FALSE;
__leave;
}
#endif
}
__finally {
if( fSuccess ) {
// Set the thread Prority Class.
SetThreadPriority( hThread, THREAD_PRIORITY_ABOVE_NORMAL );
SystemResInfo.hConvThread = hThread;
SystemResInfo.dwConvThreadId = dwThreadID;
#ifndef TREESVR_STANDALONE
// Set the thread Prority Class.
SetThreadPriority( hThreadTcpip, THREAD_PRIORITY_ABOVE_NORMAL );
SystemResInfo.hConvThreadTcpip = hThreadTcpip;
SystemResInfo.dwConvThreadIdTcpip = dwThreadIDTcpip;
#endif
dwRetCode = TERR_SUCCESS;
}
else {
if( hThread != NULL ) {
CloseHandle( hThread );
}
dwRetCode = GetLastError();
if( pOwnerSid )
HeapFree( GetProcessHeap(), 0, pOwnerSid );
if( pGroupSid )
HeapFree( GetProcessHeap(), 0, pGroupSid );
if( pSystemSid )
HeapFree( GetProcessHeap(), 0, pSystemSid );
if( pInteractiveSid )
HeapFree( GetProcessHeap(), 0, pInteractiveSid );
if( pAnonymousSid )
HeapFree( GetProcessHeap(), 0, pAnonymousSid );
if( pAcl )
HeapFree( GetProcessHeap(), 0, pAcl );
}
}
return dwRetCode;
}
void CheckNddeShare()
{
DWORD dwAvail;
WORD wItems=0;
BYTE buffer[200];
//LPBYTE buffer;
CHAR szres[255];
DWORD err=0;
char szerror[16];
char *sztopiclist = {"bugboard|bugboard\0bugboard|bugboard\0bugboard|bugboard\0\0"};
//FARPROC fpNDdeShareGetInfo;
PSID pworldsid;
PACL pacl;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_WORLD_SID_AUTHORITY;
SECURITY_DESCRIPTOR sd;
//HINSTANCE hinstNDDEAPI=NULL;
SetErrorMode(SEM_FAILCRITICALERRORS); //_NOOPENFILEERRORBOX);
HINSTANCE hinstNDDEAPI = LoadLibrary("NDDEAPI.DLL");
if (NULL == hinstNDDEAPI) // <= HINSTANCE_ERROR)
{
MessageBox(NULL, "NDDEAPI.DLL not found in path", "bugboard.exe", MB_OK | MB_ICONSTOP);
return;
}
SGIPROC fpNDdeShareGetInfo = (SGIPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareGetInfoA");
if (fpNDdeShareGetInfo == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
UINT ret = (*fpNDdeShareGetInfo)(NULL, "bugboard$", 2,
buffer, sizeof(buffer), &dwAvail, &wItems);
if (ret != NDDE_SHARE_NOT_EXIST) {
return;
}
NDDESHAREINFO *pnddeInfo = (NDDESHAREINFO *)buffer;
SAPROC lpfnNDdeShareAdd =
(SAPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareAddA");
if (lpfnNDdeShareAdd == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
/* this is all different for win32 (NT)
lstrcpy(pnddeInfo->szShareName, "bugboard$");
pnddeInfo->lpszTargetApp = "bugboard";
pnddeInfo->lpszTargetTopic = "bugboard";
pnddeInfo->lpbPassword1 = (LPBYTE) "";
pnddeInfo->cbPassword1 = 0;
pnddeInfo->dwPermissions1 = 15;
pnddeInfo->lpbPassword2 = (LPBYTE) "";
pnddeInfo->cbPassword2 = 0;
pnddeInfo->dwPermissions2 = 0;
pnddeInfo->lpszItem = "";
pnddeInfo->cAddItems = 0;
pnddeInfo->lpNDdeShareItemInfo = NULL;
*/
// current structure
pnddeInfo->lRevision = 1L;
pnddeInfo->lpszShareName = _strdup("bugboard$");
pnddeInfo->lShareType = SHARE_TYPE_NEW | SHARE_TYPE_OLD | SHARE_TYPE_STATIC;
pnddeInfo->lpszAppTopicList = (LPTSTR)sztopiclist;
pnddeInfo->fSharedFlag = 1;
pnddeInfo->fService = 0;
pnddeInfo->fStartAppFlag = 0;
pnddeInfo->nCmdShow = SW_SHOWMAXIMIZED;
pnddeInfo->qModifyId[0] = 0;
pnddeInfo->qModifyId[1] = 0;
pnddeInfo->cNumItems = 0;
pnddeInfo->lpszItemList = "\0";
if (!AllocateAndInitializeSid( &IdentifierAuthority,
1,
SECURITY_WORLD_RID,
0,0,0,0,0,0,0,
&pworldsid))
{
FreeLibrary(hinstNDDEAPI);
return;
}
pacl = (ACL*)malloc(sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD) ) ;
InitializeAcl(pacl,
sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD),
ACL_REVISION);
if (!IsValidAcl) {
MessageBox(NULL, "ACL not valid", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!AddAccessAllowedAce(pacl,
ACL_REVISION,
STANDARD_RIGHTS_ALL | MAXIMUM_ALLOWED | GENERIC_ALL | ACCESS_SYSTEM_SECURITY,
pworldsid)) {
MessageBox(NULL, "Add ACE failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
MessageBox(NULL, "Init sd failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorOwner(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorGroup(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!IsValidSecurityDescriptor(&sd))
{
MessageBox(NULL, "Invalid sd", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
ret = (*lpfnNDdeShareAdd)(NULL, 2, &sd, buffer, sizeof(buffer));
if (ret != NDDE_NO_ERROR && ret != NDDE_SHARE_ALREADY_EXIST) {
SGSPROC lpfnNDdeGetErrorString =
(SGSPROC) GetProcAddress(hinstNDDEAPI, "NDdeGetErrorStringA");
if (lpfnNDdeGetErrorString == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
(*lpfnNDdeGetErrorString)(ret, (LPSTR)szres, 255);
MessageBox(NULL, (LPSTR)szres, "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
SSTPROC lpfnNDdeSetTrustedShare =
(SSTPROC) GetProcAddress(hinstNDDEAPI, "NDdeSetTrustedShareA");
if (NDDE_NO_ERROR != ((*lpfnNDdeSetTrustedShare)(NULL, pnddeInfo->lpszShareName, NDDE_TRUST_SHARE_INIT)))
{
MessageBox(NULL, "Unable to set trusted share", "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
}
FreeLibrary(hinstNDDEAPI);
}
BOOL OsIsAdmin(void)
{
BOOL fReturn = FALSE;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
__try
{
/*
AccessCheck() requires an impersonation token. We first get a
primary
token and then create a duplicate impersonation token. The
impersonation token is not actually assigned to the thread, but is
used in the call to AccessCheck. Thus, this function itself never
impersonates, but does use the identity of the thread. If the
thread
was impersonating already, this function uses that impersonation
context.
*/
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY,
TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation,
&hImpersonationToken))
__leave;
/*
Create the binary representation of the well-known SID that
represents the local administrators group. Then create the
security
descriptor and DACL with an ACE that allows only local admins
access.
After that, perform the access check. This will determine whether
the current user is a local admin.
*/
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask= ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask,
psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
/*
AccessCheck validates a security descriptor somewhat; set the
group
and owner so that enough of the security descriptor is filled out
to
make AccessCheck happy.
*/
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
/*
Initialize GenericMapping structure even though you
do not use generic rights.
*/
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
fReturn = FALSE;
__leave;
}
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return fReturn;
}
// https://ru.wikipedia.org/wiki/DACL + https://github.com/hfiref0x/WinObjEx64/tree/master/Source
BOOL AddAllowSidForDevice(PWCHAR wchPath, PSID lpSid, DWORD dwSidLength) {
OBJECT_ATTRIBUTES ObjAtt;
RtlZeroMemory(&ObjAtt, sizeof(ObjAtt));
UNICODE_STRING UserModeDeviceName;
WCHAR PathBuffer[MAX_PATH] = { 0 };
wcscpy_s(PathBuffer, L"\\??\\");
wcscat_s(PathBuffer, wchPath);
UserModeDeviceName.Buffer = PathBuffer;
UserModeDeviceName.Length = (USHORT)(wcslen(PathBuffer) * sizeof(WCHAR));
UserModeDeviceName.MaximumLength = (USHORT)(UserModeDeviceName.Length + sizeof(WCHAR));
InitializeObjectAttributes(&ObjAtt, &UserModeDeviceName, 0, 0, 0);
HANDLE hFile;
IO_STATUS_BLOCK IoStatusBlock;
NTSTATUS status = ntdll_ZwOpenFile(&hFile, WRITE_DAC | READ_CONTROL, &ObjAtt, &IoStatusBlock, 0, 0);
if (status != STATUS_SUCCESS) {
DebugOut("ZwOpenFile(..., %S,...) failed! (status=%x)\n", wchPath, status);
return FALSE;
}
DWORD LastError;
SECURITY_DESCRIPTOR *lpSd = NULL; // адрес дескриптора безопасности
DWORD dwSdLength = 0; // длина SD
if (!GetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, NULL, dwSdLength, &dwSdLength)) {
LastError = GetLastError();
if (LastError == ERROR_INSUFFICIENT_BUFFER) {
dwSdLength += 1000; // !! FIX_ME
lpSd = (SECURITY_DESCRIPTOR*)malloc(dwSdLength);
if (!GetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, lpSd, dwSdLength, &dwSdLength)) {
DebugOut("GetKernelObjectSecurity[2](...) failed! (LastError=0x%x)\n", GetLastError());
CloseHandle(hFile);
return FALSE;
}
} else {
DebugOut("GetKernelObjectSecurity[1](...) failed! (LastError=0x%x)\n", LastError);
CloseHandle(hFile);
return FALSE;
}
}
ACL* lpOldDacl; // указатель на старый DACL
BOOL bDaclPresent; // признак присутствия списка DACL
BOOL bDaclDefaulted; // признак списка DACL по умолчанию
if (!GetSecurityDescriptorDacl(lpSd, &bDaclPresent, &lpOldDacl, &bDaclDefaulted)) { // получаем список DACL из дескриптора безопасности
DebugOut("GetSecurityDescriptorDacl(...) failed! (LastError=0x%x)\n", GetLastError());
CloseHandle(hFile);
return FALSE;
}
DWORD dwDaclLength = lpOldDacl->AclSize + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + dwSidLength; // определяем длину нового DACL
ACL* lpNewDacl = (ACL*)malloc(dwDaclLength);
if (!InitializeAcl(lpNewDacl, dwDaclLength, ACL_REVISION)) { // инициализируем новый DACL
DebugOut("InitializeAcl(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!AddAccessAllowedAce(lpNewDacl, ACL_REVISION,ACCOUNT_ALLOW_RIGHTS, lpSid)) { // добавляем новый элемент в новый DACL
DebugOut("AddAccessAllowedAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
LPVOID lpAce; // указатель на элемент ACE
if (!GetAce(lpOldDacl, 0, &lpAce)) { // получаем адрес первого ACE в старом списке DACL
DebugOut("GetAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
// переписываем элементы из старого DACL в новый DACL
if (bDaclPresent) {
if (!AddAce(lpNewDacl, ACL_REVISION, MAXDWORD, lpAce, lpOldDacl->AclSize - sizeof(ACL))) {
DebugOut("AddAce(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
}
if (!IsValidAcl(lpNewDacl)) { // проверяем достоверность DACL
DebugOut("IsValidAcl(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
SECURITY_DESCRIPTOR sdAbsoluteSd; // абсолютный формат SD
if (!InitializeSecurityDescriptor(&sdAbsoluteSd, SECURITY_DESCRIPTOR_REVISION)) { // создаем новый дескриптор безопасности в абсолютной форме
DebugOut("InitializeSecurityDescriptor(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!SetSecurityDescriptorDacl(&sdAbsoluteSd, TRUE, lpNewDacl, FALSE)) { // устанавливаем DACL в новый дескриптор безопасности
DebugOut("SetSecurityDescriptorDacl(...) failed! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
// проверяем структуру дескриптора безопасности
if (!IsValidSecurityDescriptor(&sdAbsoluteSd)) {
DebugOut("IsValidSecurityDescriptor(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
if (!SetKernelObjectSecurity(hFile, DACL_SECURITY_INFORMATION, &sdAbsoluteSd)) { // устанавливаем новый дескриптор безопасности
DebugOut("IsValidSecurityDescriptor(...) == FALSE! (LastError=0x%x)\n", GetLastError());
free(lpNewDacl);
CloseHandle(hFile);
return FALSE;
}
free(lpNewDacl);
CloseHandle(hFile);
DebugOut("ACL Rules applyed to \"%S\"\n", PathBuffer);
return TRUE;
}
BOOL
CreateSecurityDescriptor(const char* pUserName, IN OUT SECURITY_DESCRIPTOR * psd)
{
BOOL fReturnCode = FALSE;
PSID psidAdmins = NULL;
PACL paclKey = NULL;
DWORD cbReferencedDomain = 16;
DWORD cbSid = 128;
LPSTR lpReferencedDomain = NULL;
PSID psidUser = NULL;
SID_NAME_USE sidNameUse;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
// Here we're creating a System Identifier (SID) to represent
// the Admin group.
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmins))
{
goto cleanup;
}
// Now we'll find the System Identifier which represents
// the specified user
if((psidUser = HeapAlloc(GetProcessHeap(), 0, cbSid)) == NULL)
{
goto cleanup;
}
if((lpReferencedDomain = (LPSTR) HeapAlloc(GetProcessHeap(), 0,
cbReferencedDomain)) == NULL)
{
goto cleanup;
}
if (!LookupAccountName(NULL, // local system
pUserName, // account name
psidUser, // receive SID of the account
&cbSid, // size of the SID
lpReferencedDomain, // buffer to receive user's domain
&cbReferencedDomain, // size of UserDomain buffer
&sidNameUse)) // type of the user account
{
fReturnCode = FALSE;
goto cleanup;
}
if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
{
goto cleanup;
}
// We want the admin group to own this key.
if (!SetSecurityDescriptorOwner(psd, psidAdmins, 0))
{
goto cleanup;
}
// Finally we must allocate and construct the discretionary
// access control list (DACL) for the key.
// Note that _alloca allocates memory on the stack frame
// which will automatically be deallocated when this routine
// exits.
//if (!(paclKey = (PACL) _alloca(ACL_BUFFER_SIZE)))
//{
// goto cleanup;
//}
if (!(paclKey = (PACL) malloc(ACL_BUFFER_SIZE)))
{
goto cleanup;
}
if (!InitializeAcl(paclKey, ACL_BUFFER_SIZE, ACL_REVISION))
{
goto cleanup;
}
// Our DACL will contain two access control entries (ACEs). One which allows
// members of the Admin group complete access to the key, and one which gives
// read-only access to everyone.
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidAdmins))
{
goto cleanup;
}
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidUser))
{
goto cleanup;
}
if (!IsValidAcl(paclKey))
{
goto cleanup;
}
// We must bind this DACL to the security descriptor...
if (!SetSecurityDescriptorDacl(psd, TRUE, paclKey, FALSE))
{
goto cleanup;
}
if (!IsValidSecurityDescriptor(psd))
{
goto cleanup;
}
fReturnCode = TRUE;
cleanup:
if (paclKey)
{
free(paclKey);
paclKey = NULL;
}
return fReturnCode;
}
int
__cdecl
wmain(
int argc,
wchar_t *argv[]
)
{
LPWSTR DirectoryToShare;
LPWSTR Sharename;
LPWSTR Username;
LPWSTR Server;
PSID pSid = NULL;
DWORD cbSid;
WCHAR RefDomain[DNLEN + 1];
DWORD cchDomain = DNLEN + 1;
SID_NAME_USE peUse;
SECURITY_DESCRIPTOR sd;
PACL pDacl = NULL;
DWORD dwAclSize;
SHARE_INFO_502 si502;
NET_API_STATUS nas;
BOOL bSuccess = FALSE; // assume this function fails
if(argc < 4) {
printf("Usage: %ls <directory> <sharename> <user/group> [\\\\Server]\n", argv[0]);
printf(" directory is fullpath of directory to share\n");
printf(" sharename is name of share on server\n");
printf(" user/group is an WinNT user/groupname (REDMOND\\sfield, Administrators, etc)\n");
printf(" optional Server is the name of the computer to create the share on\n");
printf("\nExample: %ls c:\\public public Everyone\n", argv[0]);
printf("c:\\public shared as public granting Everyone full access\n");
printf("\nExample: %ls c:\\private cool$ REDMOND\\sfield \\\\WINBASE\n", argv[0]);
printf("c:\\private on \\\\WINBASE shared as cool$ (hidden) granting REDMOND\\sfield access\n");
return RTN_USAGE;
}
//
// since the commandline was Unicode, just provide pointers to
// the relevant items
//
DirectoryToShare = argv[1];
Sharename = argv[2];
Username = argv[3];
if( argc > 4 ) {
Server = argv[4];
} else {
Server = NULL; // local machine
}
//
// initial allocation attempt for Sid
//
#define SID_SIZE 96
cbSid = SID_SIZE;
pSid = (PSID)HeapAlloc(GetProcessHeap(), 0, cbSid);
if(pSid == NULL) {
printf("HeapAlloc error!\n");
return RTN_ERROR;
}
//
// get the Sid associated with the supplied user/group name
// force Unicode API since we always pass Unicode string
//
if(!LookupAccountNameW(
NULL, // default lookup logic
Username, // user/group of interest from commandline
pSid, // Sid buffer
&cbSid, // size of Sid
RefDomain, // Domain account found on (unused)
&cchDomain, // size of domain in chars
&peUse
)) {
//
// if the buffer wasn't large enough, try again
//
if(GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
PSID psidTemp;
psidTemp = (PSID)HeapReAlloc(GetProcessHeap(), 0, pSid, cbSid);
if(psidTemp == NULL) {
printf("HeapReAlloc error!\n");
goto cleanup;
}
else
{
pSid = psidTemp;
}
cchDomain = DNLEN + 1;
if(!LookupAccountNameW(
NULL, // default lookup logic
Username, // user/group of interest from commandline
pSid, // Sid buffer
&cbSid, // size of Sid
RefDomain, // Domain account found on (unused)
&cchDomain, // size of domain in chars
&peUse
)) {
printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
goto cleanup;
}
} else {
printf("LookupAccountName error! (rc=%lu)\n", GetLastError());
goto cleanup;
}
}
//
// compute size of new acl
//
dwAclSize = sizeof(ACL) +
1 * ( sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) ) +
GetLengthSid(pSid) ;
//
// allocate storage for Acl
//
pDacl = (PACL)HeapAlloc(GetProcessHeap(), 0, dwAclSize);
if(pDacl == NULL) goto cleanup;
if(!InitializeAcl(pDacl, dwAclSize, ACL_REVISION))
goto cleanup;
//
// grant GENERIC_ALL (Full Control) access
//
if(!AddAccessAllowedAce(
pDacl,
ACL_REVISION,
GENERIC_ALL,
pSid
)) goto cleanup;
if(!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
goto cleanup;
if(!SetSecurityDescriptorDacl(&sd, TRUE, pDacl, FALSE)) {
fprintf(stderr, "SetSecurityDescriptorDacl error! (rc=%lu)\n",
GetLastError());
goto cleanup;
}
//
// setup share info structure
//
si502.shi502_netname = (LMSTR) Sharename;
si502.shi502_type = STYPE_DISKTREE;
si502.shi502_remark = NULL;
si502.shi502_permissions = 0;
si502.shi502_max_uses = SHI_USES_UNLIMITED;
si502.shi502_current_uses = 0;
si502.shi502_path = (LMSTR) DirectoryToShare;
si502.shi502_passwd = NULL;
si502.shi502_reserved = 0;
si502.shi502_security_descriptor = &sd;
nas = NetShareAdd(
(LMSTR) Server, // share is on local machine
502, // info-level
(LPBYTE)&si502, // info-buffer
NULL // don't bother with parm
);
if(nas != NO_ERROR) {
printf("NetShareAdd error! (rc=%lu)\n", nas);
goto cleanup;
}
bSuccess = TRUE; // indicate success
cleanup:
//
// free allocated resources
//
if(pDacl != NULL)
HeapFree(GetProcessHeap(), 0, pDacl);
if(pSid != NULL)
HeapFree(GetProcessHeap(), 0, pSid);
if(!bSuccess) {
return RTN_ERROR;
}
return RTN_OK;
}
PSECURITY_DESCRIPTOR
CreateDefaultSecurityDescriptor(VOID)
{
PSID LocalSystemSid = NULL;
PSID AdministratorsSid = NULL;
PSID EveryoneSid = NULL;
PACL Dacl;
DWORD DaclSize;
PSECURITY_DESCRIPTOR pSD = NULL;
/* create the SYSTEM, Administrators and Everyone SIDs */
if (!AllocateAndInitializeSid(&LocalSystemAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
0,
0,
0,
0,
0,
0,
0,
&LocalSystemSid) ||
!AllocateAndInitializeSid(&LocalSystemAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,
0,
0,
0,
0,
0,
&AdministratorsSid) ||
!AllocateAndInitializeSid(&WorldAuthority,
1,
SECURITY_WORLD_RID,
0,
0,
0,
0,
0,
0,
0,
&EveryoneSid))
{
DPRINT1("Failed initializing the SIDs for the default security descriptor (0x%p, 0x%p, 0x%p)\n",
LocalSystemSid, AdministratorsSid, EveryoneSid);
goto Cleanup;
}
/* allocate the security descriptor and DACL */
DaclSize = sizeof(ACL) +
((GetLengthSid(LocalSystemSid) +
GetLengthSid(AdministratorsSid) +
GetLengthSid(EveryoneSid)) +
(3 * FIELD_OFFSET(ACCESS_ALLOWED_ACE,
SidStart)));
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED,
(SIZE_T)DaclSize + sizeof(SECURITY_DESCRIPTOR));
if (pSD == NULL)
{
DPRINT1("Failed to allocate the default security descriptor and ACL\n");
goto Cleanup;
}
if (!InitializeSecurityDescriptor(pSD,
SECURITY_DESCRIPTOR_REVISION))
{
DPRINT1("Failed to initialize the default security descriptor\n");
goto Cleanup;
}
/* initialize and build the DACL */
Dacl = (PACL)((ULONG_PTR)pSD + sizeof(SECURITY_DESCRIPTOR));
if (!InitializeAcl(Dacl,
(DWORD)DaclSize,
ACL_REVISION))
{
DPRINT1("Failed to initialize the DACL of the default security descriptor\n");
goto Cleanup;
}
/* add the SYSTEM Ace */
if (!AddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LocalSystemSid))
{
DPRINT1("Failed to add the SYSTEM ACE\n");
goto Cleanup;
}
/* add the Administrators Ace */
if (!AddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
AdministratorsSid))
{
DPRINT1("Failed to add the Administrators ACE\n");
goto Cleanup;
}
/* add the Everyone Ace */
if (!AddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_EXECUTE,
EveryoneSid))
{
DPRINT1("Failed to add the Everyone ACE\n");
goto Cleanup;
}
/* set the DACL */
if (!SetSecurityDescriptorDacl(pSD,
TRUE,
Dacl,
FALSE))
{
DPRINT1("Failed to set the DACL of the default security descriptor\n");
Cleanup:
if (pSD != NULL)
{
LocalFree((HLOCAL)pSD);
pSD = NULL;
}
}
if (LocalSystemSid != NULL)
{
FreeSid(LocalSystemSid);
}
if (AdministratorsSid != NULL)
{
FreeSid(AdministratorsSid);
}
if (EveryoneSid != NULL)
{
FreeSid(EveryoneSid);
}
return pSD;
}
int my_security_attr_create(SECURITY_ATTRIBUTES **psa, const char **perror,
DWORD owner_rights, DWORD everyone_rights)
{
/* Top-level SID authority */
SID_IDENTIFIER_AUTHORITY world_auth= SECURITY_WORLD_SID_AUTHORITY;
PSID everyone_sid= 0;
HANDLE htoken= 0;
SECURITY_ATTRIBUTES *sa= 0;
PACL dacl= 0;
DWORD owner_token_length, dacl_length;
SECURITY_DESCRIPTOR *sd;
PTOKEN_USER owner_token;
PSID owner_sid;
My_security_attr *attr;
if (! is_nt())
{
*psa= 0;
return 0;
}
/*
Get SID of Everyone group. Easier to retrieve all SIDs each time
this function is called than worry about thread safety.
*/
if (! AllocateAndInitializeSid(&world_auth, 1, SECURITY_WORLD_RID,
0, 0, 0, 0, 0, 0, 0, &everyone_sid))
{
*perror= "Failed to retrieve the SID of Everyone group";
goto error;
}
/*
Get SID of the owner. Using GetSecurityInfo this task can be done
in just one call instead of five, but GetSecurityInfo declared in
aclapi.h, so I hesitate to use it.
SIC: OpenThreadToken works only if there is an active impersonation
token, hence OpenProcessToken is used.
*/
if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &htoken))
{
*perror= "Failed to retrieve thread access token";
goto error;
}
GetTokenInformation(htoken, TokenUser, 0, 0, &owner_token_length);
if (! my_multi_malloc(MYF(MY_WME),
&sa, ALIGN_SIZE(sizeof(SECURITY_ATTRIBUTES)) +
sizeof(My_security_attr),
&sd, sizeof(SECURITY_DESCRIPTOR),
&owner_token, owner_token_length,
0))
{
*perror= "Failed to allocate memory for SECURITY_ATTRIBUTES";
goto error;
}
bzero(owner_token, owner_token_length);
if (! GetTokenInformation(htoken, TokenUser, owner_token,
owner_token_length, &owner_token_length))
{
*perror= "GetTokenInformation failed";
goto error;
}
owner_sid= owner_token->User.Sid;
if (! IsValidSid(owner_sid))
{
*perror= "IsValidSid failed";
goto error;
}
/* Calculate the amount of memory that must be allocated for the DACL */
dacl_length= sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)-sizeof(DWORD)) * 2 +
GetLengthSid(everyone_sid) + GetLengthSid(owner_sid);
/* Create an ACL */
if (! (dacl= (PACL) my_malloc(dacl_length, MYF(MY_ZEROFILL|MY_WME))))
{
*perror= "Failed to allocate memory for DACL";
goto error;
}
if (! InitializeAcl(dacl, dacl_length, ACL_REVISION))
{
*perror= "Failed to initialize DACL";
goto error;
}
if (! AddAccessAllowedAce(dacl, ACL_REVISION, everyone_rights, everyone_sid))
{
*perror= "Failed to set up DACL";
goto error;
}
if (! AddAccessAllowedAce(dacl, ACL_REVISION, owner_rights, owner_sid))
{
*perror= "Failed to set up DACL";
goto error;
}
if (! InitializeSecurityDescriptor(sd, SECURITY_DESCRIPTOR_REVISION))
{
*perror= "Could not initialize security descriptor";
goto error;
}
if (! SetSecurityDescriptorDacl(sd, TRUE, dacl, FALSE))
{
*perror= "Failed to install DACL";
goto error;
}
sa->nLength= sizeof(*sa);
sa->bInheritHandle= TRUE;
sa->lpSecurityDescriptor= sd;
/* Save pointers to everyone_sid and dacl to be able to clean them up */
attr= (My_security_attr*) (((char*) sa) + ALIGN_SIZE(sizeof(*sa)));
attr->everyone_sid= everyone_sid;
attr->dacl= dacl;
*psa= sa;
CloseHandle(htoken);
return 0;
error:
if (everyone_sid)
FreeSid(everyone_sid);
if (htoken)
CloseHandle(htoken);
my_free(sa);
my_free(dacl);
*psa= 0;
return 1;
}
static ACL *
create_secure_dacl(char *user, ACCESS_MASK mask, SID *owner_sid)
{
DWORD rids[1] = {0};
gid_t grp[_MAX_GROUPS] = {0};
int i = 0;
int k = 0;
int cbAcl = 0;
ACL *ndacl = NULL;
char logb[LOG_BUF_SIZE] = {'\0' };
rids[0] = DOMAIN_ALIAS_RID_ADMINS;
k = getgids(getlogin(), grp, rids);
if ((k < _MAX_GROUPS) && (owner_sid != NULL)) {
grp[k] = sid_dup(owner_sid);
if (grp[k] == NULL) {
sprintf(logb, "failed to copy owner_sid");
log_err(-1, __func__, logb);
return NULL;
}
k++;
}
if (user != NULL && mask != 0) {
SID *sid = getgrpsid(user);
if (sid == NULL)
sid = getusersid(user);
if (sid) {
if (k == _MAX_GROUPS) {
grp[k-1] = sid;
} else {
grp[k] = sid;
k++;
}
}
}
cbAcl = sizeof(ACL);
for (i = 0 ; i < k; i++) {
// subtract ACE.SidStart from the size
int cbAce = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD);
// add this ACE's SID length
cbAce += GetLengthSid(grp[i]);
// add the length of each ACE to the total ACL length
cbAcl += cbAce;
}
ndacl = (ACL *)malloc(cbAcl);
if (ndacl == NULL) {
sprintf(logb, "failed to malloc %d bytes", cbAcl);
log_err(-1, __func__, logb);
return NULL;
}
InitializeAcl(ndacl, cbAcl, ACL_REVISION);
for (i=0; i < k; i++) {
char *name = getgrpname_full(grp[i]);
if (name == NULL)
name = getusername(grp[i]);
if (name == NULL)
continue;
if (user != NULL && mask != 0 && i == (k-1)) {
if (AddAccessAllowedAce(ndacl, ACL_REVISION, mask | 0x00100000, grp[i]) == 0) {
sprintf(logb, "failed to add %d to %s", mask,
name);
log_err(-1, __func__, logb);
}
} else {
if (AddAccessAllowedAce(ndacl, ACL_REVISION,
READS_MASK | WRITES_MASK | STANDARD_RIGHTS_ALL, grp[i]) == 0) {
sprintf(logb, "failed to add WRITES_MASK and READS_MASK to %s", name);
log_err(-1, __func__, logb);
}
}
(void)free(name);
LocalFree(grp[i]);
}
return (ndacl);
}
//------------------------------------------------------------------------------
//génération de profil DACL pour modifier les droits !!
BOOL create_sd_from_list( SECURITY_DESCRIPTOR *sdout, int num, ...)
{
va_list ap;
SID **sids = 0;
char *name;
DWORD amask;
DWORD acl_size;
PACL pacl = 0;
int i;
if((sids = (SID **)calloc(1,sizeof(SID *)*num)) == 0)return FALSE;
acl_size = num * (sizeof(ACL) +
sizeof(ACCESS_ALLOWED_ACE) +
sizeof(DWORD));
/* Collect all the SID's */
va_start( ap, num);
for( i = 0; i < num; i++) {
name = va_arg( ap, char *);
amask = va_arg(ap, DWORD);
if(get_sid( name, &sids[i]) == FALSE)goto cleanup;
acl_size += GetLengthSid(sids[i]);
}
va_end(ap);
if((pacl = (PACL)LocalAlloc( LMEM_FIXED, acl_size)) == 0)goto cleanup;
if(InitializeSecurityDescriptor( sdout, SECURITY_DESCRIPTOR_REVISION) == FALSE)goto cleanup;
if(InitializeAcl( pacl, acl_size, ACL_REVISION) == FALSE)goto cleanup;
va_start(ap, num);
for( i = 0; i < num; i++) {
ACE_HEADER *ace_p;
name = va_arg( ap, char *);
amask = va_arg( ap, DWORD);
if(AddAccessAllowedAce( pacl, ACL_REVISION, amask, sids[i]) == FALSE)goto cleanup;
/* Make sure the ACE is inheritable */
if(GetAce( pacl, 0, (LPVOID *)&ace_p) == FALSE)goto cleanup;
ace_p->AceFlags |= ( CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE);
}
/* Add the ACL into the sd. */
if(SetSecurityDescriptorDacl( sdout, TRUE, pacl, FALSE) == FALSE)goto cleanup;
for( i = 0; i < num; i++)
if(sids[i] != 0)
LocalFree((HLOCAL)sids[i]);
free(sids);
return TRUE;
cleanup:
if(sids != 0) {
for( i = 0; i < num; i++)
if(sids[i] != 0)
LocalFree((HLOCAL)sids[i]);
free(sids);
}
if(pacl != 0)
LocalFree((HLOCAL)pacl);
return FALSE;
}
//MailSlot of flush DNS cache Monitor
bool __fastcall FlushDNSMailSlotMonitor(
void)
{
//System security setting
std::shared_ptr<SECURITY_ATTRIBUTES> SecurityAttributes(new SECURITY_ATTRIBUTES());
std::shared_ptr<SECURITY_DESCRIPTOR> SecurityDescriptor(new SECURITY_DESCRIPTOR());
std::shared_ptr<char> ACL_Buffer(new char[PACKET_MAXSIZE]());
memset(ACL_Buffer.get(), 0, PACKET_MAXSIZE);
PSID SID_Value = nullptr;
InitializeSecurityDescriptor(SecurityDescriptor.get(), SECURITY_DESCRIPTOR_REVISION);
InitializeAcl((PACL)ACL_Buffer.get(), PACKET_MAXSIZE, ACL_REVISION);
ConvertStringSidToSidW(SID_ADMINISTRATORS_GROUP, &SID_Value);
AddAccessAllowedAce((PACL)ACL_Buffer.get(), ACL_REVISION, GENERIC_ALL, SID_Value);
SetSecurityDescriptorDacl(SecurityDescriptor.get(), true, (PACL)ACL_Buffer.get(), false);
SecurityAttributes->lpSecurityDescriptor = SecurityDescriptor.get();
SecurityAttributes->bInheritHandle = true;
//Create mailslot.
HANDLE hSlot = CreateMailslotW(MAILSLOT_NAME, PACKET_MAXSIZE - 1U, MAILSLOT_WAIT_FOREVER, SecurityAttributes.get());
if (hSlot == INVALID_HANDLE_VALUE)
{
LocalFree(SID_Value);
PrintError(LOG_ERROR_SYSTEM, L"Create mailslot error", GetLastError(), nullptr, 0);
return false;
}
ACL_Buffer.reset();
LocalFree(SID_Value);
//Initialization
BOOL Result = FALSE;
bool FlushDNS = false;
DWORD cbMessage = 0, cMessage = 0, cbRead = 0;
std::shared_ptr<wchar_t> lpszBuffer(new wchar_t[PACKET_MAXSIZE]());
wmemset(lpszBuffer.get(), 0, PACKET_MAXSIZE);
//MailSlot Monitor
for (;;)
{
cbMessage = 0;
cMessage = 0;
//Get mailslot messages.
Result = GetMailslotInfo(hSlot, nullptr, &cbMessage, &cMessage, nullptr);
if (Result == FALSE)
{
PrintError(LOG_ERROR_SYSTEM, L"Mailslot Monitor initialization error", GetLastError(), nullptr, 0);
CloseHandle(hSlot);
return false;
}
//Wait for messages.
if (cbMessage == MAILSLOT_NO_MESSAGE)
{
Sleep(LOOP_INTERVAL_TIME_MONITOR);
continue;
}
//Got messages.
FlushDNS = false;
while (cMessage > 0)
{
Result = ReadFile(hSlot, lpszBuffer.get(), cbMessage, &cbRead, nullptr);
if (Result == FALSE)
{
PrintError(LOG_ERROR_SYSTEM, L"MailSlot read messages error", GetLastError(), nullptr, 0);
CloseHandle(hSlot);
return false;
}
if (!FlushDNS && memcmp(lpszBuffer.get(), MAILSLOT_MESSAGE_FLUSH_DNS, wcslen(MAILSLOT_MESSAGE_FLUSH_DNS)) == EXIT_SUCCESS)
{
FlushDNS = true;
FlushAllDNSCache();
}
memset(lpszBuffer.get(), 0, PACKET_MAXSIZE);
//Get other mailslot messages.
Result = GetMailslotInfo(hSlot, nullptr, &cbMessage, &cMessage, nullptr);
if (Result == FALSE)
{
PrintError(LOG_ERROR_SYSTEM, L"Mailslot Monitor initialization error", GetLastError(), nullptr, 0);
CloseHandle(hSlot);
return false;
}
}
Sleep(LOOP_INTERVAL_TIME_MONITOR);
}
//Monitor terminated
CloseHandle(hSlot);
PrintError(LOG_ERROR_SYSTEM, L"MailSlot module Monitor terminated", 0, nullptr, 0);
return false;
}
// Basically Microsoft 118626
// Needed for vista as it fakes the admin rights on the registry and screws everything up
bool CGlobalSettings::isAdmin()
{
static int isAd = 0;
bool fReturn = false;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if(isAd)
return isAd>0?true:false;
__try
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation, &hImpersonationToken))
__leave;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
BOOL bRet;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bRet))
__leave;
fReturn = bRet?true:false;
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
}
isAd=fReturn?1:-1;
return fReturn;
}
HRESULT COpcSecurity::Attach(PSECURITY_DESCRIPTOR pSelfRelativeSD)
{
PACL pDACL = NULL;
PACL pSACL = NULL;
BOOL bDACLPresent, bSACLPresent;
BOOL bDefaulted;
PACL m_pDACL = NULL;
ACCESS_ALLOWED_ACE* pACE;
HRESULT hr;
PSID pUserSid;
PSID pGroupSid;
hr = Initialize();
if(FAILED(hr))
return hr;
// get the existing DACL.
if (!GetSecurityDescriptorDacl(pSelfRelativeSD, &bDACLPresent, &pDACL, &bDefaulted))
goto failed;
if (bDACLPresent)
{
if (pDACL)
{
// allocate new DACL.
m_pDACL = (PACL) malloc(pDACL->AclSize);
if (m_pDACL == NULL)
{
hr = E_OUTOFMEMORY;
goto failedMemory;
}
// initialize the DACL
if (!InitializeAcl(m_pDACL, pDACL->AclSize, ACL_REVISION))
goto failed;
// copy the ACES
for (int i = 0; i < pDACL->AceCount; i++)
{
if (!GetAce(pDACL, i, (void **)&pACE))
goto failed;
if (!AddAccessAllowedAce(m_pDACL, ACL_REVISION, pACE->Mask, (PSID)&(pACE->SidStart)))
goto failed;
}
if (!IsValidAcl(m_pDACL))
goto failed;
}
// set the DACL
if (!SetSecurityDescriptorDacl(m_pSD, m_pDACL ? TRUE : FALSE, m_pDACL, bDefaulted))
goto failed;
}
// get the existing SACL.
if (!GetSecurityDescriptorSacl(pSelfRelativeSD, &bSACLPresent, &pSACL, &bDefaulted))
goto failed;
if (bSACLPresent)
{
if (pSACL)
{
// allocate new SACL.
m_pSACL = (PACL) malloc(pSACL->AclSize);
if (m_pSACL == NULL)
{
hr = E_OUTOFMEMORY;
goto failedMemory;
}
// initialize the SACL
if (!InitializeAcl(m_pSACL, pSACL->AclSize, ACL_REVISION))
goto failed;
// copy the ACES
for (int i = 0; i < pSACL->AceCount; i++)
{
if (!GetAce(pSACL, i, (void **)&pACE))
goto failed;
if (!AddAccessAllowedAce(m_pSACL, ACL_REVISION, pACE->Mask, (PSID)&(pACE->SidStart)))
goto failed;
}
if (!IsValidAcl(m_pSACL))
goto failed;
}
// set the SACL
if (!SetSecurityDescriptorSacl(m_pSD, m_pSACL ? TRUE : FALSE, m_pSACL, bDefaulted))
goto failed;
}
if (!GetSecurityDescriptorOwner(m_pSD, &pUserSid, &bDefaulted))
goto failed;
if (FAILED(SetOwner(pUserSid, bDefaulted)))
goto failed;
if (!GetSecurityDescriptorGroup(m_pSD, &pGroupSid, &bDefaulted))
goto failed;
if (FAILED(SetGroup(pGroupSid, bDefaulted)))
goto failed;
if (!IsValidSecurityDescriptor(m_pSD))
goto failed;
return hr;
failed:
hr = HRESULT_FROM_WIN32(hr);
failedMemory:
if (m_pDACL)
{
free(m_pDACL);
m_pDACL = NULL;
}
if (m_pSD)
{
free(m_pSD);
m_pSD = NULL;
}
return hr;
}
/* ss_sendfiles:
Send a response naming the data pipe, collect further names
from further client messages, all according to the protocol above.
Start the data pipe and arrange that all the files are sent
by getting them all enqueued on the first queue.
Destroy PackQueue at the end. Arrange for the other queues
to be destroyed by the usual Queue mechanism, or destroy them
explicitly if they never get started.
*/
BOOL
ss_sendfiles(HANDLE hPipe, long lVersion)
{ /* Create the queues and set about filling the first one */
QUEUE PackQueue, ReadQueue, SendQueue;
#ifdef SOCKETS
SOCKET hpSend;
static BOOL SocketsInitialized = FALSE;
#else
HANDLE hpSend; /* the data pipe */
#endif /* SOCKETS */
char PipeName[80]; /* The name of the new data pipe */
BOOL Started = FALSE; /* TRUE if something enqueued */
#ifdef SOCKETS
if( !SocketsInitialized )
{
WSADATA WSAData;
if( ( WSAStartup( MAKEWORD( 1, 1 ), &WSAData ) ) == 0 )
{
SocketsInitialized = TRUE;
}
else
{
printf("WSAStartup failed");
}
}
#endif
{
/****************************************
We need security attributes for the pipe to let anyone other than the
current user log on to it.
***************************************/
/* Allocate DWORDs for the ACL to get them aligned. Round up to next DWORD above */
DWORD Acl[(sizeof(ACL)+sizeof(ACCESS_ALLOWED_ACE)+3)/4+4]; // + 4 by experiment!!
SECURITY_DESCRIPTOR sd;
PSECURITY_DESCRIPTOR psd = &sd;
PSID psid;
SID_IDENTIFIER_AUTHORITY SidWorld = SECURITY_WORLD_SID_AUTHORITY;
PACL pacl = (PACL)(&(Acl[0]));
SECURITY_ATTRIBUTES sa;
BOOL brc;
DWORD lasterr;
if (!AllocateAndInitializeSid( &SidWorld, 1, SECURITY_WORLD_RID
, 1, 2, 3, 4, 5, 6, 7
, &psid
)
) {
Error("AllocateAndInitializeSid");
return FALSE;
}
if (!InitializeAcl(pacl, sizeof(Acl), ACL_REVISION)){
Error("InitializeAcl");
return FALSE;
}
if (!AddAccessAllowedAce(pacl, ACL_REVISION, GENERIC_WRITE|GENERIC_READ, psid)){
Error("AddAccessAllowedAce");
return FALSE;
}
if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION)){
Error("InitializeSecurityDescriptor");
return FALSE;
}
if (!SetSecurityDescriptorDacl(psd, TRUE, pacl, FALSE)){
Error("SetSecurityDescriptorDacl");
return FALSE;
}
sa.nLength = sizeof(sa);
sa.lpSecurityDescriptor = psd;
sa.bInheritHandle = TRUE;
/* We now have a good security descriptor! */
/* Create the (new, unique) name of the pipe and then create the pipe */
/* I am finding it hard to decide whether the following line (++PpipeCount)
actually needs a critical section or not. The worst that could happen
would be that we got an attempt to create a pipe with an existing name.
*/
++PipeCount;
sprintf(PipeName, "\\\\.\\pipe\\%s%d", PIPEPREFIX, PipeCount);
#ifdef SOCKETS
if (!ss_sendnewresp( hPipe, SS_VERSION, SSRESP_PIPENAME
, 0, 0, 0, TCPPORT, "")) {
dprintf1(( "Failed to send response on pipe %x naming new pipe.\n"
, hPipe));
return FALSE; /* Caller will close hPipe */
}
if( !SocketListen( TCPPORT, &hpSend ) )
{
dprintf1(("Could not create socket\n"));
return FALSE;
}
FreeSid(psid);
#else
hpSend = CreateNamedPipe(PipeName, /* pipe name */
PIPE_ACCESS_DUPLEX, /* both read and write */
PIPE_WAIT|PIPE_TYPE_MESSAGE|PIPE_READMODE_MESSAGE,
1, /* at most one instance */
10000, /* sizeof(SSNEWPACK) + some for luck */
0, /* dynamic inbound buffer allocation */
5000, /* def. timeout 5 seconds */
&sa /* security descriptor */
);
FreeSid(psid);
if (hpSend == INVALID_HANDLE_VALUE) {
dprintf1(("Could not create named data pipe\n"));
return FALSE;
}
dprintf1(("Data pipe %x called '%s' created for main pipe %x.\n", hpSend, PipeName, hPipe));
#endif /* SOCKETS */
}
/* Send the response which names the data pipe */
#ifndef SOCKETS
if (!ss_sendnewresp( hPipe, SS_VERSION, SSRESP_PIPENAME
, 0, 0, 0, 0, PipeName)) {
dprintf1(( "Failed to send response on pipe %x naming new pipe.\n"
, hPipe));
CLOSEHANDLE(hpSend);
return FALSE; /* Caller will close hPipe */
}
if (!ConnectNamedPipe(hpSend, NULL)) {
CLOSEHANDLE(hpSend);
return FALSE;
}
#endif /* NOT SOCKETS */
//dprintf1(("Client connected to data pipe -- here we go...\n"));
/* Create all the queues: Allow up to 10K file names to be queued
up to 10 files to be packed in advance and 6 buffers of data to be
read into main storage in advance:
proc MxMT MnQS MxQ Event InstData Name*/
SendQueue = Queue_Create(SendData, 1, 0, 6, NULL, (DWORD)hpSend, "SendQueue");
ReadQueue = Queue_Create(ReadInFile, 1, 0, 10, NULL, (DWORD)SendQueue, "ReadQueue");
PackQueue = Queue_Create(PackFile, 3, 0, 99999, NULL, (DWORD)ReadQueue, "PackQueue");
/* Abort unless it all worked */
if (PackQueue==NULL || ReadQueue==NULL || SendQueue==NULL) {
dprintf1(("Queues for pipe %x failed to Create. Aborting...\n", hPipe));
if (PackQueue) Queue_Destroy(PackQueue);
if (ReadQueue) Queue_Destroy(ReadQueue);
if (SendQueue) Queue_Destroy(SendQueue);
CLOSEHANDLE(hpSend);
return FALSE; /* Caller will close hPipe */
}
/* Collect names from client and enqueue each one */
for (; ; )
{ SSNEWREQ Request; /* message from client */
DWORD ActSize; /* bytes read from (main) pipe */
if (ReadFile(hPipe, &Request, sizeof(Request), &ActSize, NULL)){
if (Request.lVersion>SS_VERSION) {
dprintf1(("Bad version %d in file list request on pipe %x\n"
, Request.lVersion, hPipe));
break;
}
if (Request.lRequest!=LREQUEST) {
dprintf1(("Bad LREQUEST from pipe %x\n", hPipe));
break;
}
if (Request.lCode == -SSREQ_ENDFILES) {
dprintf1(("End of client's files list on pipe %x\n", hPipe));
/* This is the clean way to end */
Queue_Destroy(PackQueue);
if (!Started) {
/* OK - so the clever clogs requested zero files */
Queue_Destroy(ReadQueue);
Queue_Destroy(SendQueue);
/* Send a No More Files response */
#ifdef SOCKETS
{
SSNEWRESP resp;
resp.lVersion = SS_VERSION;
resp.lResponse = LRESPONSE;
resp.lCode = SSRESP_END;
resp.ulSize = 0;
resp.ulSum = 0;
resp.ft_lastwrite.dwLowDateTime = 0;
resp.ft_lastwrite.dwHighDateTime = 0;
send(hpSend, (PSTR) &resp, sizeof(resp), 0);
}
#else
ss_sendnewresp( hpSend, SS_VERSION, SSRESP_END
, 0,0, 0,0, NULL);
#endif /* SOCKETS */
CLOSEHANDLE(hpSend);
}
return TRUE;
}
if (Request.lCode != -SSREQ_NEXTFILE) {
dprintf1(( "Bad code (%d) in files list from pipe %x\n"
, Request.lCode, hPipe));
break;
}
}
else { DWORD errorcode = GetLastError();
switch(errorcode) {
case ERROR_NO_DATA:
case ERROR_BROKEN_PIPE:
/* pipe connection lost - forget it */
dprintf1(("main pipe %x broken on read\n", hPipe));
break;
default:
dprintf1(("read error %d on main pipe %x\n", errorcode, hPipe));
break;
}
break;
}
if (!EnqueueName( PackQueue, Request.szPath
, (UINT)((LPBYTE)(&Request) + ActSize - (LPBYTE)(&Request.szPath))
)
){
break;
}
Started = TRUE;
} /* loop */
/* only exit this way on error */
/* Close the queues down. Allow what's in them to run through */
Queue_Destroy(PackQueue);
if (!Started) {
Queue_Destroy(ReadQueue);
Queue_Destroy(SendQueue);
}
return FALSE;
} /* ss_sendfiles */
BOOL AddAceToDesktop(HDESK hdesk, PSID psid)
{
// Obtain the security descriptor for the desktop object.
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
DWORD sd_size = 0;
if (!GetUserObjectSecurity(hdesk, &si, NULL, 0, &sd_size)) {
if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
}
auto_buffer<PSECURITY_DESCRIPTOR> psd(sd_size);
if (!GetUserObjectSecurity(hdesk, &si, psd.get(), sd_size, &sd_size)) {
printf("GetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
// Create a new security descriptor.
auto_buffer<PSECURITY_DESCRIPTOR> psd_new(sd_size);
if (!InitializeSecurityDescriptor(psd_new.get(), SECURITY_DESCRIPTOR_REVISION)) {
printf("InitializeSecurityDescriptor() failed: %d\n", GetLastError());
return FALSE;
}
// Obtain the DACL from the security descriptor.
BOOL bDaclPresent;
PACL pacl;
BOOL bDaclExist;
if (!GetSecurityDescriptorDacl(psd.get(), &bDaclPresent, &pacl, &bDaclExist)) {
printf("GetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Initialize.
ACL_SIZE_INFORMATION aclSizeInfo = {};
aclSizeInfo.AclBytesInUse = sizeof(ACL);
if (pacl != NULL) {
// Determine the size of the ACL information.
if (!GetAclInformation(pacl, (LPVOID)&aclSizeInfo, sizeof aclSizeInfo, AclSizeInformation)) {
printf("GetAclInformation() failed: %d\n", GetLastError());
return FALSE;
}
}
// Allocate buffer for the new ACL.
DWORD dwNewAclSize = aclSizeInfo.AclBytesInUse +
sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psid) - sizeof(DWORD);
auto_buffer<PACL> new_acl(dwNewAclSize);
// Initialize the new ACL.
if (!InitializeAcl(new_acl.get(), dwNewAclSize, ACL_REVISION)) {
printf("InitializeAcl() failed: %d\n", GetLastError());
return FALSE;
}
// If DACL is present, copy it to a new DACL.
if (bDaclPresent) {
// Copy the ACEs to the new ACL.
if (aclSizeInfo.AceCount) {
for (DWORD i = 0; i != aclSizeInfo.AceCount; ++i) {
// Get an ACE.
PVOID pTempAce;
if (!GetAce(pacl, i, &pTempAce)) {
printf("GetAce() failed: %d\n", GetLastError());
return FALSE;
}
// Add the ACE to the new ACL.
if (!AddAce(new_acl.get(), ACL_REVISION,MAXDWORD, pTempAce,
((PACE_HEADER)pTempAce)->AceSize)) {
printf("AddAce() failed: %d\n", GetLastError());
return FALSE;
}
}
}
}
// Add ACE to the DACL.
if (!AddAccessAllowedAce(new_acl.get(), ACL_REVISION, DESKTOP_ALL, psid)) {
printf("AddAccessAllowedAce() failed: %d\n", GetLastError());
return FALSE;
}
// Set new DACL to the new security descriptor.
if (!SetSecurityDescriptorDacl(psd_new.get(), TRUE, new_acl.get(), FALSE)) {
printf("SetSecurityDescriptorDacl() failed: %d\n", GetLastError());
return FALSE;
}
// Set the new security descriptor for the desktop object.
if (!SetUserObjectSecurity(hdesk, &si, psd_new.get())) {
printf("SetUserObjectSecurity() failed: %d\n", GetLastError());
return FALSE;
}
return TRUE;
}
//Code taken from http://stackoverflow.com/questions/1453497/discover-if-user-has-admin-rights Have not checked if it is valid yet.... TODO!!!
bool RemoteDesktop::IsUserAdmin(){
struct Data
{
PACL pACL;
PSID psidAdmin;
HANDLE hToken;
HANDLE hImpersonationToken;
PSECURITY_DESCRIPTOR psdAdmin;
Data() : pACL(NULL), psidAdmin(NULL), hToken(NULL),
hImpersonationToken(NULL), psdAdmin(NULL)
{}
~Data()
{
if (pACL)
LocalFree(pACL);
if (psdAdmin)
LocalFree(psdAdmin);
if (psidAdmin)
FreeSid(psidAdmin);
if (hImpersonationToken)
CloseHandle(hImpersonationToken);
if (hToken)
CloseHandle(hToken);
}
} data;
BOOL fReturn = FALSE;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE | TOKEN_QUERY, TRUE, &data.hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
return false;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &data.hToken))
return false;
}
if (!DuplicateToken(data.hToken, SecurityImpersonation, &data.hImpersonationToken))
return false;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &data.psidAdmin))
return false;
data.psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (data.psdAdmin == NULL)
return false;
if (!InitializeSecurityDescriptor(data.psdAdmin, SECURITY_DESCRIPTOR_REVISION))
return false;
// Compute size needed for the ACL.
auto dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(data.psidAdmin) - sizeof(DWORD);
data.pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (data.pACL == NULL)
return false;
if (!InitializeAcl(data.pACL, dwACLSize, ACL_REVISION2))
return false;
DWORD dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(data.pACL, ACL_REVISION2, dwAccessMask, data.psidAdmin))
return false;
if (!SetSecurityDescriptorDacl(data.psdAdmin, TRUE, data.pACL, FALSE))
return false;
// AccessCheck validates a security descriptor somewhat; set the group
// and owner so that enough of the security descriptor is filled out
// to make AccessCheck happy.
SetSecurityDescriptorGroup(data.psdAdmin, data.psidAdmin, FALSE);
SetSecurityDescriptorOwner(data.psdAdmin, data.psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(data.psdAdmin))
return false;
DWORD dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
DWORD dwStatus = 0;
if (!AccessCheck(data.psdAdmin, data.hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
return false;
}
return fReturn == TRUE;
}
