/*++ Copyright (c) 1989 Microsoft Corporation Module Name: uipers.c Abstract: Temporary security context display command. Author: Jim Kelly (JimK) 23-May-1991 Revision History: --*/ #include #include #include #include #include #include #define _TST_USER_ // User mode test LUID SystemAuthenticationId = SYSTEM_LUID; // // Universal well known SIDs // PSID NullSid; PSID WorldSid; PSID LocalSid; PSID CreatorOwnerSid; // // Sids defined by NT // PSID NtAuthoritySid; PSID DialupSid; PSID NetworkSid; PSID BatchSid; PSID InteractiveSid; PSID LocalSystemSid; //////////////////////////////////////////////////////////////////////// // // // Define the well known privileges // // // //////////////////////////////////////////////////////////////////////// LUID CreateTokenPrivilege; LUID AssignPrimaryTokenPrivilege; LUID LockMemoryPrivilege; LUID IncreaseQuotaPrivilege; LUID UnsolicitedInputPrivilege; LUID TcbPrivilege; LUID SecurityPrivilege; LUID TakeOwnershipPrivilege; LUID LpcReplyBoostPrivilege; LUID CreatePagefilePrivilege; LUID IncreaseBasePriorityPrivilege; LUID SystemProfilePrivilege; LUID SystemtimePrivilege; LUID ProfileSingleProcessPrivilege; LUID RestorePrivilege; LUID BackupPrivilege; LUID CreatePermanentPrivilege; LUID ShutdownPrivilege; LUID DebugPrivilege; VOID DisplaySecurityContext( IN HANDLE TokenHandle ); VOID DisplayAccountSid( PSID Sid ); BOOLEAN SidTranslation( PSID Sid, PSTRING AccountName ); //////////////////////////////////////////////////////////////// // // // Private Macros // // // //////////////////////////////////////////////////////////////// #define PrintGuid(G) \ printf( "(0x%lx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx)\n", \ (G)->Data1, (G)->Data2, (G)->Data3, \ (G)->Data4[0], (G)->Data4[1], (G)->Data4[2], \ (G)->Data4[3], (G)->Data4[4], (G)->Data4[5], \ (G)->Data4[6], (G)->Data4[7]); \ BOOLEAN SidTranslation( PSID Sid, PSTRING AccountName ) // AccountName is expected to have a large maximum length { if (RtlEqualSid(Sid, WorldSid)) { RtlInitString( AccountName, "WORLD"); return(TRUE); } if (RtlEqualSid(Sid, LocalSid)) { RtlInitString( AccountName, "LOCAL"); return(TRUE); } if (RtlEqualSid(Sid, NetworkSid)) { RtlInitString( AccountName, "NETWORK"); return(TRUE); } if (RtlEqualSid(Sid, BatchSid)) { RtlInitString( AccountName, "BATCH"); return(TRUE); } if (RtlEqualSid(Sid, InteractiveSid)) { RtlInitString( AccountName, "INTERACTIVE"); return(TRUE); } if (RtlEqualSid(Sid, LocalSystemSid)) { RtlInitString( AccountName, "SYSTEM"); return(TRUE); } return(FALSE); } VOID DisplayAccountSid( PSID Sid ) { UCHAR Buffer[128]; STRING AccountName; UCHAR i; ULONG Tmp; PSID_IDENTIFIER_AUTHORITY IdentifierAuthority; UCHAR SubAuthorityCount; Buffer[0] = 0; AccountName.MaximumLength = 127; AccountName.Length = 0; AccountName.Buffer = (PVOID)&Buffer[0]; if (SidTranslation( (PSID)Sid, &AccountName) ) { printf("%s\n", AccountName.Buffer ); } else { IdentifierAuthority = RtlIdentifierAuthoritySid(Sid); // // HACK! HACK! // The next line prints the revision of the SID. Since there is no // rtl routine which gives us the SID revision, we must make due. // luckily, the revision field is the first field in the SID, so we // can just cast the pointer. // printf("S-%u-", (USHORT) *((PUCHAR) Sid) ); if ( (IdentifierAuthority->Value[0] != 0) || (IdentifierAuthority->Value[1] != 0) ){ printf("0x%02hx%02hx%02hx%02hx%02hx%02hx", IdentifierAuthority->Value[0], IdentifierAuthority->Value[1], IdentifierAuthority->Value[2], IdentifierAuthority->Value[3], IdentifierAuthority->Value[4], IdentifierAuthority->Value[5] ); } else { Tmp = IdentifierAuthority->Value[5] + (IdentifierAuthority->Value[4] << 8) + (IdentifierAuthority->Value[3] << 16) + (IdentifierAuthority->Value[2] << 24); printf("%lu", Tmp); } SubAuthorityCount = *RtlSubAuthorityCountSid(Sid); for (i=0;iQuadPart == CreateTokenPrivilege.QuadPart) { printf("SeCreateTokenPrivilege "); return(TRUE); } if (Privilege->QuadPart == AssignPrimaryTokenPrivilege.QuadPart) { printf("SeAssignPrimaryTokenPrivilege "); return(TRUE); } if (Privilege->QuadPart == LockMemoryPrivilege.QuadPart) { printf("SeLockMemoryPrivilege "); return(TRUE); } if (Privilege->QuadPart == IncreaseQuotaPrivilege.QuadPart) { printf("SeIncreaseQuotaPrivilege "); return(TRUE); } if ( Privilege->QuadPart == UnsolicitedInputPrivilege.QuadPart) { printf("SeUnsolicitedInputPrivilege "); return(TRUE); } if ( Privilege->QuadPart == TcbPrivilege.QuadPart) { printf("SeTcbPrivilege "); return(TRUE); } if ( Privilege->QuadPart == SecurityPrivilege.QuadPart) { printf("SeSecurityPrivilege (Security Operator) "); return(TRUE); } if ( Privilege->QuadPart == TakeOwnershipPrivilege.QuadPart) { printf("SeTakeOwnershipPrivilege "); return(TRUE); } if ( Privilege->QuadPart == LpcReplyBoostPrivilege.QuadPart) { printf("SeLpcReplyBoostPrivilege "); return(TRUE); } if ( Privilege->QuadPart == CreatePagefilePrivilege.QuadPart) { printf("SeCreatePagefilePrivilege "); return(TRUE); } if ( Privilege->QuadPart == IncreaseBasePriorityPrivilege.QuadPart) { printf("SeIncreaseBasePriorityPrivilege "); return(TRUE); } if ( Privilege->QuadPart == SystemProfilePrivilege.QuadPart) { printf("SeSystemProfilePrivilege "); return(TRUE); } if ( Privilege->QuadPart == SystemtimePrivilege.QuadPart) { printf("SeSystemtimePrivilege "); return(TRUE); } if ( Privilege->QuadPart == ProfileSingleProcessPrivilege.QuadPart) { printf("SeProfileSingleProcessPrivilege "); return(TRUE); } if ( Privilege->QuadPart == CreatePermanentPrivilege.QuadPart) { printf("SeCreatePermanentPrivilege "); return(TRUE); } if ( Privilege->QuadPart == BackupPrivilege.QuadPart) { printf("SeBackupPrivilege "); return(TRUE); } if ( Privilege->QuadPart == RestorePrivilege.QuadPart) { printf("SeRestorePrivilege "); return(TRUE); } if ( Privilege->QuadPart == ShutdownPrivilege.QuadPart) { printf("SeShutdownPrivilege "); return(TRUE); } if ( Privilege->QuadPart == DebugPrivilege.QuadPart) { printf("SeDebugPrivilege "); return(TRUE); } return(FALSE); } VOID DisplayPrivilege( PLUID_AND_ATTRIBUTES Privilege ) { // // Display the attributes assigned to the privilege. // printf(" ["); if (!(Privilege->Attributes & SE_PRIVILEGE_ENABLED)) { printf("Disabled"); } else { printf(" Enabled"); } //printf(", "); //if (!(Privilege->Attributes & SE_PRIVILEGE_ENABLED_BY_DEFAULT)) { // printf("Not "); //} //printf("Enabled By Default"); printf("] "); if (!DisplayPrivilegeName(&Privilege->Luid)) { printf("(Unknown Privilege. Value is: (0x%lx,0x%lx))", Privilege->Luid.HighPart, Privilege->Luid.LowPart ); } printf("\n"); return; } VOID DisplaySecurityContext( IN HANDLE TokenHandle ) { #define BUFFER_SIZE (2048) NTSTATUS Status; ULONG i; ULONG ReturnLength; TOKEN_STATISTICS ProcessTokenStatistics; LUID AuthenticationId; UCHAR Buffer[BUFFER_SIZE]; PTOKEN_USER UserId; PTOKEN_OWNER DefaultOwner; PTOKEN_PRIMARY_GROUP PrimaryGroup; PTOKEN_GROUPS GroupIds; PTOKEN_PRIVILEGES Privileges; ///////////////////////////////////////////////////////////////////////// // // // Logon ID // // // ///////////////////////////////////////////////////////////////////////// Status = NtQueryInformationToken( TokenHandle, // Handle TokenStatistics, // TokenInformationClass &ProcessTokenStatistics, // TokenInformation sizeof(TOKEN_STATISTICS), // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); AuthenticationId = ProcessTokenStatistics.AuthenticationId; printf(" Logon Session: "); if (RtlEqualLuid(&AuthenticationId, &SystemAuthenticationId )) { printf("(System Logon Session)\n"); } else { printf( "(0x%lx, 0x%lx)",AuthenticationId.LowPart, AuthenticationId.HighPart); } ///////////////////////////////////////////////////////////////////////// // // // User Id // // // ///////////////////////////////////////////////////////////////////////// UserId = (PTOKEN_USER)&Buffer[0]; Status = NtQueryInformationToken( TokenHandle, // Handle TokenUser, // TokenInformationClass UserId, // TokenInformation BUFFER_SIZE, // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); printf(" User id: "); DisplayAccountSid( UserId->User.Sid ); ///////////////////////////////////////////////////////////////////////// // // // Default Owner // // // ///////////////////////////////////////////////////////////////////////// DefaultOwner = (PTOKEN_OWNER)&Buffer[0]; Status = NtQueryInformationToken( TokenHandle, // Handle TokenOwner, // TokenInformationClass DefaultOwner, // TokenInformation BUFFER_SIZE, // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); printf(" Default Owner: "); DisplayAccountSid( DefaultOwner->Owner ); ///////////////////////////////////////////////////////////////////////// // // // Primary Group // // // ///////////////////////////////////////////////////////////////////////// PrimaryGroup = (PTOKEN_PRIMARY_GROUP)&Buffer[0]; Status = NtQueryInformationToken( TokenHandle, // Handle TokenPrimaryGroup, // TokenInformationClass PrimaryGroup, // TokenInformation BUFFER_SIZE, // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); printf(" Primary Group: "); DisplayAccountSid( PrimaryGroup->PrimaryGroup ); ///////////////////////////////////////////////////////////////////////// // // // Group Ids // // // ///////////////////////////////////////////////////////////////////////// printf("\n"); GroupIds = (PTOKEN_GROUPS)&Buffer[0]; Status = NtQueryInformationToken( TokenHandle, // Handle TokenGroups, // TokenInformationClass GroupIds, // TokenInformation BUFFER_SIZE, // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); //printf(" Number of groups: %ld\n", GroupIds->GroupCount); printf(" Groups: "); for (i=0; i < GroupIds->GroupCount; i++ ) { //printf(" Group %ld: ", i); DisplayAccountSid( GroupIds->Groups[i].Sid ); printf(" "); } ///////////////////////////////////////////////////////////////////////// // // // Privileges // // // ///////////////////////////////////////////////////////////////////////// printf("\n"); Privileges = (PTOKEN_PRIVILEGES)&Buffer[0]; Status = NtQueryInformationToken( TokenHandle, // Handle TokenPrivileges, // TokenInformationClass Privileges, // TokenInformation BUFFER_SIZE, // TokenInformationLength &ReturnLength // ReturnLength ); ASSERT(NT_SUCCESS(Status)); printf(" Privileges: \n"); if (Privileges->PrivilegeCount > 0) { for (i=0; i < Privileges->PrivilegeCount; i++ ) { DisplayPrivilege( &(Privileges->Privileges[i]) ); } } else { printf("(none assigned)\n"); } return; } VOID InitVars() { ULONG SidWithZeroSubAuthorities; ULONG SidWithOneSubAuthority; ULONG SidWithThreeSubAuthorities; ULONG SidWithFourSubAuthorities; SID_IDENTIFIER_AUTHORITY NullSidAuthority = SECURITY_NULL_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY WorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY LocalSidAuthority = SECURITY_LOCAL_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = SECURITY_CREATOR_SID_AUTHORITY; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; // // The following SID sizes need to be allocated // SidWithZeroSubAuthorities = RtlLengthRequiredSid( 0 ); SidWithOneSubAuthority = RtlLengthRequiredSid( 1 ); SidWithThreeSubAuthorities = RtlLengthRequiredSid( 3 ); SidWithFourSubAuthorities = RtlLengthRequiredSid( 4 ); // // Allocate and initialize the universal SIDs // NullSid = (PSID)malloc(SidWithOneSubAuthority); WorldSid = (PSID)malloc(SidWithOneSubAuthority); LocalSid = (PSID)malloc(SidWithOneSubAuthority); CreatorOwnerSid = (PSID)malloc(SidWithOneSubAuthority); RtlInitializeSid( NullSid, &NullSidAuthority, 1 ); RtlInitializeSid( WorldSid, &WorldSidAuthority, 1 ); RtlInitializeSid( LocalSid, &LocalSidAuthority, 1 ); RtlInitializeSid( CreatorOwnerSid, &CreatorSidAuthority, 1 ); *(RtlSubAuthoritySid( NullSid, 0 )) = SECURITY_NULL_RID; *(RtlSubAuthoritySid( WorldSid, 0 )) = SECURITY_WORLD_RID; *(RtlSubAuthoritySid( LocalSid, 0 )) = SECURITY_LOCAL_RID; *(RtlSubAuthoritySid( CreatorOwnerSid, 0 )) = SECURITY_CREATOR_OWNER_RID; // // Allocate and initialize the NT defined SIDs // NtAuthoritySid = (PSID)malloc(SidWithZeroSubAuthorities); DialupSid = (PSID)malloc(SidWithOneSubAuthority); NetworkSid = (PSID)malloc(SidWithOneSubAuthority); BatchSid = (PSID)malloc(SidWithOneSubAuthority); InteractiveSid = (PSID)malloc(SidWithOneSubAuthority); LocalSystemSid = (PSID)malloc(SidWithOneSubAuthority); RtlInitializeSid( NtAuthoritySid, &NtAuthority, 0 ); RtlInitializeSid( DialupSid, &NtAuthority, 1 ); RtlInitializeSid( NetworkSid, &NtAuthority, 1 ); RtlInitializeSid( BatchSid, &NtAuthority, 1 ); RtlInitializeSid( InteractiveSid, &NtAuthority, 1 ); RtlInitializeSid( LocalSystemSid, &NtAuthority, 1 ); *(RtlSubAuthoritySid( DialupSid, 0 )) = SECURITY_DIALUP_RID; *(RtlSubAuthoritySid( NetworkSid, 0 )) = SECURITY_NETWORK_RID; *(RtlSubAuthoritySid( BatchSid, 0 )) = SECURITY_BATCH_RID; *(RtlSubAuthoritySid( InteractiveSid, 0 )) = SECURITY_INTERACTIVE_RID; *(RtlSubAuthoritySid( LocalSystemSid, 0 )) = SECURITY_LOCAL_SYSTEM_RID; CreateTokenPrivilege = RtlConvertLongToLargeInteger(SE_CREATE_TOKEN_PRIVILEGE); AssignPrimaryTokenPrivilege = RtlConvertLongToLargeInteger(SE_ASSIGNPRIMARYTOKEN_PRIVILEGE); LockMemoryPrivilege = RtlConvertLongToLargeInteger(SE_LOCK_MEMORY_PRIVILEGE); IncreaseQuotaPrivilege = RtlConvertLongToLargeInteger(SE_INCREASE_QUOTA_PRIVILEGE); UnsolicitedInputPrivilege = RtlConvertLongToLargeInteger(SE_UNSOLICITED_INPUT_PRIVILEGE); TcbPrivilege = RtlConvertLongToLargeInteger(SE_TCB_PRIVILEGE); SecurityPrivilege = RtlConvertLongToLargeInteger(SE_SECURITY_PRIVILEGE); TakeOwnershipPrivilege = RtlConvertLongToLargeInteger(SE_TAKE_OWNERSHIP_PRIVILEGE); CreatePagefilePrivilege = RtlConvertLongToLargeInteger(SE_CREATE_PAGEFILE_PRIVILEGE); IncreaseBasePriorityPrivilege = RtlConvertLongToLargeInteger(SE_INC_BASE_PRIORITY_PRIVILEGE); SystemProfilePrivilege = RtlConvertLongToLargeInteger(SE_SYSTEM_PROFILE_PRIVILEGE); SystemtimePrivilege = RtlConvertLongToLargeInteger(SE_SYSTEMTIME_PRIVILEGE); ProfileSingleProcessPrivilege = RtlConvertLongToLargeInteger(SE_PROF_SINGLE_PROCESS_PRIVILEGE); CreatePermanentPrivilege = RtlConvertLongToLargeInteger(SE_CREATE_PERMANENT_PRIVILEGE); BackupPrivilege = RtlConvertLongToLargeInteger(SE_BACKUP_PRIVILEGE); RestorePrivilege = RtlConvertLongToLargeInteger(SE_RESTORE_PRIVILEGE); ShutdownPrivilege = RtlConvertLongToLargeInteger(SE_SHUTDOWN_PRIVILEGE); DebugPrivilege = RtlConvertLongToLargeInteger(SE_DEBUG_PRIVILEGE); } BOOLEAN _CRTAPI1 main() { NTSTATUS Status; HANDLE ProcessToken; InitVars(); // Initialize global variables printf("\n"); // // Open our process token // Status = NtOpenProcessToken( NtCurrentProcess(), TOKEN_QUERY, &ProcessToken ); if (!NT_SUCCESS(Status)) { printf("I'm terribly sorry, but you don't seem to have access to\n"); printf("open your own process's token.\n"); printf("\n"); return(FALSE); } printf("Your process level security context is:\n"); printf("\n"); DisplaySecurityContext( ProcessToken ); Status = NtClose( ProcessToken ); return(TRUE); }