|
|
/*++
Copyright (c) 1992-1999 Microsoft Corporation
Module Name:
dumpnt.c
Abstract:
Dump routines for various native defined types.
The original/maintained version of this code lives @ \\brillig\ntct!slm\src\security\util\dumpnt.c
Author:
TimF 12-Jun-92 created
Revision History:
JinHuang 13-Feb-98 modified*/
#include <stdio.h>
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <ntlsa.h>
#include <ntsam.h>
#include "dumpnt.h"
/*
* Generic header: * * Dump<TYPE_FOO> * * Takes a pointer to an object of TYPE_FOO, and dumps the contents of that * structure to wherever output is being sent these days (as best it can). * * Pointers and regions pointed are expected to be valid, and accessible. * * No return value is defined. */
VOIDDumpGUID( IN GUID *g){ if (!g) { printf("<NULL>\n"); } else { try { printf("0x%08lx-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x\n", g -> Data1, g -> Data2, g -> Data3, g -> Data4[0], g -> Data4[1], g -> Data4[2], g -> Data4[3], g -> Data4[4], g -> Data4[5], g -> Data4[6], g -> Data4[7]); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpGUID: invalid pointer (0x%p)\n", g); } }}
VOIDDumpSID( IN PSID s){ static char b[128];
SID_IDENTIFIER_AUTHORITY *a; ULONG id = 0, i;
try { b[0] = '\0';
a = RtlIdentifierAuthoritySid(s);
sprintf(b, "s-0x1-%02x%02x%02x%02x%02x%02x", a -> Value[0], a -> Value[1], a -> Value[2], a -> Value[3], a -> Value[4], a -> Value[5]);
for (i = 0; i < *RtlSubAuthorityCountSid(s); i++) { sprintf(b, "%s-%lx", b, *RtlSubAuthoritySid(s, i)); }
printf("%s", b); } except (EXCEPTION_EXECUTE_HANDLER) { printf("%s<invalid pointer: 0x%p>\t", b, s); }}
/*
* DumpSIDNAME() attempts to unravel the Sid into a Display Name */
VOIDDumpSIDNAME( IN PSID s){ NTSTATUS Status; LSA_HANDLE Policy; OBJECT_ATTRIBUTES ObjAttr; SECURITY_QUALITY_OF_SERVICE SQoS; PLSA_REFERENCED_DOMAIN_LIST RefDomains = NULL; PLSA_TRANSLATED_NAME XNames = NULL;
try { /*
* Open the policy with POLICY_LOOKUP_NAMES and lookup this * Sid. */
InitializeObjectAttributes(&ObjAttr, NULL, 0L, NULL, NULL);
/*
* init the sqos struct */
SQoS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); SQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; SQoS.ImpersonationLevel = SecurityIdentification; SQoS.EffectiveOnly = TRUE;
ObjAttr.SecurityQualityOfService = &SQoS;
/*
* make the actual call */
Status = LsaOpenPolicy(NULL, &ObjAttr, POLICY_LOOKUP_NAMES, &Policy);
if (!NT_SUCCESS(Status)) { printf("DumpSIDNAMES: can't open Lsa, (0x%lx)\n", Status);
return; }
Status = LsaLookupSids(Policy, 1L, &s, &RefDomains, &XNames);
if (Status == STATUS_NONE_MAPPED) { printf("Unknown\n"); } else if (!NT_SUCCESS(Status)) { printf("DumpSIDNAMES: can't Lookup Sids, (0x%lx)\n", Status); } else { printf("'%wZ' (%s)\n", &(XNames->Name), (XNames->Use == SidTypeUser ? "User" : XNames->Use == SidTypeGroup ? "Group" : XNames->Use == SidTypeDomain ? "Domain" : XNames->Use == SidTypeAlias ? "Alias" : XNames->Use == SidTypeWellKnownGroup ? "WellKnownGroup" : XNames->Use == SidTypeDeletedAccount ? "Deleted" : XNames->Use == SidTypeInvalid ? "Invalid" : XNames->Use == SidTypeUnknown ? "Unknown" : "ERROR!")); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpSIDNAME: invalid pointer (0x%p)\n", s); }
if (RefDomains) { LsaFreeMemory(RefDomains); }
if (XNames) { LsaFreeMemory(XNames); }
LsaClose(Policy);}
VOIDDumpACL( IN ACL *a){ ACE_HEADER *Ace; USHORT i;
try { printf("Acl -> AclRevision = 0x%x\n", a -> AclRevision); printf("Acl -> Sbz1 = 0x%x\n", a -> Sbz1); printf("Acl -> AclSize = 0x%x\n", a -> AclSize); printf("Acl -> AceCount = 0x%x\n", a -> AceCount); printf("Acl -> Sbz2 = 0x%x\n\n", a -> Sbz2);
for (i = 0; i < a -> AceCount; i++) { if (NT_SUCCESS(RtlGetAce(a, i, (PVOID *)&Ace))) { DumpACE(Ace); } else { printf("(Can't RtlGetAce[%d])\n", i); }
printf("\n"); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpACL: invalid pointer (0x%p)\n", a); }}
VOIDDumpACE( IN ACE_HEADER *a){ ACCESS_ALLOWED_ACE *Ace = (ACCESS_ALLOWED_ACE *)a;
try { printf("Ace -> AceType = "); Dump_ACE_TYPE(a -> AceType);
printf("Ace -> AceSize = 0x%x\n", a -> AceSize);
printf("Ace -> AceFlags = "); Dump_ACE_FLAGS(a -> AceFlags);
switch (a -> AceType) { case ACCESS_ALLOWED_ACE_TYPE: case ACCESS_DENIED_ACE_TYPE: case SYSTEM_AUDIT_ACE_TYPE: case SYSTEM_ALARM_ACE_TYPE: printf("Ace -> Mask = 0x%lx\n", Ace -> Mask);
printf("Ace -> Sid = "); DumpSID(&(Ace -> SidStart)); printf("\t"); DumpSIDNAME(&(Ace -> SidStart));
break;
case ACCESS_ALLOWED_OBJECT_ACE_TYPE: case ACCESS_DENIED_OBJECT_ACE_TYPE: case SYSTEM_AUDIT_OBJECT_ACE_TYPE: case SYSTEM_ALARM_OBJECT_ACE_TYPE: {
ACCESS_ALLOWED_OBJECT_ACE *Ace; ULONG_PTR Offset;
Ace = (ACCESS_ALLOWED_OBJECT_ACE *)a;
printf("Ace -> Mask = 0x%lx\n", Ace -> Mask);
if (!Ace -> Flags) { printf("Ace -> Flags = 0\n"); } else { printf("Ace -> Flags = ");
if (Ace -> Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) { printf("ACE_INHERITED_OBJECT_TYPE_PRESENT "); }
if (Ace -> Flags & ACE_OBJECT_TYPE_PRESENT) { printf("ACE_OBJECT_TYPE_PRESENT"); }
printf("\n"); }
Offset = (ULONG_PTR)&(Ace -> ObjectType);
if (Ace -> Flags & ACE_OBJECT_TYPE_PRESENT) { printf("Ace -> ObjectType = "); DumpGUID((GUID *)Offset);
Offset += sizeof (GUID); } if (Ace -> Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) { printf("Ace -> InheritedObjectType = "); DumpGUID((GUID *)Offset);
Offset += sizeof (GUID); }
printf("Ace -> Sid = "); DumpSID((SID *)Offset); printf("\t"); DumpSIDNAME((SID *)Offset);
break; }
default: printf("(Unknown ACE type)\n");
break; } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpACE: invalid pointer (0x%p)\n", a); }}
VOIDDumpSECURITY_DESCRIPTOR_CONTROL( SECURITY_DESCRIPTOR_CONTROL Control){ printf("SecurityDescriptor -> Control = ");
if (!Control) { printf("<no flags set>"); }
if (Control & SE_OWNER_DEFAULTED) { printf("SE_OWNER_DEFAULTED "); } if (Control & SE_GROUP_DEFAULTED) { printf("SE_GROUP_DEFAULTED "); } if (Control & SE_DACL_PRESENT) { printf("SE_DACL_PRESENT "); } if (Control & SE_DACL_DEFAULTED) { printf("SE_DACL_DEFAULTED "); } if (Control & SE_SACL_PRESENT) { printf("SE_SACL_PRESENT "); } if (Control & SE_SACL_DEFAULTED) { printf("SE_SACL_DEFAULTED "); } if (Control & SE_DACL_UNTRUSTED) { printf("SE_DACL_UNTRUSTED "); } if (Control & SE_SERVER_SECURITY) { printf("SE_SERVER_SECURITY "); } if (Control & SE_DACL_AUTO_INHERIT_REQ) { printf("SE_DACL_AUTO_INHERIT_REQ "); } if (Control & SE_SACL_AUTO_INHERIT_REQ) { printf("SE_SACL_AUTO_INHERIT_REQ "); } if (Control & SE_DACL_AUTO_INHERITED) { printf("SE_DACL_AUTO_INHERITED "); } if (Control & SE_SACL_AUTO_INHERITED) { printf("SE_SACL_AUTO_INHERITED "); } if (Control & SE_DACL_PROTECTED) { printf("SE_DACL_PROTECTED "); } if (Control & SE_SACL_PROTECTED) { printf("SE_SACL_PROTECTED "); } if (Control & SE_SELF_RELATIVE) { printf("SE_SELF_RELATIVE"); }
printf("\n");}
VOIDDumpSECURITY_DESCRIPTOR( IN PSECURITY_DESCRIPTOR s){ BOOLEAN Defaulted, Present; PACL Acl; PSID Sid; SECURITY_DESCRIPTOR_CONTROL Control; ULONG Rev;
try { printf("\nSecurityDescriptor -> Length = 0x%lx\n", RtlLengthSecurityDescriptor(s));
RtlGetControlSecurityDescriptor(s, &Control, &Rev);
DumpSECURITY_DESCRIPTOR_CONTROL(Control);
printf("SecurityDescriptor -> Revision = 0x%lx\n", Rev);
RtlGetOwnerSecurityDescriptor(s, &Sid, &Defaulted);
printf("SecurityDescriptor -> Owner = "); if (Sid) { DumpSID(Sid); printf("\t"); DumpSIDNAME(Sid);
} else { printf("<NULL>\n"); }
RtlGetGroupSecurityDescriptor(s, &Sid, &Defaulted);
printf("SecurityDescriptor -> Group = "); if (Sid) { DumpSID(Sid); printf("\t"); DumpSIDNAME(Sid); } else { printf("<NULL>\n"); }
RtlGetDaclSecurityDescriptor(s, &Present, &Acl, &Defaulted); if (Present && Acl) { printf("SecurityDescriptor -> Dacl = \n"); DumpACL(Acl); } else { printf("SecurityDescriptor -> Dacl = <not present>\n"); }
RtlGetSaclSecurityDescriptor(s, &Present, &Acl, &Defaulted); if (Present && Acl) { printf("SecurityDescriptor -> Sacl = \n"); DumpACL(Acl); } else { printf("SecurityDescriptor -> Sacl = <not present>\n"); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpSECURITY_DESCRIPTOR: invalid pointer (0x%p)\n", s); }}
VOIDDumpUNICODE_STRING( IN UNICODE_STRING *s){ ANSI_STRING a;
try { printf("UnicodeString -> Length = 0x%x\n", s -> Length); printf("UnicodeString -> MaximumLength = 0x%x\n", s -> MaximumLength);
RtlUnicodeStringToAnsiString(&a, s, TRUE);
printf("UnicodeString -> Buffer (a la ansi) = \"%s\"\n", a.Buffer);
RtlFreeAnsiString(&a); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpUNICODE_STRING: invalid pointer (0x%p)\n", s); }}
VOIDDump_ACE_TYPE( IN UCHAR t){ switch (t) { case ACCESS_ALLOWED_ACE_TYPE:
printf("ACCESS_ALLOWED_ACE_TYPE\n");
break;
case ACCESS_DENIED_ACE_TYPE:
printf("ACCESS_DENIED_ACE_TYPE\n");
break;
case SYSTEM_AUDIT_ACE_TYPE:
printf("SYSTEM_AUDIT_ACE_TYPE\n");
break;
case SYSTEM_ALARM_ACE_TYPE:
printf("SYSTEM_ALARM_ACE_TYPE\n");
break;
case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
printf("ACCESS_ALLOWED_COMPOUND_ACE_TYPE\n");
break;
case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
printf("ACCESS_ALLOWED_OBJECT_ACE_TYPE\n");
break;
case ACCESS_DENIED_OBJECT_ACE_TYPE:
printf("ACCESS_DENIED_OBJECT_ACE_TYPE\n");
break; case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
printf("SYSTEM_AUDIT_OBJECT_ACE_TYPE\n");
break;
case SYSTEM_ALARM_OBJECT_ACE_TYPE:
printf("SYSTEM_ALARM_OBJECT_ACE_TYPE\n");
break;
default:
printf("(unknown ace type)\n");
break; }}
VOID Dump_ACE_FLAGS( IN UCHAR f){ if (f & INHERIT_ONLY_ACE) { printf("INHERIT_ONLY_ACE "); }
if (f & NO_PROPAGATE_INHERIT_ACE) { printf("NO_PROPAGATE_INHERIT_ACE "); }
if (f & CONTAINER_INHERIT_ACE) { printf("CONTAINER_INHERIT_ACE "); }
if (f & OBJECT_INHERIT_ACE) { printf("OBJECT_INHERIT_ACE "); }
if (f & INHERITED_ACE) { printf("INHERITED_ACE "); }
if (f & SUCCESSFUL_ACCESS_ACE_FLAG) { printf("SUCCESSFUL_ACCESS_ACE_FLAG "); }
if (f & FAILED_ACCESS_ACE_FLAG) { printf("FAILED_ACCESS_ACE_FLAG"); }
printf("\n");}
VOIDDumpSTRING( IN STRING *s){ try { printf("String -> Length = 0x%x\n", s -> Length); printf("String -> MaximumLength = 0x%x\n", s -> MaximumLength); printf("String -> Buffer = \"%s\"\n", s -> Buffer); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpUNICODE_STRING: invalid pointer (0x%p)\n", s); }}
|
