archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/query/apps/dumpsec/main.cxx

486 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1998.
  5. //
  6. // File: Main.cxx
  7. //
  8. // Contents: Main file for CI security dump utility
  9. //
  10. // History: 29-Jul-1998 KyleP Created
  11. //
  12. //----------------------------------------------------------------------------
  14. #include <stdio.h>
  15. #include <windows.h>
  16. #include <aclapi.h>
  18. typedef ULONG SDID;
  20. //
  21. // Copied from SecCache.hxx (NtCiUtil directory)
  22. //
  24. const USHORT SECSTORE_REC_SIZE = 64;
  25. const ULONG SECSTORE_HASH_SIZE = 199;
  27. struct SSdHeaderRecord
  28. {
  29. ULONG cbSD; // size in bytes of the security descriptor
  30. ULONG ulHash; // the hash of the security descriptor
  31. SDID iHashChain; // index to previous entry for hash bucket
  32. };
  34. //
  35. // Used for mapping bitmasks to text.
  36. //
  38. struct SPermDisplay
  39. {
  40. DWORD Perm;
  41. char * Display;
  42. };
  44. //
  45. // Local constants and function prototypes
  46. //
  48. unsigned const SixtyFourK = 1024 * 64;
  50. void DisplayTrustee( TRUSTEE const & Trustee );
  51. void DisplayACE( char const * pszPreface, unsigned cACE, EXPLICIT_ACCESS * pACE );
  52. void DisplayMode( DWORD mode );
  53. void DisplayInheritance( DWORD Inherit );
  54. void DisplayPerms( DWORD grfAccess );
  55. void Display( DWORD grfAccess, SPermDisplay aPerm[], unsigned cPerm, unsigned cDisplay = 0 );
  56. void Usage();
  58. //+---------------------------------------------------------------------------
  59. //
  60. // Function: wmain, public
  61. //
  62. // Synopsis: Program entry point. Iterates and displays SDID mapping.
  63. //
  64. // Arguments: [argc] -- Argument count
  65. // [argv] -- Program arguments
  66. //
  67. // History: 29-Jul-1998 KyleP Created
  68. //
  69. //----------------------------------------------------------------------------
  71. extern "C" int __cdecl wmain( int argc, WCHAR * argv[] )
  72. {
  73. if ( argc != 2 )
  74. {
  75. Usage();
  76. return 1;
  77. }
  79. //
  80. // Open handle
  81. //
  83. WCHAR wszSecFile[MAX_PATH];
  84. wcscpy( wszSecFile, argv[1] );
  85. wcscat( wszSecFile, L"\\CiST0000.001" );
  87. HANDLE h = CreateFile( wszSecFile,
  88. GENERIC_READ,
  89. FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
  90. 0,
  91. OPEN_EXISTING,
  92. 0,
  93. 0 );
  95. if ( INVALID_HANDLE_VALUE == h )
  96. {
  97. printf( "Can't open file %ws. Error %u\n", wszSecFile, GetLastError() );
  98. return GetLastError();
  99. }
  101. //
  102. // Read until done.
  103. //
  105. BYTE abTemp[SixtyFourK];
  106. DWORD cbRead;
  107. int i = 0;
  109. SSdHeaderRecord Header;
  111. while ( ReadFile( h,
  112. &Header,
  113. sizeof(Header),
  114. &cbRead,
  115. 0 ) )
  116. {
  117. if ( 0 == Header.cbSD )
  118. break;
  120. i++;
  121. printf( "SDID %u / 0x%x (cbSD = %u bytes)\n", i, i, Header.cbSD );
  123. //
  124. // Read rest of first record.
  125. //
  127. if ( !ReadFile( h,
  128. abTemp,
  129. SECSTORE_REC_SIZE - sizeof(Header) + 4,
  130. &cbRead,
  131. 0 ) )
  132. {
  133. printf( "Error %u reading file\n", GetLastError() );
  134. return 1;
  135. }
  137. //
  138. // Read additional records, which together create one security descriptor
  139. //
  141. if ( Header.cbSD > (SECSTORE_REC_SIZE - sizeof(Header)) )
  142. {
  143. unsigned iCurrent = SECSTORE_REC_SIZE - sizeof(Header);
  145. for ( unsigned cLeft = (Header.cbSD - SECSTORE_REC_SIZE + sizeof(Header) - 1) / SECSTORE_REC_SIZE + 1;
  146. cLeft > 0;
  147. cLeft-- )
  148. {
  149. if ( !ReadFile( h,
  150. abTemp + iCurrent,
  151. SECSTORE_REC_SIZE + 4,
  152. &cbRead,
  153. 0 ) )
  154. {
  155. printf( "Error %u reading file\n", GetLastError() );
  156. return 1;
  157. }
  159. i++;
  160. iCurrent += SECSTORE_REC_SIZE;
  161. }
  162. }
  164. SECURITY_DESCRIPTOR * pSD = (SECURITY_DESCRIPTOR *)abTemp;
  166. //
  167. // Create a human-readable descriptor
  168. //
  170. TRUSTEE * pOwner;
  171. TRUSTEE * pGroup;
  172. DWORD cACE;
  173. EXPLICIT_ACCESS * pACE;
  175. DWORD dwError = LookupSecurityDescriptorParts( &pOwner,
  176. &pGroup,
  177. &cACE,
  178. &pACE,
  179. 0,
  180. 0,
  181. pSD );
  183. //
  184. // And display it.
  185. //
  187. if ( ERROR_SUCCESS == dwError )
  188. {
  189. if ( 0 != pOwner )
  190. {
  191. printf( "Owner: " );
  192. DisplayTrustee( *pOwner );
  193. LocalFree( pOwner );
  194. }
  196. if ( 0 != pGroup )
  197. {
  198. printf( "Group: " );
  199. DisplayTrustee( *pGroup );
  200. LocalFree( pGroup );
  201. }
  203. if ( cACE > 0 )
  204. {
  205. printf( "Access: " );
  206. DisplayACE( " ", cACE, pACE );
  207. LocalFree( pACE );
  208. }
  209. }
  210. else
  211. printf( "LookupSecurityDescriptorParts returned %u\n", dwError );
  213. printf( "\n\n" );
  214. }
  216. CloseHandle( h );
  218. return 0;
  219. }
  221. //+---------------------------------------------------------------------------
  222. //
  223. // Function: DisplayTrustee
  224. //
  225. // Synopsis: Prints out trustee (user, group, etc.)
  226. //
  227. // Arguments: [Trustee] -- Trustee description
  228. //
  229. // History: 29-Jul-1998 KyleP Created
  230. //
  231. //----------------------------------------------------------------------------
  233. char * aszTrusteeType[] = { "Unknown", // TRUSTEE_IS_UNKNOWN
  234. "User", // TRUSTEE_IS_USER,
  235. "Group", // TRUSTEE_IS_GROUP,
  236. "Domain", // TRUSTEE_IS_DOMAIN,
  237. "Alias", // TRUSTEE_IS_ALIAS,
  238. "Group", // TRUSTEE_IS_WELL_KNOWN_GROUP,
  239. "Deleted", // TRUSTEE_IS_DELETED,
  240. "Invalid" }; // TRUSTEE_IS_INVALID
  242. void DisplayTrustee( TRUSTEE const & Trustee )
  243. {
  244. if ( TRUSTEE_IS_NAME == Trustee.TrusteeForm )
  245. {
  246. printf( "%ws (%s)", Trustee.ptstrName, aszTrusteeType[Trustee.TrusteeType] );
  247. }
  248. else if ( TRUSTEE_IS_SID == Trustee.TrusteeForm )
  249. {
  250. }
  251. else
  252. printf( "Invalid Trustee form\n" );
  253. }
  255. //+---------------------------------------------------------------------------
  256. //
  257. // Function: DisplayACE
  258. //
  259. // Synopsis: Prints out Access Control Entry(ies)
  260. //
  261. // Arguments: [pszPreface] -- String to append at beginning of each line.
  262. // [cACE] -- Count of entries
  263. // [pACE] -- Array of entries
  264. //
  265. // History: 29-Jul-1998 KyleP Created
  266. //
  267. //----------------------------------------------------------------------------
  269. void DisplayACE( char const * pszPreface, unsigned cACE, EXPLICIT_ACCESS * pACE )
  270. {
  271. for ( unsigned i = 0; i < cACE; i++ )
  272. {
  273. if ( 0 != i )
  274. printf( "%s", pszPreface );
  276. DisplayTrustee( pACE[i].Trustee );
  278. printf( " : " );
  280. DisplayMode( pACE[i].grfAccessMode );
  282. printf( " /" );
  284. DisplayInheritance( pACE[i].grfInheritance );
  286. printf( " /" );
  288. DisplayPerms( pACE[i].grfAccessPermissions );
  290. printf( "\n" );
  291. }
  292. //ACCESS_MODE grfAccessMode; DWORD grfInheritance;
  293. }
  295. //+---------------------------------------------------------------------------
  296. //
  297. // Function: DisplayMode, private
  298. //
  299. // Synopsis: Prints out access mode (Set or Deny access)
  300. //
  301. // Arguments: [mode] -- Access mode
  302. //
  303. // History: 29-Jul-1998 KyleP Created
  304. //
  305. //----------------------------------------------------------------------------
  307. char * aszAccessDisplay[] = { "NOT_USED",
  308. "GRANT_ACCESS",
  309. "SET_ACCESS",
  310. "DENY_ACCESS",
  311. "REVOKE_ACCESS",
  312. "SET_AUDIT_SUCCESS",
  313. "SET_AUDIT_FAILURE" };
  315. void DisplayMode( DWORD mode )
  316. {
  317. printf( "%s", aszAccessDisplay[mode] );
  318. }
  320. //+---------------------------------------------------------------------------
  321. //
  322. // Function: DisplayInheritance, private
  323. //
  324. // Synopsis: Prints out inheritance, both up (to parent) and down (to children)
  325. //
  326. // Arguments: [Inherit] -- Inheritance bitmask
  327. //
  328. // History: 29-Jul-1998 KyleP Created
  329. //
  330. //----------------------------------------------------------------------------
  332. SPermDisplay aInheritDisplay[] = {
  333. //{ INHERITED_ACCESS_ENTRY, "(inherited)" },
  334. { INHERITED_PARENT, "(inherited from parent)" },
  335. { INHERITED_GRANDPARENT, "(inherited from grandparent)" },
  336. { SUB_OBJECTS_ONLY_INHERIT, "SUB_OBJECTS_ONLY" },
  337. { SUB_CONTAINERS_ONLY_INHERIT, "SUB_CONTAINERS_ONLY" },
  338. { SUB_CONTAINERS_AND_OBJECTS_INHERIT, "SUB_CONTAINERS_AND_OBJECTS" },
  339. { INHERIT_NO_PROPAGATE, "INHERIT_NO_PROPAGATE" },
  340. { INHERIT_ONLY, "INHERIT_ONLY" } };
  342. void DisplayInheritance( DWORD Inherit )
  343. {
  344. if ( NO_INHERITANCE == Inherit )
  345. printf( "\n\t\t(not inherited)" );
  346. else
  347. Display( Inherit, aInheritDisplay, sizeof(aInheritDisplay)/sizeof(aInheritDisplay[0]) );
  348. }
  350. //+---------------------------------------------------------------------------
  351. //
  352. // Function: DisplayPerms
  353. //
  354. // Synopsis: Displays file permissions
  355. //
  356. // Arguments: [grfAccess] -- Access permission bitmask
  357. //
  358. // History: 29-Jul-1998 KyleP Created
  359. //
  360. //----------------------------------------------------------------------------
  362. SPermDisplay aPermDisplay[] = {
  363. { FILE_READ_DATA, "READ_DATA" },
  364. { FILE_WRITE_DATA, "WRITE_DATA" },
  365. { FILE_ADD_FILE, "ADD_FILE" },
  366. { FILE_APPEND_DATA, "APPEND_DATA" },
  367. { FILE_ADD_SUBDIRECTORY, "ADD_SUBDIRECTORY" },
  368. { FILE_CREATE_PIPE_INSTANCE, "CREATE_PIPE_INSTANCE" },
  369. { FILE_READ_EA, "READ_EA" },
  370. { FILE_WRITE_EA, "WRITE_EA" },
  371. { FILE_EXECUTE, "EXECUTE" },
  372. { FILE_TRAVERSE, "TRAVERSE" },
  373. { FILE_DELETE_CHILD, "DELETE_CHILD" },
  374. { FILE_READ_ATTRIBUTES, "READ_ATTRIBUTES" },
  375. { FILE_WRITE_ATTRIBUTES, "WRITE_ATTRIBUTES" },
  376. { DELETE, "DELETE" },
  377. { READ_CONTROL, "READ_CONTROL" },
  378. { WRITE_DAC, "WRITE_DAC" },
  379. { WRITE_OWNER, "WRITE_OWNER" },
  380. { SYNCHRONIZE, "SYNCHRONIZE" },
  381. { GENERIC_READ, "GENERIC_READ" },
  382. { GENERIC_WRITE, "GENERIC_WRITE" },
  383. { GENERIC_EXECUTE, "GENERIC_EXECUTE" } };
  386. void DisplayPerms( DWORD grfAccess )
  387. {
  388. BOOL cDisplay = 0;
  389. DWORD grfRemove = 0;
  391. printf( "\n\t\t" );
  393. //
  394. // First, get rid of the basics...
  395. //
  397. if ( (grfAccess & FILE_GENERIC_READ) == FILE_GENERIC_READ )
  398. {
  399. printf( "GENERIC_READ" );
  400. grfRemove = FILE_GENERIC_READ;
  401. cDisplay++;
  402. }
  404. if ( (grfAccess & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE )
  405. {
  406. if ( 0 != cDisplay )
  407. printf( " | " );
  409. printf( "GENERIC_WRITE" );
  410. grfRemove = grfRemove | FILE_GENERIC_WRITE;
  411. cDisplay++;
  412. }
  414. if ( (grfAccess & FILE_GENERIC_EXECUTE) == FILE_GENERIC_EXECUTE )
  415. {
  416. if ( 0 != cDisplay )
  417. printf( " | " );
  419. if ( 0 == (cDisplay % 2) )
  420. printf( " \n\t\t" );
  422. printf( "GENERIC_EXECUTE" );
  423. grfRemove = grfRemove | FILE_GENERIC_EXECUTE;
  424. cDisplay++;
  425. }
  427. //
  428. // Now, individual permissions.
  429. //
  431. DWORD grfRemainder = grfAccess & ~grfRemove;
  433. Display( grfRemainder, aPermDisplay, sizeof(aPermDisplay)/sizeof(aPermDisplay[0]), cDisplay );
  435. printf( " (0x%x)", grfAccess );
  436. }
  438. //+---------------------------------------------------------------------------
  439. //
  440. // Function: Display, private
  441. //
  442. // Synopsis: Print bit masks
  443. //
  444. // Arguments: [grfAccess] -- Bit mask
  445. // [aPerm] -- Description of bits
  446. // [cPerm] -- Count of entries in [aPerm]
  447. // [cDisplay] -- Number of entries already displayed on
  448. // current line by caller.
  449. //
  450. // History: 29-Jul-1998 KyleP Created
  451. //
  452. //----------------------------------------------------------------------------
  454. void Display( DWORD grfAccess, SPermDisplay aPerm[], unsigned cPerm, unsigned cDisplay )
  455. {
  456. for ( unsigned i = 0; i < cPerm ; i++ )
  457. {
  458. if ( grfAccess & aPerm[i].Perm )
  459. {
  460. if ( 0 != cDisplay )
  461. printf( " | " );
  463. if ( 0 == (cDisplay % 2) )
  464. printf( " \n\t\t" );
  466. printf( "%s", aPerm[i].Display );
  468. cDisplay++;
  469. }
  470. }
  471. }
  473. //+---------------------------------------------------------------------------
  474. //
  475. // Function: Usage
  476. //
  477. // Synopsis: Displays program usage
  478. //
  479. // History: 29-Jul-1998 KyleP Created
  480. //
  481. //----------------------------------------------------------------------------
  483. void Usage()
  484. {
  485. printf( "Usage: DumpSec <Path to catalog>\n" );
  486. }