31#define SACL_CMD _T("SACL")
32#define SACL_CMD_LENGTH COMMAND_LENGTH(SACL_CMD)
33#define SACL_CMD_SHORT_DESC SACL_CMD _T(" command is used to view")
_T(" key's SACL.\n")
64#define ERROR_MSG_BUFFER_SIZE 1024
74 const TCHAR *pszParameter;
89 goto CheckSACLArgument;
95 blnBadParameter =
FALSE;
100 blnDo = pszKey !=
NULL;
104 pszKey = pszParameter;
109 blnBadParameter =
TRUE;
113 rConsole.
Write(
_T(
"Bad parameter: "));
114 rConsole.
Write(pszParameter);
209 DWORD dwSecurityDescriptorLength;
215 dwError =
Key.GetSecurityDescriptorLength(&dwSecurityDescriptorLength);
222 pSecurityDescriptor = (
PISECURITY_DESCRIPTOR)
new (std::nothrow)
unsigned char [dwSecurityDescriptorLength];
223 if (!pSecurityDescriptor)
229 DWORD dwSecurityDescriptorLength1;
230 dwSecurityDescriptorLength1 = dwSecurityDescriptorLength;
234 _sntprintf(pszError_msg,
ERROR_MSG_BUFFER_SIZE-1,
_T(
"\nCannot get security descriptor for current key.\nError: %u%s\n"),(
unsigned int)dwError,(dwError == 1314)?
_T(
"(A required privilege is not held by the client.)\n"):
_T(
""));
238 sd.AssociateDescriptor(pSecurityDescriptor);
239 sd.BeginSACLInteration();
241 if ((!
sd.DescriptorContainsSACL())||(
sd.HasNULLSACL()))
247 if (!
sd.HasValidSACL())
254 nACECount =
sd.GetSACLEntriesCount();
255 rConsole.
Write(
_T(
"SACL has "));
258 rConsole.
Write(
_T(
" ACEs.\n"));
261 for (
DWORD i = 0 ;
i < nACECount ;
i++)
264 rConsole.
Write(
_T(
"\tACE Index: "));
267 rConsole.
Write(
_T(
"\tAudit Type: "));
268 BOOL blnFailed, blnSuccessful;
271 rConsole.
Write(
_T(
"Unknown ACE type.\nCannot continue ACE list dump.\n"));
276 rConsole.
Write(
_T(
"Failed access"));
278 if (blnFailed && blnSuccessful)
281 rConsole.
Write(
_T(
"Successful access"));
284 PSID pSID =
sd.GetCurrentACE_SID();
287 rConsole.
Write(
_T(
"\tInvalid SID.\n"));
290 DWORD dwSIDStringSize = 0;
294 TCHAR *pszSID =
new (std::nothrow)
TCHAR[dwSIDStringSize];
309 rConsole.
Write(
_T(
"\nGetting string representation of SID\n"));
314 rConsole.
Write(pszSID);
319 TCHAR *pszName, *pszDomainName;
320 DWORD dwNameBufferLength, dwDomainNameBufferLength;
321 dwNameBufferLength = 1024;
322 dwDomainNameBufferLength = 1024;
324 pszName =
new (std::nothrow)
TCHAR [dwNameBufferLength];
331 pszDomainName =
new (std::nothrow)
TCHAR [dwDomainNameBufferLength];
339 DWORD dwNameLength = dwNameBufferLength, dwDomainNameLength = dwDomainNameBufferLength;
350 rConsole.
Write(
_T(
"\tTrustee Domain: "));
351 rConsole.
Write(pszDomainName);
353 rConsole.
Write(
_T(
"\tTrustee Name: "));
354 rConsole.
Write(pszName);
355 rConsole.
Write(
_T(
"\n\tSID type: "));
360 sd.GetCurrentACE_AccessMask(dwAccessMask);
365 rConsole.
Write(
_T(
"\t\tGENERIC_READ\n"));
369 rConsole.
Write(
_T(
"\t\tGENERIC_WRITE\n"));
373 rConsole.
Write(
_T(
"\t\tGENERIC_EXECUTE\n"));
377 rConsole.
Write(
_T(
"\t\tGENERIC_ALL\n"));
381 rConsole.
Write(
_T(
"\t\tSYNCHRONIZE\n"));
385 rConsole.
Write(
_T(
"\t\tWRITE_OWNER\n"));
389 rConsole.
Write(
_T(
"\t\tWRITE_DAC\n"));
393 rConsole.
Write(
_T(
"\t\tREAD_CONTROL\n"));
395 if (dwAccessMask &
DELETE)
397 rConsole.
Write(
_T(
"\t\tDELETE\n"));
401 rConsole.
Write(
_T(
"\t\tKEY_CREATE_LINK\n"));
405 rConsole.
Write(
_T(
"\t\tKEY_NOTIFY\n"));
409 rConsole.
Write(
_T(
"\t\tKEY_ENUMERATE_SUB_KEYS\n"));
413 rConsole.
Write(
_T(
"\t\tKEY_CREATE_SUB_KEY\n"));
417 rConsole.
Write(
_T(
"\t\tKEY_SET_VALUE\n"));
421 rConsole.
Write(
_T(
"\t\tKEY_QUERY_VALUE\n"));
425 delete[] pszDomainName;
429 ASSERT(pSecurityDescriptor);
430 delete pSecurityDescriptor;
436 if (pSecurityDescriptor)
437 delete pSecurityDescriptor;
442 rConsole.
Write(pszError_msg);
450 _T(
" <KEY> - Optional relative path of desired key.\n")
451 _T(
" /? - This help.\n\n")
452 _T(
"Without parameters, command displays SACL of current key.\n");
#define COMMAND_NA_ON_ROOT
#define ERROR_MSG_BUFFER_SIZE
const TCHAR * GetSidTypeName(SID_NAME_USE Use)
BOOL GetTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen)
#define SACL_CMD_SHORT_DESC
void ResetArgumentIteration()
TCHAR * GetNextArgument()
BOOL Write(const TCHAR *p, DWORD dwChars=0)
BOOL GetKey(const TCHAR *pchRelativePath, REGSAM DesiredAccess, CRegistryKey &rKey)
const TCHAR * GetLastErrorDescription()
virtual const TCHAR * GetHelpString()
CShellCommandSACL(CRegistryTree &rTree)
virtual ~CShellCommandSACL()
virtual int Execute(CConsole &rConsole, CArgumentParser &rArguments)
virtual const TCHAR * GetHelpShortDescriptionString()
virtual BOOL Match(const TCHAR *pchCommand)
#define ERROR_INSUFFICIENT_BUFFER
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI IsValidSid(PSID pSid)
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
#define INVALID_HANDLE_VALUE
#define GetCurrentProcess()
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
_CRTIMP char *__cdecl _itoa(_In_ int _Value, _Pre_notnull_ _Post_z_ char *_Dest, _In_ int _Radix)
enum _SID_NAME_USE SID_NAME_USE
DWORD SECURITY_INFORMATION
#define ACCESS_SYSTEM_SECURITY
#define KEY_CREATE_SUB_KEY
#define KEY_ENUMERATE_SUB_KEYS
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
#define LookupPrivilegeValue
DWORD WINAPI GetLastError(void)
HANDLE WINAPI GetCurrentThread(void)
#define ERROR_NOT_ALL_ASSIGNED
#define TOKEN_ADJUST_PRIVILEGES
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
#define SE_PRIVILEGE_ENABLED
#define SACL_SECURITY_INFORMATION