31 #define SACL_CMD _T("SACL") 32 #define SACL_CMD_LENGTH COMMAND_LENGTH(SACL_CMD) 33 #define SACL_CMD_SHORT_DESC SACL_CMD _T(" command is used to view")_T(" key's SACL.\n") 64 #define ERROR_MSG_BUFFER_SIZE 1024 74 const TCHAR *pszParameter;
89 goto CheckSACLArgument;
95 blnBadParameter =
FALSE;
100 blnDo = pszKey !=
NULL;
104 pszKey = pszParameter;
109 blnBadParameter =
TRUE;
113 rConsole.
Write(
_T(
"Bad parameter: "));
114 rConsole.
Write(pszParameter);
209 DWORD dwSecurityDescriptorLength;
215 dwError =
Key.GetSecurityDescriptorLength(&dwSecurityDescriptorLength);
222 pSecurityDescriptor = (
PISECURITY_DESCRIPTOR)
new (std::nothrow)
unsigned char [dwSecurityDescriptorLength];
223 if (!pSecurityDescriptor)
229 DWORD dwSecurityDescriptorLength1;
230 dwSecurityDescriptorLength1 = dwSecurityDescriptorLength;
234 _sntprintf(pszError_msg,
ERROR_MSG_BUFFER_SIZE-1,
_T(
"\nCannot get security descriptor for current key.\nError: %u%s\n"),(
unsigned int)dwError,(dwError == 1314)?
_T(
"(A required privilege is not held by the client.)\n"):
_T(
""));
238 sd.AssociateDescriptor(pSecurityDescriptor);
239 sd.BeginSACLInteration();
241 if ((!
sd.DescriptorContainsSACL())||(
sd.HasNULLSACL()))
247 if (!
sd.HasValidSACL())
254 nACECount =
sd.GetSACLEntriesCount();
255 rConsole.
Write(
_T(
"SACL has "));
258 rConsole.
Write(
_T(
" ACEs.\n"));
261 for (
DWORD i = 0 ;
i < nACECount ;
i++)
264 rConsole.
Write(
_T(
"\tACE Index: "));
267 rConsole.
Write(
_T(
"\tAudit Type: "));
268 BOOL blnFailed, blnSuccessful;
271 rConsole.
Write(
_T(
"Unknown ACE type.\nCannot continue ACE list dump.\n"));
276 rConsole.
Write(
_T(
"Failed access"));
278 if (blnFailed && blnSuccessful)
281 rConsole.
Write(
_T(
"Successful access"));
284 PSID pSID =
sd.GetCurrentACE_SID();
287 rConsole.
Write(
_T(
"\tInvalid SID.\n"));
290 DWORD dwSIDStringSize = 0;
294 TCHAR *pszSID =
new (std::nothrow)
TCHAR[dwSIDStringSize];
309 rConsole.
Write(
_T(
"\nGetting string representation of SID\n"));
314 rConsole.
Write(pszSID);
319 TCHAR *pszName, *pszDomainName;
320 DWORD dwNameBufferLength, dwDomainNameBufferLength;
321 dwNameBufferLength = 1024;
322 dwDomainNameBufferLength = 1024;
324 pszName =
new (std::nothrow)
TCHAR [dwNameBufferLength];
331 pszDomainName =
new (std::nothrow)
TCHAR [dwDomainNameBufferLength];
339 DWORD dwNameLength = dwNameBufferLength, dwDomainNameLength = dwDomainNameBufferLength;
350 rConsole.
Write(
_T(
"\tTrustee Domain: "));
351 rConsole.
Write(pszDomainName);
353 rConsole.
Write(
_T(
"\tTrustee Name: "));
354 rConsole.
Write(pszName);
355 rConsole.
Write(
_T(
"\n\tSID type: "));
360 sd.GetCurrentACE_AccessMask(dwAccessMask);
365 rConsole.
Write(
_T(
"\t\tGENERIC_READ\n"));
369 rConsole.
Write(
_T(
"\t\tGENERIC_WRITE\n"));
373 rConsole.
Write(
_T(
"\t\tGENERIC_EXECUTE\n"));
377 rConsole.
Write(
_T(
"\t\tGENERIC_ALL\n"));
381 rConsole.
Write(
_T(
"\t\tSYNCHRONIZE\n"));
385 rConsole.
Write(
_T(
"\t\tWRITE_OWNER\n"));
389 rConsole.
Write(
_T(
"\t\tWRITE_DAC\n"));
393 rConsole.
Write(
_T(
"\t\tREAD_CONTROL\n"));
395 if (dwAccessMask &
DELETE)
397 rConsole.
Write(
_T(
"\t\tDELETE\n"));
401 rConsole.
Write(
_T(
"\t\tKEY_CREATE_LINK\n"));
405 rConsole.
Write(
_T(
"\t\tKEY_NOTIFY\n"));
409 rConsole.
Write(
_T(
"\t\tKEY_ENUMERATE_SUB_KEYS\n"));
413 rConsole.
Write(
_T(
"\t\tKEY_CREATE_SUB_KEY\n"));
417 rConsole.
Write(
_T(
"\t\tKEY_SET_VALUE\n"));
421 rConsole.
Write(
_T(
"\t\tKEY_QUERY_VALUE\n"));
425 delete[] pszDomainName;
429 ASSERT(pSecurityDescriptor);
430 delete pSecurityDescriptor;
436 if (pSecurityDescriptor)
437 delete pSecurityDescriptor;
442 rConsole.
Write(pszError_msg);
450 _T(
" <KEY> - Optional relative path of desired key.\n")
451 _T(
" /? - This help.\n\n")
452 _T(
"Without parameters, command displays SACL of current key.\n");
CShellCommandSACL(CRegistryTree &rTree)
virtual BOOL Match(const TCHAR *pchCommand)
enum _SID_NAME_USE SID_NAME_USE
#define ACCESS_SYSTEM_SECURITY
_TCHAR * _tcsncpy(_TCHAR *dst, const _TCHAR *src, size_t n)
#define INVALID_HANDLE_VALUE
DWORD WINAPI GetLastError(VOID)
virtual const TCHAR * GetHelpShortDescriptionString()
#define LookupPrivilegeValue
#define SE_PRIVILEGE_ENABLED
HANDLE WINAPI GetCurrentThread(VOID)
BOOL GetKey(const TCHAR *pchRelativePath, REGSAM DesiredAccess, CRegistryKey &rKey)
DWORD SECURITY_INFORMATION
TCHAR * GetNextArgument()
void ResetArgumentIteration()
virtual const TCHAR * GetHelpString()
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK _In_opt_ PWDF_OBJECT_ATTRIBUTES _Out_ WDFKEY * Key
_CRTIMP char *__cdecl _itoa(_In_ int _Value, _Pre_notnull_ _Post_z_ char *_Dest, _In_ int _Radix)
#define SACL_CMD_SHORT_DESC
#define SACL_SECURITY_INFORMATION
const TCHAR * GetLastErrorDescription()
virtual int Execute(CConsole &rConsole, CArgumentParser &rArguments)
#define GetCurrentProcess()
BOOL GetTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen)
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
#define COMMAND_NA_ON_ROOT
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
BOOL Write(const TCHAR *p, DWORD dwChars=0)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
#define ERROR_NOT_ALL_ASSIGNED
BOOL WINAPI IsValidSid(PSID pSid)
#define ERROR_MSG_BUFFER_SIZE
#define TOKEN_ADJUST_PRIVILEGES
#define KEY_CREATE_SUB_KEY
virtual ~CShellCommandSACL()
const TCHAR * GetSidTypeName(SID_NAME_USE Use)
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
#define KEY_ENUMERATE_SUB_KEYS
#define ERROR_INSUFFICIENT_BUFFER