63{
64#define ERROR_MSG_BUFFER_SIZE 1024
67
69
74 const TCHAR *pszParameter;
80
83 {
85 }
87 {
89 goto CheckSACLArgument;
90 }
91
93 {
94CheckSACLArgument:
95 blnBadParameter =
FALSE;
98 {
100 blnDo = pszKey !=
NULL;
101 }
102 else if (!pszKey)
103 {
104 pszKey = pszParameter;
106 }
107 else
108 {
109 blnBadParameter =
TRUE;
110 }
111 if (blnBadParameter)
112 {
113 rConsole.
Write(
_T(
"Bad parameter: "));
114 rConsole.
Write(pszParameter);
116 }
117 }
118
120
122
123
125 {
128 {
131 }
132
133
134
136 {
139 }
140 }
141
143
144
152 {
155 }
156
159 hThreadToken,
161 &priv,
166 if (!blnAdjRet)
167 {
170 }
171
173 {
175 {
177 }
178 else
179 {
181 }
182
184 }
185
187 {
190 }
191
192 if (blnHelp)
193 {
195 }
196
197 if (blnDo&&blnHelp)
199
200 if (!blnDo)
201 return 0;
202
204 {
207 }
208
209 DWORD dwSecurityDescriptorLength;
212
215 dwError =
Key.GetSecurityDescriptorLength(&dwSecurityDescriptorLength);
217 {
220 }
221
222 pSecurityDescriptor = (
PISECURITY_DESCRIPTOR)
new (std::nothrow)
unsigned char [dwSecurityDescriptorLength];
223 if (!pSecurityDescriptor)
224 {
227 }
228
229 DWORD dwSecurityDescriptorLength1;
230 dwSecurityDescriptorLength1 = dwSecurityDescriptorLength;
233 {
234 _sntprintf(pszError_msg,
ERROR_MSG_BUFFER_SIZE-1,
_T(
"\nCannot get security descriptor for current key.\nError: %u%s\n"),(
unsigned int)dwError,(dwError == 1314)?
_T(
"(A required privilege is not held by the client.)\n"):
_T(
""));
236 }
237
238 sd.AssociateDescriptor(pSecurityDescriptor);
239 sd.BeginSACLInteration();
240
241 if ((!
sd.DescriptorContainsSACL())||(
sd.HasNULLSACL()))
242 {
245 }
246
247 if (!
sd.HasValidSACL())
248 {
251 }
252
254 nACECount =
sd.GetSACLEntriesCount();
255 rConsole.
Write(
_T(
"SACL has "));
258 rConsole.
Write(
_T(
" ACEs.\n"));
261 for (
DWORD i = 0 ;
i < nACECount ;
i++)
262 {
264 rConsole.
Write(
_T(
"\tACE Index: "));
267 rConsole.
Write(
_T(
"\tAudit Type: "));
268 BOOL blnFailed, blnSuccessful;
270 {
271 rConsole.
Write(
_T(
"Unknown ACE type.\nCannot continue ACE list dump.\n"));
272 goto AbortDumpSACL;
273 }
274
275 if (blnFailed)
276 rConsole.
Write(
_T(
"Failed access"));
277
278 if (blnFailed && blnSuccessful)
280 if (blnSuccessful)
281 rConsole.
Write(
_T(
"Successful access"));
283
284 PSID pSID =
sd.GetCurrentACE_SID();
286 {
287 rConsole.
Write(
_T(
"\tInvalid SID.\n"));
288 }
289
290 DWORD dwSIDStringSize = 0;
294 TCHAR *pszSID =
new (std::nothrow)
TCHAR[dwSIDStringSize];
295
296 if (!pszSID)
297 {
300 }
301
303 {
309 rConsole.
Write(
_T(
"\nGetting string representation of SID\n"));
310 }
311 else
312 {
314 rConsole.
Write(pszSID);
316 }
317 delete[] pszSID;
318
319 TCHAR *pszName, *pszDomainName;
320 DWORD dwNameBufferLength, dwDomainNameBufferLength;
321 dwNameBufferLength = 1024;
322 dwDomainNameBufferLength = 1024;
323
324 pszName =
new (std::nothrow)
TCHAR [dwNameBufferLength];
325 if (!pszName)
326 {
329 }
330
331 pszDomainName =
new (std::nothrow)
TCHAR [dwDomainNameBufferLength];
332 if (!pszDomainName)
333 {
335 delete[] pszName;
337 }
338
339 DWORD dwNameLength = dwNameBufferLength, dwDomainNameLength = dwDomainNameBufferLength;
342 {
347 }
348 else
349 {
350 rConsole.
Write(
_T(
"\tTrustee Domain: "));
351 rConsole.
Write(pszDomainName);
353 rConsole.
Write(
_T(
"\tTrustee Name: "));
354 rConsole.
Write(pszName);
355 rConsole.
Write(
_T(
"\n\tSID type: "));
358 }
360 sd.GetCurrentACE_AccessMask(dwAccessMask);
364 {
365 rConsole.
Write(
_T(
"\t\tGENERIC_READ\n"));
366 }
368 {
369 rConsole.
Write(
_T(
"\t\tGENERIC_WRITE\n"));
370 }
372 {
373 rConsole.
Write(
_T(
"\t\tGENERIC_EXECUTE\n"));
374 }
376 {
377 rConsole.
Write(
_T(
"\t\tGENERIC_ALL\n"));
378 }
380 {
381 rConsole.
Write(
_T(
"\t\tSYNCHRONIZE\n"));
382 }
384 {
385 rConsole.
Write(
_T(
"\t\tWRITE_OWNER\n"));
386 }
388 {
389 rConsole.
Write(
_T(
"\t\tWRITE_DAC\n"));
390 }
392 {
393 rConsole.
Write(
_T(
"\t\tREAD_CONTROL\n"));
394 }
395 if (dwAccessMask &
DELETE)
396 {
397 rConsole.
Write(
_T(
"\t\tDELETE\n"));
398 }
400 {
401 rConsole.
Write(
_T(
"\t\tKEY_CREATE_LINK\n"));
402 }
404 {
405 rConsole.
Write(
_T(
"\t\tKEY_NOTIFY\n"));
406 }
408 {
409 rConsole.
Write(
_T(
"\t\tKEY_ENUMERATE_SUB_KEYS\n"));
410 }
412 {
413 rConsole.
Write(
_T(
"\t\tKEY_CREATE_SUB_KEY\n"));
414 }
416 {
417 rConsole.
Write(
_T(
"\t\tKEY_SET_VALUE\n"));
418 }
420 {
421 rConsole.
Write(
_T(
"\t\tKEY_QUERY_VALUE\n"));
422 }
423
424 delete[] pszName;
425 delete[] pszDomainName;
426 }
427
428AbortDumpSACL:
429 ASSERT(pSecurityDescriptor);
430 delete pSecurityDescriptor;
431
433
434 return 0;
436 if (pSecurityDescriptor)
437 delete pSecurityDescriptor;
438
441
442 rConsole.
Write(pszError_msg);
443 return 0;
444}
#define COMMAND_NA_ON_ROOT
#define ERROR_MSG_BUFFER_SIZE
const TCHAR * GetSidTypeName(SID_NAME_USE Use)
BOOL GetTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen)
void ResetArgumentIteration()
TCHAR * GetNextArgument()
BOOL Write(const TCHAR *p, DWORD dwChars=0)
BOOL GetKey(const TCHAR *pchRelativePath, REGSAM DesiredAccess, CRegistryKey &rKey)
const TCHAR * GetLastErrorDescription()
virtual const TCHAR * GetHelpString()
#define ERROR_INSUFFICIENT_BUFFER
BOOL WINAPI AdjustTokenPrivileges(HANDLE TokenHandle, BOOL DisableAllPrivileges, PTOKEN_PRIVILEGES NewState, DWORD BufferLength, PTOKEN_PRIVILEGES PreviousState, PDWORD ReturnLength)
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
BOOL WINAPI IsValidSid(PSID pSid)
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
#define INVALID_HANDLE_VALUE
#define GetCurrentProcess()
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
enum _SID_NAME_USE SID_NAME_USE
DWORD SECURITY_INFORMATION
#define ACCESS_SYSTEM_SECURITY
#define KEY_CREATE_SUB_KEY
#define KEY_ENUMERATE_SUB_KEYS
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
#define LookupPrivilegeValue
DWORD WINAPI GetLastError(void)
HANDLE WINAPI GetCurrentThread(void)
#define ERROR_NOT_ALL_ASSIGNED
#define TOKEN_ADJUST_PRIVILEGES
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
#define SE_PRIVILEGE_ENABLED
#define SACL_SECURITY_INFORMATION