SecurityDescriptor.cpp

Go to the documentation of this file.

/*
 * regexpl - Console Registry Explorer
 *
 * Copyright (C) 2000-2005 Nedko Arnaudov <nedko@users.sourceforge.net>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */
 
// SecurityDescriptor.cpp: implementation of the CSecurityDescriptor class.
//
 
#include "ph.h"
#include "SecurityDescriptor.h"
 
BOOL GetTextualSid(
    PSID pSid,            // binary Sid
    LPTSTR TextualSid,    // buffer for Textual representation of Sid
    LPDWORD lpdwBufferLen // required/provided TextualSid buffersize
    )
{
    PSID_IDENTIFIER_AUTHORITY psia;
    DWORD dwSubAuthorities;
    DWORD dwSidRev=SID_REVISION;
    DWORD dwCounter;
    DWORD dwSidSize;
 
    // Validate the binary SID.
 
    if(!IsValidSid(pSid)) return FALSE;
 
    // Get the identifier authority value from the SID.
 
    psia = GetSidIdentifierAuthority(pSid);
 
    // Get the number of subauthorities in the SID.
 
    dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
 
    // Compute the buffer length.
    // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
 
    dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
 
    // Check input buffer length.
    // If too small, indicate the proper size and set last error.
 
    if (*lpdwBufferLen < dwSidSize)
    {
        *lpdwBufferLen = dwSidSize;
        SetLastError(ERROR_INSUFFICIENT_BUFFER);
        return FALSE;
    }
 
    // Add 'S' prefix and revision number to the string.
 
    dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
 
    // Add SID identifier authority to the string.
 
    if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
    {
        dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
                    TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
                    (USHORT)psia->Value[0],
                    (USHORT)psia->Value[1],
                    (USHORT)psia->Value[2],
                    (USHORT)psia->Value[3],
                    (USHORT)psia->Value[4],
                    (USHORT)psia->Value[5]);
    }
    else
    {
        dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
                    TEXT("%lu"),
                    (ULONG)(psia->Value[5]      )   +
                    (ULONG)(psia->Value[4] <<  8)   +
                    (ULONG)(psia->Value[3] << 16)   +
                    (ULONG)(psia->Value[2] << 24)   );
    }
 
    // Add SID subauthorities to the string.
    //
    for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
    {
        dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
                    *GetSidSubAuthority(pSid, dwCounter) );
    }
 
    return TRUE;
}
 
const TCHAR * GetSidTypeName(SID_NAME_USE Use)
{
    switch(Use)
    {
    case SidTypeUser:
        return _T("User SID");
    case SidTypeGroup:
        return _T("Group SID");
    case SidTypeDomain:
        return _T("Domain SID");
    case SidTypeAlias:
        return _T("Alias SID");
    case SidTypeWellKnownGroup:
        return _T("SID for a well-known group");
    case SidTypeDeletedAccount:
        return _T("SID for a deleted account");
    case SidTypeInvalid:
        return _T("Invalid SID");
    case SidTypeUnknown:
        return _T("Unknown SID type");
    default:
        return _T("Error. Cannot recognize SID type.");
    }
}
 
// Construction/Destruction
 
CSecurityDescriptor::CSecurityDescriptor()
{
    m_pSecurityDescriptor = NULL;
    m_pCurrentACEHeader = NULL;
}
 
CSecurityDescriptor::~CSecurityDescriptor()
{
}
 
void CSecurityDescriptor::AssociateDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
    m_pSecurityDescriptor = pSecurityDescriptor;
}
 
DWORD CSecurityDescriptor::BeginDACLInteration()
{
    if (!GetSecurityDescriptorDacl(m_pSecurityDescriptor,&m_blnDACLPresent,&m_pDACL,&m_blnDACLDefaulted))
    {
        throw GetLastError();
    }
    return ERROR_SUCCESS;
}
 
BOOL CSecurityDescriptor::DescriptorContainsDACL()
{
    return m_blnDACLPresent;
}
 
DWORD CSecurityDescriptor::BeginSACLInteration()
{
    if (!GetSecurityDescriptorSacl(m_pSecurityDescriptor,&m_blnSACLPresent,&m_pSACL,&m_blnSACLDefaulted))
        throw GetLastError();
    return ERROR_SUCCESS;
}
 
BOOL CSecurityDescriptor::DescriptorContainsSACL()
{
    return m_blnSACLPresent;
}
 
BOOL CSecurityDescriptor::HasNULLDACL()
{
    ASSERT(m_blnDACLPresent);
    return (m_pDACL == NULL);
}
 
BOOL CSecurityDescriptor::HasValidDACL()
{
    ASSERT(m_blnDACLPresent);
    ASSERT(m_pDACL != NULL);
    return IsValidAcl(m_pDACL);
}
 
BOOL CSecurityDescriptor::HasNULLSACL()
{
    ASSERT(m_blnSACLPresent);
    return (m_pSACL == NULL);
}
 
BOOL CSecurityDescriptor::HasValidSACL()
{
    ASSERT(m_blnSACLPresent);
    ASSERT(m_pSACL != NULL);
    return IsValidAcl(m_pSACL);
}
 
DWORD CSecurityDescriptor::GetDACLEntriesCount()
{
    ACL_SIZE_INFORMATION SizeInfo;
    if (!GetAclInformation(m_pDACL,&SizeInfo,sizeof(SizeInfo),AclSizeInformation))
        throw GetLastError();
    return SizeInfo.AceCount;
}
 
DWORD CSecurityDescriptor::GetSACLEntriesCount()
{
    ACL_SIZE_INFORMATION SizeInfo;
    if (!GetAclInformation(m_pSACL,&SizeInfo,sizeof(SizeInfo),AclSizeInformation))
        throw GetLastError();
    return SizeInfo.AceCount;
}
 
CSecurityDescriptor::ACEntryType CSecurityDescriptor::GetDACLEntry(DWORD nIndex)
{
    void *pACE;
    if (!GetAce(m_pDACL,nIndex,&pACE)) throw GetLastError();
    m_pCurrentACEHeader = (PACE_HEADER)pACE;
    if (m_pCurrentACEHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
    {
        return AccessAlowed;
    }
    if (m_pCurrentACEHeader->AceType == ACCESS_DENIED_ACE_TYPE)
    {
        return AccessDenied;
    }
    return Unknown;
}
 
CSecurityDescriptor::ACEntryType CSecurityDescriptor::GetSACLEntry(DWORD nIndex, BOOL& blnFailedAccess, BOOL& blnSeccessfulAccess)
{
    void *pACE;
    if (!GetAce(m_pSACL,nIndex,&pACE)) throw GetLastError();
    m_pCurrentACEHeader = (PACE_HEADER)pACE;
    if (m_pCurrentACEHeader->AceType == SYSTEM_AUDIT_ACE_TYPE)
    {
        blnFailedAccess = m_pCurrentACEHeader->AceFlags & FAILED_ACCESS_ACE_FLAG;
        blnSeccessfulAccess = m_pCurrentACEHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG;
        return SystemAudit;
    }
    return Unknown;
}
 
PSID CSecurityDescriptor::GetCurrentACE_SID()
{
    ASSERT(m_pCurrentACEHeader != NULL);
    switch(m_pCurrentACEHeader->AceType)
    {
    case ACCESS_ALLOWED_ACE_TYPE:
        return ((PSID)&(((ACCESS_ALLOWED_ACE *)m_pCurrentACEHeader)->SidStart));
    case ACCESS_DENIED_ACE_TYPE:
        return ((PSID)&(((ACCESS_DENIED_ACE *)m_pCurrentACEHeader)->SidStart));
    case SYSTEM_AUDIT_ACE_TYPE:
        return ((PSID)&(((SYSTEM_AUDIT_ACE *)m_pCurrentACEHeader)->SidStart));
    default:
        ASSERT(FALSE);  // Do not call this function for unknown ACE types !!!
        return NULL;
    }
}
 
void CSecurityDescriptor::GetCurrentACE_AccessMask(DWORD& dwMask)
{
    ASSERT(m_pCurrentACEHeader != NULL);
    switch(m_pCurrentACEHeader->AceType)
    {
    case ACCESS_ALLOWED_ACE_TYPE:
        dwMask = (((ACCESS_ALLOWED_ACE *)m_pCurrentACEHeader)->Mask);
        return;
    case ACCESS_DENIED_ACE_TYPE:
        dwMask = (((ACCESS_DENIED_ACE *)m_pCurrentACEHeader)->Mask);
        return;
    case SYSTEM_AUDIT_ACE_TYPE:
        dwMask = (((SYSTEM_AUDIT_ACE *)m_pCurrentACEHeader)->Mask);
        return;
    default:
        ASSERT(FALSE);  // Do not call this function for unknown ACE types !!!
        return;
    }
}
 
void CSecurityDescriptor::GetCurrentACE_Flags(BYTE& bFlags)
{
    ASSERT(m_pCurrentACEHeader != NULL);
  bFlags = m_pCurrentACEHeader->AceFlags;
}