31 static const PCSTR AceTypes[] =
57 return "UNKNOWN TYPE";
69#define ACE_FLAG_PRINT(x) \
110 DbgPrint(
"SepDumpAces(): Failed to find the next ACE, stop dumping info...\n");
114 DbgPrint(
"================== %lu# ACE DUMP INFO ==================\n",
AceIndex);
118 DbgPrint(
"Ace->AccessMask -> 0x%08lx\n",
Ace->AccessMask);
123 DbgPrint(
"Ace SID -> %wZ\n", &SidString);
126 DbgPrint(
"Ace->Header.AceSize -> %u\n",
Ace->Header.AceSize);
127 DbgPrint(
"Ace->Header.AceFlags:\n");
143 DbgPrint(
"================== %s DUMP INFO ==================\n", IsSacl ?
"SACL" :
"DACL");
144 DbgPrint(
"Acl->AclRevision -> %u\n", Acl->AclRevision);
145 DbgPrint(
"Acl->AclSize -> %u\n", Acl->AclSize);
146 DbgPrint(
"Acl->AceCount -> %u\n", Acl->AceCount);
161#define SD_CONTROL_PRINT(x) \
183#undef SD_CONTROL_PRINT
200 for (SidIndex = 0; SidIndex < SidCount; SidIndex++)
203 DbgPrint(
"%lu# %wZ\n", SidIndex, &SidString);
219 PSID OwnerSid, GroupSid;
234 DbgPrint(
"================== SECURITY DESCRIPTOR DUMP INFO ==================\n");
237 DbgPrint(
"SecurityDescriptor->Control:\n");
244 DbgPrint(
"SD Owner SID -> %wZ\n", &SidString);
252 DbgPrint(
"SD Group SID -> %wZ\n", &SidString);
286 DbgPrint(
"================== ACCESS TOKEN DUMP INFO ==================\n");
288 DbgPrint(
"Token->ImageFileName -> %s\n",
Token->ImageFileName);
289 DbgPrint(
"Token->TokenSource.SourceName -> \"%-.*s\"\n",
291 Token->TokenSource.SourceName);
292 DbgPrint(
"Token->TokenSource.SourceIdentifier -> %lu.%lu\n",
293 Token->TokenSource.SourceIdentifier.HighPart,
294 Token->TokenSource.SourceIdentifier.LowPart);
297 DbgPrint(
"Token primary group SID -> %wZ\n", &SidString);
300 DbgPrint(
"Token user and groups SIDs:\n");
305 DbgPrint(
"Token restricted SIDs:\n");
324 DbgPrint(
"================== ACCESS CHECK RIGHTS STATISTICS ==================\n");
325 DbgPrint(
"Remaining access rights -> 0x%08lx\n", AccessRights->RemainingAccessRights);
326 DbgPrint(
"Granted access rights -> 0x%08lx\n", AccessRights->GrantedAccessRights);
327 DbgPrint(
"Denied access rights -> 0x%08lx\n", AccessRights->DeniedAccessRights);
#define NT_SUCCESS(StatCode)
static const ACEFLAG AceFlags[]
static const ACEFLAG AceType[]
WORD SECURITY_DESCRIPTOR_CONTROL
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
NTSYSAPI NTSTATUS NTAPI RtlGetAce(PACL Acl, ULONG AceIndex, PVOID *Ace)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING UnicodeString)
NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString(OUT PUNICODE_STRING DestinationString, IN PVOID Sid, IN BOOLEAN AllocateDestinationString)
FORCEINLINE PSID SepGetOwnerFromDescriptor(_Inout_ PVOID _Descriptor)
FORCEINLINE PACL SepGetSaclFromDescriptor(_Inout_ PVOID _Descriptor)
FORCEINLINE PSID SepGetGroupFromDescriptor(_Inout_ PVOID _Descriptor)
FORCEINLINE PACL SepGetDaclFromDescriptor(_Inout_ PVOID _Descriptor)
PSID NTAPI SepGetSidFromAce(_In_ UCHAR AceType, _In_ PACE Ace)
Captures a security identifier from a given access control entry. This identifier is valid for the wh...
#define SD_CONTROL_PRINT(x)
static VOID SepDumpAclInfo(_In_ PACL Acl, _In_ BOOLEAN IsSacl)
Dumps debug info of an Access Control List (ACL).
#define ACE_FLAG_PRINT(x)
static VOID SepDumpSdControlInfo(_In_ SECURITY_DESCRIPTOR_CONTROL SdControl)
Dumps control flags of a security descriptor to the debugger.
VOID SepDumpTokenDebugInfo(_In_opt_ PTOKEN Token)
Dumps debug information of an access token to the debugger.
static VOID SepDumpAces(_In_ PACL Acl)
Iterates and dumps each ACE debug info in an ACL.
static VOID SepDumpSidsOfToken(_In_ PSID_AND_ATTRIBUTES Sids, _In_ ULONG SidCount)
Dumps each security identifier (SID) of an access token to debugger.
static PCSTR SepGetAceTypeString(_In_ UCHAR AceType)
Converts an Access Control Entry (ACE) type to a string.
VOID SepDumpSdDebugInfo(_In_opt_ PISECURITY_DESCRIPTOR SecurityDescriptor)
Dumps debug information of a security descriptor to the debugger.
VOID SepDumpAccessRightsStats(_In_opt_ PACCESS_CHECK_RIGHTS AccessRights)
Dumps security access rights to the debugger.
static VOID SepDumpAceFlags(_In_ UCHAR AceFlags)
Dumps the ACE flags to the debugger output.
BOOLEAN NTAPI SeTokenIsRestricted(_In_ PACCESS_TOKEN Token)
Determines if a token is restricted or not, based upon the token flags.
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
#define CONTAINER_INHERIT_ACE
#define SE_OWNER_DEFAULTED
#define ACCESS_DENIED_CALLBACK_ACE_TYPE
#define SE_SACL_PROTECTED
#define SE_DACL_DEFAULTED
#define SE_DACL_PROTECTED
#define SE_DACL_AUTO_INHERITED
#define SE_SERVER_SECURITY
#define ACCESS_DENIED_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
#define SE_DACL_AUTO_INHERIT_REQ
#define SE_SACL_DEFAULTED
#define SE_SACL_AUTO_INHERITED
#define SYSTEM_ALARM_CALLBACK_ACE_TYPE
#define SYSTEM_ALARM_ACE_TYPE
#define OBJECT_INHERIT_ACE
#define SE_DACL_UNTRUSTED
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
#define NO_PROPAGATE_INHERIT_ACE
#define ACCESS_DENIED_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE
#define SYSTEM_ALARM_CALLBACK_OBJECT_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SE_SACL_AUTO_INHERIT_REQ
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_COMPOUND_ACE_TYPE
#define SE_GROUP_DEFAULTED
#define SYSTEM_ALARM_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE
#define SE_RM_CONTROL_VALID
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE