CD Actual 22

home *** CD-ROM | disk | FTP | other *** search

/ CD Actual 22 / PC Actual CD 22.iso / SHARE / wnt / adnm / ADMNALOW.C next >

Wrap

C/C++ Source or Header | 1997-03-24 | 13.5 KB | 484 lines

#include <windows.h> #include <stdio.h> #include <locale.h> // Modified to use hard-coded SID // Unicode constants WCHAR* DOT; WCHAR* DOTDOT; WCHAR* BACKSLASH; WCHAR* SDS; PSID adminSid; SECURITY_DESCRIPTOR adminOwner; PACCESS_ALLOWED_ACE fileAllowAce; PACCESS_ALLOWED_ACE dirAllowAce1; PACCESS_ALLOWED_ACE dirAllowAce2; WCHAR* lmbstowcs(char* aname); void printerror(char* str,WCHAR* file,DWORD errorno); void recursive_find(WCHAR* searchpath); void setConstants(void); void processFile(WCHAR* file,BOOL isDir); void getPrivs(void); DWORD getFileSecurity(WCHAR* file,PSECURITY_DESCRIPTOR* desc); HLOCAL SafeAlloc(UINT bytes); BOOL isAclOkay(WCHAR* file,PSECURITY_DESCRIPTOR desc,BOOL isDir); void AddAdminPerms(WCHAR* file,BOOL isDir); int main(int argc,char* argv[]) { WCHAR* searchPath; int i; if(argc<2) { printf("Admin Allow gives administrators full access to NTFS files.\n"); printf("It does not otherwise disturb existing permissions.\n"); printf("Usage: %s path1 path2\n",argv[0]); printf("Example: %s d: e:\\users\n",argv[0]); printf("V1.02 Mar 24 '97 Mike Ingle (inglem@adnetsol.com)\n"); exit(1); } setConstants(); getPrivs(); for(i=1;i<argc;i++) { searchPath=lmbstowcs(argv[i]); recursive_find(searchPath); LocalFree(searchPath); } return(0); } // Check for admin all access BOOL isAclOkay(WCHAR* file,PSECURITY_DESCRIPTOR desc,BOOL isDir) { BOOL daclPresent; PACL acl; BOOL daclDefaulted; ACL_SIZE_INFORMATION aclinfo; DWORD i; LPVOID ace; ACCESS_ALLOWED_ACE* allowace; ACCESS_DENIED_ACE* denyace; BOOL allowf=FALSE; BOOL allowd1=FALSE; BOOL allowd2=FALSE; BOOL deny=FALSE; if(!GetSecurityDescriptorDacl(desc,&daclPresent,&acl,&daclDefaulted)) { printerror("Can't read DACL from descriptor for ",file,GetLastError()); return(TRUE); // Can't read it, don't touch it } if((!daclPresent)||(acl==NULL)) { return(TRUE); // No ACL means full access, fine } if(!GetAclInformation(acl,&aclinfo,sizeof(ACL_SIZE_INFORMATION), AclSizeInformation)) { printerror("Can't read ACL info for ",file,GetLastError()); return(TRUE); } for(i=0;i<aclinfo.AceCount;i++) { if(!GetAce(acl,i,&ace)) { printerror("Can't extract ACE from ACL for ",file,GetLastError()); return(TRUE); } allowace=(ACCESS_ALLOWED_ACE*) ace; denyace=(ACCESS_DENIED_ACE*) ace; if(allowace->Header.AceType==ACCESS_ALLOWED_ACE_TYPE) { if(EqualSid(adminSid,(SID*)&(allowace)->SidStart)) { if(allowace->Mask == (DWORD)0x01f01ff) { if(!(allowace->Header.AceFlags & 8)) { allowf=TRUE; } if(allowace->Header.AceFlags & 1) { allowd1=TRUE; } if(allowace->Header.AceFlags & 2) { allowd2=TRUE; } } } } else if(denyace->Header.AceType==ACCESS_DENIED_ACE_TYPE) { if(EqualSid(adminSid,(SID*)&(denyace)->SidStart)) { deny=TRUE; } } } if(deny) { return(FALSE); } // Admins explicitly denied if(isDir && allowd1 && allowd2 && allowf ) { return(TRUE); } // Dir okay if( (!isDir) && allowf) { return(TRUE); } // File okay return(FALSE); // Full control ACE's not found } void AddAdminPerms(WCHAR* file,BOOL isDir) { BYTE filebuf[2048]; BYTE sidbuf[1024]; HANDLE fileHandle; LPVOID context=NULL; DWORD sizeRead,dummy; DWORD sidOffset=0x028; SECURITY_DESCRIPTOR newsd; SECURITY_DESCRIPTOR newaclsd; PSECURITY_DESCRIPTOR desc=NULL; DWORD lastError; BOOL daclPresent; PACL acl; PACL newAcl=NULL; BOOL daclDefaulted; ACL_SIZE_INFORMATION aclinfo; DWORD i,j; LPVOID ace; ACCESS_ALLOWED_ACE* allowace; ACCESS_DENIED_ACE* denyace; DWORD newAclSize; fileHandle=CreateFile(file,GENERIC_READ,FILE_SHARE_READ,NULL, OPEN_EXISTING,FILE_FLAG_BACKUP_SEMANTICS,NULL); if(fileHandle==INVALID_HANDLE_VALUE) { printerror("Can't open file to get owner SID for ",file,GetLastError()); return; } if(!BackupRead(fileHandle,filebuf,sizeof(filebuf), &sizeRead,FALSE,TRUE,&context)) { printerror("Can't read file to get owner SID for ",file,GetLastError()); return; } BackupRead(fileHandle,filebuf,0,&dummy,TRUE,FALSE,&context); CloseHandle(fileHandle); if(!IsValidSid((PSID)(filebuf+sidOffset))) { printerror("SID Invalid from BackupRead for ",file,GetLastError()); return; } if(!CopySid(sizeof(sidbuf),(PSID)sidbuf,(PSID)(filebuf+sidOffset))) { printerror("SID copy failed for ",file,GetLastError()); return; } if(!SetFileSecurity(file,OWNER_SECURITY_INFORMATION,&adminOwner)) { printerror("Can't set owner to Administrators for ",file,GetLastError()); return; } lastError=getFileSecurity(file,&desc); if(lastError) { printerror("Can't get file security for ",file,lastError); goto aclupdate_bypass; } if(!GetSecurityDescriptorDacl(desc,&daclPresent,&acl,&daclDefaulted)) { printerror("Can't read DACL from descriptor for ",file,GetLastError()); goto aclupdate_bypass; } if(!daclPresent) { printerror("No ACL present for ",file,GetLastError()); goto aclupdate_bypass; } if(!GetAclInformation(acl,&aclinfo,sizeof(ACL_SIZE_INFORMATION), AclSizeInformation)) { printerror("Can't read ACL info for ",file,GetLastError()); goto aclupdate_bypass; } newAclSize=aclinfo.AclBytesInUse; if(isDir) { newAclSize+=dirAllowAce1->Header.AceSize; newAclSize+=dirAllowAce2->Header.AceSize; } else { newAclSize+=fileAllowAce->Header.AceSize; } newAcl=SafeAlloc(newAclSize); InitializeAcl(newAcl,newAclSize,ACL_REVISION); for(i=0,j=0;i<aclinfo.AceCount;i++) { if(!GetAce(acl,i,&ace)) { printerror("Can't extract ACE from ACL for ",file,GetLastError()); goto aclupdate_bypass; } allowace=(ACCESS_ALLOWED_ACE*) ace; denyace=(ACCESS_DENIED_ACE*) ace; if( (!EqualSid(adminSid,(SID*)&(allowace)->SidStart)) || ( (allowace->Header.AceType!=ACCESS_ALLOWED_ACE_TYPE) && (denyace->Header.AceType!=ACCESS_DENIED_ACE_TYPE) ) ) { if(!AddAce(newAcl,ACL_REVISION,j++,ace,allowace->Header.AceSize)) { printerror("Can't add ACE(1) to new ACL for ",file,GetLastError()); goto aclupdate_bypass; } } } if(isDir) { if(!AddAce(newAcl,ACL_REVISION,j++,dirAllowAce1, dirAllowAce1->Header.AceSize)) { printerror("Can't add ACE(3) to new ACL for ",file,GetLastError()); goto aclupdate_bypass; } if(!AddAce(newAcl,ACL_REVISION,j++,dirAllowAce2, dirAllowAce2->Header.AceSize)) { printerror("Can't add ACE(4) to new ACL for ",file,GetLastError()); goto aclupdate_bypass; } } else { if(!AddAce(newAcl,ACL_REVISION,j++,fileAllowAce, fileAllowAce->Header.AceSize)) { printerror("Can't add ACE(2) to new ACL for ",file,GetLastError()); goto aclupdate_bypass; } } InitializeSecurityDescriptor(&newaclsd,SECURITY_DESCRIPTOR_REVISION); if(!SetSecurityDescriptorDacl(&newaclsd,TRUE,newAcl,daclDefaulted)) { printerror("Can't put new ACL in SD for ",file,GetLastError()); goto aclupdate_bypass; } if(!SetFileSecurity(file,DACL_SECURITY_INFORMATION,&newaclsd)) { printerror("Can't set new ACL for ",file,GetLastError()); goto aclupdate_bypass; } aclupdate_bypass: if(desc) LocalFree(desc); if(newAcl) LocalFree(newAcl); InitializeSecurityDescriptor(&newsd,SECURITY_DESCRIPTOR_REVISION); if(!SetSecurityDescriptorOwner(&newsd,(PSID)sidbuf,FALSE)) { printerror("Can't get old owner security descriptor ", file,GetLastError()); return; } if(!SetFileSecurity(file,OWNER_SECURITY_INFORMATION,&newsd)) { printerror("Can't set owner back to original for ",file,GetLastError()); return; } } void processFile(WCHAR* file,BOOL isDir) { PSECURITY_DESCRIPTOR desc=NULL; DWORD lastError; lastError=getFileSecurity(file,&desc); if((lastError)||(!isAclOkay(file,desc,isDir))) { printf("%s %S\n",isDir?"dir ":"file ",file); AddAdminPerms(file,isDir); } if(desc) { LocalFree(desc); } } DWORD getFileSecurity(WCHAR* file,PSECURITY_DESCRIPTOR* desc) { DWORD curSize; DWORD sizeNeeded; BOOL result; DWORD lastError; curSize=1024; for(;;) { *desc=SafeAlloc(curSize); result=GetFileSecurity(file,DACL_SECURITY_INFORMATION,*desc, curSize,&sizeNeeded); if(result) return(NO_ERROR); lastError=GetLastError(); if(lastError == ERROR_INSUFFICIENT_BUFFER) { LocalFree(*desc); curSize*=2; } else { return(lastError); } } } void recursive_find(WCHAR* searchpath) { WIN32_FIND_DATA finddata; HANDLE h; WCHAR* fn; WCHAR findpath[MAX_PATH]; WCHAR filepath[MAX_PATH]; BOOL cont=TRUE; BOOL isDir; DWORD errorno; if(GetFileAttributes(searchpath)&FILE_ATTRIBUTE_DIRECTORY) { processFile(searchpath,TRUE); lstrcpy(findpath,searchpath); lstrcat(findpath,BACKSLASH); lstrcat(findpath,SDS); h=FindFirstFile(findpath,&finddata); for(;;) { if((h==INVALID_HANDLE_VALUE)||(!cont)) { errorno=GetLastError(); if(errorno!=ERROR_NO_MORE_FILES) { printerror("Can't scan directory ",searchpath,errorno); } break; } fn=finddata.cFileName; isDir=(finddata.dwFileAttributes&FILE_ATTRIBUTE_DIRECTORY)?TRUE:FALSE; if((!lstrcmp(fn,DOT))||(!lstrcmp(fn,DOTDOT))) { goto nextfile; } lstrcpy(filepath,searchpath); lstrcat(filepath,BACKSLASH); lstrcat(filepath,fn); processFile(filepath,isDir); if(isDir) { WCHAR subdir[MAX_PATH]; lstrcpy(subdir,searchpath); lstrcat(subdir,BACKSLASH); lstrcat(subdir,fn); recursive_find(subdir); } nextfile: cont=FindNextFile(h,&finddata); } FindClose(h); } else { processFile(searchpath,FALSE); } } void printerror(char* str,WCHAR* file,DWORD errorno) { #define printerrorbufsize 4096 WCHAR buf[printerrorbufsize]; va_list ap; va_start(ap,errorno); FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM,NULL,errorno,0, buf,printerrorbufsize-1,&ap); printf("%s%S: %S",str,file,buf); va_end(ap); } void setConstants() { DWORD sidSize; // ,domSize; // WCHAR domName[256]; DWORD fileAllowAceSize; // WCHAR* admins=lmbstowcs("Administrators"); // SID_NAME_USE peUse; DOT=lmbstowcs("."); DOTDOT=lmbstowcs(".."); BACKSLASH=lmbstowcs("\\"); SDS=lmbstowcs("*.*"); sidSize=1024; // domSize=sizeof(domName); adminSid=SafeAlloc(sidSize); // if(!LookupAccountName(NULL,admins,adminSid,&sidSize,domName, // &domSize,&peUse)) { // printerror("Can't get Administrators SID ",(WCHAR*)"",GetLastError()); // exit(1); // } // LocalFree(admins); CopyMemory(adminSid,"\001\002\000\000\000\000\000\005\040\000\000\000\040\002\000\000",16); InitializeSecurityDescriptor(&adminOwner,SECURITY_DESCRIPTOR_REVISION); if(!SetSecurityDescriptorOwner(&adminOwner,adminSid,FALSE)) { printerror("Can't get Administrators Owner security descriptor ", (WCHAR*)"",GetLastError()); exit(1); } fileAllowAceSize=sizeof(ACCESS_ALLOWED_ACE)+GetLengthSid(adminSid); fileAllowAce=SafeAlloc(fileAllowAceSize); fileAllowAce->Header.AceType=ACCESS_ALLOWED_ACE_TYPE; fileAllowAce->Header.AceFlags=0; fileAllowAce->Header.AceSize=(WORD)fileAllowAceSize; fileAllowAce->Mask=(DWORD)0x01f01ff; CopyMemory(&(fileAllowAce->SidStart),adminSid,GetLengthSid(adminSid)); dirAllowAce1=SafeAlloc(fileAllowAceSize); dirAllowAce2=SafeAlloc(fileAllowAceSize); CopyMemory(dirAllowAce1,fileAllowAce,fileAllowAceSize); CopyMemory(dirAllowAce2,fileAllowAce,fileAllowAceSize); dirAllowAce1->Header.AceFlags=8+1; dirAllowAce2->Header.AceFlags=2; } void getPrivs() // Turn on Backup, Restore, and Take Ownership { HANDLE h; LUID takeown; LUID backup; LUID restore; TOKEN_PRIVILEGES privs; DWORD lastError; if(!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&h)) { printerror("Can't get process token ",(WCHAR*)"",GetLastError()); exit(1); } if(!LookupPrivilegeValue((WCHAR*)NULL, (WCHAR*)SE_TAKE_OWNERSHIP_NAME,&takeown)) { printerror("Can't get Take Ownership privilege value ",(WCHAR*)"", GetLastError()); exit(1); } if(!LookupPrivilegeValue((WCHAR*)NULL,(WCHAR*)SE_BACKUP_NAME,&backup)) { printerror("Can't get Backup privilege value ",(WCHAR*)"", GetLastError()); exit(1); } if(!LookupPrivilegeValue((WCHAR*)NULL,(WCHAR*)SE_RESTORE_NAME,&restore)) { printerror("Can't get Restore privilege value ",(WCHAR*)"", GetLastError()); exit(1); } privs.PrivilegeCount=1; privs.Privileges[0].Luid=takeown; privs.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(h,FALSE,&privs,sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL,(PDWORD) NULL); lastError=GetLastError(); if(lastError != NO_ERROR) { printerror("Can't set Take Ownership privilege ",(WCHAR*)"",lastError); exit(1); } privs.PrivilegeCount=1; privs.Privileges[0].Luid=backup; privs.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(h,FALSE,&privs,sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL,(PDWORD) NULL); lastError=GetLastError(); if(lastError != NO_ERROR) { printerror("Can't set Backup privilege ",(WCHAR*)"",lastError); exit(1); } privs.PrivilegeCount=1; privs.Privileges[0].Luid=restore; privs.Privileges[0].Attributes=SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(h,FALSE,&privs,sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL,(PDWORD) NULL); lastError=GetLastError(); if(lastError != NO_ERROR) { printerror("Can't set Restore privilege ",(WCHAR*)"",lastError); exit(1); } } HLOCAL SafeAlloc(UINT bytes) { HLOCAL result; result=LocalAlloc(LPTR,bytes); if(!result) { printerror("Can't allocate memory ",(WCHAR*)"",GetLastError()); exit(1); } return(result); } WCHAR *lmbstowcs(char *aname ) { if (aname) { WCHAR *pwname = NULL; WCHAR *prwname; pwname = (WCHAR *)SafeAlloc(sizeof(WCHAR) * (strlen(aname)+1)); prwname = pwname; for (; *prwname = (WCHAR)(*aname);prwname++,aname++ ); return(pwname); } else { return(NULL); } }