Main Page   Namespace List   Alphabetical List   Compound List   File List   Namespace Members   Compound Members   File Members   Related Pages  

main.cpp

Go to the documentation of this file.
00001 // main.cpp contains test drivers
00002 
00003 #include "stdafx.h"
00004 #include "fksec.h"
00005 #include "dumpacl.h"
00006 #include <sstream>
00007 #include <iads.h> // needed for ADS_RIGHT_DS_CREATE_CHILD
00008 
00009 
00010 
00011 #ifdef _UNICODE
00012 #define out std::wcout
00013 #else
00014 #define out std::cout
00015 #endif
00016 
00017 #pragma warning( disable: 4800 )
00018 
00019 using fksec::fkstr;
00020 using fksec::ex;
00021 using fksec::priv;
00022 using fksec::sid;
00023 using fksec::ace;
00024 using fksec::acl;
00025 using fksec::sd;
00026 using fksec::GetFileSecurity;
00027 using fksec::SetFileSecurity;
00028 using fksec::RegGetKeySecurity;
00029 using fksec::RegSetKeySecurity;
00030 using fksec::AdsGetObjectSecurity ;
00031 using fksec::AdsSetObjectSecurity ;
00032 
00033 
00034 
00035 #include "testvalues.h"
00036 
00037 
00038 
00039 // VC++ 5.0 requires this, I am told
00040 #if defined( _MSC_VER ) && _MSC_VER < 1200
00041 extern "C"
00042 #endif
00043 int _tmain( int argc, TCHAR *argv[] )
00044 {
00045     try
00046     {
00047         sid verify;
00048         verify = ADMINISTRATORS;
00049 #ifdef DOMAIN_ADMINS
00050         verify = DOMAIN BACK DOMAIN_ADMINS;
00051 #endif
00052         verify = EVERYONE;
00053         verify = GUESTS;
00054         verify = GUEST;
00055         verify = GOODGUY;
00056         verify = DOMAIN BACK GOODGUY;
00057     }
00058     catch ( ex *e )
00059     {
00060         out << _T( "One of the accounts required for these tests failed the look-up." ) << std::endl
00061             << _T( "Did you change testvalues.h as required for your set-up?" ) << std::endl;
00062         out << *e << std::endl;
00063         delete e;
00064         return 1;
00065     }
00066 
00067 #ifdef TEST_SD
00068     sid owner, group;
00069     owner = GOODGUY;
00070     group = ADMINISTRATORS;
00071 
00072     acl dacl, sacl;
00073     dacl.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, -1, owner );
00074     dacl.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, -1, group );
00075     sacl.AddAce( -1, SYSTEM_AUDIT_ACE_TYPE, 0xc0, 0, -1, owner );
00076     sacl.AddAce( -1, SYSTEM_AUDIT_ACE_TYPE, 0xc0, 0, -1, group );
00077 
00078     sd s0, s1; // default ctor
00079     out << _T( "s0, empty: " ) << s0 << std::endl;
00080 
00081     sd s2( s1 ); // copy ctor on empty sd
00082     out << _T( "s0, empty: " ) << s0 << std::endl;
00083 
00084     // build a dummy SD
00085     s1.SetOwnerSid( owner );
00086     out << _T( "s1, after SetOwnerSid(sid&): " ) << s1 << std::endl;
00087     s1.SetOwnerSid( (PSID) owner );
00088     out << _T( "s1, after SetOwnerSid(PSID): " ) << s1 << std::endl;
00089     s1.SetOwnerSid( GOODGUY );
00090     out << _T( "s1, after SetOwnerSid((TCHAR *): " ) << s1 << std::endl;
00091     s1.SetGroupSid( group );
00092     out << _T( "s1, after SetGroupSid(sid&): " ) << s1 << std::endl;
00093     s1.SetGroupSid( (PSID) group );
00094     out << _T( "s1, after SetGroupSid(PSID): " ) << s1 << std::endl;
00095     s1.SetGroupSid( ADMINISTRATORS );
00096     out << _T( "s1, after SetGroupSid(TCHAR *): " ) << s1 << std::endl;
00097     s1.SetDacl( dacl );
00098     out << _T( "s1, after SetDacl(acl &): " ) << s1 << std::endl;
00099     s1.SetDacl( (PACL) dacl );
00100     out << _T( "s1, after SetDacl(ACL *): " ) << s1 << std::endl;
00101     s1.SetSacl( sacl );
00102     out << _T( "s1, after SetSacl(acl &): " ) << s1 << std::endl;
00103     s1.SetSacl( (PACL) sacl );
00104     out << _T( "s1, after SetSacl(ACL *): " ) << s1 << std::endl;
00105 
00106     sd s3( s1 ); // copy ctor on non-empty obj
00107     out << _T( "s3, after ctor: " ) << s3 << std::endl;
00108     sd s4( (SECURITY_DESCRIPTOR *) s1 );
00109     out << _T( "s4, after ctor(PSD abs: " ) << s4 << std::endl;
00110     sd s4r( (SECURITY_DESCRIPTOR_RELATIVE *) s1 );
00111     out << _T( "s4r, after ctor(PSD rel: " ) << s4r << std::endl;
00112     sd s5( 0, owner, group, dacl, sacl );
00113     out << _T( "s5, after ctor(components): " ) << s5 << std::endl;
00114 
00115     sd s6;
00116     s6 = s1;
00117     out << _T( "s6, after assign(sd &): " ) << s6 << std::endl;
00118     s6 = (SECURITY_DESCRIPTOR *) s1;
00119     out << _T( "s6, after assign(SD *): " ) << s6 << std::endl;
00120     s6 = (SECURITY_DESCRIPTOR_RELATIVE *) s1;
00121     out << _T( "s6, after assign(SD_RELATIVE *): " ) << s6 << std::endl;
00122 
00123     out << _T( "s6 data -- security_information: " ) << s6.GetSecurityInformation() << std::endl;
00124     out << _T( "owner: " ) << s6.GetOwnerSid() << std::endl;
00125     out << _T( "group: " ) << s6.GetGroupSid() << std::endl;
00126     out << _T( "dacl: " ) << s6.GetDacl();
00127     out << _T( "sacl: " ) << s6.GetSacl();
00128 #endif // TEST_SD
00129 
00130 #ifdef TEST_ACL
00131     acl al0; // default ctor
00132     acl al1( al0 ); // copy ctor for empty acl
00133     al0.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, TOKEN_QUERY, GOODGUY );
00134     al0.AddAce( -1, ACCESS_DENIED_ACE_TYPE, 0, 0, SYNCHRONIZE, GOODGUY );
00135     al0.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, TOKEN_QUERY, EVERYONE );
00136     al0.AddAce( -1, ACCESS_DENIED_ACE_TYPE, 0, 0, SYNCHRONIZE, EVERYONE );
00137     out << _T( "al0: " ) << al0 << std::endl;
00138     acl al2( al0 ); // copy ctor for non-empty acl
00139     out << _T( "al2: " ) << al2 << std::endl;
00140     acl al3( (PACL) al0 ); // PACL ctor
00141     out << _T( "al3: " ) << al3 << std::endl;
00142 
00143     al1 = al0; // assignment to empty
00144     out << _T( "al1 after assign: " ) << al1 << std::endl;
00145     al2 = al0; // assignment to non-empty
00146     out << _T( "al2 after assign: " ) << al2 << std::endl;
00147     al2 = (PACL) al0; // assignment of PACL (and conversion to PACL)
00148     out << _T( "al2 after assign: " ) << al2 << std::endl;
00149 
00150     // accessors
00151     out << _T( "ace 1: " ) << al0.GetAce( 1 ) << std::endl;
00152     out << __T( "ACE count: " ) << al0.GetCount() << _T( ", ACL size: " ) <<
00153         al0.GetSize() << _T( ", min size: " ) << al0.GetMinimumSize() <<
00154         _T( ", free: " ) << al0.GetFreeBytes() << _T( " bytes" ) << std::endl;
00155     al0.SetFreeBytes( 100 );
00156     out << __T( "after SetFreeBytes( 100 ): ACE count: " ) << al0.GetCount() << _T( ", ACL size: " ) <<
00157         al0.GetSize() << _T( ", min size: " ) << al0.GetMinimumSize() << _T( ", free: " ) <<
00158         al0.GetFreeBytes() << _T( " bytes" ) << std::endl;
00159 
00160     ace ac0( al0.GetAce( 3 ) );
00161     sid guest( GUEST );
00162     ac0.SetSid( guest );
00163     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00164     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00165     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00166     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00167     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00168     out << _T( "after AddAce(): " ) << al0 << std::endl;
00169 
00170     al0.DeleteAce( 0 );
00171     out << _T( "after DeleteAce( 0 ): " ) << al0 << std::endl;
00172 
00173     al0.DeleteAcesForSid( guest );
00174     out << _T( "after DeleteAces( guest ): " ) << al0 << std::endl;
00175 
00176     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00177     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00178     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00179     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00180     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00181     al0.DeleteAcesForSid( (PSID) guest );
00182     out << _T( "after DeleteAces( (PSID) guest ): " ) << al0 << std::endl;
00183 
00184     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00185     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00186     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00187     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00188     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00189     al0.DeleteAcesForSid( GUEST );
00190     out << _T( "after DeleteAces( \"" ) GUEST _T( "\" ): " ) << al0 << std::endl;
00191 
00192     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00193     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00194     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00195     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00196     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00197     al0.normalize();
00198     out << _T( "after normalize(): " ) << al0 << std::endl;
00199 
00200     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00201     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00202     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00203     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00204     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00205     al0.canonicalize();
00206     out << _T( "after canonicalize(): " ) << al0 << std::endl;
00207 
00208     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00209     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00210     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00211     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00212     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00213     al0.normalize();
00214     al0.canonicalize();
00215     out << _T( "after normalize(), canonicalize(): " ) << al0 << std::endl;
00216 
00217     ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00218     ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00219     al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00220     al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00221     al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00222     al0.canonicalize();
00223     al0.normalize();
00224     out << _T( "after canonicalize(), normalize(): " ) << al0 << std::endl;
00225 #endif // TEST_ACL
00226 
00227 #ifdef TEST_ACE
00228     ace a0,
00229         a1( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, DOMAIN BACK GOODGUY ),
00230         a2( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, sid( DOMAIN BACK GOODGUY ) ),
00231         a3( a1 ),
00232         a4( (const void *) a1 );
00233     try { ace a( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, DOMAIN BACK BADGUY ); }
00234     catch ( ex *e )
00235     {
00236         out << _T( "ace( \"" ) BADGUY _T( "\" ):" ) << std::endl;
00237         out << *e << std::endl;
00238         delete e;
00239     }
00240 
00241     out.setf( out.boolalpha );
00242 
00243     // accessors
00244     out << _T( "before accessors: " ) << a0 << std::endl;
00245     a0.SetType( ACCESS_DENIED_ACE_TYPE );
00246     a0.SetFlags( 0xff & ~ VALID_INHERIT_FLAGS );
00247     a0.SetInheritance( 0xff & VALID_INHERIT_FLAGS );
00248     a0.SetMask( 0x87654321 );
00249     a0.SetSid( sid( GOODGUY ) );
00250     a0.SetSid( DOMAIN BACK GOODGUY );
00251     out << _T( "after accessors: " ) << a0 << std::endl;
00252 
00253     try { a0.SetSid( BADGUY ); }
00254     catch ( ex *e )
00255     {
00256         out << _T( "ace::SetSid( \"" ) BADGUY _T( "\" ):" ) << std::endl;
00257         out << *e << std::endl;
00258         delete e;
00259     }
00260 
00261     // assignments
00262     out << _T( "a1 -- " ) << a1 << std::endl;
00263     a0 = (const void *) a1;
00264     out << _T( "a0 -- " ) << a0 << std::endl;
00265     a0 = a1;
00266     out << _T( "a0 -- " ) << a0 << std::endl << std::endl;
00267 
00268     // comparisons
00269     a1 = a0;
00270     out << _T( "Equal aces:" ) << std::endl;
00271     out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00272     out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00273     out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00274     out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00275     out << _T( "a0 <  a1: " ) << (bool) ( a0 <  a1 ) << std::endl;
00276     out << _T( "a1 <  a0: " ) << (bool) ( a1 <  a0 ) << std::endl << std::endl;
00277 
00278     a1.SetSid( ADMINISTRATORS );
00279     out << _T( "Different SIDs:" ) << std::endl;
00280     out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00281     out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00282     out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00283     out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00284     out << _T( "a0 <  a1: " ) << (bool) ( a0 <  a1 ) << std::endl;
00285     out << _T( "a1 <  a0: " ) << (bool) ( a1 <  a0 ) << std::endl << std::endl;
00286 
00287     a1 = a0;
00288     a1.SetType( ACCESS_DENIED_ACE_TYPE );
00289     out << _T( "Different types:" ) << std::endl;
00290     out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00291     out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00292     out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00293     out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00294     out << _T( "a0 <  a1: " ) << (bool) ( a0 <  a1 ) << std::endl;
00295     out << _T( "a1 <  a0: " ) << (bool) ( a1 <  a0 ) << std::endl << std::endl;
00296 
00297     a1 = a0;
00298     a1.SetInheritance( VALID_INHERIT_FLAGS );
00299     out << _T( "Different inheritance flags:" ) << std::endl;
00300     out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00301     out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00302     out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00303     out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00304     out << _T( "a0 <  a1: " ) << (bool) ( a0 <  a1 ) << std::endl;
00305     out << _T( "a1 <  a0: " ) << (bool) ( a1 <  a0 ) << std::endl << std::endl;
00306 #endif // TEST_ACE
00307 
00308 #ifdef TEST_PRIV
00309     // constructors
00310     priv p0;
00311     priv p1;
00312     LUID p2luid = { 8, 0 };
00313     priv p2( p2luid );
00314     priv p3( 8 );
00315     priv p4( _T( "SeSecurityPrivilege" ) );
00316     priv p5( p4 );
00317     try { priv p6( _T( "foo!" ) ); } // should bomb
00318     catch ( ex *e )
00319     {
00320         out << *e << std::endl;
00321         delete e;
00322     }
00323     try { priv p7( 188 ); } // should bomb
00324     catch ( ex *e )
00325     {
00326         out << *e << std::endl;
00327         delete e;
00328     }
00329 
00330     // assignment
00331     p0 = p1;
00332     p0 = p2;
00333     p0 = p2luid;
00334     p0 = 8;
00335     p0 = _T( "SeSecurityPrivilege" );
00336     p0 = p4;
00337     try { p0 = _T( "foo!" ); } // should bomb
00338     catch ( ex *e )
00339     {
00340         out << _T( "bombed p0: " ) << p0 << std::endl;
00341         out << *e << std::endl;
00342         delete e;
00343     }
00344     try { p0 = 188; } // should bomb
00345     catch ( ex *e )
00346     {
00347         out << *e << std::endl;
00348         delete e;
00349     }
00350 
00351     // comparisons
00352     p0 = 9;
00353     out << _T( "p0(9) and p1(empty) are " ) << ( p0 == p1? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00354     out << _T( "p0(9) and p1(empty) are " ) << ( p0 != p1? _T( "different" ): _T( "not different" ) ) << std::endl;
00355     out << _T( "p1(empty) and p0(9) are " ) << ( p1 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00356     out << _T( "p1(empty) and p0(9) are " ) << ( p1 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00357 
00358     out << _T( "p0(9) and p3(8) are " ) << ( p0 == p3? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00359     out << _T( "p0(9) and p3(8) are " ) << ( p0 != p3? _T( "different" ): _T( "not different" ) ) << std::endl;
00360     out << _T( "p3(8) and p0(9) are " ) << ( p3 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00361     out << _T( "p3(8) and p0(9) are " ) << ( p3 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00362 
00363     p0 = 8;
00364     out << _T( "p0(8) and p3(8) are " ) << ( p0 == p3? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00365     out << _T( "p0(8) and p3(8) are " ) << ( p0 != p3? _T( "different" ): _T( "not different" ) ) << std::endl;
00366     out << _T( "p3(8) and p0(8) are " ) << ( p3 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00367     out << _T( "p3(8) and p0(8) are " ) << ( p3 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00368 
00369     out << _T( "p0(8) and p0(8) are " ) << ( p0 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00370     out << _T( "p0(8) and p0(8) are " ) << ( p0 != p0? _T( "different" ): _T( "not different" ) ) << std::endl;
00371 
00372     // accessors
00373     out << _T( "p0(8): " ) << p0.GetPrivilegeName() << _T( ", " ) << p0.GetDisplayName() << std::endl << std::endl;
00374 
00375     // priv enable/disable
00376     bool state1, state2, state3, state4, state5, state6;
00377     p0 = _T( "SeSecurityPrivilege" );
00378     state1 = p0.GetState();
00379     p0.Enable(); state2 = p0.GetState();
00380     p0.Disable(); state3 = p0.GetState();
00381     p0.Toggle(); state4 = p0.GetState();
00382     p0.SetState( false ); state5 = p0.GetState();
00383     p0.SetState( true ); state6 = p0.GetState();
00384 
00385     out.setf( out.boolalpha );
00386     out << _T( "States: before " ) << state1 << _T( ", after Enable() " ) << state2 <<
00387         _T( ", after Disable() " ) << state3 << _T( ", after Toggle() " ) << state4 <<
00388         _T( ", after SetState(false) " ) << state5 << _T( ", after SetState(true) " ) << state6 <<
00389         std::endl << std::endl;;
00390 
00391     HANDLE hh;
00392     ::OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hh );
00393     p0.SetHandle( hh );
00394     CloseHandle( hh );
00395     state1 = p0.GetState();
00396     p0.SetHandle( 0 );
00397     state2 = p0.GetState();
00398     p0.SetHandle( 0 );
00399 #endif // TEST_PRIV
00400 
00401 #ifdef TEST_SID
00402     DWORD i;
00403 
00404     // constructor tests
00405     sid emptysid;
00406     sid copiedsid( emptysid );
00407     try { sid sidfrompsid( (PSID) emptysid ); } // this should bomb
00408     catch ( ex *e )
00409     {
00410         out << *e << std::endl;
00411         delete e;
00412     }
00413 
00414     SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
00415     sid manualsid( sia, 1, 32 );
00416 
00417     // assignment operators (and PSID cast)
00418     emptysid = manualsid;
00419     out << _T( "= manualsid: " ) << emptysid << std::endl;
00420     emptysid = (PSID) manualsid;
00421     out << _T( "= (PSID) manualsid: " ) << emptysid << std::endl;
00422     emptysid = _T( "S-1-5-5-3-1" );
00423     out << _T( "= \"S-1-5-5-3-1\": " ) << emptysid << std::endl;
00424     emptysid.ConvertFromStringSid( _T( "s-1-2-3-4-5-6-7-8-9-10-011-0x11" ) );
00425     out << _T( "= ConvertFSS( \"s-1-2-3-4-5-6-7-8-9-10-011-0x11\" ): " ) << emptysid << std::endl;
00426     emptysid = DOMAIN BACK GOODGUY;
00427     out << _T( "= \"" ) DOMAIN BACK GOODGUY _T( "\": " ) << emptysid << std::endl;
00428 
00429     // SID editing
00430     DWORD savedsubauth = emptysid.GetSubAuthority( emptysid.GetSubAuthorityCount() - 1 );
00431     emptysid.RemoveLastRid();
00432     out << _T( "minus last RID: " ) << emptysid << std::endl;
00433     emptysid.AppendSubAuthority( 501 );
00434     out << _T( "minus last RID: " ) << emptysid << std::endl;
00435     emptysid.SetSubAuthority( emptysid.GetSubAuthorityCount() - 1, savedsubauth );
00436     out << _T( "minus last RID: " ) << emptysid << std::endl;
00437 
00438     // subauth and props access
00439     out << _T( "emptysid length: " ) << emptysid.GetLength() << std::endl;
00440     for ( i = 0; i < emptysid.GetSubAuthorityCount(); ++ i )
00441         out << _T( "subauth[" ) << i << _T( "]: " ) << emptysid.GetSubAuthority( i ) << std::endl;
00442 
00443     // comparisons
00444     manualsid.LookupName( 0, DOMAIN BACK GOODGUY );
00445     out << _T( "sid prefixes are " ) << ( emptysid.EqualPrefix( manualsid )? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00446     out << _T( "sid prefixes are " ) << ( manualsid.EqualPrefix( emptysid )? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00447     out << _T( "sids are " ) << ( emptysid == manualsid? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00448     out << _T( "sids are " ) << ( manualsid == emptysid? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00449     out << _T( "sids are " ) << ( emptysid != manualsid? _T( "" ): _T( "not " ) ) << _T( "unequal [1]" ) << std::endl;
00450     out << _T( "sids are " ) << ( manualsid != emptysid? _T( "" ): _T( "not " ) ) << _T( "unequal [2]" ) << std::endl;
00451 
00452     manualsid = _T( "S-1-5-32" );
00453     out << _T( "sid prefixes are " ) << ( emptysid.EqualPrefix( manualsid )? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00454     out << _T( "sid prefixes are " ) << ( manualsid.EqualPrefix( emptysid )? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00455     out << _T( "sids are " ) << ( emptysid == manualsid? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00456     out << _T( "sids are " ) << ( manualsid == emptysid? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00457     out << _T( "sids are " ) << ( emptysid != manualsid? _T( "" ): _T( "not " ) ) << _T( "unequal [1]" ) << std::endl;
00458     out << _T( "sids are " ) << ( manualsid != emptysid? _T( "" ): _T( "not " ) ) << _T( "unequal [2]" ) << std::endl;
00459 
00460     // copy ctor
00461     sid copyctor( manualsid );
00462 
00463     fkstr name, domain;
00464     SID_NAME_USE snu;
00465     emptysid.LookupSid( 0, name, domain, snu );
00466     out << _T( "name '" ) << name.c_str() << _T( "', domain '" ) << domain.c_str() << _T( "'" ) << std::endl;
00467     out << _T( "sid: " ) << manualsid.ConvertToStringSid().c_str() << std::endl;
00468 
00469     emptysid.ConvertFromStringSid( _T( "s-1-2-3-4-5-6-7-8-9-10-011-0x11" ) );
00470     try { emptysid.LookupSid( 0, name, domain, snu ); } // should bomb
00471     catch ( ex *e )
00472     {
00473         out << _T( "looking up a fake SID bombed." ) << std::endl;
00474         out << *e << std::endl;
00475         delete e;
00476     }
00477     out << emptysid << std::endl << std::endl;
00478 
00479     sid foosid( DOMAIN BACK GOODGUY ); // a domain user
00480     out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00481     foosid = ADMINISTRATORS; // a local group
00482     out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00483     foosid = _T( "NT AUTHORITY\\SYSTEM" ); // a builtin account
00484     out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00485     foosid = _T( "S-1-1-0" ); // World SID
00486     out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00487     try
00488     {
00489         foosid = _T( "S-1-5-21-1-2-3-4" ); // A domain SID from a fake domain
00490         out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl << std::endl;
00491     }
00492     catch( ex *e )
00493     {
00494         out << _T( "LookupSidType() for a fake SID bombed." ) << std::endl;
00495         out << *e << std::endl;
00496         e->shoo();
00497     }
00498 
00499     // sid::MemberOf() tests
00500     foosid = DOMAIN BACK GOODGUY ;
00501     out << foosid << _T(" Is a member of") << std::endl ;
00502     fksec::SidList l = foosid.MemberOf(true,true,true, LOOKUP_SRV );
00503     for ( fksec::SidList::iterator it = l.begin(); it != l.end() ; it++ )
00504         out << _T("\t") << (*it) << _T( ": " ) << it->LookupSidType() << std::endl;
00505 
00506     try
00507     {
00508         // should go bang !
00509         foosid = _T( "S-1-5-21-1-2-3-4" ); // A domain SID from a fake domain
00510         l = foosid.MemberOf(true,true, true) ;
00511         for ( it = l.begin(); it != l.end() ; it++ )
00512             out << (*it) << _T( ": " ) << it->LookupSidType() << std::endl;
00513     }
00514     catch( ex *e )
00515     {
00516         out << _T( "MemberOf for a fake SID bombed." ) << std::endl;
00517         out << *e << std::endl;
00518         e->shoo() ;
00519     }
00520 
00521     // sid::Members() tests
00522     foosid = ADMINISTRATORS ;
00523     out << _T("Members of ") << foosid << std::endl ;
00524     l = foosid.Members( LOOKUP_SRV ) ;
00525     for ( it = l.begin() ; it != l.end() ; it++ )
00526         out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00527 
00528     foosid = LOCAL_GROUP ;
00529     out << std::endl << _T("Members of ") << foosid << std::endl ;
00530     l = foosid.Members() ;
00531     for ( it = l.begin() ; it != l.end() ; it++ )
00532         out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00533 
00534 #ifdef DOMAIN_ADMINS
00535     foosid = DOMAIN_ADMINS ;
00536     out << std::endl << _T("Members of ") << foosid << std::endl ;
00537     l = foosid.Members() ;
00538     for ( it = l.begin() ; it != l.end() ; it++ )
00539         out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00540 #else
00541     out << std::endl << _T( "Skipping domain group member list" ) << std::endl;
00542 #endif
00543 
00544     try
00545     {
00546         foosid = DOMAIN BACK GOODGUY ;
00547         l = foosid.Members() ;
00548         out << std::endl << _T("Members of ") << foosid << std::endl ;
00549         for ( it = l.begin() ; it != l.end() ; it++ )
00550             out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00551     }
00552     catch ( ex *e )
00553     {
00554         out << _T("Members for a fake group bombed.") << std::endl ;
00555         out << *e << std::endl; ;
00556         e->shoo() ;
00557     }
00558 #endif // TEST_SID
00559 
00560 #ifdef TEST_TYPICAL
00561     sd mysd;
00562 
00563     try
00564     {
00565         GetFileSecurity( _T( ".\\foo" ),
00566             OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00567             DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00568             SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00569     }
00570     catch ( ex *e )
00571     {
00572         out << _T( "GFS() failed" ) << std::endl;
00573         out << *e << std::endl;
00574         delete e;
00575         return 1;
00576     }
00577 
00578     printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00579     out << std::endl << std::endl;
00580 
00581     mysd.GetDacl().AddAce( (DWORD) -1, ACCESS_DENIED_ACE_TYPE, 0, 0, 0xfffffff0, GUESTS );
00582     mysd.GetDacl().SetFreeBytes( 200 );
00583 
00584     printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00585     out << std::endl << std::endl;
00586 
00587     mysd.GetDacl().canonicalize();
00588     mysd.GetDacl().normalize();
00589     mysd.SetOwnerSid( ADMINISTRATORS );
00590 #ifdef DOMAIN_ADMINS
00591     sid somesid = DOMAIN BACK DOMAIN_ADMINS;
00592 #else
00593     sid somesid = ADMINISTRATORS;
00594 #endif
00595     mysd.SetGroupSid( somesid );
00596 
00597     printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00598     out << std::endl << std::endl;
00599 
00600     somesid = GUESTS;
00601     mysd.GetDacl().DeleteAcesForSid( (PSID) somesid );
00602 
00603     printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00604     out << std::endl << std::endl;
00605     
00606     mysd.GetDacl().AddAce( (DWORD) -1, ACCESS_DENIED_ACE_TYPE, 0, 0, 0xfffffff0, somesid );
00607     mysd.GetDacl().DeleteAcesForSid( somesid );
00608 
00609     printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00610     out << std::endl << std::endl;
00611 
00612     try
00613     {
00614         SetFileSecurity( _T( ".\\foo" ),
00615             OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00616             DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00617             SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00618     }
00619     catch ( ex *e )
00620     {
00621         out << _T( "SFS() failed" ) << std::endl;
00622         out << *e << std::endl;
00623         delete e;
00624         return 1;
00625     }
00626 
00627     // add an object ACE to the dacl, SetFileSecurity should now fail
00628     ace newace(ACCESS_ALLOWED_OBJECT_ACE_TYPE, 0, 0, 0xfffffff0, GUESTS );
00629     mysd.GetDacl().AddAce(-1, newace) ;
00630     try
00631     {
00632         SetFileSecurity( _T( ".\\foo" ),
00633             OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00634             DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00635             SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00636     }
00637     catch ( ex *e )
00638     {
00639         out << _T( "Bombed trying to write an Object ACL to a file: SFS() failed" ) << std::endl;
00640         out << *e << std::endl;
00641         delete e;
00642     }
00643 #endif // TEST_TYPICAL
00644 
00645 #ifdef TEST_ADS
00646     // ads
00647 
00648     sd ads_sd ;
00649     try
00650     {
00651         AdsGetObjectSecurity ( ADS_SOME_OBJECT, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00652                                                 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00653                                                 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, ads_sd ) ;
00654 
00655         out << ads_sd.GetDacl() << std::endl ;
00656 
00657         printSD( 0, (SECURITY_DESCRIPTOR *) ads_sd );
00658     }
00659     catch ( ex *e )
00660     {
00661         out << _T( "Ads trouble" ) << std::endl;
00662         out << *e << std::endl;
00663         e->shoo() ;
00664         return 1 ;
00665     }
00666     out << std::endl << std::endl;
00667 
00668     ads_sd.GetDacl().AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0xfffffff0, DOMAIN BACK GOODGUY ) ;
00669     // {BF967ABA-0DE6-11D0-A285-00AA003049E2} = User Object, these must be defined somewhere, but i can't find them
00670     static const GUID guid_USER_OBJECT = { 0xbf967aba, 0x0de6, 0x11d0, { 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2 } };
00671 
00672     ace ads_ace(ACCESS_ALLOWED_ACE_TYPE, 0, 0, ADS_RIGHT_DS_CREATE_CHILD, GUESTS ) ;
00673     // by setting the object type, the ace is automagically changed to an object ace
00674     ads_ace.SetObjectType(guid_USER_OBJECT) ;
00675     ads_sd.GetDacl().AddAce( -1, ads_ace ) ;
00676 
00677     ads_ace.RemoveObjectType() ;
00678     ads_ace.SetInheritedObjectType(guid_USER_OBJECT) ;
00679 
00680     ads_sd.GetDacl().AddAce( -1, ads_ace ) ;
00681 
00682     ads_sd.GetDacl().normalize();
00683     ads_sd.GetDacl().canonicalize();
00684 
00685     out << ads_sd.GetDacl() << std::endl ;
00686 
00687     try
00688     {
00689         AdsSetObjectSecurity ( ADS_SOME_OBJECT, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00690                                             DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00691                                             SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, ads_sd ) ;
00692     }
00693     catch ( ex *e )
00694     {
00695         out << _T( "Ads trouble" ) << std::endl;
00696         out << *e << std::endl;
00697         e->shoo() ;
00698     }
00699     out << std::endl << std::endl;
00700 #endif // TEST_ADS
00701 
00702 #ifdef TEST_REG
00703     HKEY hk;
00704     sd regsd;
00705     DWORD rc;
00706 
00707     rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, _T( "Software\\a" ), 0, READ_CONTROL | WRITE_DAC, &hk );
00708     if ( rc != 0 )
00709     {
00710         out << _T( "HKLM\\Software\\a: cannot open, rc = " ) << rc << std::endl;
00711         return 1;
00712     }
00713 
00714     try
00715     {
00716         RegGetKeySecurity( hk, DACL_SECURITY_INFORMATION, regsd );
00717         out << regsd.GetDacl() << std::endl;
00718         regsd.GetDacl().AddAce( MAXDWORD, ACCESS_ALLOWED_ACE_TYPE, 0,
00719             CONTAINER_INHERIT_ACE, GENERIC_ALL, GOODGUY );
00720         regsd.GetDacl().normalize();
00721         regsd.GetDacl().canonicalize();
00722         out << regsd.GetDacl() << std::endl;
00723         RegSetKeySecurity( hk, DACL_SECURITY_INFORMATION, regsd );
00724     }
00725     catch ( ex *e )
00726     {
00727         out << _T( "Oops!" ) << std::endl;
00728         out << *e << std::endl;
00729         delete e;
00730         RegCloseKey( hk );
00731         return 1;
00732     }
00733 
00734     RegCloseKey( hk );
00735 #endif
00736 
00737     return 0;
00738 }

Generated at Mon Oct 16 06:14:07 2000 for fksec by doxygen1.2.2 written by Dimitri van Heesch, © 1997-2000