00001
00002
00003 #include "stdafx.h"
00004 #include "fksec.h"
00005 #include "dumpacl.h"
00006 #include <sstream>
00007 #include <iads.h>
00008
00009
00010
00011 #ifdef _UNICODE
00012 #define out std::wcout
00013 #else
00014 #define out std::cout
00015 #endif
00016
00017 #pragma warning( disable: 4800 )
00018
00019 using fksec::fkstr;
00020 using fksec::ex;
00021 using fksec::priv;
00022 using fksec::sid;
00023 using fksec::ace;
00024 using fksec::acl;
00025 using fksec::sd;
00026 using fksec::GetFileSecurity;
00027 using fksec::SetFileSecurity;
00028 using fksec::RegGetKeySecurity;
00029 using fksec::RegSetKeySecurity;
00030 using fksec::AdsGetObjectSecurity ;
00031 using fksec::AdsSetObjectSecurity ;
00032
00033
00034
00035 #include "testvalues.h"
00036
00037
00038
00039
00040 #if defined( _MSC_VER ) && _MSC_VER < 1200
00041 extern "C"
00042 #endif
00043 int _tmain( int argc, TCHAR *argv[] )
00044 {
00045 try
00046 {
00047 sid verify;
00048 verify = ADMINISTRATORS;
00049 #ifdef DOMAIN_ADMINS
00050 verify = DOMAIN BACK DOMAIN_ADMINS;
00051 #endif
00052 verify = EVERYONE;
00053 verify = GUESTS;
00054 verify = GUEST;
00055 verify = GOODGUY;
00056 verify = DOMAIN BACK GOODGUY;
00057 }
00058 catch ( ex *e )
00059 {
00060 out << _T( "One of the accounts required for these tests failed the look-up." ) << std::endl
00061 << _T( "Did you change testvalues.h as required for your set-up?" ) << std::endl;
00062 out << *e << std::endl;
00063 delete e;
00064 return 1;
00065 }
00066
00067 #ifdef TEST_SD
00068 sid owner, group;
00069 owner = GOODGUY;
00070 group = ADMINISTRATORS;
00071
00072 acl dacl, sacl;
00073 dacl.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, -1, owner );
00074 dacl.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, -1, group );
00075 sacl.AddAce( -1, SYSTEM_AUDIT_ACE_TYPE, 0xc0, 0, -1, owner );
00076 sacl.AddAce( -1, SYSTEM_AUDIT_ACE_TYPE, 0xc0, 0, -1, group );
00077
00078 sd s0, s1;
00079 out << _T( "s0, empty: " ) << s0 << std::endl;
00080
00081 sd s2( s1 );
00082 out << _T( "s0, empty: " ) << s0 << std::endl;
00083
00084
00085 s1.SetOwnerSid( owner );
00086 out << _T( "s1, after SetOwnerSid(sid&): " ) << s1 << std::endl;
00087 s1.SetOwnerSid( (PSID) owner );
00088 out << _T( "s1, after SetOwnerSid(PSID): " ) << s1 << std::endl;
00089 s1.SetOwnerSid( GOODGUY );
00090 out << _T( "s1, after SetOwnerSid((TCHAR *): " ) << s1 << std::endl;
00091 s1.SetGroupSid( group );
00092 out << _T( "s1, after SetGroupSid(sid&): " ) << s1 << std::endl;
00093 s1.SetGroupSid( (PSID) group );
00094 out << _T( "s1, after SetGroupSid(PSID): " ) << s1 << std::endl;
00095 s1.SetGroupSid( ADMINISTRATORS );
00096 out << _T( "s1, after SetGroupSid(TCHAR *): " ) << s1 << std::endl;
00097 s1.SetDacl( dacl );
00098 out << _T( "s1, after SetDacl(acl &): " ) << s1 << std::endl;
00099 s1.SetDacl( (PACL) dacl );
00100 out << _T( "s1, after SetDacl(ACL *): " ) << s1 << std::endl;
00101 s1.SetSacl( sacl );
00102 out << _T( "s1, after SetSacl(acl &): " ) << s1 << std::endl;
00103 s1.SetSacl( (PACL) sacl );
00104 out << _T( "s1, after SetSacl(ACL *): " ) << s1 << std::endl;
00105
00106 sd s3( s1 );
00107 out << _T( "s3, after ctor: " ) << s3 << std::endl;
00108 sd s4( (SECURITY_DESCRIPTOR *) s1 );
00109 out << _T( "s4, after ctor(PSD abs: " ) << s4 << std::endl;
00110 sd s4r( (SECURITY_DESCRIPTOR_RELATIVE *) s1 );
00111 out << _T( "s4r, after ctor(PSD rel: " ) << s4r << std::endl;
00112 sd s5( 0, owner, group, dacl, sacl );
00113 out << _T( "s5, after ctor(components): " ) << s5 << std::endl;
00114
00115 sd s6;
00116 s6 = s1;
00117 out << _T( "s6, after assign(sd &): " ) << s6 << std::endl;
00118 s6 = (SECURITY_DESCRIPTOR *) s1;
00119 out << _T( "s6, after assign(SD *): " ) << s6 << std::endl;
00120 s6 = (SECURITY_DESCRIPTOR_RELATIVE *) s1;
00121 out << _T( "s6, after assign(SD_RELATIVE *): " ) << s6 << std::endl;
00122
00123 out << _T( "s6 data -- security_information: " ) << s6.GetSecurityInformation() << std::endl;
00124 out << _T( "owner: " ) << s6.GetOwnerSid() << std::endl;
00125 out << _T( "group: " ) << s6.GetGroupSid() << std::endl;
00126 out << _T( "dacl: " ) << s6.GetDacl();
00127 out << _T( "sacl: " ) << s6.GetSacl();
00128 #endif // TEST_SD
00129
00130 #ifdef TEST_ACL
00131 acl al0;
00132 acl al1( al0 );
00133 al0.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, TOKEN_QUERY, GOODGUY );
00134 al0.AddAce( -1, ACCESS_DENIED_ACE_TYPE, 0, 0, SYNCHRONIZE, GOODGUY );
00135 al0.AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, TOKEN_QUERY, EVERYONE );
00136 al0.AddAce( -1, ACCESS_DENIED_ACE_TYPE, 0, 0, SYNCHRONIZE, EVERYONE );
00137 out << _T( "al0: " ) << al0 << std::endl;
00138 acl al2( al0 );
00139 out << _T( "al2: " ) << al2 << std::endl;
00140 acl al3( (PACL) al0 );
00141 out << _T( "al3: " ) << al3 << std::endl;
00142
00143 al1 = al0;
00144 out << _T( "al1 after assign: " ) << al1 << std::endl;
00145 al2 = al0;
00146 out << _T( "al2 after assign: " ) << al2 << std::endl;
00147 al2 = (PACL) al0;
00148 out << _T( "al2 after assign: " ) << al2 << std::endl;
00149
00150
00151 out << _T( "ace 1: " ) << al0.GetAce( 1 ) << std::endl;
00152 out << __T( "ACE count: " ) << al0.GetCount() << _T( ", ACL size: " ) <<
00153 al0.GetSize() << _T( ", min size: " ) << al0.GetMinimumSize() <<
00154 _T( ", free: " ) << al0.GetFreeBytes() << _T( " bytes" ) << std::endl;
00155 al0.SetFreeBytes( 100 );
00156 out << __T( "after SetFreeBytes( 100 ): ACE count: " ) << al0.GetCount() << _T( ", ACL size: " ) <<
00157 al0.GetSize() << _T( ", min size: " ) << al0.GetMinimumSize() << _T( ", free: " ) <<
00158 al0.GetFreeBytes() << _T( " bytes" ) << std::endl;
00159
00160 ace ac0( al0.GetAce( 3 ) );
00161 sid guest( GUEST );
00162 ac0.SetSid( guest );
00163 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00164 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00165 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00166 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00167 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00168 out << _T( "after AddAce(): " ) << al0 << std::endl;
00169
00170 al0.DeleteAce( 0 );
00171 out << _T( "after DeleteAce( 0 ): " ) << al0 << std::endl;
00172
00173 al0.DeleteAcesForSid( guest );
00174 out << _T( "after DeleteAces( guest ): " ) << al0 << std::endl;
00175
00176 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00177 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00178 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00179 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00180 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00181 al0.DeleteAcesForSid( (PSID) guest );
00182 out << _T( "after DeleteAces( (PSID) guest ): " ) << al0 << std::endl;
00183
00184 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00185 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00186 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00187 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00188 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00189 al0.DeleteAcesForSid( GUEST );
00190 out << _T( "after DeleteAces( \"" ) GUEST _T( "\" ): " ) << al0 << std::endl;
00191
00192 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00193 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00194 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00195 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00196 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00197 al0.normalize();
00198 out << _T( "after normalize(): " ) << al0 << std::endl;
00199
00200 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00201 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00202 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00203 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00204 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00205 al0.canonicalize();
00206 out << _T( "after canonicalize(): " ) << al0 << std::endl;
00207
00208 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00209 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00210 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00211 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00212 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00213 al0.normalize();
00214 al0.canonicalize();
00215 out << _T( "after normalize(), canonicalize(): " ) << al0 << std::endl;
00216
00217 ac0.SetMask( 0x01 ); al0.AddAce( 0, (const void *) ac0 );
00218 ac0.SetMask( 0x02 ); al0.AddAce( 0, ac0 );
00219 al0.AddAce( 0, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x04, (PSID) guest );
00220 al0.AddAce( 0, ACCESS_DENIED_ACE_TYPE, 0, 0, 0x08, GUEST );
00221 al0.AddAce( 0, SYSTEM_AUDIT_ACE_TYPE, 0, 0, 0x10, guest );
00222 al0.canonicalize();
00223 al0.normalize();
00224 out << _T( "after canonicalize(), normalize(): " ) << al0 << std::endl;
00225 #endif // TEST_ACL
00226
00227 #ifdef TEST_ACE
00228 ace a0,
00229 a1( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, DOMAIN BACK GOODGUY ),
00230 a2( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, sid( DOMAIN BACK GOODGUY ) ),
00231 a3( a1 ),
00232 a4( (const void *) a1 );
00233 try { ace a( ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0x12345678, DOMAIN BACK BADGUY ); }
00234 catch ( ex *e )
00235 {
00236 out << _T( "ace( \"" ) BADGUY _T( "\" ):" ) << std::endl;
00237 out << *e << std::endl;
00238 delete e;
00239 }
00240
00241 out.setf( out.boolalpha );
00242
00243
00244 out << _T( "before accessors: " ) << a0 << std::endl;
00245 a0.SetType( ACCESS_DENIED_ACE_TYPE );
00246 a0.SetFlags( 0xff & ~ VALID_INHERIT_FLAGS );
00247 a0.SetInheritance( 0xff & VALID_INHERIT_FLAGS );
00248 a0.SetMask( 0x87654321 );
00249 a0.SetSid( sid( GOODGUY ) );
00250 a0.SetSid( DOMAIN BACK GOODGUY );
00251 out << _T( "after accessors: " ) << a0 << std::endl;
00252
00253 try { a0.SetSid( BADGUY ); }
00254 catch ( ex *e )
00255 {
00256 out << _T( "ace::SetSid( \"" ) BADGUY _T( "\" ):" ) << std::endl;
00257 out << *e << std::endl;
00258 delete e;
00259 }
00260
00261
00262 out << _T( "a1 -- " ) << a1 << std::endl;
00263 a0 = (const void *) a1;
00264 out << _T( "a0 -- " ) << a0 << std::endl;
00265 a0 = a1;
00266 out << _T( "a0 -- " ) << a0 << std::endl << std::endl;
00267
00268
00269 a1 = a0;
00270 out << _T( "Equal aces:" ) << std::endl;
00271 out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00272 out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00273 out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00274 out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00275 out << _T( "a0 < a1: " ) << (bool) ( a0 < a1 ) << std::endl;
00276 out << _T( "a1 < a0: " ) << (bool) ( a1 < a0 ) << std::endl << std::endl;
00277
00278 a1.SetSid( ADMINISTRATORS );
00279 out << _T( "Different SIDs:" ) << std::endl;
00280 out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00281 out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00282 out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00283 out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00284 out << _T( "a0 < a1: " ) << (bool) ( a0 < a1 ) << std::endl;
00285 out << _T( "a1 < a0: " ) << (bool) ( a1 < a0 ) << std::endl << std::endl;
00286
00287 a1 = a0;
00288 a1.SetType( ACCESS_DENIED_ACE_TYPE );
00289 out << _T( "Different types:" ) << std::endl;
00290 out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00291 out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00292 out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00293 out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00294 out << _T( "a0 < a1: " ) << (bool) ( a0 < a1 ) << std::endl;
00295 out << _T( "a1 < a0: " ) << (bool) ( a1 < a0 ) << std::endl << std::endl;
00296
00297 a1 = a0;
00298 a1.SetInheritance( VALID_INHERIT_FLAGS );
00299 out << _T( "Different inheritance flags:" ) << std::endl;
00300 out << _T( "a0 == a1: " ) << (bool) ( a0 == a1 ) << std::endl;
00301 out << _T( "a1 == a0: " ) << (bool) ( a1 == a0 ) << std::endl;
00302 out << _T( "a0 != a1: " ) << (bool) ( a0 != a1 ) << std::endl;
00303 out << _T( "a1 != a0: " ) << (bool) ( a1 != a0 ) << std::endl;
00304 out << _T( "a0 < a1: " ) << (bool) ( a0 < a1 ) << std::endl;
00305 out << _T( "a1 < a0: " ) << (bool) ( a1 < a0 ) << std::endl << std::endl;
00306 #endif // TEST_ACE
00307
00308 #ifdef TEST_PRIV
00309
00310 priv p0;
00311 priv p1;
00312 LUID p2luid = { 8, 0 };
00313 priv p2( p2luid );
00314 priv p3( 8 );
00315 priv p4( _T( "SeSecurityPrivilege" ) );
00316 priv p5( p4 );
00317 try { priv p6( _T( "foo!" ) ); }
00318 catch ( ex *e )
00319 {
00320 out << *e << std::endl;
00321 delete e;
00322 }
00323 try { priv p7( 188 ); }
00324 catch ( ex *e )
00325 {
00326 out << *e << std::endl;
00327 delete e;
00328 }
00329
00330
00331 p0 = p1;
00332 p0 = p2;
00333 p0 = p2luid;
00334 p0 = 8;
00335 p0 = _T( "SeSecurityPrivilege" );
00336 p0 = p4;
00337 try { p0 = _T( "foo!" ); }
00338 catch ( ex *e )
00339 {
00340 out << _T( "bombed p0: " ) << p0 << std::endl;
00341 out << *e << std::endl;
00342 delete e;
00343 }
00344 try { p0 = 188; }
00345 catch ( ex *e )
00346 {
00347 out << *e << std::endl;
00348 delete e;
00349 }
00350
00351
00352 p0 = 9;
00353 out << _T( "p0(9) and p1(empty) are " ) << ( p0 == p1? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00354 out << _T( "p0(9) and p1(empty) are " ) << ( p0 != p1? _T( "different" ): _T( "not different" ) ) << std::endl;
00355 out << _T( "p1(empty) and p0(9) are " ) << ( p1 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00356 out << _T( "p1(empty) and p0(9) are " ) << ( p1 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00357
00358 out << _T( "p0(9) and p3(8) are " ) << ( p0 == p3? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00359 out << _T( "p0(9) and p3(8) are " ) << ( p0 != p3? _T( "different" ): _T( "not different" ) ) << std::endl;
00360 out << _T( "p3(8) and p0(9) are " ) << ( p3 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00361 out << _T( "p3(8) and p0(9) are " ) << ( p3 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00362
00363 p0 = 8;
00364 out << _T( "p0(8) and p3(8) are " ) << ( p0 == p3? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00365 out << _T( "p0(8) and p3(8) are " ) << ( p0 != p3? _T( "different" ): _T( "not different" ) ) << std::endl;
00366 out << _T( "p3(8) and p0(8) are " ) << ( p3 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00367 out << _T( "p3(8) and p0(8) are " ) << ( p3 != p0? _T( "different" ): _T( "not different" ) ) << std::endl << std::endl;
00368
00369 out << _T( "p0(8) and p0(8) are " ) << ( p0 == p0? _T( "equal" ): _T( "not equal" ) ) << std::endl;
00370 out << _T( "p0(8) and p0(8) are " ) << ( p0 != p0? _T( "different" ): _T( "not different" ) ) << std::endl;
00371
00372
00373 out << _T( "p0(8): " ) << p0.GetPrivilegeName() << _T( ", " ) << p0.GetDisplayName() << std::endl << std::endl;
00374
00375
00376 bool state1, state2, state3, state4, state5, state6;
00377 p0 = _T( "SeSecurityPrivilege" );
00378 state1 = p0.GetState();
00379 p0.Enable(); state2 = p0.GetState();
00380 p0.Disable(); state3 = p0.GetState();
00381 p0.Toggle(); state4 = p0.GetState();
00382 p0.SetState( false ); state5 = p0.GetState();
00383 p0.SetState( true ); state6 = p0.GetState();
00384
00385 out.setf( out.boolalpha );
00386 out << _T( "States: before " ) << state1 << _T( ", after Enable() " ) << state2 <<
00387 _T( ", after Disable() " ) << state3 << _T( ", after Toggle() " ) << state4 <<
00388 _T( ", after SetState(false) " ) << state5 << _T( ", after SetState(true) " ) << state6 <<
00389 std::endl << std::endl;;
00390
00391 HANDLE hh;
00392 ::OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hh );
00393 p0.SetHandle( hh );
00394 CloseHandle( hh );
00395 state1 = p0.GetState();
00396 p0.SetHandle( 0 );
00397 state2 = p0.GetState();
00398 p0.SetHandle( 0 );
00399 #endif // TEST_PRIV
00400
00401 #ifdef TEST_SID
00402 DWORD i;
00403
00404
00405 sid emptysid;
00406 sid copiedsid( emptysid );
00407 try { sid sidfrompsid( (PSID) emptysid ); }
00408 catch ( ex *e )
00409 {
00410 out << *e << std::endl;
00411 delete e;
00412 }
00413
00414 SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
00415 sid manualsid( sia, 1, 32 );
00416
00417
00418 emptysid = manualsid;
00419 out << _T( "= manualsid: " ) << emptysid << std::endl;
00420 emptysid = (PSID) manualsid;
00421 out << _T( "= (PSID) manualsid: " ) << emptysid << std::endl;
00422 emptysid = _T( "S-1-5-5-3-1" );
00423 out << _T( "= \"S-1-5-5-3-1\": " ) << emptysid << std::endl;
00424 emptysid.ConvertFromStringSid( _T( "s-1-2-3-4-5-6-7-8-9-10-011-0x11" ) );
00425 out << _T( "= ConvertFSS( \"s-1-2-3-4-5-6-7-8-9-10-011-0x11\" ): " ) << emptysid << std::endl;
00426 emptysid = DOMAIN BACK GOODGUY;
00427 out << _T( "= \"" ) DOMAIN BACK GOODGUY _T( "\": " ) << emptysid << std::endl;
00428
00429
00430 DWORD savedsubauth = emptysid.GetSubAuthority( emptysid.GetSubAuthorityCount() - 1 );
00431 emptysid.RemoveLastRid();
00432 out << _T( "minus last RID: " ) << emptysid << std::endl;
00433 emptysid.AppendSubAuthority( 501 );
00434 out << _T( "minus last RID: " ) << emptysid << std::endl;
00435 emptysid.SetSubAuthority( emptysid.GetSubAuthorityCount() - 1, savedsubauth );
00436 out << _T( "minus last RID: " ) << emptysid << std::endl;
00437
00438
00439 out << _T( "emptysid length: " ) << emptysid.GetLength() << std::endl;
00440 for ( i = 0; i < emptysid.GetSubAuthorityCount(); ++ i )
00441 out << _T( "subauth[" ) << i << _T( "]: " ) << emptysid.GetSubAuthority( i ) << std::endl;
00442
00443
00444 manualsid.LookupName( 0, DOMAIN BACK GOODGUY );
00445 out << _T( "sid prefixes are " ) << ( emptysid.EqualPrefix( manualsid )? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00446 out << _T( "sid prefixes are " ) << ( manualsid.EqualPrefix( emptysid )? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00447 out << _T( "sids are " ) << ( emptysid == manualsid? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00448 out << _T( "sids are " ) << ( manualsid == emptysid? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00449 out << _T( "sids are " ) << ( emptysid != manualsid? _T( "" ): _T( "not " ) ) << _T( "unequal [1]" ) << std::endl;
00450 out << _T( "sids are " ) << ( manualsid != emptysid? _T( "" ): _T( "not " ) ) << _T( "unequal [2]" ) << std::endl;
00451
00452 manualsid = _T( "S-1-5-32" );
00453 out << _T( "sid prefixes are " ) << ( emptysid.EqualPrefix( manualsid )? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00454 out << _T( "sid prefixes are " ) << ( manualsid.EqualPrefix( emptysid )? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00455 out << _T( "sids are " ) << ( emptysid == manualsid? _T( "" ): _T( "not " ) ) << _T( "equal [1]" ) << std::endl;
00456 out << _T( "sids are " ) << ( manualsid == emptysid? _T( "" ): _T( "not " ) ) << _T( "equal [2]" ) << std::endl;
00457 out << _T( "sids are " ) << ( emptysid != manualsid? _T( "" ): _T( "not " ) ) << _T( "unequal [1]" ) << std::endl;
00458 out << _T( "sids are " ) << ( manualsid != emptysid? _T( "" ): _T( "not " ) ) << _T( "unequal [2]" ) << std::endl;
00459
00460
00461 sid copyctor( manualsid );
00462
00463 fkstr name, domain;
00464 SID_NAME_USE snu;
00465 emptysid.LookupSid( 0, name, domain, snu );
00466 out << _T( "name '" ) << name.c_str() << _T( "', domain '" ) << domain.c_str() << _T( "'" ) << std::endl;
00467 out << _T( "sid: " ) << manualsid.ConvertToStringSid().c_str() << std::endl;
00468
00469 emptysid.ConvertFromStringSid( _T( "s-1-2-3-4-5-6-7-8-9-10-011-0x11" ) );
00470 try { emptysid.LookupSid( 0, name, domain, snu ); }
00471 catch ( ex *e )
00472 {
00473 out << _T( "looking up a fake SID bombed." ) << std::endl;
00474 out << *e << std::endl;
00475 delete e;
00476 }
00477 out << emptysid << std::endl << std::endl;
00478
00479 sid foosid( DOMAIN BACK GOODGUY );
00480 out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00481 foosid = ADMINISTRATORS;
00482 out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00483 foosid = _T( "NT AUTHORITY\\SYSTEM" );
00484 out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00485 foosid = _T( "S-1-1-0" );
00486 out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl;
00487 try
00488 {
00489 foosid = _T( "S-1-5-21-1-2-3-4" );
00490 out << foosid << _T( ": " ) << foosid.LookupSidType() << std::endl << std::endl;
00491 }
00492 catch( ex *e )
00493 {
00494 out << _T( "LookupSidType() for a fake SID bombed." ) << std::endl;
00495 out << *e << std::endl;
00496 e->shoo();
00497 }
00498
00499
00500 foosid = DOMAIN BACK GOODGUY ;
00501 out << foosid << _T(" Is a member of") << std::endl ;
00502 fksec::SidList l = foosid.MemberOf(true,true,true, LOOKUP_SRV );
00503 for ( fksec::SidList::iterator it = l.begin(); it != l.end() ; it++ )
00504 out << _T("\t") << (*it) << _T( ": " ) << it->LookupSidType() << std::endl;
00505
00506 try
00507 {
00508
00509 foosid = _T( "S-1-5-21-1-2-3-4" );
00510 l = foosid.MemberOf(true,true, true) ;
00511 for ( it = l.begin(); it != l.end() ; it++ )
00512 out << (*it) << _T( ": " ) << it->LookupSidType() << std::endl;
00513 }
00514 catch( ex *e )
00515 {
00516 out << _T( "MemberOf for a fake SID bombed." ) << std::endl;
00517 out << *e << std::endl;
00518 e->shoo() ;
00519 }
00520
00521
00522 foosid = ADMINISTRATORS ;
00523 out << _T("Members of ") << foosid << std::endl ;
00524 l = foosid.Members( LOOKUP_SRV ) ;
00525 for ( it = l.begin() ; it != l.end() ; it++ )
00526 out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00527
00528 foosid = LOCAL_GROUP ;
00529 out << std::endl << _T("Members of ") << foosid << std::endl ;
00530 l = foosid.Members() ;
00531 for ( it = l.begin() ; it != l.end() ; it++ )
00532 out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00533
00534 #ifdef DOMAIN_ADMINS
00535 foosid = DOMAIN_ADMINS ;
00536 out << std::endl << _T("Members of ") << foosid << std::endl ;
00537 l = foosid.Members() ;
00538 for ( it = l.begin() ; it != l.end() ; it++ )
00539 out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00540 #else
00541 out << std::endl << _T( "Skipping domain group member list" ) << std::endl;
00542 #endif
00543
00544 try
00545 {
00546 foosid = DOMAIN BACK GOODGUY ;
00547 l = foosid.Members() ;
00548 out << std::endl << _T("Members of ") << foosid << std::endl ;
00549 for ( it = l.begin() ; it != l.end() ; it++ )
00550 out << _T("\t") << (*it) << _T(": ") << it->LookupSidType() << std::endl ;
00551 }
00552 catch ( ex *e )
00553 {
00554 out << _T("Members for a fake group bombed.") << std::endl ;
00555 out << *e << std::endl; ;
00556 e->shoo() ;
00557 }
00558 #endif // TEST_SID
00559
00560 #ifdef TEST_TYPICAL
00561 sd mysd;
00562
00563 try
00564 {
00565 GetFileSecurity( _T( ".\\foo" ),
00566 OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00567 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00568 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00569 }
00570 catch ( ex *e )
00571 {
00572 out << _T( "GFS() failed" ) << std::endl;
00573 out << *e << std::endl;
00574 delete e;
00575 return 1;
00576 }
00577
00578 printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00579 out << std::endl << std::endl;
00580
00581 mysd.GetDacl().AddAce( (DWORD) -1, ACCESS_DENIED_ACE_TYPE, 0, 0, 0xfffffff0, GUESTS );
00582 mysd.GetDacl().SetFreeBytes( 200 );
00583
00584 printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00585 out << std::endl << std::endl;
00586
00587 mysd.GetDacl().canonicalize();
00588 mysd.GetDacl().normalize();
00589 mysd.SetOwnerSid( ADMINISTRATORS );
00590 #ifdef DOMAIN_ADMINS
00591 sid somesid = DOMAIN BACK DOMAIN_ADMINS;
00592 #else
00593 sid somesid = ADMINISTRATORS;
00594 #endif
00595 mysd.SetGroupSid( somesid );
00596
00597 printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00598 out << std::endl << std::endl;
00599
00600 somesid = GUESTS;
00601 mysd.GetDacl().DeleteAcesForSid( (PSID) somesid );
00602
00603 printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00604 out << std::endl << std::endl;
00605
00606 mysd.GetDacl().AddAce( (DWORD) -1, ACCESS_DENIED_ACE_TYPE, 0, 0, 0xfffffff0, somesid );
00607 mysd.GetDacl().DeleteAcesForSid( somesid );
00608
00609 printSD( 0, (SECURITY_DESCRIPTOR *) mysd );
00610 out << std::endl << std::endl;
00611
00612 try
00613 {
00614 SetFileSecurity( _T( ".\\foo" ),
00615 OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00616 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00617 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00618 }
00619 catch ( ex *e )
00620 {
00621 out << _T( "SFS() failed" ) << std::endl;
00622 out << *e << std::endl;
00623 delete e;
00624 return 1;
00625 }
00626
00627
00628 ace newace(ACCESS_ALLOWED_OBJECT_ACE_TYPE, 0, 0, 0xfffffff0, GUESTS );
00629 mysd.GetDacl().AddAce(-1, newace) ;
00630 try
00631 {
00632 SetFileSecurity( _T( ".\\foo" ),
00633 OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00634 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00635 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, mysd );
00636 }
00637 catch ( ex *e )
00638 {
00639 out << _T( "Bombed trying to write an Object ACL to a file: SFS() failed" ) << std::endl;
00640 out << *e << std::endl;
00641 delete e;
00642 }
00643 #endif // TEST_TYPICAL
00644
00645 #ifdef TEST_ADS
00646
00647
00648 sd ads_sd ;
00649 try
00650 {
00651 AdsGetObjectSecurity ( ADS_SOME_OBJECT, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00652 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00653 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, ads_sd ) ;
00654
00655 out << ads_sd.GetDacl() << std::endl ;
00656
00657 printSD( 0, (SECURITY_DESCRIPTOR *) ads_sd );
00658 }
00659 catch ( ex *e )
00660 {
00661 out << _T( "Ads trouble" ) << std::endl;
00662 out << *e << std::endl;
00663 e->shoo() ;
00664 return 1 ;
00665 }
00666 out << std::endl << std::endl;
00667
00668 ads_sd.GetDacl().AddAce( -1, ACCESS_ALLOWED_ACE_TYPE, 0, 0, 0xfffffff0, DOMAIN BACK GOODGUY ) ;
00669
00670 static const GUID guid_USER_OBJECT = { 0xbf967aba, 0x0de6, 0x11d0, { 0xa2, 0x85, 0x00, 0xaa, 0x00, 0x30, 0x49, 0xe2 } };
00671
00672 ace ads_ace(ACCESS_ALLOWED_ACE_TYPE, 0, 0, ADS_RIGHT_DS_CREATE_CHILD, GUESTS ) ;
00673
00674 ads_ace.SetObjectType(guid_USER_OBJECT) ;
00675 ads_sd.GetDacl().AddAce( -1, ads_ace ) ;
00676
00677 ads_ace.RemoveObjectType() ;
00678 ads_ace.SetInheritedObjectType(guid_USER_OBJECT) ;
00679
00680 ads_sd.GetDacl().AddAce( -1, ads_ace ) ;
00681
00682 ads_sd.GetDacl().normalize();
00683 ads_sd.GetDacl().canonicalize();
00684
00685 out << ads_sd.GetDacl() << std::endl ;
00686
00687 try
00688 {
00689 AdsSetObjectSecurity ( ADS_SOME_OBJECT, OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
00690 DACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION |
00691 SACL_SECURITY_INFORMATION | PROTECTED_SACL_SECURITY_INFORMATION, ads_sd ) ;
00692 }
00693 catch ( ex *e )
00694 {
00695 out << _T( "Ads trouble" ) << std::endl;
00696 out << *e << std::endl;
00697 e->shoo() ;
00698 }
00699 out << std::endl << std::endl;
00700 #endif // TEST_ADS
00701
00702 #ifdef TEST_REG
00703 HKEY hk;
00704 sd regsd;
00705 DWORD rc;
00706
00707 rc = RegOpenKeyEx( HKEY_LOCAL_MACHINE, _T( "Software\\a" ), 0, READ_CONTROL | WRITE_DAC, &hk );
00708 if ( rc != 0 )
00709 {
00710 out << _T( "HKLM\\Software\\a: cannot open, rc = " ) << rc << std::endl;
00711 return 1;
00712 }
00713
00714 try
00715 {
00716 RegGetKeySecurity( hk, DACL_SECURITY_INFORMATION, regsd );
00717 out << regsd.GetDacl() << std::endl;
00718 regsd.GetDacl().AddAce( MAXDWORD, ACCESS_ALLOWED_ACE_TYPE, 0,
00719 CONTAINER_INHERIT_ACE, GENERIC_ALL, GOODGUY );
00720 regsd.GetDacl().normalize();
00721 regsd.GetDacl().canonicalize();
00722 out << regsd.GetDacl() << std::endl;
00723 RegSetKeySecurity( hk, DACL_SECURITY_INFORMATION, regsd );
00724 }
00725 catch ( ex *e )
00726 {
00727 out << _T( "Oops!" ) << std::endl;
00728 out << *e << std::endl;
00729 delete e;
00730 RegCloseKey( hk );
00731 return 1;
00732 }
00733
00734 RegCloseKey( hk );
00735 #endif
00736
00737 return 0;
00738 }
