/*++ Copyright (c) 1991 Microsoft Corporation Module Name: radmin.c (remote admin) Abstract: This file exercises the various NetAdminTools API. Author: Dan Lafferty (danl) 19-Sept-1991 Environment: User Mode -Win32 Revision History: --*/ #include #include #include // needed for windows.h when I have nt.h #include #include // atoi #include // printf #include // STRICMP #include // SECURITY_DESCRIPTOR_CONTROL #include #include // NetpGetFileSecurity, NetpSetFileSecurity // // DataStructures // typedef struct _TEST_SID { UCHAR Revision; UCHAR SubAuthorityCount; UCHAR IdentifierAuthority[6]; ULONG SubAuthority[10]; } TEST_SID, *PTEST_SID, *LPTEST_SID; typedef struct _TEST_ACL { UCHAR AclRevision; UCHAR Sbz1; USHORT AclSize; UCHAR Dummy1[]; } TEST_ACL, *PTEST_ACL; typedef struct _TEST_SECURITY_DESCRIPTOR { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; PTEST_SID Owner; PTEST_SID Group; PTEST_ACL Sacl; PTEST_ACL Dacl; } TEST_SECURITY_DESCRIPTOR, *PTEST_SECURITY_DESCRIPTOR; // // GLOBALS // TEST_SID OwnerSid = { 1, 5, 1,2,3,4,5,6, 0x999, 0x888, 0x777, 0x666, 0x12345678}; TEST_SID GroupSid = { 1, 5, 1,2,3,4,5,6, 0x999, 0x888, 0x777, 0x666, 0x12345678}; TEST_ACL SaclAcl = { 1, 2, 4+1, 3}; TEST_ACL DaclAcl = { 1, 2, 4+5, 4, 4, 4, 4, 4, }; TEST_SECURITY_DESCRIPTOR TestSd = { 1, 2, 0x3333, &OwnerSid, &GroupSid, &SaclAcl, NULL }; // // Function Prototypes // NET_API_STATUS TestGetFileSec( LPTSTR ServerName, LPTSTR FileName ); NET_API_STATUS TestSetFileSec( LPTSTR ServerName, LPTSTR FileName ); VOID Usage(VOID); VOID DisplaySecurityDescriptor( PTEST_SECURITY_DESCRIPTOR pSecDesc ); BOOL MakeArgsUnicode ( DWORD argc, PCHAR argv[] ); BOOL ConvertToUnicode( OUT LPWSTR *UnicodeOut, IN LPSTR AnsiIn ); VOID __cdecl main ( DWORD argc, PUCHAR argv[] ) /*++ Routine Description: Allows manual testing of the AdminTools API. radmin GetNameFromSid - calls NetpGetNameFromSid radmin SetFileSec - calls NetpSetFileSecurity etc... Arguments: Return Value: --*/ { DWORD status; LPTSTR FileName; LPTSTR *FixArgv; LPTSTR pServerName; DWORD argIndex; // // Make the arguments unicode if necessary. // #ifdef UNICODE if (!MakeArgsUnicode(argc, argv)) { return; } #endif FixArgv = (LPTSTR *)argv; argIndex = 1; pServerName = NULL; if (STRNCMP (FixArgv[1], TEXT("\\\\"), 2) == 0) { pServerName = FixArgv[1]; argIndex = 2; } if (argc < 2) { printf("ERROR: \n"); Usage(); return; } if (STRICMP (FixArgv[argIndex], TEXT("GetFileSec")) == 0) { if (argc > argIndex ) { FileName = FixArgv[argIndex+1]; } else { FileName = NULL; } status = TestGetFileSec(pServerName,FileName); } else if (STRICMP (FixArgv[argIndex], TEXT("SetFileSec")) == 0) { if (argc > argIndex ) { FileName = FixArgv[argIndex+1]; } else { FileName = NULL; } status = TestSetFileSec(pServerName,FileName); } else { printf("[sc] Unrecognized Command\n"); Usage(); } return; } NET_API_STATUS TestGetFileSec( LPTSTR ServerName, LPTSTR FileName ) { NET_API_STATUS status; SECURITY_INFORMATION secInfo; PTEST_SECURITY_DESCRIPTOR pSecurityDescriptor; LPBYTE pDest; DWORD Length; if (FileName == NULL ) { FileName = TEXT("Dan.txt"); } // secInfo = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | // DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION); secInfo = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION ); status = NetpGetFileSecurity( FileName, // FileName, secInfo, // pRequestedInformation, (PSECURITY_DESCRIPTOR *)&pSecurityDescriptor, // pSecurityDescriptor, &Length); // pnLength if (status != NO_ERROR) { printf("NetpGetFileSecurity Failed %d,0x%x\n",status,status); } else{ pDest = (LPBYTE) pSecurityDescriptor; if (!IsValidSecurityDescriptor(pSecurityDescriptor)) { printf("FAILURE: SECURITY DESCRIPTOR IS INVALID\n"); } else { printf("SUCCESS: SECURITY DESCRIPTOR IS VALID\n"); } // // Make the self-releative SD absolute for display. // pSecurityDescriptor->Owner = (PTEST_SID)(pDest + (DWORD)pSecurityDescriptor->Owner); pSecurityDescriptor->Group = (PTEST_SID)(pDest + (DWORD)pSecurityDescriptor->Group); pSecurityDescriptor->Sacl = (PTEST_ACL)(pDest + (DWORD)pSecurityDescriptor->Sacl); pSecurityDescriptor->Dacl = (PTEST_ACL)(pDest + (DWORD)pSecurityDescriptor->Dacl); pSecurityDescriptor->Control &= (~SE_SELF_RELATIVE); if (pSecurityDescriptor->Sacl == (PTEST_ACL)pDest) { pSecurityDescriptor->Sacl = NULL; } if (pSecurityDescriptor->Dacl == (PTEST_ACL)pDest) { pSecurityDescriptor->Dacl = NULL; } printf("Size of Security Descriptor = %ld \n",Length); DisplaySecurityDescriptor(pSecurityDescriptor); } return (NO_ERROR); } NET_API_STATUS TestSetFileSec( LPTSTR ServerName, LPTSTR FileName ) { NET_API_STATUS status; SECURITY_INFORMATION secInfo; if (FileName == NULL ) { FileName = TEXT("Dan.txt"); } secInfo = 0x55555555; status = NetpSetFileSecurity( FileName, // FileName, secInfo, // pRequestedInformation, (PSECURITY_DESCRIPTOR)&TestSd); // pSecurityDescriptor, if (status != NO_ERROR) { printf("NetpSetFileSecurity Failed %d,0x%x\n",status,status); } return (NO_ERROR); } VOID Usage(VOID) { printf("USAGE:\n"); printf("radmin \n"); printf("Functions: GetFileSec, SetFileSec...\n\n"); printf("SYNTAX EXAMPLES \n"); printf("radmin \\\\DANL2 GetFileSec - calls NetpGetFileSecurity on \\DANL2\n"); printf("radmin \\\\DANL2 SetFileSec - calls NetpSetFileSecurity on \\DANL2\n"); } // *************************************************************************** VOID DisplaySecurityDescriptor( PTEST_SECURITY_DESCRIPTOR pSecDesc ) { DWORD i; DWORD numAces; if (!IsValidSecurityDescriptor(pSecDesc)) { printf("FAILURE: SECURITY DESCRIPTOR IS INVALID\n"); } printf("[ADT]:Security Descriptor Received\n"); printf("\tSECURITY_DESCRIPTOR HEADER:\n"); printf("\tRevision: %d\n", pSecDesc->Revision); printf("\tSbz1: 0x%x\n", pSecDesc->Sbz1); printf("\tControl: 0x%x\n", pSecDesc->Control); //------------------- // OWNER SID //------------------- printf("\n\tOWNER_SID\n"); printf("\t\tRevision: %u\n",pSecDesc->Owner->Revision); printf("\t\tSubAuthorityCount: %u\n",pSecDesc->Owner->SubAuthorityCount); printf("\t\tIdentifierAuthority: "); for(i=0; i<6; i++) { printf("%u ",pSecDesc->Owner->IdentifierAuthority[i]); } printf("\n"); printf("\t\tSubAuthority: "); for(i=0; iGroup->SubAuthorityCount; i++) { printf("0x%x ",pSecDesc->Owner->SubAuthority[i]); } printf("\n"); //------------------- // GROUP SID //------------------- printf("\n\tGROUP_SID\n"); printf("\t\tRevision: %u\n",pSecDesc->Group->Revision); printf("\t\tSubAuthorityCount: %u\n",pSecDesc->Group->SubAuthorityCount); printf("\t\tIdentifierAuthority: "); for(i=0; i<6; i++) { printf("%u ",pSecDesc->Group->IdentifierAuthority[i]); } printf("\n"); printf("\t\tSubAuthority: "); for(i=0; iGroup->SubAuthorityCount; i++) { printf("0x%x ",pSecDesc->Group->SubAuthority[i]); } printf("\n"); if (pSecDesc->Sacl != NULL) { printf("\n\tSYSTEM_ACL\n"); printf("\t\tRevision: %d\n",pSecDesc->Sacl->AclRevision); printf("\t\tSbz1: %d\n",pSecDesc->Sacl->Sbz1); printf("\t\tAclSize: %d\n",pSecDesc->Sacl->AclSize); printf("\t\tACE: %u\n",(unsigned short)pSecDesc->Sacl->Dummy1[0]); } else { printf("\n\tSYSTEM_ACL = NULL\n"); } if (pSecDesc->Dacl != NULL) { printf("\n\tDISCRETIONARY_ACL\n"); printf("\t\tRevision: %d\n",pSecDesc->Dacl->AclRevision); printf("\t\tSbz1: %d\n",pSecDesc->Dacl->Sbz1); printf("\t\tAclSize: %d\n",pSecDesc->Dacl->AclSize); numAces = pSecDesc->Dacl->AclSize - 4; for (i=0; iDacl->Dummy1[i]); } } else { printf("\n\tDISCRETIONARY_ACL = NULL\n"); } } BOOL MakeArgsUnicode ( DWORD argc, PCHAR argv[] ) /*++ Routine Description: Arguments: Return Value: Note: --*/ { DWORD i; // // ScConvertToUnicode allocates storage for each string. // We will rely on process termination to free the memory. // for(i=0; i