/*++ Copyright (c) 1992-1999 Microsoft Corporation Module Name: dumpnt.c Abstract: Dump routines for various native defined types. The original/maintained version of this code lives @ \\brillig\ntct!slm\src\security\util\dumpnt.c Author: TimF 12-Jun-92 created Revision History: JinHuang 13-Feb-98 modified */ #include #include #include #include #include #include #include #include "dumpnt.h" /* * Generic header: * * Dump * * Takes a pointer to an object of TYPE_FOO, and dumps the contents of that * structure to wherever output is being sent these days (as best it can). * * Pointers and regions pointed are expected to be valid, and accessible. * * No return value is defined. */ VOID DumpGUID( IN GUID *g ) { if (!g) { printf("\n"); } else { try { printf("0x%08lx-%04x-%04x-%02x%02x%02x%02x%02x%02x%02x%02x\n", g -> Data1, g -> Data2, g -> Data3, g -> Data4[0], g -> Data4[1], g -> Data4[2], g -> Data4[3], g -> Data4[4], g -> Data4[5], g -> Data4[6], g -> Data4[7]); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpGUID: invalid pointer (0x%p)\n", g); } } } VOID DumpSID( IN PSID s ) { static char b[128]; SID_IDENTIFIER_AUTHORITY *a; ULONG id = 0, i; try { b[0] = '\0'; a = RtlIdentifierAuthoritySid(s); sprintf(b, "s-0x1-%02x%02x%02x%02x%02x%02x", a -> Value[0], a -> Value[1], a -> Value[2], a -> Value[3], a -> Value[4], a -> Value[5]); for (i = 0; i < *RtlSubAuthorityCountSid(s); i++) { sprintf(b, "%s-%lx", b, *RtlSubAuthoritySid(s, i)); } printf("%s", b); } except (EXCEPTION_EXECUTE_HANDLER) { printf("%s\t", b, s); } } /* * DumpSIDNAME() attempts to unravel the Sid into a Display Name */ VOID DumpSIDNAME( IN PSID s ) { NTSTATUS Status; LSA_HANDLE Policy; OBJECT_ATTRIBUTES ObjAttr; SECURITY_QUALITY_OF_SERVICE SQoS; PLSA_REFERENCED_DOMAIN_LIST RefDomains = NULL; PLSA_TRANSLATED_NAME XNames = NULL; try { /* * Open the policy with POLICY_LOOKUP_NAMES and lookup this * Sid. */ InitializeObjectAttributes(&ObjAttr, NULL, 0L, NULL, NULL); /* * init the sqos struct */ SQoS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); SQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; SQoS.ImpersonationLevel = SecurityIdentification; SQoS.EffectiveOnly = TRUE; ObjAttr.SecurityQualityOfService = &SQoS; /* * make the actual call */ Status = LsaOpenPolicy(NULL, &ObjAttr, POLICY_LOOKUP_NAMES, &Policy); if (!NT_SUCCESS(Status)) { printf("DumpSIDNAMES: can't open Lsa, (0x%lx)\n", Status); return; } Status = LsaLookupSids(Policy, 1L, &s, &RefDomains, &XNames); if (Status == STATUS_NONE_MAPPED) { printf("Unknown\n"); } else if (!NT_SUCCESS(Status)) { printf("DumpSIDNAMES: can't Lookup Sids, (0x%lx)\n", Status); } else { printf("'%wZ' (%s)\n", &(XNames->Name), (XNames->Use == SidTypeUser ? "User" : XNames->Use == SidTypeGroup ? "Group" : XNames->Use == SidTypeDomain ? "Domain" : XNames->Use == SidTypeAlias ? "Alias" : XNames->Use == SidTypeWellKnownGroup ? "WellKnownGroup" : XNames->Use == SidTypeDeletedAccount ? "Deleted" : XNames->Use == SidTypeInvalid ? "Invalid" : XNames->Use == SidTypeUnknown ? "Unknown" : "ERROR!")); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpSIDNAME: invalid pointer (0x%p)\n", s); } if (RefDomains) { LsaFreeMemory(RefDomains); } if (XNames) { LsaFreeMemory(XNames); } LsaClose(Policy); } VOID DumpACL( IN ACL *a ) { ACE_HEADER *Ace; USHORT i; try { printf("Acl -> AclRevision = 0x%x\n", a -> AclRevision); printf("Acl -> Sbz1 = 0x%x\n", a -> Sbz1); printf("Acl -> AclSize = 0x%x\n", a -> AclSize); printf("Acl -> AceCount = 0x%x\n", a -> AceCount); printf("Acl -> Sbz2 = 0x%x\n\n", a -> Sbz2); for (i = 0; i < a -> AceCount; i++) { if (NT_SUCCESS(RtlGetAce(a, i, (PVOID *)&Ace))) { DumpACE(Ace); } else { printf("(Can't RtlGetAce[%d])\n", i); } printf("\n"); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpACL: invalid pointer (0x%p)\n", a); } } VOID DumpACE( IN ACE_HEADER *a ) { ACCESS_ALLOWED_ACE *Ace = (ACCESS_ALLOWED_ACE *)a; try { printf("Ace -> AceType = "); Dump_ACE_TYPE(a -> AceType); printf("Ace -> AceSize = 0x%x\n", a -> AceSize); printf("Ace -> AceFlags = "); Dump_ACE_FLAGS(a -> AceFlags); switch (a -> AceType) { case ACCESS_ALLOWED_ACE_TYPE: case ACCESS_DENIED_ACE_TYPE: case SYSTEM_AUDIT_ACE_TYPE: case SYSTEM_ALARM_ACE_TYPE: printf("Ace -> Mask = 0x%lx\n", Ace -> Mask); printf("Ace -> Sid = "); DumpSID(&(Ace -> SidStart)); printf("\t"); DumpSIDNAME(&(Ace -> SidStart)); break; case ACCESS_ALLOWED_OBJECT_ACE_TYPE: case ACCESS_DENIED_OBJECT_ACE_TYPE: case SYSTEM_AUDIT_OBJECT_ACE_TYPE: case SYSTEM_ALARM_OBJECT_ACE_TYPE: { ACCESS_ALLOWED_OBJECT_ACE *Ace; ULONG_PTR Offset; Ace = (ACCESS_ALLOWED_OBJECT_ACE *)a; printf("Ace -> Mask = 0x%lx\n", Ace -> Mask); if (!Ace -> Flags) { printf("Ace -> Flags = 0\n"); } else { printf("Ace -> Flags = "); if (Ace -> Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) { printf("ACE_INHERITED_OBJECT_TYPE_PRESENT "); } if (Ace -> Flags & ACE_OBJECT_TYPE_PRESENT) { printf("ACE_OBJECT_TYPE_PRESENT"); } printf("\n"); } Offset = (ULONG_PTR)&(Ace -> ObjectType); if (Ace -> Flags & ACE_OBJECT_TYPE_PRESENT) { printf("Ace -> ObjectType = "); DumpGUID((GUID *)Offset); Offset += sizeof (GUID); } if (Ace -> Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT) { printf("Ace -> InheritedObjectType = "); DumpGUID((GUID *)Offset); Offset += sizeof (GUID); } printf("Ace -> Sid = "); DumpSID((SID *)Offset); printf("\t"); DumpSIDNAME((SID *)Offset); break; } default: printf("(Unknown ACE type)\n"); break; } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpACE: invalid pointer (0x%p)\n", a); } } VOID DumpSECURITY_DESCRIPTOR_CONTROL( SECURITY_DESCRIPTOR_CONTROL Control ) { printf("SecurityDescriptor -> Control = "); if (!Control) { printf(""); } if (Control & SE_OWNER_DEFAULTED) { printf("SE_OWNER_DEFAULTED "); } if (Control & SE_GROUP_DEFAULTED) { printf("SE_GROUP_DEFAULTED "); } if (Control & SE_DACL_PRESENT) { printf("SE_DACL_PRESENT "); } if (Control & SE_DACL_DEFAULTED) { printf("SE_DACL_DEFAULTED "); } if (Control & SE_SACL_PRESENT) { printf("SE_SACL_PRESENT "); } if (Control & SE_SACL_DEFAULTED) { printf("SE_SACL_DEFAULTED "); } if (Control & SE_DACL_UNTRUSTED) { printf("SE_DACL_UNTRUSTED "); } if (Control & SE_SERVER_SECURITY) { printf("SE_SERVER_SECURITY "); } if (Control & SE_DACL_AUTO_INHERIT_REQ) { printf("SE_DACL_AUTO_INHERIT_REQ "); } if (Control & SE_SACL_AUTO_INHERIT_REQ) { printf("SE_SACL_AUTO_INHERIT_REQ "); } if (Control & SE_DACL_AUTO_INHERITED) { printf("SE_DACL_AUTO_INHERITED "); } if (Control & SE_SACL_AUTO_INHERITED) { printf("SE_SACL_AUTO_INHERITED "); } if (Control & SE_DACL_PROTECTED) { printf("SE_DACL_PROTECTED "); } if (Control & SE_SACL_PROTECTED) { printf("SE_SACL_PROTECTED "); } if (Control & SE_SELF_RELATIVE) { printf("SE_SELF_RELATIVE"); } printf("\n"); } VOID DumpSECURITY_DESCRIPTOR( IN PSECURITY_DESCRIPTOR s ) { BOOLEAN Defaulted, Present; PACL Acl; PSID Sid; SECURITY_DESCRIPTOR_CONTROL Control; ULONG Rev; try { printf("\nSecurityDescriptor -> Length = 0x%lx\n", RtlLengthSecurityDescriptor(s)); RtlGetControlSecurityDescriptor(s, &Control, &Rev); DumpSECURITY_DESCRIPTOR_CONTROL(Control); printf("SecurityDescriptor -> Revision = 0x%lx\n", Rev); RtlGetOwnerSecurityDescriptor(s, &Sid, &Defaulted); printf("SecurityDescriptor -> Owner = "); if (Sid) { DumpSID(Sid); printf("\t"); DumpSIDNAME(Sid); } else { printf("\n"); } RtlGetGroupSecurityDescriptor(s, &Sid, &Defaulted); printf("SecurityDescriptor -> Group = "); if (Sid) { DumpSID(Sid); printf("\t"); DumpSIDNAME(Sid); } else { printf("\n"); } RtlGetDaclSecurityDescriptor(s, &Present, &Acl, &Defaulted); if (Present && Acl) { printf("SecurityDescriptor -> Dacl = \n"); DumpACL(Acl); } else { printf("SecurityDescriptor -> Dacl = \n"); } RtlGetSaclSecurityDescriptor(s, &Present, &Acl, &Defaulted); if (Present && Acl) { printf("SecurityDescriptor -> Sacl = \n"); DumpACL(Acl); } else { printf("SecurityDescriptor -> Sacl = \n"); } } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpSECURITY_DESCRIPTOR: invalid pointer (0x%p)\n", s); } } VOID DumpUNICODE_STRING( IN UNICODE_STRING *s ) { ANSI_STRING a; try { printf("UnicodeString -> Length = 0x%x\n", s -> Length); printf("UnicodeString -> MaximumLength = 0x%x\n", s -> MaximumLength); RtlUnicodeStringToAnsiString(&a, s, TRUE); printf("UnicodeString -> Buffer (a la ansi) = \"%s\"\n", a.Buffer); RtlFreeAnsiString(&a); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpUNICODE_STRING: invalid pointer (0x%p)\n", s); } } VOID Dump_ACE_TYPE( IN UCHAR t ) { switch (t) { case ACCESS_ALLOWED_ACE_TYPE: printf("ACCESS_ALLOWED_ACE_TYPE\n"); break; case ACCESS_DENIED_ACE_TYPE: printf("ACCESS_DENIED_ACE_TYPE\n"); break; case SYSTEM_AUDIT_ACE_TYPE: printf("SYSTEM_AUDIT_ACE_TYPE\n"); break; case SYSTEM_ALARM_ACE_TYPE: printf("SYSTEM_ALARM_ACE_TYPE\n"); break; case ACCESS_ALLOWED_COMPOUND_ACE_TYPE: printf("ACCESS_ALLOWED_COMPOUND_ACE_TYPE\n"); break; case ACCESS_ALLOWED_OBJECT_ACE_TYPE: printf("ACCESS_ALLOWED_OBJECT_ACE_TYPE\n"); break; case ACCESS_DENIED_OBJECT_ACE_TYPE: printf("ACCESS_DENIED_OBJECT_ACE_TYPE\n"); break; case SYSTEM_AUDIT_OBJECT_ACE_TYPE: printf("SYSTEM_AUDIT_OBJECT_ACE_TYPE\n"); break; case SYSTEM_ALARM_OBJECT_ACE_TYPE: printf("SYSTEM_ALARM_OBJECT_ACE_TYPE\n"); break; default: printf("(unknown ace type)\n"); break; } } VOID Dump_ACE_FLAGS( IN UCHAR f ) { if (f & INHERIT_ONLY_ACE) { printf("INHERIT_ONLY_ACE "); } if (f & NO_PROPAGATE_INHERIT_ACE) { printf("NO_PROPAGATE_INHERIT_ACE "); } if (f & CONTAINER_INHERIT_ACE) { printf("CONTAINER_INHERIT_ACE "); } if (f & OBJECT_INHERIT_ACE) { printf("OBJECT_INHERIT_ACE "); } if (f & INHERITED_ACE) { printf("INHERITED_ACE "); } if (f & SUCCESSFUL_ACCESS_ACE_FLAG) { printf("SUCCESSFUL_ACCESS_ACE_FLAG "); } if (f & FAILED_ACCESS_ACE_FLAG) { printf("FAILED_ACCESS_ACE_FLAG"); } printf("\n"); } VOID DumpSTRING( IN STRING *s ) { try { printf("String -> Length = 0x%x\n", s -> Length); printf("String -> MaximumLength = 0x%x\n", s -> MaximumLength); printf("String -> Buffer = \"%s\"\n", s -> Buffer); } except (EXCEPTION_EXECUTE_HANDLER) { printf("DumpUNICODE_STRING: invalid pointer (0x%p)\n", s); } }