test: uipers.c File Reference

printf( "(0x%lx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx-%hx)\n", \ (G)->Data1, (G)->Data2, (G)->Data3, \ (G)->Data4[0], (G)->Data4[1], (G)->Data4[2], \ (G)->Data4[3], (G)->Data4[4], (G)->Data4[5], \ (G)->Data4[6], (G)->Data4[7]); \

00134 { 00135 UCHAR Buffer[128]; 00136 STRING AccountName; 00137 UCHAR i; 00138 ULONG Tmp; 00139 00140 Buffer[0] = 0; 00141 00142 AccountName.MaximumLength = 127; 00143 AccountName.Length = 0; 00144 AccountName.Buffer = (PVOID)&Buffer[0]; 00145 00146 00147 00148 if (SidTranslation( (PSID)Sid, &AccountName) ) { 00149 00150 printf("%s\n", AccountName.Buffer ); 00151 00152 } else { 00153 printf("S-%lu-", (USHORT)Sid->Revision ); 00154 if ( (Sid->IdentifierAuthority.Value[0] != 0) || 00155 (Sid->IdentifierAuthority.Value[1] != 0) ){ 00156 printf("0x%02hx%02hx%02hx%02hx%02hx%02hx", 00157 (USHORT)Sid->IdentifierAuthority.Value[0], 00158 (USHORT)Sid->IdentifierAuthority.Value[1], 00159 (USHORT)Sid->IdentifierAuthority.Value[2], 00160 (USHORT)Sid->IdentifierAuthority.Value[3], 00161 (USHORT)Sid->IdentifierAuthority.Value[4], 00162 (USHORT)Sid->IdentifierAuthority.Value[5] ); 00163 } else { 00164 Tmp = (ULONG)Sid->IdentifierAuthority.Value[5] + 00165 (ULONG)(Sid->IdentifierAuthority.Value[4] << 8) + 00166 (ULONG)(Sid->IdentifierAuthority.Value[3] << 16) + 00167 (ULONG)(Sid->IdentifierAuthority.Value[2] << 24); 00168 printf("%lu", Tmp); 00169 } 00170 00171 00172 for (i=0;i<Sid->SubAuthorityCount ;i++ ) { 00173 printf("-%lu", Sid->SubAuthority[i]); 00174 } 00175 printf("\n"); 00176 00177 } 00178 00179 }

00306 { 00307 00308 00309 if (!DisplayPrivilegeName(&Privilege->Luid)) { 00310 printf("(Unknown Privilege. Value is: (0x%lx,0x%lx))", 00311 Privilege->Luid.HighPart, 00312 Privilege->Luid.LowPart 00313 ); 00314 } 00315 00316 00317 00318 // 00319 // Display the attributes assigned to the privilege. 00320 // 00321 00322 printf("\n ["); 00323 if (!(Privilege->Attributes & SE_PRIVILEGE_ENABLED)) { 00324 printf("Not "); 00325 } 00326 printf("Enabled"); 00327 00328 //printf(" / "); 00329 //if (!(Privilege->Attributes & SE_PRIVILEGE_ENABLED_BY_DEFAULT)) { 00330 // printf("Not "); 00331 //} 00332 //printf("Enabled By Default"); 00333 00334 00335 printf("]\n"); 00336 printf(" "); 00337 00338 00339 return; 00340 00341 }

00187 { 00188 00189 // 00190 // This should be rewritten to use RtlLookupPrivilegeName. 00191 // 00192 // First we should probably spec and write RtlLookupPrivilegeName. 00193 // 00194 00195 if ( ((*Privilege)QuadPart == CreateTokenPrivilege.QuadPart)) { 00196 printf("SeCreateTokenPrivilege "); 00197 return(TRUE); 00198 } 00199 00200 if ( ((*Privilege).QuadPart == AssignPrimaryTokenPrivilege.QuadPart)) { 00201 printf("SeAssignPrimaryTokenPrivilege "); 00202 return(TRUE); 00203 } 00204 00205 if ( ((*Privilege).QuadPart == LockMemoryPrivilege.QuadPart)) { 00206 printf("SeLockMemoryPrivilege "); 00207 return(TRUE); 00208 } 00209 00210 if ( ((*Privilege).QuadPart == IncreaseQuotaPrivilege.QuadPart)) { 00211 printf("SeIncreaseQuotaPrivilege "); 00212 return(TRUE); 00213 } 00214 00215 if ( ((*Privilege).QuadPart == UnsolicitedInputPrivilege.QuadPart)) { 00216 printf("SeUnsolicitedInputPrivilege "); 00217 return(TRUE); 00218 } 00219 00220 if ( ((*Privilege).QuadPart == TcbPrivilege.QuadPart)) { 00221 printf("SeTcbPrivilege "); 00222 return(TRUE); 00223 } 00224 00225 if ( ((*Privilege).QuadPart == SecurityPrivilege.QuadPart)) { 00226 printf("SeSecurityPrivilege (Security Operator) "); 00227 return(TRUE); 00228 } 00229 00230 00231 if ( ((*Privilege).QuadPart == TakeOwnershipPrivilege.QuadPart)) { 00232 printf("SeTakeOwnershipPrivilege "); 00233 return(TRUE); 00234 } 00235 00236 if ( ((*Privilege).QuadPart == LpcReplyBoostPrivilege.QuadPart)) { 00237 printf("SeLpcReplyBoostPrivilege "); 00238 return(TRUE); 00239 } 00240 00241 if ( ((*Privilege).QuadPart == CreatePagefilePrivilege.QuadPart)) { 00242 printf("SeCreatePagefilePrivilege "); 00243 return(TRUE); 00244 } 00245 00246 if ( ((*Privilege).QuadPart == IncreaseBasePriorityPrivilege.QuadPart)) { 00247 printf("SeIncreaseBasePriorityPrivilege "); 00248 return(TRUE); 00249 } 00250 00251 if ( ((*Privilege).QuadPart == SystemProfilePrivilege.QuadPart)) { 00252 printf("SeSystemProfilePrivilege "); 00253 return(TRUE); 00254 } 00255 00256 if ( ((*Privilege).QuadPart == SystemtimePrivilege.QuadPart)) { 00257 printf("SeSystemtimePrivilege "); 00258 return(TRUE); 00259 } 00260 00261 if ( ((*Privilege).QuadPart == ProfileSingleProcessPrivilege.QuadPart)) { 00262 printf("SeProfileSingleProcessPrivilege "); 00263 return(TRUE); 00264 } 00265 00266 if ( ((*Privilege).QuadPart == CreatePermanentPrivilege.QuadPart)) { 00267 printf("SeCreatePermanentPrivilege "); 00268 return(TRUE); 00269 } 00270 00271 if ( ((*Privilege).QuadPart == BackupPrivilege.QuadPart)) { 00272 printf("SeBackupPrivilege "); 00273 return(TRUE); 00274 } 00275 00276 if ( ((*Privilege).QuadPart == RestorePrivilege.QuadPart)) { 00277 printf("SeRestorePrivilege "); 00278 return(TRUE); 00279 } 00280 00281 if ( ((*Privilege).QuadPart == ShutdownPrivilege.QuadPart)) { 00282 printf("SeShutdownPrivilege "); 00283 return(TRUE); 00284 } 00285 00286 if ( ((*Privilege).QuadPart == DebugPrivilege.QuadPart)) { 00287 printf("SeDebugPrivilege "); 00288 return(TRUE); 00289 } 00290 00291 if ( ((*Privilege).QuadPart == SystemEnvironmentPrivilege.QuadPart)) { 00292 printf("SeSystemEnvironmentPrivilege "); 00293 return(TRUE); 00294 } 00295 00296 return(FALSE); 00297 00298 }

00348 { 00349 00350 #define BUFFER_SIZE (2048) 00351 00352 NTSTATUS Status; 00353 ULONG i; 00354 ULONG ReturnLength; 00355 TOKEN_STATISTICS ProcessTokenStatistics; 00356 GUID AuthenticationId; 00357 UCHAR Buffer[BUFFER_SIZE]; 00358 00359 00360 PTOKEN_USER UserId; 00361 PTOKEN_OWNER DefaultOwner; 00362 PTOKEN_PRIMARY_GROUP PrimaryGroup; 00363 PTOKEN_GROUPS GroupIds; 00364 PTOKEN_PRIVILEGES Privileges; 00365 00366 00367 00368 00370 // // 00371 // Logon ID // 00372 // // 00374 00375 Status = NtQueryInformationToken( 00376 TokenHandle, // Handle 00377 TokenStatistics, // TokenInformationClass 00378 &ProcessTokenStatistics, // TokenInformation 00379 sizeof(TOKEN_STATISTICS), // TokenInformationLength 00380 &ReturnLength // ReturnLength 00381 ); 00382 ASSERT(NT_SUCCESS(Status)); 00383 AuthenticationId = ProcessTokenStatistics.AuthenticationId; 00384 00385 printf(" Logon Session: "); 00386 if (RtlEqualGuid(&AuthenticationId, &SystemAuthenticationId )) { 00387 printf("(System Logon Session)\n"); 00388 } else { 00389 PrintGuid( &AuthenticationId ); 00390 } 00391 00392 00393 00394 00396 // // 00397 // User Id // 00398 // // 00400 00401 UserId = (PTOKEN_USER)&Buffer[0]; 00402 Status = NtQueryInformationToken( 00403 TokenHandle, // Handle 00404 TokenUser, // TokenInformationClass 00405 UserId, // TokenInformation 00406 BUFFER_SIZE, // TokenInformationLength 00407 &ReturnLength // ReturnLength 00408 ); 00409 00410 00411 ASSERT(NT_SUCCESS(Status)); 00412 00413 printf(" User id: "); 00414 DisplayAccountSid( (PISID)UserId->User.Sid ); 00415 00416 00417 00418 00419 00421 // // 00422 // Default Owner // 00423 // // 00425 00426 DefaultOwner = (PTOKEN_OWNER)&Buffer[0]; 00427 00428 Status = NtQueryInformationToken( 00429 TokenHandle, // Handle 00430 TokenOwner, // TokenInformationClass 00431 DefaultOwner, // TokenInformation 00432 BUFFER_SIZE, // TokenInformationLength 00433 &ReturnLength // ReturnLength 00434 ); 00435 00436 00437 ASSERT(NT_SUCCESS(Status)); 00438 00439 printf(" Default Owner: "); 00440 DisplayAccountSid( (PISID)DefaultOwner->Owner ); 00441 00442 00443 00444 00445 00446 00448 // // 00449 // Primary Group // 00450 // // 00452 00453 PrimaryGroup = (PTOKEN_PRIMARY_GROUP)&Buffer[0]; 00454 00455 Status = NtQueryInformationToken( 00456 TokenHandle, // Handle 00457 TokenPrimaryGroup, // TokenInformationClass 00458 PrimaryGroup, // TokenInformation 00459 BUFFER_SIZE, // TokenInformationLength 00460 &ReturnLength // ReturnLength 00461 ); 00462 00463 00464 ASSERT(NT_SUCCESS(Status)); 00465 00466 printf(" Primary Group: "); 00467 DisplayAccountSid( (PISID)PrimaryGroup->PrimaryGroup ); 00468 00469 00470 00471 00472 00473 00475 // // 00476 // Group Ids // 00477 // // 00479 00480 printf("\n"); 00481 GroupIds = (PTOKEN_GROUPS)&Buffer[0]; 00482 Status = NtQueryInformationToken( 00483 TokenHandle, // Handle 00484 TokenGroups, // TokenInformationClass 00485 GroupIds, // TokenInformation 00486 BUFFER_SIZE, // TokenInformationLength 00487 &ReturnLength // ReturnLength 00488 ); 00489 00490 00491 ASSERT(NT_SUCCESS(Status)); 00492 00493 //printf(" Number of groups: %ld\n", GroupIds->GroupCount); 00494 printf(" Groups: "); 00495 00496 for (i=0; i < GroupIds->GroupCount; i++ ) { 00497 //printf(" Group %ld: ", i); 00498 DisplayAccountSid( (PISID)GroupIds->Groups[i].Sid ); 00499 printf(" "); 00500 } 00501 00502 00503 00504 00505 00507 // // 00508 // Privileges // 00509 // // 00511 00512 printf("\n"); 00513 Privileges = (PTOKEN_PRIVILEGES)&Buffer[0]; 00514 Status = NtQueryInformationToken( 00515 TokenHandle, // Handle 00516 TokenPrivileges, // TokenInformationClass 00517 Privileges, // TokenInformation 00518 BUFFER_SIZE, // TokenInformationLength 00519 &ReturnLength // ReturnLength 00520 ); 00521 00522 00523 ASSERT(NT_SUCCESS(Status)); 00524 00525 printf(" Privileges: "); 00526 if (Privileges->PrivilegeCount > 0) { 00527 00528 for (i=0; i < Privileges->PrivilegeCount; i++ ) { 00529 DisplayPrivilege( &(Privileges->Privileges[i]) ); 00530 } 00531 } else { 00532 printf("(none assigned)\n"); 00533 } 00534 00535 00536 00537 return; 00538 00539 }

00544 { 00545 00546 NTSTATUS Status; 00547 HANDLE ProcessToken; 00548 00549 00550 TSeVariableInitialization(); // Initialize global variables 00551 00552 printf("\n"); 00553 00554 00555 // 00556 // Open our process token 00557 // 00558 00559 Status = NtOpenProcessToken( 00560 NtCurrentProcess(), 00561 TOKEN_QUERY, 00562 &ProcessToken 00563 ); 00564 if (!NT_SUCCESS(Status)) { 00565 printf("I'm terribly sorry, but you don't seem to have access to\n"); 00566 printf("open your own process's token.\n"); 00567 printf("\n"); 00568 return(FALSE); 00569 } 00570 00571 printf("Your process level security context is:\n"); 00572 printf("\n"); 00573 DisplaySecurityContext( ProcessToken ); 00574 00575 00576 Status = NtClose( ProcessToken ); 00577 00578 return(TRUE); 00579 }

00396 { 00397 if (RtlEqualSid(Sid, WorldSid)) { 00398 RtlInitString( AccountName, "WORLD"); 00399 return(TRUE); 00400 } 00401 00402 if (RtlEqualSid(Sid, LocalSid)) { 00403 RtlInitString( AccountName, "LOCAL"); 00404 00405 return(TRUE); 00406 } 00407 00408 if (RtlEqualSid(Sid, NetworkSid)) { 00409 RtlInitString( AccountName, "NETWORK"); 00410 00411 return(TRUE); 00412 } 00413 00414 if (RtlEqualSid(Sid, BatchSid)) { 00415 RtlInitString( AccountName, "BATCH"); 00416 00417 return(TRUE); 00418 } 00419 00420 if (RtlEqualSid(Sid, InteractiveSid)) { 00421 RtlInitString( AccountName, "INTERACTIVE"); 00422 return(TRUE); 00423 } 00424 00425 if (RtlEqualSid(Sid, LocalSystemSid)) { 00426 RtlInitString( AccountName, "SYSTEM"); 00427 return(TRUE); 00428 } 00429 00430 // 00431 // if (RtlEqualSid(Sid, LocalManagerSid)) { 00432 // RtlInitString( AccountName, "LOCAL MANAGER"); 00433 // return(TRUE); 00434 // } 00435 00436 // if (RtlEqualSid(Sid, LocalAdminSid)) { 00437 // RtlInitString( AccountName, "LOCAL ADMIN"); 00438 // return(TRUE); 00439 // } 00440 00441 return(FALSE); 00442 00443 }


Defines
#define	_TST_USER_
#define	PrintGuid(G)
#define	BUFFER_SIZE (2048)
Functions
VOID	DisplaySecurityContext (IN HANDLE TokenHandle)
VOID	DisplayAccountSid (PISID Sid)
BOOLEAN	SidTranslation (PSID Sid, PSTRING AccountName)
BOOLEAN	DisplayPrivilegeName (PLUID Privilege)
VOID	DisplayPrivilege (PLUID_AND_ATTRIBUTES Privilege)
BOOLEAN	main ()
Variables
GUID	SystemAuthenticationId = SYSTEM_GUID

uipers.c File Reference

Defines

Functions

Variables

Define Documentation

Function Documentation

Variable Documentation