test: rtsetsec.c Source File

00001 /*++ 00002 00003 Copyright (c) 1992 Microsoft Corporation 00004 00005 Module Name: 00006 00007 rtsetsec.c 00008 00009 Abstract: 00010 00011 NT level registry security test program 00012 00013 Assigns a world read-only security descriptor to an existing registry 00014 key object. 00015 00016 rtsetsec <KeyPath> 00017 00018 Example: 00019 00020 rtsetsec \REGISTRY\MACHINE\TEST\read_only 00021 00022 Author: 00023 00024 John Vert (jvert) 28-Jan-92 00025 00026 Revision History: 00027 00028 Richard Ward (richardw) 14 April 92 Changed ACE_HEADER 00029 00030 --*/ 00031 00032 #include "cmp.h" 00033 #include <stdio.h> 00034 #include <stdlib.h> 00035 #include <string.h> 00036 00037 PSID 00038 GetMySid( 00039 VOID 00040 ); 00041 00042 PSECURITY_DESCRIPTOR 00043 GenerateDescriptor( 00044 VOID 00045 ); 00046 00047 void 00048 __cdecl main( 00049 int argc, 00050 char *argv[] 00051 ) 00052 { 00053 NTSTATUS Status; 00054 OBJECT_ATTRIBUTES ObjectAttributes; 00055 UNICODE_STRING KeyName; 00056 ANSI_STRING AnsiKeyName; 00057 HANDLE KeyHandle; 00058 PSECURITY_DESCRIPTOR NewSecurityDescriptor; 00059 00060 // 00061 // Process args 00062 // 00063 00064 if (argc != 2) { 00065 printf("Usage: %s <KeyPath>\n",argv[0]); 00066 exit(1); 00067 } 00068 00069 RtlInitAnsiString(&AnsiKeyName, argv[1]); 00070 Status = RtlAnsiStringToUnicodeString(&KeyName, &AnsiKeyName, TRUE); 00071 if (!NT_SUCCESS(Status)) { 00072 printf("RtlAnsiStringToUnicodeString failed %lx\n",Status); 00073 exit(1); 00074 } 00075 00076 printf("rtsetsec: starting\n"); 00077 00078 // 00079 // Open node that we want to change the security descriptor for. 00080 // 00081 00082 InitializeObjectAttributes( 00083 &ObjectAttributes, 00084 &KeyName, 00085 0, 00086 (HANDLE)NULL, 00087 NULL 00088 ); 00089 ObjectAttributes.Attributes |= OBJ_CASE_INSENSITIVE; 00090 00091 Status = NtOpenKey( 00092 &KeyHandle, 00093 WRITE_DAC, 00094 &ObjectAttributes 00095 ); 00096 if (!NT_SUCCESS(Status)) { 00097 printf("rtsetsec: NtOpenKey failed: %08lx\n", Status); 00098 exit(1); 00099 } 00100 00101 NewSecurityDescriptor = GenerateDescriptor(); 00102 00103 Status = NtSetSecurityObject( KeyHandle, 00104 DACL_SECURITY_INFORMATION, 00105 NewSecurityDescriptor); 00106 if (!NT_SUCCESS(Status)) { 00107 printf("rtsetsec: NtSetSecurity failed: %08lx\n",Status); 00108 exit(1); 00109 } 00110 00111 Status = NtClose(KeyHandle); 00112 if (!NT_SUCCESS(Status)) { 00113 printf("rtsetsec: NtClose failed: %08lx\n", Status); 00114 exit(1); 00115 } 00116 00117 printf("rtsetsec: successful\n"); 00118 00119 } 00120 00121 PSECURITY_DESCRIPTOR 00122 GenerateDescriptor( 00123 VOID 00124 ) 00125 { 00126 PSECURITY_DESCRIPTOR SecurityDescriptor; 00127 PACL Acl; 00128 PSID WorldSid, CreatorSid; 00129 SID_IDENTIFIER_AUTHORITY WorldAuthority = SECURITY_WORLD_SID_AUTHORITY; 00130 ULONG OwnerAceLength, WorldAceLength; 00131 ULONG AclLength; 00132 NTSTATUS Status; 00133 PACCESS_ALLOWED_ACE OwnerAce; 00134 PACCESS_ALLOWED_ACE WorldAce; 00135 00136 WorldSid = malloc(RtlLengthRequiredSid(1)); 00137 if (WorldSid == NULL) { 00138 printf("rtsetsec: GenerateDescriptor() couldn't malloc WorldSID\n"); 00139 exit(1); 00140 } 00141 RtlInitializeSid(WorldSid, &WorldAuthority, 1); 00142 *(RtlSubAuthoritySid(WorldSid, 0)) = SECURITY_WORLD_RID; 00143 if (!RtlValidSid(WorldSid)) { 00144 printf("rtsetsec: GenerateDescriptor() created invalid World SID\n"); 00145 exit(1); 00146 } 00147 00148 CreatorSid = GetMySid(); 00149 00150 // 00151 // Since the ACCESS_DENIED_ACE already contains a ULONG for the 00152 // SID, we subtract this back out when calculating the size of the ACE 00153 // 00154 00155 WorldAceLength = SeLengthSid(WorldSid) - 00156 sizeof(ULONG) + 00157 sizeof(ACCESS_ALLOWED_ACE) ; 00158 WorldAce = malloc(WorldAceLength); 00159 if (WorldAce == NULL) { 00160 printf("rtsetsec: GenerateDescriptor() couldn't malloc WorldAce\n"); 00161 exit(1); 00162 } 00163 00164 OwnerAceLength = SeLengthSid(CreatorSid) - 00165 sizeof(ULONG) + 00166 sizeof(ACCESS_ALLOWED_ACE); 00167 00168 OwnerAce = malloc( OwnerAceLength ); 00169 if (OwnerAce == NULL) { 00170 printf("rtsetsec: GenerateDescriptor() couldn't malloc OwnerAce\n"); 00171 exit(1); 00172 } 00173 00174 AclLength = OwnerAceLength + WorldAceLength + sizeof(ACL); 00175 Acl = malloc(AclLength); 00176 if (Acl == NULL) { 00177 printf("rtsetsec: GenerateDescriptor() couldn't malloc ACL\n"); 00178 exit(1); 00179 } 00180 00181 Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION); 00182 if (!NT_SUCCESS(Status)) { 00183 printf("rtsetsec: RtlCreateAcl failed status %08lx\n", Status); 00184 exit(1); 00185 } 00186 00187 // 00188 // Fill in ACE fields 00189 // 00190 00191 WorldAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; 00192 WorldAce->Header.AceSize = (USHORT)WorldAceLength; 00193 WorldAce->Header.AceFlags = 0; // clear audit and inherit flags 00194 WorldAce->Mask = KEY_READ; 00195 Status = RtlCopySid( SeLengthSid(WorldSid), 00196 &WorldAce->SidStart, 00197 WorldSid ); 00198 if (!NT_SUCCESS(Status)) { 00199 printf("rtsetsec: RtlCopySid failed status %08lx\n", Status); 00200 exit(1); 00201 } 00202 00203 OwnerAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; 00204 OwnerAce->Header.AceSize = (USHORT)OwnerAceLength; 00205 OwnerAce->Header.AceFlags = 0; // clear audit and inherit flags 00206 OwnerAce->Mask = KEY_ALL_ACCESS; 00207 Status = RtlCopySid( SeLengthSid(CreatorSid), 00208 &OwnerAce->SidStart, 00209 CreatorSid ); 00210 if (!NT_SUCCESS(Status)) { 00211 printf("rtsetsec: RtlCopySid failed status %08lx\n", Status); 00212 exit(1); 00213 } 00214 00215 free(WorldSid); 00216 00217 // 00218 // Now add the ACE to the beginning of the ACL. 00219 // 00220 00221 Status = RtlAddAce( Acl, 00222 ACL_REVISION, 00223 0, 00224 WorldAce, 00225 WorldAceLength ); 00226 if (!NT_SUCCESS(Status)) { 00227 printf("rtsetsec: RtlAddAce (world ace) failed status %08lx\n", Status); 00228 exit(1); 00229 } 00230 Status = RtlAddAce( Acl, 00231 ACL_REVISION, 00232 0, 00233 OwnerAce, 00234 OwnerAceLength ); 00235 if (!NT_SUCCESS(Status)) { 00236 printf("rtsetsec: RtlAddAce (owner ace) failed status %08lx\n", Status); 00237 exit(1); 00238 } 00239 00240 free(OwnerAce); 00241 free(WorldAce); 00242 00243 // 00244 // Allocate and initialize the Security Descriptor 00245 // 00246 00247 SecurityDescriptor = malloc(sizeof(SECURITY_DESCRIPTOR)); 00248 Status = RtlCreateSecurityDescriptor( SecurityDescriptor, 00249 SECURITY_DESCRIPTOR_REVISION ); 00250 if (!NT_SUCCESS(Status)) { 00251 printf("rtsetsec: RtlCreateSecurityDescriptor failed status %08lx\n",Status); 00252 exit(1); 00253 } 00254 00255 Status = RtlSetDaclSecurityDescriptor( SecurityDescriptor, 00256 TRUE, 00257 Acl, 00258 FALSE ); 00259 if (!NT_SUCCESS(Status)) { 00260 printf("rtsetsec: RtlSetDaclSecurityDescriptor failed status %08lx\n",Status); 00261 exit(1); 00262 } 00263 00264 // 00265 // FINALLY we are finished! 00266 // 00267 00268 return(SecurityDescriptor); 00269 00270 } 00271 00272 PSID 00273 GetMySid( 00274 VOID 00275 ) 00276 { 00277 NTSTATUS Status; 00278 HANDLE Token; 00279 PTOKEN_OWNER Owner; 00280 ULONG Length; 00281 00282 Status = NtOpenProcessToken( NtCurrentProcess(), 00283 TOKEN_QUERY, 00284 &Token ); 00285 if (!NT_SUCCESS(Status)) { 00286 printf("rtsetsec: GetMySid() NtOpenProcessToken failed status %08lx\n",Status); 00287 exit(1); 00288 } 00289 00290 Status = NtQueryInformationToken( Token, 00291 TokenOwner, 00292 Owner, 00293 0, 00294 &Length ); 00295 if (Status != STATUS_BUFFER_TOO_SMALL) { 00296 printf("rtsetsec: GetMySid() NtQueryInformationToken failed status %08lx\n",Status); 00297 exit(1); 00298 } 00299 00300 Owner = malloc(Length); 00301 if (Owner==NULL) { 00302 printf("rtsetsec: GetMySid() Couldn't malloc TOKEN_OWNER buffer\n"); 00303 exit(1); 00304 } 00305 Status = NtQueryInformationToken( Token, 00306 TokenOwner, 00307 Owner, 00308 Length, 00309 &Length ); 00310 if (!NT_SUCCESS(Status)) { 00311 printf("rtsetsec: GetMySid() NtQueryInformationToken failed status %08lx\n",Status); 00312 exit(1); 00313 } 00314 00315 NtClose(Token); 00316 00317 return(Owner->Owner); 00318 00319 }