/************************************
REVISION LOG ENTRY
Revision By: Zhefu Zhang
Contact : codetiger@hotmail.com
Revised on 2/13/2004 10:11:25 AM
Comment: it is part of the code sample of
http://www.codeguru.com/misc/RunUser.html
************************************/
// ACLDumpDlg.cpp : �C���v�������e�[�V���� �t�@�C��
//
#include "stdafx.h"
#include "zaccessman.h"
#include "ACLDumpDlg.h"
#include "z.h"
#include "xMisc.h" //Sddl.h.
#include "AccessData.h"
#include "AccountListDlg.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define ACCESS_NULL_ENTRY NULL, 0, NULL, 0
SI_ACCESS gSiAccessAllRights[][19] = {
{ // File (0)
{&GUID_NULL, FILE_ALL_ACCESS, L"FILE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_DATA, L"FILE_READ_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_DATA, L"FILE_WRITE_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_APPEND_DATA, L"FILE_APPEND_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_EA, L"FILE_READ_EA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_EA, L"FILE_WRITE_EA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_EXECUTE, L"FILE_EXECUTE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_ATTRIBUTES, L"FILE_READ_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_ATTRIBUTES, L"FILE_WRITE_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Dir (14)
{&GUID_NULL, FILE_ALL_ACCESS, L"FILE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_LIST_DIRECTORY, L"FILE_LIST_DIRECTORY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_ADD_FILE, L"FILE_ADD_FILE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_ADD_SUBDIRECTORY, L"FILE_ADD_SUBDIRECTORY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_EA, L"FILE_READ_EA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_EA, L"FILE_WRITE_EA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_TRAVERSE, L"FILE_TRAVERSE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_DELETE_CHILD, L"FILE_DELETE_CHILD",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_ATTRIBUTES, L"FILE_READ_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_ATTRIBUTES, L"FILE_WRITE_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Service (29)
{&GUID_NULL, SERVICE_ALL_ACCESS, L"SERVICE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_CHANGE_CONFIG, L"SERVICE_CHANGE_CONFIG",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_ENUMERATE_DEPENDENTS,
L"SERVICE_ENUMERATE_DEPENDENTS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_INTERROGATE, L"SERVICE_INTERROGATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_PAUSE_CONTINUE, L"SERVICE_PAUSE_CONTINUE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_QUERY_CONFIG, L"SERVICE_QUERY_CONFIG",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_QUERY_STATUS, L"SERVICE_QUERY_STATUS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_START, L"SERVICE_START",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_STOP, L"SERVICE_STOP",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVICE_USER_DEFINED_CONTROL,
L"SERVICE_USER_DEFINED_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Printer (44)
{&GUID_NULL, SERVER_ACCESS_ADMINISTER, L"SERVER_ACCESS_ADMINISTER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SERVER_ACCESS_ENUMERATE, L"SERVER_ACCESS_ENUMERATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PRINTER_ACCESS_ADMINISTER, L"PRINTER_ACCESS_ADMINISTER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PRINTER_ACCESS_USE, L"PRINTER_ACCESS_USE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_ACCESS_ADMINISTER, L"JOB_ACCESS_ADMINISTER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Registry (55)
{&GUID_NULL, KEY_ALL_ACCESS, L"KEY_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_QUERY_VALUE, L"KEY_QUERY_VALUE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_SET_VALUE, L"KEY_SET_VALUE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_CREATE_SUB_KEY, L"KEY_CREATE_SUB_KEY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_ENUMERATE_SUB_KEYS, L"KEY_ENUMERATE_SUB_KEYS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_NOTIFY, L"KEY_NOTIFY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, KEY_CREATE_LINK, L"KEY_CREATE_LINK",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Share (68)
{&GUID_NULL, PERM_FILE_READ, L"PERM_FILE_READ",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PERM_FILE_WRITE, L"PERM_FILE_WRITE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PERM_FILE_CREATE, L"PERM_FILE_CREATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE", SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Process (74)
{&GUID_NULL, PROCESS_ALL_ACCESS, L"PROCESS_TERMINATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_TERMINATE, L"PROCESS_TERMINATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_CREATE_THREAD, L"PROCESS_CREATE_THREAD",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_SET_SESSIONID, L"PROCESS_SET_SESSIONID",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_VM_OPERATION, L"PROCESS_VM_OPERATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_VM_READ, L"PROCESS_VM_READ",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_VM_WRITE, L"PROCESS_VM_WRITE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_DUP_HANDLE, L"PROCESS_DUP_HANDLE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_CREATE_PROCESS, L"PROCESS_CREATE_PROCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_SET_QUOTA, L"PROCESS_SET_QUOTA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_SET_INFORMATION, L"PROCESS_SET_INFORMATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, PROCESS_QUERY_INFORMATION, L"PROCESS_QUERY_INFORMATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE", SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Thread (91)
{&GUID_NULL, THREAD_ALL_ACCESS, L"THREAD_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_TERMINATE, L"THREAD_TERMINATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_SUSPEND_RESUME, L"THREAD_SUSPEND_RESUME",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_GET_CONTEXT, L"THREAD_GET_CONTEXT",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_SET_CONTEXT, L"THREAD_SET_CONTEXT",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_SET_INFORMATION, L"THREAD_SET_INFORMATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_QUERY_INFORMATION, L"THREAD_QUERY_INFORMATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_SET_THREAD_TOKEN, L"THREAD_SET_THREAD_TOKEN",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_IMPERSONATE, L"THREAD_IMPERSONATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, THREAD_DIRECT_IMPERSONATION,
L"THREAD_DIRECT_IMPERSONATION",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Job (107)
{&GUID_NULL, JOB_OBJECT_ALL_ACCESS, L"JOB_OBJECT_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_OBJECT_ASSIGN_PROCESS, L"JOB_OBJECT_ASSIGN_PROCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_OBJECT_SET_ATTRIBUTES, L"JOB_OBJECT_SET_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_OBJECT_QUERY, L"JOB_OBJECT_QUERY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_OBJECT_TERMINATE, L"JOB_OBJECT_TERMINATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, JOB_OBJECT_SET_SECURITY_ATTRIBUTES,
L"JOB_OBJECT_SET_SECURITY_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE", SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Semaphore
{&GUID_NULL, SEMAPHORE_ALL_ACCESS, L"SEMAPHORE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SEMAPHORE_MODIFY_STATE, L"SEMAPHORE_MODIFY_STATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Event
{&GUID_NULL, EVENT_ALL_ACCESS, L"EVENT_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, EVENT_MODIFY_STATE, L"EVENT_MODIFY_STATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Mutex
{&GUID_NULL, MUTEX_ALL_ACCESS, L"MUTEX_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, MUTEX_MODIFY_STATE, L"MUTEX_MODIFY_STATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Mapping
{&GUID_NULL, FILE_MAP_COPY, L"FILE_MAP_COPY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_MAP_WRITE, L"FILE_MAP_WRITE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_MAP_READ, L"FILE_MAP_READ",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_MAP_ALL_ACCESS, L"FILE_MAP_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SECTION_EXTEND_SIZE, L"SECTION_EXTEND_SIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Timer
{&GUID_NULL, TIMER_ALL_ACCESS, L"TIMER_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TIMER_QUERY_STATE, L"TIMER_QUERY_STATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TIMER_MODIFY_STATE, L"TIMER_MODIFY_STATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Token
{&GUID_NULL, TOKEN_ALL_ACCESS, L"TOKEN_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_ASSIGN_PRIMARY, L"TOKEN_ASSIGN_PRIMARY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_DUPLICATE, L"TOKEN_DUPLICATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_IMPERSONATE, L"TOKEN_IMPERSONATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_QUERY, L"TOKEN_QUERY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_QUERY_SOURCE, L"TOKEN_QUERY_SOURCE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_ADJUST_PRIVILEGES, L"TOKEN_ADJUST_PRIVILEGES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_ADJUST_GROUPS, L"TOKEN_ADJUST_GROUPS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_ADJUST_DEFAULT, L"TOKEN_ADJUST_DEFAULT",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, TOKEN_ADJUST_SESSIONID, L"TOKEN_ADJUST_SESSIONID",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Namedpipe
{&GUID_NULL, FILE_ALL_ACCESS, L"FILE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_DATA, L"FILE_READ_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_DATA, L"FILE_WRITE_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_CREATE_PIPE_INSTANCE, L"FILE_CREATE_PIPE_INSTANCE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_ATTRIBUTES, L"FILE_READ_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_ATTRIBUTES, L"FILE_WRITE_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Anonpipe
{&GUID_NULL, FILE_ALL_ACCESS, L"FILE_ALL_ACCESS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_DATA, L"FILE_READ_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_DATA, L"FILE_WRITE_DATA",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_CREATE_PIPE_INSTANCE, L"FILE_CREATE_PIPE_INSTANCE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_READ_ATTRIBUTES, L"FILE_READ_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, FILE_WRITE_ATTRIBUTES, L"FILE_WRITE_ATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Windowstation
{&GUID_NULL, WINSTA_ACCESSCLIPBOARD, L"WINSTA_ACCESSCLIPBOARD",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_ACCESSGLOBALATOMS, L"WINSTA_ACCESSGLOBALATOMS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_CREATEDESKTOP, L"WINSTA_CREATEDESKTOP",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_ENUMDESKTOPS, L"WINSTA_ENUMDESKTOPS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_ENUMERATE, L"WINSTA_ENUMERATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_EXITWINDOWS, L"WINSTA_EXITWINDOWS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_READATTRIBUTES, L"WINSTA_READATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_READSCREEN, L"WINSTA_READSCREEN",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WINSTA_WRITEATTRIBUTES, L"WINSTA_WRITEATTRIBUTES",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
},
{ // Desktop
{&GUID_NULL, DESKTOP_CREATEMENU, L"DESKTOP_CREATEMENU",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_CREATEWINDOW, L"DESKTOP_CREATEWINDOW",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_ENUMERATE, L"DESKTOP_ENUMERATE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_HOOKCONTROL, L"DESKTOP_HOOKCONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_JOURNALPLAYBACK, L"DESKTOP_JOURNALPLAYBACK",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_JOURNALRECORD, L"DESKTOP_JOURNALRECORD",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_READOBJECTS, L"DESKTOP_READOBJECTS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_SWITCHDESKTOP, L"DESKTOP_SWITCHDESKTOP",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DESKTOP_WRITEOBJECTS, L"DESKTOP_WRITEOBJECTS",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, READ_CONTROL, L"READ_CONTROL",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_DAC, L"WRITE_DAC",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, WRITE_OWNER, L"WRITE_OWNER",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, DELETE, L"DELETE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, SYNCHRONIZE, L"SYNCHRONIZE",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{&GUID_NULL, ACCESS_SYSTEM_SECURITY, L"ACCESS_SYSTEM_SECURITY",
SI_ACCESS_GENERAL|SI_ACCESS_SPECIFIC},
{ACCESS_NULL_ENTRY}
}
};
struct{
BYTE lACEType;
PTSTR pszTypeName;
}aceTypes[6] = {
{ACCESS_ALLOWED_ACE_TYPE, TEXT("ACCESS_ALLOWED_ACE_TYPE")},
{ACCESS_DENIED_ACE_TYPE, TEXT("ACCESS_DENIED_ACE_TYPE")},
{SYSTEM_AUDIT_ACE_TYPE, TEXT("SYSTEM_AUDIT_ACE_TYPE")},
{ACCESS_ALLOWED_OBJECT_ACE_TYPE,
TEXT("ACCESS_ALLOWED_OBJECT_ACE_TYPE")},
{ACCESS_DENIED_OBJECT_ACE_TYPE,
TEXT("ACCESS_DENIED_OBJECT_ACE_TYPE")},
{SYSTEM_AUDIT_OBJECT_ACE_TYPE,
TEXT("SYSTEM_AUDIT_OBJECT_ACE_TYPE")}};
struct{
ULONG lACEFlag;
PTSTR pszFlagName;
}aceFlags[7] = {
{INHERITED_ACE, TEXT("INHERITED_ACE")},
{CONTAINER_INHERIT_ACE, TEXT("CONTAINER_INHERIT_ACE")},
{OBJECT_INHERIT_ACE, TEXT("OBJECT_INHERIT_ACE")},
{INHERIT_ONLY_ACE, TEXT("INHERIT_ONLY_ACE")},
{NO_PROPAGATE_INHERIT_ACE, TEXT("NO_PROPAGATE_INHERIT_ACE")},
{FAILED_ACCESS_ACE_FLAG, TEXT("FAILED_ACCESS_ACE_FLAG")},
{SUCCESSFUL_ACCESS_ACE_FLAG,
TEXT("SUCCESSFUL_ACCESS_ACE_FLAG")}};
/////////////////////////////////////////////////////////////////////////////
// CACLDumpDlg �_�C�A���O
CACLDumpDlg::CACLDumpDlg(CWnd* pParent /*=NULL*/)
: CDialog(CACLDumpDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CACLDumpDlg)
m_strOwnerName = _T("");
m_strOwnerSID = _T("");
m_strName = _T("");
m_strHandle = _T("");
m_strGroupName = _T("");
m_strGroupSID = _T("");
m_strType = _T("");
m_strNewAceComputerName = _T("");
m_strNewAceUserName = _T("");
m_strNewAceUserSID = _T("");
//}}AFX_DATA_INIT
ASSERT(FALSE);
}
CACLDumpDlg::CACLDumpDlg(ObjInf* pObjInf): CDialog(CACLDumpDlg::IDD, NULL)
{
m_pObjInf = pObjInf;
}
void CACLDumpDlg::DoDataExchange(CDataExchange* pDX)
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CACLDumpDlg)
DDX_Control(pDX, IDC_COMBO_NEW_ACE_TYPE, m_comboNewAceType);
DDX_Control(pDX, IDC_LIST_NEW_ACE_FLAG, m_listNewAceFlag);
DDX_Control(pDX, IDC_LIST_NEW_ACE_MASK1, m_listNewAceMask1);
DDX_Control(pDX, IDC_LIST_NEW_ACE_MASK2, m_listNewAceMask2);
DDX_Control(pDX, IDC_ACE_ADD, m_btnAceAdd);
DDX_Control(pDX, IDC_ACE_DELETE, m_btnAceDelete);
DDX_Control(pDX, IDC_ACE_PEEK_ACCOUNT, m_btnAcePeekAccount);
DDX_Control(pDX, IDC_REFRESH, m_btnRefresh);
DDX_Control(pDX, IDC_MASK2_MASK1, m_btnMask2Mask);
DDX_Control(pDX, IDC_LIST_SACL, m_listSACL);
DDX_Control(pDX, IDC_LIST_DACL, m_listDACL);
DDX_Control(pDX, IDC_COMBO_GROUP_SID_TYPE, m_comboGroupSIDType);
DDX_Control(pDX, IDC_COMBO_OWNER_SID_TYPE, m_comboOwnerSIDType);
DDX_Text(pDX, IDC_OWNER_NAME, m_strOwnerName);
DDX_Text(pDX, IDC_OWNER_SID, m_strOwnerSID);
DDX_Text(pDX, IDC_NAME, m_strName);
DDX_Text(pDX, IDC_HANDLE, m_strHandle);
DDX_Text(pDX, IDC_GROUP_NAME, m_strGroupName);
DDX_Text(pDX, IDC_GROUP_SID, m_strGroupSID);
DDX_Text(pDX, IDC_TYPE, m_strType);
DDX_Text(pDX, IDC_EDIT_NEW_ACE_COMPUTER_NAME, m_strNewAceComputerName);
DDX_Text(pDX, IDC_EDIT_NEW_ACE_USER_NAME, m_strNewAceUserName);
DDX_Text(pDX, IDC_EDIT_NEW_ACE_USER_SID, m_strNewAceUserSID);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CACLDumpDlg, CDialog)
//{{AFX_MSG_MAP(CACLDumpDlg)
ON_BN_CLICKED(IDC_RADIO_DACL, OnRadioDacl)
ON_BN_CLICKED(IDC_RADIO_SACL, OnRadioSacl)
ON_NOTIFY(LVN_ITEMCHANGED, IDC_LIST_SACL, OnItemchangedListSacl)
ON_NOTIFY(LVN_ITEMCHANGED, IDC_LIST_DACL, OnItemchangedListDacl)
ON_BN_CLICKED(IDC_ACE_DELETE, OnAceDelete)
ON_BN_CLICKED(IDC_ACE_ADD, OnAceAdd)
ON_EN_CHANGE(IDC_GROUP, OnChangeGroup)
ON_EN_CHANGE(IDC_GROUP_SID, OnChangeGroupSid)
ON_EN_CHANGE(IDC_OWNER_NAME, OnChangeOwnerName)
ON_EN_CHANGE(IDC_OWNER_SID, OnChangeOwnerSid)
ON_BN_CLICKED(IDC_NEW_ACE_NEW_OWNER, OnNewAceNewOwner)
ON_BN_CLICKED(IDC_NEW_ACE_NEW_GROUP, OnNewAceNewGroup)
ON_BN_CLICKED(IDC_REFRESH, OnRefresh)
ON_BN_CLICKED(IDC_MASK2_MASK1, OnMask2Mask1)
ON_BN_CLICKED(IDC_ACE_PEEK_ACCOUNT, OnAcePeekAccount)
//}}AFX_MSG_MAP
ON_MESSAGE(WM_MASK_LIST_CHANGE, OnMaskListChange)
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CACLDumpDlg ���b�Z�[�W �n���h��
BOOL CACLDumpDlg::OnInitDialog()
{
CDialog::OnInitDialog();
m_tt.Create(this);
m_tt.AddWindowTool (GetDlgItem (IDC_ACE_ADD), _T("Add New Ace"));
m_tt.AddWindowTool (GetDlgItem (IDC_ACE_DELETE), _T("Delete Existing Ace"));
m_tt.AddWindowTool (GetDlgItem (IDC_ACE_PEEK_ACCOUNT), _T("Show Existing Account"));
m_tt.AddWindowTool (GetDlgItem (IDC_REFRESH), _T("Refresh"));
m_tt.AddWindowTool (GetDlgItem (IDC_MASK2_MASK1), _T("Update Bit MaskList with Right MaskList"));
m_comboOwnerSIDType.AddString(_T("SidTypeUser"));
m_comboOwnerSIDType.AddString(_T("SidTypeAlias"));
m_comboOwnerSIDType.AddString(_T("SidTypeWellKnownGroup"));
m_comboOwnerSIDType.AddString(_T("SidTypeGroup"));
m_comboOwnerSIDType.AddString(_T("???"));
m_comboGroupSIDType.AddString(_T("SidTypeUser"));
m_comboGroupSIDType.AddString(_T("SidTypeAlias"));
m_comboGroupSIDType.AddString(_T("SidTypeWellKnownGroup"));
m_comboGroupSIDType.AddString(_T("SidTypeGroup"));
m_comboGroupSIDType.AddString(_T("???"));
int count = 0;
m_listDACL.AddColumn(_T("User Name"), count++);
m_listDACL.AddColumn(_T("User SID "), count++);
m_listDACL.AddColumn(_T("ACE Type "), count++);
m_listDACL.AddColumn(_T("ACE Flag "), count++);
m_listDACL.AddColumn(_T("ACE Mask "), count++);
m_listDACL.AddColumn(_T("ACE Mask Parsed "), count++);
count = 0;
m_listSACL.AddColumn(_T("User Name"), count++);
m_listSACL.AddColumn(_T("User SID "), count++);
m_listSACL.AddColumn(_T("ACE Type "), count++);
m_listSACL.AddColumn(_T("ACE Flag "), count++);
m_listSACL.AddColumn(_T("ACE Mask "), count++);
m_listSACL.AddColumn(_T("ACE Mask Parsed "), count++);
CImageList image;
image.Create(MAKEINTRESOURCE(IDB_ACL), 16, 1, RGB(255, 0, 255));
m_listDACL.SetImageList(&image, LVSIL_SMALL);
m_listSACL.SetImageList(&image, LVSIL_SMALL);
image.Detach();
ListView_SetExtendedListViewStyle(m_listDACL.GetSafeHwnd(),
LVS_EX_FULLROWSELECT /*| LVS_EX_CHECKBOXES*/);
ListView_SetExtendedListViewStyle(m_listSACL.GetSafeHwnd(),
LVS_EX_FULLROWSELECT /*| LVS_EX_CHECKBOXES*/);
HWND hwnd = this->GetSafeHwnd();
::CheckRadioButton(hwnd, IDC_RADIO_DACL, IDC_RADIO_SACL, IDC_RADIO_DACL);
m_listSACL.ShowWindow(SW_HIDE);
m_listDACL.ShowWindow(SW_SHOW);
m_btnAceAdd.SetIcon (theApp.LoadIcon (IDI_ADD));
m_btnAceDelete.SetIcon (theApp.LoadIcon (IDI_DELETE));
m_btnAcePeekAccount.SetIcon (theApp.LoadIcon (IDI_PEEK));
m_btnRefresh.SetIcon (theApp.LoadIcon (IDI_REFRESH));
m_btnMask2Mask.SetIcon (theApp.LoadIcon (IDI_MASK2MASK));
for(int i = 0; i < 6; i++)
{
int index = m_comboNewAceType.AddString(aceTypes[i].pszTypeName);
m_comboNewAceType.SetItemData(index, aceTypes[i].lACEType);
}
m_comboNewAceType.AddString(_T("???"));
for(i = 0; i < 7; i++)
{
int index = m_listNewAceFlag.AddString(aceFlags[i].pszFlagName);
m_listNewAceFlag.SetItemData(index, aceFlags[i].lACEFlag);
}
m_listNewAceMask1.AddString(_T("0x00000001 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000002 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000004 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000008 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000010 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000020 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000040 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000080 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000100 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000200 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000400 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00000800 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00001000 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00002000 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00004000 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00008000 [Specific 15-0]"));
m_listNewAceMask1.AddString(_T("0x00010000 DELETE [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00020000 READ_CONTROL [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00040000 WRITE_DAC [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00080000 WRITE_OWNER [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00100000 SYNCHRONIZE [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00200000 [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00400000 [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x00800000 [Standard 23-16]"));
m_listNewAceMask1.AddString(_T("0x01000000 ACCESS_SYSTEM_SECURITY"));
m_listNewAceMask1.AddString(_T("0x02000000 MAXIMUM_ALLOWED"));
m_listNewAceMask1.AddString(_T("0x04000000 Reserved"));
m_listNewAceMask1.AddString(_T("0x08000000 Reserved"));
m_listNewAceMask1.AddString(_T("0x10000000 GENERIC_ALL [Generic 31-28]"));
m_listNewAceMask1.AddString(_T("0x20000000 GENERIC_EXECUTE [Generic 31-28]"));
m_listNewAceMask1.AddString(_T("0x40000000 GENERIC_WRITE [Generic 31-28]"));
m_listNewAceMask1.AddString(_T("0x80000000 GENERIC_READ [Generic 31-28]"));
i = 0;
while(gSiAccessAllRights[m_pObjInf->m_pEntry->m_nSpecificType][i].mask != 0)
{
CString str = gSiAccessAllRights[m_pObjInf->m_pEntry->m_nSpecificType][i].pszName;
CString str2;
str2.Format(_T("0x%0X"), gSiAccessAllRights[m_pObjInf->m_pEntry->m_nSpecificType][i].mask);
int index = m_listNewAceMask2.AddString(str + _T("--") + str2);
m_listNewAceMask2.SetItemData(index, gSiAccessAllRights[m_pObjInf->m_pEntry->m_nSpecificType][i].mask);
i++;
}
//check if we need make a horizontal bar
int width = 0;
HDC hDC = ::GetDC(m_listNewAceMask1.GetSafeHwnd());
CSize size; TEXTMETRIC tm; ::GetTextMetrics(hDC, &tm);
for(i = 0; i < m_listNewAceMask1.GetCount(); i++)
{
CString str;
m_listNewAceMask1.GetText(i, str);
::GetTextExtentPoint32(hDC, str, str.GetLength(), &size);
if(size.cx > width)
width = size.cx;
}
::SendMessage(m_listNewAceMask1.GetSafeHwnd(),
LB_SETHORIZONTALEXTENT, (WPARAM) width, (LPARAM)0);
::ReleaseDC(m_listNewAceMask1.GetSafeHwnd(), hDC);
width = 0;
hDC = ::GetDC(m_listNewAceMask2.GetSafeHwnd());
::GetTextMetrics(hDC, &tm);
for(i = 0; i < m_listNewAceMask2.GetCount(); i++)
{
CString str;
m_listNewAceMask2.GetText(i, str);
::GetTextExtentPoint32(hDC, str, str.GetLength(), &size);
if(size.cx > width)
width = size.cx;
}
::SendMessage(m_listNewAceMask2.GetSafeHwnd(),
LB_SETHORIZONTALEXTENT, (WPARAM) width, (LPARAM)0);
::ReleaseDC(m_listNewAceMask2.GetSafeHwnd(), hDC);
Refresh();
UpdateData(FALSE);
return TRUE; // �R���g���[���Ƀt�H�[�J�X��ݒ肵�Ȃ��Ƃ��A�߂�l�� TRUE �ƂȂ�܂�
// ��O: OCX �v���p�e�B �y�[�W�̖߂�l�� FALSE �ƂȂ�܂�
}
void CACLDumpDlg::Refresh()
{
int count = m_listDACL.GetItemCount();
for(int i = count - 1; i >= 0; i--)
{
ListCtrlItemData* pData = (ListCtrlItemData*)m_listDACL.GetItemData(i);
delete pData;
m_listDACL.SetItemData(i, 0);
}
count = m_listSACL.GetItemCount();
for(i = count - 1; i >= 0; i--)
{
ListCtrlItemData* pData = (ListCtrlItemData*)m_listSACL.GetItemData(i);
delete pData;
m_listSACL.SetItemData(i, 0);
}
m_listDACL.DeleteAllItems();
m_listSACL.DeleteAllItems();
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_GROUP), FALSE);
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_OWNER), FALSE);
PSECURITY_DESCRIPTOR pSD = NULL;
PSID pOwnerSID, pGroupSID;
PACL pDacl, pSacl;
m_strType = m_pObjInf->m_pEntry->m_pszComboText;
ULONG lErr;
//To Get SACL need Priv --
//otherwise error 1314 ERROR_PRIVILEGE_NOT_HELD
//BOOL b1 = ::SetCurrentPrivilege(NULL, L"SeTcbPrivilege", TRUE);
//BOOL b2 = ::SetCurrentPrivilege(NULL, L"SeTakeOwnershipPrivilege", TRUE);
BOOL bAccessSACL = ::SetCurrentPrivilege(NULL, L"SeSecurityPrivilege", TRUE);
if(!bAccessSACL)
{
PopMsg(_T("Unable Set SeSecurityPrivilege, No SACL Support"));
}
if (m_pObjInf->m_szName[0] != 0) // Is it named
{
if(bAccessSACL)
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
}
else
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
m_strName = m_pObjInf->m_szName;
m_strHandle = _T("");
UpdateData(FALSE);
}
else // Is it a handle case
{
if(bAccessSACL)
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
//You can cope with Service, File but you can not do with
//Thread, Process, WindowStation, ....
if (lErr != ERROR_SUCCESS) //Give up the SACL
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
if (lErr == ERROR_SUCCESS) //ok, no SACL
{
bAccessSACL = FALSE;
}
}
}
else
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
m_strHandle.Format(_T("0x%x"), m_pObjInf->m_hHandle);
UpdateData(FALSE);
}
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("GetNamedSecurityInfo %d"), lErr);
::MessageBox(NULL, TEXT("An error occurred retrieving security ")
TEXT("information for this object, \npossibly due to insufficient")
TEXT(" access rights. AccessMaster \nhas created an empty security")
TEXT(" descriptor for editing."), TEXT("AccessMaster Notice"), MB_OK);
return;
}
CAutoBuf<TCHAR, sizeof(TCHAR)> szName;
CAutoBuf<TCHAR, sizeof(TCHAR)> szDomain;
SID_NAME_USE sidUse;
BOOL fSuccess;
//Show Owner Info
do
{
fSuccess = LookupAccountSid(NULL, //Local Machine
pOwnerSID, szName, szName,
szDomain, szDomain, &sidUse);
}
while (!fSuccess && (GetLastError() == ERROR_INSUFFICIENT_BUFFER));
switch (sidUse)
{
case SidTypeUser:
m_comboOwnerSIDType.SetCurSel(0);
break;
case SidTypeAlias:
m_comboOwnerSIDType.SetCurSel(1);
break;
case SidTypeWellKnownGroup:
m_comboOwnerSIDType.SetCurSel(2);
break;
case SidTypeGroup:
m_comboOwnerSIDType.SetCurSel(3);
break;
default:
m_comboOwnerSIDType.SetCurSel(4);
break;
}
if(!fSuccess)
{
PWSTR pwstr;
if(ConvertSidToStringSid(pOwnerSID, &pwstr))
{
szName = (lstrlen(pwstr) + 1);
lstrcpy(szName, pwstr);
LocalFree(pwstr);
szDomain = 1;
szDomain[0] = 0;
}
::lstrcpy(m_strOwnerSID.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strOwnerSID.ReleaseBuffer((UINT)szName);
//m_strOwnderSID = szName;
m_strOwnerName = m_strOwnerSID;
}
else
{
::lstrcpy(m_strOwnerName.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strOwnerName.ReleaseBuffer((UINT)szName);
PWSTR pwstr;
if(ConvertSidToStringSid(pOwnerSID, &pwstr))
{
szName = (lstrlen(pwstr) + 1);
lstrcpy(szName, pwstr);
LocalFree(pwstr);
szDomain = 1;
szDomain[0] = 0;
}
::lstrcpy(m_strOwnerSID.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strOwnerSID.ReleaseBuffer((UINT)szName);
//m_strOwnderSID = szName;
}
//Show Group Info
do
{
fSuccess = LookupAccountSid(NULL, //Local Machine
pGroupSID, szName, szName,
szDomain, szDomain, &sidUse);
}
while (!fSuccess && (GetLastError() == ERROR_INSUFFICIENT_BUFFER));
switch (sidUse)
{
case SidTypeUser:
m_comboGroupSIDType.SetCurSel(0);
break;
case SidTypeAlias:
m_comboGroupSIDType.SetCurSel(1);
break;
case SidTypeWellKnownGroup:
m_comboGroupSIDType.SetCurSel(2);
break;
case SidTypeGroup:
m_comboGroupSIDType.SetCurSel(3);
break;
default:
m_comboGroupSIDType.SetCurSel(4);
break;
}
if(!fSuccess)
{
PWSTR pwstr;
if(ConvertSidToStringSid(pGroupSID, &pwstr))
{
szName = (lstrlen(pwstr) + 1);
lstrcpy(szName, pwstr);
LocalFree(pwstr);
szDomain = 1;
szDomain[0] = 0;
}
::lstrcpy(m_strGroupSID.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strGroupSID.ReleaseBuffer((UINT)szName);
//m_strGroupSID = szName;
m_strGroupName = m_strGroupSID;
}
else
{
::lstrcpy(m_strGroupName.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strGroupName.ReleaseBuffer((UINT)szName);
PWSTR pwstr;
if(ConvertSidToStringSid(pOwnerSID, &pwstr))
{
szName = (lstrlen(pwstr) + 1);
lstrcpy(szName, pwstr);
LocalFree(pwstr);
szDomain = 1;
szDomain[0] = 0;
}
::lstrcpy(m_strGroupSID.GetBuffer((UINT)szName), (TCHAR*)szName);
m_strGroupSID.ReleaseBuffer((UINT)szName);
//m_strGroupSID = szName;
}
//Fill Dump the DACL List
// Compiler Error C2712
// cannot use __try in functions that require object unwinding
// You cannot have objects that require unwinding in a function
// with structured exception handling.
//
// To avoid this error message, compile using the /GX- option.
//
// The error can be avoided when using the /GX option by not
// having local variables or parameters with types that have
// destructors in a function that uses structured exception
// handling (SEH). Furthermore, SEH cannot be used in constructors
// or destructors if using /GX. Code that requires SEH can also
// be moved to another function in order to avoid the error.
{
//__try{
if (pDacl == NULL)
{
//_tprintf(TEXT("NULL DACL\n"));
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
ACL_SIZE_INFORMATION aclSize = {0};
if (!GetAclInformation(pDacl, &aclSize, sizeof(aclSize),
AclSizeInformation))
{
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//__leave;
//_tprintf(TEXT("ACL ACE count: %d\n"), aclSize.AceCount);
for (ULONG lIndex = 0;lIndex < aclSize.AceCount;lIndex++)
{
CString strAceType, strAceFlag, strAceMask, strAceAccountName, strAceAccountSID, strAceMaskName;
ACCESS_ALLOWED_ACE* pACE;
if (!GetAce(pDacl, lIndex, (PVOID*)&pACE))
{
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//_tprintf(TEXT("\nACE #%d\n"), lIndex);
ListCtrlItemData* pItemData = new ListCtrlItemData;
int iImage = 0;
ULONG lIndex2 = 6;
PTSTR pszString = TEXT("Unknown ACE Type");
while (lIndex2--)
{
if(pACE->Header.AceType == aceTypes[lIndex2].lACEType)
{
pszString = aceTypes[lIndex2].pszTypeName;
if(lIndex2%3 == 0) iImage = 0;
else if(lIndex2%3 == 1) iImage = 1;
else if(lIndex2%3 == 2) iImage = 2;
}
}
pItemData->dwAceType = pACE->Header.AceType;
//_tprintf(TEXT(" ACE Type =\n \t%s\n"), pszString);
strAceType.Format(_T("%s"), pszString);
//_tprintf(TEXT(" ACE Flags = \n"));
CString strHelper;
lIndex2 = 7;
while (lIndex2--)
{
if ((pACE->Header.AceFlags & aceFlags[lIndex2].lACEFlag)
!= 0)
{
//_tprintf(TEXT(" \t%s\n"), aceFlags[lIndex2].pszFlagName);
strHelper.Format(_T("%s"), aceFlags[lIndex2].pszFlagName);
strAceFlag += strHelper;
strAceFlag += _T(" | ");
}
}
if(strAceFlag.GetLength() > 3)
strAceFlag = strAceFlag.Left(strAceFlag.GetLength() - 3);
pItemData->dwAceFlag = pACE->Header.AceFlags;
//_tprintf(TEXT(" ACE Mask (32->0) =\n \t"));
lIndex2 = (ULONG)1<<31;
strAceMask.Empty();
int nSpec = 0;
while (lIndex2)
{
//_tprintf(((pACE->Mask & lIndex2) != 0)?TEXT("1"):TEXT("0"));
strAceMask += (pACE->Mask & lIndex2) != 0 ? TEXT("1"):TEXT("0");
nSpec++;
if(nSpec%4 == 0)
strAceMask += _T(" ");
lIndex2>>=1;
}
pItemData->dwAceMask = pACE->Mask;
//Parse Access Mask
int nType = m_pObjInf->m_pEntry->m_nSpecificType;
int indexMaskArray = 0;
while(gSiAccessAllRights[nType][indexMaskArray].mask != 0)
{
DWORD dwMask = gSiAccessAllRights[nType][indexMaskArray].mask;
if((dwMask & pACE->Mask) == dwMask)
{
strHelper = gSiAccessAllRights[nType][indexMaskArray].pszName;
strAceMaskName += strHelper;
strAceMaskName += _T(" | ");
}
indexMaskArray++;
}
if(strAceMaskName.GetLength() > 3)
strAceMaskName = strAceMaskName.Left(strAceMaskName.GetLength() - 3);
//SI_ACCESS CSecurityInformation::m_siAccessAllRights[][19] = {
TCHAR szName[1024];
TCHAR szDom[1024];
PSID pSID = PSIDFromPACE(pACE);
//DWORD dwSidLength = GetLengthSid(pSID);
SID_NAME_USE sidUse;
ULONG lLen1 = 1024, lLen2 = 1024;
if(!LookupAccountSid(NULL, pSID,
szName, &lLen1, szDom, &lLen2, &sidUse))
{
lstrcpy(szName, TEXT("Unknown"));
}
PTSTR pszSID;
if(!ConvertSidToStringSid(pSID, &pszSID))
{
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//_tprintf(TEXT("\n ACE SID =\n \t%s (%s)\n"), pszSID, szName);
strAceAccountName = szName;
strAceAccountSID = pszSID;
LocalFree(pszSID);
int count = m_listDACL.GetItemCount();
m_listDACL.AddItem(count, 0, strAceAccountName);
m_listDACL.AddItem(count, 1, strAceAccountSID);
m_listDACL.AddItem(count, 2, strAceType);
m_listDACL.AddItem(count, 3, strAceFlag);
m_listDACL.AddItem(count, 4, strAceMask);
m_listDACL.AddItem(count, 5, strAceMaskName);
m_listDACL.SetItemData(count, (DWORD)pItemData);
LVITEM lv;
lv.iItem = count;
lv.mask = LVIF_IMAGE;
lv.iImage = iImage;
ListView_SetItem(m_listDACL.GetSafeHwnd(), &lv);
}
}
//}__finally{}
if(!bAccessSACL)
{
HWND hwndCtrl = ::GetDlgItem(this->GetSafeHwnd(), IDC_RADIO_SACL);
::EnableWindow(hwndCtrl, FALSE);
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//Do we have right to access SACL
if(bAccessSACL)
{
//__try{
if (pSacl == NULL)
{
//_tprintf(TEXT("NULL DACL\n"));
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
ACL_SIZE_INFORMATION aclSize = {0};
if (!GetAclInformation(pSacl, &aclSize, sizeof(aclSize),
AclSizeInformation))
{
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//__leave;
//_tprintf(TEXT("ACL ACE count: %d\n"), aclSize.AceCount);
for (ULONG lIndex = 0;lIndex < aclSize.AceCount;lIndex++)
{
CString strAceType, strAceFlag, strAceMask, strAceAccountName, strAceAccountSID, strAceMaskName;
ACCESS_ALLOWED_ACE* pACE;
if (!GetAce(pSacl, lIndex, (PVOID*)&pACE))
{
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
ListCtrlItemData* pItemData = new ListCtrlItemData;
//_tprintf(TEXT("\nACE #%d\n"), lIndex);
int iImage = 0;
ULONG lIndex2 = 6;
PTSTR pszString = TEXT("Unknown ACE Type");
while (lIndex2--)
{
if(pACE->Header.AceType == aceTypes[lIndex2].lACEType)
{
pszString = aceTypes[lIndex2].pszTypeName;
if(lIndex2%3 == 0) iImage = 0;
else if(lIndex2%3 == 1) iImage = 1;
else if(lIndex2%3 == 2) iImage = 2;
}
}
//_tprintf(TEXT(" ACE Type =\n \t%s\n"), pszString);
strAceType.Format(_T("%s"), pszString);
pItemData->dwAceType = pACE->Header.AceType;
//_tprintf(TEXT(" ACE Flags = \n"));
CString strHelper;
lIndex2 = 7;
while (lIndex2--)
{
if ((pACE->Header.AceFlags & aceFlags[lIndex2].lACEFlag)
!= 0)
{
//_tprintf(TEXT(" \t%s\n"), aceFlags[lIndex2].pszFlagName);
strHelper.Format(_T("%s"), aceFlags[lIndex2].pszFlagName);
strAceFlag += strHelper;
strAceFlag += _T(" | ");
}
}
if(strAceFlag.GetLength() > 3)
strAceFlag = strAceFlag.Left(strAceFlag.GetLength() - 3);
pItemData->dwAceFlag = pACE->Header.AceFlags;
//_tprintf(TEXT(" ACE Mask (32->0) =\n \t"));
lIndex2 = (ULONG)1<<31;
strAceMask.Empty();
int nSpec = 0;
while (lIndex2)
{
//_tprintf(((pACE->Mask & lIndex2) != 0)?TEXT("1"):TEXT("0"));
strAceMask += (pACE->Mask & lIndex2) != 0 ? TEXT("1"):TEXT("0");
nSpec++;
if(nSpec%4 == 0)
strAceMask += _T(" ");
lIndex2>>=1;
}
pItemData->dwAceMask = pACE->Mask;
//Parse Access Mask
int nType = m_pObjInf->m_pEntry->m_nSpecificType;
int indexMaskArray = 0;
while(gSiAccessAllRights[nType][indexMaskArray].mask != 0)
{
DWORD dwMask = gSiAccessAllRights[nType][indexMaskArray].mask;
if((dwMask & pACE->Mask) == dwMask)
{
strHelper = gSiAccessAllRights[nType][indexMaskArray].pszName;
strAceMaskName += strHelper;
strAceMaskName += _T(" | ");
}
indexMaskArray++;
}
if(strAceMaskName.GetLength() > 3)
strAceMaskName = strAceMaskName.Left(strAceMaskName.GetLength() - 3);
TCHAR szName[1024];
TCHAR szDom[1024];
PSID pSID = PSIDFromPACE(pACE);
SID_NAME_USE sidUse;
ULONG lLen1 = 1024, lLen2 = 1024;
if(!LookupAccountSid(NULL, pSID,
szName, &lLen1, szDom, &lLen2, &sidUse))
{
lstrcpy(szName, TEXT("Unknown"));
}
PTSTR pszSID;
if(!ConvertSidToStringSid(pSID, &pszSID))
{
//__leave;
if(pSD != NULL) ::LocalFree(pSD);
return;
}
//_tprintf(TEXT("\n ACE SID =\n \t%s (%s)\n"), pszSID, szName);
strAceAccountName = szName;
strAceAccountSID = pszSID;
LocalFree(pszSID);
int count = m_listSACL.GetItemCount();
m_listSACL.AddItem(count, 0, strAceAccountName);
m_listSACL.AddItem(count, 1, strAceAccountSID);
m_listSACL.AddItem(count, 2, strAceType);
m_listSACL.AddItem(count, 3, strAceFlag);
m_listSACL.AddItem(count, 4, strAceMask);
m_listDACL.AddItem(count, 5, strAceMaskName);
m_listDACL.SetItemData(count, (DWORD)pItemData);
LVITEM lv;
lv.iItem = count;
lv.mask = LVIF_IMAGE;
lv.iImage = iImage;
ListView_SetItem(m_listSACL.GetSafeHwnd(), &lv);
}
}
//}__finally{}
if(pSD != NULL) ::LocalFree(pSD);
}
void CACLDumpDlg::OnRadioDacl()
{
HWND hwnd = this->GetSafeHwnd();
::CheckRadioButton(hwnd, IDC_RADIO_DACL, IDC_RADIO_SACL, IDC_RADIO_DACL);
m_listSACL.ShowWindow(SW_HIDE);
m_listDACL.ShowWindow(SW_SHOW);
int selected = m_listDACL.GetNextItem(-1, LVNI_SELECTED);
if(selected != -1)
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, TRUE);
}
else
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, FALSE);
}
}
void CACLDumpDlg::OnRadioSacl()
{
HWND hwnd = this->GetSafeHwnd();
::CheckRadioButton(hwnd, IDC_RADIO_DACL, IDC_RADIO_SACL, IDC_RADIO_SACL);
m_listSACL.ShowWindow(SW_SHOW);
m_listDACL.ShowWindow(SW_HIDE);
int selected = m_listSACL.GetNextItem(-1, LVNI_SELECTED);
if(selected != -1)
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, TRUE);
}
else
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, FALSE);
}
}
void NameEdit2SIDEdit(HWND hDlg, UINT nNameEditID, UINT nSIDEditID)
{
CString strName;
UINT nRet = ::GetDlgItemText(hDlg, nNameEditID, strName.GetBuffer(MAX_PATH), MAX_PATH);
strName.ReleaseBuffer(nRet);
CString strComputerName = _T("");
BYTE sid[50];
DWORD dwSizeSid = 50;
TCHAR szDomain[MAX_PATH];
DWORD dwSizeDomain = MAX_PATH;
SID_NAME_USE use;
BOOL fRet = LookupAccountName(strComputerName.IsEmpty() ? (LPCTSTR)strComputerName : NULL,
strName, &sid, &dwSizeSid, szDomain, &dwSizeDomain, &use);
if(fRet)
{
LPTSTR UsrSIDString;
if(ConvertSidToStringSid((PSID)sid, &UsrSIDString))
{
CString strSID = UsrSIDString;
::SetDlgItemText(hDlg, nSIDEditID,strSID);
}
else
::SetDlgItemText(hDlg, nSIDEditID,_T("???"));
::LocalFree(UsrSIDString);
}
else
::SetDlgItemText(hDlg, nSIDEditID,_T("???"));
}
void SIDEdit2NameEdit(HWND hDlg, UINT nSIDEditID, UINT nNameEditID)
{
CString strSID;
UINT nRet = ::GetDlgItemText(hDlg, nSIDEditID, strSID.GetBuffer(MAX_PATH), MAX_PATH);
strSID.ReleaseBuffer(nRet);
CString strComputerName = _T("");
PSID pSid;
if(!ConvertStringSidToSid(strSID, &pSid))
{
::SetDlgItemText(hDlg, nNameEditID,_T("???"));
}
else
{
CAutoBuf<TCHAR, sizeof(TCHAR)> szName;
CAutoBuf<TCHAR, sizeof(TCHAR)> szDomain;
BOOL fSuccess;
SID_NAME_USE sidUse;
do
{
fSuccess = ::LookupAccountSid(strComputerName.IsEmpty() ? (LPCTSTR)strComputerName : NULL,
pSid, szName, szName, szDomain, szDomain, &sidUse);
}
while (!fSuccess && (GetLastError() == ERROR_INSUFFICIENT_BUFFER));
if(!fSuccess)
{
// No name, we try to connvert the SID to a string
PWSTR pwstr;
if(!ConvertSidToStringSid(pSid, &pwstr))
{
szName = (lstrlen(pwstr) + 1);
lstrcpy(szName, pwstr);
LocalFree(pwstr);
szDomain = 1;
szDomain[0] = 0;
}
}
::SetDlgItemText(hDlg, nNameEditID,(LPCTSTR)(TCHAR*)szName);
}
::LocalFree(pSid);
}
BOOL CACLDumpDlg::PreTranslateMessage(MSG* pMsg)
{
//Ctrl+C
if(pMsg->message == WM_KEYDOWN && pMsg->wParam == 0x43)
{
//check if the ctrl key is down
//AfxMessageBox("");
WORD dw = (WORD)GetAsyncKeyState(VK_CONTROL);
if(dw & 0x8000 == 0x8000) //down
{
CListCtrlEx* pList = NULL;
if(pMsg->hwnd == m_listDACL.GetSafeHwnd())
pList = &m_listDACL;
else if(pMsg->hwnd == m_listSACL.GetSafeHwnd())
pList = &m_listSACL;
//AfxMessageBox("Ctrl+C");
if(pList)
{
CString strClip;
int nIndex = pList->GetNextItem(-1, LVNI_SELECTED);
while(nIndex != -1)
{
for(int i = 0; i < 6; i++)
{
CString str = pList->GetItemText(nIndex,i);
str += _T("\t");
strClip += str;
}
if(strClip.GetLength() > 1)
strClip = strClip.Left(strClip.GetLength() - 1);
nIndex = pList->GetNextItem(nIndex, LVNI_SELECTED);
}
SetClipText(strClip);
return TRUE;
}
}
}
HWND hEditOwner, hEditOwnerSID, hEditGroup, hEditGroupSID;
hEditOwner = ::GetDlgItem(m_hWnd, IDC_OWNER_NAME);
hEditOwnerSID = ::GetDlgItem(m_hWnd, IDC_OWNER_SID);
hEditGroup = ::GetDlgItem(m_hWnd, IDC_GROUP_NAME);
hEditGroupSID = ::GetDlgItem(m_hWnd, IDC_GROUP_SID);
HWND hEditNewAceName = ::GetDlgItem(m_hWnd, IDC_EDIT_NEW_ACE_USER_NAME);
HWND hEditNewAceSID = ::GetDlgItem(m_hWnd, IDC_EDIT_NEW_ACE_USER_SID);
if(pMsg->message == WM_KEYDOWN && pMsg->wParam == VK_RETURN)
{
HWND hWnd = ::GetFocus();
if(hWnd == hEditOwner) //
{
CWaitCursor cursor;
NameEdit2SIDEdit(m_hWnd, IDC_OWNER_NAME, IDC_OWNER_SID);
return TRUE;
}
else if(hWnd == hEditOwnerSID)
{
CWaitCursor cursor;
SIDEdit2NameEdit(m_hWnd, IDC_OWNER_SID, IDC_OWNER_NAME);
return TRUE;
}
else if(hWnd == hEditGroup)
{
CWaitCursor cursor;
NameEdit2SIDEdit(m_hWnd, IDC_GROUP_NAME, IDC_GROUP_SID);
return TRUE;
}
else if(hWnd == hEditGroupSID)
{
CWaitCursor cursor;
SIDEdit2NameEdit(m_hWnd, IDC_GROUP_SID, IDC_GROUP_NAME);
return TRUE;
}
else if(hWnd == hEditNewAceName)
{
CWaitCursor cursor;
NameEdit2SIDEdit(m_hWnd, IDC_EDIT_NEW_ACE_USER_NAME, IDC_EDIT_NEW_ACE_USER_SID);
return TRUE;
}
else if(hWnd == hEditNewAceSID)
{
CWaitCursor cursor;
SIDEdit2NameEdit(m_hWnd, IDC_EDIT_NEW_ACE_USER_SID, IDC_EDIT_NEW_ACE_USER_NAME);
return TRUE;
}
}
HWND hListMask1 = ::GetDlgItem(m_hWnd, IDC_LIST_NEW_ACE_MASK1);
HWND hListMask2 = ::GetDlgItem(m_hWnd, IDC_LIST_NEW_ACE_MASK2);
if(::GetFocus() == hListMask1 && ((pMsg->message >= WM_KEYFIRST
&& pMsg->message <= WM_KEYLAST ) || (pMsg->message >= WM_MOUSEFIRST
&& pMsg->message <= WM_MOUSELAST)))
{
::PostMessage(m_hWnd, WM_MASK_LIST_CHANGE, (WPARAM)IDC_LIST_NEW_ACE_MASK1, 0);
}
if(::GetFocus() == hListMask2 && ((pMsg->message >= WM_KEYFIRST
&& pMsg->message <= WM_KEYLAST ) || (pMsg->message >= WM_MOUSEFIRST
&& pMsg->message <= WM_MOUSELAST)))
{
::PostMessage(m_hWnd, WM_MASK_LIST_CHANGE, (WPARAM)IDC_LIST_NEW_ACE_MASK2, 0);
}
return CDialog::PreTranslateMessage(pMsg);
}
void CACLDumpDlg::OnItemchangedListSacl(NMHDR* pNMHDR, LRESULT* pResult)
{
//NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
if(IsDlgButtonChecked(IDC_RADIO_SACL))
{
int selected = m_listSACL.GetNextItem(-1, LVNI_SELECTED);
if(selected != -1)
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, TRUE);
CString strUserName = m_listSACL.GetItemText(selected, 0);
ListCtrlItemData* pItemData = (ListCtrlItemData*)m_listSACL.GetItemData(selected);
if(pItemData != NULL)
ZoomAceFromList(_T(""), strUserName, NULL, pItemData);
}
else
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, FALSE);
}
}
*pResult = 0;
}
void CACLDumpDlg::OnItemchangedListDacl(NMHDR* pNMHDR, LRESULT* pResult)
{
//NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
if(IsDlgButtonChecked(IDC_RADIO_DACL))
{
int selected = m_listDACL.GetNextItem(-1, LVNI_SELECTED);
if(selected != -1)
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, TRUE);
CString strUserName = m_listDACL.GetItemText(selected, 0);
ListCtrlItemData* pItemData = (ListCtrlItemData*)m_listDACL.GetItemData(selected);
if(pItemData != NULL)
ZoomAceFromList(_T(""), strUserName, NULL, pItemData);
}
else
{
HWND hwndCtrl = ::GetDlgItem(m_hWnd, IDC_ACE_DELETE);
::EnableWindow(hwndCtrl, FALSE);
}
}
*pResult = 0;
}
void CACLDumpDlg::ZoomAceFromList(CString strComputerName, CString strUserName,
PSID pUserSID, ListCtrlItemData* pItemData)
{
m_strNewAceComputerName = strComputerName;
m_strNewAceUserName = strUserName;
if(pUserSID == NULL) //use username then
{
BYTE sid[50];
DWORD dwSizeSid = 50;
TCHAR szDomain[MAX_PATH];
DWORD dwSizeDomain = MAX_PATH;
SID_NAME_USE use;
BOOL fRet = LookupAccountName(strComputerName.IsEmpty() ? (LPCTSTR)strComputerName : NULL, strUserName,
&sid, &dwSizeSid, szDomain, &dwSizeDomain, &use);
if(fRet)
{
LPTSTR UsrSIDString;
if(ConvertSidToStringSid((PSID)sid, &UsrSIDString))
{
m_strNewAceUserSID = UsrSIDString;
}
::LocalFree(UsrSIDString);
}
}
else //use sid to get user name
{
LPTSTR UsrSIDString;
if(ConvertSidToStringSid((PSID)(pUserSID), &UsrSIDString))
{
m_strNewAceUserSID = UsrSIDString;
}
::LocalFree(UsrSIDString);
}
UpdateData(FALSE);
int count = m_listNewAceFlag.GetCount();
while(--count && count >= 0)
m_listNewAceFlag.SetCheck(count, 0);
count = m_comboNewAceType.GetCount();
for(int i = 0; i < count; i++)
{
if(pItemData->dwAceType == m_comboNewAceType.GetItemData(i))
{
m_comboNewAceType.SetCurSel(i);
break;
}
}
if(i == count) m_comboNewAceType.SetCurSel(i-1);
count = m_listNewAceFlag.GetCount();
for(i = 0; i < count; i++)
{
if(pItemData->dwAceFlag == m_listNewAceFlag.GetItemData(i))
{
m_listNewAceFlag.SetCheck(i, 1);
}
}
count = m_listNewAceMask1.GetCount();
while(--count && count >= 0)
m_listNewAceMask1.SetCheck(count, 0);
count = m_listNewAceMask2.GetCount();
while(--count && count >= 0)
m_listNewAceMask2.SetCheck(count, 0);
DWORD dw = 1;
for(i = 0; i < 32; i++)
{
if((dw & pItemData->dwAceMask) == dw)
m_listNewAceMask1.SetCheck(i, 1);
dw <<= 1;
}
count = m_listNewAceMask2.GetCount();
for(i = 0; i < count; i++)
{
DWORD dw = m_listNewAceMask2.GetItemData(i);
if((dw & pItemData->dwAceMask) == dw)
m_listNewAceMask2.SetCheck(i, 1);
}
}
void CACLDumpDlg::OnAceDelete()
{
BOOL bDACL = FALSE;
int selected = -1;
if(IsDlgButtonChecked(IDC_RADIO_DACL))
{
selected = m_listDACL.GetNextItem(-1, LVNI_SELECTED);
if(selected == -1) return;
bDACL = TRUE;
}
else
{
selected = m_listSACL.GetNextItem(-1, LVNI_SELECTED);
if(selected == -1) return;
}
PSECURITY_DESCRIPTOR pSD;
PSID pOwnerSID, pGroupSID;
PACL pDacl, pSacl;
ULONG lErr;
//To Get SACL need Priv --
//otherwise error 1314 ERROR_PRIVILEGE_NOT_HELD
BOOL bAccessSACL;
if(!bDACL)
bAccessSACL = ::SetCurrentPrivilege(NULL, L"SeSecurityPrivilege", TRUE);
if(!bAccessSACL && !bDACL)
{
PopMsg(_T("Unable Set SeSecurityPrivilege, No SACL Support"));
return;
}
if (m_pObjInf->m_szName[0] != 0) // Is it named
{
if(bAccessSACL && !bDACL)
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
}
else
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
}
else // Is it a handle case
{
if(bAccessSACL && !bDACL)
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
}
else
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
}
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("GetNamedSecurityInfo %d"), lErr);
return;
}
ACL_SIZE_INFORMATION aclSize = {0};
if(bDACL)
{
if(!GetAclInformation(pDacl, &aclSize, sizeof(aclSize), AclSizeInformation))
return;
if(selected >= (int)aclSize.AceCount) return;
BOOL bRet = DeleteAce(pDacl, selected);
if(!bRet) { ReportErr(_T("Delete ACE Failure")); return; }
//Set DACL back
if (m_pObjInf->m_szName[0] != 0) // Is it named
lErr = ::SetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION,
NULL, NULL, pDacl, NULL);
else // Is it a handle case
lErr = SetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION,
NULL, NULL, pDacl, NULL);
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("GetNamedSecurityInfo %d"), lErr);
return;
}
Refresh();
}
else
{
if(!GetAclInformation(pSacl, &aclSize, sizeof(aclSize), AclSizeInformation))
return;
if(selected >= (int)aclSize.AceCount) return;
BOOL bRet = DeleteAce(pSacl, selected);
if(!bRet) { ReportErr(_T("Delete ACE Failure")); return; }
Refresh();
}
}
//typedef union _ACE_UNION{
// ACE_HEADER aceHeader;
// ACCESS_ALLOWED_ACE aceAllowed;
// ACCESS_DENIED_ACE aceDenied;
// SYSTEM_AUDIT_ACE aceAudit;
//} *PACE_UNION, ACE_UNION, *LPACE_UNION;
//typedef struct _ACE_HEADER {
// BYTE AceType;
// BYTE AceFlags;
// WORD AceSize;
//} ACE_HEADER, *PACE_HEADER; //
//AceSize = 8 + Sid's Length
//8 = sizeof (ACCESS_ALLOWED_ACE) - sizeof (ACCESS_ALLOWED_ACE.SidStart)
PACE_UNION MakeACEUnion(DWORD dwType, DWORD dwFlag, DWORD dwMask, PSID pSid)
{
if(dwType == ACCESS_ALLOWED_ACE_TYPE)
{
//typedef struct _ACCESS_ALLOWED_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// DWORD SidStart;
//} ACCESS_ALLOWED_ACE;
LONG dwSize = 8;////sizeof(ACCESS_ALLOWED_ACE) - sizeof(ACCESS_ALLOWED_ACE.SidStart);
dwSize += GetLengthSid(pSid);
LPVOID lpRet = LocalAlloc(LPTR, dwSize);
PACE_UNION pAce = (PACE_UNION)lpRet;
pAce->aceAllowed.Header.AceType = (BYTE)dwType;
pAce->aceAllowed.Header.AceFlags = (BYTE)dwFlag;
int _8 = sizeof(pAce->aceAllowed) - sizeof(pAce->aceAllowed.SidStart);
pAce->aceAllowed.Header.AceSize = (WORD)(_8 + GetLengthSid(pSid));
pAce->aceAllowed.Mask = (ACCESS_MASK)dwMask;
//#define PSIDFromPACE(pACE) ((PSID)(&((pACE)->SidStart)))
PSID pInsideSID = (PSID)&(pAce->aceAllowed.SidStart);
::CopySid(GetLengthSid(pSid), pInsideSID, pSid);
//pAce->aceAllowed.SidStart = *((DWORD*)(pSid));
//LPBYTE lpByte = (LPBYTE)lpRet;
//lpByte += sizeof(ACE_HEADER) + sizeof(ACCESS_MASK);
//PSID pInsideSID = (PSID)lpByte;
//::CopySid(GetLengthSid(pSid), pInsideSID, pSid);
return pAce;
}
else if(dwType == ACCESS_DENIED_ACE_TYPE)
{
//typedef struct _ACCESS_DENIED_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// DWORD SidStart;
//} ACCESS_DENIED_ACE;
LONG dwSize = 8; //sizeof(ACCESS_DENIED_ACE) - sizeof(ACCESS_DENIED_ACE.SidStart);
dwSize += GetLengthSid(pSid);
LPVOID lpRet = LocalAlloc(LPTR, dwSize);
PACE_UNION pAce = (PACE_UNION)lpRet;
pAce->aceDenied.Header.AceType = (BYTE)dwType;
pAce->aceDenied.Header.AceFlags = (BYTE)dwFlag;
int _8 = sizeof(pAce->aceDenied) - sizeof(pAce->aceDenied.SidStart);
pAce->aceDenied.Header.AceSize = (WORD)(_8 + GetLengthSid(pSid));
pAce->aceDenied.Mask = (ACCESS_MASK)dwMask;
//#define PSIDFromPACE(pACE) ((PSID)(&((pACE)->SidStart)))
PSID pInsideSID = (PSID)&(pAce->aceDenied.SidStart);
::CopySid(GetLengthSid(pSid), pInsideSID, pSid);
//pAce->aceAllowed.SidStart = *(DWORD*)(pSid);
//pAce->aceAllowed.SidStart = sizeof(ACE_HEADER) + sizeof(ACCESS_MASK);
//LPBYTE lpByte = (LPBYTE)lpRet;
//pByte += sizeof(ACE_HEADER) + sizeof(ACCESS_MASK);
//PSID pInsideSID = (PSID)lpByte;
//::CopySid(GetLengthSid(pSid), pInsideSID, pSid);
return pAce;
}
else if(dwType == ACCESS_ALLOWED_OBJECT_ACE_TYPE)
{
//typedef struct _ACCESS_ALLOWED_OBJECT_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// DWORD Flags;
// GUID ObjectType;
// GUID InheritedObjectType;
// DWORD SidStart;
//} ACCESS_ALLOWED_OBJECT_ACE, *PACCESS_ALLOWED_OBJECT_ACE;
}
else if(dwType == ACCESS_DENIED_OBJECT_ACE_TYPE)
{
//typedef struct _ACCESS_DENIED_OBJECT_ACE {
// ACE_HEADER Header;
// ACCESS_MASK Mask;
// DWORD Flags;
// GUID ObjectType;
// GUID InheritedObjectType;
// DWORD SidStart;
//} ACCESS_DENIED_OBJECT_ACE, *PACCESS_DENIED_OBJECT_ACE;
}
else
{
PopMsg(_T("Wrong Ace Type"));
return NULL;
//chASSERT(FALSE);
}
return NULL;
}
void CACLDumpDlg::OnAceAdd()
{
BOOL bDACL = FALSE;
if(IsDlgButtonChecked(IDC_RADIO_DACL))
bDACL = TRUE;
PSECURITY_DESCRIPTOR pSD;
PSID pOwnerSID, pGroupSID;
PACL pDacl, pSacl;
ULONG lErr;
//To Get SACL need Priv --
//otherwise error 1314 ERROR_PRIVILEGE_NOT_HELD
BOOL bAccessSACL;
if(!bDACL)
bAccessSACL = ::SetCurrentPrivilege(NULL, L"SeSecurityPrivilege", TRUE);
if(!bAccessSACL && !bDACL)
{
PopMsg(_T("Unable Set SeSecurityPrivilege, No SACL Support"));
return;
}
if (m_pObjInf->m_szName[0] != 0) // Is it named
{
if(bAccessSACL && !bDACL)
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
}
else
{
lErr = GetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
}
else // Is it a handle case
{
if(bAccessSACL && !bDACL)
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, &pSacl, &pSD);
}
else
{
lErr = GetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
| OWNER_SECURITY_INFORMATION,
&pOwnerSID, &pGroupSID,
&pDacl, NULL, &pSD);
}
}
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("GetNamedSecurityInfo %d"), lErr);
return;
}
if(bDACL)
{
PSID newPSID[1];
//Read the New Ace SID Edit
CString strSID;
UINT nRet = ::GetDlgItemText(m_hWnd, IDC_EDIT_NEW_ACE_USER_SID, strSID.GetBuffer(MAX_PATH), MAX_PATH);
strSID.ReleaseBuffer(nRet);
if(!ConvertStringSidToSid(strSID, &(newPSID[0])))
{
ReportErrEx(_T("New Ace Sid Err"));
return;
}
int index = m_comboNewAceType.GetCurSel();
ASSERT(index != CB_ERR);
DWORD dwAceType = (DWORD)m_comboNewAceType.GetItemData(index);
DWORD dwAceFlag = 0;
for(int i = 0; i < m_listNewAceFlag.GetCount(); i++)
{
if(m_listNewAceFlag.GetCheck(i) == 1)
dwAceFlag |= m_listNewAceFlag.GetItemData(i);
}
//Fill the mask, use mask list 1(the left listbox)
DWORD dw = 1;
DWORD dwAceMask = 0;
for(i = 0; i < 32; i++)
{
if(this->m_listNewAceMask1.GetCheck(i) == 1)
dwAceMask |= dw;
dw <<= 1;
}
//You must LocalFree the new Ace Union
PACE_UNION pNewAceUnion = ::MakeACEUnion(dwAceType,dwAceFlag, dwAceMask, newPSID[0]);
if(pNewAceUnion == NULL)
{
::ReportErrEx(_T("MakeACEUnion Err in DACL"));
::LocalFree(newPSID[0]);
if(pSD) ::LocalFree(pSD);
return;
}
int nNewDACLSize = ::CalculateACLSize(pDacl, newPSID, 1, &pNewAceUnion, 1);
if(nNewDACLSize == 0)
{
::ReportErrEx(_T("Calculation Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
if(pSD) ::LocalFree(pSD);
return;
}
PACL pNewDACL = (PACL)LocalAlloc(LPTR, nNewDACLSize);
if(!pNewDACL)
{
::ReportErrEx(_T("LocalAlloc PNewDACL Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
if(pSD) ::LocalFree(pSD);
return;
}
if(!InitializeAcl(pNewDACL, nNewDACLSize, ACL_REVISION))
{
::ReportErrEx(_T("LocalAlloc PNewDACL Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
::LocalFree(pNewDACL);
if(pSD) ::LocalFree(pSD);
return;
}
if(!::CopyACL(pNewDACL, pDacl))
{
::ReportErrEx(_T("CopyACL Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
::LocalFree(pNewDACL);
if(pSD) ::LocalFree(pSD);
return;
}
//check
// ACL_SIZE_INFORMATION aclSize = {0};
// GetAclInformation(pNewDACL, &aclSize, sizeof(aclSize), AclSizeInformation);
// PopMsg(_T("New ACL %d ACE"), aclSize.AceCount);
if(pSD) ::LocalFree(pSD);
int nInsertIndex = ::GetACEInsertionIndex(pNewDACL, pNewAceUnion);
if(nInsertIndex == -1)
{
::ReportErrEx(_T("GetACEInsertionIndex Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
::LocalFree(pNewDACL);
return;
}
BOOL bRet = AddAce(pNewDACL, ACL_REVISION, nInsertIndex,
(LPVOID)pNewAceUnion, pNewAceUnion->aceHeader.AceSize);
//If the function succeeds, the return value is nonzero.
if(bRet == 0)
{
::ReportErrEx(_T("AddAce Err in DACL"));
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
::LocalFree(pNewDACL);
return;
}
if (m_pObjInf->m_szName[0] != 0) // Is it named
lErr = ::SetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION,
NULL, NULL, pNewDACL, NULL);
else // Is it a handle case
lErr = SetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType,
DACL_SECURITY_INFORMATION,
NULL, NULL, pNewDACL, NULL);
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("SetNamedSecurityInfo %d"), lErr);
::LocalFree(newPSID[0]);
::LocalFree(pNewAceUnion);
::LocalFree(pNewDACL);
return;
}
//::LocalFree(newPSID[0]);
//::LocalFree(pNewAceUnion);
//::LocalFree(pNewDACL);
Refresh();
}
else
{
Refresh();
}
}
void CACLDumpDlg::OnChangeGroup()
{
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_GROUP), TRUE);
}
void CACLDumpDlg::OnChangeGroupSid()
{
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_GROUP), TRUE);
}
void CACLDumpDlg::OnChangeOwnerName()
{
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_OWNER), TRUE);
}
void CACLDumpDlg::OnChangeOwnerSid()
{
::EnableWindow(::GetDlgItem(m_hWnd, IDC_NEW_ACE_NEW_OWNER), TRUE);
}
void CACLDumpDlg::OnNewAceNewOwner()
{
ULONG lErr;
PSID pOwnerSID;
CString strSID;
UINT nRet = ::GetDlgItemText(m_hWnd, IDC_OWNER_SID, strSID.GetBuffer(MAX_PATH), MAX_PATH);
strSID.ReleaseBuffer(nRet);
if(!ConvertStringSidToSid(strSID, &pOwnerSID))
return;
if (m_pObjInf->m_szName[0] != 0) // Is it named
{
lErr = ::SetNamedSecurityInfo(m_pObjInf->m_szName,
m_pObjInf->m_pEntry->m_objType, OWNER_SECURITY_INFORMATION,
pOwnerSID, NULL, NULL, NULL);
}
else // Is it a handle case
{
lErr = SetSecurityInfo(m_pObjInf->m_hHandle,
m_pObjInf->m_pEntry->m_objType, OWNER_SECURITY_INFORMATION ,
pOwnerSID, NULL, NULL, NULL);
}
if (lErr != ERROR_SUCCESS)
{
// Failure produces an empty SD
ReportErrEx(TEXT("Set Owner Err %d"), lErr);
return;
}
}
void CACLDumpDlg::OnNewAceNewGroup()
{
}
void CACLDumpDlg::OnRefresh()
{
Refresh();
}
LRESULT CACLDumpDlg::OnMaskListChange(WPARAM wParam, LPARAM lParam)
{
if(wParam == IDC_LIST_NEW_ACE_MASK1)
{
DWORD dw = 1;
DWORD dwMask = 0;
for(int i = 0; i < 32; i++)
{
if(m_listNewAceMask1.GetCheck(i) == 1)
dwMask |= dw;
dw <<= 1;
}
int count = m_listNewAceMask2.GetCount();
for(i = 0; i < count; i++)
{
DWORD dwItem = m_listNewAceMask2.GetItemData(i);
if((dwItem & dwMask) == dwItem)
m_listNewAceMask2.SetCheck(i, 1);
else
m_listNewAceMask2.SetCheck(i, 0);
}
}
else if(wParam == IDC_LIST_NEW_ACE_MASK2)
{
}
else ASSERT(FALSE);
return 0;
}
void CACLDumpDlg::OnMask2Mask1()
{
DWORD dwMask = 0;
int count = m_listNewAceMask2.GetCount();
for(int i = 0; i < count; i++)
{
DWORD dwItem = m_listNewAceMask2.GetItemData(i);
if(m_listNewAceMask2.GetCheck(i) == 1)
dwMask |= dwItem;
}
DWORD dw = 1;
for(i = 0; i < 32; i++)
{
if((dw & dwMask) == dw)
m_listNewAceMask1.SetCheck(i, 1);
else
m_listNewAceMask1.SetCheck(i, 0);
dw <<= 1;
}
}
void CACLDumpDlg::OnAcePeekAccount()
{
CAccountListDlg dlg;
//if(dlg.DoModal() != IDOK) return;
dlg.DoModal();
if(!dlg.m_strRetAccountName.IsEmpty())
m_strNewAceUserName = dlg.m_strRetAccountName;
UpdateData(FALSE);
}
Submit an article or tip