OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef SANDBOX_TOOLS_FINDER_FINDER_H_ | |
6 #define SANDBOX_TOOLS_FINDER_FINDER_H_ | |
7 | |
8 #include "base/win/scoped_handle.h" | |
9 #include "sandbox/win/src/restricted_token_utils.h" | |
10 #include "sandbox/win/tools/finder/ntundoc.h" | |
11 | |
12 // Type of stats that we calculate during the Scan operation | |
13 enum Stats { | |
14 READ = 0, // Number of objects with read access | |
15 WRITE, // Number of objects with write access | |
16 ALL, // Number of objects with r/w access | |
17 PARSE, // Number of objects parsed | |
18 BROKEN, // Number of errors while parsing the objects | |
19 SIZE_STATS // size of the enum | |
20 }; | |
21 | |
22 const int kScanRegistry = 0x01; | |
23 const int kScanFileSystem = 0x02; | |
24 const int kScanKernelObjects = 0x04; | |
25 | |
26 const int kTestForRead = 0x01; | |
27 const int kTestForWrite = 0x02; | |
28 const int kTestForAll = 0x04; | |
29 | |
30 #define FS_ERR L"FILE-ERROR" | |
31 #define OBJ_ERR L"OBJ-ERROR" | |
32 #define REG_ERR L"REG_ERROR" | |
33 #define OBJ L"OBJ" | |
34 #define FS L"FILE" | |
35 #define REG L"REG" | |
36 | |
37 // The impersonater class will impersonate a token when the object is created | |
38 // and revert when the object is going out of scope. | |
39 class Impersonater { | |
40 public: | |
41 Impersonater(HANDLE token_handle) { | |
42 if (token_handle) | |
43 ::ImpersonateLoggedOnUser(token_handle); | |
44 }; | |
45 ~Impersonater() { | |
46 ::RevertToSelf(); | |
47 }; | |
48 }; | |
49 | |
50 // The finder class handles the search of objects (file system, registry, kernel | |
51 // objects) on the system that can be opened by a restricted token. It can | |
52 // support multiple levels of restriction for the restricted token and can check | |
53 // for read, write or r/w access. It outputs the results to a file or stdout. | |
54 class Finder { | |
55 public: | |
56 Finder(); | |
57 ~Finder(); | |
58 DWORD Init(sandbox::TokenLevel token_type, DWORD object_type, | |
59 DWORD access_type, FILE *file_output); | |
60 DWORD Scan(); | |
61 | |
62 private: | |
63 // Parses a file system path and perform an access check on all files and | |
64 // folder found. | |
65 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the | |
66 // win32 error code associated with the error. | |
67 DWORD ParseFileSystem(ATL::CString path); | |
68 | |
69 // Parses a registry hive referenced by "key" and performs an access check on | |
70 // all subkeys found. | |
71 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the | |
72 // win32 error code associated with the error. | |
73 DWORD ParseRegistry(HKEY key, ATL::CString print_name); | |
74 | |
75 // Parses the kernel namespace beginning at "path" and performs an access | |
76 // check on all objects found. However, only some object types are supported, | |
77 // all non supported objects are ignored. | |
78 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the | |
79 // win32 error code associated with the error. | |
80 DWORD ParseKernelObjects(ATL::CString path); | |
81 | |
82 // Checks if "path" can be accessed with the restricted token. | |
83 // Returns the access granted. | |
84 DWORD TestFileAccess(ATL::CString path); | |
85 | |
86 // Checks if the registry key with the path key\name can be accessed with the | |
87 // restricted token. | |
88 // print_name is only use for logging purpose. | |
89 // Returns the access granted. | |
90 DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name); | |
91 | |
92 // Checks if the kernel object "path" of type "type" can be accessed with | |
93 // the restricted token. | |
94 // Returns the access granted. | |
95 DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type); | |
96 | |
97 // Outputs information to the logfile | |
98 void Output(ATL::CString type, ATL::CString access, ATL::CString info) { | |
99 fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(), | |
100 info.GetBuffer()); | |
101 }; | |
102 | |
103 // Output information to the log file. | |
104 void Output(ATL::CString type, DWORD error, ATL::CString info) { | |
105 fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error, | |
106 info.GetBuffer()); | |
107 }; | |
108 | |
109 // Set func_to_call to the function pointer of the function used to handle | |
110 // requests for the kernel objects of type "type". If the type is not | |
111 // supported at the moment the function returns false and the func_to_call | |
112 // parameter is not modified. | |
113 bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call); | |
114 | |
115 // Initializes the NT function pointers to be able to use all the needed | |
116 // functions in NTDDL. | |
117 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the | |
118 // win32 error code associated with the error. | |
119 DWORD InitNT(); | |
120 | |
121 // Calls func_to_call with the parameters desired_access, object_attributes | |
122 // and handle. func_to_call is a pointer to a function to open a kernel | |
123 // object. | |
124 NTSTATUS NtGenericOpen(ACCESS_MASK desired_access, | |
125 OBJECT_ATTRIBUTES *object_attributes, | |
126 NTGENERICOPEN func_to_call, | |
127 HANDLE *handle); | |
128 | |
129 // Type of object to check for. | |
130 DWORD object_type_; | |
131 // Access to try. | |
132 DWORD access_type_; | |
133 // Output file for the results. | |
134 FILE * file_output_; | |
135 // Handle to the restricted token. | |
136 base::win::ScopedHandle token_handle_; | |
137 // Stats containing the number of operations performed on the different | |
138 // objects. | |
139 int filesystem_stats_[SIZE_STATS]; | |
140 int registry_stats_[SIZE_STATS]; | |
141 int kernel_object_stats_[SIZE_STATS]; | |
142 }; | |
143 | |
144 #endif // SANDBOX_TOOLS_FINDER_FINDER_H_ | |
OLD | NEW |