OLD | NEW |
| (Empty) |
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "sandbox/win/src/restricted_token_utils.h" | |
6 #include "sandbox/win/tools/finder/finder.h" | |
7 | |
8 #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0) | |
9 | |
10 void PrintUsage(wchar_t *application_name) { | |
11 wprintf(L"\n\nUsage: \n %ls --token type --object ob1 [ob2 ob3] " | |
12 L"--access ac1 [ac2 ac3] [--log filename]", application_name); | |
13 wprintf(L"\n\n Token Types : \n\tLOCKDOWN \n\tRESTRICTED " | |
14 L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED"); | |
15 wprintf(L"\n Object Types: \n\tREG \n\tFILE \n\tKERNEL"); | |
16 wprintf(L"\n Access Types: \n\tR \n\tW \n\tALL"); | |
17 wprintf(L"\n\nSample: \n %ls --token LOCKDOWN --object REG FILE KERNEL " | |
18 L"--access R W ALL", application_name); | |
19 } | |
20 | |
21 int wmain(int argc, wchar_t* argv[]) { | |
22 // Extract the filename from the path. | |
23 wchar_t *app_name = wcsrchr(argv[0], L'\\'); | |
24 if (!app_name) { | |
25 app_name = argv[0]; | |
26 } else { | |
27 app_name++; | |
28 } | |
29 | |
30 // parameters to read | |
31 ATL::CString log_file; | |
32 sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN; | |
33 DWORD object_type = 0; | |
34 DWORD access_type = 0; | |
35 | |
36 // no arguments | |
37 if (argc == 1) { | |
38 PrintUsage(app_name); | |
39 return -1; | |
40 } | |
41 | |
42 // parse command line. | |
43 for (int i = 1; i < argc; ++i) { | |
44 if (PARAM_IS(L"--token")) { | |
45 i++; | |
46 if (argc > i) { | |
47 if (PARAM_IS(L"LOCKDOWN")) { | |
48 token_type = sandbox::USER_LOCKDOWN; | |
49 } else if (PARAM_IS(L"RESTRICTED")) { | |
50 token_type = sandbox::USER_RESTRICTED; | |
51 } else if (PARAM_IS(L"LIMITED_USER")) { | |
52 token_type = sandbox::USER_LIMITED; | |
53 } else if (PARAM_IS(L"INTERACTIVE_USER")) { | |
54 token_type = sandbox::USER_INTERACTIVE; | |
55 } else if (PARAM_IS(L"NON_ADMIN")) { | |
56 token_type = sandbox::USER_NON_ADMIN; | |
57 } else if (PARAM_IS(L"USER_RESTRICTED_SAME_ACCESS")) { | |
58 token_type = sandbox::USER_RESTRICTED_SAME_ACCESS; | |
59 } else if (PARAM_IS(L"UNPROTECTED")) { | |
60 token_type = sandbox::USER_UNPROTECTED; | |
61 } else { | |
62 wprintf(L"\nAbord. Invalid token type \"%ls\"", argv[i]); | |
63 PrintUsage(app_name); | |
64 return -1; | |
65 } | |
66 } | |
67 } else if (PARAM_IS(L"--object")) { | |
68 bool is_object = true; | |
69 do { | |
70 i++; | |
71 if (PARAM_IS(L"REG")) { | |
72 object_type |= kScanRegistry; | |
73 } else if (PARAM_IS(L"FILE")) { | |
74 object_type |= kScanFileSystem; | |
75 } else if (PARAM_IS(L"KERNEL")) { | |
76 object_type |= kScanKernelObjects; | |
77 } else { | |
78 is_object = false; | |
79 } | |
80 } while(is_object); | |
81 i--; | |
82 } else if (PARAM_IS(L"--access")) { | |
83 bool is_access = true; | |
84 do { | |
85 i++; | |
86 if (PARAM_IS(L"R")) { | |
87 access_type |= kTestForRead; | |
88 } else if (PARAM_IS(L"W")) { | |
89 access_type |= kTestForWrite; | |
90 } else if (PARAM_IS(L"ALL")) { | |
91 access_type |= kTestForAll; | |
92 } else { | |
93 is_access = false; | |
94 } | |
95 } while(is_access); | |
96 i--; | |
97 } else if (PARAM_IS(L"--log")) { | |
98 i++; | |
99 if (argc > i) { | |
100 log_file = argv[i]; | |
101 } | |
102 else { | |
103 wprintf(L"\nAbord. No log file specified"); | |
104 PrintUsage(app_name); | |
105 return -1; | |
106 } | |
107 } else { | |
108 wprintf(L"\nAbord. Unrecognized parameter \"%ls\"", argv[i]); | |
109 PrintUsage(app_name); | |
110 return -1; | |
111 } | |
112 } | |
113 | |
114 // validate parameters | |
115 if (0 == access_type) { | |
116 wprintf(L"\nAbord, Access type not specified"); | |
117 PrintUsage(app_name); | |
118 return -1; | |
119 } | |
120 | |
121 if (0 == object_type) { | |
122 wprintf(L"\nAbord, Object type not specified"); | |
123 PrintUsage(app_name); | |
124 return -1; | |
125 } | |
126 | |
127 | |
128 // Open log file | |
129 FILE * file_output; | |
130 if (log_file.GetLength()) { | |
131 errno_t err = _wfopen_s(&file_output, log_file, L"w"); | |
132 if (err) { | |
133 wprintf(L"\nAbord, Cannot open file \"%ls\"", log_file.GetBuffer()); | |
134 return -1; | |
135 } | |
136 } else { | |
137 file_output = stdout; | |
138 } | |
139 | |
140 Finder finder_obj; | |
141 finder_obj.Init(token_type, object_type, access_type, file_output); | |
142 finder_obj.Scan(); | |
143 | |
144 fclose(file_output); | |
145 | |
146 return 0; | |
147 } | |
OLD | NEW |