OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef SANDBOX_TOOLS_FINDER_FINDER_H_ |
| 6 #define SANDBOX_TOOLS_FINDER_FINDER_H_ |
| 7 |
| 8 #include "base/win/scoped_handle.h" |
| 9 #include "sandbox/win/src/restricted_token_utils.h" |
| 10 #include "sandbox/win/tools/finder/ntundoc.h" |
| 11 |
| 12 // Type of stats that we calculate during the Scan operation |
| 13 enum Stats { |
| 14 READ = 0, // Number of objects with read access |
| 15 WRITE, // Number of objects with write access |
| 16 ALL, // Number of objects with r/w access |
| 17 PARSE, // Number of objects parsed |
| 18 BROKEN, // Number of errors while parsing the objects |
| 19 SIZE_STATS // size of the enum |
| 20 }; |
| 21 |
| 22 const int kScanRegistry = 0x01; |
| 23 const int kScanFileSystem = 0x02; |
| 24 const int kScanKernelObjects = 0x04; |
| 25 |
| 26 const int kTestForRead = 0x01; |
| 27 const int kTestForWrite = 0x02; |
| 28 const int kTestForAll = 0x04; |
| 29 |
| 30 #define FS_ERR L"FILE-ERROR" |
| 31 #define OBJ_ERR L"OBJ-ERROR" |
| 32 #define REG_ERR L"REG_ERROR" |
| 33 #define OBJ L"OBJ" |
| 34 #define FS L"FILE" |
| 35 #define REG L"REG" |
| 36 |
| 37 // The impersonater class will impersonate a token when the object is created |
| 38 // and revert when the object is going out of scope. |
| 39 class Impersonater { |
| 40 public: |
| 41 Impersonater(HANDLE token_handle) { |
| 42 if (token_handle) |
| 43 ::ImpersonateLoggedOnUser(token_handle); |
| 44 }; |
| 45 ~Impersonater() { |
| 46 ::RevertToSelf(); |
| 47 }; |
| 48 }; |
| 49 |
| 50 // The finder class handles the search of objects (file system, registry, kernel |
| 51 // objects) on the system that can be opened by a restricted token. It can |
| 52 // support multiple levels of restriction for the restricted token and can check |
| 53 // for read, write or r/w access. It outputs the results to a file or stdout. |
| 54 class Finder { |
| 55 public: |
| 56 Finder(); |
| 57 ~Finder(); |
| 58 DWORD Init(sandbox::TokenLevel token_type, DWORD object_type, |
| 59 DWORD access_type, FILE *file_output); |
| 60 DWORD Scan(); |
| 61 |
| 62 private: |
| 63 // Parses a file system path and perform an access check on all files and |
| 64 // folder found. |
| 65 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the |
| 66 // win32 error code associated with the error. |
| 67 DWORD ParseFileSystem(ATL::CString path); |
| 68 |
| 69 // Parses a registry hive referenced by "key" and performs an access check on |
| 70 // all subkeys found. |
| 71 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the |
| 72 // win32 error code associated with the error. |
| 73 DWORD ParseRegistry(HKEY key, ATL::CString print_name); |
| 74 |
| 75 // Parses the kernel namespace beginning at "path" and performs an access |
| 76 // check on all objects found. However, only some object types are supported, |
| 77 // all non supported objects are ignored. |
| 78 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the |
| 79 // win32 error code associated with the error. |
| 80 DWORD ParseKernelObjects(ATL::CString path); |
| 81 |
| 82 // Checks if "path" can be accessed with the restricted token. |
| 83 // Returns the access granted. |
| 84 DWORD TestFileAccess(ATL::CString path); |
| 85 |
| 86 // Checks if the registry key with the path key\name can be accessed with the |
| 87 // restricted token. |
| 88 // print_name is only use for logging purpose. |
| 89 // Returns the access granted. |
| 90 DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name); |
| 91 |
| 92 // Checks if the kernel object "path" of type "type" can be accessed with |
| 93 // the restricted token. |
| 94 // Returns the access granted. |
| 95 DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type); |
| 96 |
| 97 // Outputs information to the logfile |
| 98 void Output(ATL::CString type, ATL::CString access, ATL::CString info) { |
| 99 fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(), |
| 100 info.GetBuffer()); |
| 101 }; |
| 102 |
| 103 // Output information to the log file. |
| 104 void Output(ATL::CString type, DWORD error, ATL::CString info) { |
| 105 fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error, |
| 106 info.GetBuffer()); |
| 107 }; |
| 108 |
| 109 // Set func_to_call to the function pointer of the function used to handle |
| 110 // requests for the kernel objects of type "type". If the type is not |
| 111 // supported at the moment the function returns false and the func_to_call |
| 112 // parameter is not modified. |
| 113 bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call); |
| 114 |
| 115 // Initializes the NT function pointers to be able to use all the needed |
| 116 // functions in NTDDL. |
| 117 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the |
| 118 // win32 error code associated with the error. |
| 119 DWORD InitNT(); |
| 120 |
| 121 // Calls func_to_call with the parameters desired_access, object_attributes |
| 122 // and handle. func_to_call is a pointer to a function to open a kernel |
| 123 // object. |
| 124 NTSTATUS NtGenericOpen(ACCESS_MASK desired_access, |
| 125 OBJECT_ATTRIBUTES *object_attributes, |
| 126 NTGENERICOPEN func_to_call, |
| 127 HANDLE *handle); |
| 128 |
| 129 // Type of object to check for. |
| 130 DWORD object_type_; |
| 131 // Access to try. |
| 132 DWORD access_type_; |
| 133 // Output file for the results. |
| 134 FILE * file_output_; |
| 135 // Handle to the restricted token. |
| 136 base::win::ScopedHandle token_handle_; |
| 137 // Stats containing the number of operations performed on the different |
| 138 // objects. |
| 139 int filesystem_stats_[SIZE_STATS]; |
| 140 int registry_stats_[SIZE_STATS]; |
| 141 int kernel_object_stats_[SIZE_STATS]; |
| 142 }; |
| 143 |
| 144 #endif // SANDBOX_TOOLS_FINDER_FINDER_H_ |
OLD | NEW |