Exemple #1
0
        internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
        {
            if (CheckScmAccess)
            {
                SecurityDescriptor sd          = ServiceUtils.GetScmSecurityDescriptor();
                GenericMapping     scm_mapping = ServiceUtils.GetScmGenericMapping();
                foreach (TokenEntry token in tokens)
                {
                    AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
                    WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
                                           typeof(ServiceControlManagerAccessRights), false, token.Information);
                }
            }
            else
            {
                IEnumerable <RunningService> services = GetServices();

                GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
                AccessMask     access_rights   = service_mapping.MapMask(AccessRights);

                foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
                {
                    foreach (TokenEntry token in tokens)
                    {
                        AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
                                                                                token.Token, service_mapping);
                        if (IsAccessGranted(granted_access, access_rights))
                        {
                            WriteObject(new ServiceAccessCheckResult(service.Name, granted_access,
                                                                     service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
                        }
                    }
                }
            }
        }
        static uint GetGrantedAccess(SecurityDescriptor sd, NtToken token, uint specific_rights, GenericMapping generic_mapping)
        {
            uint granted_access = 0;

            specific_rights = generic_mapping.MapMask(specific_rights);

            if (specific_rights != 0)
            {
                granted_access = NtSecurity.GetAllowedAccess(sd, token, (GenericAccessRights)(specific_rights), generic_mapping);
            }
            else
            {
                granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
            }

            if (granted_access != 0)
            {
                // As we can get all the rights for the key get maximum
                if (specific_rights != 0)
                {
                    granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
                }
            }

            return(granted_access);
        }
Exemple #3
0
        private void listViewAcl_SelectedIndexChanged(object sender, EventArgs e)
        {
            Ace ace = GetSelectedAce();

            if (ace == null)
            {
                return;
            }

            Type       access_type         = _access_type;
            AccessMask valid_access        = _valid_access;
            AccessMask mapped_mask         = _mapping.MapMask(ace.Mask) & _valid_access;
            bool       generic_access_mask = false;

            if (ace.Type == AceType.MandatoryLabel)
            {
                mapped_mask  = ace.Mask;
                access_type  = typeof(MandatoryLabelPolicy);
                valid_access = 0x7;
            }
            else if (ace.Flags.HasFlag(AceFlags.InheritOnly))
            {
                mapped_mask         = ace.Mask;
                generic_access_mask = true;
                valid_access        = valid_access
                                      | GenericAccessRights.GenericRead
                                      | GenericAccessRights.GenericWrite
                                      | GenericAccessRights.GenericExecute
                                      | GenericAccessRights.GenericAll;
            }

            if (access_type != _current_access_type || generic_access_mask != _generic_access_mask)
            {
                _generic_access_mask = generic_access_mask;
                _current_access_type = access_type;
                var            masks   = Win32Utils.GetMaskDictionary(access_type, valid_access, _sdk_names);
                var            ordered = generic_access_mask ? masks.OrderByDescending(p => p.Key) : masks.OrderBy(p => p.Key);
                ListViewItem[] items   = ordered.Select(pair =>
                {
                    ListViewItem item = new ListViewItem(pair.Value);
                    item.SubItems.Add($"0x{pair.Key:X08}");
                    item.Tag = pair.Key;
                    return(item);
                }
                                                        ).ToArray();
                listViewAccess.Items.Clear();
                listViewAccess.Items.AddRange(items);
                listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
                listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
            }

            _read_only_checks = false;
            foreach (ListViewItem item in listViewAccess.Items)
            {
                uint mask = (uint)item.Tag;
                item.Checked = (mapped_mask & mask) != 0;
            }
            _read_only_checks = true;
        }
        internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
        {
            if (CheckScmAccess)
            {
                SecurityDescriptor sd          = ServiceUtils.GetScmSecurityDescriptor();
                GenericMapping     scm_mapping = ServiceUtils.GetScmGenericMapping();
                foreach (TokenEntry token in tokens)
                {
                    AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
                    WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
                                           typeof(ServiceControlManagerAccessRights), false, token.Information);
                }
            }
            else
            {
                string[] names = Name;
                if (names == null || names.Length == 0)
                {
                    names = ServiceController.GetServices().Select(s => s.ServiceName).ToArray();
                }

                GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
                AccessMask     access_rights   = service_mapping.MapMask(AccessRights);

                foreach (string name in names)
                {
                    try
                    {
                        var service = ServiceUtils.GetServiceInformation(name);
                        foreach (TokenEntry token in tokens)
                        {
                            AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
                                                                                    token.Token, service_mapping);
                            if (IsAccessGranted(granted_access, access_rights))
                            {
                                WriteObject(new ServiceAccessCheckResult(name, granted_access,
                                                                         service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
                            }
                        }
                    }
                    catch (Win32Exception ex)
                    {
                        WriteError(new ErrorRecord(ex, "OpenService", ErrorCategory.OpenError, name));
                    }
                }
            }
        }
        private void listViewAcl_SelectedIndexChanged(object sender, EventArgs e)
        {
            Ace ace = GetSelectedAce();

            if (ace == null)
            {
                return;
            }

            Type       access_type  = _access_type;
            AccessMask valid_access = _valid_access;
            AccessMask mapped_mask  = _mapping.MapMask(ace.Mask) & _valid_access;

            if (ace.Type == AceType.MandatoryLabel)
            {
                mapped_mask  = ace.Mask;
                access_type  = typeof(MandatoryLabelPolicy);
                valid_access = 0x7;
            }

            if (access_type != _current_access_type)
            {
                _current_access_type = access_type;
                ListViewItem[] items = Win32Utils.GetMaskDictionary(access_type, valid_access).Select(pair =>
                {
                    ListViewItem item = new ListViewItem(pair.Value);
                    item.SubItems.Add($"0x{pair.Key:X08}");
                    item.Tag = pair.Key;
                    return(item);
                }
                                                                                                      ).ToArray();
                listViewAccess.Items.Clear();
                listViewAccess.Items.AddRange(items);
                listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
                listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
            }

            _read_only_checks = false;
            foreach (ListViewItem item in listViewAccess.Items)
            {
                uint mask = (uint)item.Tag;
                item.Checked = (mapped_mask & mask) != 0;
            }
            _read_only_checks = true;
        }
Exemple #6
0
        static AccessMask GetGrantedAccess(SecurityDescriptor sd, NtToken token,
                                           AccessMask specific_rights, GenericMapping generic_mapping)
        {
            AccessMask granted_access;

            specific_rights = generic_mapping.MapMask(specific_rights);

            if (specific_rights.HasAccess)
            {
                granted_access = NtSecurity.GetAllowedAccess(sd, token, specific_rights, generic_mapping);
                // As we can get all the rights for the key get maximum
                if (granted_access.HasAccess)
                {
                    granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
                }
            }
            else
            {
                granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
            }

            return(granted_access);
        }
        private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
        {
            GenericMapping generic_mapping = NtWnf.GenericMapping;
            AccessMask     access_rights   = generic_mapping.MapMask(Access);
            var            entries         = NtWnf.GetRegisteredNotifications();

            foreach (var entry in entries)
            {
                var sd = entry.SecurityDescriptor;
                if (sd == null)
                {
                    WriteWarning($"Couldn't query security for WNF Provider {entry.StateName:X016}.");
                    continue;
                }

                if (sd.Owner == null)
                {
                    sd.Owner = new SecurityDescriptorSid(new Sid("SY"), false);
                }

                if (sd.Group == null)
                {
                    sd.Group = new SecurityDescriptorSid(new Sid("SY"), false);
                }

                foreach (TokenEntry token in tokens)
                {
                    AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
                                                                            token.Token, generic_mapping);
                    if (IsAccessGranted(granted_access, access_rights))
                    {
                        WriteObject(new WnfAccessCheckResult(entry, granted_access, sd, token.Information));
                    }
                }
            }
        }
 public void MapGeneric(ref Guid pguidObjectType, IntPtr pAceFlags, ref AccessMask pMask)
 {
     pMask = _mapping.MapMask(pMask);
 }
        /// <summary>
        /// Set ACL for control.
        /// </summary>
        /// <param name="acl">The ACL to view.</param>
        /// <param name="access_type">The enum type for the view.</param>
        /// <param name="mapping">Generic mapping for the type.</param>
        /// <param name="valid_access">The valid bit mask for access for this type.</param>
        /// <param name="is_container">True to indicate this object is a container.</param>
        public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
        {
            _acl          = acl;
            _access_type  = access_type;
            _mapping      = mapping;
            _valid_access = valid_access;
            _is_container = is_container;

            if (!acl.HasConditionalAce)
            {
                listViewAcl.Columns.Remove(columnHeaderCondition);
                copyConditionToolStripMenuItem.Visible = false;
            }

            foreach (var ace in acl)
            {
                var item = listViewAcl.Items.Add(ace.Type.ToString());
                item.SubItems.Add(ace.Sid.Name);
                string access;
                if (ace.Type == AceType.MandatoryLabel)
                {
                    access = ace.Mask.ToMandatoryLabelPolicy().ToString();
                }
                else
                {
                    AccessMask mapped_mask = mapping.MapMask(ace.Mask);
                    mapped_mask = mapping.UnmapMask(mapped_mask);
                    access      = mapped_mask.ToSpecificAccess(access_type).ToString();
                }

                item.SubItems.Add(access);
                item.SubItems.Add(ace.Flags.ToString());
                if (ace.IsConditionalAce)
                {
                    item.SubItems.Add(ace.Condition);
                }

                item.Tag = ace;

                switch (ace.Type)
                {
                case AceType.Allowed:
                case AceType.AllowedCallback:
                case AceType.AllowedCallbackObject:
                case AceType.AllowedObject:
                    item.BackColor = Color.LightGreen;
                    break;

                case AceType.Denied:
                case AceType.DeniedCallback:
                case AceType.DeniedCallbackObject:
                case AceType.DeniedObject:
                    item.BackColor = Color.LightSalmon;
                    break;

                case AceType.ProcessTrustLabel:
                    item.BackColor = Color.LightSkyBlue;
                    break;

                case AceType.MandatoryLabel:
                    item.BackColor = Color.LightGoldenrodYellow;
                    break;

                case AceType.Audit:
                case AceType.AuditCallback:
                case AceType.AuditCallbackObject:
                case AceType.AuditObject:
                    item.BackColor = Color.LightCoral;
                    break;
                }
            }
            listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
        }
Exemple #10
0
        /// <summary>
        /// Set ACL for control.
        /// </summary>
        /// <param name="acl">The ACL to view.</param>
        /// <param name="access_type">The enum type for the view.</param>
        /// <param name="mapping">Generic mapping for the type.</param>
        /// <param name="valid_access">The valid bit mask for access for this type.</param>
        /// <param name="is_container">True to indicate this object is a container.</param>
        /// <param name="sdk_names">Show the ACEs using SDK style names.</param>
        public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container, bool sdk_names)
        {
            _acl          = acl;
            _access_type  = access_type;
            _mapping      = mapping;
            _valid_access = valid_access;
            _is_container = is_container;
            _sdk_names    = sdk_names;
            showSDKNamesToolStripMenuItem.Checked = sdk_names;

            bool has_conditional_ace      = false;
            bool has_inherited_object_ace = false;
            bool has_object_ace           = false;

            List <string> flags = new List <string>();

            if (acl.Defaulted)
            {
                flags.Add("Defaulted");
            }
            if (acl.Protected)
            {
                flags.Add("Protected");
            }
            if (acl.AutoInherited)
            {
                flags.Add("AutoInherited");
            }
            if (acl.AutoInheritReq)
            {
                flags.Add("AutoInheritReq");
            }

            if (flags.Count > 0)
            {
                lblFlags.Text = $"Flags: {string.Join(", ", flags)}";
            }
            else
            {
                lblFlags.Text = "Flags: None";
            }

            if (acl.NullAcl)
            {
                lblFlags.Text             += Environment.NewLine + "NULL ACL";
                listViewAcl.Visible        = false;
                listViewAccess.Visible     = false;
                groupBoxAclEntries.Visible = false;
                groupBoxAccess.Visible     = false;
                return;
            }

            listViewAcl.Items.Clear();
            listViewAcl.Visible    = true;
            listViewAccess.Visible = true;
            listViewAccess.Items.Clear();
            _current_access_type       = null;
            groupBoxAclEntries.Visible = true;
            groupBoxAccess.Visible     = true;

            foreach (var ace in acl)
            {
                if (ace.IsConditionalAce)
                {
                    has_conditional_ace = true;
                }
                if (ace.IsObjectAce)
                {
                    if (ace.ObjectType.HasValue)
                    {
                        has_object_ace = true;
                    }
                    if (ace.InheritedObjectType.HasValue)
                    {
                        has_inherited_object_ace = true;
                    }
                }
            }

            if (!has_conditional_ace)
            {
                listViewAcl.Columns.Remove(columnHeaderCondition);
                copyConditionToolStripMenuItem.Visible = false;
            }

            if (!has_object_ace)
            {
                listViewAcl.Columns.Remove(columnHeaderObject);
            }

            if (!has_inherited_object_ace)
            {
                listViewAcl.Columns.Remove(columnHeaderInheritedObject);
            }

            foreach (var ace in acl)
            {
                var item = listViewAcl.Items.Add(sdk_names ? NtSecurity.AceTypeToSDKName(ace.Type) : ace.Type.ToString());
                item.SubItems.Add(ace.Sid.Name);
                string access;
                if (ace.Type == AceType.MandatoryLabel)
                {
                    access = NtSecurity.AccessMaskToString(ace.Mask.ToMandatoryLabelPolicy(), sdk_names);
                }
                else if (ace.Flags.HasFlag(AceFlags.InheritOnly))
                {
                    access = NtSecurity.AccessMaskToString(ace.Mask.ToSpecificAccess(access_type), sdk_names);
                }
                else
                {
                    AccessMask mapped_mask = mapping.MapMask(ace.Mask);
                    mapped_mask = mapping.UnmapMask(mapped_mask);
                    access      = NtSecurity.AccessMaskToString(mapped_mask.ToSpecificAccess(access_type), sdk_names);
                }

                item.SubItems.Add(access);
                item.SubItems.Add(sdk_names ? NtSecurity.AceFlagsToSDKName(ace.Flags) : ace.Flags.ToString());
                if (has_conditional_ace)
                {
                    item.SubItems.Add(ace.Condition);
                }

                if (has_object_ace)
                {
                    item.SubItems.Add(ace.ObjectType?.ToString() ?? string.Empty);
                }

                if (has_inherited_object_ace)
                {
                    item.SubItems.Add(ace.InheritedObjectType?.ToString() ?? string.Empty);
                }

                item.Tag = ace;

                switch (ace.Type)
                {
                case AceType.Allowed:
                case AceType.AllowedCallback:
                case AceType.AllowedCallbackObject:
                case AceType.AllowedObject:
                    item.BackColor = Color.LightGreen;
                    break;

                case AceType.Denied:
                case AceType.DeniedCallback:
                case AceType.DeniedCallbackObject:
                case AceType.DeniedObject:
                    item.BackColor = Color.LightSalmon;
                    break;

                case AceType.ProcessTrustLabel:
                    item.BackColor = Color.LightSkyBlue;
                    break;

                case AceType.MandatoryLabel:
                    item.BackColor = Color.LightGoldenrodYellow;
                    break;

                case AceType.Audit:
                case AceType.AuditCallback:
                case AceType.AuditCallbackObject:
                case AceType.AuditObject:
                    item.BackColor = Color.LightCoral;
                    break;
                }
            }
            listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
            listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
        }
        private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
        {
            if (CheckScmAccess)
            {
                SecurityDescriptor sd          = ServiceUtils.GetScmSecurityDescriptor();
                GenericMapping     scm_mapping = ServiceUtils.GetScmGenericMapping();
                foreach (TokenEntry token in tokens)
                {
                    AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
                    WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd,
                                           typeof(ServiceControlManagerAccessRights), false, token.Information);
                }
            }
            else
            {
                IEnumerable <Win32Service>      services    = GetServices();
                InternalGetAccessibleFileCmdlet file_cmdlet = null;
                HashSet <string> checked_files = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
                if (CheckFiles)
                {
                    file_cmdlet = new InternalGetAccessibleFileCmdlet(this)
                    {
                        FormatWin32Path = true
                    };
                }

                GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
                AccessMask     access_rights   = service_mapping.MapMask(Access);

                foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
                {
                    foreach (TokenEntry token in tokens)
                    {
                        AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
                                                                                token.Token, service_mapping);
                        ServiceAccessRights trigger_access = GetTriggerAccess(service, token.Token);
                        if (IsAccessGranted(granted_access, access_rights))
                        {
                            WriteObject(new ServiceAccessCheckResult(service.Name, granted_access | trigger_access,
                                                                     service.SecurityDescriptor, token.Information, trigger_access,
                                                                     granted_access.ToSpecificAccess <ServiceAccessRights>(), service));
                        }
                    }
                    if (CheckFiles)
                    {
                        if (!string.IsNullOrWhiteSpace(service.ImagePath) &&
                            File.Exists(service.ImagePath) &&
                            checked_files.Add(service.ImagePath))
                        {
                            file_cmdlet.RunAccessCheckPathInternal(tokens, service.ImagePath);
                        }

                        if (!string.IsNullOrWhiteSpace(service.ServiceDll) &&
                            File.Exists(service.ServiceDll) &&
                            checked_files.Add(service.ServiceDll))
                        {
                            file_cmdlet.RunAccessCheckPathInternal(tokens, service.ServiceDll);
                        }
                    }
                }
            }
        }