internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
IEnumerable <RunningService> services = GetServices();
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(AccessRights);
foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
{
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(service.Name, granted_access,
service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
}
}
}
}
}
static uint GetGrantedAccess(SecurityDescriptor sd, NtToken token, uint specific_rights, GenericMapping generic_mapping)
{
uint granted_access = 0;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights != 0)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, (GenericAccessRights)(specific_rights), generic_mapping);
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
if (granted_access != 0)
{
// As we can get all the rights for the key get maximum
if (specific_rights != 0)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
return(granted_access);
}
private void listViewAcl_SelectedIndexChanged(object sender, EventArgs e)
{
Ace ace = GetSelectedAce();
if (ace == null)
{
return;
}
Type access_type = _access_type;
AccessMask valid_access = _valid_access;
AccessMask mapped_mask = _mapping.MapMask(ace.Mask) & _valid_access;
bool generic_access_mask = false;
if (ace.Type == AceType.MandatoryLabel)
{
mapped_mask = ace.Mask;
access_type = typeof(MandatoryLabelPolicy);
valid_access = 0x7;
}
else if (ace.Flags.HasFlag(AceFlags.InheritOnly))
{
mapped_mask = ace.Mask;
generic_access_mask = true;
valid_access = valid_access
| GenericAccessRights.GenericRead
| GenericAccessRights.GenericWrite
| GenericAccessRights.GenericExecute
| GenericAccessRights.GenericAll;
}
if (access_type != _current_access_type || generic_access_mask != _generic_access_mask)
{
_generic_access_mask = generic_access_mask;
_current_access_type = access_type;
var masks = Win32Utils.GetMaskDictionary(access_type, valid_access, _sdk_names);
var ordered = generic_access_mask ? masks.OrderByDescending(p => p.Key) : masks.OrderBy(p => p.Key);
ListViewItem[] items = ordered.Select(pair =>
{
ListViewItem item = new ListViewItem(pair.Value);
item.SubItems.Add($"0x{pair.Key:X08}");
item.Tag = pair.Key;
return(item);
}
).ToArray();
listViewAccess.Items.Clear();
listViewAccess.Items.AddRange(items);
listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
_read_only_checks = false;
foreach (ListViewItem item in listViewAccess.Items)
{
uint mask = (uint)item.Tag;
item.Checked = (mapped_mask & mask) != 0;
}
_read_only_checks = true;
}
internal override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd.ToSddl(),
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
string[] names = Name;
if (names == null || names.Length == 0)
{
names = ServiceController.GetServices().Select(s => s.ServiceName).ToArray();
}
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(AccessRights);
foreach (string name in names)
{
try
{
var service = ServiceUtils.GetServiceInformation(name);
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(name, granted_access,
service.SecurityDescriptor.ToSddl(), token.Information, service.Triggers));
}
}
}
catch (Win32Exception ex)
{
WriteError(new ErrorRecord(ex, "OpenService", ErrorCategory.OpenError, name));
}
}
}
}
private void listViewAcl_SelectedIndexChanged(object sender, EventArgs e)
{
Ace ace = GetSelectedAce();
if (ace == null)
{
return;
}
Type access_type = _access_type;
AccessMask valid_access = _valid_access;
AccessMask mapped_mask = _mapping.MapMask(ace.Mask) & _valid_access;
if (ace.Type == AceType.MandatoryLabel)
{
mapped_mask = ace.Mask;
access_type = typeof(MandatoryLabelPolicy);
valid_access = 0x7;
}
if (access_type != _current_access_type)
{
_current_access_type = access_type;
ListViewItem[] items = Win32Utils.GetMaskDictionary(access_type, valid_access).Select(pair =>
{
ListViewItem item = new ListViewItem(pair.Value);
item.SubItems.Add($"0x{pair.Key:X08}");
item.Tag = pair.Key;
return(item);
}
).ToArray();
listViewAccess.Items.Clear();
listViewAccess.Items.AddRange(items);
listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAccess.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
_read_only_checks = false;
foreach (ListViewItem item in listViewAccess.Items)
{
uint mask = (uint)item.Tag;
item.Checked = (mapped_mask & mask) != 0;
}
_read_only_checks = true;
}
static AccessMask GetGrantedAccess(SecurityDescriptor sd, NtToken token,
AccessMask specific_rights, GenericMapping generic_mapping)
{
AccessMask granted_access;
specific_rights = generic_mapping.MapMask(specific_rights);
if (specific_rights.HasAccess)
{
granted_access = NtSecurity.GetAllowedAccess(sd, token, specific_rights, generic_mapping);
// As we can get all the rights for the key get maximum
if (granted_access.HasAccess)
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
}
else
{
granted_access = NtSecurity.GetMaximumAccess(sd, token, generic_mapping);
}
return(granted_access);
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
GenericMapping generic_mapping = NtWnf.GenericMapping;
AccessMask access_rights = generic_mapping.MapMask(Access);
var entries = NtWnf.GetRegisteredNotifications();
foreach (var entry in entries)
{
var sd = entry.SecurityDescriptor;
if (sd == null)
{
WriteWarning($"Couldn't query security for WNF Provider {entry.StateName:X016}.");
continue;
}
if (sd.Owner == null)
{
sd.Owner = new SecurityDescriptorSid(new Sid("SY"), false);
}
if (sd.Group == null)
{
sd.Group = new SecurityDescriptorSid(new Sid("SY"), false);
}
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd,
token.Token, generic_mapping);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new WnfAccessCheckResult(entry, granted_access, sd, token.Information));
}
}
}
}
public void MapGeneric(ref Guid pguidObjectType, IntPtr pAceFlags, ref AccessMask pMask)
{
pMask = _mapping.MapMask(pMask);
}
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container)
{
_acl = acl;
_access_type = access_type;
_mapping = mapping;
_valid_access = valid_access;
_is_container = is_container;
if (!acl.HasConditionalAce)
{
listViewAcl.Columns.Remove(columnHeaderCondition);
copyConditionToolStripMenuItem.Visible = false;
}
foreach (var ace in acl)
{
var item = listViewAcl.Items.Add(ace.Type.ToString());
item.SubItems.Add(ace.Sid.Name);
string access;
if (ace.Type == AceType.MandatoryLabel)
{
access = ace.Mask.ToMandatoryLabelPolicy().ToString();
}
else
{
AccessMask mapped_mask = mapping.MapMask(ace.Mask);
mapped_mask = mapping.UnmapMask(mapped_mask);
access = mapped_mask.ToSpecificAccess(access_type).ToString();
}
item.SubItems.Add(access);
item.SubItems.Add(ace.Flags.ToString());
if (ace.IsConditionalAce)
{
item.SubItems.Add(ace.Condition);
}
item.Tag = ace;
switch (ace.Type)
{
case AceType.Allowed:
case AceType.AllowedCallback:
case AceType.AllowedCallbackObject:
case AceType.AllowedObject:
item.BackColor = Color.LightGreen;
break;
case AceType.Denied:
case AceType.DeniedCallback:
case AceType.DeniedCallbackObject:
case AceType.DeniedObject:
item.BackColor = Color.LightSalmon;
break;
case AceType.ProcessTrustLabel:
item.BackColor = Color.LightSkyBlue;
break;
case AceType.MandatoryLabel:
item.BackColor = Color.LightGoldenrodYellow;
break;
case AceType.Audit:
case AceType.AuditCallback:
case AceType.AuditCallbackObject:
case AceType.AuditObject:
item.BackColor = Color.LightCoral;
break;
}
}
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
/// <summary>
/// Set ACL for control.
/// </summary>
/// <param name="acl">The ACL to view.</param>
/// <param name="access_type">The enum type for the view.</param>
/// <param name="mapping">Generic mapping for the type.</param>
/// <param name="valid_access">The valid bit mask for access for this type.</param>
/// <param name="is_container">True to indicate this object is a container.</param>
/// <param name="sdk_names">Show the ACEs using SDK style names.</param>
public void SetAcl(Acl acl, Type access_type, GenericMapping mapping, AccessMask valid_access, bool is_container, bool sdk_names)
{
_acl = acl;
_access_type = access_type;
_mapping = mapping;
_valid_access = valid_access;
_is_container = is_container;
_sdk_names = sdk_names;
showSDKNamesToolStripMenuItem.Checked = sdk_names;
bool has_conditional_ace = false;
bool has_inherited_object_ace = false;
bool has_object_ace = false;
List <string> flags = new List <string>();
if (acl.Defaulted)
{
flags.Add("Defaulted");
}
if (acl.Protected)
{
flags.Add("Protected");
}
if (acl.AutoInherited)
{
flags.Add("AutoInherited");
}
if (acl.AutoInheritReq)
{
flags.Add("AutoInheritReq");
}
if (flags.Count > 0)
{
lblFlags.Text = $"Flags: {string.Join(", ", flags)}";
}
else
{
lblFlags.Text = "Flags: None";
}
if (acl.NullAcl)
{
lblFlags.Text += Environment.NewLine + "NULL ACL";
listViewAcl.Visible = false;
listViewAccess.Visible = false;
groupBoxAclEntries.Visible = false;
groupBoxAccess.Visible = false;
return;
}
listViewAcl.Items.Clear();
listViewAcl.Visible = true;
listViewAccess.Visible = true;
listViewAccess.Items.Clear();
_current_access_type = null;
groupBoxAclEntries.Visible = true;
groupBoxAccess.Visible = true;
foreach (var ace in acl)
{
if (ace.IsConditionalAce)
{
has_conditional_ace = true;
}
if (ace.IsObjectAce)
{
if (ace.ObjectType.HasValue)
{
has_object_ace = true;
}
if (ace.InheritedObjectType.HasValue)
{
has_inherited_object_ace = true;
}
}
}
if (!has_conditional_ace)
{
listViewAcl.Columns.Remove(columnHeaderCondition);
copyConditionToolStripMenuItem.Visible = false;
}
if (!has_object_ace)
{
listViewAcl.Columns.Remove(columnHeaderObject);
}
if (!has_inherited_object_ace)
{
listViewAcl.Columns.Remove(columnHeaderInheritedObject);
}
foreach (var ace in acl)
{
var item = listViewAcl.Items.Add(sdk_names ? NtSecurity.AceTypeToSDKName(ace.Type) : ace.Type.ToString());
item.SubItems.Add(ace.Sid.Name);
string access;
if (ace.Type == AceType.MandatoryLabel)
{
access = NtSecurity.AccessMaskToString(ace.Mask.ToMandatoryLabelPolicy(), sdk_names);
}
else if (ace.Flags.HasFlag(AceFlags.InheritOnly))
{
access = NtSecurity.AccessMaskToString(ace.Mask.ToSpecificAccess(access_type), sdk_names);
}
else
{
AccessMask mapped_mask = mapping.MapMask(ace.Mask);
mapped_mask = mapping.UnmapMask(mapped_mask);
access = NtSecurity.AccessMaskToString(mapped_mask.ToSpecificAccess(access_type), sdk_names);
}
item.SubItems.Add(access);
item.SubItems.Add(sdk_names ? NtSecurity.AceFlagsToSDKName(ace.Flags) : ace.Flags.ToString());
if (has_conditional_ace)
{
item.SubItems.Add(ace.Condition);
}
if (has_object_ace)
{
item.SubItems.Add(ace.ObjectType?.ToString() ?? string.Empty);
}
if (has_inherited_object_ace)
{
item.SubItems.Add(ace.InheritedObjectType?.ToString() ?? string.Empty);
}
item.Tag = ace;
switch (ace.Type)
{
case AceType.Allowed:
case AceType.AllowedCallback:
case AceType.AllowedCallbackObject:
case AceType.AllowedObject:
item.BackColor = Color.LightGreen;
break;
case AceType.Denied:
case AceType.DeniedCallback:
case AceType.DeniedCallbackObject:
case AceType.DeniedObject:
item.BackColor = Color.LightSalmon;
break;
case AceType.ProcessTrustLabel:
item.BackColor = Color.LightSkyBlue;
break;
case AceType.MandatoryLabel:
item.BackColor = Color.LightGoldenrodYellow;
break;
case AceType.Audit:
case AceType.AuditCallback:
case AceType.AuditCallbackObject:
case AceType.AuditObject:
item.BackColor = Color.LightCoral;
break;
}
}
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.ColumnContent);
listViewAcl.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize);
}
private protected override void RunAccessCheck(IEnumerable <TokenEntry> tokens)
{
if (CheckScmAccess)
{
SecurityDescriptor sd = ServiceUtils.GetScmSecurityDescriptor();
GenericMapping scm_mapping = ServiceUtils.GetScmGenericMapping();
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(sd, token.Token, scm_mapping);
WriteAccessCheckResult("SCM", "SCM", granted_access, scm_mapping, sd,
typeof(ServiceControlManagerAccessRights), false, token.Information);
}
}
else
{
IEnumerable <Win32Service> services = GetServices();
InternalGetAccessibleFileCmdlet file_cmdlet = null;
HashSet <string> checked_files = new HashSet <string>(StringComparer.OrdinalIgnoreCase);
if (CheckFiles)
{
file_cmdlet = new InternalGetAccessibleFileCmdlet(this)
{
FormatWin32Path = true
};
}
GenericMapping service_mapping = ServiceUtils.GetServiceGenericMapping();
AccessMask access_rights = service_mapping.MapMask(Access);
foreach (var service in services.Where(s => s?.SecurityDescriptor != null))
{
foreach (TokenEntry token in tokens)
{
AccessMask granted_access = NtSecurity.GetMaximumAccess(service.SecurityDescriptor,
token.Token, service_mapping);
ServiceAccessRights trigger_access = GetTriggerAccess(service, token.Token);
if (IsAccessGranted(granted_access, access_rights))
{
WriteObject(new ServiceAccessCheckResult(service.Name, granted_access | trigger_access,
service.SecurityDescriptor, token.Information, trigger_access,
granted_access.ToSpecificAccess <ServiceAccessRights>(), service));
}
}
if (CheckFiles)
{
if (!string.IsNullOrWhiteSpace(service.ImagePath) &&
File.Exists(service.ImagePath) &&
checked_files.Add(service.ImagePath))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ImagePath);
}
if (!string.IsNullOrWhiteSpace(service.ServiceDll) &&
File.Exists(service.ServiceDll) &&
checked_files.Add(service.ServiceDll))
{
file_cmdlet.RunAccessCheckPathInternal(tokens, service.ServiceDll);
}
}
}
}
}
