private void DumpFile(IEnumerable <TokenEntry> tokens, AccessMask access_rights, AccessMask dir_access_rights, SecurityDescriptor parent_sd, NtFile file) { bool directory = IsDirectoryNoThrow(file); if (CheckMode != FileCheckMode.All) { if ((CheckMode == FileCheckMode.FilesOnly && directory) || (CheckMode == FileCheckMode.DirectoriesOnly && !directory)) { return; } } AccessMask desired_access = directory ? dir_access_rights : access_rights; var result = file.GetSecurityDescriptor(SecurityInformation.AllBasic, false); if (result.IsSuccess) { foreach (var token in tokens) { CheckAccess(token, file, desired_access, result.Result, parent_sd); } } else { // If we can't read security descriptor then try opening the key. foreach (var token in tokens) { CheckAccessUnderImpersonation(token, desired_access, file); } } }
private void DumpDirectory(IEnumerable <TokenEntry> tokens, AccessMask access_rights, AccessMask dir_access_rights, NtFile file, FileOpenOptions options, int current_depth) { if (Stopping || current_depth <= 0) { return; } var parent_sd = file.GetSecurityDescriptor(SecurityInformation.AllBasic, false); if (Recurse) { using (var result = file.ReOpen(FileAccessRights.Synchronize | FileAccessRights.ReadData | FileAccessRights.ReadAttributes, FileShareMode.Read | FileShareMode.Delete, options | FileOpenOptions.DirectoryFile | FileOpenOptions.SynchronousIoNonAlert, false)) { if (result.Status.IsSuccess()) { foreach (var entry in result.Result.QueryDirectoryInfo()) { if (CheckMode == FileCheckMode.DirectoriesOnly && !entry.IsDirectory) { continue; } NtFile base_file = result.Result; string filename = entry.FileName; if (filename.Contains(@"\")) { filename = base_file.FullPath + filename; base_file = null; } using (var new_file = OpenFile(filename, base_file, options)) { if (new_file.IsSuccess) { DumpFile(tokens, access_rights, dir_access_rights, parent_sd.IsSuccess ? parent_sd.Result : null, new_file.Result); if (IsDirectoryNoThrow(new_file.Result)) { DumpDirectory(tokens, access_rights, dir_access_rights, new_file.Result, options, current_depth - 1); } } } } } } } }
static void CheckAccess(string full_path, NtFile entry) { try { SecurityDescriptor sd = entry.GetSecurityDescriptor(SecurityInformation.AllBasic); if (sd != null) { bool is_dir = entry.IsDirectory; uint granted_access; if (is_dir && _dir_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _dir_filter, sd.ToByteArray()); } else if (!is_dir && _file_filter != 0) { granted_access = NtSecurity.GetAllowedAccess(_token, _type, _file_filter, sd.ToByteArray()); } else { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (granted_access != 0) { // Now reget maximum access rights if (_dir_filter != 0 || _file_filter != 0) { granted_access = NtSecurity.GetMaximumAccess(_token, _type, sd.ToByteArray()); } if (!_show_write_only || _type.HasWritePermission(granted_access)) { Console.WriteLine("{0}{1} : {2:X08} {3}", full_path.TrimEnd('\\'), is_dir ? "\\" : "", granted_access, AccessMaskToString(granted_access, is_dir)); if (_print_sddl) { Console.WriteLine("{0}", sd.ToSddl()); } } } } } catch { } }
private void CheckAccess(TokenEntry token, AccessMask access_rights, string path, NtFile file) { var sd = file.GetSecurityDescriptor(SecurityInformation.AllBasic, false); if (!sd.IsSuccess) { return; } AccessMask granted_access = NtSecurity.GetMaximumAccess(sd.Result, token.Token, _file_type.GenericMapping); if (IsAccessGranted(granted_access, access_rights)) { WriteAccessCheckResult(FormatPath(path, FormatWin32Path), "NamedPipe", granted_access, _file_type.GenericMapping, sd.Result, typeof(FileAccessRights), false, token.Information); } }