diff options
Diffstat (limited to 'sandbox/win/tools/finder/finder.h')
-rw-r--r-- | sandbox/win/tools/finder/finder.h | 143 |
1 files changed, 0 insertions, 143 deletions
diff --git a/sandbox/win/tools/finder/finder.h b/sandbox/win/tools/finder/finder.h deleted file mode 100644 index 23255cea43..0000000000 --- a/sandbox/win/tools/finder/finder.h +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef SANDBOX_TOOLS_FINDER_FINDER_H__ -#define SANDBOX_TOOLS_FINDER_FINDER_H__ - -#include "sandbox/win/src/restricted_token_utils.h" -#include "sandbox/win/tools/finder/ntundoc.h" - -// Type of stats that we calculate during the Scan operation -enum Stats { - READ = 0, // Number of objects with read access - WRITE, // Number of objects with write access - ALL, // Number of objects with r/w access - PARSE, // Number of objects parsed - BROKEN, // Number of errors while parsing the objects - SIZE_STATS // size of the enum -}; - -const int kScanRegistry = 0x01; -const int kScanFileSystem = 0x02; -const int kScanKernelObjects = 0x04; - -const int kTestForRead = 0x01; -const int kTestForWrite = 0x02; -const int kTestForAll = 0x04; - -#define FS_ERR L"FILE-ERROR" -#define OBJ_ERR L"OBJ-ERROR" -#define REG_ERR L"REG_ERROR" -#define OBJ L"OBJ" -#define FS L"FILE" -#define REG L"REG" - -// The impersonater class will impersonate a token when the object is created -// and revert when the object is going out of scope. -class Impersonater { - public: - Impersonater(HANDLE token_handle) { - if (token_handle) - ::ImpersonateLoggedOnUser(token_handle); - }; - ~Impersonater() { - ::RevertToSelf(); - }; -}; - -// The finder class handles the search of objects (file system, registry, kernel -// objects) on the system that can be opened by a restricted token. It can -// support multiple levels of restriction for the restricted token and can check -// for read, write or r/w access. It outputs the results to a file or stdout. -class Finder { - public: - Finder(); - ~Finder(); - DWORD Init(sandbox::TokenLevel token_type, DWORD object_type, - DWORD access_type, FILE *file_output); - DWORD Scan(); - - private: - // Parses a file system path and perform an access check on all files and - // folder found. - // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the - // win32 error code associated with the error. - DWORD ParseFileSystem(ATL::CString path); - - // Parses a registry hive referenced by "key" and performs an access check on - // all subkeys found. - // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the - // win32 error code associated with the error. - DWORD ParseRegistry(HKEY key, ATL::CString print_name); - - // Parses the kernel namespace beginning at "path" and performs an access - // check on all objects found. However, only some object types are supported, - // all non supported objects are ignored. - // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the - // win32 error code associated with the error. - DWORD ParseKernelObjects(ATL::CString path); - - // Checks if "path" can be accessed with the restricted token. - // Returns the access granted. - DWORD TestFileAccess(ATL::CString path); - - // Checks if the registry key with the path key\name can be accessed with the - // restricted token. - // print_name is only use for logging purpose. - // Returns the access granted. - DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name); - - // Checks if the kernel object "path" of type "type" can be accessed with - // the restricted token. - // Returns the access granted. - DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type); - - // Outputs information to the logfile - void Output(ATL::CString type, ATL::CString access, ATL::CString info) { - fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(), - info.GetBuffer()); - }; - - // Output information to the log file. - void Output(ATL::CString type, DWORD error, ATL::CString info) { - fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error, - info.GetBuffer()); - }; - - // Set func_to_call to the function pointer of the function used to handle - // requests for the kernel objects of type "type". If the type is not - // supported at the moment the function returns false and the func_to_call - // parameter is not modified. - bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call); - - // Initializes the NT function pointers to be able to use all the needed - // functions in NTDDL. - // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the - // win32 error code associated with the error. - DWORD InitNT(); - - // Calls func_to_call with the parameters desired_access, object_attributes - // and handle. func_to_call is a pointer to a function to open a kernel - // object. - NTSTATUS NtGenericOpen(ACCESS_MASK desired_access, - OBJECT_ATTRIBUTES *object_attributes, - NTGENERICOPEN func_to_call, - HANDLE *handle); - - // Type of object to check for. - DWORD object_type_; - // Access to try. - DWORD access_type_; - // Output file for the results. - FILE * file_output_; - // Handle to the restricted token. - HANDLE token_handle_; - // Stats containing the number of operations performed on the different - // objects. - int filesystem_stats_[SIZE_STATS]; - int registry_stats_[SIZE_STATS]; - int kernel_object_stats_[SIZE_STATS]; -}; - -#endif // SANDBOX_TOOLS_FINDER_FINDER_H__ |