C++程序  |  144行  |  5.23 KB

// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#ifndef SANDBOX_TOOLS_FINDER_FINDER_H__
#define SANDBOX_TOOLS_FINDER_FINDER_H__

#include "sandbox/win/src/restricted_token_utils.h"
#include "sandbox/win/tools/finder/ntundoc.h"

// Type of stats that we calculate during the Scan operation
enum Stats {
  READ = 0,     // Number of objects with read access
  WRITE,        // Number of objects with write access
  ALL,          // Number of objects with r/w access
  PARSE,        // Number of objects parsed
  BROKEN,       // Number of errors while parsing the objects
  SIZE_STATS    // size of the enum
};

const int kScanRegistry       = 0x01;
const int kScanFileSystem     = 0x02;
const int kScanKernelObjects  = 0x04;

const int kTestForRead        = 0x01;
const int kTestForWrite       = 0x02;
const int kTestForAll         = 0x04;

#define FS_ERR L"FILE-ERROR"
#define OBJ_ERR L"OBJ-ERROR"
#define REG_ERR L"REG_ERROR"
#define OBJ L"OBJ"
#define FS L"FILE"
#define REG L"REG"

// The impersonater class will impersonate a token when the object is created
// and revert when the object is going out of scope.
class Impersonater {
 public:
  Impersonater(HANDLE token_handle) {
    if (token_handle)
      ::ImpersonateLoggedOnUser(token_handle);
  };
  ~Impersonater() {
    ::RevertToSelf();
  };
};

// The finder class handles the search of objects (file system, registry, kernel
// objects) on the system that can be opened by a restricted token. It can
// support multiple levels of restriction for the restricted token and can check
// for read, write or r/w access. It outputs the results to a file or stdout.
class Finder {
 public:
  Finder();
  ~Finder();
  DWORD Init(sandbox::TokenLevel token_type, DWORD object_type,
             DWORD access_type, FILE *file_output);
  DWORD Scan();

 private:
  // Parses a file system path and perform an access check on all files and
  // folder found.
  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
  // win32 error code associated with the error.
  DWORD ParseFileSystem(ATL::CString path);

  // Parses a registry hive referenced by "key" and performs an access check on
  // all subkeys found.
  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
  // win32 error code associated with the error.
  DWORD ParseRegistry(HKEY key, ATL::CString print_name);

  // Parses the kernel namespace beginning at "path" and performs an access
  // check on all objects found.  However, only some object types are supported,
  // all non supported objects are ignored.
  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
  // win32 error code associated with the error.
  DWORD ParseKernelObjects(ATL::CString path);

  // Checks if "path" can be accessed with the restricted token.
  // Returns the access granted.
  DWORD TestFileAccess(ATL::CString path);

  // Checks if the registry key with the path key\name can be accessed with the
  // restricted token.
  // print_name is only use for logging purpose.
  // Returns the access granted.
  DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name);

  // Checks if the kernel object "path" of type "type" can be accessed with
  // the restricted token.
  // Returns the access granted.
  DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type);

  // Outputs information to the logfile
  void Output(ATL::CString type, ATL::CString access, ATL::CString info) {
    fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(),
            info.GetBuffer());
  };

  // Output information to the log file.
  void Output(ATL::CString type, DWORD error, ATL::CString info) {
    fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error,
            info.GetBuffer());
  };

  // Set func_to_call to the function pointer of the function used to handle
  // requests for the kernel objects of type "type". If the type is not
  // supported at the moment the function returns false and the func_to_call
  // parameter is not modified.
  bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call);

  // Initializes the NT function pointers to be able to use all the needed
  // functions in NTDDL.
  // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
  // win32 error code associated with the error.
  DWORD InitNT();

  // Calls func_to_call with the parameters desired_access, object_attributes
  // and handle.  func_to_call is a pointer to a function to open a kernel
  // object.
  NTSTATUS NtGenericOpen(ACCESS_MASK desired_access,
                         OBJECT_ATTRIBUTES *object_attributes,
                         NTGENERICOPEN func_to_call,
                         HANDLE *handle);

  // Type of object to check for.
  DWORD object_type_;
  // Access to try.
  DWORD access_type_;
  // Output file for the results.
  FILE * file_output_;
  // Handle to the restricted token.
  HANDLE token_handle_;
  // Stats containing the number of operations performed on the different
  // objects.
  int filesystem_stats_[SIZE_STATS];
  int registry_stats_[SIZE_STATS];
  int kernel_object_stats_[SIZE_STATS];
};

#endif  // SANDBOX_TOOLS_FINDER_FINDER_H__