Extracting a Security Descriptor accurately ...

Lubster 0 Newbie Poster

13 Years Ago

Hey all, I'm as new as it gets.
My goal is to extract and store NTFS permissions (files/directories), for the purpose of restoring them on-demand (using Windows XP SP3).

I read all around the subject, (specially over MSDN), and I managed to make a working code via the SDDL format. After the fact, I realized that this format is not IDENTICAL to the original descriptor.

As these samples: http://msdn.microsoft.com/en-us/library/aa379570%28VS.85%29.aspx clearly shows it won't store "Revision", "Control"... therefore it doesn't even recognize between an Empty DACL and a NULL DACL.

I would like to store the descriptor as-is. which means when I'll restore it - it will be IDENTICAL to the source.

I found GetSecurityDescriptorLength(), and added a sample of the code I achieved while exporting the SDDL format. Would appreciate any guidance regards how to store the descriptor as-is.

Thanks!
Lubster

#include <stdio.h>

#include <windows.h>
#include "accctrl.h"
#include "aclapi.h"
#include "sddl.h"

/* I'm compiling under XP, while LABEL_* belongs to >=Vista? */
#define LABEL_SECURITY_INFORMATION (0x00000010L)

int main (void)
{
  LPTSTR filename;
  DWORD lasterror;

  PSECURITY_DESCRIPTOR PSecurityD = NULL;
  LPTSTR PSecurityD_str;
  ULONG PSecurityD_strlen;

  HANDLE ProcessHandle =	NULL;
  TOKEN_PRIVILEGES TPrivileges;
  LUID luid;

  /* Setting SE_PRIVILEGE_ENABLED for the purpose of extracting SACL */
  if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &ProcessHandle) == 0) {
    lasterror = GetLastError();
    fprintf(stderr,"OpenProcessToken() error: %lu\n", lasterror); 
    return 1;
  }

  if (LookupPrivilegeValue(NULL, SE_SECURITY_NAME, &luid) == 0) {
    lasterror = GetLastError();
    fprintf(stderr,"LookupPrivilegeValue() error: %lu\n", lasterror); 
    return 1;
  }

  TPrivileges.PrivilegeCount = 1;
  TPrivileges.Privileges[0].Luid = luid;
  TPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

  if (AdjustTokenPrivileges(ProcessHandle, FALSE, &TPrivileges, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) == 0) {
    lasterror = GetLastError();
    fprintf(stderr,"AdjustTokenPrivileges() error: %lu\n", lasterror); 
    return 1;
  } 

  lasterror = GetLastError();
  if (lasterror == ERROR_NOT_ALL_ASSIGNED)	{
    fprintf(stderr,"AdjustTokenPrivilege() failed: ERROR_NOT_ALL_ASSIGNED.\n");
    return 1;
  }
  CloseHandle(ProcessHandle);

/* End of SE_PRIVILEGE_ENABLED section. */



  filename = malloc(strlen("c:\\boot.ini") +1);
  strcpy(filename,"c:\\boot.ini");

  lasterror = GetNamedSecurityInfo(filename, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION |
                               GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | 
                               SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
                               NULL, NULL, NULL, NULL, &PSecurityD);
    if (lasterror != ERROR_SUCCESS) {
    fprintf(stderr,"GetNamedSecurityInfo() error: %lu\n", lasterror);
  } else {
    ConvertSecurityDescriptorToStringSecurityDescriptor(PSecurityD, SDDL_REVISION_1, 
                          OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | 
                          DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | 
                          LABEL_SECURITY_INFORMATION, &PSecurityD_str, &PSecurityD_strlen);
    printf("PSecurityD_str: %s\n",PSecurityD_str);
    printf("PSecurityD_strlen: %ld\n",PSecurityD_strlen);
  }
  return 0;
}

c ntfs

Edited 13 Years Ago by Lubster because: Syntax

1 Contributor
0 Replies
126 Views

Be the first to reply

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Extracting a Security Descriptor accurately - NTFS