Hey all, I'm as new as it gets.
My goal is to extract and store NTFS permissions (files/directories), for the purpose of restoring them on-demand (using Windows XP SP3).
I read all around the subject, (specially over MSDN), and I managed to make a working code via the SDDL format. After the fact, I realized that this format is not IDENTICAL to the original descriptor.
As these samples: http://msdn.microsoft.com/en-us/library/aa379570%28VS.85%29.aspx clearly shows it won't store "Revision", "Control"... therefore it doesn't even recognize between an Empty DACL and a NULL DACL.
I would like to store the descriptor as-is. which means when I'll restore it - it will be IDENTICAL to the source.
I found GetSecurityDescriptorLength(), and added a sample of the code I achieved while exporting the SDDL format. Would appreciate any guidance regards how to store the descriptor as-is.
Thanks!
Lubster
#include <stdio.h>
#include <windows.h>
#include "accctrl.h"
#include "aclapi.h"
#include "sddl.h"
/* I'm compiling under XP, while LABEL_* belongs to >=Vista? */
#define LABEL_SECURITY_INFORMATION (0x00000010L)
int main (void)
{
LPTSTR filename;
DWORD lasterror;
PSECURITY_DESCRIPTOR PSecurityD = NULL;
LPTSTR PSecurityD_str;
ULONG PSecurityD_strlen;
HANDLE ProcessHandle = NULL;
TOKEN_PRIVILEGES TPrivileges;
LUID luid;
/* Setting SE_PRIVILEGE_ENABLED for the purpose of extracting SACL */
if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &ProcessHandle) == 0) {
lasterror = GetLastError();
fprintf(stderr,"OpenProcessToken() error: %lu\n", lasterror);
return 1;
}
if (LookupPrivilegeValue(NULL, SE_SECURITY_NAME, &luid) == 0) {
lasterror = GetLastError();
fprintf(stderr,"LookupPrivilegeValue() error: %lu\n", lasterror);
return 1;
}
TPrivileges.PrivilegeCount = 1;
TPrivileges.Privileges[0].Luid = luid;
TPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (AdjustTokenPrivileges(ProcessHandle, FALSE, &TPrivileges, sizeof(TOKEN_PRIVILEGES), (PTOKEN_PRIVILEGES) NULL, (PDWORD) NULL) == 0) {
lasterror = GetLastError();
fprintf(stderr,"AdjustTokenPrivileges() error: %lu\n", lasterror);
return 1;
}
lasterror = GetLastError();
if (lasterror == ERROR_NOT_ALL_ASSIGNED) {
fprintf(stderr,"AdjustTokenPrivilege() failed: ERROR_NOT_ALL_ASSIGNED.\n");
return 1;
}
CloseHandle(ProcessHandle);
/* End of SE_PRIVILEGE_ENABLED section. */
filename = malloc(strlen("c:\\boot.ini") +1);
strcpy(filename,"c:\\boot.ini");
lasterror = GetNamedSecurityInfo(filename, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
SACL_SECURITY_INFORMATION | LABEL_SECURITY_INFORMATION,
NULL, NULL, NULL, NULL, &PSecurityD);
if (lasterror != ERROR_SUCCESS) {
fprintf(stderr,"GetNamedSecurityInfo() error: %lu\n", lasterror);
} else {
ConvertSecurityDescriptorToStringSecurityDescriptor(PSecurityD, SDDL_REVISION_1,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION |
LABEL_SECURITY_INFORMATION, &PSecurityD_str, &PSecurityD_strlen);
printf("PSecurityD_str: %s\n",PSecurityD_str);
printf("PSecurityD_strlen: %ld\n",PSecurityD_strlen);
}
return 0;
}