Created
July 29, 2014 17:10
-
-
Save petrsnd/e94c6100c9f2c8c6df10 to your computer and use it in GitHub Desktop.
SetOwner demonstrating that I cannot change the file owner on disk.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <Windows.h> | |
#include <AclAPI.h> | |
#include <Sddl.h> | |
#include <stdio.h> | |
static | |
BOOL | |
SetPrivilege(HANDLE hToken, LPCTSTR lpszPrivilege, BOOL bEnablePrivilege) { | |
TOKEN_PRIVILEGES newState = { 0 }; | |
LUID luid; | |
if (!LookupPrivilegeValue(NULL, lpszPrivilege, &luid)) { | |
return FALSE; | |
} | |
newState.PrivilegeCount = 1; | |
newState.Privileges[0].Luid = luid; | |
if (bEnablePrivilege) { | |
newState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; | |
} | |
else { | |
newState.Privileges[0].Attributes = 0; | |
} | |
/* If this returns a failure then your process does not have the ability to grant the privilege. */ | |
if (!AdjustTokenPrivileges(hToken, FALSE, &newState, sizeof(TOKEN_PRIVILEGES), NULL, NULL)) { | |
return FALSE; | |
} | |
if (GetLastError() == ERROR_NOT_ALL_ASSIGNED) { | |
return FALSE; | |
} | |
return TRUE; | |
} | |
static | |
PSID | |
GetGuestSid() { | |
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; | |
int ret = ERROR_SUCCESS; | |
PSID guest = NULL; | |
AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_USER_RID_GUEST, 0, 0, 0, 0, 0, 0, &guest); | |
return guest; | |
} | |
static BYTE s_admins[SECURITY_MAX_SID_SIZE] = { 0 }; | |
static | |
PSID | |
GetAdministratorsSid() { | |
DWORD sz = SECURITY_MAX_SID_SIZE; | |
CreateWellKnownSid(WinBuiltinAdministratorsSid, NULL, (PSID)s_admins, &sz); | |
return (PSID)s_admins; | |
} | |
static | |
void | |
PrintSecurityDescriptor(PSECURITY_DESCRIPTOR desc, SECURITY_INFORMATION info) { | |
PSID sid = NULL; | |
BOOL inherited = FALSE; | |
LPTSTR str = NULL; | |
ULONG len = 0; | |
ConvertSecurityDescriptorToStringSecurityDescriptor(desc, 1, info, &str, &len); | |
fwprintf(stdout, L"\r\nSecurity Descriptor\r\n%s\r\n", str); | |
LocalFree(str); | |
GetSecurityDescriptorOwner(desc, &sid, &inherited); | |
ConvertSidToStringSid(sid, &str); | |
fwprintf(stdout, L"Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false"); | |
LocalFree(str); | |
GetSecurityDescriptorGroup(desc, &sid, &inherited); | |
ConvertSidToStringSid(sid, &str); | |
fwprintf(stdout, L"Group Owner: %s (%s)\r\n", str, inherited ? L"true" : L"false"); | |
LocalFree(str); | |
} | |
static | |
void | |
ReportFileOwnership(wchar_t* filename, SECURITY_INFORMATION info) { | |
DWORD bufSize = 0; | |
GetFileSecurity(filename, info, NULL, 0, &bufSize); | |
PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE)); | |
GetFileSecurity(filename, info, desc, bufSize, &bufSize); | |
fwprintf(stdout, L"\r\nNew ownership reported as:\r\n"); | |
PrintSecurityDescriptor(desc, info); | |
free(desc); | |
} | |
int | |
wmain(int argc, wchar_t* argv[]) { | |
wchar_t* filename = L"test.txt"; | |
HANDLE hFile = CreateFile(filename, GENERIC_READ | GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL); | |
HANDLE hToken = NULL; | |
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken); | |
SetPrivilege(hToken, SE_BACKUP_NAME, TRUE); | |
SetPrivilege(hToken, SE_RESTORE_NAME, TRUE); | |
SetPrivilege(hToken, SE_SECURITY_NAME, TRUE); | |
SetPrivilege(hToken, SE_TAKE_OWNERSHIP_NAME, TRUE); | |
DWORD bufSize = 0; | |
SECURITY_INFORMATION info = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION; | |
GetKernelObjectSecurity(hFile, info, NULL, 0, &bufSize); /* get buffer size */ | |
PSECURITY_DESCRIPTOR desc = (PSECURITY_DESCRIPTOR)calloc(bufSize, sizeof(BYTE)); | |
GetKernelObjectSecurity(hFile, info, desc, bufSize, &bufSize); | |
TRUSTEE trustee = { 0 }; | |
/* PSID guestSid = GetGuestSid(); */ | |
PSID adminsSid = GetAdministratorsSid(); | |
BuildTrusteeWithSid(&trustee, adminsSid); | |
PSECURITY_DESCRIPTOR newdesc = NULL; | |
BuildSecurityDescriptor(&trustee, NULL, 0, NULL, 0, NULL, desc, &bufSize, &newdesc); | |
fwprintf(stdout, L"Current Security is:\r\n"); | |
PrintSecurityDescriptor(desc, info); | |
fwprintf(stdout, L"\r\n\r\nConverting Security to:\r\n"); | |
PrintSecurityDescriptor(newdesc, info); | |
int ret = ERROR_SUCCESS; | |
if (SetKernelObjectSecurity(hFile, info, newdesc)) { | |
ret = GetLastError(); | |
} | |
/* FreeSid(guestSid); */ | |
LocalFree(newdesc); | |
CloseHandle(hToken); | |
CloseHandle(hFile); | |
if (ret == ERROR_SUCCESS) { | |
fwprintf(stdout, L"\r\nOperation succeeded.\r\n"); | |
ReportFileOwnership(filename, info); | |
} | |
else { | |
fwprintf(stderr, L"\r\nOperation failed!\r\n"); | |
} | |
return ret; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment