diff --git a/UI/MySecInfo.cpp b/UI/MySecInfo.cpp index 497495435..a7b369569 100644 --- a/UI/MySecInfo.cpp +++ b/UI/MySecInfo.cpp @@ -204,9 +204,8 @@ namespace mapi::mapiui } // Dump our SD - auto sd = SDToString(std::vector(lpSDBuffer, lpSDBuffer + cbSBBuffer), m_acetype); - output::DebugPrint( - output::dbgLevel::Generic, L"sdInfo: %ws\nszDACL: %ws\n", sd.info.c_str(), sd.dacl.c_str()); + auto sd = NTSDToString(std::vector(lpSDBuffer, lpSDBuffer + cbSBBuffer), m_acetype); + output::DebugPrint(output::dbgLevel::Generic, L"sd: %ws", sd.c_str()); } } diff --git a/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat b/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat new file mode 100644 index 000000000..cba248369 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/ACECONTAINER-1.dat @@ -0,0 +1 @@ +00092400a9081200010500000000000515000000371a6c07352f372aad20fa5b01930100 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/ACEFB-1.dat b/UnitTest/SmartViewTestData/In/ACEFB-1.dat new file mode 100644 index 000000000..8b6450044 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/ACEFB-1.dat @@ -0,0 +1,4 @@ +06 1f 3800 03000000 ffffffff +0A0D0200-0000-0000-C000-000000000046 +C02EBC53-53D9-CD11-9752-00AA004AE40E +01 01 000000000005 0B000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat b/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat new file mode 100644 index 000000000..99bf9ebb9 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/ACEMESSAGE-1.dat @@ -0,0 +1,4 @@ +05 1f 3800 a9081200 ffffffff +0A0D0200-0000-0000-C000-000000000046 +C02EBC53-53D9-CD11-9752-00AA004AE40E +FF 01 000000000005 0B000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat b/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat new file mode 100644 index 000000000..3ee63f83b --- /dev/null +++ b/UnitTest/SmartViewTestData/In/ACEMESSAGE-2.dat @@ -0,0 +1 @@ +01 09 1400 a9081200 01 01 000000000005 0B000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/ACL-1.dat b/UnitTest/SmartViewTestData/In/ACL-1.dat new file mode 100644 index 000000000..b140ac32f --- /dev/null +++ b/UnitTest/SmartViewTestData/In/ACL-1.dat @@ -0,0 +1,7 @@ +0200E000 0600 0000 +00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 +00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/NTSD-1.dat b/UnitTest/SmartViewTestData/In/NTSD-1.dat new file mode 100644 index 000000000..4b4dc30b4 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/NTSD-1.dat @@ -0,0 +1,27 @@ +0800 +0300 +00000000 + +01 +00 +0780 +F4000000 +00010000 +00000000 +14000000 + +02 +00 +E000 +0600 +0000 +00092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B01930100 +0109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 +00022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B01930100 +0102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 + +010100000000000512000000 + +01020000000000052000000020020000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-2.dat b/UnitTest/SmartViewTestData/In/NTSD-2.dat similarity index 100% rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-2.dat rename to UnitTest/SmartViewTestData/In/NTSD-2.dat diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-3.dat b/UnitTest/SmartViewTestData/In/NTSD-3.dat similarity index 100% rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-3.dat rename to UnitTest/SmartViewTestData/In/NTSD-3.dat diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-4.dat b/UnitTest/SmartViewTestData/In/NTSD-4.dat similarity index 100% rename from UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-4.dat rename to UnitTest/SmartViewTestData/In/NTSD-4.dat diff --git a/UnitTest/SmartViewTestData/In/NTSD-5.dat b/UnitTest/SmartViewTestData/In/NTSD-5.dat new file mode 100644 index 000000000..521a9baf8 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/NTSD-5.dat @@ -0,0 +1 @@ +0A00B07ABB6079AB2082C760 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat b/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat index 49001e52b..b38ed64ee 100644 --- a/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat +++ b/UnitTest/SmartViewTestData/In/SECURITYDESCRIPTOR-1.dat @@ -1 +1,14 @@ -080003000000000001000780F40000000001000000000000140000000200E0000600000000092400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000109240016071F00010500000000000515000000371A6C07352F372AAD20FA5B0193010001092400BF0F1F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0000022400A9081200010500000000000515000000371A6C07352F372AAD20FA5B019301000102240016C90D00010500000000000515000000371A6C07352F372AAD20FA5B0193010001022400BFC91F00010500000000000515000000271A6C07352F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000 \ No newline at end of file +01000780 +F4000000 +00010000 +00000000 +14000000 +0200E000 0600 0000 +00 09 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 09 2400 16071F00 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 09 2400 BF0F1F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 +00 02 2400 A9081200 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 02 2400 16C90D00 010500000000000515000000371A6C07352F372AAD20FA5B01930100 +01 02 2400 BFC91F00 010500000000000515000000271A6C07352F372AAD20FA5BAA830B00 +010100000000000512000000 +01020000000000052000000020020000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/SID-6.dat b/UnitTest/SmartViewTestData/In/SID-6.dat new file mode 100644 index 000000000..b87983f47 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/SID-6.dat @@ -0,0 +1 @@ +FF 01 000000000005 0B000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/In/SID-7.dat b/UnitTest/SmartViewTestData/In/SID-7.dat new file mode 100644 index 000000000..a0b900326 --- /dev/null +++ b/UnitTest/SmartViewTestData/In/SID-7.dat @@ -0,0 +1 @@ +010500000000000515000000A065CF7E784B9B5FE77C8770E7871F00123456 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat new file mode 100644 index 000000000..28cf519a4 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/ACECONTAINER-out-1.dat @@ -0,0 +1,16 @@ +ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightListContents | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat new file mode 100644 index 000000000..d900892de --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/ACEFB-out-1.dat @@ -0,0 +1,15 @@ +ACE + Type: 0x06 = ACCESS_DENIED_OBJECT_ACE_TYPE + Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE | INHERIT_ONLY_ACE | INHERITED_ACE + Size: 0x0038 + Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed + Flags: 0xFFFFFFFF + ObjectType: {00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF + InheritedObjectType: {53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie + SID + User: NT AUTHORITY\Authenticated Users + Textual SID: S-1-5-11 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 11 = 0x0000000B \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat new file mode 100644 index 000000000..39e568f33 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-1.dat @@ -0,0 +1,15 @@ +ACE + Type: 0x05 = ACCESS_ALLOWED_OBJECT_ACE_TYPE + Flags: 0x1F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE | INHERIT_ONLY_ACE | INHERITED_ACE + Size: 0x0038 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + Flags: 0xFFFFFFFF + ObjectType: {00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF + InheritedObjectType: {53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie + SID + User: (no domain)\(no name) + Textual SID: S-255-5-11 + Revision: 0xFF + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 11 = 0x0000000B \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat new file mode 100644 index 000000000..fc684269a --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/ACEMESSAGE-out-2.dat @@ -0,0 +1,12 @@ +ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0014 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: NT AUTHORITY\Authenticated Users + Textual SID: S-1-5-11 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 11 = 0x0000000B \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/ACL-out-1.dat b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat new file mode 100644 index 000000000..02141c557 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/ACL-out-1.dat @@ -0,0 +1,102 @@ +ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x00E0 + AceCount: 0x0006 + Sbz2: 0x0000 + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat index 7c14aaf35..89a1178a5 100644 --- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat +++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-1.dat @@ -1,10 +1,47 @@ -Security Descriptor - Security Info - 0x0 - Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION - Descriptor - Account: \Everyone -SID: S-1-1-0 -Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x00000001 = fsdrightFreeBusySimple \ No newline at end of file +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x0008 + Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION + Security Information: 0x00000000 = 0x0 + Security Descriptor + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8004 + OffsetOwner: 0x00000014 + OffsetGroup: 0x00000020 + OffsetSacl: 0x00000000 + OffsetDacl: 0x0000002C + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x001C + AceCount: 0x0001 + Sbz2: 0x0000 + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0014 + Mask: 0x00000001 = fsdrightReadBody + SID + User: \Everyone + Textual SID: S-1-1-0 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_WORLD_SID_AUTHORITY + SubAuthority[0]: 0 = 0x00000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat index 8059c171a..7b2c5afea 100644 --- a/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat +++ b/UnitTest/SmartViewTestData/Out/FBSECURITYDESCRIPTOR-out-2.dat @@ -1,15 +1,63 @@ -Security Descriptor - Security Info - 0x0 - Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION - Descriptor - Account: (no domain)\(no name) -SID: S-1-5-21-1148560623-1742210193-3263613743-3181487 -Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed -Account: \Everyone -SID: S-1-1-0 -Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x00000001 = fsdrightFreeBusySimple \ No newline at end of file +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x0008 + Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION + Security Information: 0x00000000 = 0x0 + Security Descriptor + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8004 + OffsetOwner: 0x00000014 + OffsetGroup: 0x00000020 + OffsetSacl: 0x00000000 + OffsetDacl: 0x0000002C + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x0040 + AceCount: 0x0002 + Sbz2: 0x0000 + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x00000003 = fsdrightReadBody | fsdrightWriteBody + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-1148560623-1742210193-3263613743-3181487 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 1148560623 = 0x4475A4EF + SubAuthority[2]: 1742210193 = 0x67D80491 + SubAuthority[3]: -1031353553 = 0xC286CB2F + SubAuthority[4]: 3181487 = 0x00308BAF + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0014 + Mask: 0x00000001 = fsdrightReadBody + SID + User: \Everyone + Textual SID: S-1-1-0 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_WORLD_SID_AUTHORITY + SubAuthority[0]: 0 = 0x00000000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat new file mode 100644 index 000000000..e8881be50 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/NTSD-out-1.dat @@ -0,0 +1,132 @@ +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x0008 + Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION + Security Information: 0x00000000 = 0x0 + Security Descriptor + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8007 + OffsetOwner: 0x000000F4 + OffsetGroup: 0x00000100 + OffsetSacl: 0x00000000 + OffsetDacl: 0x00000014 + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: BUILTIN\Administrators + Textual SID: S-1-5-32-544 + Revision: 0x01 + SubAuthorityCount: 0x02 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 32 = 0x00000020 + SubAuthority[1]: 544 = 0x00000220 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x00E0 + AceCount: 0x0006 + Sbz2: 0x0000 + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat new file mode 100644 index 000000000..4fa36ba16 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/NTSD-out-2.dat @@ -0,0 +1,68 @@ +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x0008 + Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION + Security Information: 0x00000000 = 0x0 + Security Descriptor + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8007 + OffsetOwner: 0x00000064 + OffsetGroup: 0x00000070 + OffsetSacl: 0x00000000 + OffsetDacl: 0x00000014 + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: BUILTIN\Administrators + Textual SID: S-1-5-32-544 + Revision: 0x01 + SubAuthorityCount: 0x02 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 32 = 0x00000020 + SubAuthority[1]: 544 = 0x00000220 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x0050 + AceCount: 0x0002 + Sbz2: 0x0000 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat new file mode 100644 index 000000000..1f8ba2d41 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/NTSD-out-3.dat @@ -0,0 +1,36 @@ +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x0008 + Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION + Security Information: 0x00000000 = 0x0 + Security Descriptor + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8007 + OffsetOwner: 0x0000001C + OffsetGroup: 0x00000028 + OffsetSacl: 0x00000000 + OffsetDacl: 0x00000014 + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: BUILTIN\Administrators + Textual SID: S-1-5-32-544 + Revision: 0x01 + SubAuthorityCount: 0x02 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 32 = 0x00000020 + SubAuthority[1]: 544 = 0x00000220 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x0008 + AceCount: 0x0000 + Sbz2: 0x0000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat new file mode 100644 index 000000000..00366395f --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/NTSD-out-4.dat @@ -0,0 +1,9 @@ +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x06B6 + Version: 0x7AB0 = 0x7AB0 + Security Information: 0xAB7960BB = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION | 0xB7960B0 + NamedProp + Tag = 0x8220 + Kind = 0xC7 + NamedProp + Kind = 0x60 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat b/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat new file mode 100644 index 000000000..9b2683a13 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/NTSD-out-5.dat @@ -0,0 +1,9 @@ +PR_NT_SECURITY_DESCRIPTOR + Padding: 0x000A + Version: 0x7AB0 = 0x7AB0 + Security Information: 0xAB7960BB = OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION | PROTECTED_DACL_SECURITY_INFORMATION | UNPROTECTED_DACL_SECURITY_INFORMATION | 0xB7960B0 + NamedProp + Tag = 0x8220 + Security Descriptor + Revision: 0xC7 + Sbz1: 0x60 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat index 3ac22c91d..d93aa2934 100644 --- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat +++ b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-1.dat @@ -1,35 +1,128 @@ Security Descriptor - Security Info - 0x0 - Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION - Descriptor - Account: (no domain)\(no name) -SID: S-1-5-21-124525111-708259637-1543119021-103169 -Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE -Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE -Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize -Account: (no domain)\(no name) -SID: S-1-5-21-124525111-708259637-1543119021-103169 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE -Access Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize -Account: (no domain)\(no name) -SID: S-1-5-21-124525095-708259637-1543119021-754602 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE -Access Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize -Account: (no domain)\(no name) -SID: S-1-5-21-124525111-708259637-1543119021-103169 -Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize -Account: (no domain)\(no name) -SID: S-1-5-21-124525111-708259637-1543119021-103169 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000 -Account: (no domain)\(no name) -SID: S-1-5-21-124525095-708259637-1543119021-754602 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 \ No newline at end of file + Revision: 0x01 + Sbz1: 0x00 + Control: 0x8007 + OffsetOwner: 0x000000F4 + OffsetGroup: 0x00000100 + OffsetSacl: 0x00000000 + OffsetDacl: 0x00000014 + OwnerSid + SID + User: NT AUTHORITY\SYSTEM + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 + GroupSid + SID + User: BUILTIN\Administrators + Textual SID: S-1-5-32-544 + Revision: 0x01 + SubAuthorityCount: 0x02 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 32 = 0x00000020 + SubAuthority[1]: 544 = 0x00000220 + Dacl + ACL + Revision: 0x02 + Sbz1: 0x00 + AclSize: 0x00E0 + AceCount: 0x0006 + Sbz2: 0x0000 + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0716 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x09 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE + Size: 0x0024 + Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA + ACE + Type: 0x00 = ACCESS_ALLOWED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x000DC916 = fsdrightWriteBody | fsdrightAppendMsg | fsdrightWriteProperty | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525111-708259637-1543119021-103169 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525111 = 0x076C1A37 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 103169 = 0x00019301 + ACE + Type: 0x01 = ACCESS_DENIED_ACE_TYPE + Flags: 0x02 = CONTAINER_INHERIT_ACE + Size: 0x0024 + Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 + SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-124525095-708259637-1543119021-754602 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 124525095 = 0x076C1A27 + SubAuthority[2]: 708259637 = 0x2A372F35 + SubAuthority[3]: 1543119021 = 0x5BFA20AD + SubAuthority[4]: 754602 = 0x000B83AA \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat deleted file mode 100644 index 2178f1229..000000000 --- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-2.dat +++ /dev/null @@ -1,15 +0,0 @@ -Security Descriptor - Security Info - 0x0 - Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION - Descriptor - Account: (no domain)\(no name) -SID: S-1-5-21-124525095-708259637-1543119021-754602 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE -Access Mask: 0x001F0FBF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightWriteOwnProperty | fsdrightDeleteOwnItem | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize -Account: (no domain)\(no name) -SID: S-1-5-21-124525095-708259637-1543119021-754602 -Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE -Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE -Access Mask: 0x001FC9BF = fsdrightReadBody | fsdrightWriteBody | fsdrightAppendMsg | fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0xC000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat deleted file mode 100644 index af9b3c80f..000000000 --- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-3.dat +++ /dev/null @@ -1,5 +0,0 @@ -Security Descriptor - Security Info - 0x0 - Security Version: 0x0003 = SECURITY_DESCRIPTOR_TRANSFER_VERSION - Descriptor \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat b/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat deleted file mode 100644 index 3fe9a96f2..000000000 --- a/UnitTest/SmartViewTestData/Out/SECURITYDESCRIPTOR-out-4.dat +++ /dev/null @@ -1,5 +0,0 @@ -Security Descriptor - Security Info - Security Version: 0x7AB0 = 0x7AB0 - Descriptor - This is not a valid security descriptor. \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-2.dat b/UnitTest/SmartViewTestData/Out/SID-out-2.dat index 76ab404a7..6f45ca114 100644 --- a/UnitTest/SmartViewTestData/Out/SID-out-2.dat +++ b/UnitTest/SmartViewTestData/Out/SID-out-2.dat @@ -1,3 +1,11 @@ SID User: (no domain)\(no name) - Textual SID: S-1-5-21-2127521184-1604012920-1887927527-2066407 \ No newline at end of file + Textual SID: S-1-5-21-2127521184-1604012920-1887927527-2066407 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 2127521184 = 0x7ECF65A0 + SubAuthority[2]: 1604012920 = 0x5F9B4B78 + SubAuthority[3]: 1887927527 = 0x70877CE7 + SubAuthority[4]: 2066407 = 0x001F87E7 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-3.dat b/UnitTest/SmartViewTestData/Out/SID-out-3.dat index 42e370104..c5128ffa6 100644 --- a/UnitTest/SmartViewTestData/Out/SID-out-3.dat +++ b/UnitTest/SmartViewTestData/Out/SID-out-3.dat @@ -1,3 +1,7 @@ SID User: NT AUTHORITY\SYSTEM - Textual SID: S-1-5-18 \ No newline at end of file + Textual SID: S-1-5-18 + Revision: 0x01 + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 18 = 0x00000012 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-4.dat b/UnitTest/SmartViewTestData/Out/SID-out-4.dat index 37838d1c8..19993402a 100644 --- a/UnitTest/SmartViewTestData/Out/SID-out-4.dat +++ b/UnitTest/SmartViewTestData/Out/SID-out-4.dat @@ -1,3 +1,6 @@ SID User: (no domain)\(no name) - Textual SID: (no SID) \ No newline at end of file + Textual SID: (no SID) + Revision: 0x01 + SubAuthorityCount: 0x04 + SubAuthority[0]: 1736704 = 0x001A8000 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-5.dat b/UnitTest/SmartViewTestData/Out/SID-out-5.dat index 37838d1c8..fc9314736 100644 --- a/UnitTest/SmartViewTestData/Out/SID-out-5.dat +++ b/UnitTest/SmartViewTestData/Out/SID-out-5.dat @@ -1,3 +1,7 @@ SID User: (no domain)\(no name) - Textual SID: (no SID) \ No newline at end of file + Textual SID: (no SID) + Revision: 0x01 + SubAuthorityCount: 0x04 + IdentifierAuthority: 268436996 + SubAuthority[0]: 3 = 0x00000003 \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-6.dat b/UnitTest/SmartViewTestData/Out/SID-out-6.dat new file mode 100644 index 000000000..3e81f1c15 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/SID-out-6.dat @@ -0,0 +1,7 @@ +SID + User: (no domain)\(no name) + Textual SID: S-255-5-11 + Revision: 0xFF + SubAuthorityCount: 0x01 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 11 = 0x0000000B \ No newline at end of file diff --git a/UnitTest/SmartViewTestData/Out/SID-out-7.dat b/UnitTest/SmartViewTestData/Out/SID-out-7.dat new file mode 100644 index 000000000..bb9145906 --- /dev/null +++ b/UnitTest/SmartViewTestData/Out/SID-out-7.dat @@ -0,0 +1,13 @@ +SID + User: (no domain)\(no name) + Textual SID: S-1-5-21-2127521184-1604012920-1887927527-2066407 + Revision: 0x01 + SubAuthorityCount: 0x05 + IdentifierAuthority: SECURITY_NT_AUTHORITY + SubAuthority[0]: 21 = 0x00000015 + SubAuthority[1]: 2127521184 = 0x7ECF65A0 + SubAuthority[2]: 1604012920 = 0x5F9B4B78 + SubAuthority[3]: 1887927527 = 0x70877CE7 + SubAuthority[4]: 2066407 = 0x001F87E7 + Unparsed data size = 0x00000003 + cb: 3 lpb: 123456 \ No newline at end of file diff --git a/UnitTest/scripts/Build-SmartViewTests.ps1 b/UnitTest/scripts/Build-SmartViewTests.ps1 index 7e2d7277c..4d9f28a94 100644 --- a/UnitTest/scripts/Build-SmartViewTests.ps1 +++ b/UnitTest/scripts/Build-SmartViewTests.ps1 @@ -140,8 +140,9 @@ namespace SmartViewTest std::wstring(L"SmartViewAddInTest1"), parserType::END, std::vector{1, 2, 3, 4}, - std::wstring(L"Unknown Parser 39\r\n" - L"\tcb: 4 lpb: 01020304")); + strings::formatmessage(L"Unknown Parser %1!d!\r\n" + L"\tcb: 4 lpb: 01020304", + parserType::END)); } $tests diff --git a/UnitTest/tests/sidtest.cpp b/UnitTest/tests/sidtest.cpp index 1431718a5..8bba199d9 100644 --- a/UnitTest/tests/sidtest.cpp +++ b/UnitTest/tests/sidtest.cpp @@ -3,11 +3,6 @@ #include #include -namespace sid -{ - std::wstring ACEToString(_In_opt_ void* pACE, aceType acetype); -} - namespace sidtest { TEST_CLASS(sidtest) @@ -18,32 +13,22 @@ namespace sidtest TEST_CLASS_INITIALIZE(initialize) { unittest::init(); } - TEST_METHOD(Test_GetTextualSid) + TEST_METHOD(Test_LookupAccountSid) { - Assert::AreEqual(std::wstring{}, sid::GetTextualSid({})); auto nullAccount = sid::LookupAccountSid({}); Assert::AreEqual(std::wstring{L"(no domain)"}, nullAccount.getDomain()); Assert::AreEqual(std::wstring{L"(no name)"}, nullAccount.getName()); - Assert::AreEqual(std::wstring{}, sid::GetTextualSid({12})); auto invalidAccount = sid::LookupAccountSid({12}); Assert::AreEqual(std::wstring{L"(no domain)"}, invalidAccount.getDomain()); Assert::AreEqual(std::wstring{L"(no name)"}, invalidAccount.getName()); auto simpleSidBin = strings::HexStringToBin(L"010500000000000515000000A065CF7E784B9B5FE77C8770091C0100"); - Assert::AreEqual( - std::wstring{L"S-1-5-21-2127521184-1604012920-1887927527-72713"}, sid::GetTextualSid(simpleSidBin)); auto simpleSidAccount = sid::LookupAccountSid(simpleSidBin); Assert::AreEqual(std::wstring{L"(no domain)"}, simpleSidAccount.getDomain()); Assert::AreEqual(std::wstring{L"(no name)"}, simpleSidAccount.getName()); - Assert::AreEqual( - std::wstring{L"S-1-000102030405-21-2127521184-1604012920-1887927527-72713"}, - sid::GetTextualSid( - strings::HexStringToBin(L"010500010203040515000000A065CF7E784B9B5FE77C8770091C0100"))); - auto authenticatedUsersSidBin = strings::HexStringToBin(L"01 01 000000000005 0B000000"); - Assert::AreEqual(std::wstring{L"S-1-5-11"}, sid::GetTextualSid(authenticatedUsersSidBin)); auto authenticatedUsersSidAccount = sid::LookupAccountSid(authenticatedUsersSidBin); Assert::AreEqual(std::wstring{L"NT AUTHORITY"}, authenticatedUsersSidAccount.getDomain()); Assert::AreEqual(std::wstring{L"Authenticated Users"}, authenticatedUsersSidAccount.getName()); @@ -63,116 +48,5 @@ namespace sidtest Assert::AreEqual(std::wstring{L"foo"}, account2.getDomain()); Assert::AreEqual(std::wstring{L"bar"}, account2.getName()); } - - TEST_METHOD(Test_ACEToString) - { - unittest::AreEqualEx(std::wstring{L""}, ACEToString(nullptr, sid::aceType::Container)); - - auto aceAllowBin = - strings::HexStringToBin(L"00092400a9081200010500000000000515000000371a6c07352f372aad20fa5b01930100"); - unittest::AreEqualEx( - std::wstring{ - L"Account: (no domain)\\(no name)\r\n" - L"SID: S-1-5-21-124525111-708259637-1543119021-103169\r\n" - L"Access Type: 0x00000000 = ACCESS_ALLOWED_ACE_TYPE\r\n" - L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n" - L"Access Mask: 0x001208A9 = fsdrightListContents | fsdrightReadProperty | fsdrightExecute | " - L"fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize"}, - ACEToString(aceAllowBin.data(), sid::aceType::Container)); - - auto aceDenyBin = strings::HexStringToBin(L"01 09 1400 a9081200 01 01 000000000005 0B000000"); - unittest::AreEqualEx( - std::wstring{L"Account: NT AUTHORITY\\Authenticated Users\r\n" - L"SID: S-1-5-11\r\n" - L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n" - L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n" - L"Access Mask: 0x001208A9 = "}, - ACEToString(aceDenyBin.data(), sid::aceType{3})); - - auto aceAllowObjectBin = strings::HexStringToBin(L"05 1f 3800 a9081200 ffffffff" - L"0A0D0200-0000-0000-C000-000000000046" - L"C02EBC53-53D9-CD11-9752-00AA004AE40E" - L"FF 01 000000000005 0B000000"); - unittest::AreEqualEx( - std::wstring{ - L"Account: (no domain)\\(no name)\r\n" - L"SID: (no SID)\r\n" - L"Access Type: 0x00000005 = ACCESS_ALLOWED_OBJECT_ACE_TYPE\r\n" - L"Access Flags: 0x0000001F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE " - L"| INHERIT_ONLY_ACE | INHERITED_ACE\r\n" - L"Access Mask: 0x001208A9 = fsdrightReadBody | fsdrightReadProperty | fsdrightExecute | " - L"fsdrightReadAttributes | fsdrightViewItem | fsdrightReadControl | fsdrightSynchronize\r\n" - L"ObjectType: \r\n" - L"{00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF\r\n" - L"InheritedObjectType: \r\n" - L"{53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie\r\n" - L"Flags: 0xFFFFFFFF"}, - ACEToString(aceAllowObjectBin.data(), sid::aceType::Message)); - - auto aceDenyObjectBin = strings::HexStringToBin(L"06 1f 3800 03000000 ffffffff" - L"0A0D0200-0000-0000-C000-000000000046" - L"C02EBC53-53D9-CD11-9752-00AA004AE40E" - L"01 01 000000000005 0B000000"); - unittest::AreEqualEx( - std::wstring{ - L"Account: NT AUTHORITY\\Authenticated Users\r\n" - L"SID: S-1-5-11\r\n" - L"Access Type: 0x00000006 = ACCESS_DENIED_OBJECT_ACE_TYPE\r\n" - L"Access Flags: 0x0000001F = OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE | NO_PROPAGATE_INHERIT_ACE " - L"| INHERIT_ONLY_ACE | INHERITED_ACE\r\n" - L"Access Mask: 0x00000003 = fsdrightFreeBusySimple | fsdrightFreeBusyDetailed\r\n" - L"ObjectType: \r\n" - L"{00020D0A-0000-0000-C000-000000000046} = IID_CAPONE_PROF\r\n" - L"InheritedObjectType: \r\n" - L"{53BC2EC0-D953-11CD-9752-00AA004AE40E} = GUID_Dilkie\r\n" - L"Flags: 0xFFFFFFFF"}, - ACEToString(aceDenyObjectBin.data(), sid::aceType::FreeBusy)); - } - - TEST_METHOD(Test_SDToString) - { - const auto nullsd = SDToString({}, sid::aceType::Container); - Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, nullsd.dacl); - Assert::AreEqual(std::wstring{L""}, nullsd.info); - - const auto invalid = - SDToString(strings::HexStringToBin(L"B606B07ABB6079AB2082C760"), sid::aceType::Container); - Assert::AreEqual(std::wstring{L"This is not a valid security descriptor."}, invalid.dacl); - Assert::AreEqual(std::wstring{L""}, invalid.info); - - const auto sd = SDToString( - strings::HexStringToBin(L"0800030000000000010007801C000000280000000000000014000000020008000000000001010" - L"000000000051200000001020000000000052000000020020000"), - sid::aceType::Container); - Assert::AreEqual(std::wstring{L""}, sd.dacl); - Assert::AreEqual(std::wstring{L"0x0"}, sd.info); - - const auto sd1 = SDToString( - strings::HexStringToBin( - L"08000300000000000100078064000000700000000000000014000000020050000200000001092400BF0F1F00010500000" - L"000000515000000271A6C07352F372AAD20FA5BAA830B0001022400BFC91F00010500000000000515000000271A6C0735" - L"2F372AAD20FA5BAA830B0001010000000000051200000001020000000000052000000020020000"), - sid::aceType::Container); - unittest::AreEqualEx( - std::wstring{ - L"Account: (no domain)\\(no name)\r\n" - L"SID: S-1-5-21-124525095-708259637-1543119021-754602\r\n" - L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n" - L"Access Flags: 0x00000009 = OBJECT_INHERIT_ACE | INHERIT_ONLY_ACE\r\n" - L"Access Mask: 0x001F0FBF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | " - L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | " - L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightWriteSD | fsdrightDelete | " - L"fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize | 0x600\r\n" - L"Account: (no domain)\\(no name)\r\n" - L"SID: S-1-5-21-124525095-708259637-1543119021-754602\r\n" - L"Access Type: 0x00000001 = ACCESS_DENIED_ACE_TYPE\r\n" - L"Access Flags: 0x00000002 = CONTAINER_INHERIT_ACE\r\n" - L"Access Mask: 0x001FC9BF = fsdrightListContents | fsdrightCreateItem | fsdrightCreateContainer | " - L"fsdrightReadProperty | fsdrightWriteProperty | fsdrightExecute | fsdrightReadAttributes | " - L"fsdrightWriteAttributes | fsdrightViewItem | fsdrightOwner | fsdrightContact | fsdrightWriteSD | " - L"fsdrightDelete | fsdrightWriteOwner | fsdrightReadControl | fsdrightSynchronize"}, - sd1.dacl); - unittest::AreEqualEx(std::wstring{L"0x0"}, sd1.info); - } }; } // namespace sidtest \ No newline at end of file diff --git a/core/addin/mfcmapi.h b/core/addin/mfcmapi.h index b6b338815..4cb62b600 100644 --- a/core/addin/mfcmapi.h +++ b/core/addin/mfcmapi.h @@ -149,6 +149,11 @@ enum class parserType PTI8, SFIDMID, SWAPPEDTODO, + ACL, + ACECONTAINER, + ACEMESSAGE, + ACEFB, + NTSD, END // This must be the end of the enum }; diff --git a/core/core.vcxproj b/core/core.vcxproj index 76ba18502..2fd07efa0 100644 --- a/core/core.vcxproj +++ b/core/core.vcxproj @@ -767,6 +767,9 @@ + + + @@ -824,9 +827,9 @@ - + - + @@ -870,6 +873,9 @@ + + + @@ -914,9 +920,9 @@ - + - + diff --git a/core/core.vcxproj.filters b/core/core.vcxproj.filters index faf546f04..17c9cfe0b 100644 --- a/core/core.vcxproj.filters +++ b/core/core.vcxproj.filters @@ -183,13 +183,13 @@ Header Files - + Header Files Header Files - + Header Files @@ -348,6 +348,15 @@ Header Files + + Header Files + + + Header Files + + + Header Files + @@ -464,13 +473,13 @@ Source Files - + Source Files Source Files - + Source Files @@ -614,6 +623,15 @@ Source Files + + Source Files + + + Source Files + + + Source Files + diff --git a/core/interpret/sid.cpp b/core/interpret/sid.cpp index 92d74cc91..ce66bd57e 100644 --- a/core/interpret/sid.cpp +++ b/core/interpret/sid.cpp @@ -5,6 +5,9 @@ #include #include #include +#include +#include +#include namespace sid { @@ -18,71 +21,62 @@ namespace sid return !name.empty() ? name : strings::formatmessage(IDS_NONAME); } - // [MS-DTYP] 2.4.2.2 SID--Packet Representation - // https://msdn.microsoft.com/en-us/library/gg465313.aspx - _Check_return_ std::wstring GetTextualSid(_In_opt_ PSID pSid) + _Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority) { - // Validate the binary SID. - if (!pSid || !IsValidSid(pSid)) return {}; - - // Get the identifier authority value from the SID. - const auto psia = GetSidIdentifierAuthority(pSid); + static const auto authorityLookupTable = std::vector>{ + {SECURITY_NULL_SID_AUTHORITY, L"SECURITY_NULL_SID_AUTHORITY"}, + {SECURITY_WORLD_SID_AUTHORITY, L"SECURITY_WORLD_SID_AUTHORITY"}, + {SECURITY_LOCAL_SID_AUTHORITY, L"SECURITY_LOCAL_SID_AUTHORITY"}, + {SECURITY_CREATOR_SID_AUTHORITY, L"SECURITY_CREATOR_SID_AUTHORITY"}, + {SECURITY_NON_UNIQUE_AUTHORITY, L"SECURITY_NON_UNIQUE_AUTHORITY"}, + {SECURITY_RESOURCE_MANAGER_AUTHORITY, L"SECURITY_RESOURCE_MANAGER_AUTHORITY"}, + {SECURITY_NT_AUTHORITY, L"SECURITY_NT_AUTHORITY"}, + {SECURITY_APP_PACKAGE_AUTHORITY, L"SECURITY_APP_PACKAGE_AUTHORITY"}, + {SECURITY_MANDATORY_LABEL_AUTHORITY, L"SECURITY_MANDATORY_LABEL_AUTHORITY"}, + {SECURITY_SCOPED_POLICY_ID_AUTHORITY, L"SECURITY_SCOPED_POLICY_ID_AUTHORITY"}, + {SECURITY_AUTHENTICATION_AUTHORITY, L"SECURITY_AUTHENTICATION_AUTHORITY"}, + {SECURITY_PROCESS_TRUST_AUTHORITY, L"SECURITY_PROCESS_TRUST_AUTHORITY"}, + }; - // Get the number of subauthorities in the SID. - const auto lpSubAuthoritiesCount = GetSidSubAuthorityCount(pSid); + for (const auto& entry : authorityLookupTable) + { + if (std::memcmp(&authority, &entry.first, sizeof(SID_IDENTIFIER_AUTHORITY)) == 0) + { + return entry.second; + } + } - // Compute the buffer length. - // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL - // Add 'S' prefix and revision number to the string. - auto TextualSid = strings::format(L"S-%lu-", SID_REVISION); // STRING_OK + return IdentifierAuthorityToString(authority); + } - // Add SID identifier authority to the string. - if (psia->Value[0] != 0 || psia->Value[1] != 0) + _Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority) + { + if (authority.Value[0] != 0 || authority.Value[1] != 0) { - TextualSid += strings::format( + return strings::format( L"%02hx%02hx%02hx%02hx%02hx%02hx", // STRING_OK - static_cast(psia->Value[0]), - static_cast(psia->Value[1]), - static_cast(psia->Value[2]), - static_cast(psia->Value[3]), - static_cast(psia->Value[4]), - static_cast(psia->Value[5])); + static_cast(authority.Value[0]), + static_cast(authority.Value[1]), + static_cast(authority.Value[2]), + static_cast(authority.Value[3]), + static_cast(authority.Value[4]), + static_cast(authority.Value[5])); } else { - TextualSid += strings::format( + return strings::format( L"%lu", // STRING_OK - static_cast(psia->Value[4] << 8) + static_cast(psia->Value[5]) + - static_cast(psia->Value[3] << 16) + static_cast(psia->Value[2] << 24)); + static_cast(authority.Value[4] << 8) + static_cast(authority.Value[5]) + + static_cast(authority.Value[3] << 16) + static_cast(authority.Value[2] << 24)); } - - // Add SID subauthorities to the string. - if (lpSubAuthoritiesCount) - { - for (DWORD dwCounter = 0; dwCounter < *lpSubAuthoritiesCount; dwCounter++) - { - if (pSid) - { - TextualSid += strings::format( - L"-%lu", // STRING_OK - *GetSidSubAuthority(pSid, dwCounter)); - } - } - } - - return TextualSid; } - _Check_return_ std::wstring GetTextualSid(std::vector buf) + _Check_return_ SidAccount LookupAccountSid(std::vector buf) { const auto subAuthorityCount = buf.size() >= 2 ? buf[1] : 0; if (buf.size() < sizeof(SID) - sizeof(DWORD) + sizeof(DWORD) * subAuthorityCount) return {}; - return GetTextualSid(buf.data()); - } - - _Check_return_ SidAccount LookupAccountSid(PSID SidStart) - { + PSID SidStart = buf.data(); if (!IsValidSid(SidStart)) return {}; // TODO: Make use of SidNameUse information @@ -118,149 +112,15 @@ namespace sid std::wstring(sidDomainBuf.begin(), sidDomainBuf.end()), std::wstring(sidNameBuf.begin(), sidNameBuf.end())}; } - _Check_return_ SidAccount LookupAccountSid(std::vector buf) - { - const auto subAuthorityCount = buf.size() >= 2 ? buf[1] : 0; - if (buf.size() < sizeof(SID) - sizeof(DWORD) + sizeof(DWORD) * subAuthorityCount) return {}; - - return LookupAccountSid(buf.data()); - } - - std::wstring ACEToString(_In_opt_ void* pACE, aceType acetype) + _Check_return_ std::wstring NTSDToString(const std::vector& buf, aceType acetype) { - std::vector aceString; - ACCESS_MASK Mask = 0; - DWORD Flags = 0; - GUID ObjectType = {}; - GUID InheritedObjectType = {}; - SID* SidStart = nullptr; - auto bObjectFound = false; - - if (!pACE) return L""; - - const auto AceType = static_cast(pACE)->AceType; - const auto AceFlags = static_cast(pACE)->AceFlags; - - /* Check type of ACE */ - switch (AceType) + const std::shared_ptr svp = std::make_shared(acetype); + if (svp) { - case ACCESS_ALLOWED_ACE_TYPE: - Mask = static_cast(pACE)->Mask; - SidStart = reinterpret_cast(&static_cast(pACE)->SidStart); - break; - case ACCESS_DENIED_ACE_TYPE: - Mask = static_cast(pACE)->Mask; - SidStart = reinterpret_cast(&static_cast(pACE)->SidStart); - break; - case ACCESS_ALLOWED_OBJECT_ACE_TYPE: - Mask = static_cast(pACE)->Mask; - Flags = static_cast(pACE)->Flags; - ObjectType = static_cast(pACE)->ObjectType; - InheritedObjectType = static_cast(pACE)->InheritedObjectType; - SidStart = reinterpret_cast(&static_cast(pACE)->SidStart); - bObjectFound = true; - break; - case ACCESS_DENIED_OBJECT_ACE_TYPE: - Mask = static_cast(pACE)->Mask; - Flags = static_cast(pACE)->Flags; - ObjectType = static_cast(pACE)->ObjectType; - InheritedObjectType = static_cast(pACE)->InheritedObjectType; - SidStart = reinterpret_cast(&static_cast(pACE)->SidStart); - bObjectFound = true; - break; - } - - auto lpStringSid = GetTextualSid(SidStart); - auto szAceType = flags::InterpretFlags(flagACEType, AceType); - auto szAceFlags = flags::InterpretFlags(flagACEFlag, AceFlags); - auto szAceMask = std::wstring{}; - - switch (acetype) - { - case aceType::Container: - szAceMask = flags::InterpretFlags(flagACEMaskContainer, Mask); - break; - case aceType::Message: - szAceMask = flags::InterpretFlags(flagACEMaskNonContainer, Mask); - break; - case aceType::FreeBusy: - szAceMask = flags::InterpretFlags(flagACEMaskFreeBusy, Mask); - break; - }; - - auto sidAccount = sid::LookupAccountSid(SidStart); - - auto szSID = GetTextualSid(SidStart); - if (szSID.empty()) szSID = strings::formatmessage(IDS_NOSID); - - aceString.push_back(strings::formatmessage( - IDS_SIDACCOUNT, - sidAccount.getDomain().c_str(), - sidAccount.getName().c_str(), - szSID.c_str(), - AceType, - szAceType.c_str(), - AceFlags, - szAceFlags.c_str(), - Mask, - szAceMask.c_str())); - - if (bObjectFound) - { - aceString.push_back(strings::formatmessage(IDS_SIDOBJECTYPE)); - aceString.push_back(guid::GUIDToStringAndName(&ObjectType)); - aceString.push_back(strings::formatmessage(IDS_SIDINHERITEDOBJECTYPE)); - aceString.push_back(guid::GUIDToStringAndName(&InheritedObjectType)); - aceString.push_back(strings::formatmessage(IDS_SIDFLAGS, Flags)); - } - - return strings::join(aceString, L"\r\n"); - } - - _Check_return_ bool IsValidSecurityDescriptorEx(const std::vector& buf) noexcept - { - try - { - if (buf.empty() || buf.size() < 2 * sizeof(DWORD)) return false; - if (CbSecurityDescriptorHeader(buf.data()) >= buf.size()) return false; - const auto pSecurityDescriptor = SECURITY_DESCRIPTOR_OF(buf.data()); - return IsValidSecurityDescriptor(pSecurityDescriptor); - } catch (...) - { - return false; - } - } - - _Check_return_ SecurityDescriptor SDToString(const std::vector& buf, aceType acetype) - { - if (!IsValidSecurityDescriptorEx(buf)) - return SecurityDescriptor{strings::formatmessage(IDS_INVALIDSD), strings::emptystring}; - const auto pSecurityDescriptor = SECURITY_DESCRIPTOR_OF(buf.data()); - - auto bValidDACL = static_cast(false); - auto pACL = PACL{}; - auto bDACLDefaulted = static_cast(false); - auto sdString = std::vector{}; - EC_B_S(GetSecurityDescriptorDacl(pSecurityDescriptor, &bValidDACL, &pACL, &bDACLDefaulted)); - if (bValidDACL && pACL) - { - auto ACLSizeInfo = ACL_SIZE_INFORMATION{}; - EC_B_S(GetAclInformation(pACL, &ACLSizeInfo, sizeof ACLSizeInfo, AclSizeInformation)); - - for (DWORD i = 0; i < ACLSizeInfo.AceCount; i++) - { - auto pACE = LPVOID{}; - - WC_B_S(GetAce(pACL, i, &pACE)); - if (pACE) - { - sdString.push_back(ACEToString(pACE, acetype)); - } - } + svp->parse(std::make_shared(buf), true); + return svp->toString(); } - return SecurityDescriptor{ - strings::join(sdString, L"\r\n"), - flags::InterpretFlags(flagSecurityInfo, SECURITY_INFORMATION_OF(buf.data()))}; + return {}; } } // namespace sid \ No newline at end of file diff --git a/core/interpret/sid.h b/core/interpret/sid.h index 0b32bf9c3..b406a8384 100644 --- a/core/interpret/sid.h +++ b/core/interpret/sid.h @@ -23,15 +23,8 @@ namespace sid std::wstring name; }; - struct SecurityDescriptor - { - std::wstring dacl; - std::wstring info; - }; - - _Check_return_ std::wstring GetTextualSid(_In_opt_ PSID pSid); - _Check_return_ std::wstring GetTextualSid(std::vector buf); - _Check_return_ SidAccount LookupAccountSid(PSID SidStart); + _Check_return_ std::wstring LookupIdentifierAuthority(const SID_IDENTIFIER_AUTHORITY& authority); + _Check_return_ std::wstring IdentifierAuthorityToString(const SID_IDENTIFIER_AUTHORITY& authority); _Check_return_ SidAccount LookupAccountSid(std::vector buf); - _Check_return_ SecurityDescriptor SDToString(const std::vector& buf, aceType acetype); + _Check_return_ std::wstring NTSDToString(const std::vector& buf, aceType acetype); } // namespace sid \ No newline at end of file diff --git a/core/interpret/smartViewParsers.h b/core/interpret/smartViewParsers.h index 9fc5ff858..90ec38812 100644 --- a/core/interpret/smartViewParsers.h +++ b/core/interpret/smartViewParsers.h @@ -40,6 +40,11 @@ namespace smartview {parserType::RULEACTION, L"Rule Action"}, // STRING_OK {parserType::EXTENDEDRULEACTION, L"Extended Rule Action"}, // STRING_OK {parserType::SWAPPEDTODO, L"Swapped ToDo"}, // STRING_OK + {parserType::ACL, L"ACL"}, // STRING_OK + {parserType::ACECONTAINER, L"ACE (Container)"}, // STRING_OK + {parserType::ACEMESSAGE, L"ACE (Message)"}, // STRING_OK + {parserType::ACEFB, L"ACE (Free Busy)"}, // STRING_OK + {parserType::NTSD, L"PR_NT_SECURITY_DESCRIPTOR"}, // STRING_OK }; static SMARTVIEW_PARSER_ARRAY_ENTRY g_SmartViewParserArray[] = { @@ -58,7 +63,7 @@ namespace smartview BINARY_STRUCTURE_ENTRY(PR_SENDER_ENTRYID, parserType::ENTRYID) BINARY_STRUCTURE_ENTRY(PR_PARENT_ENTRYID, parserType::ENTRYID) BINARY_STRUCTURE_ENTRY(PR_SENTMAIL_ENTRYID, parserType::ENTRYID) - BINARY_STRUCTURE_ENTRY(PR_NT_SECURITY_DESCRIPTOR, parserType::SECURITYDESCRIPTOR) + BINARY_STRUCTURE_ENTRY(PR_NT_SECURITY_DESCRIPTOR, parserType::NTSD) BINARY_STRUCTURE_ENTRY(PR_CREATOR_SID, parserType::SID) BINARY_STRUCTURE_ENTRY(PR_LAST_MODIFIER_SID, parserType::SID) BINARY_STRUCTURE_ENTRY(PR_EXTENDED_RULE_ACTIONS, parserType::EXTENDEDRULEACTION) diff --git a/core/res/MFCMapi.rc2 b/core/res/MFCMapi.rc2 index 6edd75383..be1f53b5d 100644 --- a/core/res/MFCMapi.rc2 +++ b/core/res/MFCMapi.rc2 @@ -1474,10 +1474,11 @@ IDS_ACCESSSIMPLEFREEBUSY "Simple FreeBusy" IDS_ACCESSDETAILEDFREEBUSY "Detailed FreeBusy" IDS_SIDACCOUNT "Account: %1!ws!\\%2!ws!\r\n\ -SID: %3!ws!\r\n\ -Access Type: 0x%4!08X! = %5!ws!\r\n\ -Access Flags: 0x%6!08X! = %7!ws!\r\n\ -Access Mask: 0x%8!08X! = %9!ws!" +ACE Type: 0x%3!02X! = %4!ws!\r\n\ +ACE Flags: 0x%5!02X! = %6!ws!\r\n\ +ACE Mask: 0x%7!08X! = %8!ws!\r\n\ +ACE Size: 0x%9!04X!\r\n\ +SID: %10!ws!" IDS_SIDOBJECTYPE "ObjectType: " IDS_SIDINHERITEDOBJECTYPE "InheritedObjectType: " IDS_SIDFLAGS "Flags: 0x%1!08X!" diff --git a/core/smartview/SD/ACEBin.cpp b/core/smartview/SD/ACEBin.cpp new file mode 100644 index 000000000..c388dbbb6 --- /dev/null +++ b/core/smartview/SD/ACEBin.cpp @@ -0,0 +1,81 @@ +#include +#include +#include +#include +#include + +namespace smartview +{ + ACEBin::ACEBin(sid::aceType acetype) { this->acetype = acetype; } + + void ACEBin::parse() + { + // Header + AceType = blockT::parse(parser); + AceFlags = blockT::parse(parser); + AceSize = blockT::parse(parser); + + // Specific ACE types + switch (AceType->getData()) + { + case ACCESS_ALLOWED_ACE_TYPE: // ACCESS_ALLOWED_ACE + Mask = blockT::parse(parser); + SidStart = block::parse(parser, false); + break; + case ACCESS_DENIED_ACE_TYPE: // ACCESS_DENIED_ACE + Mask = blockT::parse(parser); + SidStart = block::parse(parser, false); + break; + case ACCESS_ALLOWED_OBJECT_ACE_TYPE: // ACCESS_ALLOWED_OBJECT_ACE + Mask = blockT::parse(parser); + Flags = blockT::parse(parser); + ObjectType = blockT::parse(parser); + InheritedObjectType = blockT::parse(parser); + SidStart = block::parse(parser, false); + break; + case ACCESS_DENIED_OBJECT_ACE_TYPE: // ACCESS_DENIED_OBJECT_ACE + Mask = blockT::parse(parser); + Flags = blockT::parse(parser); + ObjectType = blockT::parse(parser); + InheritedObjectType = blockT::parse(parser); + SidStart = block::parse(parser, false); + break; + } + }; + + void ACEBin::parseBlocks() + { + setText(L"ACE"); + const auto aceType = AceType->getData(); + auto szAceType = flags::InterpretFlags(flagACEType, aceType); + addChild(AceType, L"Type: 0x%1!02X! = %2!ws!", aceType, szAceType.c_str()); + const auto aceFlags = AceFlags->getData(); + auto szAceFlags = flags::InterpretFlags(flagACEFlag, aceFlags); + addChild(AceFlags, L"Flags: 0x%1!02X! = %2!ws!", aceFlags, szAceFlags.c_str()); + addChild(AceSize, L"Size: 0x%1!04X!", AceSize->getData()); + + auto szAceMask = std::wstring{}; + switch (acetype) + { + case sid::aceType::Container: + szAceMask = flags::InterpretFlags(flagACEMaskContainer, Mask->getData()); + break; + case sid::aceType::Message: + szAceMask = flags::InterpretFlags(flagACEMaskNonContainer, Mask->getData()); + break; + case sid::aceType::FreeBusy: + szAceMask = flags::InterpretFlags(flagACEMaskFreeBusy, Mask->getData()); + break; + }; + addChild(Mask, L"Mask: 0x%1!08X! = %2!ws!", Mask->getData(), szAceMask.c_str()); + + addChild(Flags, L"Flags: 0x%1!08X!", Flags->getData()); + + addChild(ObjectType, L"ObjectType: %1!ws!", guid::GUIDToStringAndName(ObjectType->getData()).c_str()); + addChild( + InheritedObjectType, + L"InheritedObjectType: %1!ws!", + guid::GUIDToStringAndName(InheritedObjectType->getData()).c_str()); + addChild(SidStart); + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/ACEBin.h b/core/smartview/SD/ACEBin.h new file mode 100644 index 000000000..ceba1e64c --- /dev/null +++ b/core/smartview/SD/ACEBin.h @@ -0,0 +1,42 @@ +#pragma once +#include +#include +#include +#include +#include + +namespace smartview +{ + // [MS-DTYP] 2.4.4 ACE + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/d06e5a81-176e-46c6-9cf7-9137aad4455e + // [MS-DTYP] 2.4.4.1 ACE_HEADER + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/628ebb1d-c509-4ea0-a10f-77ef97ca4586 + // [MS-DTYP] 2.4.4.2 ACCESS_ALLOWED_ACE + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/72e7c7ea-bc02-4c74-a619-818a16bf6adb + // [MS-DTYP] 2.4.4.3 ACCESS_ALLOWED_OBJECT_ACE + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe + // [MS-DTYP] 2.4.4.4 ACCESS_DENIED_ACE + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/b1e1321d-5816-4513-be67-b65d8ae52fe8 + // [MS-DTYP] 2.4.4.5 ACCESS_DENIED_OBJECT_ACE + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/8720fcf3-865c-4557-97b1-0b3489a6c270 + + class ACEBin : public block + { + public: + ACEBin(sid::aceType acetype); + + private: + sid::aceType acetype{sid::aceType::Message}; + std::shared_ptr> AceType = emptyT(); + std::shared_ptr> AceFlags = emptyT(); + std::shared_ptr> AceSize = emptyT(); + std::shared_ptr> Mask = emptyT(); + std::shared_ptr> Flags = emptyT(); + std::shared_ptr> ObjectType = emptyT(); + std::shared_ptr> InheritedObjectType = emptyT(); + std::shared_ptr SidStart; + + void parse() override; + void parseBlocks() override; + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/ACLBin.cpp b/core/smartview/SD/ACLBin.cpp new file mode 100644 index 000000000..ccec7bfc5 --- /dev/null +++ b/core/smartview/SD/ACLBin.cpp @@ -0,0 +1,36 @@ +#include +#include + +namespace smartview +{ + void ACLBin::parse() + { + Revision = blockT::parse(parser); + Sbz1 = blockT::parse(parser); + AclSize = blockT::parse(parser); + AceCount = blockT::parse(parser); + Sbz2 = blockT::parse(parser); + for (auto i = 0; i < AceCount->getData(); i++) + { + const auto ace = std::make_shared(sid::aceType::Message); + ace->block::parse(parser, false); + if (!ace->isSet()) break; + aces.push_back(ace); + } + }; + + void ACLBin::parseBlocks() + { + setText(L"ACL"); + addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData()); + addChild(Sbz1, L"Sbz1: 0x%1!02X!", Sbz1->getData()); + addChild(AclSize, L"AclSize: 0x%1!04X!", AclSize->getData()); + addChild(AceCount, L"AceCount: 0x%1!04X!", AceCount->getData()); + addChild(Sbz2, L"Sbz2: 0x%1!04X!", Sbz2->getData()); + + for (const auto& ace : aces) + { + addChild(ace); + } + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/ACLBin.h b/core/smartview/SD/ACLBin.h new file mode 100644 index 000000000..31bf37089 --- /dev/null +++ b/core/smartview/SD/ACLBin.h @@ -0,0 +1,24 @@ +#pragma once +#include +#include +#include +#include + +namespace smartview +{ + // [MS-DTYP] 2.4.5 ACL + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/32d72257-0e7c-4782-bc2a-405af4d5469d + class ACLBin : public block + { + private: + std::shared_ptr> Revision = emptyT(); + std::shared_ptr> Sbz1 = emptyT(); + std::shared_ptr> AclSize = emptyT(); + std::shared_ptr> AceCount = emptyT(); + std::shared_ptr> Sbz2 = emptyT(); + std::vector> aces; + + void parse() override; + void parseBlocks() override; + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/NTSD.cpp b/core/smartview/SD/NTSD.cpp new file mode 100644 index 000000000..8f02001a2 --- /dev/null +++ b/core/smartview/SD/NTSD.cpp @@ -0,0 +1,103 @@ +#include +#include +#include +#include +#include +#include +#include +#include + +namespace smartview +{ + void NamedProp::parse() + { + tag = blockT::parse(parser); + guid = blockT::parse(parser); + kind = blockT::parse(parser); + if (*kind == MNID_ID) + id = blockT::parse(parser); + else + name = blockStringW::parse(parser); + } + void NamedProp::parseBlocks() + { + setText(L"NamedProp"); + addChild(tag, L"Tag = 0x%1!04X!", tag->getData()); + addChild(guid, L"GUID = %1!ws!", guid::GUIDToString(*guid).c_str()); + addChild(kind, L"Kind = 0x%1!02X!", kind->getData()); + if (*kind == MNID_ID) + addChild(id, L"ID = 0x%1!08X!", id->getData()); + else + addChild(name, L"Name = %1!ws!", name->c_str()); + } + + NTSD::NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB) + { + switch (mapi::GetMAPIObjectType(lpMAPIProp)) + { + case MAPI_STORE: + case MAPI_ADDRBOOK: + case MAPI_FOLDER: + case MAPI_ABCONT: + acetype = sid::aceType::Container; + break; + } + + if (bFB) acetype = sid::aceType::FreeBusy; + } + + void NTSD::parse() + { + const auto baseOffset = parser->getOffset(); + const auto bufferSize = parser->getSize(); + Padding = blockT::parse(parser); + Version = blockT::parse(parser); + SecurityInformation = blockT::parse(parser); + const auto bytesConsumed = parser->getOffset() - baseOffset; + const auto namedPropSize = + (bufferSize > *Padding && *Padding >= bytesConsumed) ? *Padding - bytesConsumed : parser->getSize(); + + if (namedPropSize > 0) + { + parser->setCap(namedPropSize); + while (true) + { + const auto np = block::parse(parser, false); + if (!np->isSet()) break; + NamedProperties.push_back(np); + } + + parser->clearCap(); + } + + if (*Padding < bufferSize) + { + parser->setOffset(baseOffset + *Padding); + SD = std::make_shared(acetype); + SD->block::parse(parser, false); + } + } + + void NTSD::parseBlocks() + { + setText(L"PR_NT_SECURITY_DESCRIPTOR"); + addChild(Padding, L"Padding: 0x%1!04X!", Padding->getData()); + addChild( + Version, + L"Version: 0x%1!04X! = %2!ws!", + Version->getData(), + flags::InterpretFlags(flagSecurityVersion, *Version).c_str()); + addChild( + SecurityInformation, + L"Security Information: 0x%1!08X! = %2!ws!", + SecurityInformation->getData(), + flags::InterpretFlags(flagSecurityInfo, *SecurityInformation).c_str()); + + for (const auto& np : NamedProperties) + { + addChild(np); + } + + addChild(SD); + } +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/NTSD.h b/core/smartview/SD/NTSD.h new file mode 100644 index 000000000..748f85481 --- /dev/null +++ b/core/smartview/SD/NTSD.h @@ -0,0 +1,62 @@ +#pragma once +#include +#include +#include +#include +#include +#include + +namespace smartview +{ + class NamedProp : public block + { + private: + void parse() override; + void parseBlocks() override; + + std::shared_ptr> tag = emptyT(); + std::shared_ptr> guid = emptyT(); + std::shared_ptr> kind = emptyT(); + std::shared_ptr> id = emptyT(); + std::shared_ptr name = emptySW(); + }; + + // PR_NT_SECURITY_DESCRIPTOR + // https://github.com/microsoft/MAPIStubLibrary/blob/main/include/EdkMdb.h + // + // Transfer version for PR_NT_SECURITY_DESCRIPTOR. + // + // When retrieving the security descriptor for an object, the SD returned is + // actually composed of the following structure: + // + // 2 BYTES Padding data length (including version) + // 2 BYTES Version + // 4 BYTES Security Information (for SetPrivateObjectSecurity) + // <0 or more> + // 2 BYTES Property Tag + // 16 BYTES Named Property GUID + // 1 BYTE Named property "kind" + // if (kind == MNID_ID) + // 4 BYTES Named property ID + // else + // + // Actual Security Descriptor + class NTSD : public block + { + public: + NTSD(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB); + NTSD(_In_ sid::aceType _acetype) : acetype(_acetype){}; + + private: + void parse() override; + void parseBlocks() override; + + std::shared_ptr> Padding = emptyT(); + std::shared_ptr> Version = emptyT(); + std::shared_ptr> SecurityInformation = emptyT(); + std::vector> NamedProperties; + std::shared_ptr SD; + + sid::aceType acetype{sid::aceType::Message}; + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/SDBin.cpp b/core/smartview/SD/SDBin.cpp new file mode 100644 index 000000000..a25f9d31b --- /dev/null +++ b/core/smartview/SD/SDBin.cpp @@ -0,0 +1,103 @@ +#include +#include +#include +#include +#include +#include +#include + +namespace smartview +{ + SDBin::SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB) + { + switch (mapi::GetMAPIObjectType(lpMAPIProp)) + { + case MAPI_STORE: + case MAPI_ADDRBOOK: + case MAPI_FOLDER: + case MAPI_ABCONT: + acetype = sid::aceType::Container; + break; + } + + if (bFB) acetype = sid::aceType::FreeBusy; + } + + void SDBin::parse() + { + const auto baseOffset = parser->getOffset(); + auto originalOffset = size_t{}; + const auto sdSize = parser->getSize(); + + Revision = blockT::parse(parser); + Sbz1 = blockT::parse(parser); + Control = blockT::parse(parser); + OffsetOwner = blockT::parse(parser); + + // Read from offsets now - first remember where we are + // We'll consider anything after our last read to be junk + auto postSdOffset = parser->getOffset(); + auto newOffset = *OffsetOwner + baseOffset; + if (*OffsetOwner && newOffset < sdSize) + { + originalOffset = parser->getOffset(); + parser->setOffset(newOffset); + OwnerSid = block::parse(parser, false); + postSdOffset = max(postSdOffset, parser->getOffset()); + parser->setOffset(originalOffset); + } + + OffsetGroup = blockT::parse(parser); + newOffset = *OffsetGroup + baseOffset; + if (*OffsetGroup && newOffset < sdSize) + { + originalOffset = parser->getOffset(); + parser->setOffset(newOffset); + GroupSid = block::parse(parser, false); + postSdOffset = max(postSdOffset, parser->getOffset()); + parser->setOffset(originalOffset); + } + + OffsetSacl = blockT::parse(parser); + newOffset = *OffsetSacl + baseOffset; + if (*OffsetSacl && newOffset < sdSize) + { + originalOffset = parser->getOffset(); + parser->setOffset(newOffset); + Sacl = block::parse(parser, false); + postSdOffset = max(postSdOffset, parser->getOffset()); + parser->setOffset(originalOffset); + } + + OffsetDacl = blockT::parse(parser); + newOffset = *OffsetDacl + baseOffset; + if (*OffsetDacl && newOffset < sdSize) + { + originalOffset = parser->getOffset(); + parser->setOffset(newOffset); + Dacl = block::parse(parser, false); + postSdOffset = max(postSdOffset, parser->getOffset()); + parser->setOffset(originalOffset); + } + + // Having read everything, set our offset to the end of the SD + parser->setOffset(postSdOffset); + } + + void SDBin::parseBlocks() + { + setText(L"Security Descriptor"); + + addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData()); + addChild(Sbz1, L"Sbz1: 0x%1!02X!", Sbz1->getData()); + addChild(Control, L"Control: 0x%1!04X!", Control->getData()); + addChild(OffsetOwner, L"OffsetOwner: 0x%1!08X!", OffsetOwner->getData()); + addChild(OffsetGroup, L"OffsetGroup: 0x%1!08X!", OffsetGroup->getData()); + addChild(OffsetSacl, L"OffsetSacl: 0x%1!08X!", OffsetSacl->getData()); + addChild(OffsetDacl, L"OffsetDacl: 0x%1!08X!", OffsetDacl->getData()); + if (OwnerSid) addLabeledChild(L"OwnerSid", OwnerSid); + if (GroupSid) addLabeledChild(L"GroupSid", GroupSid); + if (Sacl) addLabeledChild(L"Sacl", Sacl); + if (Dacl) addLabeledChild(L"Dacl", Dacl); + } +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/SDBin.h b/core/smartview/SD/SDBin.h new file mode 100644 index 000000000..1c512495e --- /dev/null +++ b/core/smartview/SD/SDBin.h @@ -0,0 +1,37 @@ +#pragma once +#include +#include +#include +#include +#include +#include + +namespace smartview +{ + // [MS-DTYP] 2.4.6 SECURITY_DESCRIPTOR + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7d4dac05-9cef-4563-a058-f108abecce1d + class SDBin : public block + { + public: + SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB); + SDBin(_In_ sid::aceType _acetype) : acetype(_acetype){}; + + private: + void parse() override; + void parseBlocks() override; + + std::shared_ptr> Revision = emptyT(); + std::shared_ptr> Sbz1 = emptyT(); + std::shared_ptr> Control = emptyT(); + std::shared_ptr> OffsetOwner = emptyT(); + std::shared_ptr> OffsetGroup = emptyT(); + std::shared_ptr> OffsetSacl = emptyT(); + std::shared_ptr> OffsetDacl = emptyT(); + std::shared_ptr OwnerSid; + std::shared_ptr GroupSid; + std::shared_ptr Sacl; + std::shared_ptr Dacl; + + sid::aceType acetype{sid::aceType::Message}; + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/SIDBin.cpp b/core/smartview/SD/SIDBin.cpp new file mode 100644 index 000000000..959b53249 --- /dev/null +++ b/core/smartview/SD/SIDBin.cpp @@ -0,0 +1,76 @@ +#include +#include +#include +#include + +namespace smartview +{ + void SIDBin::parse() + { + const auto sidOffset = parser->getOffset(); + + Revision = blockT::parse(parser); + SubAuthorityCount = blockT::parse(parser); + IdentifierAuthority = blockBytes::parse(parser, 6); // 6 bytes + for (auto i = 0; i < SubAuthorityCount->getData(); i++) + { + const auto sa = blockT::parse(parser); + if (!sa->isSet()) break; + SubAuthority.push_back(sa); + } + + const auto postSidOffset = parser->getOffset(); + parser->setOffset(sidOffset); + m_SIDbin = blockBytes::parse(parser, postSidOffset - sidOffset); + } + + void SIDBin::parseBlocks() + { + setText(L"SID"); + + if (m_SIDbin) + { + auto sidAccount = sid::LookupAccountSid(*m_SIDbin); + addHeader(L"User: %1!ws!\\%2!ws!", sidAccount.getDomain().c_str(), sidAccount.getName().c_str()); + } + + std::wstring TextualSid = {}; + const auto psia = + IdentifierAuthority->isSet() ? (PSID_IDENTIFIER_AUTHORITY) (IdentifierAuthority->data()) : nullptr; + + if (psia != nullptr && SubAuthority.size() == *SubAuthorityCount) + { + TextualSid = strings::format(L"S-%lu-", Revision->getData()); + TextualSid += sid::IdentifierAuthorityToString(*psia); + + // Add SID subauthorities to the string. + if (SubAuthority.size() > 0) + { + for (const auto& sa : SubAuthority) + { + TextualSid += strings::format(L"-%lu", sa->getData()); + } + } + } + else + { + TextualSid = strings::formatmessage(IDS_NOSID); + } + + addChild(m_SIDbin, L"Textual SID: %1!ws!", TextualSid.c_str()); + m_SIDbin->addChild(Revision, L"Revision: 0x%1!02X!", Revision->getData()); + m_SIDbin->addChild(SubAuthorityCount, L"SubAuthorityCount: 0x%1!02X!", SubAuthorityCount->getData()); + if (psia != nullptr) + { + const auto is = sid::LookupIdentifierAuthority(*psia); + m_SIDbin->addChild(IdentifierAuthority, L"IdentifierAuthority: %1!ws!", is.c_str()); + } + + int i = 0; + for (const auto& sa : SubAuthority) + { + m_SIDbin->addChild(sa, L"SubAuthority[%1!d!]: %2!d! = 0x%2!08X!", i, sa->getData()); + i++; + } + } +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SD/SIDBin.h b/core/smartview/SD/SIDBin.h new file mode 100644 index 000000000..ffa10b04a --- /dev/null +++ b/core/smartview/SD/SIDBin.h @@ -0,0 +1,24 @@ +#pragma once +#include +#include +#include + +namespace smartview +{ + // [MS-DTYP] 2.4.2.2 SID--Packet Representation + // https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f992ad60-0fe4-4b87-9fed-beb478836861 + class SIDBin : public block + { + private: + void parse() override; + void parseBlocks() override; + + std::shared_ptr> Revision = emptyT(); + std::shared_ptr> SubAuthorityCount = emptyT(); + std::shared_ptr IdentifierAuthority = emptyBB(); // 6 bytes + std::vector>> SubAuthority; + + // We keep this for a call to LookupAccountSid + std::shared_ptr m_SIDbin = emptyBB(); + }; +} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SDBin.cpp b/core/smartview/SDBin.cpp deleted file mode 100644 index 437d27993..000000000 --- a/core/smartview/SDBin.cpp +++ /dev/null @@ -1,53 +0,0 @@ -#include -#include -#include -#include -#include -#include - -namespace smartview -{ - SDBin::SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB) - { - switch (mapi::GetMAPIObjectType(lpMAPIProp)) - { - case MAPI_STORE: - case MAPI_ADDRBOOK: - case MAPI_FOLDER: - case MAPI_ABCONT: - acetype = sid::aceType::Container; - break; - } - - if (bFB) acetype = sid::aceType::FreeBusy; - } - - void SDBin::parse() { m_SDbin = blockBytes::parse(parser, parser->getSize()); } - - void SDBin::parseBlocks() - { - if (m_SDbin) - { - setText(L"Security Descriptor"); - - // TODO: more accurately break this parsing into blocks with proper offsets - const auto sd = SDToString(*m_SDbin, acetype); - auto si = create(L"Security Info"); - addChild(si); - if (!sd.info.empty()) - { - si->addChild(m_SDbin, sd.info); - } - - if (m_SDbin->size() >= 2 * sizeof(WORD)) - { - const auto sdVersion = SECURITY_DESCRIPTOR_VERSION(m_SDbin->data()); - auto szFlags = flags::InterpretFlags(flagSecurityVersion, sdVersion); - addHeader(L"Security Version: 0x%1!04X! = %2!ws!", sdVersion, szFlags.c_str()); - } - - addHeader(L"Descriptor"); - addHeader(sd.dacl); - } - } -} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SDBin.h b/core/smartview/SDBin.h deleted file mode 100644 index 004f0a57d..000000000 --- a/core/smartview/SDBin.h +++ /dev/null @@ -1,20 +0,0 @@ -#pragma once -#include -#include -#include - -namespace smartview -{ - class SDBin : public block - { - public: - SDBin(_In_opt_ LPMAPIPROP lpMAPIProp, bool bFB); - - private: - void parse() override; - void parseBlocks() override; - - sid::aceType acetype{sid::aceType::Message}; - std::shared_ptr m_SDbin = emptyBB(); - }; -} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SIDBin.cpp b/core/smartview/SIDBin.cpp deleted file mode 100644 index 7a63be74c..000000000 --- a/core/smartview/SIDBin.cpp +++ /dev/null @@ -1,24 +0,0 @@ -#include -#include -#include -#include - -namespace smartview -{ - void SIDBin::parse() { m_SIDbin = blockBytes::parse(parser, parser->getSize()); } - - void SIDBin::parseBlocks() - { - if (m_SIDbin) - { - auto sidAccount = sid::LookupAccountSid(*m_SIDbin); - auto sidString = sid::GetTextualSid(*m_SIDbin); - - setText(L"SID"); - addHeader(L"User: %1!ws!\\%2!ws!", sidAccount.getDomain().c_str(), sidAccount.getName().c_str()); - - if (sidString.empty()) sidString = strings::formatmessage(IDS_NOSID); - addChild(m_SIDbin, L"Textual SID: %1!ws!", sidString.c_str()); - } - } -} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SIDBin.h b/core/smartview/SIDBin.h deleted file mode 100644 index 89a116876..000000000 --- a/core/smartview/SIDBin.h +++ /dev/null @@ -1,15 +0,0 @@ -#pragma once -#include -#include - -namespace smartview -{ - class SIDBin : public block - { - private: - void parse() override; - void parseBlocks() override; - - std::shared_ptr m_SIDbin = emptyBB(); - }; -} // namespace smartview \ No newline at end of file diff --git a/core/smartview/SmartView.cpp b/core/smartview/SmartView.cpp index 4aafd5850..ec45974fa 100644 --- a/core/smartview/SmartView.cpp +++ b/core/smartview/SmartView.cpp @@ -37,8 +37,10 @@ #include #include #include -#include -#include +#include +#include +#include +#include #include #include #include @@ -137,11 +139,21 @@ namespace smartview case parserType::SECURITYDESCRIPTOR: return std::make_shared(lpMAPIProp, false); case parserType::FBSECURITYDESCRIPTOR: - return std::make_shared(lpMAPIProp, true); + return std::make_shared(lpMAPIProp, true); case parserType::XID: return std::make_shared(); case parserType::SWAPPEDTODO: return std::make_shared(); + case parserType::ACL: + return std::make_shared(); + case parserType::ACECONTAINER: + return std::make_shared(sid::aceType::Container); + case parserType::ACEMESSAGE: + return std::make_shared(sid::aceType::Message); + case parserType::ACEFB: + return std::make_shared(sid::aceType::FreeBusy); + case parserType::NTSD: + return std::make_shared(lpMAPIProp, false); default: // Any other case is either handled by an add-in or not at all return std::make_shared(type);