Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

Commit

Permalink
add ability to check ACL of current desktop to configurator
Browse files Browse the repository at this point in the history
  • Loading branch information
@DonatJR
DonatJR committed Jul 5, 2018
1 parent 0eca7d7 commit 0ec51e1
Show file tree
Hide file tree
Showing 4 changed files with 236 additions and 17 deletions.
15 changes: 8 additions & 7 deletions SharkCage/CageChooser/CageChooser.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,15 +16,16 @@ static void Main()
{
// comment out '&& FALSE' to install service on application start
#if DEBUG
var p = new System.Diagnostics.Process();
p.StartInfo.FileName = "Powershell.exe";
p.StartInfo.Verb = "runAs";
var rootDir = System.IO.Directory.GetParent(System.IO.Directory.GetCurrentDirectory()).Parent;
var scriptDir = rootDir.FullName + "\\install_service.ps1";

p.StartInfo.Arguments = "-ExecutionPolicy Unrestricted -File \"" + scriptDir + "\" -DontStartNewContext";
try
{
var p = new System.Diagnostics.Process();
p.StartInfo.FileName = "Powershell.exe";
p.StartInfo.Verb = "runAs";
var rootDir = System.IO.Directory.GetParent(System.IO.Directory.GetCurrentDirectory()).Parent;
var scriptDir = rootDir.FullName + "\\install_service.ps1";

p.StartInfo.Arguments = "-ExecutionPolicy Unrestricted -File \"" + scriptDir + "\" -DontStartNewContext";

p.Start();
p.WaitForExit();
}
Expand Down
5 changes: 3 additions & 2 deletions SharkCage/CageChooser/CageChooserForm.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ namespace CageChooser
{
public partial class CageChooserForm : Form
{
private class NativeMethods
internal class NativeMethods
{
[DllImport("CageNetwork.dll", CallingConvention = CallingConvention.Cdecl)]
public static extern void SendConfig(
Expand Down Expand Up @@ -177,7 +177,8 @@ private void openCageConfiguratorButton_Click(object sender, EventArgs e)
return;
}

NativeMethods.SendConfig($@"{install_dir}\CageConfigurator.sconfig");
var config_path = install_dir.EndsWith(@"\") ? $@"{install_dir}CageConfigurator.sconfig" : $@"{install_dir}\CageConfigurator.sconfig";
NativeMethods.SendConfig(config_path);
}

#endregion
Expand Down
232 changes: 225 additions & 7 deletions SharkCage/CageConfigurator/CageConfigurator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ namespace CageConfigurator
{
static class Program
{
private class NativeMethods
internal class NativeMethods
{
[DllImport("CageNetwork.dll", CallingConvention = CallingConvention.Cdecl)]
public static extern void SendConfig(
Expand All @@ -19,8 +19,129 @@ public static extern void SendConfig(
[DllImport("kernel32.dll")]
public static extern int GetCurrentThreadId();

//[DllImport("user32")]
//public static extern int GetUserObjectSecurity(int hObj, ref int pSIRequested, ref SECURITY_DESCRIPTOR pSd, int nLength, ref int lpnLengthNeeded);
[DllImport("advapi32.dll", SetLastError = true)]
public static extern int GetSecurityInfo(
IntPtr handle,
SE_OBJECT_TYPE objectType,
SECURITY_INFORMATION securityInfo,
out IntPtr sidOwner,
out IntPtr sidGroup,
out IntPtr dacl,
out IntPtr sacl,
out IntPtr securityDescriptor);

[DllImport("advapi32.dll", SetLastError = true)]
public static extern int GetExplicitEntriesFromAclW(
IntPtr pacl,
ref ulong pcCountOfExplicitEntries,
out IntPtr pListOfExplicitEntries
);

[DllImport("kernel32.dll")]
public static extern IntPtr LocalFree(IntPtr hMem);

public enum SE_OBJECT_TYPE
{
SE_UNKNOWN_OBJECT_TYPE,
SE_FILE_OBJECT,
SE_SERVICE,
SE_PRINTER,
SE_REGISTRY_KEY,
SE_LMSHARE,
SE_KERNEL_OBJECT,
SE_WINDOW_OBJECT,
SE_DS_OBJECT,
SE_DS_OBJECT_ALL,
SE_PROVIDER_DEFINED_OBJECT,
SE_WMIGUID_OBJECT,
SE_REGISTRY_WOW64_32KEY
};

public enum SECURITY_INFORMATION
{
OWNER_SECURITY_INFORMATION = 1,
GROUP_SECURITY_INFORMATION = 2,
DACL_SECURITY_INFORMATION = 4,
SACL_SECURITY_INFORMATION = 8,
};

[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 0)]
public struct EXPLICIT_ACCESS
{
public uint grfAccessPermissions;
public uint grfAccessMode;
public uint grfInheritance;
public TRUSTEE Trustee;
};

public enum MULTIPLE_TRUSTEE_OPERATION
{
NO_MULTIPLE_TRUSTEE,
TRUSTEE_IS_IMPERSONATE
}

public enum TRUSTEE_FORM
{
TRUSTEE_IS_SID,
TRUSTEE_IS_NAME,
TRUSTEE_BAD_FORM,
TRUSTEE_IS_OBJECTS_AND_SID,
TRUSTEE_IS_OBJECTS_AND_NAME
}

public enum TRUSTEE_TYPE
{
TRUSTEE_IS_UNKNOWN,
TRUSTEE_IS_USER,
TRUSTEE_IS_GROUP,
TRUSTEE_IS_DOMAIN,
TRUSTEE_IS_ALIAS,
TRUSTEE_IS_WELL_KNOWN_GROUP,
TRUSTEE_IS_DELETED,
TRUSTEE_IS_INVALID,
TRUSTEE_IS_COMPUTER
}

[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto, Pack = 0)]
public struct TRUSTEE : IDisposable
{
public IntPtr pMultipleTrustee;
public MULTIPLE_TRUSTEE_OPERATION MultipleTrusteeOperation;
public TRUSTEE_FORM TrusteeForm;
public TRUSTEE_TYPE TrusteeType;
public IntPtr ptstrName;

void IDisposable.Dispose()
{
if (ptstrName != IntPtr.Zero) Marshal.Release(ptstrName);
}

public string Name { get { return Marshal.PtrToStringAuto(ptstrName); } }
}

[DllImport("advapi32.dll", SetLastError = true)]
public static extern bool AllocateAndInitializeSid(
ref SidIdentifierAuthority pIdentifierAuthority,
byte nSubAuthorityCount,
uint dwSubAuthority0, uint dwSubAuthority1,
uint dwSubAuthority2, uint dwSubAuthority3,
uint dwSubAuthority4, uint dwSubAuthority5,
uint dwSubAuthority6, uint dwSubAuthority7,
out IntPtr pSid);

[DllImport("advapi32.dll")]
public static extern IntPtr FreeSid(IntPtr pSid);

[DllImport("advapi32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
public static extern bool EqualSid(IntPtr pSid1, IntPtr pSid2);

[StructLayout(LayoutKind.Sequential)]
public struct SidIdentifierAuthority
{
[MarshalAs(UnmanagedType.ByValArray, SizeConst = 6, ArraySubType = UnmanagedType.I1)]
public byte[] Value;
}
}

/// <summary>
Expand All @@ -29,10 +150,7 @@ public static extern void SendConfig(
[STAThread]
static void Main(string[] parameter)
{
var desktop = NativeMethods.GetThreadDesktop(NativeMethods.GetCurrentThreadId());

bool started_in_cage = false;
if (!started_in_cage)
if (!StartedInCage() && false)
{
//NativeMethods.SendConfig(@"C:\sharkcage\CageConfigurator.sconfig");
}
Expand All @@ -43,5 +161,105 @@ static void Main(string[] parameter)
Application.Run(new CageConfiguratorForm(parameter.Length > 0 ? parameter[0] : null));
}
}

// FIXME this could be cleaned up substantially, but for now it works
// FIXME might be easier to ask the service for this info? :/
static bool StartedInCage()
{
try
{
var desktop = NativeMethods.GetThreadDesktop(NativeMethods.GetCurrentThreadId());

IntPtr owner_sid = IntPtr.Zero;
IntPtr group_sid = IntPtr.Zero;
IntPtr dacl;
IntPtr sacl = IntPtr.Zero;
IntPtr security_descriptor;

int val = NativeMethods.GetSecurityInfo(
desktop,
NativeMethods.SE_OBJECT_TYPE.SE_WINDOW_OBJECT,
NativeMethods.SECURITY_INFORMATION.DACL_SECURITY_INFORMATION,
out owner_sid,
out group_sid,
out dacl,
out sacl,
out security_descriptor);

NativeMethods.LocalFree(security_descriptor);

ulong entry_count = 0;
IntPtr entries_pointer;

NativeMethods.GetExplicitEntriesFromAclW(dacl, ref entry_count, out entries_pointer);

if (entry_count == 2)
{
bool admin_sid_all_denied = false;
bool shark_sid_all_granted = false;

IntPtr shark_entry = entries_pointer;
IntPtr admin_entry = IntPtr.Add(entries_pointer, Marshal.SizeOf(typeof(NativeMethods.EXPLICIT_ACCESS)));

NativeMethods.EXPLICIT_ACCESS ea_shark = (NativeMethods.EXPLICIT_ACCESS)Marshal.PtrToStructure(shark_entry, typeof(NativeMethods.EXPLICIT_ACCESS));
NativeMethods.EXPLICIT_ACCESS ea_admin = (NativeMethods.EXPLICIT_ACCESS)Marshal.PtrToStructure(admin_entry, typeof(NativeMethods.EXPLICIT_ACCESS));

const uint GENERIC_ALL = 0x10000000;
const int SET_ACCESS = 2;
const int DENY_ACCESS = 3;
const int NO_INHERITANCE = 0;

if (ea_admin.Trustee.TrusteeForm == NativeMethods.TRUSTEE_FORM.TRUSTEE_IS_SID)
{
const int nt_security_authority = 5;
const int built_in_domain_rid = 32;
const int domain_alias_rid_admins = 544;
var nt_authority = new NativeMethods.SidIdentifierAuthority();
nt_authority.Value = new byte[] { 0, 0, 0, 0, 0, nt_security_authority };

IntPtr admin_sid = IntPtr.Zero;
NativeMethods.AllocateAndInitializeSid(ref nt_authority, 2, built_in_domain_rid, domain_alias_rid_admins, 0, 0, 0, 0, 0, 0, out admin_sid);

if (NativeMethods.EqualSid(ea_admin.Trustee.ptstrName, admin_sid))
{
if ((ea_admin.grfAccessPermissions & GENERIC_ALL) != 0
&& ea_admin.grfAccessMode == DENY_ACCESS
&& ea_admin.grfInheritance == NO_INHERITANCE)
{
admin_sid_all_denied = true;
}
}

if (admin_sid != IntPtr.Zero)
{
NativeMethods.FreeSid(admin_sid);
}
}

if (ea_shark.Trustee.TrusteeForm == NativeMethods.TRUSTEE_FORM.TRUSTEE_IS_SID)
{
if ((ea_shark.grfAccessPermissions & GENERIC_ALL) != 0
&& ea_shark.grfAccessMode == SET_ACCESS
&& ea_shark.grfInheritance == NO_INHERITANCE)
{
shark_sid_all_granted = true;
}
}

if (admin_sid_all_denied && shark_sid_all_granted)
{
return true;
}
}
NativeMethods.LocalFree(entries_pointer);
}
catch (Exception e)
{
MessageBox.Show("Could not determine on which desktop the process is running: " + e.ToString());
Environment.Exit(1);
}

return false;
}
}
}
1 change: 0 additions & 1 deletion SharkCage/CageManager/CageDesktop.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ CageDesktop::CageDesktop(
sa.nLength = sizeof(SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = p_sd;
sa.bInheritHandle = FALSE;

new_desktop = ::CreateDesktop(desktop_name.c_str(), NULL, NULL, NULL, desk_access_mask, &sa);
}

Expand Down

0 comments on commit 0ec51e1

Please sign in to comment.