dcomperm_ms.cpp

Go to the documentation of this file.
00001 /*++
00002 
00003 DCOM Permission Configuration Sample
00004 Copyright (c) 1996, Microsoft Corporation. All rights reserved.
00005 
00006 Module Name:
00007 
00008     dcomperm.cpp
00009 
00010 Abstract:
00011 
00012     Main module for DCOM Permission Configuration Sample
00013 
00014 Author:
00015 
00016     Michael Nelson
00017 
00018 Environment:
00019 
00020     Windows NT
00021 
00022 --*/
00023 
00024 #include "dcomperm.h"
00025 
00026 #include <conio.h>
00027 #include <ntsecapi.h>
00028 #include <stdio.h>
00029 #include <stdlib.h>
00030 #include <tchar.h>
00031 #include <windows.h>
00032 
00033 void
00034 ShowUsage (
00035     LPTSTR ErrorString
00036     )
00037 {
00038     _tprintf (TEXT("%s\n"), ErrorString);
00039     _tprintf (TEXT("Syntax: dcomperm <option> [...]\n\n"));
00040 
00041     _tprintf (TEXT("Options:\n"));
00042 
00043     _tprintf (TEXT("   -da <\"set\" or \"remove\"> <Principal Name> [\"permit\" or \"deny\"]\n"));
00044     _tprintf (TEXT("   -da list\n"));
00045     _tprintf (TEXT("       Modify or list the default access permission list\n\n"));
00046 
00047     _tprintf (TEXT("   -dl <\"set\" or \"remove\"> <Principal Name> [\"permit\" or \"deny\"]\n"));
00048     _tprintf (TEXT("   -dl list\n"));
00049     _tprintf (TEXT("       Modify or list the default launch permission list\n\n"));
00050 
00051     _tprintf (TEXT("   -aa <AppID> <\"set\" or \"remove\"> <Principal Name> [\"permit\" or \"deny\"]\n"));
00052     _tprintf (TEXT("   -aa <AppID> default\n"));
00053     _tprintf (TEXT("   -aa <AppID> list\n"));
00054     _tprintf (TEXT("       Modify or list the access permission list for a specific AppID\n\n"));
00055 
00056     _tprintf (TEXT("   -al <AppID> <\"set\" or \"remove\"> <Principal Name> [\"permit\" or \"deny\"]\n"));
00057     _tprintf (TEXT("   -al <AppID> default\n"));
00058     _tprintf (TEXT("   -al <AppID> list\n"));
00059     _tprintf (TEXT("   -al <AppID> zap_list\n"));
00060     _tprintf (TEXT("       Modify or list the launch permission list for a specific AppID\n\n"));
00061 
00065 
00066     _tprintf (TEXT("   -runas <AppID> <Principal Name> <Password>\n"));
00067     _tprintf (TEXT("   -runas <AppID> \"Interactive User\"\n"));
00068     _tprintf (TEXT("   -runas <AppID> remove\n"));
00069     _tprintf (TEXT("       Set the RunAs information for a specific AppID\n\n"));
00070 
00071     _tprintf (TEXT("Examples:\n"));
00072     _tprintf (TEXT("   dcomperm -da set redmond\\t-miken permit\n"));
00073     _tprintf (TEXT("   dcomperm -dl set redmond\\jdoe deny\n"));
00074     _tprintf (TEXT("   dcomperm -aa {12345678-1234-1234-1234-00aa00bbf7c7} list\n"));
00075     _tprintf (TEXT("   dcomperm -al {12345678-1234-1234-1234-00aa00bbf7c7} remove redmond\\t-miken\n"));
00076     _tprintf (TEXT("   dcomperm -runas {12345678-1234-1234-1234-00aa00bbf7c7} redmond\\jdoe password\n"));
00077 
00078     exit (0);
00079 }
00080 
00081 void
00082 Error (
00083     LPTSTR ErrorMessage,
00084     DWORD ErrorCode
00085     )
00086 {
00087     TCHAR messageBuffer [255] = { '\0' };
00088 
00089     _tprintf (TEXT("%s\n%s"), ErrorMessage, SystemMessage (messageBuffer, ErrorCode));
00090     exit (0);
00091 }
00092 
00093 void
00094 HandleDAOption (
00095     int argc,
00096     TCHAR **argv
00097     )
00098 {
00099     DWORD returnValue = 0;
00100 
00101     if (argc < 3)
00102         ShowUsage (TEXT("Invalid number of arguments."));
00103 
00104     if (_tcscmp (_tcsupr (argv [2]), TEXT("LIST")) == 0)
00105     {
00106         _tprintf (TEXT("Default access permission list:\n\n"));
00107         ListDefaultAccessACL();
00108         return;
00109     }
00110 
00111     if (argc < 4)
00112         ShowUsage (TEXT("Invalid number of arguments."));
00113 
00114     if (_tcscmp (_tcsupr (argv [2]), TEXT("SET")) == 0)
00115     {
00116         if (argc < 5)
00117             ShowUsage (TEXT("Invalid number of arguments."));
00118 
00119         if (_tcscmp (_tcsupr (argv [4]), TEXT("PERMIT")) == 0)
00120             returnValue = ChangeDefaultAccessACL (argv [3], true, true); else
00121 
00122         if (_tcscmp (_tcsupr (argv [4]), TEXT("DENY")) == 0)
00123             returnValue = ChangeDefaultAccessACL (argv [3], true, false); else
00124         {
00125             ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
00126         }
00127 
00128         if (returnValue != ERROR_SUCCESS)
00129             Error (TEXT("ERROR: Cannot add user to default access ACL."), returnValue);
00130     } else
00131     if (_tcscmp (_tcsupr (argv [2]), TEXT("REMOVE")) == 0)
00132     {
00133         returnValue = ChangeDefaultAccessACL (argv[3], false, false);
00134 
00135         if (returnValue != ERROR_SUCCESS)
00136             Error (TEXT("ERROR: Cannot remove user from default access ACL."), returnValue);
00137     } else
00138         ShowUsage (TEXT("You can only \"set\" or \"remove\" a user."));
00139 }
00140 
00141 void
00142 HandleDLOption (
00143     int argc,
00144     TCHAR **argv
00145     )
00146 {
00147     DWORD returnValue = 0;
00148 
00149     if (argc < 3)
00150         ShowUsage (TEXT("Invalid number of arguments."));
00151 
00152     if (_tcscmp (_tcsupr (argv [2]), TEXT("LIST")) == 0)
00153     {
00154         _tprintf (TEXT("Default launch permission list:\n\n"));
00155         ListDefaultLaunchACL();
00156         return;
00157     }
00158 
00159     if (argc < 4)
00160         ShowUsage (TEXT("Invalid number of arguments."));
00161 
00162     if (_tcscmp (_tcsupr (argv [2]), TEXT("SET")) == 0)
00163     {
00164         if (argc < 5)
00165             ShowUsage (TEXT("Invalid number of arguments."));
00166 
00167         if (_tcscmp (_tcsupr (argv [4]), TEXT("PERMIT")) == 0)
00168             returnValue = ChangeDefaultLaunchACL (argv [3], true, true); else
00169 
00170         if (_tcscmp (_tcsupr (argv [4]), TEXT("DENY")) == 0)
00171             returnValue = ChangeDefaultLaunchACL (argv [3], true, false); else
00172         {
00173             ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
00174         }
00175 
00176         if (returnValue != ERROR_SUCCESS)
00177             Error (TEXT("ERROR: Cannot add user to default launch ACL."), returnValue);
00178     } else
00179     if (_tcscmp (_tcsupr (argv [3]), TEXT("REMOVE")) == 0)
00180     {
00181         returnValue = ChangeDefaultLaunchACL (argv[3], false, false);
00182 
00183         if (returnValue != ERROR_SUCCESS)
00184             Error (TEXT("ERROR: Cannot remove user from default launch ACL."), returnValue);
00185     } else
00186         ShowUsage (TEXT("You can only \"set\" or \"remove\" a user."));
00187 }
00188 
00189 void
00190 HandleAAOption (
00191     int argc,
00192     TCHAR **argv
00193     )
00194 {
00195     DWORD returnValue = 0;
00196     HKEY  registryKey;
00197     TCHAR appid [256];
00198     TCHAR keyName [256];
00199 
00200     if (argc < 4)
00201         ShowUsage (TEXT("Invalid number of arguments."));
00202 
00203     if (_tcscmp (_tcsupr (argv[3]), TEXT("LIST")) == 0)
00204     {
00205         if (argc < 4)
00206             ShowUsage (TEXT("Invalid number of arguments."));
00207 
00208         _tprintf (TEXT("Access permission list for AppID %s:\n\n"), argv[2]);
00209         ListAppIDAccessACL (argv[2]);
00210         return;
00211     }
00212 
00213     if (_tcscmp (_tcsupr (argv[3]), TEXT("DEFAULT")) == 0)
00214     {
00215         if (argv [2][0] == '{')
00216             wsprintf (appid, TEXT("%s"), argv [2]); else
00217             wsprintf (appid, TEXT("{%s}"), argv [2]);
00218 
00219         wsprintf (keyName, TEXT("APPID\\%s"), appid);
00220 
00221         returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_ALL_ACCESS, &registryKey);
00222         if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
00223             Error (TEXT("ERROR: Cannot open AppID registry key."), returnValue);
00224 
00225         returnValue = RegDeleteValue (registryKey, TEXT("AccessPermission"));
00226         if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
00227             Error (TEXT("ERROR: Cannot delete AccessPermission value."), returnValue);
00228 
00229         RegCloseKey (registryKey);
00230         return;
00231     }
00232 
00233     if (argc < 5)
00234         ShowUsage (TEXT("Invalid number of arguments."));
00235 
00236     if (_tcscmp (_tcsupr (argv [3]), TEXT("SET")) == 0)
00237     {
00238         if (argc < 6)
00239             ShowUsage (TEXT("Invalid number of arguments."));
00240 
00241         if (_tcscmp (_tcsupr (argv [5]), TEXT("PERMIT")) == 0)
00242             returnValue = ChangeAppIDAccessACL (argv[2], argv [4], true, true); else
00243 
00244         if (_tcscmp (_tcsupr (argv [5]), TEXT("DENY")) == 0)
00245             returnValue = ChangeAppIDAccessACL (argv[2], argv [4], true, false); else
00246         {
00247             ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
00248         }
00249 
00250         if (returnValue != ERROR_SUCCESS)
00251             Error (TEXT("ERROR: Cannot add user to application access ACL."), returnValue);
00252     } else
00253     if (_tcscmp (_tcsupr (argv [3]), TEXT("REMOVE")) == 0)
00254     {
00255         returnValue = ChangeAppIDAccessACL (argv[2], argv[4], false, false);
00256 
00257         if (returnValue != ERROR_SUCCESS)
00258             Error (TEXT("ERROR: Cannot remove user from application access ACL."), returnValue);
00259     } else
00260         ShowUsage (TEXT("You can only \"set\" or \"remove\" a user."));
00261 }
00262 
00263 void
00264 HandleALOption (
00265     int argc,
00266     TCHAR **argv
00267     )
00268 {
00269     DWORD returnValue = 0;
00270     HKEY  registryKey;
00271     TCHAR appid [256];
00272     TCHAR keyName [256];
00273 
00274     if (argc < 4)
00275         ShowUsage (TEXT("Invalid number of arguments."));
00276 
00277     if (_tcscmp (_tcsupr (argv[3]), TEXT("LIST")) == 0)
00278     {
00279         if (argc < 4)
00280             ShowUsage (TEXT("Invalid number of arguments.\n"));
00281 
00282         _tprintf (TEXT("Launch permission list for AppID %s:\n\n"), argv[2]);
00283         ListAppIDLaunchACL (argv[2]);
00284         return;
00285     }
00286     if (_tcscmp (_tcsupr (argv[3]), TEXT("ZAP_LIST")) == 0)
00287     {
00288         if (argc < 4)
00289             ShowUsage (TEXT("Invalid number of arguments.\n"));
00290 
00291         _tprintf (TEXT("Zapping launch permissions for AppID %s:\n\n"), argv[2]);
00292         ZapAppIDLaunchACL (argv[2]);
00293         return;
00294     }
00295 
00296     if (_tcscmp (_tcsupr (argv[3]), TEXT("DEFAULT")) == 0)
00297     {
00298         if (argv [2][0] == '{')
00299             wsprintf (appid, TEXT("%s"), argv [2]); else
00300             wsprintf (appid, TEXT("{%s}"), argv [2]);
00301 
00302         wsprintf (keyName, TEXT("APPID\\%s"), appid);
00303 
00304         returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_ALL_ACCESS, &registryKey);
00305         if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
00306             Error (TEXT("ERROR: Cannot open AppID registry key."), returnValue);
00307 
00308         returnValue = RegDeleteValue (registryKey, TEXT("LaunchPermission"));
00309         if (returnValue != ERROR_SUCCESS && returnValue != ERROR_FILE_NOT_FOUND)
00310             Error (TEXT("ERROR: Cannot delete LaunchPermission value."), returnValue);
00311 
00312         RegCloseKey (registryKey);
00313         return;
00314     }
00315 
00316     if (argc < 5)
00317         ShowUsage (TEXT("Invalid number of arguments."));
00318 
00319     if (_tcscmp (_tcsupr (argv [3]), TEXT("SET")) == 0)
00320     {
00321         if (argc < 6)
00322             ShowUsage (TEXT("Invalid number of arguments."));
00323 
00324         if (_tcscmp (_tcsupr (argv [5]), TEXT("PERMIT")) == 0)
00325             returnValue = ChangeAppIDLaunchACL (argv[2], argv [4], true, true); else
00326 
00327         if (_tcscmp (_tcsupr (argv [5]), TEXT("DENY")) == 0)
00328             returnValue = ChangeAppIDLaunchACL (argv[2], argv [4], true, false); else
00329         {
00330             ShowUsage (TEXT("You can only set a user's permissions to \"permit\" or \"deny\".\n\n"));
00331         }
00332 
00333         if (returnValue != ERROR_SUCCESS)
00334             Error (TEXT("ERROR: Cannot add user to application launch ACL."), returnValue);
00335     } else
00336     if (_tcscmp (_tcsupr (argv [3]), TEXT("REMOVE")) == 0)
00337     {
00338         returnValue = ChangeAppIDLaunchACL (argv[2], argv[4], false, false);
00339 
00340         if (returnValue != ERROR_SUCCESS)
00341             Error (TEXT("ERROR: Cannot remove user from application launch ACL."), returnValue);
00342     } else
00343         ShowUsage (TEXT("You can only \"set\" or \"remove\" a user."));
00344 }
00345 
00346 void
00347 HandleRunAsOption (
00348     int argc,
00349     TCHAR **argv
00350     )
00351 {
00352     DWORD returnValue = 0;
00353     HKEY  registryKey;
00354     TCHAR appid [256];
00355     TCHAR keyName [256];
00356 
00357     if (argc < 4)
00358         ShowUsage (TEXT("Invalid number of arguments."));
00359 
00360     if (argv [2][0] == '{')
00361         wsprintf (appid, TEXT("%s"), argv [2]); else
00362         wsprintf (appid, TEXT("{%s}"), argv [2]);
00363 
00364     wsprintf (keyName, TEXT("APPID\\%s"), appid);
00365 
00366     returnValue = RegOpenKeyEx (HKEY_CLASSES_ROOT, keyName, 0, KEY_ALL_ACCESS, &registryKey);
00367     if (returnValue != ERROR_SUCCESS)
00368         Error (TEXT("ERROR: Cannot open AppID registry key."), returnValue);
00369 
00370     bool try_setting_password = true;  // we will usually do this.
00371     if (_tcscmp (_tcsupr (argv[3]), TEXT("REMOVE")) == 0) {
00372       // we were told to remove the RunAs entry.
00373       try_setting_password = false;
00374       returnValue = RegDeleteValue(registryKey, TEXT("RunAs"));
00375       if (returnValue != ERROR_SUCCESS)
00376           Error (TEXT("ERROR: Cannot remove RunAs registry value."), returnValue);
00377     } else {
00378       returnValue = RegSetValueEx (registryKey, TEXT("RunAs"), 0, REG_SZ, (LPBYTE) argv [3], (DWORD)(_tcslen (argv[3]) * sizeof (TCHAR)));
00379       if (returnValue != ERROR_SUCCESS)
00380           Error (TEXT("ERROR: Cannot set RunAs registry value."), returnValue);
00381     }
00382 
00383     RegCloseKey (registryKey);
00384 
00385     if (try_setting_password && (_tcscmp (_tcsupr (argv[3]), TEXT("INTERACTIVE USER")) != 0) )
00386     {
00387         if (argc < 5)
00388             ShowUsage (TEXT("Invalid number of arguments."));
00389 
00390         returnValue = SetRunAsPassword (argv[2], argv[3], argv[4]);
00391         if (returnValue != ERROR_SUCCESS)
00392             Error (TEXT("ERROR: Cannot set RunAs password."), returnValue);
00393     }
00394 }
00395 
00396 int dcomperm_main(int argc, char **argv)
00397 {
00398 #ifdef TESTING
00399     printf("args:\n");
00400     for (int i = 0; i < argc; i++) {
00401       printf("#%d: %s\n", i, argv[i]);
00402     }
00403     char c = getchar();
00404 #endif
00405 
00406     if (argc < 2) {
00407         ShowUsage (TEXT("No option specified."));
00408         return 95;  // error.
00409     }
00410 
00411     if (_tcscmp (_tcsupr (argv [1]), TEXT("-DA")) == 0)
00412         HandleDAOption (argc, argv);
00413     else if (_tcscmp (_tcsupr (argv [1]), TEXT("-DL")) == 0)
00414         HandleDLOption (argc, argv);
00415     else if (_tcscmp (_tcsupr (argv [1]), TEXT("-AA")) == 0)
00416         HandleAAOption (argc, argv);
00417     else if (_tcscmp (_tcsupr (argv [1]), TEXT("-AL")) == 0)
00418         HandleALOption (argc, argv);
00419     else if (_tcscmp (_tcsupr (argv [1]), TEXT("-RUNAS")) == 0)
00420         HandleRunAsOption (argc, argv);
00421     else {
00422         ShowUsage (TEXT("Invalid option specified."));
00423         return 98;  // error.
00424     }
00425     return 0;  // no error.
00426 }
00427 
00428