Menu
▾
▴
acmcontester-developers
|
From: <Or...@us...> - 2008-06-07 14:12:15
|
Revision: 225
http://acmcontester.svn.sourceforge.net/acmcontester/?rev=225&view=rev
Author: Oracle_
Date: 2008-06-07 07:12:18 -0700 (Sat, 07 Jun 2008)
Log Message:
-----------
More secured version.
Modified Paths:
--------------
ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-06 21:44:44 UTC (rev 224)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-07 14:12:18 UTC (rev 225)
@@ -8,8 +8,8 @@
#include <Userenv.h>
using namespace System::IO;
-const wchar_t USER_NAME[]={'T','e','s','t','i','n','g','U','s','e','r'}; //username for testing
-const wchar_t USER_PASSW[]={'U','S','E','R','1','2','3','4','5'}; //password of user for testing
+const wchar_t USER_NAME[]={L"TestingUser"}; //username for testing
+const wchar_t USER_PASSW[]={L"USER12345"}; //password of user for testing
namespace SourceTest
{
@@ -764,6 +764,17 @@
return Result;
}
+void DenyAccessFolder(String^ folder)
+{
+ DirectoryInfo^ fi = gcnew DirectoryInfo(folder);
+ DirectorySecurity^ fs = gcnew DirectorySecurity(folder, AccessControlSections::All);
+ fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::FullControl,
+ InheritanceFlags::ObjectInherit|InheritanceFlags::ContainerInherit,
+ PropagationFlags::None,
+ AccessControlType::Deny));
+ fi->SetAccessControl(fs);
+}
+
TSecure::TSecure()
{
SetUserObjectFullAccess( GetThreadDesktop(GetCurrentThreadId())); //needed for accessing from CreateProcessAsUser
@@ -783,22 +794,25 @@
{
if (st==NERR_UserExists)
return; //if user exists just do nothing
- MessageBox(NULL,(LPCTSTR)"Can not create testing user - only unsecured mode",(LPCTSTR)"Warning",MB_ICONWARNING|MB_OK);
+ MessageBox(NULL,L"Can not create testing user - only unsecured mode",L"Warning",MB_ICONWARNING|MB_OK);
return;
}
array<DriveInfo^>^ drv=DriveInfo::GetDrives();
for (int i=0;i<drv->Length;i++) //for all drives set limitation
if (drv[i]->DriveType==DriveType::Fixed)
- {
- DirectoryInfo^ fi = gcnew DirectoryInfo(drv[i]->Name);
- DirectorySecurity^ fs = gcnew DirectorySecurity(drv[i]->Name, AccessControlSections::All);
- fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::FullControl,
- InheritanceFlags::ObjectInherit|InheritanceFlags::ContainerInherit,
- PropagationFlags::None,
- AccessControlType::Deny));
- fi->SetAccessControl(fs);
- }
-
+ DenyAccessFolder(drv[i]->Name);
+ wchar_t buf[MAX_PATH+1];
+ GetEnvironmentVariableW(L"ProgramFiles",buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetEnvironmentVariable(L"ALLUSERSPROFILE",buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetWindowsDirectory(buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ GetSystemDirectory(buf,MAX_PATH);
+ DenyAccessFolder(gcnew String(buf));
+ DWORD size=MAX_PATH;
+ GetProfilesDirectory(buf,&size);
+ DenyAccessFolder(gcnew String(buf));
}
TSecure::~TSecure()
@@ -817,8 +831,11 @@
fs->SetAccessRule(gcnew FileSystemAccessRule(gcnew String(USER_NAME),FileSystemRights::ExecuteFile,AccessControlType::Allow));
fi->SetAccessControl(fs);
if (DuplicateTokenEx(Token,TOKEN_ALL_ACCESS,NULL,SecurityImpersonation,TokenPrimary,&token))
+ {
if (ImpersonateLoggedOnUser(token))
+ {
if (CreateEnvironmentBlock((LPVOID*)&env,token,FALSE))
+ {
if (CreateProcessAsUser(token,NULL,lpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags|CREATE_UNICODE_ENVIRONMENT,env,NULL,lpStartupInfo,lpProcessInformation))
{
DestroyEnvironmentBlock(env);
@@ -828,6 +845,9 @@
return true;
}
}
+ }
+ }
+ }
if (env!=NULL)
DestroyEnvironmentBlock(env);
RevertToSelf();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <br...@us...> - 2008-06-10 12:02:21
|
Revision: 238
http://acmcontester.svn.sourceforge.net/acmcontester/?rev=238&view=rev
Author: brus07
Date: 2008-06-10 05:02:27 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
Added commented line with specification OS (XP), for easy use for brus07.
Modified Paths:
--------------
ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-09 23:01:26 UTC (rev 237)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-10 12:02:27 UTC (rev 238)
@@ -1,6 +1,7 @@
// This is the main DLL file.
#include "stdafx.h"
+//#define _WIN32_WINNT 0x0500
#include <stdio.h>
#include "SourceTest.h"
#include <LM.h>
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <Or...@us...> - 2008-06-11 07:03:30
|
Revision: 243
http://acmcontester.svn.sourceforge.net/acmcontester/?rev=243&view=rev
Author: Oracle_
Date: 2008-06-11 00:03:37 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Added extended details for TSecure->RunProcess.
Modified Paths:
--------------
ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
Modified: ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp
===================================================================
--- ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-10 22:41:51 UTC (rev 242)
+++ ACMServer/branches/sharp tester/SourceTest/SourceTest.cpp 2008-06-11 07:03:37 UTC (rev 243)
@@ -15,7 +15,7 @@
namespace SourceTest
{
-char* StrToArr(String^ str) //converts Managed String to C++ string to
+char* StrToArr(String^ str) //converts Managed String to C++ string
{
return (char*)System::Runtime::InteropServices::Marshal::StringToHGlobalAnsi(str).ToPointer();
}
@@ -366,7 +366,7 @@
return TRUE;
}
-BOOL AddPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege) //adds privilege to process token (in this version unused)
+BOOL AddPrivilege(HANDLE hToken,LPCTSTR lpszPrivilege) //adds privilege to process token
{
TOKEN_PRIVILEGES tp;
LUID luid;
@@ -844,6 +844,13 @@
wchar_t buflpCommandLine[MAX_PATH+1];
if (!GetFullPathName(lpCommandLine,MAX_PATH,buflpCommandLine,NULL))
wcscpy(buflpCommandLine,lpCommandLine);
+ HANDLE myToken;
+ if (OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&myToken))
+ {
+ if (AddPrivilege(myToken,SE_INCREASE_QUOTA_NAME))
+ {
+ if (AddPrivilege(myToken,SE_ASSIGNPRIMARYTOKEN_NAME))
+ {
if (LogonUser((LPWSTR)USER_NAME,(LPWSTR)".",(LPWSTR)USER_PASSW,LOGON32_LOGON_NETWORK,LOGON32_PROVIDER_DEFAULT,&Token))
{
FileInfo^ fi=gcnew FileInfo(gcnew String(lpCommandLine));
@@ -861,13 +868,25 @@
DestroyEnvironmentBlock(env);
RevertToSelf();
CloseHandle(token);
+ CloseHandle(myToken);
Details="Secured process. Result details: ";
return true;
- }
- }
- }
- }
- }
+ } else
+ Details="Unsecured process. CreateProcessAsUser failed. Error#"+GetLastError().ToString()+" Result details: ";
+ } else
+ Details="Unsecured process. CreateEnvironmentBlock failed. Error#"+GetLastError().ToString()+" Result details: ";
+ } else
+ Details="Unsecured process. ImpersonateLoggedOnUser failed. Error#"+GetLastError().ToString()+" Result details: ";
+ } else
+ Details="Unsecured process. DuplicateTokenEx failed. Error#"+GetLastError().ToString()+" Result details: ";
+ } else
+ Details="Unsecured process. LogonUser failed. Error#"+GetLastError().ToString()+" Result details: ";
+ } else
+ Details="Unsecured process. SE_ASSIGNPRIMARYTOKEN_NAME unavailable. Result details: ";
+ } else
+ Details="Unsecured process. SE_INCREASE_QUOTA_NAME unavailable. Result details: ";
+ } else
+ Details="Unsecured process. OpenProcessToken failed. Error#"+GetLastError().ToString()+" Result details: ";
if (env!=NULL)
DestroyEnvironmentBlock(env);
RevertToSelf();
@@ -875,7 +894,8 @@
CloseHandle(token);
if (Token!=NULL)
CloseHandle(Token);
- Details="Unsecured process. Result details: ";
+ if (myToken!=NULL)
+ CloseHandle(myToken);
if (CreateProcess(NULL,buflpCommandLine,NULL,NULL,bInheritHandles,dwCreationFlags,NULL,NULL,lpStartupInfo,lpProcessInformation))
return true;
return false;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X