sandbox/win/tools/finder/main.cc

   1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "sandbox/win/src/restricted_token_utils.h"
   6 #include "sandbox/win/tools/finder/finder.h"
   7
   8 #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0)
   9
  10 void PrintUsage(wchar_t *application_name) {
  11   wprintf(L"\n\nUsage: \n  %ls --token type --object ob1 [ob2  ob3] "
  12       L"--access ac1 [ac2 ac3] [--log filename]", application_name);
  13   wprintf(L"\n\n  Token Types : \n\tLOCKDOWN \n\tRESTRICTED "
  14       L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED");
  15   wprintf(L"\n  Object Types: \n\tREG \n\tFILE \n\tKERNEL");
  16   wprintf(L"\n  Access Types: \n\tR \n\tW \n\tALL");
  17   wprintf(L"\n\nSample: \n  %ls --token LOCKDOWN --object REG FILE KERNEL "
  18       L"--access R W ALL", application_name);
  19 }
  20
  21 int wmain(int argc, wchar_t* argv[]) {
  22   // Extract the filename from the path.
  23   wchar_t *app_name = wcsrchr(argv[0], L'\\');
  24   if (!app_name) {
  25     app_name = argv[0];
  26   } else {
  27     app_name++;
  28   }
  29
  30   // parameters to read
  31   ATL::CString log_file;
  32   sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN;
  33   DWORD object_type = 0;
  34   DWORD access_type = 0;
  35
  36   // no arguments
  37   if (argc == 1) {
  38     PrintUsage(app_name);
  39     return -1;
  40   }
  41
  42   // parse command line.
  43   for (int i = 1; i < argc; ++i) {
  44     if (PARAM_IS(L"--token")) {
  45       i++;
  46       if (argc > i) {
  47         if (PARAM_IS(L"LOCKDOWN")) {
  48           token_type = sandbox::USER_LOCKDOWN;
  49         } else if (PARAM_IS(L"RESTRICTED")) {
  50           token_type = sandbox::USER_RESTRICTED;
  51         } else if (PARAM_IS(L"LIMITED_USER")) {
  52           token_type = sandbox::USER_LIMITED;
  53         } else if (PARAM_IS(L"INTERACTIVE_USER")) {
  54           token_type = sandbox::USER_INTERACTIVE;
  55         } else if (PARAM_IS(L"NON_ADMIN")) {
  56           token_type = sandbox::USER_NON_ADMIN;
  57         } else if (PARAM_IS(L"USER_RESTRICTED_SAME_ACCESS")) {
  58           token_type = sandbox::USER_RESTRICTED_SAME_ACCESS;
  59         } else if (PARAM_IS(L"UNPROTECTED")) {
  60           token_type = sandbox::USER_UNPROTECTED;
  61         } else {
  62           wprintf(L"\nAbord. Invalid token type \"%ls\"", argv[i]);
  63           PrintUsage(app_name);
  64           return -1;
  65         }
  66       }
  67     } else if (PARAM_IS(L"--object")) {
  68       bool is_object = true;
  69       do {
  70         i++;
  71         if (PARAM_IS(L"REG")) {
  72           object_type |= kScanRegistry;
  73         } else if (PARAM_IS(L"FILE")) {
  74           object_type |= kScanFileSystem;
  75         } else if (PARAM_IS(L"KERNEL")) {
  76           object_type |= kScanKernelObjects;
  77         } else {
  78           is_object = false;
  79         }
  80       } while(is_object);
  81       i--;
  82     } else if (PARAM_IS(L"--access")) {
  83       bool is_access = true;
  84       do {
  85         i++;
  86         if (PARAM_IS(L"R")) {
  87           access_type |= kTestForRead;
  88         } else if (PARAM_IS(L"W")) {
  89           access_type |= kTestForWrite;
  90         } else if (PARAM_IS(L"ALL")) {
  91           access_type |= kTestForAll;
  92         } else {
  93           is_access = false;
  94         }
  95       } while(is_access);
  96       i--;
  97     } else if (PARAM_IS(L"--log")) {
  98       i++;
  99       if (argc > i) {
 100         log_file = argv[i];
 101       }
 102       else {
 103         wprintf(L"\nAbord. No log file specified");
 104         PrintUsage(app_name);
 105         return -1;
 106       }
 107     } else {
 108       wprintf(L"\nAbord. Unrecognized parameter \"%ls\"", argv[i]);
 109       PrintUsage(app_name);
 110       return -1;
 111     }
 112   }
 113
 114   // validate parameters
 115   if (0 == access_type) {
 116     wprintf(L"\nAbord, Access type not specified");
 117     PrintUsage(app_name);
 118     return -1;
 119   }
 120
 121   if (0 == object_type) {
 122     wprintf(L"\nAbord, Object type not specified");
 123     PrintUsage(app_name);
 124     return -1;
 125   }
 126
 127
 128   // Open log file
 129   FILE * file_output;
 130   if (log_file.GetLength()) {
 131     errno_t err = _wfopen_s(&file_output, log_file, L"w");
 132     if (err) {
 133       wprintf(L"\nAbord, Cannot open file \"%ls\"", log_file.GetBuffer());
 134       return -1;
 135     }
 136   } else {
 137     file_output = stdout;
 138   }
 139
 140   Finder finder_obj;
 141   finder_obj.Init(token_type, object_type, access_type, file_output);
 142   finder_obj.Scan();
 143
 144   fclose(file_output);
 145
 146   return 0;
 147 }