Record MTU discovery packets in net-internals log.
[chromium-blink-merge.git] / sandbox / win / tools / finder / finder.h
blob23255cea4393748ccee66716e5f77b6b5247c3fd
1 // Copyright (c) 2006-2008 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef SANDBOX_TOOLS_FINDER_FINDER_H__
6 #define SANDBOX_TOOLS_FINDER_FINDER_H__
8 #include "sandbox/win/src/restricted_token_utils.h"
9 #include "sandbox/win/tools/finder/ntundoc.h"
11 // Type of stats that we calculate during the Scan operation
12 enum Stats {
13 READ = 0, // Number of objects with read access
14 WRITE, // Number of objects with write access
15 ALL, // Number of objects with r/w access
16 PARSE, // Number of objects parsed
17 BROKEN, // Number of errors while parsing the objects
18 SIZE_STATS // size of the enum
21 const int kScanRegistry = 0x01;
22 const int kScanFileSystem = 0x02;
23 const int kScanKernelObjects = 0x04;
25 const int kTestForRead = 0x01;
26 const int kTestForWrite = 0x02;
27 const int kTestForAll = 0x04;
29 #define FS_ERR L"FILE-ERROR"
30 #define OBJ_ERR L"OBJ-ERROR"
31 #define REG_ERR L"REG_ERROR"
32 #define OBJ L"OBJ"
33 #define FS L"FILE"
34 #define REG L"REG"
36 // The impersonater class will impersonate a token when the object is created
37 // and revert when the object is going out of scope.
38 class Impersonater {
39 public:
40 Impersonater(HANDLE token_handle) {
41 if (token_handle)
42 ::ImpersonateLoggedOnUser(token_handle);
44 ~Impersonater() {
45 ::RevertToSelf();
49 // The finder class handles the search of objects (file system, registry, kernel
50 // objects) on the system that can be opened by a restricted token. It can
51 // support multiple levels of restriction for the restricted token and can check
52 // for read, write or r/w access. It outputs the results to a file or stdout.
53 class Finder {
54 public:
55 Finder();
56 ~Finder();
57 DWORD Init(sandbox::TokenLevel token_type, DWORD object_type,
58 DWORD access_type, FILE *file_output);
59 DWORD Scan();
61 private:
62 // Parses a file system path and perform an access check on all files and
63 // folder found.
64 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
65 // win32 error code associated with the error.
66 DWORD ParseFileSystem(ATL::CString path);
68 // Parses a registry hive referenced by "key" and performs an access check on
69 // all subkeys found.
70 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
71 // win32 error code associated with the error.
72 DWORD ParseRegistry(HKEY key, ATL::CString print_name);
74 // Parses the kernel namespace beginning at "path" and performs an access
75 // check on all objects found. However, only some object types are supported,
76 // all non supported objects are ignored.
77 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
78 // win32 error code associated with the error.
79 DWORD ParseKernelObjects(ATL::CString path);
81 // Checks if "path" can be accessed with the restricted token.
82 // Returns the access granted.
83 DWORD TestFileAccess(ATL::CString path);
85 // Checks if the registry key with the path key\name can be accessed with the
86 // restricted token.
87 // print_name is only use for logging purpose.
88 // Returns the access granted.
89 DWORD TestRegAccess(HKEY key, ATL::CString name, ATL::CString print_name);
91 // Checks if the kernel object "path" of type "type" can be accessed with
92 // the restricted token.
93 // Returns the access granted.
94 DWORD TestKernelObjectAccess(ATL::CString path, ATL::CString type);
96 // Outputs information to the logfile
97 void Output(ATL::CString type, ATL::CString access, ATL::CString info) {
98 fprintf(file_output_, "\n%S;%S;%S", type.GetBuffer(), access.GetBuffer(),
99 info.GetBuffer());
102 // Output information to the log file.
103 void Output(ATL::CString type, DWORD error, ATL::CString info) {
104 fprintf(file_output_, "\n%S;0x%X;%S", type.GetBuffer(), error,
105 info.GetBuffer());
108 // Set func_to_call to the function pointer of the function used to handle
109 // requests for the kernel objects of type "type". If the type is not
110 // supported at the moment the function returns false and the func_to_call
111 // parameter is not modified.
112 bool GetFunctionForType(ATL::CString type, NTGENERICOPEN * func_to_call);
114 // Initializes the NT function pointers to be able to use all the needed
115 // functions in NTDDL.
116 // Returns ERROR_SUCCESS if the function succeeded, otherwise, it returns the
117 // win32 error code associated with the error.
118 DWORD InitNT();
120 // Calls func_to_call with the parameters desired_access, object_attributes
121 // and handle. func_to_call is a pointer to a function to open a kernel
122 // object.
123 NTSTATUS NtGenericOpen(ACCESS_MASK desired_access,
124 OBJECT_ATTRIBUTES *object_attributes,
125 NTGENERICOPEN func_to_call,
126 HANDLE *handle);
128 // Type of object to check for.
129 DWORD object_type_;
130 // Access to try.
131 DWORD access_type_;
132 // Output file for the results.
133 FILE * file_output_;
134 // Handle to the restricted token.
135 HANDLE token_handle_;
136 // Stats containing the number of operations performed on the different
137 // objects.
138 int filesystem_stats_[SIZE_STATS];
139 int registry_stats_[SIZE_STATS];
140 int kernel_object_stats_[SIZE_STATS];
143 #endif // SANDBOX_TOOLS_FINDER_FINDER_H__