// Copyright (c) 2006-2008 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "sandbox/src/restricted_token_utils.h" #include "sandbox/tools/finder/finder.h" #define PARAM_IS(y) (argc > i) && (_wcsicmp(argv[i], y) == 0) void PrintUsage(wchar_t *application_name) { wprintf(L"\n\nUsage: \n %ls --token type --object ob1 [ob2 ob3] " L"--access ac1 [ac2 ac3] [--log filename]", application_name); wprintf(L"\n\n Token Types : \n\tLOCKDOWN \n\tRESTRICTED " L"\n\tLIMITED_USER \n\tINTERACTIVE_USER \n\tNON_ADMIN \n\tUNPROTECTED"); wprintf(L"\n Object Types: \n\tREG \n\tFILE \n\tKERNEL"); wprintf(L"\n Access Types: \n\tR \n\tW \n\tALL"); wprintf(L"\n\nSample: \n %ls --token LOCKDOWN --object REG FILE KERNEL " L"--access R W ALL", application_name); } int wmain(int argc, wchar_t* argv[]) { // Extract the filename from the path. wchar_t *app_name = wcsrchr(argv[0], L'\\'); if (!app_name) { app_name = argv[0]; } else { app_name++; } // parameters to read ATL::CString log_file; sandbox::TokenLevel token_type = sandbox::USER_LOCKDOWN; DWORD object_type = 0; DWORD access_type = 0; // no arguments if (argc == 1) { PrintUsage(app_name); return -1; } // parse command line. for (int i = 1; i < argc; ++i) { if (PARAM_IS(L"--token")) { i++; if (argc > i) { if (PARAM_IS(L"LOCKDOWN")) { token_type = sandbox::USER_LOCKDOWN; } else if (PARAM_IS(L"RESTRICTED")) { token_type = sandbox::USER_RESTRICTED; } else if (PARAM_IS(L"LIMITED_USER")) { token_type = sandbox::USER_LIMITED; } else if (PARAM_IS(L"INTERACTIVE_USER")) { token_type = sandbox::USER_INTERACTIVE; } else if (PARAM_IS(L"NON_ADMIN")) { token_type = sandbox::USER_NON_ADMIN; } else if (PARAM_IS(L"USER_RESTRICTED_SAME_ACCESS")) { token_type = sandbox::USER_RESTRICTED_SAME_ACCESS; } else if (PARAM_IS(L"UNPROTECTED")) { token_type = sandbox::USER_UNPROTECTED; } else { wprintf(L"\nAbord. Invalid token type \"%ls\"", argv[i]); PrintUsage(app_name); return -1; } } } else if (PARAM_IS(L"--object")) { bool is_object = true; do { i++; if (PARAM_IS(L"REG")) { object_type |= kScanRegistry; } else if (PARAM_IS(L"FILE")) { object_type |= kScanFileSystem; } else if (PARAM_IS(L"KERNEL")) { object_type |= kScanKernelObjects; } else { is_object = false; } } while(is_object); i--; } else if (PARAM_IS(L"--access")) { bool is_access = true; do { i++; if (PARAM_IS(L"R")) { access_type |= kTestForRead; } else if (PARAM_IS(L"W")) { access_type |= kTestForWrite; } else if (PARAM_IS(L"ALL")) { access_type |= kTestForAll; } else { is_access = false; } } while(is_access); i--; } else if (PARAM_IS(L"--log")) { i++; if (argc > i) { log_file = argv[i]; } else { wprintf(L"\nAbord. No log file specified"); PrintUsage(app_name); return -1; } } else { wprintf(L"\nAbord. Unrecognized parameter \"%ls\"", argv[i]); PrintUsage(app_name); return -1; } } // validate parameters if (0 == access_type) { wprintf(L"\nAbord, Access type not specified"); PrintUsage(app_name); return -1; } if (0 == object_type) { wprintf(L"\nAbord, Object type not specified"); PrintUsage(app_name); return -1; } // Open log file FILE * file_output; if (log_file.GetLength()) { errno_t err = _wfopen_s(&file_output, log_file, L"w"); if (err) { wprintf(L"\nAbord, Cannot open file \"%ls\"", log_file.GetBuffer()); return -1; } } else { file_output = stdout; } Finder finder_obj; finder_obj.Init(token_type, object_type, access_type, file_output); finder_obj.Scan(); fclose(file_output); return 0; }