The code for inspecting the SECDESC in NTUSER.DAT
Richard Sharpe
rsharpe at ns.aus.com
Wed Oct 30 08:09:00 GMT 2002
Hi,
Attached is the code if anyone wants to play with it.
A little more work and we might be able to modify the two SIDs that need
changing if the Domain SID changes out from under a user.
The link line is:
gcc -I../include -I../ubiqx -I../nsswitch -I../smbwrapper -I.. -o \
profiles profiles.c
Regards
-----
Richard Sharpe, rsharpe at ns.aus.com, rsharpe at samba.org,
sharpe at ethereal.com, http://www.richardsharpe.com
-------------- next part --------------
#include "includes.h"
#include <stdio.h>
#include <errno.h>
print_sid(DOM_SID *sid)
{
int i, comps = sid->num_auths;
fprintf(stdout, "S-%u-%u", sid->sid_rev_num, sid->id_auth[5]);
for (i = 0; i < comps; i++) {
fprintf(stdout, "-%u", sid->sub_auths[i]);
}
fprintf(stdout, "\n");
}
int main(int argc, char *argv[])
{
int i, fd, aces;
typedef struct profiles_secdesc {
unsigned char type;
unsigned char flags;
unsigned short length;
unsigned int perms;
DOM_SID trustee;
} MY_SECDESC;
MY_SECDESC *sec_desc;
char buf[512];
fstring sid_str;
if (argc < 2) {
fprintf(stderr, "Usage: profiles profile-file\n");
exit(1);
}
fd = open(argv[1], O_RDONLY, 0000);
if (fd < 0) {
fprintf(stderr, "Could not open %s: %s\n", argv[1],
strerror(errno));
exit(1);
}
lseek(fd, 4272, SEEK_SET); /* This is where the SECDESC is */
if (read(fd, buf, sizeof(buf)) < sizeof(buf)) {
fprintf(stderr, "Could not read enough bytes ...\n");
exit(1);
}
/*
* Now, decipher it ...
*/
aces = (int *)buf[0];
fprintf(stdout, "Number of ACEs: %ud\n", aces);
sec_desc = &buf[4];
for (i = 0; i < aces; i++) {
fprintf(stdout, "Type: %02X, Flags: %02X, Len: %u, Perms: %08X\n",
sec_desc->type, sec_desc->flags, sec_desc->length,
sec_desc->perms);
print_sid(&sec_desc->trustee);
sec_desc = (char *)sec_desc + sec_desc->length;
}
}
More information about the samba-technical
mailing list