-
-
Notifications
You must be signed in to change notification settings - Fork 16
/
OperationReplaceMap.cpp
84 lines (69 loc) · 2.72 KB
/
OperationReplaceMap.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#include "OperationReplaceMap.h"
#include "InputOutput.h"
#include "Helpers.h"
#include <fstream>
#include <locale>
#include <codecvt>
ClassFactory<OperationReplaceMap> OperationReplaceMap::RegisteredFactory(GetCommand());
OperationReplaceMap::OperationReplaceMap(std::queue<std::wstring> & oArgList, const std::wstring & sCommand) : Operation(oArgList)
{
// exit if there are not enough arguments to parse
const std::vector<std::wstring> sSubArgs = ProcessAndCheckArgs(1, oArgList, L"\\|");
// open the file
std::wifstream fFile(sSubArgs.at(0).c_str());
// adapt the stream to read windows unicode files
(void) fFile.imbue(std::locale(fFile.getloc(), new std::codecvt_utf8<wchar_t,
0x10ffff, std::consume_header>));
// read the file line-by-line
std::wstring sLine;
while (std::getline(fFile, sLine))
{
// parse the search and replace account which are separated by a ':' character
// also, sometimes a carriage return appears in the input stream so adding
// it here ensures it is stripped from the very end
std::vector<std::wstring> oLineItems = SplitArgs(sLine, L":|\r");
// verify the line contains at least two elements
if (oLineItems.size() != 2)
{
wprintf(L"ERROR: The replacement map line '%s' is invalid.", sLine.c_str());
std::exit(-1);
}
// verify search sid
const PSID tSearchSid = GetSidFromName(oLineItems.at(0));
if (tSearchSid == nullptr)
{
wprintf(L"ERROR: The map search value '%s' is invalid.", oLineItems.at(0).c_str());
std::exit(-1);
}
// verify replace sid
const PSID tReplaceSid = GetSidFromName(oLineItems.at(1));
if (tReplaceSid == nullptr)
{
wprintf(L"ERROR: The map replace value '%s' is invalid.", oLineItems.at(1).c_str());
std::exit(-1);
}
// update the map
oReplaceMap[tSearchSid] = tReplaceSid;
}
// cleanup
fFile.close();
// flag this as being an ace-level action
AppliesToDacl = true;
AppliesToSacl = true;
AppliesToGroup = true;
AppliesToOwner = true;
// target certain parts of the security descriptor
if (sSubArgs.size() > 1) ProcessGranularTargetting(sSubArgs.at(1));
}
SidActionResult OperationReplaceMap::DetermineSid(const WCHAR * const sSdPart, ObjectEntry & tObjectEntry, PSID const tCurrentSid, PSID & tResultantSid)
{
// check if the sid matches the ace
const auto oInteractor = oReplaceMap.find(tCurrentSid);
if (oInteractor == oReplaceMap.end()) return SidActionResult::Nothing;
// return the replacement sid
const std::wstring sSearchAccount = GetNameFromSidEx(oInteractor->first);
const std::wstring sReplaceAccount = GetNameFromSidEx(oInteractor->second);
InputOutput::AddInfo(L"Replacing '" + sSearchAccount + L"' with '" + sReplaceAccount + L"'", sSdPart);
tResultantSid = oInteractor->second;
return SidActionResult::Replace;
}