Added /SharePaths

Author: NoMoreFood

InputOutput.h

@@ -45,10 +45,10 @@ class InputOutput
 		return iMaxThreads;
 	}
 
-	static std::wstring & BasePath()
+	static std::vector<std::wstring> & ScanPaths()
 	{
-		static std::wstring sBasePath = L"";
-		return sBasePath;
+		static std::vector<std::wstring> vScanPaths;
+		return vScanPaths;
 	}
 
 	static void AddFile(const std::wstring & sLine)

Main.cpp

@@ -331,35 +331,36 @@ void AnalzyingQueue()
 	}
 }
 
-VOID BeginFileScan(std::wstring sScanPath)
+VOID BeginFileScan()
 {
 	// startup some threads for processing
 	std::vector<std::thread *> oThreads;
 	for (USHORT iNum = 0; iNum < InputOutput::MaxThreads(); iNum++)
 		oThreads.push_back(new std::thread(AnalzyingQueue));
 
-	// queue that is used to store the directory listing
-	std::queue<ObjectEntry> oQueue;
-
-	// to get the process started, we need to have one entry so
-	// we will set that to the passed argument
-	ObjectEntry oEntryFirst;
-	oEntryFirst.IsRoot = true;
+	for (std::vector<std::wstring>::iterator sScanPath = InputOutput::ScanPaths().begin();
+		sScanPath != InputOutput::ScanPaths().end(); sScanPath++)
+	{
+		// to get the process started, we need to have one entry so
+		// we will set that to the passed argument
+		ObjectEntry oEntryFirst;
+		oEntryFirst.IsRoot = true;
 
-	// convert the path to a long path that is compatible with the other call
-	UNICODE_STRING tPathU;
-	RtlDosPathNameToNtPathName_U(sScanPath.c_str(), &tPathU, NULL, NULL);
+		// convert the path to a long path that is compatible with the other call
+		UNICODE_STRING tPathU;
+		RtlDosPathNameToNtPathName_U((*sScanPath).c_str(), &tPathU, NULL, NULL);
 
-	// copy it to a null terminated string
-	oEntryFirst.Name = std::wstring(tPathU.Buffer, tPathU.Length / sizeof(WCHAR));
-	oEntryFirst.Attributes = GetFileAttributes(sScanPath.c_str());
+		// copy it to a null terminated string
+		oEntryFirst.Name = std::wstring(tPathU.Buffer, tPathU.Length / sizeof(WCHAR));
+		oEntryFirst.Attributes = GetFileAttributes((*sScanPath).c_str());
 
-	// free the buffer returned previously
-	RtlFreeUnicodeString(&tPathU);
+		// free the buffer returned previously
+		RtlFreeUnicodeString(&tPathU);
 
-	// add this entry to being processing
-	iFilesToProcess++;
-	oScanQueue.push(oEntryFirst);
+		// add this entry to being processing
+		iFilesToProcess++;
+		oScanQueue.push(oEntryFirst);
+	}
 
 	// wait until all threads complete
 	while (iFilesToProcess > 0)
@@ -437,7 +438,7 @@ int wmain(int iArgs, WCHAR * aArgs[])
 	}
 
 	// verify a path was specified
-	if (InputOutput::BasePath().size() == 0)
+	if (InputOutput::ScanPaths().size() == 0)
 	{
 		wprintf(L"%s\n", L"ERROR: No path was specified.");
 		exit(-1);
@@ -450,14 +451,16 @@ int wmain(int iArgs, WCHAR * aArgs[])
 	wprintf(L"===============================================================================\n");
 	wprintf(L"= Repacls Version %hs by Bryan Berns\n", VERSION_STRING);
 	wprintf(L"===============================================================================\n");
-	wprintf(L"= Scan Path: %s\n", InputOutput::BasePath().c_str());
+	for (std::vector<std::wstring>::iterator sScanPath = InputOutput::ScanPaths().begin();
+		sScanPath != InputOutput::ScanPaths().end(); sScanPath++)
+		wprintf(L"= Scan Path(s): %s\n", (*sScanPath).c_str());
 	wprintf(L"= Maximum Threads: %d\n", (int)InputOutput::MaxThreads());
 	wprintf(L"= What If Mode: %s\n", InputOutput::InWhatIfMode() ? L"Yes" : L"No");
 	wprintf(L"===============================================================================\n");
 
 	// do the scan
 	ULONGLONG iTimeStart = GetTickCount64();
-	BeginFileScan(InputOutput::BasePath());
+	BeginFileScan();
 	ULONGLONG iTimeStop = GetTickCount64();
 
 	// print out statistics

Operation.h

@@ -29,7 +29,7 @@ typedef ACCESS_ACE *PACCESS_ACE;
 #define SidNotMatch(x,y) (!SidMatch(x,y))
 
 // macros for checking file attributes
-#define CheckBitSet(x,y) ((x & y) != 0)
+#define CheckBitSet(x,y) (((x) & (y)) != 0)
 #define IsDirectory(x) CheckBitSet(x,FILE_ATTRIBUTE_DIRECTORY)
 #define IsHiddenSystem(x) (CheckBitSet(x,FILE_ATTRIBUTE_HIDDEN) && CheckBitSet(x,FILE_ATTRIBUTE_SYSTEM))
 #define IsReparsePoint(x) (CheckBitSet(x,FILE_ATTRIBUTE_REPARSE_POINT))

OperationHelp.cpp

@@ -38,17 +38,25 @@ Global Options affect the entire command regardless of where they appear in the
 passed command line.  It is recommended to include them at the very beginning
 or end of your command as to not confuse them with ordered parameters.
 
-/Path
+/Path <Path>
    Specifies the file or directory to process.  If a directory, the directory
    is processed recursively; all operations specified affect the directory 
    and all files and folders under the directory (unless otherwise specified).
-   This parameter is mandatory.
+   This parameter is mandatory.  This command can be specified multiple times.
+
+/SharePaths <ComputerName>[:AdminOnly|IncludeHidden]
+   Specifies a server that has one or more shares to process.  This command is
+   equivalent to specifying /Path for every share on a particular file server.
+   By default, only non-administrative and non-hidden shares are scanned.
+   To only scan administrative shares (e.g. C$), append :AdminOnly to the 
+   computer name.  To include hidden, non-administrative shares, append 
+   :IncludeHidden to the computer name.
 
 /Quiet
    Hides all non-error output. This option will greatly enhance performance if
    a large number of changes are being processed.  Alternatively, it is 
    advisable to redirect console output to a file (using the > redirector) if 
-  /Quiet cannot be specified.
+   /Quiet cannot be specified.
 
 /Threads <NumberOfThreads>
    Specifies the number of threads to use while processing.  The default value
@@ -167,22 +175,22 @@ Commands That Can Alter Security (When /WhatIf Is Not Present)
    An optional qualifier after regular expression can be specified after the
    regular expression to refine what part of the security descriptor to scan.
    See Other Notes & Limitations section for more information.
+)";
 
+std::wcout <<
+LR"(
 /SetOwner <Name|Sid>
    Will set the owner of the file to the name specified.
 
 /UpdateHistoricalSids
    Will convert any instances of old SIDs present in the security descriptor
    to there to active SID currently associated with the account.  This is
    especially useful after a domain migration and prior to removing
-   excess SID history on accounts.  
-)";
+   excess SID history on accounts. 
 
-std::wcout <<
-LR"(
 Exclusive Options
 =================
-/Help or /? or /H
+/Help or /? or /H 
    Shows this information.
 
 /ResetChildren

OperationPath.cpp

@@ -10,13 +10,6 @@ OperationPath::OperationPath(std::queue<std::wstring> & oArgList) : Operation(oA
 	// exit if there are not enough arguments to part
 	std::vector<std::wstring> sSubArgs = ProcessAndCheckArgs(1, oArgList, L"\\0");
 
-	// verify this parameter has only be specified once
-	if (InputOutput::BasePath().size() > 0)
-	{
-		wprintf(L"%s\n", L"ERROR: Path can only be specified once.");
-		exit(-1);
-	}
-
 	// store off the argument
-	InputOutput::BasePath() = sSubArgs[0];
+	InputOutput::ScanPaths().push_back(sSubArgs[0]);
 };

OperationSharePaths.cpp

@@ -0,0 +1,80 @@
+#include <windows.h>
+#include <lmshare.h>
+#include <lmapibuf.h>
+
+#pragma comment(lib, "netapi32.lib")
+
+#include "OperationSharePaths.h"
+#include "InputOutput.h"
+
+ClassFactory<OperationSharePaths> * OperationSharePaths::RegisteredFactory =
+	new ClassFactory<OperationSharePaths>(GetCommand());
+
+OperationSharePaths::OperationSharePaths(std::queue<std::wstring> & oArgList) : Operation(oArgList)
+{
+	// exit if there are not enough arguments to part
+	std::vector<std::wstring> sSubArgs = ProcessAndCheckArgs(1, oArgList);
+
+	// if extra arguments are specified, parse them
+	bool bAdminOnly = false;
+	bool bHiddenIncluded = false;
+	if (sSubArgs.size() == 2)
+	{
+		if (_wcsicmp(sSubArgs[1].c_str(), L"INCLUDEHIDDEN") == 0)
+		{
+			bHiddenIncluded = true;
+		}
+		else if (_wcsicmp(sSubArgs[1].c_str(), L"ADMINONLY") == 0)
+		{
+			bAdminOnly = true;
+		}
+		else
+		{
+			wprintf(L"ERROR: Unrecognized parameter '%s' for command '%s'\n", sSubArgs[1].c_str(), sSubArgs[0].c_str());
+			exit(-1);
+		}
+	}
+
+	DWORD hResumeHandle = NULL;
+	DWORD iReturn = 0;
+	do
+	{
+		SHARE_INFO_502 * tInfo;
+		DWORD iEntries = 0;
+		DWORD iTotalEntries = 0;
+
+		// enumerate file share
+		iReturn = NetShareEnum((LPWSTR)sSubArgs[0].c_str(), 502, (LPBYTE*)&tInfo,
+			MAX_PREFERRED_LENGTH, &iEntries, &iTotalEntries, &hResumeHandle);
+
+		// check for unknown error
+		if (iReturn != ERROR_SUCCESS && iReturn != ERROR_MORE_DATA)
+		{
+			wprintf(L"ERROR: Could not enumerate shares on '%s'\n", sSubArgs[0].c_str());
+			exit(-1);
+		}
+
+		// process entries
+		for (DWORD iEntry = 0; iEntry < iEntries; iEntry++)
+		{
+			// skip non-disk shares (e.g, printers)
+			if ((tInfo[iEntry].shi502_type & STYPE_MASK) != STYPE_DISKTREE) continue;
+
+			// skip administrative share unless admin command was specified
+			if (bAdminOnly && !CheckBitSet(tInfo[iEntry].shi502_type, STYPE_SPECIAL) ||
+				!bAdminOnly && CheckBitSet(tInfo[iEntry].shi502_type, STYPE_SPECIAL)) continue;
+
+			// skip hidden shares unless hidden command was specified
+			WCHAR * cEnd = (wcsrchr(tInfo[iEntry].shi502_netname, '$'));
+			if (!bAdminOnly && !bHiddenIncluded && (cEnd != NULL && *(cEnd + 1) == '\0')) continue;
+
+			// add path to the share list
+			InputOutput::ScanPaths().push_back(
+				L"\\\\" + sSubArgs[0] + L"\\" + tInfo[iEntry].shi502_netname);
+		}
+
+		// cleanup
+		NetApiBufferFree(tInfo);
+	} 
+	while (iReturn == ERROR_MORE_DATA);
+};

OperationSharePaths.h

@@ -0,0 +1,17 @@
+#pragma once
+
+#include "Operation.h"
+
+class OperationSharePaths : public Operation
+{
+private:
+
+	// statics used by command registration utility
+	static std::wstring GetCommand() { return L"SharePaths"; }
+	static ClassFactory<OperationSharePaths> * RegisteredFactory;
+
+public:
+
+	// constructors
+	OperationSharePaths(std::queue<std::wstring> & oArgList);
+};

Version.h

@@ -1,3 +1,3 @@
 #pragma once
 
-#define VERSION_STRING "1.5.0.0"
+#define VERSION_STRING "1.6.0.0"

repacls.vcxproj

@@ -128,7 +128,7 @@
   </ItemDefinitionGroup>
   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
     <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
+      <WarningLevel>Level4</WarningLevel>
       <PrecompiledHeader>
       </PrecompiledHeader>
       <Optimization>MaxSpeed</Optimization>
@@ -138,6 +138,7 @@
       <InlineFunctionExpansion>AnySuitable</InlineFunctionExpansion>
       <FavorSizeOrSpeed>Speed</FavorSizeOrSpeed>
       <RuntimeLibrary>MultiThreaded</RuntimeLibrary>
+      <DisableSpecificWarnings>4100</DisableSpecificWarnings>
     </ClCompile>
     <Link>
       <SubSystem>Console</SubSystem>
@@ -197,6 +198,7 @@
     <ClCompile Include="OperationReport.cpp" />
     <ClCompile Include="OperationResetChildren.cpp" />
     <ClCompile Include="OperationSetOwner.cpp" />
+    <ClCompile Include="OperationSharePaths.cpp" />
     <ClCompile Include="OperationSidHistory.cpp" />
     <ClCompile Include="OperationThreads.cpp" />
     <ClCompile Include="OperationWhatIf.cpp" />
@@ -206,6 +208,7 @@
     <ClInclude Include="DriverKitPartial.h" />
     <ClInclude Include="Functions.h" />
     <ClInclude Include="InputOutput.h" />
+    <ClInclude Include="OperationSharePaths.h" />
     <ClInclude Include="OperationAddAccountIfMissing.h" />
     <ClInclude Include="OperationCheckCanonical.h" />
     <ClInclude Include="OperationCompact.h" />

repacls.vcxproj.filters

@@ -82,6 +82,9 @@
     <ClCompile Include="OperationReport.cpp">
       <Filter>Source\Operations</Filter>
     </ClCompile>
+    <ClCompile Include="OperationSharePaths.cpp">
+      <Filter>Source\Operations</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <ClInclude Include="ConcurrentQueue.h">
@@ -180,6 +183,9 @@
     <ClInclude Include="Version.h">
       <Filter>Includes</Filter>
     </ClInclude>
+    <ClInclude Include="OperationSharePaths.h">
+      <Filter>Includes\Operations</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <Filter Include="Includes">