Problem taking ownership of folder...

delphi package - easy access to security apis

Problem taking ownership of folder...

Postby badhabit » Mon Jun 05, 2006 10:15 am

Hi,

I'm trying to take ownership of a directory, but i'm getting Access denied even though i'm administrator of the system...?

I'm executing the following code:
Code: Select all
var
  ISecObj: ISecurityObject;
  DirPath: string;
begin
  DirPath:='C:\SomeDir\';
  ISecObj:=FileSecurity(DirPath);
  ISecObj.Owner := CurrentUser;
  ShowMessage(ISecObj.LastErrorStr);
end;


If i browse to C:\ and open the security settings for the directory "somedir" i can take ownership of the folder. But the above codes fails with access denied....any clues?

Thanks for some great components!

Best Regards
Thomas Eg Jørgensen
Denmark
badhabit
 
Posts: 3
Joined: Mon Jun 05, 2006 10:09 am
Location: Aalborg, Denmark

Postby madshi » Tue Jun 06, 2006 4:05 pm

Try running the following code before you execute the madSecurity code. The code will simply enable all privileges your current user has. By default not all privileges are enabled, although you have them.

Code: Select all
procedure EnableAllPrivileges;
type TTokenPrivileges = record
       PrivilegeCount : dword;
       Privileges     : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
     end;
var c1, c2 : dword;
    i1     : integer;
    ptp    : ^TTokenPrivileges;
    backup, restore : int64;
begin
  if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
    try
      c2 := 0;
      GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
      if c2 <> 0 then begin
        ptp := pointer(LocalAlloc(LPTR, c2 * 2));
        if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
          // enabling backup/restore privileges breaks Explorer's Samba support
          if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeBackupPrivilege )), backup ) then backup  := 0;
          if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeRestorePrivilege)), restore) then restore := 0;
          for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
            if (ptp^.Privileges[i1].Luid <> backup ) and
               (ptp^.Privileges[i1].Luid <> restore) then
              ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
          AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
        end;
        LocalFree(dword(ptp));
      end;
    finally CloseHandle(c1) end;
end;
madshi
Site Admin
 
Posts: 9618
Joined: Sun Mar 21, 2004 5:25 pm

Postby badhabit » Wed Jun 07, 2006 7:25 am

Hi!

...and thanks...

But I can't figure out how to make my compiler accept "CSeBackupPrivilege" and "CSeRestorePrivilege"...? Are my uses clause incomplete or?

Thanks!

/Thomas
badhabit
 
Posts: 3
Joined: Mon Jun 05, 2006 10:09 am
Location: Aalborg, Denmark

Postby badhabit » Wed Jun 07, 2006 8:30 am

madshi wrote:Try running the following code before you execute the madSecurity code. The code will simply enable all privileges your current user has. By default not all privileges are enabled, although you have them.

Code: Select all
procedure EnableAllPrivileges;
type TTokenPrivileges = record
       PrivilegeCount : dword;
       Privileges     : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
     end;
var c1, c2 : dword;
    i1     : integer;
    ptp    : ^TTokenPrivileges;
    backup, restore : int64;
begin
  if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
    try
      c2 := 0;
      GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
      if c2 <> 0 then begin
        ptp := pointer(LocalAlloc(LPTR, c2 * 2));
        if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
          // enabling backup/restore privileges breaks Explorer's Samba support
          if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeBackupPrivilege )), backup ) then backup  := 0;
          if not LookupPrivilegeValue(nil, pchar(DecryptStr(CSeRestorePrivilege)), restore) then restore := 0;
          for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
            if (ptp^.Privileges[i1].Luid <> backup ) and
               (ptp^.Privileges[i1].Luid <> restore) then
              ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
          AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
        end;
        LocalFree(dword(ptp));
      end;
    finally CloseHandle(c1) end;
end;


If i change the code to the following where i removed the "DecryptStr()" and replaced the CSe* with a string of almost the same name(found the name in winnt.h)...:
Code: Select all
procedure EnableAllPrivileges;
type TTokenPrivileges = record
       PrivilegeCount : dword;
       Privileges     : array [0..maxInt shr 4 - 1] of TLUIDAndAttributes;
     end;
var c1, c2 : dword;
    i1     : integer;
    ptp    : ^TTokenPrivileges;
    backup, restore : int64;
begin
  if OpenProcessToken(windows.GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, c1) then
    try
      c2 := 0;
      GetTokenInformation(c1, TokenPrivileges, nil, 0, c2);
      if c2 <> 0 then begin
        ptp := pointer(LocalAlloc(LPTR, c2 * 2));
        if GetTokenInformation(c1, TokenPrivileges, ptp, c2 * 2, c2) then begin
          // enabling backup/restore privileges breaks Explorer's Samba support
          if not LookupPrivilegeValue(nil, pchar('SeBackupPrivilege'), backup ) then backup  := 0;
          if not LookupPrivilegeValue(nil, pchar('SeRestorePrivilege'), restore) then restore := 0;
          for i1 := 0 to integer(ptp^.PrivilegeCount) - 1 do
            if (ptp^.Privileges[i1].Luid <> backup ) and
               (ptp^.Privileges[i1].Luid <> restore) then
              ptp^.Privileges[i1].Attributes := ptp^.Privileges[i1].Attributes or SE_PRIVILEGE_ENABLED;
          AdjustTokenPrivileges(c1, false, PTokenPrivileges(ptp)^, c2, PTokenPrivileges(nil)^, cardinal(pointer(nil)^));
        end;
        LocalFree(dword(ptp));
      end;
    finally CloseHandle(c1) end;
end;


...it seems to be working!
badhabit
 
Posts: 3
Joined: Mon Jun 05, 2006 10:09 am
Location: Aalborg, Denmark

Postby madshi » Wed Jun 07, 2006 8:59 am

Ah sorry, I copied this code from my internal units and forgot to remove the DecryptStr stuff.
madshi
Site Admin
 
Posts: 9618
Joined: Sun Mar 21, 2004 5:25 pm

Postby Arksole Hoax » Wed Jun 07, 2006 9:59 am

@madshi

what is the purpose of encrypting the string?
does it get a false positive from av's or does it have its
own reason?
Arksole Hoax
 
Posts: 211
Joined: Sat May 08, 2004 11:41 am

Postby madshi » Wed Jun 07, 2006 10:15 am

It's meant to make strings invisible in a hex editor.
madshi
Site Admin
 
Posts: 9618
Joined: Sun Mar 21, 2004 5:25 pm


Return to madSecurity

Who is online

Users browsing this forum: No registered users and 1 guest