-
-
Notifications
You must be signed in to change notification settings - Fork 16
/
OperationRemoveOrphan.cpp
60 lines (50 loc) · 2.04 KB
/
OperationRemoveOrphan.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#include "OperationRemoveOrphan.h"
#include "InputOutput.h"
#include "Helpers.h"
ClassFactory<OperationRemoveOrphan> OperationRemoveOrphan::RegisteredFactory(GetCommand());
OperationRemoveOrphan::OperationRemoveOrphan(std::queue<std::wstring> & oArgList, const std::wstring & sCommand) : Operation(oArgList)
{
// exit if there are not enough arguments to parse
const std::vector<std::wstring> sSubArgs = ProcessAndCheckArgs(1, oArgList);
// decode the passed parameter to an account name
tDomainSid = GetSidFromName(sSubArgs.at(0));
// see if names could be resolved
if (tDomainSid == nullptr)
{
// complain
wprintf(L"ERROR: Invalid domain '%s' specified for parameter '%s'.\n", sSubArgs.at(0).c_str(), GetCommand().c_str());
std::exit(0);
}
// do a reverse lookup of the name for reporting
sDomainName = GetDomainNameFromSid(tDomainSid);
// flag this as being an ace-level action
AppliesToDacl = true;
AppliesToSacl = true;
AppliesToGroup = true;
AppliesToOwner = true;
// target certain parts of the security descriptor
if (sSubArgs.size() > 1) ProcessGranularTargetting(sSubArgs.at(1));
}
SidActionResult OperationRemoveOrphan::DetermineSid(const WCHAR * const sSdPart, ObjectEntry & tObjectEntry, PSID const tCurrentSid, PSID & tResultantSid)
{
// only bother doing a domain check if a domain was specified
if (tDomainSid != nullptr)
{
// see if this sid in the source domain
BOOL bDomainSidsEqual = FALSE;
if (EqualDomainSid(tCurrentSid, tDomainSid, &bDomainSidsEqual) == 0 ||
bDomainSidsEqual == FALSE)
{
// no match - cease processing this instruction
return SidActionResult::Nothing;
}
}
// see if the sid is unresolvable; if it is then this is not an orphan
bool bIsOrphan = false;
const std::wstring sSid = GetNameFromSidEx(tCurrentSid, &bIsOrphan);
if (!bIsOrphan) return SidActionResult::Nothing;
// update the sid in the ace
InputOutput::AddInfo(L"Removing orphan of security identifier '" + sSid + L"' from domain '" + sDomainName + L"'", sSdPart);
tResultantSid = nullptr;
return SidActionResult::Remove;
}