[pso] pso Digest, Vol 37, Issue 15
Bercea Gabriel
gamitech at gmail.com
Wed Mar 25 09:37:21 EET 2009
http://cs.pub.ro/~pso/index.php?section=Laboratoare&file=FAQ#Teme
> Teme
>Am probleme la testarea temei 1 de Windows. Care este problema?
>Din motive inca neelucidate ...
>
E pe bune asta, sau nu, nu inteleg, daca sa raspund sau nu :) Cum adica
"motive inca neelucidate". Parca functia ar fi cazuta din luna :))
Imi pare rau, nu m-am apucat de tema 1, dar acum am citit acest post si am
vazut ca functia " UserAdmin()" ar trebui sa returneze true sau false daca
threadul current poate incarca sau nu un driver :) facand un check agains
ACLul si securitatea implementata pe threadul current implicit pe tokenul de
securitate.
Pai nu o sa returneze niciodata ce trebuie la felul cum e implementata, si
motivele neelucidate sunt urmatoarele: security tokens. By default nu sunt
setate (adjustate) pentru un process/thread ca sa raspunda dpdv al flagului
interogat cu true, indifferent daca procesul are context de administrator
sau nu. Privilegiul trebuie sa fie "enabled" prima data si apoi facuta
verificarea cu functia SeSinglePrivilegeCheck. Aceasta verifica daca
privilegiul exista acolo si a fost setat in token. Amandoua conditiile
trebuiesc indeplinite. Pentru o implementare usoara, cum s-a vrut se pare,
se poate folosi functia " SeTokenIsAdmin" insa cel mai recomandat pentru ca
verifica privilegiile dorite pentru un process thread este sa se lucreze cu
ACL uri si descriptori associate lor, pentru implementare custom de
securitate.
Revenind la misterul vietii din spatele functiei " UserAdmin" :)
implementarea corecta ar fi urmatoarea:
Toate functiile d mai jos, trebuiesc apelate la PASSIVE_LEVEL.
static NTSTATUS AdjustPrivilege(ULONG Privilege, BOOLEAN Enable)
{
NTSTATUS status;
TOKEN_PRIVILEGES privSet;
HANDLE tokenHandle;
TOKEN_PRIVILEGES tokenPriv;
status = ZwOpenProcessToken(NtCurrentProcess(),
TOKEN_ALL_ACCESS,
&tokenHandle);
if (!NT_SUCCESS(status)) {
DbgPrint("NtOpenProcessToken failed, status 0x%x\n", status);
return status;
}
privSet.PrivilegeCount = 1;
privSet.Privileges[0].Luid = RtlConvertUlongToLuid(Privilege); //
SE_LOAD_DRIVER_PRIVILEGE
if (Enable) {
privSet.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; //trebuie
pus p enable
} else {
privSet.Privileges[0].Attributes = 0;
}
status = ZwAdjustPrivilegesToken(tokenHandle,
FALSE, // don't disable all privileges
&privSet,
sizeof(privSet),
NULL, // old privileges - don't care
NULL); // returned length
if (!NT_SUCCESS(status)) {
DbgPrint("ZwAdjustPrivilegesToken failed, status 0x%x\n", status);
}
// Close the process token handle
(void) ZwClose(tokenHandle);
return status;
}
Dupa care se poate apela SeSinglePrivilegeCheck. Ma rog nici asta nu este
neeaparat o implementare corecta in a detecta daca utilizatorul este unul
din administratori, pentru ca se pot pune politici si ca userii normali sa
incarce drivere.
Nu am experienta mare cu implementarea de security pe windows, asa ca ce am
scris mai sus poate sa nu fie 100% correct, take it as it is.
Bottom line, nu vreau sa par "a buggy" , stiu ca windows nu e open-source :)
dar nu am putut sa ma plang vreodata de documentatie. Nu inteleg inca
neinteresul in facultate pentru programarea windows, sau superficialitatea
abordarii.
Cu respect,
Bercea Gabriel 342 C2
Mobile contact: (+40)0740049634
eMail: gamitech at gmail.com
-----Original Message-----
From: pso-bounces at cursuri.cs.pub.ro [mailto:pso-bounces at cursuri.cs.pub.ro]
On Behalf Of pso-request at cursuri.cs.pub.ro
Sent: Monday, March 23, 2009 1:03 AM
To: pso at cursuri.cs.pub.ro
Subject: pso Digest, Vol 37, Issue 15
Send pso mailing list submissions to
pso at cursuri.cs.pub.ro
To subscribe or unsubscribe via the World Wide Web, visit
http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
or, via email, send a message with subject or body 'help' to
pso-request at cursuri.cs.pub.ro
You can reach the person managing the list at
pso-owner at cursuri.cs.pub.ro
When replying, please edit your Subject line so it is more specific
than "Re: Contents of pso digest..."
Today's Topics:
1. Re: Mapa de prezentare a cursului de SO2 (Octavian Purdila)
2. Site picat (Aurelian Bogdan)
3. probleme site (Eduard-Marius Dragomir)
4. fisiere masini virtuale (Vlad Albulescu)
5. Site picat (Aurelian Bogdan)
6. [Tema1 Windows] Probleme (Flavius Manea)
7. Re: probleme site (Cristian Sandescu)
8. Re: Site picat (Razvan Deaconescu)
9. Re: Site picat (Razvan Deaconescu)
10. Re: [Tema1 Windows] Probleme (Razvan Deaconescu)
11. Sistem nou pentru cs.pub.ro (Razvan Deaconescu)
----------------------------------------------------------------------
Message: 1
Date: Fri, 20 Mar 2009 13:53:57 +0200
From: Octavian Purdila <opurdila at ixiacom.com>
Subject: Re: [pso] Mapa de prezentare a cursului de SO2
To: pso at cursuri.cs.pub.ro
Message-ID: <200903201353.57800.opurdila at ixiacom.com>
Content-Type: text/plain; charset="utf-8"
From: Bogdan Tenea <tenea.bogdan at gmail.com>
> Salut,
>
Salut Bogdan,
> Nice read :) Cateova osbervatii totusi:
>
>
Prezen?alacursnuesteobligatorie.Nebaz?mpediscern?m?ntulstuden?ilordelaspeci
>alizareaC3s??n?eleag?relevan?acursuluideSistemedeOperare2
>- prezenta la curs e cam obligatorie cu noua regula :)
Nu e obligatorie, cel putin anul asta :) : aveti de ales intre a da testele
la
curs sau a da "examenul" in ultima saptamana de scoala. Puteti sa incercati
ambele variante, se pastreaza nota cea mai mare.
tavi
------------------------------
Message: 2
Date: Sat, 21 Mar 2009 09:30:39 -0800
From: Aurelian Bogdan <aurelian.bogdan at gmail.com>
Subject: [pso] Site picat
To: pso at cursuri.cs.pub.ro, pso at cs.pub.ro
Message-ID:
<8db8c0c50903211030k1eeb0366i8a890836702ff009 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Salut!
Cat va mai dura situatia in care este site-ul? Zice ceva ca nu merg niste
php-uri!
Nu merge astfel nici upload-ul de teme :(
Multumesc,
Bogdan Aurelian
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090321/3a466d3a/attach
ment.htm>
------------------------------
Message: 3
Date: Sat, 21 Mar 2009 07:15:16 -0700 (PDT)
From: Eduard-Marius Dragomir <eduard.dragomir at yahoo.com>
Subject: [pso] probleme site
To: pso at cursuri.cs.pub.ro
Message-ID: <412028.99840.qm at web62103.mail.re1.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
Sal,Site-ul are niste probleme si nu ma pot loga. Imi puteti spune ce parole
sunt la masinile virtuale pentru teme?Eduard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090321/279014e2/attach
ment-0001.htm>
------------------------------
Message: 4
Date: Sat, 21 Mar 2009 01:45:27 -0700 (PDT)
From: Vlad Albulescu <mrkane27 at yahoo.com>
Subject: [pso] fisiere masini virtuale
To: pso at cursuri.cs.pub.ro
Message-ID: <209691.87532.qm at web58508.mail.re3.yahoo.com>
Content-Type: text/plain; charset="us-ascii"
poate cineva sa-mi ofere sumele md5 de la cele mai recente arhive?
not sure yet daca le am pe cele bune.
multumesc,
vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090321/a78ebdd2/attach
ment.htm>
------------------------------
Message: 5
Date: Sat, 21 Mar 2009 09:30:39 -0800
From: Aurelian Bogdan <aurelian.bogdan at gmail.com>
Subject: [pso] Site picat
To: pso at cursuri.cs.pub.ro, pso at cs.pub.ro
Message-ID:
<8db8c0c50903211030k1eeb0366i8a890836702ff009 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Salut!
Cat va mai dura situatia in care este site-ul? Zice ceva ca nu merg niste
php-uri!
Nu merge astfel nici upload-ul de teme :(
Multumesc,
Bogdan Aurelian
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090321/3a466d3a/attach
ment-0001.htm>
------------------------------
Message: 6
Date: Sun, 22 Mar 2009 13:18:11 +0200
From: Flavius Manea <maneaflavius at gmail.com>
Subject: [pso] [Tema1 Windows] Probleme
To: pso at cursuri.cs.pub.ro
Message-ID:
<9d6651a70903220418y662dab3du6a4e225b6a17b140 at mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
1. Functia UserAdmin() din Sci_win.h intoarce intotdeauna FALSE. Am vazut ca
si anii trecuti a fost aceasta
problema si rezolvarea era executarea testului prin SSH, dar nu apare o
astfel de indicatie in enunt...
Din aceasta cauza nu pot sa rulez toate testele.
2. La compilare apare un warning tot din Sci_win.h:
warning C4273: 'ZwOpenProcess' : inconsistent
dll linkage
c:\winddk\6001.18002\inc\ddk\ntddk.h(11259) : see previous
definition of
'ZwOpenProcess'
Difera signatura functie ZwOpenProcess fata de nttddk.h. Schimb sau las asa
si nu se depuncteaza?
Multumesc,
Flavius
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090322/2c5dad6e/attach
ment.htm>
------------------------------
Message: 7
Date: Sun, 22 Mar 2009 11:43:39 +0200
From: "Cristian Sandescu" <cristi at 1p.ro>
Subject: Re: [pso] probleme site
To: <eduard.dragomir at yahoo.com>, "'Proiectarea Sistemelor de
Operare'"
<pso at cursuri.cs.pub.ro>
Message-ID: <003a01c9aad2$ae81dc50$0b8594f0$@ro>
Content-Type: text/plain; charset="us-ascii"
Din cate stiu eu parolele sunt so (linux: root/so, windows:
Administrator/so, so/so)
Toate bune,
Cristi
From: pso-bounces at cursuri.cs.pub.ro [mailto:pso-bounces at cursuri.cs.pub.ro]
On Behalf Of Eduard-Marius Dragomir
Sent: Saturday, March 21, 2009 4:15 PM
To: pso at cursuri.cs.pub.ro
Subject: [pso] probleme site
Sal,
Site-ul are niste probleme si nu ma pot loga. Imi puteti spune ce parole
sunt la masinile virtuale pentru teme?
Eduard.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://cursuri.cs.pub.ro/pipermail/pso/attachments/20090322/6eeaf538/attach
ment.htm>
------------------------------
Message: 8
Date: Sun, 22 Mar 2009 16:14:13 +0200
From: Razvan Deaconescu <razvan.deaconescu at cs.pub.ro>
Subject: Re: [pso] Site picat
To: Proiectarea Sistemelor de Operare <pso at cursuri.cs.pub.ro>
Cc: pso at cs.pub.ro
Message-ID: <1237731253.8268.6.camel at valhalla.cs.pub.ro>
Content-Type: text/plain
On Sat, 2009-03-21 at 09:30 -0800, Aurelian Bogdan wrote:
> Salut!
>
> Cat va mai dura situatia in care este site-ul? Zice ceva ca nu merg
> niste php-uri!
E rezolvata.
> Nu merge astfel nici upload-ul de teme :(
Se va rezolva saptamana viitoare. Va vom anunta pe lista.
Razvan
------------------------------
Message: 9
Date: Sun, 22 Mar 2009 16:14:13 +0200
From: Razvan Deaconescu <razvan.deaconescu at cs.pub.ro>
Subject: Re: [pso] Site picat
To: Proiectarea Sistemelor de Operare <pso at cursuri.cs.pub.ro>
Cc: pso at cs.pub.ro
Message-ID: <1237731253.8268.6.camel at valhalla.cs.pub.ro>
Content-Type: text/plain
On Sat, 2009-03-21 at 09:30 -0800, Aurelian Bogdan wrote:
> Salut!
>
> Cat va mai dura situatia in care este site-ul? Zice ceva ca nu merg
> niste php-uri!
E rezolvata.
> Nu merge astfel nici upload-ul de teme :(
Se va rezolva saptamana viitoare. Va vom anunta pe lista.
Razvan
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
------------------------------
Message: 10
Date: Sun, 22 Mar 2009 16:16:03 +0200
From: Razvan Deaconescu <razvan.deaconescu at cs.pub.ro>
Subject: Re: [pso] [Tema1 Windows] Probleme
To: Proiectarea Sistemelor de Operare <pso at cursuri.cs.pub.ro>
Message-ID: <1237731363.8268.9.camel at valhalla.cs.pub.ro>
Content-Type: text/plain
On Sun, 2009-03-22 at 13:18 +0200, Flavius Manea wrote:
> 1. Functia UserAdmin() din Sci_win.h intoarce intotdeauna FALSE. Am
> vazut ca si anii trecuti a fost aceasta
> problema si rezolvarea era executarea testului prin SSH, dar nu apare
> o astfel de indicatie in enunt...
> Din aceasta cauza nu pot sa rulez toate testele.
http://cs.pub.ro/~pso/index.php?section=Laboratoare&file=FAQ#Teme
> 2. La compilare apare un warning tot din Sci_win.h:
>
> warning C4273: 'ZwOpenProcess' : inconsistent
> dll linkage
> c:\winddk\6001.18002\inc\ddk\ntddk.h(11259) : see previous
> definition of
> 'ZwOpenProcess'
>
> Difera signatura functie ZwOpenProcess fata de nttddk.h. Schimb sau
> las asa si nu se depuncteaza?
Nu se va depuncta.
Razvan
------------------------------
Message: 11
Date: Mon, 23 Mar 2009 01:03:27 +0200
From: Razvan Deaconescu <razvan.deaconescu at cs.pub.ro>
Subject: [pso] Sistem nou pentru cs.pub.ro
To: Sisteme de Operare <so at cursuri.cs.pub.ro>, Proiectarea Sistemelor
de Operare <pso at cursuri.cs.pub.ro>
Message-ID: <1237763007.4987.4.camel at valhalla.cs.pub.ro>
Content-Type: text/plain
Salut!
Ne cerem scuze pentru dificultatile intampinate de site-urile
http://cs.pub.ro/~so, respectiv http://cs.pub.ro/~pso . In ultimele
cateva ore a fost realizata migrarea pe un nou server (mult mai
perfomant). Problemele legate de disponibilitatea site-urilor vor fi
diminuate.
Razvan
------------------------------
_______________________________________________
pso mailing list
pso at cursuri.cs.pub.ro
http://cursuri.cs.pub.ro/cgi-bin/mailman/listinfo/pso
End of pso Digest, Vol 37, Issue 15
***********************************
More information about the pso
mailing list