Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

124 lines
2.9 KiB

/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
rplsec.c
Abstract:
This module contains the remote boot service support routines
that create security objects and enforce security _access checking.
Author:
Vladimir Z. Vulovic (vladimv) 06 - November - 1992
Revision History:
06-Nov-1992 vladimv
Created
--*/
#include "local.h"
#include "apisec.h"
#include <netlibnt.h> // NetpNtStatusToApiStatus
#include <secobj.h> // ACE_DATA
//
// Structure that describes the mapping of Generic access rights to
// object specific access rights for the remote boot service security object.
//
GENERIC_MAPPING RG_SecurityMapping = {
STANDARD_RIGHTS_READ | // Generic read
RPL_RECORD_ENUM |
RPL_RECORD_GET_INFO,
STANDARD_RIGHTS_WRITE | // Generic write
RPL_RECORD_ADD |
RPL_RECORD_SET_INFO |
RPL_RECORD_DEL,
STANDARD_RIGHTS_EXECUTE, // Generic execute
RPL_RECORD_ALL_ACCESS | // Generic all
RPL_RECORD_CLONE
};
PSECURITY_DESCRIPTOR RG_SecurityDescriptor;
NET_API_STATUS RplCreateSecurityObject( VOID)
/*++
Routine Description:
This function creates the remote bootr user-mode configuration
information object which is represented by a security descriptors.
Arguments:
None.
Return Value:
NET_API_STATUS code
--*/
{
NTSTATUS status;
//
// Order matters! These ACEs are inserted into the DACL in the
// following order. Security access is granted or denied based on
// the order of the ACEs in the DACL.
//
// LocalGroupAdmins are fow now allowed to perform all remote boot
// Service operations. Everybody else is denied.
//
ACE_DATA aceData[] = {
{ACCESS_ALLOWED_ACE_TYPE, 0, 0, GENERIC_ALL, &AliasAdminsSid}
};
status = NetpCreateSecurityObject(
aceData, // pAceData
sizeof(aceData) / sizeof(aceData[0]), // countAceData
NULL, // OwnerSid
NULL, // PrimaryGroupSid
&RG_SecurityMapping, // GenericToSpecificMapping
&RG_SecurityDescriptor // ppNewDescriptor
);
if ( ! NT_SUCCESS (status)) {
RplDump( ++RG_Assert, ( "status = 0x%x", status));
return NetpNtStatusToApiStatus( status);
}
return( NO_ERROR);
}
DWORD RplDeleteSecurityObject( VOID)
/*++
Routine Description:
This function destroys the remote boot service user-mode configuration
information object which is represented by a security descriptors.
Arguments:
None.
Return Value:
NET_API_STATUS code
--*/
{
return( NetpDeleteSecurityObject( &RG_SecurityDescriptor));
}