archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/busdrv/acpi/acpienab/idchange.c

387 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // Copied from \nt\private\net\config\upgrade\netupgrd
  2. // August 98 -- t-sdey
  4. #pragma hdrstop
  5. #include <winnt32.h>
  6. #include "idchange.h"
  10. DWORD
  11. DwRegKeySetAdministratorSecurity(HKEY hkey, DWORD samDesired,
  12. PSECURITY_DESCRIPTOR* ppsdOld);
  14. DWORD
  15. DwRegCreateOrOpenKeyExWithAdminAccess(HKEY hkey, LPCTSTR szSubKey,
  16. DWORD samDesired,
  17. BOOL fCreate, HKEY* phkeySubKey,
  18. PSECURITY_DESCRIPTOR* ppsd);
  20. DWORD
  21. DwRegOpenKeyExWithAdminAccess(HKEY hkey, LPCTSTR szSubKey, DWORD samDesired,
  22. HKEY* phkeySubKey, PSECURITY_DESCRIPTOR* ppsd)
  23. {
  24. return DwRegCreateOrOpenKeyExWithAdminAccess(hkey, szSubKey, samDesired,
  25. FALSE, phkeySubKey, ppsd);
  26. }
  29. //+--------------------------------------------------------------------------
  30. //
  31. // Function: DwRegCreateOrOpenKeyExWithAdminAccess
  32. //
  33. // Purpose: Creates/Opens a subkey. If the key exists but the local
  34. // administrators group does not have samDesired access to
  35. // it, the function will add the access needed to the
  36. // security descriptor
  37. //
  38. // Arguments:
  39. // hkeyParent [in] The key to create the subkey in
  40. // szSubKey [in] The subkey name
  41. // samDesired [in] The desired access for phkey
  42. // fCreate [in] TRUE if the key is to be created.
  43. // phSubkey [out] The handle to the subkey
  44. // ppsdOrig [out] The previous security settings of the key
  45. // if it already existed, optional
  46. //
  47. // Returns: DWORD. ERROR_SUCCESS or a failure code from winerror.h
  48. //
  49. // Author: billbe 15 Dec 1997
  50. //
  51. // Notes:
  52. //
  53. DWORD
  54. DwRegCreateOrOpenKeyExWithAdminAccess(HKEY hkey, LPCTSTR szSubKey,
  55. DWORD samDesired,
  56. BOOL fCreate, HKEY* phkeySubKey,
  57. PSECURITY_DESCRIPTOR* ppsd)
  58. {
  59. DWORD dwError = ERROR_SUCCESS;
  61. if (ppsd)
  62. {
  63. *ppsd = NULL;
  64. }
  66. // Create or open the key based on fCreate
  67. //
  68. if (fCreate)
  69. {
  70. dwError = RegCreateKeyEx(hkey, szSubKey, 0, NULL,
  71. REG_OPTION_NON_VOLATILE, samDesired, NULL, phkeySubKey,
  72. NULL);
  73. }
  74. else
  75. {
  76. dwError = RegOpenKeyEx(hkey, szSubKey, 0, samDesired,
  77. phkeySubKey);
  78. }
  80. // If access was denied we either tried to create or open a prexisting
  81. // key that we didn't have access to. We need to grant ourselves
  82. // permission.
  83. //
  84. if (ERROR_ACCESS_DENIED == dwError)
  85. {
  86. // open with access to read and set security
  87. dwError = RegOpenKeyEx(hkey, szSubKey, 0,
  88. WRITE_DAC | READ_CONTROL, phkeySubKey);
  90. if (ERROR_SUCCESS == dwError)
  91. {
  92. // Grant samDesired access to the local Administrators group
  93. dwError = DwRegKeySetAdministratorSecurity(*phkeySubKey, samDesired,
  94. ppsd);
  96. // Close and reopen the key with samDesired access
  97. RegCloseKey(*phkeySubKey);
  98. if (ERROR_SUCCESS == dwError)
  99. {
  100. dwError = RegOpenKeyEx(hkey, szSubKey, 0, samDesired,
  101. phkeySubKey);
  102. }
  103. }
  104. }
  106. return dwError;
  107. }
  110. //+--------------------------------------------------------------------------
  111. //
  112. // Function: DwAddToRegKeySecurityDescriptor
  113. //
  114. // Purpose: Adds access for a specified SID to a registry key
  115. //
  116. // Arguments:
  117. // hkey [in] The registry key that will receive the
  118. // modified security descriptor
  119. // psidGroup [in] The SID (in self-relative mode) that will be
  120. // granted access to the key
  121. // dwAccessMask [in] The access level to grant
  122. // ppsd [out] The previous security descriptor
  123. //
  124. // Returns: DWORD. ERROR_SUCCESS or a failure code from winerror.h
  125. //
  126. // Author: billbe 13 Dec 1997
  127. //
  128. // Notes: This function is based on AddToRegKeySD in the MSDN
  129. // article Windows NT Security by Christopher Nefcy
  130. //
  131. DWORD
  132. DwAddToRegKeySecurityDescriptor(HKEY hkey, PSID psidGroup,
  133. DWORD dwAccessMask,
  134. PSECURITY_DESCRIPTOR* ppsd)
  135. {
  136. PSECURITY_DESCRIPTOR psdAbsolute = NULL;
  137. PACL pdacl;
  138. DWORD cbSecurityDescriptor = 0;
  139. DWORD dwSecurityDescriptorRevision;
  140. DWORD cbDacl = 0;
  141. SECURITY_DESCRIPTOR_CONTROL sdc;
  142. PACL pdaclNew = NULL;
  143. DWORD cbAddDaclLength = 0;
  144. BOOL fAceFound = FALSE;
  145. BOOL fHasDacl = FALSE;
  146. BOOL fDaclDefaulted = FALSE;
  147. ACCESS_ALLOWED_ACE* pAce;
  148. DWORD i;
  149. BOOL fAceForGroupPresent = FALSE;
  150. DWORD dwMask;
  151. PSECURITY_DESCRIPTOR psdRelative = NULL;
  152. DWORD cbSize = 0;
  154. // Get the current security descriptor for hkey
  155. //
  156. DWORD dwError = RegGetKeySecurity(hkey, DACL_SECURITY_INFORMATION,
  157. psdRelative, &cbSize);
  159. if (ERROR_INSUFFICIENT_BUFFER == dwError)
  160. {
  161. psdRelative = malloc(cbSize);
  163. dwError = RegGetKeySecurity(hkey, DACL_SECURITY_INFORMATION,
  164. psdRelative, &cbSize);
  165. }
  167. // get security descriptor control from the security descriptor
  168. if (!GetSecurityDescriptorControl(psdRelative,
  169. (PSECURITY_DESCRIPTOR_CONTROL) &sdc,
  170. (LPDWORD) &dwSecurityDescriptorRevision))
  171. {
  172. return (GetLastError());
  173. }
  175. // check if DACL is present
  176. if (SE_DACL_PRESENT & sdc)
  177. {
  178. // get dacl
  179. if (!GetSecurityDescriptorDacl(psdRelative, (LPBOOL) &fHasDacl,
  180. (PACL *) &pdacl, (LPBOOL) &fDaclDefaulted))
  181. {
  182. return ( GetLastError());
  183. }
  184. // get dacl length
  185. cbDacl = pdacl->AclSize;
  186. // now check if SID's ACE is there
  187. for (i = 0; i < pdacl->AceCount; i++)
  188. {
  189. if (!GetAce(pdacl, i, (LPVOID *) &pAce))
  190. {
  191. return ( GetLastError());
  192. }
  193. // check if group sid is already there
  194. if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
  195. {
  196. // If the correct access is present, return success
  197. if ((pAce->Mask & dwAccessMask) == dwAccessMask)
  198. {
  199. return ERROR_SUCCESS;
  200. }
  201. fAceForGroupPresent = TRUE;
  202. break;
  203. }
  204. }
  205. // if the group did not exist, we will need to add room
  206. // for another ACE
  207. if (!fAceForGroupPresent)
  208. {
  209. // get length of new DACL
  210. cbAddDaclLength = sizeof(ACCESS_ALLOWED_ACE) -
  211. sizeof(DWORD) + GetLengthSid(psidGroup);
  212. }
  213. }
  214. else
  215. {
  216. // get length of new DACL
  217. cbAddDaclLength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) -
  218. sizeof(DWORD) + GetLengthSid (psidGroup);
  219. }
  222. // get memory needed for new DACL
  223. pdaclNew = (PACL) malloc (cbDacl + cbAddDaclLength);
  224. if (!pdaclNew)
  225. {
  226. return (GetLastError());
  227. }
  229. // get the sd length
  230. cbSecurityDescriptor = GetSecurityDescriptorLength(psdRelative);
  232. // get memory for new SD
  233. psdAbsolute = (PSECURITY_DESCRIPTOR)
  234. malloc(cbSecurityDescriptor + cbAddDaclLength);
  235. if (!psdAbsolute)
  236. {
  237. dwError = GetLastError();
  238. goto ErrorExit;
  239. }
  241. // change self-relative SD to absolute by making new SD
  242. if (!InitializeSecurityDescriptor(psdAbsolute,
  243. SECURITY_DESCRIPTOR_REVISION))
  244. {
  245. dwError = GetLastError();
  246. goto ErrorExit;
  247. }
  249. // init new DACL
  250. if (!InitializeAcl(pdaclNew, cbDacl + cbAddDaclLength,
  251. ACL_REVISION))
  252. {
  253. dwError = GetLastError();
  254. goto ErrorExit;
  255. }
  257. // now add in all of the ACEs into the new DACL (if org DACL is there)
  258. if (SE_DACL_PRESENT & sdc)
  259. {
  260. for (i = 0; i < pdacl->AceCount; i++)
  261. {
  262. // get ace from original dacl
  263. if (!GetAce(pdacl, i, (LPVOID*) &pAce))
  264. {
  265. dwError = GetLastError();
  266. goto ErrorExit;
  267. }
  269. // If an ACE for our SID exists, we just need to bump
  270. // up the access level instead of creating a new ACE
  271. //
  272. if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
  273. dwMask = dwAccessMask | pAce->Mask;
  274. else
  275. dwMask = pAce->Mask;
  277. // now add ace to new dacl
  278. if (!AddAccessAllowedAce(pdaclNew,
  279. ACL_REVISION, dwMask,
  280. (PSID) &(pAce->SidStart)))
  281. {
  282. dwError = GetLastError();
  283. goto ErrorExit;
  284. }
  285. }
  286. }
  288. // Add a new ACE for our SID if one was not already present
  289. if (!fAceForGroupPresent)
  290. {
  291. // now add new ACE to new DACL
  292. if (!AddAccessAllowedAce(pdaclNew, ACL_REVISION, dwAccessMask,
  293. psidGroup))
  294. {
  295. dwError = GetLastError();
  296. goto ErrorExit;
  297. }
  298. }
  300. // check if everything went ok
  301. if (!IsValidAcl(pdaclNew))
  302. {
  303. dwError = GetLastError();
  304. goto ErrorExit;
  305. }
  307. // now set security descriptor DACL
  308. if (!SetSecurityDescriptorDacl(psdAbsolute, TRUE, pdaclNew,
  309. fDaclDefaulted))
  310. {
  311. dwError = GetLastError();
  312. goto ErrorExit;
  313. }
  315. // check if everything went ok
  316. if (!IsValidSecurityDescriptor(psdAbsolute))
  317. {
  318. dwError = GetLastError();
  319. goto ErrorExit;
  320. }
  322. // now set the reg key security (this will overwrite any
  323. // existing security)
  324. dwError = RegSetKeySecurity(hkey,
  325. (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION), psdAbsolute);
  327. if (ppsd)
  328. {
  329. *ppsd = psdRelative;
  330. }
  331. ErrorExit:
  332. // free memory
  333. if (psdAbsolute)
  334. {
  335. free (psdAbsolute);
  336. if (pdaclNew)
  337. {
  338. free((VOID*) pdaclNew);
  339. }
  340. }
  342. return dwError;
  343. }
  345. //+--------------------------------------------------------------------------
  346. //
  347. // Function: DwRegKeySetAdministratorSecurity
  348. //
  349. // Purpose: Grants the local Administrators group full access to
  350. // hkey.
  351. //
  352. // Arguments:
  353. // hkey [in] The registry key
  354. // ppsdOld [out] The previous security descriptor for hkey
  355. //
  356. // Returns: DWORD. ERROR_SUCCESS or a failure code from winerror.h
  357. //
  358. // Author: billbe 13 Dec 1997
  359. //
  360. // Notes:
  361. //
  362. DWORD
  363. DwRegKeySetAdministratorSecurity(HKEY hkey, DWORD samDesired,
  364. PSECURITY_DESCRIPTOR* ppsdOld)
  365. {
  366. PSID psid;
  367. SID_IDENTIFIER_AUTHORITY sidAuth = SECURITY_NT_AUTHORITY;
  368. DWORD dwError = ERROR_SUCCESS;
  370. // Get sid for the local Administrators group
  371. if (!AllocateAndInitializeSid(&sidAuth, 2,
  372. SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
  373. 0, 0, 0, 0, 0, 0, &psid) )
  374. {
  375. dwError = GetLastError();
  376. }
  378. if (ERROR_SUCCESS == dwError)
  379. {
  380. // Add all access privileges for the local administrators group
  381. dwError = DwAddToRegKeySecurityDescriptor(hkey, psid,
  382. samDesired, ppsdOld);
  383. }
  385. return dwError;
  386. }