archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/sdktools/regini/regacl.c

1094 lines
25 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. regacl.c
  9. Abstract:
  11. This provides routines to parse the ACE lists present in the regini
  12. text input files. It also provides routines to create the appropriate
  13. security descriptor from the list of ACEs.
  15. Author:
  17. John Vert (jvert) 15-Sep-1992
  19. Notes:
  21. This is based on the SETACL program used in SETUP, written by RobertRe
  23. Revision History:
  25. John Vert (jvert) 15-Sep-1992
  26. created
  28. Lonny McMichael (lonnym) 25-March-1999
  29. added new predefined ACEs (UserR and PowerR)
  31. --*/
  33. #include <nt.h>
  34. #include <ntrtl.h>
  35. #include <nturtl.h>
  36. #include <windows.h>
  37. #include <stdio.h>
  38. #include <wchar.h>
  40. #include <seopaque.h>
  41. #include <sertlp.h>
  44. //
  45. // Private function prototypes
  46. //
  47. BOOLEAN
  48. RegpInitializeACEs(
  49. VOID
  50. );
  52. //
  53. // Universal well-known SIDs
  54. //
  55. PSID SeNullSid;
  56. PSID SeWorldSid;
  57. PSID SeCreatorOwnerSid;
  58. PSID SeInteractiveUserSid;
  59. PSID SeTerminalUserSid;
  61. //
  62. // SIDs defined by NT
  63. //
  64. PSID SeNtAuthoritySid;
  65. PSID SeLocalSystemSid;
  66. PSID SeLocalAdminSid;
  67. PSID SeAliasAdminsSid;
  68. PSID SeAliasSystemOpsSid;
  69. PSID SeAliasPowerUsersSid;
  70. PSID SeAliasUsersSid;
  73. SID_IDENTIFIER_AUTHORITY SepNullSidAuthority = SECURITY_NULL_SID_AUTHORITY;
  74. SID_IDENTIFIER_AUTHORITY SepWorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
  75. SID_IDENTIFIER_AUTHORITY SepLocalSidAuthority = SECURITY_LOCAL_SID_AUTHORITY;
  76. SID_IDENTIFIER_AUTHORITY SepCreatorSidAuthority = SECURITY_CREATOR_SID_AUTHORITY;
  77. SID_IDENTIFIER_AUTHORITY SepNtAuthority = SECURITY_NT_AUTHORITY;
  79. //
  80. // SID of primary domain, and admin account in that domain.
  81. //
  82. PSID SepPrimaryDomainSid;
  83. PSID SepPrimaryDomainAdminSid;
  85. //
  86. // Number of ACEs currently defined
  87. //
  89. #define ACE_COUNT 32
  91. typedef struct _ACE_DATA {
  92. ACCESS_MASK AccessMask;
  93. PSID *Sid;
  94. UCHAR AceType;
  95. UCHAR AceFlags;
  96. } ACE_DATA, *PACE_DATA;
  98. //
  99. // Table describing the data to put into each ACE.
  100. //
  101. // This table is read during initialization and used to construct a
  102. // series of ACEs. The index of each ACE in the Aces array defined below
  103. // corresponds to the ordinals used in the input data file.
  104. //
  106. ACE_DATA AceDataTable[ACE_COUNT] = {
  108. {
  109. 0,
  110. NULL,
  111. 0,
  112. 0
  113. },
  115. //
  116. // ACE 1 - ADMIN Full
  117. //
  118. {
  119. KEY_ALL_ACCESS,
  120. &SeAliasAdminsSid,
  121. ACCESS_ALLOWED_ACE_TYPE,
  122. CONTAINER_INHERIT_ACE
  123. },
  125. //
  126. // ACE 2 - ADMIN Read
  127. //
  128. {
  129. KEY_READ,
  130. &SeAliasAdminsSid,
  131. ACCESS_ALLOWED_ACE_TYPE,
  132. CONTAINER_INHERIT_ACE
  133. },
  135. //
  136. // ACE 3 - ADMIN Read Write
  137. //
  138. {
  139. KEY_READ | KEY_WRITE,
  140. &SeAliasAdminsSid,
  141. ACCESS_ALLOWED_ACE_TYPE,
  142. CONTAINER_INHERIT_ACE
  143. },
  145. //
  146. // ACE 4 - ADMIN Read Write Delete
  147. //
  148. {
  149. KEY_READ | KEY_WRITE | DELETE,
  150. &SeAliasAdminsSid,
  151. ACCESS_ALLOWED_ACE_TYPE,
  152. CONTAINER_INHERIT_ACE
  153. },
  155. //
  156. // ACE 5 - Creator Full
  157. //
  158. {
  159. KEY_ALL_ACCESS,
  160. &SeCreatorOwnerSid,
  161. ACCESS_ALLOWED_ACE_TYPE,
  162. CONTAINER_INHERIT_ACE
  163. },
  165. //
  166. // ACE 6 - Creator Read Write
  167. //
  168. {
  169. KEY_READ | KEY_WRITE,
  170. &SeCreatorOwnerSid,
  171. ACCESS_ALLOWED_ACE_TYPE,
  172. CONTAINER_INHERIT_ACE
  173. },
  175. //
  176. // ACE 7 - World Full
  177. //
  178. {
  179. KEY_ALL_ACCESS,
  180. &SeWorldSid,
  181. ACCESS_ALLOWED_ACE_TYPE,
  182. CONTAINER_INHERIT_ACE
  183. },
  185. //
  186. // ACE 8 - World Read
  187. //
  188. {
  189. KEY_READ,
  190. &SeWorldSid,
  191. ACCESS_ALLOWED_ACE_TYPE,
  192. CONTAINER_INHERIT_ACE
  193. },
  195. //
  196. // ACE 9 - World Read Write
  197. //
  198. {
  199. KEY_READ | KEY_WRITE,
  200. &SeWorldSid,
  201. ACCESS_ALLOWED_ACE_TYPE,
  202. CONTAINER_INHERIT_ACE
  203. },
  205. //
  206. // ACE 10 - World Read Write Delete
  207. //
  208. {
  209. KEY_READ | KEY_WRITE | DELETE,
  210. &SeWorldSid,
  211. ACCESS_ALLOWED_ACE_TYPE,
  212. CONTAINER_INHERIT_ACE
  213. },
  215. //
  216. // ACE 11 - PowerUser Full
  217. //
  218. {
  219. KEY_ALL_ACCESS,
  220. &SeAliasPowerUsersSid,
  221. ACCESS_ALLOWED_ACE_TYPE,
  222. CONTAINER_INHERIT_ACE
  223. },
  225. //
  226. // ACE 12 - PowerUser Read Write
  227. //
  228. {
  229. KEY_READ | KEY_WRITE,
  230. &SeAliasPowerUsersSid,
  231. ACCESS_ALLOWED_ACE_TYPE,
  232. CONTAINER_INHERIT_ACE
  233. },
  235. //
  236. // ACE 13 - PowerUser Read Write Delete
  237. //
  238. {
  239. KEY_READ | KEY_WRITE | DELETE,
  240. &SeAliasPowerUsersSid,
  241. ACCESS_ALLOWED_ACE_TYPE,
  242. CONTAINER_INHERIT_ACE
  243. },
  245. //
  246. // ACE 14 - System Ops Full
  247. //
  248. {
  249. KEY_ALL_ACCESS,
  250. &SeAliasSystemOpsSid,
  251. ACCESS_ALLOWED_ACE_TYPE,
  252. CONTAINER_INHERIT_ACE
  253. },
  255. //
  256. // ACE 15 - System Ops Read Write
  257. //
  258. {
  259. KEY_READ | KEY_WRITE,
  260. &SeAliasSystemOpsSid,
  261. ACCESS_ALLOWED_ACE_TYPE,
  262. CONTAINER_INHERIT_ACE
  263. },
  265. //
  266. // ACE 16 - System Ops Read Write Delete
  267. //
  268. {
  269. KEY_READ | KEY_WRITE | DELETE,
  270. &SeAliasSystemOpsSid,
  271. ACCESS_ALLOWED_ACE_TYPE,
  272. CONTAINER_INHERIT_ACE
  273. },
  275. //
  276. // ACE 17 - System Full
  277. //
  278. {
  279. KEY_ALL_ACCESS,
  280. &SeLocalSystemSid,
  281. ACCESS_ALLOWED_ACE_TYPE,
  282. CONTAINER_INHERIT_ACE
  283. },
  285. //
  286. // ACE 18 - System Read Write
  287. //
  288. {
  289. KEY_READ | KEY_WRITE,
  290. &SeLocalSystemSid,
  291. ACCESS_ALLOWED_ACE_TYPE,
  292. CONTAINER_INHERIT_ACE
  293. },
  295. //
  296. // ACE 19 - System Read
  297. //
  298. {
  299. KEY_READ,
  300. &SeLocalSystemSid,
  301. ACCESS_ALLOWED_ACE_TYPE,
  302. CONTAINER_INHERIT_ACE
  303. },
  305. //
  306. // ACE 20 - ADMIN Read Write Execute
  307. //
  308. {
  309. KEY_READ | KEY_WRITE | KEY_EXECUTE,
  310. &SeAliasAdminsSid,
  311. ACCESS_ALLOWED_ACE_TYPE,
  312. CONTAINER_INHERIT_ACE
  313. },
  315. //
  316. // ACE 21 - Interactive User Full
  317. //
  318. {
  319. KEY_ALL_ACCESS,
  320. &SeInteractiveUserSid,
  321. ACCESS_ALLOWED_ACE_TYPE,
  322. CONTAINER_INHERIT_ACE
  323. },
  325. //
  326. // ACE 22 - Interactive User Read
  327. //
  328. {
  329. KEY_READ,
  330. &SeInteractiveUserSid,
  331. ACCESS_ALLOWED_ACE_TYPE,
  332. CONTAINER_INHERIT_ACE
  333. },
  335. //
  336. // ACE 23 - Interactive User Read Write
  337. //
  338. {
  339. KEY_READ | KEY_WRITE,
  340. &SeInteractiveUserSid,
  341. ACCESS_ALLOWED_ACE_TYPE,
  342. CONTAINER_INHERIT_ACE
  343. },
  345. //
  346. // ACE 24 - Interactive User Read Write Delete
  347. //
  348. {
  349. KEY_READ | KEY_WRITE | DELETE,
  350. &SeInteractiveUserSid,
  351. ACCESS_ALLOWED_ACE_TYPE,
  352. CONTAINER_INHERIT_ACE
  353. },
  355. //
  356. // ACE 25 - Normal Users Read / Write
  357. //
  358. {
  359. KEY_READ | KEY_WRITE,
  360. &SeAliasUsersSid,
  361. ACCESS_ALLOWED_ACE_TYPE,
  362. CONTAINER_INHERIT_ACE
  363. },
  365. //
  366. // ACE 26 - Terminal User Full
  367. //
  368. {
  369. KEY_ALL_ACCESS,
  370. &SeTerminalUserSid,
  371. ACCESS_ALLOWED_ACE_TYPE,
  372. CONTAINER_INHERIT_ACE
  373. },
  375. //
  376. // ACE 27 - Terminal User Read
  377. //
  378. {
  379. KEY_READ,
  380. &SeTerminalUserSid,
  381. ACCESS_ALLOWED_ACE_TYPE,
  382. CONTAINER_INHERIT_ACE
  383. },
  385. //
  386. // ACE 28 - Terminal User Read Write
  387. //
  388. {
  389. KEY_READ | KEY_WRITE,
  390. &SeTerminalUserSid,
  391. ACCESS_ALLOWED_ACE_TYPE,
  392. CONTAINER_INHERIT_ACE
  393. },
  395. //
  396. // ACE 29 - Terminal User Read Write Delete
  397. //
  398. {
  399. KEY_READ | KEY_WRITE | DELETE,
  400. &SeTerminalUserSid,
  401. ACCESS_ALLOWED_ACE_TYPE,
  402. CONTAINER_INHERIT_ACE
  403. },
  405. //
  406. // ACE 30 - Normal Users Read
  407. //
  408. {
  409. KEY_READ,
  410. &SeAliasUsersSid,
  411. ACCESS_ALLOWED_ACE_TYPE,
  412. CONTAINER_INHERIT_ACE
  413. },
  415. //
  416. // ACE 31 - PowerUser Read
  417. //
  418. {
  419. KEY_READ,
  420. &SeAliasPowerUsersSid,
  421. ACCESS_ALLOWED_ACE_TYPE,
  422. CONTAINER_INHERIT_ACE
  423. }
  425. };
  427. PKNOWN_ACE Aces[ACE_COUNT];
  429. BOOLEAN
  430. RegInitializeSecurity(
  431. VOID
  432. )
  434. /*++
  436. Routine Description:
  438. This routine initializes the defined ACEs. It must be called before any
  439. of the routines to create security descriptors
  441. Arguments:
  443. None.
  445. Return Value:
  447. TRUE - initialization successful
  448. FALSE - initialization failed
  450. --*/
  452. {
  453. NTSTATUS Status;
  455. SID_IDENTIFIER_AUTHORITY NullSidAuthority;
  456. SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
  457. SID_IDENTIFIER_AUTHORITY LocalSidAuthority;
  458. SID_IDENTIFIER_AUTHORITY CreatorSidAuthority;
  459. SID_IDENTIFIER_AUTHORITY SeNtAuthority;
  461. NullSidAuthority = SepNullSidAuthority;
  462. WorldSidAuthority = SepWorldSidAuthority;
  463. LocalSidAuthority = SepLocalSidAuthority;
  464. CreatorSidAuthority = SepCreatorSidAuthority;
  465. SeNtAuthority = SepNtAuthority;
  467. SeNullSid = (PSID)RtlAllocateHeap( RtlProcessHeap(), 0, RtlLengthRequiredSid(1) );
  468. SeWorldSid = (PSID)RtlAllocateHeap( RtlProcessHeap(), 0, RtlLengthRequiredSid(1) );
  469. SeCreatorOwnerSid = (PSID)RtlAllocateHeap( RtlProcessHeap(), 0, RtlLengthRequiredSid(1) );
  470. SeInteractiveUserSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  471. SeTerminalUserSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  473. //
  474. // Fail initialization if we didn't get enough memory for the universal
  475. // SIDs
  476. //
  477. if (SeNullSid==NULL ||
  478. SeWorldSid==NULL ||
  479. SeCreatorOwnerSid==NULL ||
  480. SeInteractiveUserSid == NULL ||
  481. SeTerminalUserSid == NULL
  482. ) {
  483. return FALSE;
  484. }
  486. Status = RtlInitializeSid(SeNullSid, &NullSidAuthority, 1);
  487. if (!NT_SUCCESS( Status )) {
  488. return FALSE;
  489. }
  491. Status = RtlInitializeSid(SeWorldSid, &WorldSidAuthority, 1);
  492. if (!NT_SUCCESS( Status )) {
  493. return FALSE;
  494. }
  496. Status = RtlInitializeSid(SeCreatorOwnerSid, &CreatorSidAuthority, 1);
  497. if (!NT_SUCCESS( Status )) {
  498. return FALSE;
  499. }
  501. Status = RtlInitializeSid( SeInteractiveUserSid, &SeNtAuthority, 1 );
  502. if (!NT_SUCCESS( Status )) {
  503. return FALSE;
  504. }
  506. Status = RtlInitializeSid( SeTerminalUserSid, &SeNtAuthority, 1 );
  507. if (!NT_SUCCESS( Status )) {
  508. return FALSE;
  509. }
  511. *(RtlSubAuthoritySid(SeNullSid, 0)) = SECURITY_NULL_RID;
  512. *(RtlSubAuthoritySid(SeWorldSid, 0)) = SECURITY_WORLD_RID;
  513. *(RtlSubAuthoritySid(SeCreatorOwnerSid, 0)) = SECURITY_CREATOR_OWNER_RID;
  514. *(RtlSubAuthoritySid(SeInteractiveUserSid, 0 )) = SECURITY_INTERACTIVE_RID;
  515. *(RtlSubAuthoritySid(SeTerminalUserSid, 0 )) = SECURITY_TERMINAL_SERVER_RID;
  517. //
  518. // Allocate and initialize the NT defined SIDs
  519. //
  520. SeNtAuthoritySid = (PSID)RtlAllocateHeap( RtlProcessHeap(), 0, RtlLengthRequiredSid(0) );
  521. SeLocalSystemSid = (PSID)RtlAllocateHeap( RtlProcessHeap(), 0, RtlLengthRequiredSid(1) );
  522. SeAliasAdminsSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  523. SeAliasSystemOpsSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  524. SeAliasPowerUsersSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  525. SeAliasUsersSid = (PSID)RtlAllocateHeap(RtlProcessHeap(), 0, RtlLengthRequiredSid(2) );
  527. //
  528. // fail initialization if we couldn't allocate memory for the NT SIDs
  529. //
  531. if (SeNtAuthoritySid == NULL ||
  532. SeLocalSystemSid == NULL ||
  533. SeAliasAdminsSid == NULL ||
  534. SeAliasPowerUsersSid == NULL ||
  535. SeAliasSystemOpsSid == NULL
  536. ) {
  537. return FALSE;
  538. }
  540. Status = RtlInitializeSid( SeNtAuthoritySid, &SeNtAuthority, 0 );
  541. if (!NT_SUCCESS( Status )) {
  542. return FALSE;
  543. }
  544. Status = RtlInitializeSid( SeLocalSystemSid, &SeNtAuthority, 1 );
  545. if (!NT_SUCCESS( Status )) {
  546. return FALSE;
  547. }
  548. Status = RtlInitializeSid( SeAliasAdminsSid, &SeNtAuthority, 2 );
  549. if (!NT_SUCCESS( Status )) {
  550. return FALSE;
  551. }
  552. Status = RtlInitializeSid( SeAliasSystemOpsSid, &SeNtAuthority, 2 );
  553. if (!NT_SUCCESS( Status )) {
  554. return FALSE;
  555. }
  556. Status = RtlInitializeSid( SeAliasPowerUsersSid, &SeNtAuthority, 2 );
  557. if (!NT_SUCCESS( Status )) {
  558. return FALSE;
  559. }
  560. Status = RtlInitializeSid( SeAliasUsersSid, &SeNtAuthority, 2 );
  561. if (!NT_SUCCESS( Status )) {
  562. return FALSE;
  563. }
  564. *(RtlSubAuthoritySid( SeLocalSystemSid, 0 )) = SECURITY_LOCAL_SYSTEM_RID;
  566. *(RtlSubAuthoritySid( SeAliasAdminsSid, 0 )) = SECURITY_BUILTIN_DOMAIN_RID;
  567. *(RtlSubAuthoritySid( SeAliasAdminsSid, 1 )) = DOMAIN_ALIAS_RID_ADMINS;
  569. *(RtlSubAuthoritySid( SeAliasSystemOpsSid, 0 )) = SECURITY_BUILTIN_DOMAIN_RID;
  570. *(RtlSubAuthoritySid( SeAliasSystemOpsSid, 1 )) = DOMAIN_ALIAS_RID_SYSTEM_OPS;
  572. *(RtlSubAuthoritySid( SeAliasPowerUsersSid, 0 )) = SECURITY_BUILTIN_DOMAIN_RID;
  573. *(RtlSubAuthoritySid( SeAliasPowerUsersSid, 1 )) = DOMAIN_ALIAS_RID_POWER_USERS;
  575. *(RtlSubAuthoritySid( SeAliasUsersSid, 0 )) = SECURITY_BUILTIN_DOMAIN_RID;
  576. *(RtlSubAuthoritySid( SeAliasUsersSid, 1 )) = DOMAIN_ALIAS_RID_USERS;
  578. //
  579. // The SIDs have been successfully created. Now create the table of ACEs
  580. //
  582. return RegpInitializeACEs();
  583. }
  585. BOOLEAN
  586. RegpInitializeACEs(
  587. VOID
  588. )
  590. /*++
  592. Routine Description:
  594. Initializes the table of ACEs described in the AceDataTable. This is
  595. called at initialization time by RiInitializeSecurity after the SIDs
  596. have been created.
  598. Arguments:
  600. None.
  602. Return Value:
  604. TRUE - ACEs successfully constructed.
  605. FALSE - initialization failed.
  607. --*/
  609. {
  610. ULONG i;
  611. ULONG LengthRequired;
  612. NTSTATUS Status;
  614. for (i=1; i<ACE_COUNT; i++) {
  615. LengthRequired = RtlLengthSid( *(AceDataTable[i].Sid) ) +
  616. sizeof( KNOWN_ACE ) - sizeof( ULONG );
  618. Aces[i] = (PKNOWN_ACE)RtlAllocateHeap( RtlProcessHeap(), 0, LengthRequired );
  619. if (Aces[i] == NULL) {
  620. return FALSE;
  621. }
  623. Aces[i]->Header.AceType = AceDataTable[i].AceType;
  624. Aces[i]->Header.AceFlags = AceDataTable[i].AceFlags;
  625. Aces[i]->Header.AceSize = (USHORT)LengthRequired;
  627. Aces[i]->Mask = AceDataTable[i].AccessMask;
  629. Status = RtlCopySid( RtlLengthSid(*(AceDataTable[i].Sid)),
  630. &Aces[i]->SidStart,
  631. *(AceDataTable[i].Sid)
  632. );
  633. if (!NT_SUCCESS( Status )) {
  634. return FALSE;
  635. }
  636. }
  638. return TRUE;
  639. }
  642. BOOLEAN
  643. RegUnicodeToDWORD(
  644. IN OUT PWSTR *String,
  645. IN ULONG Base OPTIONAL,
  646. OUT PULONG Value
  647. )
  648. {
  649. PCWSTR s;
  650. WCHAR c, Sign;
  651. ULONG nChars, Result, Digit, Shift;
  653. s = *String;
  654. Sign = UNICODE_NULL;
  655. while (*s != UNICODE_NULL && *s <= ' ') {
  656. s += 1;
  657. }
  659. c = *s;
  660. if (c == L'-' || c == L'+') {
  661. Sign = c;
  662. c = *++s;
  663. }
  665. if (Base == 0) {
  666. Base = 10;
  667. Shift = 0;
  668. if (c == L'0') {
  669. c = *++s;
  670. if (c == L'x') {
  671. c = *++s;
  672. Base = 16;
  673. Shift = 4;
  674. }
  675. else
  676. if (c == L'o') {
  677. c = *++s;
  678. Base = 8;
  679. Shift = 3;
  680. }
  681. else
  682. if (c == L'b') {
  683. c = *++s;
  684. Base = 2;
  685. Shift = 1;
  686. }
  687. else {
  688. c = *--s;
  689. }
  690. }
  691. }
  692. else {
  693. switch( Base ) {
  694. case 16: Shift = 4; break;
  695. case 8: Shift = 3; break;
  696. case 2: Shift = 1; break;
  697. case 10: Shift = 0; break;
  698. default: return FALSE;
  699. }
  700. }
  702. //
  703. // Return an error if end of string before we start
  704. //
  705. if (c == UNICODE_NULL) {
  706. return FALSE;
  707. }
  709. Result = 0;
  710. while (c != UNICODE_NULL) {
  711. if (c >= L'0' && c <= L'9') {
  712. Digit = c - L'0';
  713. }
  714. else
  715. if (c >= L'A' && c <= L'F') {
  716. Digit = c - L'A' + 10;
  717. }
  718. else
  719. if (c >= L'a' && c <= L'f') {
  720. Digit = c - L'a' + 10;
  721. }
  722. else {
  723. break;
  724. }
  726. if (Digit >= Base) {
  727. break;
  728. }
  730. if (Shift == 0) {
  731. Result = (Base * Result) + Digit;
  732. }
  733. else {
  734. Result = (Result << Shift) | Digit;
  735. }
  737. c = *++s;
  738. }
  740. if (Sign == L'-') {
  741. Result = (ULONG)(-(LONG)Result);
  742. }
  744. try {
  745. *String = (PWSTR)s;
  746. *Value = Result;
  747. }
  748. except( EXCEPTION_EXECUTE_HANDLER ) {
  749. return FALSE;
  750. }
  752. return TRUE;
  753. }
  757. BOOLEAN
  758. RegUnicodeToQWORD(
  759. IN OUT PWSTR *String,
  760. IN ULONG Base OPTIONAL,
  761. OUT PDWORDLONG Value
  762. )
  763. {
  764. PCWSTR s;
  765. WCHAR c, Sign;
  766. ULONG nChars, Digit, Shift;
  767. DWORDLONG Result;
  769. s = *String;
  770. Sign = UNICODE_NULL;
  771. while (*s != UNICODE_NULL && *s <= ' ') {
  772. s += 1;
  773. }
  775. c = *s;
  776. if (c == L'-' || c == L'+') {
  777. Sign = c;
  778. c = *++s;
  779. }
  781. if (Base == 0) {
  782. Base = 10;
  783. Shift = 0;
  784. if (c == L'0') {
  785. c = *++s;
  786. if (c == L'x') {
  787. c = *++s;
  788. Base = 16;
  789. Shift = 4;
  790. }
  791. else
  792. if (c == L'o') {
  793. c = *++s;
  794. Base = 8;
  795. Shift = 3;
  796. }
  797. else
  798. if (c == L'b') {
  799. c = *++s;
  800. Base = 2;
  801. Shift = 1;
  802. }
  803. else {
  804. c = *--s;
  805. }
  806. }
  807. }
  808. else {
  809. switch( Base ) {
  810. case 16: Shift = 4; break;
  811. case 8: Shift = 3; break;
  812. case 2: Shift = 1; break;
  813. case 10: Shift = 0; break;
  814. default: return FALSE;
  815. }
  816. }
  818. //
  819. // Return an error if end of string before we start
  820. //
  821. if (c == UNICODE_NULL) {
  822. return FALSE;
  823. }
  825. Result = 0;
  826. while (c != UNICODE_NULL) {
  827. if (c >= L'0' && c <= L'9') {
  828. Digit = c - L'0';
  829. }
  830. else
  831. if (c >= L'A' && c <= L'F') {
  832. Digit = c - L'A' + 10;
  833. }
  834. else
  835. if (c >= L'a' && c <= L'f') {
  836. Digit = c - L'a' + 10;
  837. }
  838. else {
  839. break;
  840. }
  842. if (Digit >= Base) {
  843. break;
  844. }
  846. if (Shift == 0) {
  847. Result = (Base * Result) + Digit;
  848. }
  849. else {
  850. Result = (Result << Shift) | Digit;
  851. }
  853. c = *++s;
  854. }
  856. if (Sign == L'-') {
  857. Result = (DWORDLONG)(-(LONGLONG)Result);
  858. }
  860. try {
  861. *String = (PWSTR)s;
  862. *Value = Result;
  863. }
  864. except( EXCEPTION_EXECUTE_HANDLER ) {
  865. return FALSE;
  866. }
  868. return TRUE;
  869. }
  873. BOOLEAN
  874. RegCreateSecurity(
  875. IN PWSTR AclStart,
  876. OUT PSECURITY_DESCRIPTOR SecurityDescriptor
  877. )
  879. /*++
  881. Routine Description:
  883. Computes the appropriate security descriptor based on a string of the
  884. form "1 2 3 ..." where each number is the index of a particular
  885. ACE from the pre-defined list of ACEs.
  887. Arguments:
  889. AclStart - Supplies a unicode string representing a list of ACEs
  891. SecurityDescriptor - Returns the initialized security descriptor
  892. that represents all the ACEs supplied
  894. Return Value:
  896. TRUE if successful and FALSE if not.
  898. --*/
  900. {
  901. PWSTR p;
  902. PWSTR StringEnd, StringStart;
  903. ULONG AceCount=0;
  904. ULONG AceIndex;
  905. ULONG i;
  906. PACL Acl;
  907. NTSTATUS Status;
  909. //
  910. // First we need to count the number of ACEs in the ACL.
  911. //
  913. p=AclStart;
  914. StringEnd = AclStart + wcslen( AclStart );
  916. //
  917. // strip leading white space
  918. //
  919. while ((*p == L' ' || *p == L'\t') && p != StringEnd) {
  920. p += 1;
  921. }
  923. StringStart = p;
  925. //
  926. // Count number of digits in the string
  927. //
  929. while (p != StringEnd) {
  930. if (iswdigit( *p )) {
  931. ++AceCount;
  932. do {
  933. p += 1;
  934. }
  935. while (iswdigit( *p ) && p != StringEnd);
  936. }
  937. else {
  938. p += 1;
  939. }
  940. }
  942. Acl = RtlAllocateHeap( RtlProcessHeap(), 0, 256 );
  943. if (Acl == NULL) {
  944. return FALSE;
  945. }
  947. Status = RtlCreateAcl( Acl, 256, ACL_REVISION2 );
  948. if (!NT_SUCCESS( Status )) {
  949. RtlFreeHeap( RtlProcessHeap(), 0, Acl );
  950. return FALSE;
  951. }
  953. p = StringStart;
  954. for (i=0; i<AceCount; i++) {
  955. AceIndex = wcstoul( p, &p, 10 );
  956. if (AceIndex == 0) {
  957. //
  958. // zero is not a valid index, so it must mean there is some
  959. // unexpected garbage in the ACE list
  960. //
  961. break;
  962. }
  964. Status = RtlAddAce( Acl,
  965. ACL_REVISION2,
  966. MAXULONG,
  967. Aces[AceIndex],
  968. Aces[AceIndex]->Header.AceSize
  969. );
  970. if (!NT_SUCCESS( Status )) {
  971. RtlFreeHeap( RtlProcessHeap(), 0, Acl );
  972. return FALSE;
  973. }
  974. }
  976. //
  977. // We now have an appropriately formed ACL, initialize the security
  978. // descriptor.
  979. //
  980. Status = RtlCreateSecurityDescriptor( SecurityDescriptor,
  981. SECURITY_DESCRIPTOR_REVISION
  982. );
  983. if (!NT_SUCCESS( Status )) {
  984. RtlFreeHeap( RtlProcessHeap(), 0, Acl );
  985. return FALSE;
  986. }
  988. Status = RtlSetDaclSecurityDescriptor( SecurityDescriptor,
  989. TRUE,
  990. Acl,
  991. FALSE
  992. );
  993. if (!NT_SUCCESS( Status )) {
  994. RtlFreeHeap( RtlProcessHeap(), 0, Acl );
  995. return FALSE;
  996. }
  998. return TRUE;
  999. }
  1002. BOOLEAN
  1003. RegFormatSecurity(
  1004. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  1005. OUT PWSTR AceList
  1006. )
  1007. {
  1008. NTSTATUS Status;
  1009. BOOLEAN DaclPresent, DaclDefaulted;
  1010. PACL Acl;
  1011. PWSTR s;
  1012. ULONG AceIndex, MyAceIndex;
  1013. PKNOWN_ACE Ace;
  1015. s = AceList;
  1016. *s = UNICODE_NULL;
  1017. Acl = NULL;
  1018. Status = RtlGetDaclSecurityDescriptor( SecurityDescriptor,
  1019. &DaclPresent,
  1020. &Acl,
  1021. &DaclDefaulted
  1022. );
  1023. if (NT_SUCCESS( Status ) && DaclPresent && Acl != NULL) {
  1024. for (AceIndex=0; AceIndex<Acl->AceCount; AceIndex++) {
  1025. Status = RtlGetAce( Acl, AceIndex, &Ace );
  1026. if (!NT_SUCCESS( Status )) {
  1027. return FALSE;
  1028. }
  1030. for (MyAceIndex=1; MyAceIndex<ACE_COUNT; MyAceIndex++) {
  1031. if (Ace->Header.AceType == Aces[ MyAceIndex ]->Header.AceType &&
  1032. Ace->Header.AceFlags == Aces[ MyAceIndex ]->Header.AceFlags &&
  1033. Ace->Mask == Aces[ MyAceIndex ]->Mask
  1034. ) {
  1035. if (RtlEqualSid( (PSID)&Ace->SidStart, (PSID)&Aces[ MyAceIndex ]->SidStart )) {
  1036. if (s != AceList) {
  1037. *s++ = L' ';
  1038. }
  1040. s += swprintf( s, L"%d", MyAceIndex );
  1041. break;
  1042. }
  1043. }
  1044. }
  1045. }
  1046. }
  1048. *s = UNICODE_NULL;
  1049. return s != AceList;
  1050. }
  1053. VOID
  1054. RegDestroySecurity(
  1055. IN PSECURITY_DESCRIPTOR SecurityDescriptor
  1056. )
  1058. /*++
  1060. Routine Description:
  1062. This routine cleans up and destroys a security descriptor that was
  1063. previously created with RegCreateSecurity.
  1065. Arguments:
  1067. SecurityDescriptor - Supplies a pointer to the security descriptor that
  1068. was previously initialized by RegCreateSecurity.
  1070. Return Value:
  1072. None.
  1074. --*/
  1076. {
  1077. NTSTATUS Status;
  1078. BOOLEAN DaclPresent, DaclDefaulted;
  1079. PACL Acl;
  1080. ULONG AceIndex;
  1081. PKNOWN_ACE Ace;
  1083. Acl = NULL;
  1084. Status = RtlGetDaclSecurityDescriptor( SecurityDescriptor,
  1085. &DaclPresent,
  1086. &Acl,
  1087. &DaclDefaulted
  1088. );
  1089. if (NT_SUCCESS( Status ) && DaclPresent && Acl != NULL) {
  1090. RtlFreeHeap( RtlProcessHeap(), 0, Acl );
  1091. }
  1093. return;
  1094. }