archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/netapi/svcdlls/wkssvc/server/wssec.c

305 lines
8.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. wssec.c
  9. Abstract:
  11. This module contains the Workstation service support routines
  12. which create security objects and enforce security _access checking.
  14. Author:
  16. Rita Wong (ritaw) 19-Feb-1991
  18. Revision History:
  20. --*/
  22. #include "wsutil.h"
  23. #include "wsmain.h"
  24. #include "wssec.h"
  26. //-------------------------------------------------------------------//
  27. // //
  28. // Local function prototypes //
  29. // //
  30. //-------------------------------------------------------------------//
  32. STATIC
  33. NTSTATUS
  34. WsCreateConfigInfoObject(
  35. VOID
  36. );
  38. STATIC
  39. NTSTATUS
  40. WsCreateMessageSendObject(
  41. VOID
  42. );
  44. //-------------------------------------------------------------------//
  45. // //
  46. // Global variables //
  47. // //
  48. //-------------------------------------------------------------------//
  50. //
  51. // Security descriptors of workstation objects to control user accesses
  52. // to the workstation configuration information, sending messages, and the
  53. // logon support functions.
  54. //
  55. PSECURITY_DESCRIPTOR ConfigurationInfoSd;
  56. PSECURITY_DESCRIPTOR MessageSendSd;
  59. //
  60. // Structure that describes the mapping of Generic access rights to
  61. // object specific access rights for the ConfigurationInfo object.
  62. //
  63. GENERIC_MAPPING WsConfigInfoMapping = {
  64. STANDARD_RIGHTS_READ | // Generic read
  65. WKSTA_CONFIG_GUEST_INFO_GET |
  66. WKSTA_CONFIG_USER_INFO_GET |
  67. WKSTA_CONFIG_ADMIN_INFO_GET,
  68. STANDARD_RIGHTS_WRITE | // Generic write
  69. WKSTA_CONFIG_INFO_SET,
  70. STANDARD_RIGHTS_EXECUTE, // Generic execute
  71. WKSTA_CONFIG_ALL_ACCESS // Generic all
  72. };
  74. //
  75. // Structure that describes the mapping of generic access rights to
  76. // object specific access rights for the MessageSend object.
  77. //
  78. GENERIC_MAPPING WsMessageSendMapping = {
  79. STANDARD_RIGHTS_READ, // Generic read
  80. STANDARD_RIGHTS_WRITE | // Generic write
  81. WKSTA_MESSAGE_SEND,
  82. STANDARD_RIGHTS_EXECUTE, // Generic execute
  83. WKSTA_MESSAGE_ALL_ACCESS // Generic all
  84. };
  88. NET_API_STATUS
  89. WsCreateWkstaObjects(
  90. VOID
  91. )
  92. /*++
  94. Routine Description:
  96. This function creates the workstation user-mode objects which are
  97. represented by security descriptors.
  99. Arguments:
  101. None.
  103. Return Value:
  105. NET_API_STATUS - NERR_Success or reason for failure.
  107. --*/
  108. {
  109. NTSTATUS ntstatus;
  112. //
  113. // Create ConfigurationInfo object
  114. //
  115. if (! NT_SUCCESS (ntstatus = WsCreateConfigInfoObject())) {
  116. IF_DEBUG(UTIL) {
  117. NetpKdPrint(("[Wksta] Failure to create ConfigurationInfo object\n"));
  118. }
  119. return NetpNtStatusToApiStatus(ntstatus);
  120. }
  122. //
  123. // Create MessageSend object
  124. //
  125. if (! NT_SUCCESS (ntstatus = WsCreateMessageSendObject())) {
  126. IF_DEBUG(UTIL) {
  127. NetpKdPrint(("[Wksta] Failure to create MessageSend object\n"));
  128. }
  129. return NetpNtStatusToApiStatus(ntstatus);
  130. }
  132. return NERR_Success;
  133. }
  137. STATIC
  138. NTSTATUS
  139. WsCreateConfigInfoObject(
  140. VOID
  141. )
  142. /*++
  144. Routine Description:
  146. This function creates the workstation configuration information object.
  148. Arguments:
  150. None.
  152. Return Value:
  154. NTSTATUS - status returned from NetpCreateSecurityObject.
  156. --*/
  157. {
  158. //
  159. // Order matters! These ACEs are inserted into the DACL in the
  160. // following order. Security access is granted or denied based on
  161. // the order of the ACEs in the DACL.
  162. //
  163. // Local users, admins, and operators are allowed to get all information.
  164. // Only admins are allowed to set information. Users are allowed to get
  165. // user and guest info; guests are allowed to get guest info only.
  166. //
  168. #define CONFIG_INFO_ACES 8 // Number of ACEs in this DACL
  170. ACE_DATA AceData[CONFIG_INFO_ACES] = {
  171. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  172. WKSTA_CONFIG_GUEST_INFO_GET |
  173. WKSTA_CONFIG_USER_INFO_GET |
  174. WKSTA_CONFIG_ADMIN_INFO_GET, &WsLmsvcsGlobalData->LocalSid},
  176. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  177. GENERIC_ALL, &WsLmsvcsGlobalData->AliasAdminsSid},
  179. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  180. WKSTA_CONFIG_GUEST_INFO_GET |
  181. WKSTA_CONFIG_USER_INFO_GET |
  182. WKSTA_CONFIG_ADMIN_INFO_GET, &WsLmsvcsGlobalData->AliasAccountOpsSid},
  184. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  185. WKSTA_CONFIG_GUEST_INFO_GET |
  186. WKSTA_CONFIG_USER_INFO_GET |
  187. WKSTA_CONFIG_ADMIN_INFO_GET, &WsLmsvcsGlobalData->AliasSystemOpsSid},
  189. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  190. WKSTA_CONFIG_GUEST_INFO_GET |
  191. WKSTA_CONFIG_USER_INFO_GET |
  192. WKSTA_CONFIG_ADMIN_INFO_GET, &WsLmsvcsGlobalData->AliasPrintOpsSid},
  194. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  195. WKSTA_CONFIG_GUEST_INFO_GET |
  196. WKSTA_CONFIG_USER_INFO_GET, &WsLmsvcsGlobalData->AliasUsersSid},
  198. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  199. WKSTA_CONFIG_GUEST_INFO_GET, &WsLmsvcsGlobalData->WorldSid},
  201. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  202. WKSTA_CONFIG_GUEST_INFO_GET, &WsLmsvcsGlobalData->AnonymousLogonSid}
  203. };
  206. return NetpCreateSecurityObject(
  207. AceData,
  208. CONFIG_INFO_ACES,
  209. WsLmsvcsGlobalData->LocalSystemSid,
  210. WsLmsvcsGlobalData->LocalSystemSid,
  211. &WsConfigInfoMapping,
  212. &ConfigurationInfoSd
  213. );
  214. }
  218. STATIC
  219. NTSTATUS
  220. WsCreateMessageSendObject(
  221. VOID
  222. )
  223. /*++
  225. Routine Description:
  227. This function creates the workstation message send object.
  229. Arguments:
  231. None.
  233. Return Value:
  235. NTSTATUS - status returned from NetpCreateSecurityObject.
  237. --*/
  238. {
  239. //
  240. // Order matters! These ACEs are inserted into the DACL in the
  241. // following order. Security access is granted or denied based on
  242. // the order of the ACEs in the DACL.
  243. //
  244. // Any local user, and domain admins and operators are allowed to
  245. // send messages. Remote users besides domain admins, and operators
  246. // are not allowed to send messages.
  247. //
  249. #define MESSAGE_SEND_ACES 5 // Number of ACEs in this DACL
  251. ACE_DATA AceData[MESSAGE_SEND_ACES] = {
  252. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  253. GENERIC_ALL, &WsLmsvcsGlobalData->LocalSid},
  255. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  256. GENERIC_ALL, &WsLmsvcsGlobalData->AliasAdminsSid},
  258. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  259. WKSTA_MESSAGE_SEND, &WsLmsvcsGlobalData->AliasAccountOpsSid},
  261. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  262. WKSTA_MESSAGE_SEND, &WsLmsvcsGlobalData->AliasSystemOpsSid},
  264. {ACCESS_ALLOWED_ACE_TYPE, 0, 0,
  265. WKSTA_MESSAGE_SEND, &WsLmsvcsGlobalData->AliasPrintOpsSid}
  267. };
  270. return NetpCreateSecurityObject(
  271. AceData,
  272. MESSAGE_SEND_ACES,
  273. WsLmsvcsGlobalData->LocalSystemSid,
  274. WsLmsvcsGlobalData->LocalSystemSid,
  275. &WsMessageSendMapping,
  276. &MessageSendSd
  277. );
  278. }
  282. VOID
  283. WsDestroyWkstaObjects(
  284. VOID
  285. )
  286. /*++
  288. Routine Description:
  290. This function destroys the workstation user-mode objects which are
  291. represented by security descriptors.
  293. Arguments:
  295. None.
  297. Return Value:
  299. None.
  301. --*/
  302. {
  303. (void) NetpDeleteSecurityObject(&ConfigurationInfoSd);
  304. (void) NetpDeleteSecurityObject(&MessageSendSd);
  305. }