archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ipsec/ipsecshr/nsuacl.c

277 lines
6.8 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // Copyright (c) 1997-2002 Microsoft Corporation
  2. //
  3. // Module:
  4. //
  5. // Network Security Utilities
  6. //
  7. // Abstract:
  8. //
  9. // Acl API's
  10. //
  11. // Authors:
  12. //
  13. // pmay 2/5/02
  14. // raymonds 03/20/02
  15. //
  16. // Environment:
  17. //
  18. // User mode
  19. //
  20. // Revision History:
  21. //
  23. #include <precomp.h>
  25. // Private declarations
  26. //
  28. // Maximum string security descriptor length
  29. //
  31. #define MAX_STR_SD_LEN 128
  33. // TBD: Remove these when incorporated into main NSU utilities
  35. #define CLEANUP Cleanup
  37. #define BAIL_ON_ERROR(err) if((err) != ERROR_SUCCESS) {goto CLEANUP;}
  38. #define BAIL_ON_NULL(ptr, err) if ((ptr) == NULL) {(err) = ERROR_NOT_ENOUGH_MEMORY; goto CLEANUP;}
  39. #define BAIL_OUT {goto CLEANUP;}
  42. // Description:
  43. //
  44. // Allocates and initializes a SECURITY_ATTRIBUTES structure that gives
  45. // access according to the flags passed in. (contained SD is self-relative).
  46. //
  47. // Arguments:
  48. //
  49. // ppSecurityAttributes - pointer to SECURITY_ATTRIBUTES created.
  50. // Use NsuAclAttributesDestroy to destroy.
  51. // dwFlags - see NSU_ACL_F_* values
  52. //
  53. // Return Value:
  54. //
  55. // An allocated security attributes structure or NULL if out of memory.
  56. //
  57. //
  58. // TBD: use NsuString and Nsu mem functions
  60. DWORD
  61. NsuAclAttributesCreate(
  62. OUT PSECURITY_ATTRIBUTES* ppSecurityAttributes,
  63. IN DWORD dwFlags)
  64. {
  65. DWORD dwError = ERROR_SUCCESS;
  66. SECURITY_ATTRIBUTES *pSecurityAttributes = NULL;
  68. pSecurityAttributes = LocalAlloc(LPTR, sizeof(SECURITY_ATTRIBUTES));
  69. BAIL_ON_NULL(pSecurityAttributes, dwError);
  71. dwError = NsuAclDescriptorCreate(
  72. (PSECURITY_DESCRIPTOR*) &pSecurityAttributes->lpSecurityDescriptor,
  73. dwFlags
  74. );
  75. BAIL_ON_ERROR(dwError);
  76. pSecurityAttributes->nLength = sizeof(SECURITY_ATTRIBUTES);
  77. pSecurityAttributes->bInheritHandle = FALSE;
  79. *ppSecurityAttributes = pSecurityAttributes;
  81. return dwError;
  83. CLEANUP:
  84. if (pSecurityAttributes) {
  85. NsuAclAttributesDestroy(&pSecurityAttributes);
  86. }
  88. *ppSecurityAttributes = NULL;
  89. return dwError;
  90. }
  92. // Description:
  93. //
  94. // Deallocates return value of NsuAclCreateAttributes.
  95. //
  96. DWORD
  97. NsuAclAttributesDestroy(
  98. IN OUT PSECURITY_ATTRIBUTES* ppSecurityAttributes)
  99. {
  100. DWORD dwError = ERROR_SUCCESS;
  102. if (!ppSecurityAttributes) {
  103. BAIL_OUT;
  104. }
  106. // Destroy Security descriptor, ignoring any errors, since there's not much we
  107. // can do and want to clean up the rest of the attributes as much as possible.
  108. //
  110. (VOID) NsuAclDescriptorDestroy((*ppSecurityAttributes)->lpSecurityDescriptor);
  112. (VOID) LocalFree(*ppSecurityAttributes);
  114. *ppSecurityAttributes = NULL;
  115. return dwError;
  117. CLEANUP:
  118. return dwError;
  119. }
  121. // Description:
  122. //
  123. // Allocates and initializes a self-relative SECURITY_DESCRIPTOR structure that gives
  124. // access according to the flags passed in.
  125. //
  126. // Arguments:
  127. //
  128. // ppSecurityDescriptor - security descriptor created. Use NsuAclDescriptorDestroy
  129. // to destroy.
  130. // dwFlags - see NSU_ACL_F_* values
  131. //
  132. // Return Value:
  133. //
  134. // An allocated security attributes structure or NULL if out of memory.
  135. //
  136. DWORD
  137. NsuAclDescriptorCreate (
  138. OUT PSECURITY_DESCRIPTOR* ppSecurityDescriptor,
  139. IN DWORD dwFlags)
  140. {
  141. DWORD dwError = ERROR_SUCCESS;
  142. BOOL fSucceeded = TRUE;
  143. WCHAR szStringSecurityDescriptor[MAX_STR_SD_LEN] = {0};
  144. PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
  146. wcscpy(szStringSecurityDescriptor, L"D:AIAR");
  147. if (dwFlags & NSU_ACL_F_AdminFull) {
  148. wcscat(szStringSecurityDescriptor, L"(A;OICI;GA;;;BA)");
  149. }
  151. if (dwFlags & NSU_ACL_F_LocalSystemFull) {
  152. wcscat(szStringSecurityDescriptor, L"(A;OICI;GA;;;SY)");
  153. }
  155. fSucceeded = ConvertStringSecurityDescriptorToSecurityDescriptorW(
  156. szStringSecurityDescriptor,
  157. SDDL_REVISION_1,
  158. &pSecurityDescriptor,
  159. NULL
  160. );
  161. if (!fSucceeded) {
  162. dwError = GetLastError();
  163. BAIL_OUT;
  164. }
  166. *ppSecurityDescriptor = pSecurityDescriptor;
  168. return dwError;
  169. CLEANUP:
  170. NsuAclDescriptorDestroy(&pSecurityDescriptor);
  171. *ppSecurityDescriptor = NULL;
  172. return dwError;
  173. }
  175. // Description:
  176. //
  177. // Deallocates return value of NsuAclCreateDescriptor.
  178. //
  179. DWORD
  180. NsuAclDescriptorDestroy(
  181. IN OUT PSECURITY_DESCRIPTOR* ppDescriptor)
  182. {
  183. DWORD dwError = ERROR_SUCCESS;
  185. if (!ppDescriptor) {
  186. BAIL_OUT;
  187. }
  189. (VOID) LocalFree(*ppDescriptor);
  191. *ppDescriptor = NULL;
  193. return dwError;
  194. CLEANUP:
  195. return dwError;
  196. }
  198. // Description:
  199. //
  200. // Used to determine whether a given security descriptor grants
  201. // full access to everyone.
  202. //
  203. // Arguments:
  204. //
  205. // pSD - the security descriptor
  206. // pbRestricts - TRUE if non-Everyone-full-access, FALSE otherwise
  207. //
  208. // Return Value:
  209. //
  210. // Standard win32 error
  211. //
  212. DWORD
  213. NsuAclDescriptorRestricts(
  214. IN CONST PSECURITY_DESCRIPTOR pSD,
  215. OUT BOOL* pbRestricts)
  216. {
  217. return ERROR_CALL_NOT_IMPLEMENTED;
  218. }
  220. // Description:
  221. //
  222. // Gets security descriptor of a regkey.
  223. //
  224. //
  225. // Arguments:
  226. //
  227. // ppSecurityDescriptor - security descriptor returned. Use NsuAclDescriptorDestroy
  228. // to destroy.
  229. // hKey - open handle of registry key
  230. //
  231. // Return Value:
  232. //
  233. // An allocated security attributes structure or NULL if out of memory.
  234. //
  236. DWORD
  237. NsuAclGetRegKeyDescriptor(
  238. IN HKEY hKey,
  239. OUT PSECURITY_DESCRIPTOR* ppSecurityDescriptor
  240. )
  241. {
  242. PSECURITY_DESCRIPTOR pSecurityDescriptor = 0;
  243. DWORD dwError = ERROR_SUCCESS;
  244. DWORD cbSecurityDescriptor = 0;
  246. cbSecurityDescriptor = 0;
  247. dwError = RegGetKeySecurity(
  248. hKey,
  249. DACL_SECURITY_INFORMATION,
  250. NULL,
  251. &cbSecurityDescriptor
  252. );
  253. if (dwError != ERROR_INSUFFICIENT_BUFFER) {
  254. BAIL_ON_ERROR(dwError);
  255. }
  257. pSecurityDescriptor = LocalAlloc(LPTR, cbSecurityDescriptor);
  258. BAIL_ON_NULL(pSecurityDescriptor, dwError);
  259. dwError = RegGetKeySecurity(
  260. hKey,
  261. DACL_SECURITY_INFORMATION,
  262. pSecurityDescriptor,
  263. &cbSecurityDescriptor
  264. );
  265. BAIL_ON_ERROR(dwError);
  267. *ppSecurityDescriptor = pSecurityDescriptor;
  268. CLEANUP:
  269. if (dwError) {
  270. if (pSecurityDescriptor) {
  271. LocalFree(pSecurityDescriptor);
  272. }
  273. *ppSecurityDescriptor = NULL;
  274. }
  276. return dwError;
  277. }