Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

165 lines
3.7 KiB

  1. //****************************************************************************
  2. //
  3. // Module: UNIMDM
  4. // File: SEC.C
  5. //
  6. // Copyright (c) 1992-1996, Microsoft Corporation, all rights reserved
  7. //
  8. // Revision History
  9. //
  10. //
  11. // 3/27/96 JosephJ Created
  12. //
  13. //
  14. // Description: Security-related helper functions
  15. //
  16. //****************************************************************************
  17. #include "proj.h"
  18. #include "sec.h"
  19. #include <debugmem.h>
  20. //****************************************************************************
  21. // Description: This procedure will allocate and initialize a security
  22. // descriptor with the specificed attributes.
  23. //
  24. // Returns: pointer to an allocated and initialized security descriptor.
  25. // If NULL, GetLastError() will return the appropriate error code.
  26. //
  27. // History:
  28. // 3/27/96 JosephJ Created
  29. //****************************************************************************/
  30. //
  31. PSECURITY_DESCRIPTOR AllocateSecurityDescriptor (
  32. PSID_IDENTIFIER_AUTHORITY pSIA,
  33. DWORD dwRID,
  34. DWORD dwRights,
  35. PSID pSidOwner,
  36. PSID pSidGroup
  37. )
  38. {
  39. PSID pObjSid = NULL;
  40. PACL pDacl = NULL;
  41. PSECURITY_DESCRIPTOR pSD = NULL;
  42. pSD = ALLOCATE_MEMORY( SECURITY_DESCRIPTOR_MIN_LENGTH+256);
  43. if (!pSD) goto end_fail;
  44. // Set up the SID for the admins that will be allowed to have
  45. // access. This SID will have 1 sub-authority
  46. if (!AllocateAndInitializeSid(
  47. pSIA,
  48. 1,
  49. dwRID, 0, 0, 0, 0, 0, 0, 0,
  50. &pObjSid
  51. ))
  52. {
  53. goto end_fail;
  54. }
  55. // Set up the DACL that will allow all processes with the above SID
  56. // access specified in dwRights. It should be large enough to hold all ACEs.
  57. //
  58. {
  59. DWORD cbDaclSize = sizeof(ACCESS_ALLOWED_ACE) +
  60. GetLengthSid(pObjSid) +
  61. sizeof(ACL);
  62. pDacl = (PACL)ALLOCATE_MEMORY( cbDaclSize );
  63. if (!pDacl)
  64. {
  65. goto end_fail;
  66. }
  67. if ( !InitializeAcl( pDacl, cbDaclSize, ACL_REVISION2 ) )
  68. {
  69. goto end_fail;
  70. }
  71. }
  72. // Add the ACE to the DACL
  73. //
  74. if ( !AddAccessAllowedAce( pDacl, ACL_REVISION2, dwRights, pObjSid))
  75. {
  76. goto end_fail;
  77. }
  78. // Create the security descriptor and put the DACL in it.
  79. //
  80. if ( !InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION ))
  81. {
  82. goto end_fail;
  83. }
  84. if ( !SetSecurityDescriptorDacl(pSD, TRUE, pDacl, FALSE ) )
  85. {
  86. goto end_fail;
  87. }
  88. // Set owner for the descriptor
  89. //
  90. if ( !SetSecurityDescriptorOwner( pSD, pSidOwner, FALSE) )
  91. {
  92. goto end_fail;
  93. }
  94. // Set group for the descriptor
  95. //
  96. if ( !SetSecurityDescriptorGroup( pSD, pSidGroup, FALSE) )
  97. {
  98. goto end_fail;
  99. }
  100. FreeSid(pObjSid);
  101. return pSD;
  102. end_fail:
  103. {
  104. DWORD dwRetCode = GetLastError();
  105. if (pDacl) { FREE_MEMORY(pDacl); pDacl=0;}
  106. if (pObjSid) { FreeSid(pObjSid); pObjSid=0;}
  107. if (pSD) { FREE_MEMORY(pSD); pSD=0;}
  108. SetLastError(dwRetCode);
  109. }
  110. return NULL;
  111. }
  112. //****************************************************************************
  113. // Description: Frees a security descriptor previously allocated by
  114. // AllocateSecurityDescriptor.
  115. //
  116. // History:
  117. // 3/27/96 JosephJ Created
  118. //****************************************************************************/
  119. void FreeSecurityDescriptor(PSECURITY_DESCRIPTOR pSD)
  120. {
  121. PSID pObjSid = NULL;
  122. PACL pDacl = NULL;
  123. BOOL fGotAcl=FALSE, fByDefault=FALSE;
  124. // Free Dacl, if user had allocated it.
  125. if (GetSecurityDescriptorDacl(pSD, &fGotAcl, &pDacl, &fByDefault ))
  126. {
  127. if (fGotAcl && !fByDefault && pDacl)
  128. {
  129. FREE_MEMORY(pDacl);
  130. }
  131. }
  132. else
  133. {
  134. ASSERT(FALSE); // We should not be calling this function with such
  135. // an pSD.
  136. }
  137. FREE_MEMORY(pSD);
  138. }