archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/wdmlib/wdmsec/se/seutil.c

220 lines
4.7 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) Microsoft Corporation. All rights reserved.
  5. Module Name:
  7. SeUtil.c
  9. Abstract:
  11. This module contains various security utility functions.
  13. Author:
  15. Adrian J. Oney - April 23, 2002
  17. Revision History:
  19. --*/
  21. #include "WlDef.h"
  22. #pragma hdrstop
  24. #ifdef ALLOC_PRAGMA
  25. #pragma alloc_text(PAGE, SeUtilSecurityInfoFromSecurityDescriptor)
  26. #ifndef _KERNELIMPLEMENTATION_
  27. #pragma alloc_text(PAGE, SeSetSecurityAccessMask)
  28. #endif
  29. #endif
  32. NTSTATUS
  33. SeUtilSecurityInfoFromSecurityDescriptor(
  34. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  35. OUT BOOLEAN *DaclFromDefaultSource,
  36. OUT PSECURITY_INFORMATION SecurityInformation
  37. )
  38. /*++
  40. Routine Description:
  42. This routine retrieves security information from a security descriptor.
  44. Arguments:
  46. SecurityDescriptor - Security descriptor to retrieve information from.
  48. DaclFromDefaultSource - Receives TRUE if the DACL was constructed by a
  49. default mechanism.
  51. SecurityInformation - Information as extracted from the descriptor.
  53. Return Value:
  55. NTSTATUS (On error, SecurityInformation receives 0).
  57. --*/
  58. {
  59. SECURITY_INFORMATION finalSecurityInformation;
  60. BOOLEAN fromDefaultSource;
  61. BOOLEAN aclPresent;
  62. NTSTATUS status;
  63. PSID sid;
  64. PACL acl;
  66. PAGED_CODE();
  68. //
  69. // Preinitialize the security information to zero.
  70. //
  71. *DaclFromDefaultSource = FALSE;
  72. RtlZeroMemory(SecurityInformation, sizeof(SECURITY_INFORMATION));
  73. finalSecurityInformation = 0;
  75. //
  76. // Extract the owner information.
  77. //
  78. status = RtlGetOwnerSecurityDescriptor(
  79. SecurityDescriptor,
  80. &sid,
  81. &fromDefaultSource
  82. );
  84. if (!NT_SUCCESS(status)) {
  86. return status;
  87. }
  89. if (sid != NULL) {
  91. finalSecurityInformation |= OWNER_SECURITY_INFORMATION;
  92. }
  94. //
  95. // Extract the group information.
  96. //
  97. status = RtlGetGroupSecurityDescriptor(
  98. SecurityDescriptor,
  99. &sid,
  100. &fromDefaultSource
  101. );
  103. if (!NT_SUCCESS(status)) {
  105. return status;
  106. }
  108. if (sid != NULL) {
  110. finalSecurityInformation |= GROUP_SECURITY_INFORMATION;
  111. }
  113. //
  114. // Extract the SACL (Auditing ACL) information.
  115. //
  116. status = RtlGetSaclSecurityDescriptor(
  117. SecurityDescriptor,
  118. &aclPresent,
  119. &acl,
  120. &fromDefaultSource
  121. );
  123. if (!NT_SUCCESS(status)) {
  125. return status;
  126. }
  128. if (aclPresent) {
  130. finalSecurityInformation |= SACL_SECURITY_INFORMATION;
  131. }
  133. //
  134. // Extract the DACL (discretionary/access ACL) information.
  135. //
  136. status = RtlGetDaclSecurityDescriptor(
  137. SecurityDescriptor,
  138. &aclPresent,
  139. &acl,
  140. &fromDefaultSource
  141. );
  143. if (!NT_SUCCESS(status)) {
  145. return status;
  146. }
  148. if (aclPresent) {
  150. finalSecurityInformation |= DACL_SECURITY_INFORMATION;
  151. }
  153. //
  154. // Return the final result.
  155. //
  156. *DaclFromDefaultSource = fromDefaultSource;
  157. *SecurityInformation = finalSecurityInformation;
  158. return STATUS_SUCCESS;
  159. }
  162. #ifndef _KERNELIMPLEMENTATION_
  164. VOID
  165. SeSetSecurityAccessMask(
  166. IN SECURITY_INFORMATION SecurityInformation,
  167. OUT ACCESS_MASK *DesiredAccess
  168. )
  169. /*++
  171. Routine Description:
  173. This routine builds an access mask representing the accesses necessary
  174. to set the object security information specified in the SecurityInformation
  175. parameter. While it is not difficult to determine this information,
  176. the use of a single routine to generate it will ensure minimal impact
  177. when the security information associated with an object is extended in
  178. the future (to include mandatory access control information).
  180. Arguments:
  182. SecurityInformation - Identifies the object's security information to be
  183. modified.
  185. DesiredAccess - Points to an access mask to be set to represent the
  186. accesses necessary to modify the information specified in the
  187. SecurityInformation parameter.
  189. Return Value:
  191. None.
  193. --*/
  194. {
  195. PAGED_CODE();
  197. //
  198. // Figure out accesses needed to perform the indicated operation(s).
  199. //
  201. (*DesiredAccess) = 0;
  203. if ((SecurityInformation & OWNER_SECURITY_INFORMATION) ||
  204. (SecurityInformation & GROUP_SECURITY_INFORMATION) ) {
  205. (*DesiredAccess) |= WRITE_OWNER;
  206. }
  208. if (SecurityInformation & DACL_SECURITY_INFORMATION) {
  209. (*DesiredAccess) |= WRITE_DAC;
  210. }
  212. if (SecurityInformation & SACL_SECURITY_INFORMATION) {
  213. (*DesiredAccess) |= ACCESS_SYSTEM_SECURITY;
  214. }
  216. return;
  217. }
  219. #endif // _KERNELIMPLEMENTATION_