archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/mcast/pgm/sys/security.c

212 lines
5.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000-2000 Microsoft Corporation
  5. Module Name:
  7. Security.c
  9. Abstract:
  11. This module implements various Security routines used by
  12. the PGM Transport
  14. Author:
  16. Mohammad Shabbir Alam (MAlam) 3-30-2000
  18. Revision History:
  20. --*/
  23. #include "precomp.h"
  25. #ifdef FILE_LOGGING
  26. #include "security.tmh"
  27. #endif // FILE_LOGGING
  30. //******************* Pageable Routine Declarations ****************
  31. #ifdef ALLOC_PRAGMA
  32. #pragma alloc_text(PAGE, PgmBuildAdminSecurityDescriptor)
  33. #pragma alloc_text(PAGE, PgmGetUserInfo)
  34. #endif
  35. //******************* Pageable Routine Declarations ****************
  38. //----------------------------------------------------------------------------
  39. NTSTATUS
  40. PgmBuildAdminSecurityDescriptor(
  41. OUT SECURITY_DESCRIPTOR **ppSecurityDescriptor
  42. )
  43. /*++
  45. Routine Description:
  47. (Lifted from TCP - TcpBuildDeviceAcl)
  48. This routine builds an ACL which gives Administrators, LocalService and NetworkService
  49. principals full access. All other principals have no access.
  51. Arguments:
  53. DeviceAcl - Output pointer to the new ACL.
  55. Return Value:
  57. STATUS_SUCCESS or an appropriate error code.
  59. --*/
  60. {
  61. PGENERIC_MAPPING GenericMapping;
  62. PSID pAdminsSid, pServiceSid, pNetworkSid;
  63. ULONG AclLength;
  64. NTSTATUS Status;
  65. ACCESS_MASK AccessMask = GENERIC_ALL;
  66. PACL pNewAcl, pAclCopy;
  67. PSID pSid;
  68. SID_IDENTIFIER_AUTHORITY Authority = SECURITY_NT_AUTHORITY;
  69. SECURITY_DESCRIPTOR *pSecurityDescriptor;
  71. PAGED_CODE();
  73. if (!(pSid = PgmAllocMem (RtlLengthRequiredSid (3), PGM_TAG('S'))) ||
  74. (!NT_SUCCESS (Status = RtlInitializeSid (pSid, &Authority, 3))))
  75. {
  76. if (pSid)
  77. {
  78. PgmFreeMem (pSid);
  79. }
  80. return (STATUS_INSUFFICIENT_RESOURCES);
  81. }
  83. *RtlSubAuthoritySid (pSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
  84. *RtlSubAuthoritySid (pSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
  85. *RtlSubAuthoritySid (pSid, 2) = SECURITY_LOCAL_SYSTEM_RID;
  86. ASSERT (RtlValidSid (pSid));
  88. AclLength = sizeof(ACL) +
  89. RtlLengthSid(pSid) +
  90. sizeof(ACCESS_ALLOWED_ACE) -
  91. sizeof(ULONG);
  92. if (!(pNewAcl = PgmAllocMem (AclLength, PGM_TAG('S'))))
  93. {
  94. PgmFreeMem (pSid);
  95. return (STATUS_INSUFFICIENT_RESOURCES);
  96. }
  98. Status = RtlCreateAcl (pNewAcl, AclLength, ACL_REVISION);
  99. if (!NT_SUCCESS(Status))
  100. {
  101. PgmFreeMem (pNewAcl);
  102. PgmFreeMem (pSid);
  103. return (Status);
  104. }
  106. Status = RtlAddAccessAllowedAce (pNewAcl,
  107. ACL_REVISION,
  108. GENERIC_ALL,
  109. pSid);
  110. ASSERT(NT_SUCCESS(Status));
  111. if (!NT_SUCCESS(Status))
  112. {
  113. PgmFreeMem (pNewAcl);
  114. PgmFreeMem (pSid);
  115. return (Status);
  116. }
  118. if (!(pSecurityDescriptor = PgmAllocMem ((sizeof(SECURITY_DESCRIPTOR) + AclLength), PGM_TAG('S'))))
  119. {
  120. PgmFreeMem (pNewAcl);
  121. PgmFreeMem (pSid);
  122. return (STATUS_INSUFFICIENT_RESOURCES);
  123. }
  125. pAclCopy = (PACL) ((PISECURITY_DESCRIPTOR) pSecurityDescriptor+1);
  126. RtlCopyMemory (pAclCopy, pNewAcl, AclLength);
  128. Status = RtlCreateSecurityDescriptor (pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
  129. if (!NT_SUCCESS (Status))
  130. {
  131. PgmFreeMem (pNewAcl);
  132. PgmFreeMem (pSid);
  133. PgmFreeMem (pSecurityDescriptor);
  134. }
  136. Status = RtlSetDaclSecurityDescriptor (pSecurityDescriptor, TRUE, pAclCopy, FALSE);
  137. if (!NT_SUCCESS (Status))
  138. {
  139. PgmFreeMem (pNewAcl);
  140. PgmFreeMem (pSid);
  141. PgmFreeMem (pSecurityDescriptor);
  142. }
  144. PgmFreeMem (pNewAcl);
  145. PgmFreeMem (pSid);
  146. *ppSecurityDescriptor = pSecurityDescriptor;
  148. return (STATUS_SUCCESS);
  149. }
  152. //----------------------------------------------------------------------------
  153. NTSTATUS
  154. PgmGetUserInfo(
  155. IN PIRP pIrp,
  156. IN PIO_STACK_LOCATION pIrpSp,
  157. OUT TOKEN_USER **ppUserId,
  158. OUT BOOLEAN *pfUserIsAdmin
  159. )
  160. {
  161. PACCESS_TOKEN *pAccessToken = NULL;
  162. TOKEN_USER *pUserId = NULL;
  163. BOOLEAN fUserIsAdmin = FALSE;
  164. SECURITY_SUBJECT_CONTEXT *pSubjectContext;
  166. PAGED_CODE();
  168. //
  169. // Get User ID
  170. //
  171. pSubjectContext = &pIrpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext;
  172. pAccessToken = SeQuerySubjectContextToken (pSubjectContext);
  173. if ((!pAccessToken) ||
  174. (!NT_SUCCESS (SeQueryInformationToken (pAccessToken, TokenUser, &pUserId))))
  175. {
  176. //
  177. // Cannot get the user token
  178. //
  179. *ppUserId = NULL;
  180. *pfUserIsAdmin = FALSE;
  181. return (STATUS_UNSUCCESSFUL);
  182. }
  184. if (ppUserId)
  185. {
  186. *ppUserId = pUserId;
  187. }
  188. else
  189. {
  190. PgmFreeMem (pUserId);
  191. }
  193. if (pfUserIsAdmin)
  194. {
  195. *pfUserIsAdmin = SeTokenIsAdmin (pAccessToken);
  196. }
  197. return (STATUS_SUCCESS);
  200. /*
  201. //
  202. // Got the user SID
  203. //
  204. if (!RtlEqualSid (gpSystemSid, pUserId->User.Sid))
  205. {
  206. fUserIsAdmin = TRUE;
  207. }
  209. PgmFreeMem (pUserId);
  210. return (fUserIsAdmin);
  211. */
  212. }