archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/netapi/svcdlls/logonsrv/server/nlsecure.c

116 lines
2.6 KiB
Raw Blame History

/*++
Copyright (c) 1991-1996 Microsoft Corporation
Module Name:
nlsecure.c
Abstract:
This module contains the Netlogon service support routines
which create security objects and enforce security _access checking.
Author:
Cliff Van Dyke (CliffV) 22-Aug-1991
Revision History:
--*/
#include "logonsrv.h" // Include files common to entire service
#pragma hdrstop
//
// Include nlsecure.h again allocating the actual variables
// this time around.
//
#define NLSECURE_ALLOCATE
#include "nlsecure.h"
#undef NLSECURE_ALLOCATE
NTSTATUS
NlCreateNetlogonObjects(
VOID
)
/*++
Routine Description:
This function creates the workstation user-mode objects which are
represented by security descriptors.
Arguments:
None.
Return Value:
NT status code
--*/
{
NTSTATUS Status;
//
// Order matters! These ACEs are inserted into the DACL in the
// following order. Security access is granted or denied based on
// the order of the ACEs in the DACL.
//
//
// Members of Group SECURITY_LOCAL aren't allowed to do a UAS logon
// to force it to be done remotely.
//
ACE_DATA AceData[] = {
{ACCESS_DENIED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS,
&LocalSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
GENERIC_ALL, &AliasAdminsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasAccountOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasSystemOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS |
NETLOGON_SERVICE_ACCESS, &LocalSystemSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_SERVICE_ACCESS, &LocalServiceSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_FTINFO_ACCESS, &AuthenticatedUserSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS |
NETLOGON_QUERY_ACCESS, &WorldSid}
};
//
// Actually create the security descriptor.
//
Status = NetpCreateSecurityObject(
AceData,
sizeof(AceData)/sizeof(AceData[0]),
AliasAdminsSid,
AliasAdminsSid,
&NlGlobalNetlogonInfoMapping,
&NlGlobalNetlogonSecurityDescriptor );
return Status;
}