You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
120 lines
3.1 KiB
120 lines
3.1 KiB
#include "pch.h"
|
|
|
|
BOOL
|
|
MyAccessCheck(
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
IN PACE_HEADER pAce,
|
|
IN PVOID pArgs OPTIONAL,
|
|
IN OUT PBOOL pbAceApplicable
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description
|
|
|
|
This is a very trivial example of a callback access check routine. Here we randomly decide
|
|
if the ACE applies to the given client context.
|
|
|
|
Arguments
|
|
|
|
hAuthzClientContext - handle to AuthzClientContext.
|
|
pAce - pointer to Ace header.
|
|
pArgs - optional arguments that can be used in evaluating the ACE.
|
|
pbAceApplicable - returns the result of the evaluation.
|
|
|
|
Return value
|
|
|
|
Bool, true if ACE is applicable, false otherwise.
|
|
--*/
|
|
{
|
|
*pbAceApplicable = (BOOL) rand() % 2;
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL
|
|
MyComputeDynamicGroups(
|
|
IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
|
|
IN PVOID Args,
|
|
OUT PSID_AND_ATTRIBUTES *pSidAttrArray,
|
|
OUT PDWORD pSidCount,
|
|
OUT PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray,
|
|
OUT PDWORD pRestrictedSidCount
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description
|
|
|
|
Resource manager callback to compute dynamic groups. This is used by the RM
|
|
to decide if the specified client context should be included in any RM defined groups.
|
|
|
|
Arguments
|
|
|
|
hAuthzClientContext - handle to client context.
|
|
Args - optional parameter to pass information for evaluating group membership.
|
|
pSidAttrArray - computed group membership SIDs
|
|
pSidCount - count of SIDs
|
|
pRestrictedSidAttrArray - computed group membership restricted SIDs
|
|
pRestrictedSidCount - count of restricted SIDs
|
|
|
|
Return Value
|
|
|
|
Bool, true for success, false on failure.
|
|
|
|
--*/
|
|
{
|
|
ULONG Length = 0;
|
|
|
|
if (Args == -1)
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
*pSidCount = 2;
|
|
*pRestrictedSidCount = 0;
|
|
|
|
*pRestrictedSidAttrArray = 0;
|
|
|
|
Length = RtlLengthSid((PSID) KedarSid);
|
|
Length += RtlLengthSid((PSID) RahulSid);
|
|
|
|
if (!(*pSidAttrArray = malloc(sizeof(SID_AND_ATTRIBUTES) * 2 + Length)))
|
|
{
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return FALSE;
|
|
}
|
|
|
|
(*pSidAttrArray)[0].Attributes = SE_GROUP_ENABLED;
|
|
(*pSidAttrArray)[0].Sid = ((PUCHAR) (*pSidAttrArray)) + 2 * sizeof(SID_AND_ATTRIBUTES);
|
|
RtlCopySid(Length/2, (*pSidAttrArray)[0].Sid, (PSID) KedarSid);
|
|
|
|
(*pSidAttrArray)[1].Attributes = SE_GROUP_USE_FOR_DENY_ONLY;
|
|
(*pSidAttrArray)[1].Sid = ((PUCHAR) (*pSidAttrArray)) + 2 * sizeof(SID_AND_ATTRIBUTES) + Length/2;
|
|
RtlCopySid(Length/2, (*pSidAttrArray)[1].Sid, (PSID) RahulSid);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
VOID
|
|
MyFreeDynamicGroups (
|
|
IN PSID_AND_ATTRIBUTES pSidAttrArray
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description
|
|
|
|
Frees memory allocated for the dynamic group array.
|
|
|
|
Arguments
|
|
|
|
pSidAttrArray - array to free.
|
|
|
|
Return Value
|
|
None.
|
|
--*/
|
|
{
|
|
if (pSidAttrArray) free(pSidAttrArray);
|
|
}
|
|
|