archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/mcast/pgm/sys/security.c

212 lines
5.3 KiB
Raw Blame History

/*++
Copyright (c) 2000-2000 Microsoft Corporation
Module Name:
Security.c
Abstract:
This module implements various Security routines used by
the PGM Transport
Author:
Mohammad Shabbir Alam (MAlam) 3-30-2000
Revision History:
--*/
#include "precomp.h"
#ifdef FILE_LOGGING
#include "security.tmh"
#endif // FILE_LOGGING
//******************* Pageable Routine Declarations ****************
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, PgmBuildAdminSecurityDescriptor)
#pragma alloc_text(PAGE, PgmGetUserInfo)
#endif
//******************* Pageable Routine Declarations ****************
//----------------------------------------------------------------------------
NTSTATUS
PgmBuildAdminSecurityDescriptor(
OUT SECURITY_DESCRIPTOR **ppSecurityDescriptor
)
/*++
Routine Description:
(Lifted from TCP - TcpBuildDeviceAcl)
This routine builds an ACL which gives Administrators, LocalService and NetworkService
principals full access. All other principals have no access.
Arguments:
DeviceAcl - Output pointer to the new ACL.
Return Value:
STATUS_SUCCESS or an appropriate error code.
--*/
{
PGENERIC_MAPPING GenericMapping;
PSID pAdminsSid, pServiceSid, pNetworkSid;
ULONG AclLength;
NTSTATUS Status;
ACCESS_MASK AccessMask = GENERIC_ALL;
PACL pNewAcl, pAclCopy;
PSID pSid;
SID_IDENTIFIER_AUTHORITY Authority = SECURITY_NT_AUTHORITY;
SECURITY_DESCRIPTOR *pSecurityDescriptor;
PAGED_CODE();
if (!(pSid = PgmAllocMem (RtlLengthRequiredSid (3), PGM_TAG('S'))) ||
(!NT_SUCCESS (Status = RtlInitializeSid (pSid, &Authority, 3))))
{
if (pSid)
{
PgmFreeMem (pSid);
}
return (STATUS_INSUFFICIENT_RESOURCES);
}
*RtlSubAuthoritySid (pSid, 0) = SECURITY_BUILTIN_DOMAIN_RID;
*RtlSubAuthoritySid (pSid, 1) = DOMAIN_ALIAS_RID_ADMINS;
*RtlSubAuthoritySid (pSid, 2) = SECURITY_LOCAL_SYSTEM_RID;
ASSERT (RtlValidSid (pSid));
AclLength = sizeof(ACL) +
RtlLengthSid(pSid) +
sizeof(ACCESS_ALLOWED_ACE) -
sizeof(ULONG);
if (!(pNewAcl = PgmAllocMem (AclLength, PGM_TAG('S'))))
{
PgmFreeMem (pSid);
return (STATUS_INSUFFICIENT_RESOURCES);
}
Status = RtlCreateAcl (pNewAcl, AclLength, ACL_REVISION);
if (!NT_SUCCESS(Status))
{
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
return (Status);
}
Status = RtlAddAccessAllowedAce (pNewAcl,
ACL_REVISION,
GENERIC_ALL,
pSid);
ASSERT(NT_SUCCESS(Status));
if (!NT_SUCCESS(Status))
{
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
return (Status);
}
if (!(pSecurityDescriptor = PgmAllocMem ((sizeof(SECURITY_DESCRIPTOR) + AclLength), PGM_TAG('S'))))
{
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
return (STATUS_INSUFFICIENT_RESOURCES);
}
pAclCopy = (PACL) ((PISECURITY_DESCRIPTOR) pSecurityDescriptor+1);
RtlCopyMemory (pAclCopy, pNewAcl, AclLength);
Status = RtlCreateSecurityDescriptor (pSecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS (Status))
{
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
PgmFreeMem (pSecurityDescriptor);
}
Status = RtlSetDaclSecurityDescriptor (pSecurityDescriptor, TRUE, pAclCopy, FALSE);
if (!NT_SUCCESS (Status))
{
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
PgmFreeMem (pSecurityDescriptor);
}
PgmFreeMem (pNewAcl);
PgmFreeMem (pSid);
*ppSecurityDescriptor = pSecurityDescriptor;
return (STATUS_SUCCESS);
}
//----------------------------------------------------------------------------
NTSTATUS
PgmGetUserInfo(
IN PIRP pIrp,
IN PIO_STACK_LOCATION pIrpSp,
OUT TOKEN_USER **ppUserId,
OUT BOOLEAN *pfUserIsAdmin
)
{
PACCESS_TOKEN *pAccessToken = NULL;
TOKEN_USER *pUserId = NULL;
BOOLEAN fUserIsAdmin = FALSE;
SECURITY_SUBJECT_CONTEXT *pSubjectContext;
PAGED_CODE();
//
// Get User ID
//
pSubjectContext = &pIrpSp->Parameters.Create.SecurityContext->AccessState->SubjectSecurityContext;
pAccessToken = SeQuerySubjectContextToken (pSubjectContext);
if ((!pAccessToken) ||
(!NT_SUCCESS (SeQueryInformationToken (pAccessToken, TokenUser, &pUserId))))
{
//
// Cannot get the user token
//
*ppUserId = NULL;
*pfUserIsAdmin = FALSE;
return (STATUS_UNSUCCESSFUL);
}
if (ppUserId)
{
*ppUserId = pUserId;
}
else
{
PgmFreeMem (pUserId);
}
if (pfUserIsAdmin)
{
*pfUserIsAdmin = SeTokenIsAdmin (pAccessToken);
}
return (STATUS_SUCCESS);
/*
//
// Got the user SID
//
if (!RtlEqualSid (gpSystemSid, pUserId->User.Sid))
{
fUserIsAdmin = TRUE;
}
PgmFreeMem (pUserId);
return (fUserIsAdmin);
*/
}