You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
2.8 KiB
122 lines
2.8 KiB
/*++
|
|
|
|
Copyright (c) 1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
msgsec.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the Messenger service support routines
|
|
which create security objects and enforce security _access checking.
|
|
|
|
Author:
|
|
|
|
Dan Lafferty (danl) 07-Aug-1991
|
|
|
|
Environment:
|
|
|
|
User Mode -Win32
|
|
|
|
Revision History:
|
|
|
|
07-Aug-1991 danl
|
|
created
|
|
|
|
--*/
|
|
|
|
//
|
|
// Includes
|
|
//
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windef.h>
|
|
|
|
#include <lmcons.h> // NET_API_STATUS.
|
|
#include <lmerr.h>
|
|
#include <netlibnt.h>
|
|
|
|
#include "msgdbg.h"
|
|
#include "msgsec.h"
|
|
#include "msgdata.h"
|
|
|
|
|
|
//
|
|
// Global Variables -
|
|
//
|
|
// Security Descriptor for Messenger Name object. This is used to control
|
|
// access to the Messenger Name Table.
|
|
//
|
|
|
|
PSECURITY_DESCRIPTOR MessageNameSd;
|
|
|
|
|
|
//
|
|
// Structure that describes the mapping of Generic access rights to object
|
|
// specific access rights for the Messenger Name Object.
|
|
//
|
|
|
|
GENERIC_MAPPING MsgMessageNameMapping = {
|
|
STANDARD_RIGHTS_READ | // Generic Read
|
|
MSGR_MESSAGE_NAME_INFO_GET |
|
|
MSGR_MESSAGE_NAME_ENUM,
|
|
STANDARD_RIGHTS_WRITE | // Generic Write
|
|
MSGR_MESSAGE_NAME_ADD |
|
|
MSGR_MESSAGE_NAME_DEL,
|
|
STANDARD_RIGHTS_EXECUTE, // Generic Execute
|
|
MSGR_MESSAGE_ALL_ACCESS // Generic all
|
|
};
|
|
|
|
|
|
|
|
NET_API_STATUS
|
|
MsgCreateMessageNameObject(
|
|
VOID
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function creates the Messenger Message Name Object.
|
|
|
|
Arguments:
|
|
|
|
None.
|
|
|
|
Return Value:
|
|
|
|
NET_API_STATUS - translated status returned from NetpCreateSecurityObject.
|
|
|
|
--*/
|
|
{
|
|
NTSTATUS ntStatus;
|
|
|
|
//
|
|
// Order matters! These ACEs are inserted into the DACL in the
|
|
// following order. Security access is granted or denied based on
|
|
// the order of the ACEs in the DACL.
|
|
//
|
|
// Admins, and local users are allowed to get and change all information.
|
|
//
|
|
|
|
#define MESSAGE_NAME_ACES 2 // Number of ACES in this DACL
|
|
|
|
ACE_DATA AceData[MESSAGE_NAME_ACES] = {
|
|
{ACCESS_ALLOWED_ACE_TYPE, 0, 0, GENERIC_ALL, &MsgsvcGlobalData->LocalSid},
|
|
{ACCESS_ALLOWED_ACE_TYPE, 0, 0, GENERIC_ALL, &MsgsvcGlobalData->AliasAdminsSid}
|
|
};
|
|
|
|
ntStatus = NetpCreateSecurityObject(
|
|
AceData, // Ace Data
|
|
MESSAGE_NAME_ACES, // Ace Count
|
|
MsgsvcGlobalData->LocalSystemSid, // Owner Sid
|
|
MsgsvcGlobalData->LocalSystemSid, // Group Sid
|
|
&MsgMessageNameMapping, // Generic Mapping
|
|
&MessageNameSd); // New Descriptor
|
|
|
|
return(NetpNtStatusToApiStatus(ntStatus));
|
|
}
|