You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
161 lines
4.6 KiB
161 lines
4.6 KiB
/*++
|
|
|
|
Copyright (c) 1993 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
regacl.c
|
|
|
|
Abstract:
|
|
|
|
This module contains the code for adding access permission ACL in a registry
|
|
key.
|
|
|
|
Author:
|
|
|
|
Terrence Kwan (terryk) 25-Sept-1993
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include <procs.h>
|
|
|
|
DWORD
|
|
NwLibSetEverybodyPermission(
|
|
IN HKEY hKey,
|
|
IN DWORD dwPermission
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Set the registry key to everybody "Set Value" (or whatever
|
|
the caller want.)
|
|
|
|
Arguments:
|
|
|
|
hKey - The handle of the registry key to set security on
|
|
|
|
dwPermission - The permission to add to "everybody"
|
|
|
|
Return Value:
|
|
|
|
The win32 error.
|
|
|
|
--*/
|
|
{
|
|
LONG err; // error code
|
|
PSECURITY_DESCRIPTOR psd = NULL; // related SD
|
|
PACL pDacl = NULL; // Absolute DACL
|
|
PACL pSacl = NULL; // Absolute SACL
|
|
PSID pOSid = NULL; // Absolute Owner SID
|
|
PSID pPSid = NULL; // Absolute Primary SID
|
|
|
|
do { // Not a loop, just for breaking out of error
|
|
//
|
|
// Initialize all the variables...
|
|
//
|
|
// world sid authority
|
|
SID_IDENTIFIER_AUTHORITY SidAuth= SECURITY_WORLD_SID_AUTHORITY;
|
|
DWORD cbSize=0; // Security key size
|
|
PACL pAcl; // original ACL
|
|
BOOL fDaclPresent;
|
|
BOOL fDaclDefault;
|
|
PSID pSid; // original SID
|
|
SECURITY_DESCRIPTOR absSD; // Absolute SD
|
|
DWORD AbsSize = sizeof(SECURITY_DESCRIPTOR); // Absolute SD size
|
|
DWORD DaclSize; // Absolute DACL size
|
|
DWORD SaclSize; // Absolute SACL size
|
|
DWORD OSidSize; // Absolute OSID size
|
|
DWORD PSidSize; // Absolute PSID size
|
|
|
|
|
|
// Get the original DACL list
|
|
|
|
RegGetKeySecurity( hKey, DACL_SECURITY_INFORMATION, NULL, &cbSize);
|
|
|
|
psd = (PSECURITY_DESCRIPTOR *)LocalAlloc(LMEM_ZEROINIT, cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID));
|
|
pDacl = (PACL)LocalAlloc(LMEM_ZEROINIT, cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID));
|
|
pSacl = (PACL)LocalAlloc(LMEM_ZEROINIT, cbSize);
|
|
pOSid = (PSID)LocalAlloc(LMEM_ZEROINIT, cbSize);
|
|
pPSid = (PSID)LocalAlloc(LMEM_ZEROINIT, cbSize);
|
|
DaclSize = cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID);
|
|
SaclSize = cbSize;
|
|
OSidSize = cbSize;
|
|
PSidSize = cbSize;
|
|
|
|
if (( NULL == psd) ||
|
|
( NULL == pDacl) ||
|
|
( NULL == pSacl) ||
|
|
( NULL == pOSid) ||
|
|
( NULL == pPSid))
|
|
{
|
|
err = ERROR_INSUFFICIENT_BUFFER;
|
|
break;
|
|
}
|
|
|
|
if ( (err = RegGetKeySecurity( hKey, DACL_SECURITY_INFORMATION, psd, &cbSize )) != ERROR_SUCCESS )
|
|
{
|
|
break;
|
|
}
|
|
if ( !GetSecurityDescriptorDacl( psd, &fDaclPresent, &pAcl, &fDaclDefault ))
|
|
{
|
|
err = GetLastError();
|
|
break;
|
|
}
|
|
|
|
// Increase the size for an extra ACE
|
|
|
|
pAcl->AclSize += sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID);
|
|
|
|
// Get World SID
|
|
|
|
if ( (err = RtlAllocateAndInitializeSid( &SidAuth, 1,
|
|
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSid)) != ERROR_SUCCESS)
|
|
{
|
|
break;
|
|
}
|
|
|
|
// Add Permission ACE
|
|
|
|
if ( !AddAccessAllowedAce(pAcl, ACL_REVISION, dwPermission ,pSid))
|
|
{
|
|
err = GetLastError();
|
|
break;
|
|
}
|
|
|
|
// Convert from relate format to absolute format
|
|
|
|
if ( !MakeAbsoluteSD( psd, &absSD, &AbsSize, pDacl, &DaclSize, pSacl, &SaclSize,
|
|
pOSid, &OSidSize, pPSid, &PSidSize ))
|
|
{
|
|
err = GetLastError();
|
|
break;
|
|
}
|
|
|
|
// Set SD
|
|
|
|
if ( !SetSecurityDescriptorDacl( &absSD, TRUE, pAcl, FALSE ))
|
|
{
|
|
err = GetLastError();
|
|
break;
|
|
}
|
|
if ( (err = RegSetKeySecurity( hKey, DACL_SECURITY_INFORMATION, psd ))
|
|
!= ERROR_SUCCESS )
|
|
{
|
|
break;
|
|
}
|
|
|
|
} while (FALSE);
|
|
|
|
// Clean up the memory
|
|
|
|
LocalFree( psd );
|
|
LocalFree( pDacl );
|
|
LocalFree( pSacl );
|
|
LocalFree( pOSid );
|
|
LocalFree( pPSid );
|
|
|
|
return err;
|
|
}
|