archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ipsec/ipsecshr/nsuacl.c

277 lines
6.8 KiB
Raw Blame History

// Copyright (c) 1997-2002 Microsoft Corporation
//
// Module:
//
// Network Security Utilities
//
// Abstract:
//
// Acl API's
//
// Authors:
//
// pmay 2/5/02
// raymonds 03/20/02
//
// Environment:
//
// User mode
//
// Revision History:
//
#include <precomp.h>
// Private declarations
//
// Maximum string security descriptor length
//
#define MAX_STR_SD_LEN 128
// TBD: Remove these when incorporated into main NSU utilities
#define CLEANUP Cleanup
#define BAIL_ON_ERROR(err) if((err) != ERROR_SUCCESS) {goto CLEANUP;}
#define BAIL_ON_NULL(ptr, err) if ((ptr) == NULL) {(err) = ERROR_NOT_ENOUGH_MEMORY; goto CLEANUP;}
#define BAIL_OUT {goto CLEANUP;}
// Description:
//
// Allocates and initializes a SECURITY_ATTRIBUTES structure that gives
// access according to the flags passed in. (contained SD is self-relative).
//
// Arguments:
//
// ppSecurityAttributes - pointer to SECURITY_ATTRIBUTES created.
// Use NsuAclAttributesDestroy to destroy.
// dwFlags - see NSU_ACL_F_* values
//
// Return Value:
//
// An allocated security attributes structure or NULL if out of memory.
//
//
// TBD: use NsuString and Nsu mem functions
DWORD
NsuAclAttributesCreate(
OUT PSECURITY_ATTRIBUTES* ppSecurityAttributes,
IN DWORD dwFlags)
{
DWORD dwError = ERROR_SUCCESS;
SECURITY_ATTRIBUTES *pSecurityAttributes = NULL;
pSecurityAttributes = LocalAlloc(LPTR, sizeof(SECURITY_ATTRIBUTES));
BAIL_ON_NULL(pSecurityAttributes, dwError);
dwError = NsuAclDescriptorCreate(
(PSECURITY_DESCRIPTOR*) &pSecurityAttributes->lpSecurityDescriptor,
dwFlags
);
BAIL_ON_ERROR(dwError);
pSecurityAttributes->nLength = sizeof(SECURITY_ATTRIBUTES);
pSecurityAttributes->bInheritHandle = FALSE;
*ppSecurityAttributes = pSecurityAttributes;
return dwError;
CLEANUP:
if (pSecurityAttributes) {
NsuAclAttributesDestroy(&pSecurityAttributes);
}
*ppSecurityAttributes = NULL;
return dwError;
}
// Description:
//
// Deallocates return value of NsuAclCreateAttributes.
//
DWORD
NsuAclAttributesDestroy(
IN OUT PSECURITY_ATTRIBUTES* ppSecurityAttributes)
{
DWORD dwError = ERROR_SUCCESS;
if (!ppSecurityAttributes) {
BAIL_OUT;
}
// Destroy Security descriptor, ignoring any errors, since there's not much we
// can do and want to clean up the rest of the attributes as much as possible.
//
(VOID) NsuAclDescriptorDestroy((*ppSecurityAttributes)->lpSecurityDescriptor);
(VOID) LocalFree(*ppSecurityAttributes);
*ppSecurityAttributes = NULL;
return dwError;
CLEANUP:
return dwError;
}
// Description:
//
// Allocates and initializes a self-relative SECURITY_DESCRIPTOR structure that gives
// access according to the flags passed in.
//
// Arguments:
//
// ppSecurityDescriptor - security descriptor created. Use NsuAclDescriptorDestroy
// to destroy.
// dwFlags - see NSU_ACL_F_* values
//
// Return Value:
//
// An allocated security attributes structure or NULL if out of memory.
//
DWORD
NsuAclDescriptorCreate (
OUT PSECURITY_DESCRIPTOR* ppSecurityDescriptor,
IN DWORD dwFlags)
{
DWORD dwError = ERROR_SUCCESS;
BOOL fSucceeded = TRUE;
WCHAR szStringSecurityDescriptor[MAX_STR_SD_LEN] = {0};
PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
wcscpy(szStringSecurityDescriptor, L"D:AIAR");
if (dwFlags & NSU_ACL_F_AdminFull) {
wcscat(szStringSecurityDescriptor, L"(A;OICI;GA;;;BA)");
}
if (dwFlags & NSU_ACL_F_LocalSystemFull) {
wcscat(szStringSecurityDescriptor, L"(A;OICI;GA;;;SY)");
}
fSucceeded = ConvertStringSecurityDescriptorToSecurityDescriptorW(
szStringSecurityDescriptor,
SDDL_REVISION_1,
&pSecurityDescriptor,
NULL
);
if (!fSucceeded) {
dwError = GetLastError();
BAIL_OUT;
}
*ppSecurityDescriptor = pSecurityDescriptor;
return dwError;
CLEANUP:
NsuAclDescriptorDestroy(&pSecurityDescriptor);
*ppSecurityDescriptor = NULL;
return dwError;
}
// Description:
//
// Deallocates return value of NsuAclCreateDescriptor.
//
DWORD
NsuAclDescriptorDestroy(
IN OUT PSECURITY_DESCRIPTOR* ppDescriptor)
{
DWORD dwError = ERROR_SUCCESS;
if (!ppDescriptor) {
BAIL_OUT;
}
(VOID) LocalFree(*ppDescriptor);
*ppDescriptor = NULL;
return dwError;
CLEANUP:
return dwError;
}
// Description:
//
// Used to determine whether a given security descriptor grants
// full access to everyone.
//
// Arguments:
//
// pSD - the security descriptor
// pbRestricts - TRUE if non-Everyone-full-access, FALSE otherwise
//
// Return Value:
//
// Standard win32 error
//
DWORD
NsuAclDescriptorRestricts(
IN CONST PSECURITY_DESCRIPTOR pSD,
OUT BOOL* pbRestricts)
{
return ERROR_CALL_NOT_IMPLEMENTED;
}
// Description:
//
// Gets security descriptor of a regkey.
//
//
// Arguments:
//
// ppSecurityDescriptor - security descriptor returned. Use NsuAclDescriptorDestroy
// to destroy.
// hKey - open handle of registry key
//
// Return Value:
//
// An allocated security attributes structure or NULL if out of memory.
//
DWORD
NsuAclGetRegKeyDescriptor(
IN HKEY hKey,
OUT PSECURITY_DESCRIPTOR* ppSecurityDescriptor
)
{
PSECURITY_DESCRIPTOR pSecurityDescriptor = 0;
DWORD dwError = ERROR_SUCCESS;
DWORD cbSecurityDescriptor = 0;
cbSecurityDescriptor = 0;
dwError = RegGetKeySecurity(
hKey,
DACL_SECURITY_INFORMATION,
NULL,
&cbSecurityDescriptor
);
if (dwError != ERROR_INSUFFICIENT_BUFFER) {
BAIL_ON_ERROR(dwError);
}
pSecurityDescriptor = LocalAlloc(LPTR, cbSecurityDescriptor);
BAIL_ON_NULL(pSecurityDescriptor, dwError);
dwError = RegGetKeySecurity(
hKey,
DACL_SECURITY_INFORMATION,
pSecurityDescriptor,
&cbSecurityDescriptor
);
BAIL_ON_ERROR(dwError);
*ppSecurityDescriptor = pSecurityDescriptor;
CLEANUP:
if (dwError) {
if (pSecurityDescriptor) {
LocalFree(pSecurityDescriptor);
}
*ppSecurityDescriptor = NULL;
}
return dwError;
}