archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/osshell/progman/secdesc.c

272 lines
6.5 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: secdesc.c
  3. *
  4. * Copyright (c) 1991, Microsoft Corporation
  5. *
  6. * Routines that support creation and deletion of security descriptors
  7. *
  8. * History:
  9. * 02-06-92 Davidc Created.
  10. \***************************************************************************/
  12. #include "sec.h"
  14. //
  15. // Private prototypes
  16. //
  18. PVOID
  19. CreateAccessAllowedAce(
  20. PSID Sid,
  21. ACCESS_MASK AccessMask,
  22. UCHAR AceFlags,
  23. UCHAR InheritFlags
  24. );
  26. VOID
  27. DestroyAce(
  28. PVOID Ace
  29. );
  33. /***************************************************************************\
  34. * CreateSecurityDescriptor
  35. *
  36. * Creates a security descriptor containing an ACL containing the specified ACEs
  37. *
  38. * A SD created with this routine should be destroyed using
  39. * DeleteSecurityDescriptor
  40. *
  41. * Returns a pointer to the security descriptor or NULL on failure.
  42. *
  43. * 02-06-92 Davidc Created.
  44. \***************************************************************************/
  46. PSECURITY_DESCRIPTOR
  47. CreateSecurityDescriptor(
  48. PMYACE MyAce,
  49. ACEINDEX AceCount
  50. )
  51. {
  52. NTSTATUS Status;
  53. ACEINDEX AceIndex;
  54. PACCESS_ALLOWED_ACE *Ace;
  55. PACL Acl = NULL;
  56. PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  57. DWORD LengthAces;
  58. DWORD LengthAcl;
  59. DWORD LengthSd;
  61. //
  62. // Allocate space for the ACE pointer array
  63. //
  65. Ace = (PACCESS_ALLOWED_ACE *)Alloc(sizeof(PACCESS_ALLOWED_ACE) * AceCount);
  66. if (Ace == NULL) {
  67. DbgOnlyPrint("progman failed to allocated ACE array\n\r");
  68. return(NULL);
  69. }
  71. //
  72. // Create the ACEs and calculate total ACE size
  73. //
  75. LengthAces = 0;
  76. for (AceIndex=0; AceIndex < AceCount; AceIndex ++) {
  77. Ace[AceIndex] = CreateAccessAllowedAce(MyAce[AceIndex].Sid,
  78. MyAce[AceIndex].AccessMask,
  79. 0,
  80. MyAce[AceIndex].InheritFlags);
  81. if (Ace[AceIndex] == NULL) {
  82. DbgOnlyPrint("progman : Failed to allocate ace\n\r");
  83. } else {
  84. LengthAces += Ace[AceIndex]->Header.AceSize;
  85. }
  86. }
  88. //
  89. // Calculate ACL and SD sizes
  90. //
  92. LengthAcl = sizeof(ACL) + LengthAces;
  93. LengthSd = SECURITY_DESCRIPTOR_MIN_LENGTH;
  95. //
  96. // Create the ACL
  97. //
  99. Acl = Alloc(LengthAcl);
  101. if (Acl != NULL) {
  103. Status = RtlCreateAcl(Acl, LengthAcl, ACL_REVISION);
  105. if (NT_SUCCESS(Status))
  106. {
  107. //
  108. // Add the ACES to the ACL and destroy the ACEs
  109. //
  111. for (AceIndex = 0; AceIndex < AceCount; AceIndex ++) {
  113. if (Ace[AceIndex] != NULL) {
  115. Status = RtlAddAce(Acl, ACL_REVISION, 0, Ace[AceIndex],
  116. Ace[AceIndex]->Header.AceSize);
  118. if (!NT_SUCCESS(Status)) {
  119. DbgOnlyPrint("progman : AddAce failed, status = 0x%lx\n\r", Status);
  120. }
  122. DestroyAce(Ace[AceIndex]);
  123. }
  124. }
  125. }
  126. else
  127. {
  128. Free(Acl);
  129. Acl = NULL;
  130. }
  132. } else {
  133. DbgOnlyPrint("progman : Failed to allocate ACL\n\r");
  134. }
  136. //
  137. // Free the ACE pointer array
  138. //
  139. Free(Ace);
  141. //
  142. // Create the security descriptor
  143. //
  145. SecurityDescriptor = Alloc(LengthSd);
  147. if (SecurityDescriptor != NULL) {
  149. Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
  150. ASSERT(NT_SUCCESS(Status));
  152. //
  153. // Set the DACL on the security descriptor
  154. //
  155. Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Acl, FALSE);
  156. if (!NT_SUCCESS(Status)) {
  157. DbgOnlyPrint("progman : SetDACLSD failed, status = 0x%lx\n\r", Status);
  158. }
  159. } else {
  160. DbgOnlyPrint("progman : Failed to allocate security descriptor\n\r");
  161. }
  163. //
  164. // Return with our spoils
  165. //
  166. return(SecurityDescriptor);
  167. }
  170. /***************************************************************************\
  171. * DeleteSecurityDescriptor
  172. *
  173. * Deletes a security descriptor created using CreateSecurityDescriptor
  174. *
  175. * Returns TRUE on success, FALSE on failure
  176. *
  177. * 02-06-92 Davidc Created.
  178. \***************************************************************************/
  180. BOOL
  181. DeleteSecurityDescriptor(
  182. PSECURITY_DESCRIPTOR SecurityDescriptor
  183. )
  184. {
  185. NTSTATUS Status;
  186. PACL Acl;
  187. BOOLEAN Present;
  188. BOOLEAN Defaulted;
  190. ASSERT(SecurityDescriptor != NULL);
  192. //
  193. // Get the ACL
  194. //
  195. Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
  196. &Present, &Acl, &Defaulted);
  197. if (NT_SUCCESS(Status)) {
  199. //
  200. // Destroy the ACL
  201. //
  202. if (Present && (Acl != NULL)) {
  203. Free(Acl);
  204. }
  205. } else {
  206. DbgOnlyPrint("progman : Failed to get DACL from security descriptor being destroyed, Status = 0x%lx\n\r", Status);
  207. }
  209. //
  210. // Destroy the Security Descriptor
  211. //
  212. Free(SecurityDescriptor);
  214. return(TRUE);
  215. }
  218. /***************************************************************************\
  219. * CreateAccessAllowedAce
  220. *
  221. * Allocates memory for an ACCESS_ALLOWED_ACE and fills it in.
  222. * The memory should be freed by calling DestroyACE.
  223. *
  224. * Returns pointer to ACE on success, NULL on failure
  225. *
  226. * History:
  227. * 12-05-91 Davidc Created
  228. \***************************************************************************/
  229. PVOID
  230. CreateAccessAllowedAce(
  231. PSID Sid,
  232. ACCESS_MASK AccessMask,
  233. UCHAR AceFlags,
  234. UCHAR InheritFlags
  235. )
  236. {
  237. DWORD LengthSid = RtlLengthSid(Sid);
  238. DWORD LengthACE = sizeof(ACE_HEADER) + sizeof(ACCESS_MASK) + LengthSid;
  239. PACCESS_ALLOWED_ACE Ace;
  241. Ace = (PACCESS_ALLOWED_ACE)Alloc(LengthACE);
  242. if (Ace == NULL) {
  243. DbgOnlyPrint("progman : CreateAccessAllowedAce : Failed to allocate ace\n\r");
  244. return NULL;
  245. }
  247. Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  248. Ace->Header.AceSize = (USHORT)LengthACE;
  249. Ace->Header.AceFlags = AceFlags | InheritFlags;
  250. Ace->Mask = AccessMask;
  251. RtlCopySid(LengthSid, (PSID)(&(Ace->SidStart)), Sid );
  253. return(Ace);
  254. }
  257. /***************************************************************************\
  258. * DestroyAce
  259. *
  260. * Frees the memory allocate for an ACE
  261. *
  262. * History:
  263. * 12-05-91 Davidc Created
  264. \***************************************************************************/
  265. VOID
  266. DestroyAce(
  267. PVOID Ace
  268. )
  269. {
  270. Free(Ace);
  271. }
  273.