archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/services/sched/setup/security.cxx

278 lines
7.6 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1996.
  5. //
  6. // File: security.cxx
  7. //
  8. // Contents: Security-related helper functions used by the Task Scheduler
  9. // setup program to set security on the job folder.
  10. //
  11. // Classes: None.
  12. //
  13. // Functions:
  14. //
  15. // History: 23-Sep-96 AnirudhS Copied with minor modifications from
  16. // ..\job\security.cxx.
  17. //
  18. //----------------------------------------------------------------------------
  20. #include <windows.h>
  21. #include "..\inc\security.hxx"
  23. #define schDebugOut(x)
  24. #define schAssert(x)
  26. //+---------------------------------------------------------------------------
  27. //
  28. // Function: CreateSecurityDescriptor
  29. //
  30. // Synopsis: Create a security descriptor with the ACE information
  31. // specified.
  32. //
  33. // Arguments: [AceCount] -- ACE count (no. of rgMyAce and rgAce elements).
  34. // [rgMyAce] -- ACE specification array.
  35. // [rgAce] -- Caller allocated array of ptrs to ACEs so
  36. // this function doesn't have to allocate it.
  37. //
  38. // Returns: TRUE -- Function succeeded,
  39. // FALSE -- Otherwise.
  40. //
  41. // Notes: None.
  42. //
  43. //----------------------------------------------------------------------------
  44. PSECURITY_DESCRIPTOR
  45. CreateSecurityDescriptor(
  46. DWORD AceCount,
  47. MYACE rgMyAce[],
  48. PACCESS_ALLOWED_ACE rgAce[],
  49. DWORD * pStatus)
  50. {
  51. PSECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
  52. PACL pAcl = NULL;
  53. DWORD LengthAces = 0;
  54. DWORD LengthAcl;
  55. DWORD i;
  56. DWORD Status;
  58. for (i = 0; i < AceCount; i++)
  59. {
  60. rgAce[i] = CreateAccessAllowedAce(rgMyAce[i].pSid,
  61. rgMyAce[i].AccessMask,
  62. 0,
  63. rgMyAce[i].InheritFlags,
  64. &Status);
  66. if (rgAce[i] == NULL)
  67. {
  68. goto ErrorExit;
  69. }
  71. LengthAces += rgAce[i]->Header.AceSize;
  72. }
  74. //
  75. // Calculate ACL and SD sizes
  76. //
  78. LengthAcl = sizeof(ACL) + LengthAces;
  80. //
  81. // Create the ACL.
  82. //
  84. pAcl = (PACL)LocalAlloc(LMEM_FIXED, LengthAcl);
  86. if (pAcl == NULL)
  87. {
  88. Status = ERROR_NOT_ENOUGH_MEMORY;
  89. schDebugOut((DEB_ERROR,
  90. "CreateSecurityDescriptor, ACL allocation failed\n"));
  91. goto ErrorExit;
  92. }
  94. if (!InitializeAcl(pAcl, LengthAcl, ACL_REVISION))
  95. {
  96. Status = GetLastError();
  97. schDebugOut((DEB_ERROR,
  98. "CreateSecurityDescriptor, InitializeAcl failed, " \
  99. "status = 0x%lx\n",
  100. Status));
  101. goto ErrorExit;
  102. }
  104. for (i = 0; i < AceCount; i++)
  105. {
  106. if (!AddAce(pAcl,
  107. ACL_REVISION,
  108. 0,
  109. rgAce[i],
  110. rgAce[i]->Header.AceSize))
  111. {
  112. Status = GetLastError();
  113. schDebugOut((DEB_ERROR,
  114. "CreateSecurityDescriptor, AddAce[%l] failed, " \
  115. "status = 0x%lx\n", i, Status));
  116. goto ErrorExit;
  117. }
  119. LocalFree(rgAce[i]);
  120. rgAce[i] = NULL;
  121. }
  123. //
  124. // Create the security descriptor.
  125. //
  127. pSecurityDescriptor = LocalAlloc(LMEM_FIXED,
  128. SECURITY_DESCRIPTOR_MIN_LENGTH);
  130. if (pSecurityDescriptor == NULL)
  131. {
  132. Status = ERROR_NOT_ENOUGH_MEMORY;
  133. schDebugOut((DEB_ERROR,
  134. "CreateSecurityDescriptor, SECURITY_DESCRIPTOR allocation " \
  135. "failed\n"));
  136. goto ErrorExit;
  137. }
  139. if (!InitializeSecurityDescriptor(pSecurityDescriptor,
  140. SECURITY_DESCRIPTOR_REVISION))
  141. {
  142. Status = GetLastError();
  143. schDebugOut((DEB_ERROR,
  144. "CreateSecurityDescriptor, InitializeSecurityDescriptor " \
  145. "failed, status = 0x%lx\n",
  146. Status));
  147. goto ErrorExit;
  148. }
  150. if (!SetSecurityDescriptorDacl(pSecurityDescriptor,
  151. TRUE,
  152. pAcl,
  153. FALSE))
  154. {
  155. Status = GetLastError();
  156. schDebugOut((DEB_ERROR,
  157. "CreateSecurityDescriptor, SetSecurityDescriptorDacl " \
  158. "failed, status = 0x%lx\n",
  159. Status));
  160. goto ErrorExit;
  161. }
  163. if (pStatus != NULL) *pStatus = ERROR_SUCCESS;
  165. return(pSecurityDescriptor);
  167. ErrorExit:
  168. for (i = 0; i < AceCount; i++)
  169. {
  170. if (rgAce[i] != NULL)
  171. {
  172. LocalFree(rgAce[i]);
  173. rgAce[i] = NULL;
  174. }
  175. }
  176. if (pAcl != NULL) LocalFree(pAcl);
  177. if (pSecurityDescriptor != NULL) LocalFree(pSecurityDescriptor);
  179. if (pStatus != NULL) *pStatus = Status;
  181. return(NULL);
  182. }
  184. //+---------------------------------------------------------------------------
  185. //
  186. // Function: DeleteSecurityDescriptor
  187. //
  188. // Synopsis: Deallocate the security descriptor allocated in
  189. // CreateSecurityDescriptor.
  190. //
  191. // Arguments: [pSecurityDescriptor] -- SD returned from
  192. // CreateSecurityDescriptor.
  193. //
  194. // Returns: None.
  195. //
  196. // Notes: None.
  197. //
  198. //----------------------------------------------------------------------------
  199. void
  200. DeleteSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
  201. {
  202. BOOL fPresent;
  203. BOOL fDefaulted;
  204. PACL pAcl;
  206. schAssert(pSecurityDescriptor != NULL);
  208. if (GetSecurityDescriptorDacl(pSecurityDescriptor,
  209. &fPresent,
  210. &pAcl,
  211. &fDefaulted))
  212. {
  213. if (fPresent && pAcl != NULL)
  214. {
  215. LocalFree(pAcl);
  216. }
  217. }
  218. else
  219. {
  220. schDebugOut((DEB_ERROR,
  221. "DeleteSecurityDescriptor, GetSecurityDescriptorDacl failed, " \
  222. "status = 0x%lx\n",
  223. GetLastError()));
  224. }
  226. LocalFree(pSecurityDescriptor);
  227. }
  229. //+---------------------------------------------------------------------------
  230. //
  231. // Function: CreateAccessAllowedAce
  232. //
  233. // Synopsis: Scavenged code from winlogon to create an access allowed ACE.
  234. // Modified a bit to use Win32 vs. Rtl.
  235. //
  236. // Arguments: [pSid] -- Sid to which this ACE is applied.
  237. // [AccessMask] -- ACE access mask value.
  238. // [AceFlags] -- ACE flags value.
  239. // [InheritFlags] -- ACE inherit flags value.
  240. //
  241. // Returns: Created ACE if successful.
  242. // NULL on error.
  243. //
  244. // Notes: None.
  245. //
  246. //----------------------------------------------------------------------------
  247. PACCESS_ALLOWED_ACE
  248. CreateAccessAllowedAce(
  249. PSID pSid,
  250. ACCESS_MASK AccessMask,
  251. UCHAR AceFlags,
  252. UCHAR InheritFlags,
  253. DWORD * pStatus)
  254. {
  255. ULONG LengthSid = GetLengthSid(pSid);
  256. ULONG LengthACE = sizeof(ACE_HEADER) + sizeof(ACCESS_MASK) + LengthSid;
  257. PACCESS_ALLOWED_ACE Ace;
  259. Ace = (PACCESS_ALLOWED_ACE)LocalAlloc(LMEM_FIXED, LengthACE);
  261. if (Ace == NULL)
  262. {
  263. if (pStatus != NULL) *pStatus = ERROR_NOT_ENOUGH_MEMORY;
  264. schDebugOut((DEB_ERROR,
  265. "CreateAccessAllowedAce, ACE allocation failed\n"));
  266. return(NULL);
  267. }
  269. Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  270. Ace->Header.AceSize = (UCHAR)LengthACE;
  271. Ace->Header.AceFlags = AceFlags | InheritFlags;
  272. Ace->Mask = AccessMask;
  273. CopySid(LengthSid, (PSID)(&(Ace->SidStart)), pSid);
  275. if (pStatus != NULL) *pStatus = ERROR_SUCCESS;
  277. return(Ace);
  278. }