archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/setup/dll/acl.cpp

817 lines
21 KiB
Raw Normal View History

Add source files
4 years ago
  1. //Copyright (c) 1998 - 1999 Microsoft Corporation
  4. /*************************************************************************
  5. *
  6. * acl.c
  7. *
  8. * Generic routines to manage ACL's
  9. *
  10. * Author: John Richardson 04/25/97
  11. *
  12. *
  13. *************************************************************************/
  15. /*
  16. * Includes
  17. */
  18. #include "stdafx.h"
  19. /*
  20. #include <nt.h>
  21. #include <ntrtl.h>
  22. #include <nturtl.h>
  23. */
  25. #include <windows.h>
  26. #include <rpc.h>
  27. #include <stdio.h>
  28. #include <process.h>
  30. #include <lmaccess.h>
  31. #include <lmapibuf.h>
  32. #include <lmerr.h>
  34. #undef DBG
  35. #define DBG 1
  36. #define DBGTRACE 1
  38. #define DbgPrint(x)
  39. #if DBG
  40. //ULONG
  41. //DbgPrint(
  42. // PCH Format,
  43. // ...
  44. // );
  46. #define DBGPRINT(x) DbgPrint(x)
  47. #if DBGTRACE
  48. #define TRACE0(x) DbgPrint x
  49. #define TRACE1(x) DbgPrint x
  50. #else
  51. #define TRACE0(x)
  52. #define TRACE1(x)
  53. #endif
  54. #else
  55. #define DBGPRINT(x)
  56. #define TRACE0(x)
  57. #define TRACE1(x)
  58. #endif
  60. /*
  61. * Forward references
  62. */
  63. BOOL
  64. xxxLookupAccountName(
  65. PWCHAR pSystemName,
  66. PWCHAR pAccountName,
  67. PSID *ppSid
  68. );
  70. BOOL
  71. SelfRelativeToAbsoluteSD(
  72. PSECURITY_DESCRIPTOR SecurityDescriptorIn,
  73. PSECURITY_DESCRIPTOR *SecurityDescriptorOut,
  74. PULONG ReturnedLength
  75. );
  78. /*****************************************************************************
  79. *
  80. * AddTerminalServerUserToSD
  81. *
  82. * Add the given user for the given domain to the security descriptor.
  83. * The callers security descriptor may be re-allocated.
  84. *
  85. * ENTRY:
  86. * Param1 (input/output)
  87. * Comments
  88. *
  89. * EXIT:
  90. * STATUS_SUCCESS - no error
  91. *
  92. ****************************************************************************/
  93. BOOL
  94. AddTerminalServerUserToSD(
  95. PSECURITY_DESCRIPTOR *ppSd,
  96. DWORD NewAccess,
  97. PACL *ppDacl
  98. )
  99. {
  100. ULONG i;
  101. BOOL Result;
  102. BOOL DaclPresent;
  103. BOOL DaclDefaulted;
  104. DWORD Length;
  105. DWORD NewAclLength;
  106. PACE_HEADER OldAce;
  107. PACE_HEADER NewAce;
  108. ACL_SIZE_INFORMATION AclInfo;
  109. PSID pSid = NULL;
  110. PACL Dacl = NULL;
  111. PACL NewDacl = NULL;
  112. PACL NewAceDacl = NULL;
  113. PSECURITY_DESCRIPTOR NewSD = NULL;
  114. PSECURITY_DESCRIPTOR OldSD = NULL;
  115. SID_IDENTIFIER_AUTHORITY SepNtAuthority = SECURITY_NT_AUTHORITY;
  117. OldSD = *ppSd;
  119. pSid = LocalAlloc(LMEM_FIXED, 1024);
  120. if (!pSid || !InitializeSid(pSid, &SepNtAuthority, 1))
  121. {
  122. return( FALSE );
  123. };
  125. *(GetSidSubAuthority(pSid, 0 )) = SECURITY_TERMINAL_SERVER_RID;
  128. /*
  129. * Convert SecurityDescriptor to absolute format. It generates
  130. * a new SecurityDescriptor for its output which we must free.
  131. */
  132. Result = SelfRelativeToAbsoluteSD( OldSD, &NewSD, NULL );
  133. if ( !Result ) {
  134. LOGMESSAGE1(_T("Could not convert to AbsoluteSD %d\n"),GetLastError());
  135. LocalFree( pSid );
  136. return( FALSE );
  137. }
  139. // Must get DACL pointer again from new (absolute) SD
  140. Result = GetSecurityDescriptorDacl(
  141. NewSD,
  142. &DaclPresent,
  143. &Dacl,
  144. &DaclDefaulted
  145. );
  146. if( !Result ) {
  147. LOGMESSAGE1(_T("Could not get Dacl %d\n"),GetLastError());
  148. LocalFree( pSid );
  149. LocalFree( NewSD );
  150. return( FALSE );
  151. }
  153. //
  154. // If no DACL, no need to add the user since no DACL
  155. // means all accesss
  156. //
  157. if( !DaclPresent ) {
  158. LOGMESSAGE2(_T("SD has no DACL, Present %d, Defaulted %d\n"),DaclPresent,DaclDefaulted);
  159. LocalFree( pSid );
  160. LocalFree( NewSD );
  161. return( TRUE );
  162. }
  164. //
  165. // Code can return DaclPresent, but a NULL which means
  166. // a NULL Dacl is present. This allows all access to the object.
  167. //
  168. if( Dacl == NULL ) {
  169. LOGMESSAGE2(_T("SD has NULL DACL, Present %d, Defaulted %d\n"),DaclPresent,DaclDefaulted);
  170. LocalFree( pSid );
  171. LocalFree( NewSD );
  172. return( TRUE );
  173. }
  175. // Get the current ACL's size
  176. Result = GetAclInformation(
  177. Dacl,
  178. &AclInfo,
  179. sizeof(AclInfo),
  180. AclSizeInformation
  181. );
  182. if( !Result ) {
  183. LOGMESSAGE1(_T("Error GetAclInformation %d\n"),GetLastError());
  184. LocalFree( pSid );
  185. LocalFree( NewSD );
  186. return( FALSE );
  187. }
  189. //
  190. // Create a new ACL to put the new access allowed ACE on
  191. // to get the right structures and sizes.
  192. //
  193. NewAclLength = sizeof(ACL) +
  194. sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG) +
  195. GetLengthSid( pSid );
  197. NewAceDacl = (PACL) LocalAlloc( LMEM_FIXED, NewAclLength );
  198. if ( NewAceDacl == NULL ) {
  199. LOGMESSAGE1(_T("Error LocalAlloc %d bytes\n"),NewAclLength);
  200. LocalFree( pSid );
  201. LocalFree( NewSD );
  202. return( FALSE );
  203. }
  205. Result = InitializeAcl( NewAceDacl, NewAclLength, ACL_REVISION );
  206. if( !Result ) {
  207. LOGMESSAGE1(_T("Error Initializing Acl %d\n"),GetLastError());
  208. LocalFree( NewAceDacl );
  209. LocalFree( pSid );
  210. LocalFree( NewSD );
  211. return( FALSE );
  212. }
  214. Result = AddAccessAllowedAce(
  215. NewAceDacl,
  216. ACL_REVISION,
  217. NewAccess,
  218. pSid
  219. );
  220. if( !Result ) {
  221. LOGMESSAGE1(_T("Error adding Ace %d\n"),GetLastError());
  222. LocalFree( NewAceDacl );
  223. LocalFree( pSid );
  224. LocalFree( NewSD );
  225. return( FALSE );
  226. }
  228. LOGMESSAGE1(_T("Added 0x%x Access to ACL\n"),NewAccess);
  230. Result = GetAce( NewAceDacl, 0, (void **)&NewAce );
  231. if( !Result ) {
  232. LOGMESSAGE1(_T("Error getting Ace %d\n"),GetLastError());
  233. LocalFree( NewAceDacl );
  234. LocalFree( pSid );
  235. LocalFree( NewSD );
  236. return( FALSE );
  237. }
  239. /* add CONTAINER_INHERIT_ACE TO AceFlags */
  240. NewAce->AceFlags |= CONTAINER_INHERIT_ACE;
  243. /*
  244. * Allocate new DACL and copy existing ACE list
  245. */
  246. Length = AclInfo.AclBytesInUse + NewAce->AceSize;
  247. NewDacl = (PACL) LocalAlloc( LMEM_FIXED, Length );
  248. if( NewDacl == NULL ) {
  249. LOGMESSAGE1(_T("Error LocalAlloc %d bytes\n"),Length);
  250. LocalFree( NewAceDacl );
  251. LocalFree( pSid );
  252. LocalFree( NewSD );
  253. return( FALSE );
  254. }
  256. Result = InitializeAcl( NewDacl, Length, ACL_REVISION );
  257. if( !Result ) {
  258. LOGMESSAGE1(_T("Error Initializing Acl %d\n"),GetLastError());
  259. LocalFree( NewDacl );
  260. LocalFree( NewAceDacl );
  261. LocalFree( pSid );
  262. LocalFree( NewSD );
  263. return( FALSE );
  264. }
  266. /*
  267. * Insert new ACE at the front of the DACL
  268. */
  269. Result = AddAce( NewDacl, ACL_REVISION, 0, NewAce, NewAce->AceSize );
  270. if( !Result ) {
  271. LOGMESSAGE1(_T("Error Adding New Ace to Acl %d\n"),GetLastError());
  272. LocalFree( NewDacl );
  273. LocalFree( NewAceDacl );
  274. LocalFree( pSid );
  275. LocalFree( NewSD );
  276. return( FALSE );
  277. }
  279. /*
  280. * Now put the ACE's on the old Dacl to the new Dacl
  281. */
  282. for ( i = 0; i < AclInfo.AceCount; i++ ) {
  284. Result = GetAce( Dacl, i, (void **) &OldAce );
  285. if( !Result ) {
  286. LOGMESSAGE1(_T("Error getting old Ace from Acl %d\n"),GetLastError());
  287. LocalFree( NewDacl );
  288. LocalFree( NewAceDacl );
  289. LocalFree( pSid );
  290. LocalFree( NewSD );
  291. return( FALSE );
  292. }
  294. Result = AddAce( NewDacl, ACL_REVISION, i+1, OldAce, OldAce->AceSize );
  295. if( !Result ) {
  296. LOGMESSAGE1(_T("Error setting old Ace to Acl %d\n"),GetLastError());
  297. LocalFree( NewDacl );
  298. LocalFree( NewAceDacl );
  299. LocalFree( pSid );
  300. LocalFree( NewSD );
  301. return( FALSE );
  302. }
  303. }
  305. /*
  306. * Set new DACL for Security Descriptor
  307. */
  308. Result = SetSecurityDescriptorDacl(
  309. NewSD,
  310. TRUE,
  311. NewDacl,
  312. FALSE
  313. );
  314. if( !Result ) {
  315. LOGMESSAGE1(_T("Error setting New Dacl to SD %d\n"),GetLastError());
  316. LocalFree( NewDacl );
  317. LocalFree( NewAceDacl );
  318. LocalFree( pSid );
  319. LocalFree( NewSD );
  320. return( FALSE );
  321. }
  323. // the DACL must be passed back so that it can be saved to the registry using the new
  324. // GetNamedSecurityInfo() func.
  325. *ppDacl = Dacl = NewDacl;
  328. // Release the callers old security descriptor
  329. // LocalFree( OldSD );
  332. // There was a bug in W2K such that keys created under our install hive had the
  333. // incorrect DACL headers which caused the DACL to be basically open to all users
  334. // for full control.
  335. // The prolem was due to the wrong SD->Control flag which was NT4 style though ACLs
  336. // were in NT5 style
  337. SetSecurityDescriptorControl(NewSD,
  338. SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED,
  339. SE_DACL_AUTO_INHERIT_REQ|SE_DACL_AUTO_INHERITED);
  341. *ppSd = NewSD;
  343. // The new SD is in absolute format, so don't free the SID.
  344. // LocalFree( pSid );
  346. return( TRUE );
  347. }
  349. /*****************************************************************************
  350. *
  351. * AddUserToSD
  352. *
  353. * Add the given user for the given domain to the security descriptor.
  354. * The callers security descriptor may be re-allocated.
  355. *
  356. * ENTRY:
  357. * Param1 (input/output)
  358. * Comments
  359. *
  360. * EXIT:
  361. * STATUS_SUCCESS - no error
  362. *
  363. ****************************************************************************/
  365. BOOL
  366. AddUserToSD(
  367. PSECURITY_DESCRIPTOR *ppSd,
  368. PWCHAR pAccount,
  369. PWCHAR pDomain,
  370. DWORD NewAccess
  371. )
  372. {
  373. ULONG i;
  374. BOOL Result;
  375. BOOL DaclPresent;
  376. BOOL DaclDefaulted;
  377. DWORD Length;
  378. // NET_API_STATUS Status;
  379. DWORD /*NewAceLength,*/ NewAclLength;
  380. PACE_HEADER OldAce;
  381. PACE_HEADER NewAce;
  382. ACL_SIZE_INFORMATION AclInfo;
  383. PWCHAR pDC = NULL;
  384. PSID pSid = NULL;
  385. PACL Dacl = NULL;
  386. PACL NewDacl = NULL;
  387. PACL NewAceDacl = NULL;
  388. PSECURITY_DESCRIPTOR NewSD = NULL;
  389. PSECURITY_DESCRIPTOR OldSD = NULL;
  391. OldSD = *ppSd;
  392. /*
  393. // Get our domain controller
  394. Status = NetGetAnyDCName(
  395. NULL, // Local computer
  396. pDomain,
  397. (LPBYTE*)&pDC
  398. );
  399. if( Status != NERR_Success ) {
  400. LOGMESSAGE2(_T("SUSERVER: Could not get domain controller %d for domain %ws\n"),Status,pDomain);
  401. return( FALSE );
  402. }
  403. */
  404. // Get Users SID
  405. Result = xxxLookupAccountName(
  406. pDomain,
  407. pAccount,
  408. &pSid
  409. );
  410. if( !Result ) {
  411. LOGMESSAGE2(_T("SUSERVER: Could not get users SID %d, %ws\n"),GetLastError(),pAccount);
  412. NetApiBufferFree( pDC );
  413. return( FALSE );
  414. }
  416. NetApiBufferFree( pDC );
  418. /*
  419. * Convert SecurityDescriptor to absolute format. It generates
  420. * a new SecurityDescriptor for its output which we must free.
  421. */
  422. Result = SelfRelativeToAbsoluteSD( OldSD, &NewSD, NULL );
  423. if ( !Result ) {
  424. LOGMESSAGE1(_T("Could not convert to AbsoluteSD %d\n"),GetLastError());
  425. LocalFree( pSid );
  426. return( FALSE );
  427. }
  429. // Must get DACL pointer again from new (absolute) SD
  430. Result = GetSecurityDescriptorDacl(
  431. NewSD,
  432. &DaclPresent,
  433. &Dacl,
  434. &DaclDefaulted
  435. );
  436. if( !Result ) {
  437. LOGMESSAGE1(_T("Could not get Dacl %d\n"),GetLastError());
  438. LocalFree( pSid );
  439. LocalFree( NewSD );
  440. return( FALSE );
  441. }
  443. //
  444. // If no DACL, no need to add the user since no DACL
  445. // means all accesss
  446. //
  447. if( !DaclPresent ) {
  448. LOGMESSAGE2(_T("SD has no DACL, Present %d, Defaulted %d\n"),DaclPresent,DaclDefaulted);
  449. LocalFree( pSid );
  450. LocalFree( NewSD );
  451. return( TRUE );
  452. }
  454. //
  455. // Code can return DaclPresent, but a NULL which means
  456. // a NULL Dacl is present. This allows all access to the object.
  457. //
  458. if( Dacl == NULL ) {
  459. LOGMESSAGE2(_T("SD has NULL DACL, Present %d, Defaulted %d\n"),DaclPresent,DaclDefaulted);
  460. LocalFree( pSid );
  461. LocalFree( NewSD );
  462. return( TRUE );
  463. }
  465. // Get the current ACL's size
  466. Result = GetAclInformation(
  467. Dacl,
  468. &AclInfo,
  469. sizeof(AclInfo),
  470. AclSizeInformation
  471. );
  472. if( !Result ) {
  473. LOGMESSAGE1(_T("Error GetAclInformation %d\n"),GetLastError());
  474. LocalFree( pSid );
  475. LocalFree( NewSD );
  476. return( FALSE );
  477. }
  479. //
  480. // Create a new ACL to put the new access allowed ACE on
  481. // to get the right structures and sizes.
  482. //
  483. NewAclLength = sizeof(ACL) +
  484. sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG) +
  485. GetLengthSid( pSid );
  487. NewAceDacl = (PACL) LocalAlloc( LMEM_FIXED, NewAclLength );
  488. if ( NewAceDacl == NULL ) {
  489. LOGMESSAGE1(_T("Error LocalAlloc %d bytes\n"),NewAclLength);
  490. LocalFree( pSid );
  491. LocalFree( NewSD );
  492. return( FALSE );
  493. }
  495. Result = InitializeAcl( NewAceDacl, NewAclLength, ACL_REVISION );
  496. if( !Result ) {
  497. LOGMESSAGE1(_T("Error Initializing Acl %d\n"),GetLastError());
  498. LocalFree( NewAceDacl );
  499. LocalFree( pSid );
  500. LocalFree( NewSD );
  501. return( FALSE );
  502. }
  504. Result = AddAccessAllowedAce(
  505. NewAceDacl,
  506. ACL_REVISION,
  507. NewAccess,
  508. pSid
  509. );
  510. if( !Result ) {
  511. LOGMESSAGE1(_T("Error adding Ace %d\n"),GetLastError());
  512. LocalFree( NewAceDacl );
  513. LocalFree( pSid );
  514. LocalFree( NewSD );
  515. return( FALSE );
  516. }
  518. LOGMESSAGE1(_T("Added 0x%x Access to ACL\n"),NewAccess);
  520. Result = GetAce( NewAceDacl, 0, (void **)&NewAce );
  521. if( !Result ) {
  522. LOGMESSAGE1(_T("Error getting Ace %d\n"),GetLastError());
  523. LocalFree( NewAceDacl );
  524. LocalFree( pSid );
  525. LocalFree( NewSD );
  526. return( FALSE );
  527. }
  529. /* add CONTAINER_INHERIT_ACE TO AceFlags */
  530. NewAce->AceFlags |= CONTAINER_INHERIT_ACE;
  533. /*
  534. * Allocate new DACL and copy existing ACE list
  535. */
  536. Length = AclInfo.AclBytesInUse + NewAce->AceSize;
  537. NewDacl = (PACL) LocalAlloc( LMEM_FIXED, Length );
  538. if( NewDacl == NULL ) {
  539. LOGMESSAGE1(_T("Error LocalAlloc %d bytes\n"),Length);
  540. LocalFree( NewAceDacl );
  541. LocalFree( pSid );
  542. LocalFree( NewSD );
  543. return( FALSE );
  544. }
  546. Result = InitializeAcl( NewDacl, Length, ACL_REVISION );
  547. if( !Result ) {
  548. LOGMESSAGE1(_T("Error Initializing Acl %d\n"),GetLastError());
  549. LocalFree( NewDacl );
  550. LocalFree( NewAceDacl );
  551. LocalFree( pSid );
  552. LocalFree( NewSD );
  553. return( FALSE );
  554. }
  556. /*
  557. * Insert new ACE at the front of the DACL
  558. */
  559. Result = AddAce( NewDacl, ACL_REVISION, 0, NewAce, NewAce->AceSize );
  560. if( !Result ) {
  561. LOGMESSAGE1(_T("Error Adding New Ace to Acl %d\n"),GetLastError());
  562. LocalFree( NewDacl );
  563. LocalFree( NewAceDacl );
  564. LocalFree( pSid );
  565. LocalFree( NewSD );
  566. return( FALSE );
  567. }
  569. /*
  570. * Now put the ACE's on the old Dacl to the new Dacl
  571. */
  572. for ( i = 0; i < AclInfo.AceCount; i++ ) {
  574. Result = GetAce( Dacl, i, (void **) &OldAce );
  575. if( !Result ) {
  576. LOGMESSAGE1(_T("Error getting old Ace from Acl %d\n"),GetLastError());
  577. LocalFree( NewDacl );
  578. LocalFree( NewAceDacl );
  579. LocalFree( pSid );
  580. LocalFree( NewSD );
  581. return( FALSE );
  582. }
  584. Result = AddAce( NewDacl, ACL_REVISION, i+1, OldAce, OldAce->AceSize );
  585. if( !Result ) {
  586. LOGMESSAGE1(_T("Error setting old Ace to Acl %d\n"),GetLastError());
  587. LocalFree( NewDacl );
  588. LocalFree( NewAceDacl );
  589. LocalFree( pSid );
  590. LocalFree( NewSD );
  591. return( FALSE );
  592. }
  593. }
  595. /*
  596. * Set new DACL for Security Descriptor
  597. */
  598. Result = SetSecurityDescriptorDacl(
  599. NewSD,
  600. TRUE,
  601. NewDacl,
  602. FALSE
  603. );
  604. if( !Result ) {
  605. LOGMESSAGE1(_T("Error setting New Dacl to SD %d\n"),GetLastError());
  606. LocalFree( NewDacl );
  607. LocalFree( NewAceDacl );
  608. LocalFree( pSid );
  609. LocalFree( NewSD );
  610. return( FALSE );
  611. }
  613. Dacl = NewDacl;
  615. // Release the callers old security descriptor
  616. // LocalFree( OldSD );
  618. *ppSd = NewSD;
  620. // The new SD is in absolute format, so don't free the SID.
  621. // LocalFree( pSid );
  623. return( TRUE );
  624. }
  626. /*******************************************************************************
  627. *
  628. * SelfRelativeToAbsoluteSD
  629. *
  630. * Convert a Security Descriptor from self-relative format to absolute.
  631. *
  632. * ENTRY:
  633. * SecurityDescriptorIn (input)
  634. * Pointer to self-relative SD to convert
  635. * SecurityDescriptorIn (output)
  636. * Pointer to location to return absolute SD
  637. * ReturnLength (output)
  638. * Pointer to location to return length of absolute SD
  639. *
  640. * EXIT:
  641. *
  642. ******************************************************************************/
  644. BOOL
  645. SelfRelativeToAbsoluteSD(
  646. PSECURITY_DESCRIPTOR SecurityDescriptorIn,
  647. PSECURITY_DESCRIPTOR *SecurityDescriptorOut,
  648. PULONG ReturnedLength
  649. )
  650. {
  651. BOOL Result;
  652. PACL pDacl, pSacl;
  653. PSID pOwner, pGroup;
  654. PSECURITY_DESCRIPTOR pSD;
  655. ULONG SdSize, DaclSize, SaclSize, OwnerSize, GroupSize;
  657. /*
  658. * Determine buffer size needed to convert self-relative SD to absolute.
  659. * We use try-except here since if the input security descriptor value
  660. * is sufficiently messed up, it is possible for this call to trap.
  661. */
  662. SdSize = DaclSize = SaclSize = OwnerSize = GroupSize = 0;
  664. __try {
  666. Result = MakeAbsoluteSD(
  667. SecurityDescriptorIn,
  668. NULL, &SdSize,
  669. NULL, &DaclSize,
  670. NULL, &SaclSize,
  671. NULL, &OwnerSize,
  672. NULL, &GroupSize
  673. );
  675. } __except( EXCEPTION_EXECUTE_HANDLER ) {
  676. SetLastError( ERROR_INVALID_SECURITY_DESCR );
  677. Result = FALSE;
  678. }
  680. if ( Result || (GetLastError() != ERROR_INSUFFICIENT_BUFFER) ) {
  681. LOGMESSAGE1(_T("SUSERVER: SelfRelativeToAbsoluteSD, Error %d\n"),GetLastError());
  682. return( FALSE );
  683. }
  685. /*
  686. * Allocate memory for the absolute SD and setup various pointers
  687. */
  688. pSD = LocalAlloc( LMEM_FIXED, SdSize + DaclSize + SaclSize + OwnerSize + GroupSize );
  689. if ( pSD == NULL )
  690. return( FALSE );
  692. pDacl = (PACL)((PCHAR)pSD + SdSize);
  693. pSacl = (PACL)((PCHAR)pDacl + DaclSize);
  694. pOwner = (PSID)((PCHAR)pSacl + SaclSize);
  695. pGroup = (PSID)((PCHAR)pOwner + OwnerSize);
  697. /*
  698. * Now convert self-relative SD to absolute format.
  699. * We use try-except here since if the input security descriptor value
  700. * is sufficiently messed up, it is possible for this call to trap.
  701. */
  702. __try {
  703. Result = MakeAbsoluteSD(
  704. SecurityDescriptorIn,
  705. pSD, &SdSize,
  706. pDacl, &DaclSize,
  707. pSacl, &SaclSize,
  708. pOwner, &OwnerSize,
  709. pGroup, &GroupSize
  710. );
  712. } __except( EXCEPTION_EXECUTE_HANDLER ) {
  713. SetLastError( ERROR_INVALID_SECURITY_DESCR );
  714. Result = FALSE;
  715. }
  717. if ( !Result ) {
  718. LOGMESSAGE1(_T("SUSERVER: SelfRelativeToAbsoluteSD, Error %d\n"),GetLastError());
  719. LocalFree( pSD );
  720. return( FALSE );
  721. }
  723. *SecurityDescriptorOut = pSD;
  725. if ( ReturnedLength )
  726. *ReturnedLength = SdSize + DaclSize + SaclSize + OwnerSize + GroupSize;
  728. return( TRUE );
  729. }
  731. /*****************************************************************************
  732. *
  733. * xxxLookupAccountName
  734. *
  735. * Wrapper to lookup the SID for a given account name
  736. *
  737. * Returns a pointer to the SID in newly allocated memory
  738. *
  739. * ENTRY:
  740. * Param1 (input/output)
  741. * Comments
  742. *
  743. * EXIT:
  744. * STATUS_SUCCESS - no error
  745. *
  746. ****************************************************************************/
  748. BOOL
  749. xxxLookupAccountName(
  750. PWCHAR pSystemName,
  751. PWCHAR pAccountName,
  752. PSID *ppSid
  753. )
  754. {
  755. BOOL rc;
  756. DWORD Size, DomainSize, Error;
  757. SID_NAME_USE Type;
  758. PWCHAR pDomain = NULL;
  759. PSID pSid = NULL;
  760. WCHAR Buf;
  762. Size = 0;
  763. DomainSize = 0;
  765. rc = LookupAccountNameW(
  766. pSystemName,
  767. pAccountName,
  768. &Buf, // pSid
  769. &Size,
  770. &Buf, // pDomain
  771. &DomainSize,
  772. &Type
  773. );
  775. if( rc ) {
  776. return( FALSE );
  777. }
  778. else {
  779. Error = GetLastError();
  780. if( Error != ERROR_INSUFFICIENT_BUFFER ) {
  781. return( FALSE );
  782. }
  784. pSid = LocalAlloc( LMEM_FIXED, Size );
  785. if( pSid == NULL ) {
  786. return( FALSE );
  787. }
  789. pDomain = (WCHAR *)LocalAlloc( LMEM_FIXED, DomainSize*sizeof(WCHAR) );
  790. if( pDomain == NULL ) {
  791. LocalFree( pSid );
  792. return( FALSE );
  793. }
  795. rc = LookupAccountNameW(
  796. pSystemName,
  797. pAccountName,
  798. pSid,
  799. &Size,
  800. pDomain,
  801. &DomainSize,
  802. &Type
  803. );
  805. if( !rc ) {
  806. LocalFree( pSid );
  807. LocalFree( pDomain );
  808. return( FALSE );
  809. }
  811. *ppSid = pSid;
  813. LocalFree( pDomain );
  814. return( TRUE );
  815. }
  816. }