archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/setup/dll/rights.cpp

323 lines
8.3 KiB
Raw Normal View History

Add source files
4 years ago
  1. //Copyright (c) 1998 - 1999 Microsoft Corporation
  3. /*--------------------------------------------------------------------------------------------------------
  4. *
  5. * Module Name:
  6. *
  7. * rights.cpp
  8. *
  9. * Abstract:
  10. *
  11. * This file contains code to grant rights to objects.
  12. *
  13. *
  14. * Author:
  15. *
  16. * Makarand Patwardhan - March 6, 1998
  17. *
  18. * Environment:
  19. *
  20. * User Mode
  21. * -------------------------------------------------------------------------------------------------------*/
  23. #include "stdafx.h"
  24. #include <ntsecapi.h>
  26. #include "rights.h"
  28. #define SIZE_SID 1024
  29. #define SIZE_REF_DOMAIN 256
  31. #ifndef STATUS_SUCCESS
  32. #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
  33. #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L)
  34. #define STATUS_INVALID_SID ((NTSTATUS)0xC0000078L)
  35. #endif
  41. void InitLsaString(PLSA_UNICODE_STRING LsaString, LPWSTR String);
  42. NTSTATUS OpenPolicy(LPWSTR ServerName, DWORD DesiredAccess, PLSA_HANDLE PolicyHandle);
  45. // returns 0 on success.
  46. // returns last error.
  47. DWORD GetAccountSID(LPWSTR wMachineName, LPWSTR wAccountName, PSID pSid, DWORD dwSidSize)
  48. {
  49. ASSERT(wAccountName);
  50. ASSERT(pSid);
  51. ASSERT(dwSidSize > 0);
  53. DWORD dwRefDomainSize = SIZE_REF_DOMAIN;
  54. LPWSTR szRefDomain = (LPWSTR) new WCHAR[dwRefDomainSize];
  55. SID_NAME_USE SidNameUse;
  58. LookupAccountNameW(
  59. wMachineName, // address of string for system name
  60. wAccountName, // address of string for account name
  61. pSid, // address of security identifier
  62. &dwSidSize, // address of size of security identifier
  63. szRefDomain, // address of string for referenced domain
  64. &dwRefDomainSize, // address of size of domain string
  65. &SidNameUse // address of SID-type indicator
  66. );
  68. delete [] szRefDomain;
  69. return GetLastError();
  70. }
  72. DWORD GrantRights(LPWSTR lpMachineName, LPWSTR lpAccountName, LPWSTR lpRightsString, BOOL bAdd)
  73. {
  74. DWORD dwSidSize = SIZE_SID;
  75. PSID pSid = new BYTE[dwSidSize];
  77. DWORD dwError = GetAccountSID(lpMachineName, lpAccountName, pSid, dwSidSize);
  78. if (dwError != ERROR_SUCCESS)
  79. {
  80. LOGMESSAGE1(_T("LookupAccountNameW failed with %lu"), dwError);
  81. }
  82. else
  83. {
  84. ASSERT(IsValidSid(pSid));
  85. LSA_HANDLE PolicyHandle;
  87. // open the policy on the said machine.
  88. dwError = OpenPolicy(
  89. lpMachineName,
  90. POLICY_ALL_ACCESS,
  91. &PolicyHandle
  92. );
  94. if(dwError != STATUS_SUCCESS)
  95. {
  96. LOGMESSAGE1(_T("LookupAccountNameW failed with %lu"), dwError);
  97. return dwError;
  98. }
  100. LSA_UNICODE_STRING lsaString;
  101. InitLsaString(&lsaString, lpRightsString);
  102. if (bAdd)
  103. {
  104. dwError = LsaAddAccountRights(
  105. PolicyHandle,
  106. pSid,
  107. &lsaString,
  108. 1
  109. );
  110. }
  111. else
  112. {
  113. dwError = LsaRemoveAccountRights(
  114. PolicyHandle,
  115. pSid,
  116. FALSE,
  117. &lsaString,
  118. 1
  119. );
  120. }
  122. if(dwError != STATUS_SUCCESS)
  123. {
  124. LOGMESSAGE1(_T("LsaAddAccountRights/LsaRemoveAccountRights failed with %lu"), dwError);
  125. return dwError;
  126. }
  128. LsaClose(PolicyHandle);
  129. }
  131. delete [] pSid;
  132. return dwError;
  133. }
  136. NTSTATUS OpenPolicy(LPWSTR ServerName, DWORD DesiredAccess, PLSA_HANDLE PolicyHandle)
  137. {
  139. LSA_OBJECT_ATTRIBUTES ObjectAttributes;
  140. LSA_UNICODE_STRING ServerString;
  141. PLSA_UNICODE_STRING Server = NULL;
  143. //
  144. // Always initialize the object attributes to all zeroes
  145. //
  146. ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
  148. if(ServerName != NULL) {
  149. //
  150. // Make a LSA_UNICODE_STRING out of the LPWSTR passed in
  151. //
  152. InitLsaString(&ServerString, ServerName);
  154. Server = &ServerString;
  155. }
  157. //
  158. // Attempt to open the policy
  159. //
  160. return LsaOpenPolicy(Server, &ObjectAttributes, DesiredAccess, PolicyHandle);
  161. }
  164. void InitLsaString( PLSA_UNICODE_STRING LsaString, LPWSTR String)
  165. {
  166. if(String == NULL)
  167. {
  168. LsaString->Buffer = NULL;
  169. LsaString->Length = 0;
  170. LsaString->MaximumLength = 0;
  172. return;
  173. }
  175. DWORD StringLength = lstrlenW(String);
  177. LsaString->Buffer = String;
  178. LsaString->Length = (USHORT) (StringLength * sizeof(WCHAR));
  179. LsaString->MaximumLength = (USHORT) ((StringLength + 1) * sizeof(WCHAR));
  180. }
  182. DWORD AddPermissions(LPWSTR wMachineName, LPWSTR wAccountName, PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD AccessMask)
  183. {
  185. ASSERT( wMachineName );
  186. ASSERT( wAccountName );
  187. ASSERT( pSecurityDescriptor );
  188. ASSERT( IsValidSecurityDescriptor(pSecurityDescriptor) );
  191. DWORD dwSidSize = SIZE_SID;
  192. PSID pSid = new BYTE[dwSidSize];
  193. BOOL bResult = FALSE;
  194. BOOL bAllocatedpDacl = FALSE;
  196. DWORD dwError = GetAccountSID(wMachineName, wAccountName, pSid, dwSidSize);
  197. if (dwError != ERROR_SUCCESS)
  198. {
  199. delete [] pSid;
  200. LOGMESSAGE0(_T("GetAccountSID failed."));
  201. return dwError;
  202. }
  204. BOOL bDaclPresent;
  205. PACL pDacl = NULL;
  206. BOOL bDaclDefaulted;
  208. if (!GetSecurityDescriptorDacl(
  209. pSecurityDescriptor, // address of security descriptor
  210. &bDaclPresent, // address of flag for presence of disc. ACL
  211. &pDacl, // address of pointer to ACL
  212. &bDaclDefaulted // address of flag for default disc. ACL
  213. ))
  214. {
  215. dwError = GetLastError();
  216. delete [] pSid;
  217. LOGMESSAGE0(_T("GetSecurityDescriptorDacl failed."));
  218. return dwError;
  219. }
  221. {
  222. if (bDaclPresent)
  223. {
  224. // there already exists a acl and we have a valid pDacl;
  226. }
  227. else
  228. {
  229. // there was no dacl present, so lets initialize new one ourselves.
  230. bAllocatedpDacl = TRUE;
  231. pDacl = (PACL) new BYTE [1024];
  232. bResult = InitializeAcl(
  233. pDacl, // address of access-control list
  234. 1024, // size of access-control list
  235. ACL_REVISION // revision level of access-control list
  236. );
  238. if (!bResult)
  239. {
  240. LOGMESSAGE0(_T("InitializeAcl failed."));
  241. }
  243. }
  245. if (bResult || bDaclPresent)
  246. {
  248. if (AddAccessAllowedAce(
  249. pDacl, // pointer to access-control list
  250. ACL_REVISION, // ACL revision level
  251. AccessMask, // access mask
  252. pSid // pointer to security identifier
  253. ))
  254. {
  256. if (SetSecurityDescriptorDacl(
  257. pSecurityDescriptor, // address of security descriptor
  258. TRUE, // flag for presence of discretionary ACL
  259. pDacl, // address of discretionary ACL
  260. FALSE // flag for default discretionary ACL
  261. ))
  262. {
  264. }
  265. else
  266. {
  267. LOGMESSAGE0(_T("SetSecurityDescriptorDacl failed."));
  268. }
  270. }
  271. else
  272. {
  273. LOGMESSAGE0(_T("AddAccessAllowedAce failed."));
  274. }
  276. } // bResult || bDaclPresent
  278. } // GetSecurityDescriptorDacl
  280. if (bAllocatedpDacl)
  281. delete [] pDacl;
  284. dwError = GetLastError();
  285. if (dwError != ERROR_SUCCESS)
  286. {
  287. LOGMESSAGE1(_T("LastError = %d"), dwError);
  288. }
  291. delete [] pSid;
  292. return dwError;
  294. }
  297. // AdjustTokenPrivileges
  298. // TOKEN_ADJUST_PRIVILEGES
  299. // LsaAddAccountRights
  300. // #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
  301. /*
  302. Article ID: Q145697
  303. Article ID: Q136867
  304. NTSTATUS
  305. NTAPI
  306. LsaOpenPolicy(
  307. IN PLSA_UNICODE_STRING SystemName OPTIONAL,
  308. IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
  309. IN ACCESS_MASK DesiredAccess,
  310. IN OUT PLSA_HANDLE PolicyHandle
  311. );
  312. NTSTATUS
  313. NTAPI
  314. LsaAddAccountRights(
  315. IN LSA_HANDLE PolicyHandle,
  316. IN PSID AccountSid,
  317. IN PLSA_UNICODE_STRING UserRights,
  318. IN ULONG CountOfRights
  319. );
  321. // PRIVILEGE_SET
  322. // AdjustTokenPrivileges
  323. */