archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/common/commonlib/commalog.cpp

240 lines
6.5 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: CommaLog.cpp
  4. Comments: TError based log file with optional NTFS security initialization.
  6. This can be used to write a log file which only administrators can access.
  8. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  9. Proprietary and confidential to Mission Critical Software, Inc.
  11. REVISION LOG ENTRY
  12. Revision By: Christy Boles
  13. Revised on 02/15/99 10:49:07
  15. ---------------------------------------------------------------------------
  16. */
  19. //#include "stdafx.h"
  20. #include <windows.h>
  21. #include <stdio.h>
  22. #include <share.h>
  23. #include <lm.h>
  24. #include "Common.hpp"
  25. #include "UString.hpp"
  26. #include "Err.hpp"
  27. #include "ErrDct.hpp"
  28. #include "sd.hpp"
  29. #include "SecObj.hpp"
  30. #include "CommaLog.hpp"
  31. #include "BkupRstr.hpp"
  35. #define ADMINISTRATORS 1
  36. #define ACCOUNT_OPERATORS 2
  37. #define BACKUP_OPERATORS 3
  38. #define DOMAIN_ADMINS 4
  39. #define CREATOR_OWNER 5
  40. #define USERS 6
  41. #define SYSTEM 7
  44. extern TErrorDct err;
  46. #define BYTE_ORDER_MARK (0xFEFF)
  49. PSID // ret- SID for well-known account
  50. GetWellKnownSid(
  51. DWORD wellKnownAccount // in - one of the constants #defined above for the well-known accounts
  52. )
  53. {
  54. PSID pSid = NULL;
  55. // PUCHAR numsubs = NULL;
  56. // DWORD * rid = NULL;
  57. BOOL error = FALSE;
  61. SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
  62. SID_IDENTIFIER_AUTHORITY creatorIA = SECURITY_CREATOR_SID_AUTHORITY;
  63. //
  64. // Sid is the same regardless of machine, since the well-known
  65. // BUILTIN domain is referenced.
  66. //
  67. switch ( wellKnownAccount )
  68. {
  69. case CREATOR_OWNER:
  70. if( ! AllocateAndInitializeSid(
  71. &creatorIA,
  72. 2,
  73. SECURITY_BUILTIN_DOMAIN_RID,
  74. SECURITY_CREATOR_OWNER_RID,
  75. 0, 0, 0, 0, 0, 0,
  76. &pSid
  77. ))
  78. {
  79. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  80. }
  81. break;
  82. case ADMINISTRATORS:
  83. if( ! AllocateAndInitializeSid(
  84. &sia,
  85. 2,
  86. SECURITY_BUILTIN_DOMAIN_RID,
  87. DOMAIN_ALIAS_RID_ADMINS,
  88. 0, 0, 0, 0, 0, 0,
  89. &pSid
  90. ))
  91. {
  92. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  93. }
  94. break;
  95. case ACCOUNT_OPERATORS:
  96. if( ! AllocateAndInitializeSid(
  97. &sia,
  98. 2,
  99. SECURITY_BUILTIN_DOMAIN_RID,
  100. DOMAIN_ALIAS_RID_ACCOUNT_OPS,
  101. 0, 0, 0, 0, 0, 0,
  102. &pSid
  103. ))
  104. {
  105. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  106. }
  107. break;
  108. case BACKUP_OPERATORS:
  109. if( ! AllocateAndInitializeSid(
  110. &sia,
  111. 2,
  112. SECURITY_BUILTIN_DOMAIN_RID,
  113. DOMAIN_ALIAS_RID_BACKUP_OPS,
  114. 0, 0, 0, 0, 0, 0,
  115. &pSid
  116. ))
  117. {
  118. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  119. }
  120. break;
  121. case USERS:
  122. if( ! AllocateAndInitializeSid(
  123. &sia,
  124. 2,
  125. SECURITY_BUILTIN_DOMAIN_RID,
  126. DOMAIN_ALIAS_RID_USERS,
  127. 0, 0, 0, 0, 0, 0,
  128. &pSid
  129. ))
  130. {
  131. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  132. }
  133. break;
  134. case SYSTEM:
  135. if( ! AllocateAndInitializeSid(
  136. &sia,
  137. 1,
  138. SECURITY_LOCAL_SYSTEM_RID,
  139. 0, 0, 0, 0, 0, 0, 0,
  140. &pSid
  141. ))
  142. {
  143. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  144. }
  146. break;
  148. default:
  149. MCSASSERT(FALSE);
  150. break;
  151. }
  152. if ( error )
  153. {
  154. FreeSid(pSid);
  155. pSid = NULL;
  156. }
  157. return pSid;
  158. }
  161. BOOL // ret- whether log was successfully opened or not
  162. CommaDelimitedLog::LogOpen(
  163. TCHAR const * filename, // in - name for log file
  164. BOOL protect, // in - if TRUE, try to ACL the file so only admins can access
  165. int mode // in - mode 0=overwrite, 1=append
  166. )
  167. {
  168. BOOL retval=TRUE;
  170. if ( fptr )
  171. {
  172. fclose(fptr);
  173. fptr = NULL;
  174. }
  175. if ( filename && filename[0] )
  176. {
  177. // Check to see if the file already exists
  178. WIN32_FIND_DATA fDat;
  179. HANDLE hFind;
  180. BOOL bExisted = FALSE;
  182. hFind = FindFirstFile(filename,&fDat);
  183. if ( hFind != INVALID_HANDLE_VALUE )
  184. {
  185. FindClose(hFind);
  186. bExisted = TRUE;
  187. }
  189. #ifdef UNICODE
  190. fptr = _wfsopen( filename, mode == 0 ? L"wb" : L"ab", _SH_DENYNO );
  191. #else
  192. fptr = _fsopen( filename, mode == 0 ? "w" : "a", _SH_DENYNO );
  193. #endif
  194. if ( !fptr )
  195. {
  196. retval = FALSE;
  197. }
  198. else
  199. {
  200. if (! bExisted )
  201. {
  202. // this is a new file we've just created
  203. // we need to write the byte order mark to the beginning of the file
  204. WCHAR x = BYTE_ORDER_MARK;
  205. fwprintf(fptr,L"%lc",x);
  206. }
  207. }
  208. }
  210. if ( protect )
  211. {
  213. WCHAR fname[MAX_PATH+1];
  215. safecopy(fname,filename);
  217. if ( GetBkupRstrPriv() )
  218. {
  219. // Set the SD for the file to Administrators Full Control only.
  220. TFileSD sd(fname);
  222. if ( sd.GetSecurity() != NULL )
  223. {
  224. PSID mySid = GetWellKnownSid(ADMINISTRATORS);
  225. TACE ace(ACCESS_ALLOWED_ACE_TYPE,0,DACL_FULLCONTROL_MASK,mySid);
  226. PACL acl = NULL; // start with an empty ACL
  228. sd.GetSecurity()->ACLAddAce(&acl,&ace,-1);
  229. sd.GetSecurity()->SetDacl(acl,TRUE);
  231. sd.WriteSD();
  232. }
  233. }
  234. else
  235. {
  236. err.SysMsgWrite(ErrW,GetLastError(),DCT_MSG_NO_BR_PRIV_SD,fname,GetLastError());
  237. }
  238. }
  239. return retval;
  240. }