archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/cps/pbserver/setacl.cpp

147 lines
3.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+----------------------------------------------------------------------------
  2. //
  3. // File: setacl.cpp
  4. //
  5. // Module: PBSERVER.DLL
  6. //
  7. // Synopsis: Security/SID/ACL stuff for CM
  8. //
  9. // Copyright (c) 1998-2000 Microsoft Corporation
  10. //
  11. // Author: 09-Mar-2000 SumitC Created
  12. //
  13. //+----------------------------------------------------------------------------
  15. #include <windows.h>
  17. //+----------------------------------------------------------------------------
  18. //
  19. // Func: SetAclPerms
  20. //
  21. // Desc: Sets appropriate permissions for CM/CPS's shared objects
  22. //
  23. // Args: [ppAcl] - location to return an allocated ACL
  24. //
  25. // Return: BOOL, TRUE for success, FALSE for failure
  26. //
  27. // Notes: fix for 30991: Security issue, don't use NULL DACLs.
  28. //
  29. // History: 09-Mar-2000 SumitC Created
  30. //
  31. //-----------------------------------------------------------------------------
  32. BOOL
  33. SetAclPerms(PACL * ppAcl)
  34. {
  35. DWORD dwError = 0;
  36. SID_IDENTIFIER_AUTHORITY siaWorld = SECURITY_WORLD_SID_AUTHORITY;
  37. SID_IDENTIFIER_AUTHORITY siaNtAuth = SECURITY_NT_AUTHORITY;
  38. PSID psidWorldSid = NULL;
  39. PSID psidLocalSystemSid = NULL;
  40. int cbAcl;
  41. PACL pAcl = NULL;
  43. // Create a SID for all users
  44. if ( !AllocateAndInitializeSid(
  45. &siaWorld,
  46. 1,
  47. SECURITY_WORLD_RID,
  48. 0,
  49. 0,
  50. 0,
  51. 0,
  52. 0,
  53. 0,
  54. 0,
  55. &psidWorldSid))
  56. {
  57. dwError = GetLastError();
  58. goto Cleanup;
  59. }
  61. // Create a SID for Local System account
  62. if ( !AllocateAndInitializeSid(
  63. &siaNtAuth,
  64. 2,
  65. SECURITY_BUILTIN_DOMAIN_RID,
  66. DOMAIN_ALIAS_RID_ADMINS,
  67. 0,
  68. 0,
  69. 0,
  70. 0,
  71. 0,
  72. 0,
  73. &psidLocalSystemSid))
  74. {
  75. dwError = GetLastError();
  76. goto Cleanup;
  77. }
  79. // Calculate the length of required ACL buffer
  80. // with 2 ACEs.
  81. cbAcl = sizeof(ACL)
  82. + 2 * sizeof(ACCESS_ALLOWED_ACE)
  83. + GetLengthSid(psidWorldSid)
  84. + GetLengthSid(psidLocalSystemSid);
  86. pAcl = (PACL) LocalAlloc(0, cbAcl);
  87. if (NULL == pAcl)
  88. {
  89. dwError = ERROR_OUTOFMEMORY;
  90. goto Cleanup;
  91. }
  93. if ( ! InitializeAcl(pAcl, cbAcl, ACL_REVISION2))
  94. {
  95. dwError = GetLastError();
  96. goto Cleanup;
  97. }
  99. // Add ACE with EVENT_ALL_ACCESS for all users
  100. if ( ! AddAccessAllowedAce(pAcl,
  101. ACL_REVISION2,
  102. GENERIC_READ | GENERIC_EXECUTE,
  103. psidWorldSid))
  104. {
  105. dwError = GetLastError();
  106. goto Cleanup;
  107. }
  109. // Add ACE with EVENT_ALL_ACCESS for Local System
  110. if ( ! AddAccessAllowedAce(pAcl,
  111. ACL_REVISION2,
  112. GENERIC_ALL,
  113. psidLocalSystemSid))
  114. {
  115. dwError = GetLastError();
  116. goto Cleanup;
  117. }
  119. Cleanup:
  121. if (dwError)
  122. {
  123. if (pAcl)
  124. {
  125. LocalFree(pAcl);
  126. }
  127. }
  128. else
  129. {
  130. *ppAcl = pAcl;
  131. }
  133. if (psidWorldSid)
  134. {
  135. FreeSid(psidWorldSid);
  136. }
  138. if (psidLocalSystemSid)
  139. {
  140. FreeSid(psidLocalSystemSid);
  141. }
  143. return dwError ? FALSE : TRUE;
  145. }