archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/sdktools/mtscript/util/regdcom.cxx

857 lines
21 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1995
  5. //
  6. // File: regdcom.cxx
  7. //
  8. // Contents: Utility functions used to manipulated the DCOM registry
  9. // settings.
  10. //
  11. // This code was stolen from the DCOMPERM sample code written
  12. // by Michael Nelson.
  13. //
  14. // The only function that should be called outside this file is
  15. // ChangeAppIDACL. All others are utility functions used by it.
  16. //
  17. //----------------------------------------------------------------------------
  19. #include "headers.hxx"
  20. #include "ntsecapi.h"
  22. DWORD
  23. GetCurrentUserSID (
  24. PSID *Sid
  25. )
  26. {
  27. TOKEN_USER *tokenUser = NULL;
  28. HANDLE tokenHandle;
  29. DWORD tokenSize;
  30. DWORD sidLength;
  32. if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &tokenHandle))
  33. {
  34. GetTokenInformation (tokenHandle,
  35. TokenUser,
  36. tokenUser,
  37. 0,
  38. &tokenSize);
  40. tokenUser = (TOKEN_USER *) MemAlloc (tokenSize);
  42. if (GetTokenInformation (tokenHandle,
  43. TokenUser,
  44. tokenUser,
  45. tokenSize,
  46. &tokenSize))
  47. {
  48. sidLength = GetLengthSid (tokenUser->User.Sid);
  49. *Sid = (PSID) MemAlloc (sidLength);
  51. memcpy (*Sid, tokenUser->User.Sid, sidLength);
  52. CloseHandle (tokenHandle);
  53. } else
  54. {
  55. MemFree (tokenUser);
  56. return GetLastError();
  57. }
  58. } else
  59. {
  60. MemFree (tokenUser);
  61. return GetLastError();
  62. }
  64. MemFree (tokenUser);
  65. return ERROR_SUCCESS;
  66. }
  68. DWORD
  69. GetPrincipalSID (
  70. LPTSTR Principal,
  71. PSID *Sid
  72. )
  73. {
  74. DWORD sidSize;
  75. TCHAR refDomain [256];
  76. DWORD refDomainSize;
  77. DWORD returnValue;
  78. SID_NAME_USE snu;
  80. sidSize = 0;
  81. refDomainSize = 255;
  83. LookupAccountName (NULL,
  84. Principal,
  85. *Sid,
  86. &sidSize,
  87. refDomain,
  88. &refDomainSize,
  89. &snu);
  91. returnValue = GetLastError();
  92. if (returnValue != ERROR_INSUFFICIENT_BUFFER)
  93. return returnValue;
  95. *Sid = (PSID) MemAlloc (sidSize);
  96. refDomainSize = 255;
  98. if (!LookupAccountName (NULL,
  99. Principal,
  100. *Sid,
  101. &sidSize,
  102. refDomain,
  103. &refDomainSize,
  104. &snu))
  105. {
  106. return GetLastError();
  107. }
  109. return ERROR_SUCCESS;
  110. }
  112. DWORD
  113. CreateNewSD (
  114. SECURITY_DESCRIPTOR **SD
  115. )
  116. {
  117. PACL dacl;
  118. DWORD sidLength;
  119. PSID sid;
  120. PSID groupSID;
  121. PSID ownerSID;
  122. DWORD returnValue;
  124. *SD = NULL;
  126. returnValue = GetCurrentUserSID (&sid);
  127. if (returnValue != ERROR_SUCCESS)
  128. return returnValue;
  130. sidLength = GetLengthSid (sid);
  132. *SD = (SECURITY_DESCRIPTOR *) MemAlloc (
  133. (sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength) +
  134. (2 * sidLength) +
  135. sizeof (SECURITY_DESCRIPTOR));
  137. groupSID = (SID *) (*SD + 1);
  138. ownerSID = (SID *) (((BYTE *) groupSID) + sidLength);
  139. dacl = (ACL *) (((BYTE *) ownerSID) + sidLength);
  141. if (!InitializeSecurityDescriptor (*SD, SECURITY_DESCRIPTOR_REVISION))
  142. {
  143. MemFree (*SD);
  144. MemFree (sid);
  145. return GetLastError();
  146. }
  148. if (!InitializeAcl (dacl,
  149. sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength,
  150. ACL_REVISION2))
  151. {
  152. MemFree (*SD);
  153. MemFree (sid);
  154. return GetLastError();
  155. }
  157. if (!AddAccessAllowedAce (dacl,
  158. ACL_REVISION2,
  159. COM_RIGHTS_EXECUTE,
  160. sid))
  161. {
  162. MemFree (*SD);
  163. MemFree (sid);
  164. return GetLastError();
  165. }
  167. if (!SetSecurityDescriptorDacl (*SD, TRUE, dacl, FALSE))
  168. {
  169. MemFree (*SD);
  170. MemFree (sid);
  171. return GetLastError();
  172. }
  174. memcpy (groupSID, sid, sidLength);
  175. if (!SetSecurityDescriptorGroup (*SD, groupSID, FALSE))
  176. {
  177. MemFree (*SD);
  178. MemFree (sid);
  179. return GetLastError();
  180. }
  182. memcpy (ownerSID, sid, sidLength);
  183. if (!SetSecurityDescriptorOwner (*SD, ownerSID, FALSE))
  184. {
  185. MemFree (*SD);
  186. MemFree (sid);
  187. return GetLastError();
  188. }
  190. MemFree(sid);
  192. return ERROR_SUCCESS;
  193. }
  196. DWORD
  197. MakeSDAbsolute (
  198. PSECURITY_DESCRIPTOR OldSD,
  199. PSECURITY_DESCRIPTOR *NewSD
  200. )
  201. {
  202. PSECURITY_DESCRIPTOR sd = NULL;
  203. DWORD descriptorSize;
  204. DWORD daclSize;
  205. DWORD saclSize;
  206. DWORD ownerSIDSize;
  207. DWORD groupSIDSize;
  208. PACL dacl;
  209. PACL sacl;
  210. PSID ownerSID;
  211. PSID groupSID;
  212. BOOL present;
  213. BOOL systemDefault;
  215. //
  216. // Get SACL
  217. //
  219. if (!GetSecurityDescriptorSacl (OldSD, &present, &sacl, &systemDefault))
  220. return GetLastError();
  222. if (sacl && present)
  223. {
  224. saclSize = sacl->AclSize;
  225. } else saclSize = 0;
  227. //
  228. // Get DACL
  229. //
  231. if (!GetSecurityDescriptorDacl (OldSD, &present, &dacl, &systemDefault))
  232. return GetLastError();
  234. if (dacl && present)
  235. {
  236. daclSize = dacl->AclSize;
  237. } else daclSize = 0;
  239. //
  240. // Get Owner
  241. //
  243. if (!GetSecurityDescriptorOwner (OldSD, &ownerSID, &systemDefault))
  244. return GetLastError();
  246. ownerSIDSize = GetLengthSid (ownerSID);
  248. //
  249. // Get Group
  250. //
  252. if (!GetSecurityDescriptorGroup (OldSD, &groupSID, &systemDefault))
  253. return GetLastError();
  255. groupSIDSize = GetLengthSid (groupSID);
  257. //
  258. // Do the conversion
  259. //
  261. descriptorSize = 0;
  263. MakeAbsoluteSD (OldSD, sd, &descriptorSize, dacl, &daclSize, sacl,
  264. &saclSize, ownerSID, &ownerSIDSize, groupSID,
  265. &groupSIDSize);
  267. sd = (PSECURITY_DESCRIPTOR) new BYTE [SECURITY_DESCRIPTOR_MIN_LENGTH];
  268. if (!InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION))
  269. return GetLastError();
  271. if (!MakeAbsoluteSD (OldSD, sd, &descriptorSize, dacl, &daclSize, sacl,
  272. &saclSize, ownerSID, &ownerSIDSize, groupSID,
  273. &groupSIDSize))
  274. return GetLastError();
  276. *NewSD = sd;
  277. return ERROR_SUCCESS;
  278. }
  280. DWORD
  281. SetNamedValueSD (
  282. HKEY RootKey,
  283. LPTSTR KeyName,
  284. LPTSTR ValueName,
  285. SECURITY_DESCRIPTOR *SD
  286. )
  287. {
  288. DWORD returnValue;
  289. DWORD disposition;
  290. HKEY registryKey;
  292. //
  293. // Create new key or open existing key
  294. //
  296. returnValue = RegCreateKeyEx (RootKey, KeyName, 0, TEXT(""), 0, KEY_ALL_ACCESS, NULL, &registryKey, &disposition);
  297. if (returnValue != ERROR_SUCCESS)
  298. return returnValue;
  300. //
  301. // Write the security descriptor
  302. //
  304. returnValue = RegSetValueEx (registryKey, ValueName, 0, REG_BINARY, (LPBYTE) SD, GetSecurityDescriptorLength (SD));
  305. if (returnValue != ERROR_SUCCESS)
  306. return returnValue;
  308. RegCloseKey (registryKey);
  310. return ERROR_SUCCESS;
  311. }
  313. DWORD
  314. GetNamedValueSD (
  315. HKEY RootKey,
  316. LPTSTR KeyName,
  317. LPTSTR ValueName,
  318. SECURITY_DESCRIPTOR **SD,
  319. BOOL *NewSD
  320. )
  321. {
  322. DWORD returnValue;
  323. HKEY registryKey;
  324. DWORD valueType;
  325. DWORD valueSize;
  327. *NewSD = FALSE;
  329. //
  330. // Get the security descriptor from the named value. If it doesn't
  331. // exist, create a fresh one.
  332. //
  334. returnValue = RegOpenKeyEx (RootKey, KeyName, 0, KEY_ALL_ACCESS, &registryKey);
  336. if (returnValue != ERROR_SUCCESS)
  337. {
  338. if (returnValue == ERROR_FILE_NOT_FOUND)
  339. {
  340. *SD = NULL;
  341. returnValue = CreateNewSD (SD);
  342. if (returnValue != ERROR_SUCCESS)
  343. return returnValue;
  345. *NewSD = TRUE;
  346. return ERROR_SUCCESS;
  347. } else
  348. return returnValue;
  349. }
  351. returnValue = RegQueryValueEx (registryKey, ValueName, NULL, &valueType, NULL, &valueSize);
  353. if (returnValue && returnValue != ERROR_INSUFFICIENT_BUFFER)
  354. {
  355. *SD = NULL;
  356. returnValue = CreateNewSD (SD);
  357. if (returnValue != ERROR_SUCCESS)
  358. return returnValue;
  360. *NewSD = TRUE;
  361. } else
  362. {
  363. *SD = (SECURITY_DESCRIPTOR *) MemAlloc (valueSize);
  365. returnValue = RegQueryValueEx (registryKey, ValueName, NULL, &valueType, (LPBYTE) *SD, &valueSize);
  366. if (returnValue)
  367. {
  368. MemFree (*SD);
  370. *SD = NULL;
  371. returnValue = CreateNewSD (SD);
  372. if (returnValue != ERROR_SUCCESS)
  373. return returnValue;
  375. *NewSD = TRUE;
  376. }
  377. }
  379. RegCloseKey (registryKey);
  381. return ERROR_SUCCESS;
  382. }
  384. DWORD
  385. CopyACL (
  386. PACL OldACL,
  387. PACL NewACL
  388. )
  389. {
  390. ACL_SIZE_INFORMATION aclSizeInfo;
  391. LPVOID ace;
  392. ACE_HEADER *aceHeader;
  393. ULONG i;
  395. GetAclInformation (OldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (aclSizeInfo), AclSizeInformation);
  397. //
  398. // Copy all of the ACEs to the new ACL
  399. //
  401. for (i = 0; i < aclSizeInfo.AceCount; i++)
  402. {
  403. //
  404. // Get the ACE and header info
  405. //
  407. if (!GetAce (OldACL, i, &ace))
  408. return GetLastError();
  410. aceHeader = (ACE_HEADER *) ace;
  412. //
  413. // Add the ACE to the new list
  414. //
  416. if (!AddAce (NewACL, ACL_REVISION, 0xffffffff, ace, aceHeader->AceSize))
  417. return GetLastError();
  418. }
  420. return ERROR_SUCCESS;
  421. }
  424. DWORD
  425. AddAccessDeniedACEToACL (
  426. PACL *Acl,
  427. BOOL *pfNewAcl,
  428. DWORD PermissionMask,
  429. LPTSTR Principal
  430. )
  431. {
  432. ACL_SIZE_INFORMATION aclSizeInfo;
  433. int aclSize;
  434. DWORD returnValue;
  435. PSID principalSID;
  436. PACL oldACL, newACL;
  438. oldACL = *Acl;
  440. returnValue = GetPrincipalSID (Principal, &principalSID);
  441. if (returnValue != ERROR_SUCCESS)
  442. return returnValue;
  444. GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
  446. aclSize = aclSizeInfo.AclBytesInUse +
  447. sizeof (ACL) + sizeof (ACCESS_DENIED_ACE) +
  448. GetLengthSid (principalSID) - sizeof (DWORD);
  450. newACL = (PACL) new BYTE [aclSize];
  452. if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
  453. {
  454. MemFree (principalSID);
  455. return GetLastError();
  456. }
  458. if (!AddAccessDeniedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
  459. {
  460. MemFree (principalSID);
  461. return GetLastError();
  462. }
  464. returnValue = CopyACL (oldACL, newACL);
  465. if (returnValue != ERROR_SUCCESS)
  466. {
  467. MemFree (principalSID);
  468. return returnValue;
  469. }
  471. *Acl = newACL;
  473. if (*pfNewAcl)
  474. delete [] oldACL;
  476. *pfNewAcl = TRUE;
  478. MemFree (principalSID);
  479. return ERROR_SUCCESS;
  480. }
  482. DWORD
  483. AddAccessAllowedACEToACL (
  484. PACL *Acl,
  485. BOOL *pfNewAcl,
  486. DWORD PermissionMask,
  487. LPTSTR Principal
  488. )
  489. {
  490. ACL_SIZE_INFORMATION aclSizeInfo;
  491. int aclSize;
  492. DWORD returnValue;
  493. PSID principalSID = NULL;
  494. PACL oldACL, newACL;
  496. oldACL = *Acl;
  498. returnValue = GetPrincipalSID (Principal, &principalSID);
  499. if (returnValue != ERROR_SUCCESS)
  500. goto Cleanup;
  502. GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
  504. aclSize = aclSizeInfo.AclBytesInUse +
  505. sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) +
  506. GetLengthSid (principalSID) - sizeof (DWORD);
  508. newACL = (PACL) new BYTE [aclSize];
  510. if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
  511. goto Cleanup;
  513. returnValue = CopyACL (oldACL, newACL);
  514. if (returnValue != ERROR_SUCCESS)
  515. goto Cleanup;
  517. if (!AddAccessAllowedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
  518. goto Cleanup;
  520. *Acl = newACL;
  522. if (*pfNewAcl)
  523. delete [] oldACL;
  525. *pfNewAcl = TRUE;
  527. Cleanup:
  529. MemFree (principalSID);
  530. return returnValue;
  531. }
  533. DWORD
  534. RemovePrincipalFromACL (
  535. PACL Acl,
  536. LPTSTR Principal
  537. )
  538. {
  539. ACL_SIZE_INFORMATION aclSizeInfo;
  540. ULONG i;
  541. LPVOID ace;
  542. ACCESS_ALLOWED_ACE *accessAllowedAce;
  543. ACCESS_DENIED_ACE *accessDeniedAce;
  544. SYSTEM_AUDIT_ACE *systemAuditAce;
  545. PSID principalSID;
  546. DWORD returnValue;
  547. ACE_HEADER *aceHeader;
  549. returnValue = GetPrincipalSID (Principal, &principalSID);
  550. if (returnValue != ERROR_SUCCESS)
  551. return returnValue;
  553. GetAclInformation (Acl, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
  555. for (i = 0; i < aclSizeInfo.AceCount; i++)
  556. {
  557. if (!GetAce (Acl, i, &ace))
  558. {
  559. MemFree (principalSID);
  560. return GetLastError();
  561. }
  563. aceHeader = (ACE_HEADER *) ace;
  565. if (aceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
  566. {
  567. accessAllowedAce = (ACCESS_ALLOWED_ACE *) ace;
  569. if (EqualSid (principalSID, (PSID) &accessAllowedAce->SidStart))
  570. {
  571. DeleteAce (Acl, i);
  572. MemFree (principalSID);
  573. return ERROR_SUCCESS;
  574. }
  575. } else
  577. if (aceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
  578. {
  579. accessDeniedAce = (ACCESS_DENIED_ACE *) ace;
  581. if (EqualSid (principalSID, (PSID) &accessDeniedAce->SidStart))
  582. {
  583. DeleteAce (Acl, i);
  584. MemFree (principalSID);
  585. return ERROR_SUCCESS;
  586. }
  587. } else
  589. if (aceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE)
  590. {
  591. systemAuditAce = (SYSTEM_AUDIT_ACE *) ace;
  593. if (EqualSid (principalSID, (PSID) &systemAuditAce->SidStart))
  594. {
  595. DeleteAce (Acl, i);
  596. MemFree (principalSID);
  597. return ERROR_SUCCESS;
  598. }
  599. }
  600. }
  602. MemFree (principalSID);
  603. return ERROR_SUCCESS;
  604. }
  606. DWORD
  607. AddPrincipalToNamedValueSD (
  608. HKEY RootKey,
  609. LPTSTR KeyName,
  610. LPTSTR ValueName,
  611. LPTSTR Principal,
  612. BOOL Permit
  613. )
  614. {
  615. DWORD returnValue;
  616. SECURITY_DESCRIPTOR *sd;
  617. SECURITY_DESCRIPTOR *sdSelfRelative = NULL;
  618. SECURITY_DESCRIPTOR *sdAbsolute;
  619. DWORD secDescSize;
  620. BOOL present;
  621. BOOL defaultDACL;
  622. PACL dacl;
  623. BOOL newACL = FALSE;
  624. BOOL newSD = FALSE;
  626. returnValue = GetNamedValueSD (RootKey, KeyName, ValueName, &sd, &newSD);
  628. //
  629. // Get security descriptor from registry or create a new one
  630. //
  632. if (returnValue != ERROR_SUCCESS)
  633. return returnValue;
  635. if (!GetSecurityDescriptorDacl (sd, &present, &dacl, &defaultDACL))
  636. return GetLastError();
  638. if (newSD)
  639. {
  640. AddAccessAllowedACEToACL (&dacl, &newACL, COM_RIGHTS_EXECUTE, TEXT("SYSTEM"));
  641. AddAccessAllowedACEToACL (&dacl, &newACL, COM_RIGHTS_EXECUTE, TEXT("INTERACTIVE"));
  642. }
  644. //
  645. // Add the Principal that the caller wants added
  646. //
  648. if (Permit)
  649. {
  650. returnValue = AddAccessAllowedACEToACL (&dacl, &newACL, COM_RIGHTS_EXECUTE, Principal);
  651. }
  652. else
  653. returnValue = AddAccessDeniedACEToACL (&dacl, &newACL, GENERIC_ALL, Principal);
  655. if (returnValue != ERROR_SUCCESS)
  656. {
  657. MemFree (sd);
  658. return returnValue;
  659. }
  661. //
  662. // Make the security descriptor absolute if it isn't new
  663. //
  665. if (!newSD)
  666. MakeSDAbsolute ((PSECURITY_DESCRIPTOR) sd, (PSECURITY_DESCRIPTOR *) &sdAbsolute);
  667. else
  668. sdAbsolute = sd;
  670. //
  671. // Set the discretionary ACL on the security descriptor
  672. //
  674. if (!SetSecurityDescriptorDacl (sdAbsolute, TRUE, dacl, FALSE))
  675. return GetLastError();
  677. //
  678. // Make the security descriptor self-relative so that we can
  679. // store it in the registry
  680. //
  682. secDescSize = 0;
  683. MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize);
  684. sdSelfRelative = (SECURITY_DESCRIPTOR *) MemAlloc (secDescSize);
  685. if (!MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize))
  686. return GetLastError();
  688. //
  689. // Store the security descriptor in the registry
  690. //
  692. SetNamedValueSD (RootKey, KeyName, ValueName, sdSelfRelative);
  694. MemFree (sd);
  695. MemFree (sdSelfRelative);
  697. if (newACL)
  698. delete [] dacl;
  700. if (!newSD)
  701. MemFree (sdAbsolute);
  703. return ERROR_SUCCESS;
  704. }
  706. DWORD
  707. RemovePrincipalFromNamedValueSD (
  708. HKEY RootKey,
  709. LPTSTR KeyName,
  710. LPTSTR ValueName,
  711. LPTSTR Principal
  712. )
  713. {
  714. DWORD returnValue;
  715. SECURITY_DESCRIPTOR *sd;
  716. SECURITY_DESCRIPTOR *sdSelfRelative = NULL;
  717. SECURITY_DESCRIPTOR *sdAbsolute;
  718. DWORD secDescSize;
  719. BOOL present;
  720. BOOL defaultDACL;
  721. PACL dacl;
  722. BOOL newACL = FALSE;
  723. BOOL newSD = FALSE;
  725. returnValue = GetNamedValueSD (RootKey, KeyName, ValueName, &sd, &newSD);
  727. //
  728. // Get security descriptor from registry or create a new one
  729. //
  731. if (returnValue != ERROR_SUCCESS)
  732. return returnValue;
  734. if (!GetSecurityDescriptorDacl (sd, &present, &dacl, &defaultDACL))
  735. return GetLastError();
  737. //
  738. // If the security descriptor is new, add the required Principals to it
  739. //
  741. if (newSD)
  742. {
  743. AddAccessAllowedACEToACL (&dacl, &newACL, COM_RIGHTS_EXECUTE, TEXT("SYSTEM"));
  744. AddAccessAllowedACEToACL (&dacl, &newACL, COM_RIGHTS_EXECUTE, TEXT("INTERACTIVE"));
  745. }
  747. //
  748. // Remove the Principal that the caller wants removed
  749. //
  751. returnValue = RemovePrincipalFromACL (dacl, Principal);
  752. if (returnValue != ERROR_SUCCESS)
  753. {
  754. MemFree (sd);
  755. return returnValue;
  756. }
  758. //
  759. // Make the security descriptor absolute if it isn't new
  760. //
  762. if (!newSD)
  763. MakeSDAbsolute ((PSECURITY_DESCRIPTOR) sd, (PSECURITY_DESCRIPTOR *) &sdAbsolute);
  764. else
  765. sdAbsolute = sd;
  767. //
  768. // Set the discretionary ACL on the security descriptor
  769. //
  771. if (!SetSecurityDescriptorDacl (sdAbsolute, TRUE, dacl, FALSE))
  772. return GetLastError();
  774. //
  775. // Make the security descriptor self-relative so that we can
  776. // store it in the registry
  777. //
  779. secDescSize = 0;
  780. MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize);
  781. sdSelfRelative = (SECURITY_DESCRIPTOR *) MemAlloc (secDescSize);
  782. if (!MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize))
  783. return GetLastError();
  785. //
  786. // Store the security descriptor in the registry
  787. //
  789. SetNamedValueSD (RootKey, KeyName, ValueName, sdSelfRelative);
  791. MemFree (sd);
  792. MemFree (sdSelfRelative);
  794. if (newACL)
  795. delete [] dacl;
  797. if (!newSD)
  798. MemFree (sdAbsolute);
  800. return ERROR_SUCCESS;
  801. }
  803. //+---------------------------------------------------------------------------
  804. //
  805. // Function: ChangeAppIDACL
  806. //
  807. // Synopsis: Given an AppID and a username ("EVERYONE",
  808. // "REDMOND\johndoe") add or remove them from the DCOM Access
  809. // or launch permissions for that app.
  810. //
  811. // Arguments: [AppID] -- GUID of application to set permissions for.
  812. // [Principal] -- Name of user
  813. // [fAccess] -- If TRUE, set the access permissions. If
  814. // FALSE, set the launch permissions.
  815. // [SetPrincipal] -- If TRUE, add the user, otherwise remove
  816. // [Permit] -- If TRUE, give them access, otherwise deny
  817. // them access (ignored if [SetPrincipal] is
  818. // false.
  819. //
  820. // Returns: HRESULT
  821. //
  822. //----------------------------------------------------------------------------
  824. HRESULT
  825. ChangeAppIDACL (
  826. REFGUID AppID,
  827. LPTSTR Principal,
  828. BOOL fAccess,
  829. BOOL SetPrincipal,
  830. BOOL Permit)
  831. {
  832. TCHAR keyName [256];
  833. DWORD dwRet;
  834. LPTSTR pstrValue;
  835. OLECHAR strClsid[40];
  837. StringFromGUID2(AppID, strClsid, 40);
  839. wsprintf (keyName, TEXT("APPID\\%s"), strClsid);
  841. if (fAccess)
  842. pstrValue = TEXT("AccessPermission");
  843. else
  844. pstrValue = TEXT("LaunchPermission");
  846. if (SetPrincipal)
  847. {
  848. RemovePrincipalFromNamedValueSD (HKEY_CLASSES_ROOT, keyName, pstrValue, Principal);
  849. dwRet = AddPrincipalToNamedValueSD (HKEY_CLASSES_ROOT, keyName, pstrValue, Principal, Permit);
  850. }
  851. else
  852. {
  853. dwRet = RemovePrincipalFromNamedValueSD (HKEY_CLASSES_ROOT, keyName, pstrValue, Principal);
  854. }
  856. return HRESULT_FROM_WIN32(dwRet);
  857. }