archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/osshell/grptoreg/secdesc.c

265 lines
6.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: secdesc.c
  3. *
  4. * Copyright (c) 1991, Microsoft Corporation
  5. *
  6. * Routines that support creation and deletion of security descriptors
  7. *
  8. * History:
  9. * 02-06-92 Davidc Created.
  10. \***************************************************************************/
  12. #include "sec.h"
  14. //
  15. // Private prototypes
  16. //
  18. PVOID
  19. CreateAccessAllowedAce(
  20. PSID Sid,
  21. ACCESS_MASK AccessMask,
  22. UCHAR AceFlags,
  23. UCHAR InheritFlags
  24. );
  26. VOID
  27. DestroyAce(
  28. PVOID Ace
  29. );
  33. /***************************************************************************\
  34. * CreateSecurityDescriptor
  35. *
  36. * Creates a security descriptor containing an ACL containing the specified ACEs
  37. *
  38. * A SD created with this routine should be destroyed using
  39. * DeleteSecurityDescriptor
  40. *
  41. * Returns a pointer to the security descriptor or NULL on failure.
  42. *
  43. * 02-06-92 Davidc Created.
  44. \***************************************************************************/
  46. PSECURITY_DESCRIPTOR
  47. CreateSecurityDescriptor(
  48. PMYACE MyAce,
  49. ACEINDEX AceCount
  50. )
  51. {
  52. NTSTATUS Status;
  53. ACEINDEX AceIndex;
  54. PACCESS_ALLOWED_ACE *Ace;
  55. PACL Acl = NULL;
  56. PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  57. ULONG LengthAces;
  58. ULONG LengthAcl;
  59. ULONG LengthSd;
  61. //
  62. // Allocate space for the ACE pointer array
  63. //
  65. Ace = (PACCESS_ALLOWED_ACE *)Alloc(sizeof(PACCESS_ALLOWED_ACE) * AceCount);
  66. if (Ace == NULL) {
  67. DbgOnlyPrint("grptoreg failed to allocated ACE array\n\r");
  68. return(NULL);
  69. }
  71. //
  72. // Create the ACEs and calculate total ACE size
  73. //
  75. LengthAces = 0;
  76. for (AceIndex=0; AceIndex < AceCount; AceIndex ++) {
  77. Ace[AceIndex] = CreateAccessAllowedAce(MyAce[AceIndex].Sid,
  78. MyAce[AceIndex].AccessMask,
  79. 0,
  80. MyAce[AceIndex].InheritFlags);
  81. if (Ace[AceIndex] == NULL) {
  82. DbgOnlyPrint("grptoreg : Failed to allocate ace\n\r");
  83. } else {
  84. LengthAces += Ace[AceIndex]->Header.AceSize;
  85. }
  86. }
  88. //
  89. // Calculate ACL and SD sizes
  90. //
  92. LengthAcl = sizeof(ACL) + LengthAces;
  93. LengthSd = SECURITY_DESCRIPTOR_MIN_LENGTH;
  95. //
  96. // Create the ACL
  97. //
  99. Acl = Alloc(LengthAcl);
  101. if (Acl != NULL) {
  103. Status = RtlCreateAcl(Acl, LengthAcl, ACL_REVISION);
  104. ASSERT(NT_SUCCESS(Status));
  106. //
  107. // Add the ACES to the ACL and destroy the ACEs
  108. //
  110. for (AceIndex = 0; AceIndex < AceCount; AceIndex ++) {
  112. if (Ace[AceIndex] != NULL) {
  114. Status = RtlAddAce(Acl, ACL_REVISION, 0, Ace[AceIndex],
  115. Ace[AceIndex]->Header.AceSize);
  117. if (!NT_SUCCESS(Status)) {
  118. DbgOnlyPrint("grptoreg : AddAce failed, status = 0x%lx\n\r", Status);
  119. }
  121. DestroyAce(Ace[AceIndex]);
  122. }
  123. }
  125. } else {
  126. DbgOnlyPrint("grptoreg : Failed to allocate ACL\n\r");
  127. }
  129. //
  130. // Free the ACE pointer array
  131. //
  132. Free(Ace);
  134. //
  135. // Create the security descriptor
  136. //
  138. SecurityDescriptor = Alloc(LengthSd);
  140. if (SecurityDescriptor != NULL) {
  142. Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
  143. ASSERT(NT_SUCCESS(Status));
  145. //
  146. // Set the DACL on the security descriptor
  147. //
  148. Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Acl, FALSE);
  149. if (!NT_SUCCESS(Status)) {
  150. DbgOnlyPrint("grptoreg : SetDACLSD failed, status = 0x%lx\n\r", Status);
  151. }
  152. } else {
  153. DbgOnlyPrint("grptoreg : Failed to allocate security descriptor\n\r");
  154. }
  156. //
  157. // Return with our spoils
  158. //
  159. return(SecurityDescriptor);
  160. }
  163. /***************************************************************************\
  164. * DeleteSecurityDescriptor
  165. *
  166. * Deletes a security descriptor created using CreateSecurityDescriptor
  167. *
  168. * Returns TRUE on success, FALSE on failure
  169. *
  170. * 02-06-92 Davidc Created.
  171. \***************************************************************************/
  173. BOOL
  174. DeleteSecurityDescriptor(
  175. PSECURITY_DESCRIPTOR SecurityDescriptor
  176. )
  177. {
  178. NTSTATUS Status;
  179. PACL Acl;
  180. BOOLEAN Present;
  181. BOOLEAN Defaulted;
  183. ASSERT(SecurityDescriptor != NULL);
  185. //
  186. // Get the ACL
  187. //
  188. Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
  189. &Present, &Acl, &Defaulted);
  190. if (NT_SUCCESS(Status)) {
  192. //
  193. // Destroy the ACL
  194. //
  195. if (Present && (Acl != NULL)) {
  196. Free(Acl);
  197. }
  198. } else {
  199. DbgOnlyPrint("grptoreg : Failed to get DACL from security descriptor being destroyed, Status = 0x%lx\n\r", Status);
  200. }
  202. //
  203. // Destroy the Security Descriptor
  204. //
  205. Free(SecurityDescriptor);
  207. return(TRUE);
  208. }
  211. /***************************************************************************\
  212. * CreateAccessAllowedAce
  213. *
  214. * Allocates memory for an ACCESS_ALLOWED_ACE and fills it in.
  215. * The memory should be freed by calling DestroyACE.
  216. *
  217. * Returns pointer to ACE on success, NULL on failure
  218. *
  219. * History:
  220. * 12-05-91 Davidc Created
  221. \***************************************************************************/
  222. PVOID
  223. CreateAccessAllowedAce(
  224. PSID Sid,
  225. ACCESS_MASK AccessMask,
  226. UCHAR AceFlags,
  227. UCHAR InheritFlags
  228. )
  229. {
  230. ULONG LengthSid = RtlLengthSid(Sid);
  231. ULONG LengthACE = sizeof(ACE_HEADER) + sizeof(ACCESS_MASK) + LengthSid;
  232. PACCESS_ALLOWED_ACE Ace;
  234. Ace = (PACCESS_ALLOWED_ACE)Alloc(LengthACE);
  235. if (Ace == NULL) {
  236. DbgOnlyPrint("grptoreg : CreateAccessAllowedAce : Failed to allocate ace\n\r");
  237. return NULL;
  238. }
  240. Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  241. Ace->Header.AceSize = (USHORT)LengthACE;
  242. Ace->Header.AceFlags = AceFlags | InheritFlags;
  243. Ace->Mask = AccessMask;
  244. RtlCopySid(LengthSid, (PSID)(&(Ace->SidStart)), Sid );
  246. return(Ace);
  247. }
  250. /***************************************************************************\
  251. * DestroyAce
  252. *
  253. * Frees the memory allocate for an ACE
  254. *
  255. * History:
  256. * 12-05-91 Davidc Created
  257. \***************************************************************************/
  258. VOID
  259. DestroyAce(
  260. PVOID Ace
  261. )
  262. {
  263. Free(Ace);
  264. }