archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/osshell/grptoreg/security.c

224 lines
5.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: security.c
  3. *
  4. * Copyright (c) 1991, Microsoft Corporation
  5. *
  6. * Handles security aspects of winlogon operation.
  7. *
  8. * History:
  9. * 12-05-91 Davidc Created - mostly taken from old winlogon.c
  10. \***************************************************************************/
  12. #include "sec.h"
  13. #include <winuserp.h>
  14. #include <string.h>
  15. #include <fcntl.h>
  16. #include <io.h>
  17. #include <stdio.h>
  20. /***************************************************************************\
  21. * SetMyAce
  22. *
  23. * Helper routine that fills in a MYACE structure.
  24. *
  25. * History:
  26. * 02-06-92 Davidc Created
  27. \***************************************************************************/
  28. VOID
  29. SetMyAce(
  30. PMYACE MyAce,
  31. PSID Sid,
  32. ACCESS_MASK Mask,
  33. UCHAR InheritFlags
  34. )
  35. {
  36. MyAce->Sid = Sid;
  37. MyAce->AccessMask= Mask;
  38. MyAce->InheritFlags = InheritFlags;
  39. }
  42. /***************************************************************************\
  43. * SetWorldSecurity
  44. *
  45. * Sets the security given the logon sid passed.
  46. *
  47. * If the UserSid = NULL, no access is given to anyone other than world
  48. *
  49. * Returns TRUE on success, FALSE on failure
  50. *
  51. * History:
  52. * 12-05-91 Davidc Created
  53. \***************************************************************************/
  54. BOOL
  55. SetWorldSecurity(
  56. PSID UserSid,
  57. PSECURITY_DESCRIPTOR *pSecDesc,
  58. BOOL bCommonGroupAccess
  59. )
  60. {
  61. MYACE Ace[4];
  62. ACEINDEX AceCount = 0;
  63. PSECURITY_DESCRIPTOR SecurityDescriptor;
  64. PSID WorldSid = NULL;
  65. PSID AdminAliasSid = NULL;
  66. PSID PowerUserAliasSid = NULL;
  67. PSID SystemOpsAliasSid = NULL;
  68. SID_IDENTIFIER_AUTHORITY WorldSidAuthority = SECURITY_WORLD_SID_AUTHORITY;
  69. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  70. NTSTATUS Status;
  71. ACCESS_MASK AccessMask;
  73. // Create the world Sid
  74. Status = RtlAllocateAndInitializeSid(
  75. &WorldSidAuthority,
  76. 1, // Sub authority count
  77. SECURITY_WORLD_RID, // Sub authorities
  78. 0, 0, 0, 0, 0, 0, 0,
  79. &WorldSid);
  81. if (!NT_SUCCESS(Status)) {
  82. DbgOnlyPrint("progman failed to allocate memory for world sid\n");
  83. return(FALSE);
  84. }
  86. Status = RtlAllocateAndInitializeSid(
  87. &NtAuthority,
  88. 2, // Sub authority count
  89. SECURITY_BUILTIN_DOMAIN_RID, // Sub authority[0]
  90. DOMAIN_ALIAS_RID_ADMINS, // Sub authority[1]
  91. 0, 0, 0, 0, 0, 0,
  92. &AdminAliasSid);
  94. Status = RtlAllocateAndInitializeSid(
  95. &NtAuthority,
  96. 2, // Sub authority count
  97. SECURITY_BUILTIN_DOMAIN_RID, // Sub authority[0]
  98. DOMAIN_ALIAS_RID_POWER_USERS, // Sub authority[1]
  99. 0, 0, 0, 0, 0, 0,
  100. &PowerUserAliasSid);
  102. Status = RtlAllocateAndInitializeSid(
  103. &NtAuthority,
  104. 2, // Sub authority count
  105. SECURITY_BUILTIN_DOMAIN_RID, // Sub authority[0]
  106. DOMAIN_ALIAS_RID_SYSTEM_OPS, // Sub authority[1]
  107. 0, 0, 0, 0, 0, 0,
  108. &SystemOpsAliasSid);
  111. if (!NT_SUCCESS(Status)) {
  112. DbgOnlyPrint("progman failed to allocate memory for admin sid\n");
  113. return(FALSE);
  114. }
  118. //
  119. // Define the World ACEs
  120. //
  122. if (bCommonGroupAccess) {
  123. AccessMask = KEY_READ;
  124. }
  125. else {
  126. AccessMask = KEY_READ | KEY_WRITE | DELETE;
  127. }
  129. SetMyAce(&(Ace[AceCount++]),
  130. WorldSid,
  131. AccessMask,
  132. NO_PROPAGATE_INHERIT_ACE
  133. );
  135. //
  136. // Define the Admins ACEs
  137. //
  139. SetMyAce(&(Ace[AceCount++]),
  140. AdminAliasSid,
  141. GENERIC_ALL,
  142. NO_PROPAGATE_INHERIT_ACE
  143. );
  145. //
  146. // Define the Power Users ACEs
  147. //
  149. SetMyAce(&(Ace[AceCount++]),
  150. PowerUserAliasSid,
  151. GENERIC_ALL,
  152. NO_PROPAGATE_INHERIT_ACE
  153. );
  155. //
  156. // Define the System Operators ACEs
  157. //
  159. SetMyAce(&(Ace[AceCount++]),
  160. SystemOpsAliasSid,
  161. GENERIC_ALL,
  162. NO_PROPAGATE_INHERIT_ACE
  163. );
  165. // Check we didn't goof
  166. ASSERT((sizeof(Ace) / sizeof(MYACE)) >= AceCount);
  168. //
  169. // Create the security descriptor
  170. //
  172. SecurityDescriptor = CreateSecurityDescriptor(Ace, AceCount);
  173. if (SecurityDescriptor == NULL) {
  174. DbgOnlyPrint("Progman failed to create security descriptor\n\r");
  175. return(FALSE);
  176. }
  178. #if 0
  179. // Keep security descriptor global
  180. // delete only when exiting the program
  182. //
  183. // Free up the security descriptor
  184. //
  186. DeleteSecurityDescriptor(SecurityDescriptor);
  187. #endif
  189. //
  190. // Return success status
  191. //
  193. *pSecDesc = SecurityDescriptor;
  194. return(TRUE);
  195. }
  197. /***************************************************************************\
  198. * InitializeSecurityAttributes
  199. *
  200. *
  201. * Returns TRUE on success, FALSE on failure
  202. *
  203. * History:
  204. * 04-14092 JohanneC Created
  205. \***************************************************************************/
  206. BOOL InitializeSecurityAttributes
  207. (
  208. PSECURITY_ATTRIBUTES pSecurityAttributes,
  209. BOOL bCommonGroupAccess
  210. )
  211. {
  212. PSECURITY_DESCRIPTOR pSecDesc;
  214. if (!SetWorldSecurity(NULL, &pSecDesc, bCommonGroupAccess)) {
  215. return(FALSE);
  216. }
  218. pSecurityAttributes->nLength = sizeof(SECURITY_ATTRIBUTES);
  219. pSecurityAttributes->lpSecurityDescriptor = pSecDesc;
  220. pSecurityAttributes->bInheritHandle = TRUE;
  222. return(TRUE);
  223. }