archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/com/ole32/dcomss/olescm/secdesc.cxx

276 lines
6.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: secdesc.cxx
  3. *
  4. * Copyright (c) 1991, Microsoft Corporation
  5. *
  6. * Routines that support creation and deletion of security descriptors
  7. *
  8. * History:
  9. * 02-06-92 Davidc Created.
  10. * 04-14-92 RichardW Changed ACE_HEADER
  11. * 04-01-94 AndyH Copied from winlogon. Changed to .CXX
  12. \***************************************************************************/
  14. #include "act.hxx"
  16. //
  17. // Private prototypes
  18. //
  20. PACCESS_ALLOWED_ACE
  21. CreateAccessAllowedAce(
  22. PSID Sid,
  23. ACCESS_MASK AccessMask,
  24. UCHAR AceFlags,
  25. UCHAR InheritFlags
  26. );
  28. VOID
  29. DestroyAce(
  30. PVOID Ace
  31. );
  34. //
  35. // Memory macros
  36. //
  38. #define Alloc(c) ((PVOID)LocalAlloc(LPTR, c))
  39. #define ReAlloc(p, c) ((PVOID)LocalReAlloc(p, c, LPTR | LMEM_MOVEABLE))
  40. #define Free(p) ((VOID)LocalFree(p))
  43. /***************************************************************************\
  44. * CreateSecurityDescriptor
  45. *
  46. * Creates a security descriptor containing an ACL containing the specified ACEs
  47. *
  48. * A SD created with this routine should be destroyed using
  49. * DeleteSecurityDescriptor
  50. *
  51. * Returns a pointer to the security descriptor or NULL on failure.
  52. *
  53. * 02-06-92 Davidc Created.
  54. \***************************************************************************/
  56. PSECURITY_DESCRIPTOR
  57. CreateSecurityDescriptor(
  58. PMYACE MyAce,
  59. ACEINDEX AceCount
  60. )
  61. {
  62. NTSTATUS Status;
  63. ACEINDEX AceIndex;
  64. PACCESS_ALLOWED_ACE *Ace;
  65. PACL Acl = NULL;
  66. PSECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  67. ULONG LengthAces;
  68. ULONG LengthAcl;
  69. ULONG LengthSd;
  71. //
  72. // Allocate space for the ACE pointer array
  73. //
  75. Ace = (PACCESS_ALLOWED_ACE *)Alloc(sizeof(PACCESS_ALLOWED_ACE) * AceCount);
  76. if (Ace == NULL) {
  77. CairoleDebugOut((DEB_ERROR, "Failed to allocated ACE array\n"));
  78. return(NULL);
  79. }
  81. //
  82. // Create the ACEs and calculate total ACE size
  83. //
  85. LengthAces = 0;
  86. for (AceIndex=0; AceIndex < AceCount; AceIndex ++) {
  87. Ace[AceIndex] = CreateAccessAllowedAce(MyAce[AceIndex].Sid,
  88. MyAce[AceIndex].AccessMask,
  89. 0,
  90. MyAce[AceIndex].InheritFlags);
  91. if (Ace[AceIndex] == NULL) {
  92. CairoleDebugOut((DEB_ERROR, "Failed to allocated ACE\n"));
  93. } else {
  94. LengthAces += Ace[AceIndex]->Header.AceSize;
  95. }
  96. }
  98. //
  99. // Calculate ACL and SD sizes
  100. //
  102. LengthAcl = sizeof(ACL) + LengthAces;
  103. LengthSd = SECURITY_DESCRIPTOR_MIN_LENGTH;
  105. //
  106. // Create the ACL
  107. //
  109. Acl = (PACL) Alloc(LengthAcl);
  111. if (Acl != NULL) {
  113. Status = RtlCreateAcl(Acl, LengthAcl, ACL_REVISION);
  114. Win4Assert(NT_SUCCESS(Status));
  116. //
  117. // Add the ACES to the ACL and destroy the ACEs
  118. //
  120. for (AceIndex = 0; AceIndex < AceCount; AceIndex ++) {
  122. if (Ace[AceIndex] != NULL) {
  124. Status = RtlAddAce(Acl, ACL_REVISION, 0, Ace[AceIndex],
  125. Ace[AceIndex]->Header.AceSize);
  127. if (!NT_SUCCESS(Status)) {
  128. CairoleDebugOut((DEB_ERROR, "AddAce failed, status = 0x%lx\n", Status));
  129. }
  131. DestroyAce(Ace[AceIndex]);
  132. }
  133. }
  135. } else {
  136. CairoleDebugOut((DEB_ERROR, "Failed to allocated ACL\n"));
  137. }
  139. //
  140. // Free the ACE pointer array
  141. //
  142. Free(Ace);
  144. //
  145. // Create the security descriptor
  146. //
  148. SecurityDescriptor = Alloc(LengthSd);
  150. if (SecurityDescriptor != NULL) {
  152. Status = RtlCreateSecurityDescriptor(SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
  153. Win4Assert(NT_SUCCESS(Status));
  155. //
  156. // Set the DACL on the security descriptor
  157. //
  158. Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor, TRUE, Acl, FALSE);
  159. if (!NT_SUCCESS(Status)) {
  160. // BUGBUG CairoleDebugOut WLPrint(("SetDACLSD failed, status = 0x%lx", Status));
  161. }
  162. } else {
  163. // BUGBUG CairoleDebugOut WLPrint(("Failed to allocate security descriptor"));
  164. }
  166. //
  167. // Return with our spoils
  168. //
  169. return(SecurityDescriptor);
  170. }
  173. /***************************************************************************\
  174. * DeleteSecurityDescriptor
  175. *
  176. * Deletes a security descriptor created using CreateSecurityDescriptor
  177. *
  178. * Returns TRUE on success, FALSE on failure
  179. *
  180. * 02-06-92 Davidc Created.
  181. \***************************************************************************/
  183. BOOL
  184. DeleteSecurityDescriptor(
  185. PSECURITY_DESCRIPTOR SecurityDescriptor
  186. )
  187. {
  188. NTSTATUS Status;
  189. PACL Acl;
  190. BOOLEAN Present;
  191. BOOLEAN Defaulted;
  193. Win4Assert(SecurityDescriptor != NULL);
  195. //
  196. // Get the ACL
  197. //
  198. Status = RtlGetDaclSecurityDescriptor(SecurityDescriptor,
  199. &Present, &Acl, &Defaulted);
  200. if (NT_SUCCESS(Status)) {
  202. //
  203. // Destroy the ACL
  204. //
  205. if (Present && (Acl != NULL)) {
  206. Free(Acl);
  207. }
  208. } else {
  209. // BUGBUG CairoleDebugOut WLPrint(("Failed to get DACL from security descriptor being destroyed, Status = 0x%lx", Status));
  210. }
  212. //
  213. // Destroy the Security Descriptor
  214. //
  215. Free(SecurityDescriptor);
  217. return(TRUE);
  218. }
  221. /***************************************************************************\
  222. * CreateAccessAllowedAce
  223. *
  224. * Allocates memory for an ACCESS_ALLOWED_ACE and fills it in.
  225. * The memory should be freed by calling DestroyACE.
  226. *
  227. * Returns pointer to ACE on success, NULL on failure
  228. *
  229. * History:
  230. * 12-05-91 Davidc Created
  231. * 04-05-94 AndyH Changed return to ACE
  232. \***************************************************************************/
  233. PACCESS_ALLOWED_ACE
  234. CreateAccessAllowedAce(
  235. PSID Sid,
  236. ACCESS_MASK AccessMask,
  237. UCHAR AceFlags,
  238. UCHAR InheritFlags
  239. )
  240. {
  241. ULONG LengthSid = RtlLengthSid(Sid);
  242. ULONG LengthACE = sizeof(ACE_HEADER) + sizeof(ACCESS_MASK) + LengthSid;
  243. PACCESS_ALLOWED_ACE Ace;
  245. Ace = (PACCESS_ALLOWED_ACE)Alloc(LengthACE);
  246. if (Ace == NULL) {
  247. // BUGBUG CairoleDebugOut WLPrint(("CreateAccessAllowedAce : Failed to allocate ace"));
  248. return NULL;
  249. }
  251. Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
  252. Ace->Header.AceSize = (UCHAR)LengthACE;
  253. Ace->Header.AceFlags = AceFlags | InheritFlags;
  254. Ace->Mask = AccessMask;
  255. RtlCopySid(LengthSid, (PSID)(&(Ace->SidStart)), Sid );
  257. return(Ace);
  258. }
  261. /***************************************************************************\
  262. * DestroyAce
  263. *
  264. * Frees the memory allocate for an ACE
  265. *
  266. * History:
  267. * 12-05-91 Davidc Created
  268. \***************************************************************************/
  269. VOID
  270. DestroyAce(
  271. PVOID Ace
  272. )
  273. {
  274. Free(Ace);
  275. }