archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/fs/utils/dfrg/secattr.cpp

239 lines
7.1 KiB
Raw Normal View History

Add source files
4 years ago
  1. /**************************************************************************************************
  3. FILENAME: SecAttr.cpp
  5. COPYRIGHT 2001 Microsoft Corporation and Executive Software International, Inc.
  7. DESCRIPTION:
  8. Security attribute related routines
  10. **************************************************************************************************/
  14. #include "stdafx.h"
  16. extern "C"{
  17. #include <string.h>
  18. #include <stdio.h>
  19. #include <stdlib.h>
  20. }
  22. #include "Windows.h"
  25. #include <accctrl.h> // EXPLICIT_ACCESS, ACL related stuff
  26. #include <aclapi.h> // SetEntriesInAcl
  28. #include "secattr.h"
  30. BOOL
  31. ConstructSecurityAttributes(
  32. PSECURITY_ATTRIBUTES psaSecurityAttributes,
  33. SecurityAttributeType eSaType,
  34. BOOL bIncludeBackupOperator
  35. )
  36. {
  37. DWORD dwStatus;
  38. DWORD dwAccessMask = 0;
  39. BOOL bResult = TRUE;
  40. PSID psidBackupOperators = NULL;
  41. PSID psidAdministrators = NULL;
  42. PSID psidLocalSystem = NULL;
  43. PACL paclDiscretionaryAcl = NULL;
  44. SID_IDENTIFIER_AUTHORITY sidNtAuthority = SECURITY_NT_AUTHORITY;
  45. EXPLICIT_ACCESS eaExplicitAccess [3];
  47. switch (eSaType) {
  49. case esatMutex:
  50. dwAccessMask = MUTEX_ALL_ACCESS;
  51. break;
  53. case esatSemaphore:
  54. dwAccessMask = SEMAPHORE_ALL_ACCESS;
  55. break;
  57. case esatEvent:
  58. dwAccessMask = EVENT_ALL_ACCESS;
  59. break;
  61. case esatFile:
  62. dwAccessMask = FILE_ALL_ACCESS;
  63. break;
  65. default:
  66. bResult = FALSE;
  67. break;
  68. }
  71. /*
  72. ** Initialise the security descriptor.
  73. */
  74. if (bResult) {
  75. bResult = InitializeSecurityDescriptor(psaSecurityAttributes->lpSecurityDescriptor,
  76. SECURITY_DESCRIPTOR_REVISION
  77. );
  78. }
  80. if (bResult && bIncludeBackupOperator) {
  81. /*
  82. ** Create a SID for the Backup Operators group.
  83. */
  84. bResult = AllocateAndInitializeSid(&sidNtAuthority,
  85. 2,
  86. SECURITY_BUILTIN_DOMAIN_RID,
  87. DOMAIN_ALIAS_RID_BACKUP_OPS,
  88. 0, 0, 0, 0, 0, 0,
  89. &psidBackupOperators
  90. );
  91. }
  93. if (bResult) {
  94. /*
  95. ** Create a SID for the Administrators group.
  96. */
  97. bResult = AllocateAndInitializeSid(&sidNtAuthority,
  98. 2,
  99. SECURITY_BUILTIN_DOMAIN_RID,
  100. DOMAIN_ALIAS_RID_ADMINS,
  101. 0, 0, 0, 0, 0, 0,
  102. &psidAdministrators
  103. );
  105. }
  107. if (bResult) {
  108. /*
  109. ** Create a SID for the Local System.
  110. */
  111. bResult = AllocateAndInitializeSid(&sidNtAuthority,
  112. 1,
  113. SECURITY_LOCAL_SYSTEM_RID,
  114. 0, 0, 0, 0, 0, 0, 0,
  115. &psidLocalSystem
  116. );
  117. }
  119. if (bResult) {
  120. /*
  121. ** Initialize the array of EXPLICIT_ACCESS structures for an
  122. ** ACEs we are setting.
  123. **
  124. ** The first ACE allows the Backup Operators group full access
  125. ** and the second, allowa the Administrators group full
  126. ** access.
  127. */
  129. // Initialize an EXPLICIT_ACCESS structure for an ACE.
  130. // The ACE allows the Administrators group full access to the directory
  131. eaExplicitAccess[0].grfAccessPermissions = FILE_ALL_ACCESS;
  132. eaExplicitAccess[0].grfAccessMode = SET_ACCESS;
  133. eaExplicitAccess[0].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
  134. eaExplicitAccess[0].Trustee.pMultipleTrustee = NULL;
  135. eaExplicitAccess[0].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  136. eaExplicitAccess[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  137. eaExplicitAccess[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
  138. eaExplicitAccess[0].Trustee.ptstrName = (LPTSTR) psidLocalSystem;
  140. eaExplicitAccess[1].grfAccessPermissions = dwAccessMask;
  141. eaExplicitAccess[1].grfAccessMode = SET_ACCESS;
  142. eaExplicitAccess[1].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
  143. eaExplicitAccess[1].Trustee.pMultipleTrustee = NULL;
  144. eaExplicitAccess[1].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  145. eaExplicitAccess[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  146. eaExplicitAccess[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
  147. eaExplicitAccess[1].Trustee.ptstrName = (LPTSTR) psidAdministrators;
  150. if (bIncludeBackupOperator) {
  151. eaExplicitAccess[2].grfAccessPermissions = dwAccessMask;
  152. eaExplicitAccess[2].grfAccessMode = SET_ACCESS;
  153. eaExplicitAccess[2].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
  154. eaExplicitAccess[2].Trustee.pMultipleTrustee = NULL;
  155. eaExplicitAccess[2].Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
  156. eaExplicitAccess[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  157. eaExplicitAccess[2].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
  158. eaExplicitAccess[2].Trustee.ptstrName = (LPTSTR) psidBackupOperators;
  159. }
  162. /*
  163. ** Create a new ACL that contains the new ACEs.
  164. */
  165. dwStatus = SetEntriesInAcl(bIncludeBackupOperator ? 3 : 2,
  166. eaExplicitAccess,
  167. NULL,
  168. &paclDiscretionaryAcl);
  170. if (ERROR_SUCCESS != dwStatus) {
  171. bResult = FALSE;
  172. }
  173. }
  175. if (bResult) {
  176. /*
  177. ** Add the ACL to the security descriptor.
  178. */
  179. bResult = SetSecurityDescriptorDacl(psaSecurityAttributes->lpSecurityDescriptor,
  180. TRUE,
  181. paclDiscretionaryAcl,
  182. FALSE
  183. );
  184. }
  186. if (bResult) {
  187. paclDiscretionaryAcl = NULL;
  188. }
  190. /*
  191. ** Clean up any left over junk.
  192. */
  193. if (NULL != psidLocalSystem) {
  194. FreeSid (psidLocalSystem);
  195. psidLocalSystem = NULL;
  196. }
  198. if (NULL != psidAdministrators) {
  199. FreeSid (psidAdministrators);
  200. psidAdministrators = NULL;
  201. }
  203. if (NULL != psidBackupOperators) {
  204. FreeSid (psidBackupOperators);
  205. psidBackupOperators = NULL;
  206. }
  208. if (NULL != paclDiscretionaryAcl) {
  209. LocalFree (paclDiscretionaryAcl);
  210. paclDiscretionaryAcl = NULL;
  211. }
  213. return bResult;
  214. } /* ConstructSecurityAttributes () */
  217. VOID
  218. CleanupSecurityAttributes(
  219. PSECURITY_ATTRIBUTES psaSecurityAttributes
  220. )
  221. {
  222. BOOL bSucceeded;
  223. BOOL bDaclPresent = FALSE;
  224. BOOL bDaclDefaulted = TRUE;
  225. PACL paclDiscretionaryAcl = NULL;
  227. bSucceeded = GetSecurityDescriptorDacl (psaSecurityAttributes->lpSecurityDescriptor,
  228. &bDaclPresent,
  229. &paclDiscretionaryAcl,
  230. &bDaclDefaulted);
  233. if (bSucceeded && bDaclPresent && !bDaclDefaulted && (NULL != paclDiscretionaryAcl)) {
  234. LocalFree (paclDiscretionaryAcl);
  235. }
  237. } /* CleanupSecurityAttributes () */