Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

134 lines
3.5 KiB

  1. #include "pch.h"
  2. #include "makesd.h"
  3. #include <stdio.h>
  4. #define MAILRM_IDENTIFIER_AUTHORITY { 0, 0, 0, 0, 0, 42 }
  5. SID sInsecureSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 1 };
  6. SID sBobSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 2 };
  7. SID sMarthaSid= { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 3 };
  8. SID sJoeSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 4 };
  9. SID sJaneSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 5 };
  10. SID sMailAdminsSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 6 };
  11. PSID InsecureSid = &sInsecureSid;
  12. PSID BobSid = &sBobSid;
  13. PSID MarthaSid= &sMarthaSid;
  14. PSID JoeSid = &sJoeSid;
  15. PSID JaneSid = &sJaneSid;
  16. PSID MailAdminsSid = &sMailAdminsSid;
  17. //
  18. // Principal self SID. When used in an ACE, the Authz access check replaces it
  19. // by the passed in PrincipalSelfSid parameter during the access check. In this
  20. // case, it is replaced by the owner's SID retrieved from the mailbox.
  21. //
  22. SID sPrincipalSelfSid = {
  23. SID_REVISION,
  24. 1,
  25. SECURITY_NT_AUTHORITY,
  26. SECURITY_PRINCIPAL_SELF_RID
  27. };
  28. SID sNetworkSid = {
  29. SID_REVISION,
  30. 1,
  31. SECURITY_NT_AUTHORITY,
  32. SECURITY_NETWORK_RID
  33. };
  34. SID sAuthenticatedSid = {
  35. SID_REVISION,
  36. 1,
  37. SECURITY_NT_AUTHORITY,
  38. SECURITY_AUTHENTICATED_USER_RID,
  39. };
  40. SID sDialupSid = {
  41. SID_REVISION,
  42. 1,
  43. SECURITY_NT_AUTHORITY,
  44. SECURITY_DIALUP_RID,
  45. };
  46. PSID PrincipalSelfSid = &sPrincipalSelfSid;
  47. PSID NetworkSid = &sNetworkSid;
  48. PSID AuthenticatedSid = &sAuthenticatedSid;
  49. PSID DialupSid = &sDialupSid;
  50. void __cdecl wmain(int argc, WCHAR *argv[])
  51. {
  52. PSECURITY_DESCRIPTOR pSd;
  53. BOOL bSuccess;
  54. if( argc != 2 )
  55. {
  56. printf("Error: makesd <filename>\n");
  57. }
  58. bSuccess = CreateSecurityDescriptor2(
  59. &pSd, // SD
  60. 0, // SD Control
  61. PrincipalSelfSid, // owner
  62. NULL, // group
  63. TRUE, // DACL present
  64. 3, // 3 DACL ACEs
  65. FALSE, // SACL not present
  66. 0, // 0 SACL ACEs
  67. // Var argl list
  68. ACCESS_DENIED_ACE_TYPE,
  69. OBJECT_INHERIT_ACE,
  70. DialupSid,
  71. FILE_GENERIC_READ,
  72. ACCESS_ALLOWED_ACE_TYPE,
  73. OBJECT_INHERIT_ACE,
  74. AuthenticatedSid,
  75. FILE_GENERIC_READ,
  76. ACCESS_ALLOWED_CALLBACK_ACE_TYPE,
  77. OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
  78. PrincipalSelfSid,
  79. FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
  80. 0,
  81. NULL
  82. );
  83. if( !bSuccess )
  84. {
  85. printf("Error: %u\n", GetLastError());
  86. exit(0);
  87. }
  88. bSuccess = IsValidSecurityDescriptor(pSd);
  89. if( !bSuccess )
  90. {
  91. printf("Error: Invalid security descriptor\n");
  92. exit(0);
  93. }
  94. bSuccess = SetFileSecurity(
  95. argv[1],
  96. DACL_SECURITY_INFORMATION,
  97. pSd);
  98. if( !bSuccess )
  99. {
  100. printf("Error setting sec: %u\n", GetLastError());
  101. exit(0);
  102. }
  103. FreeSecurityDescriptor2(pSd);
  104. printf("Success\n");
  105. }