Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

120 lines
2.9 KiB

  1. #include "pch.h"
  2. BOOL
  3. MyAccessCheck(
  4. IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
  5. IN PACE_HEADER pAce,
  6. IN PVOID pArgs OPTIONAL,
  7. IN OUT PBOOL pbAceApplicable
  8. )
  9. /*++
  10. Routine Description
  11. This is a very trivial example of a callback access check routine. Here we randomly decide
  12. if the ACE applies to the given client context.
  13. Arguments
  14. hAuthzClientContext - handle to AuthzClientContext.
  15. pAce - pointer to Ace header.
  16. pArgs - optional arguments that can be used in evaluating the ACE.
  17. pbAceApplicable - returns the result of the evaluation.
  18. Return value
  19. Bool, true if ACE is applicable, false otherwise.
  20. --*/
  21. {
  22. *pbAceApplicable = (BOOL) rand() % 2;
  23. return TRUE;
  24. }
  25. BOOL
  26. MyComputeDynamicGroups(
  27. IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext,
  28. IN PVOID Args,
  29. OUT PSID_AND_ATTRIBUTES *pSidAttrArray,
  30. OUT PDWORD pSidCount,
  31. OUT PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray,
  32. OUT PDWORD pRestrictedSidCount
  33. )
  34. /*++
  35. Routine Description
  36. Resource manager callback to compute dynamic groups. This is used by the RM
  37. to decide if the specified client context should be included in any RM defined groups.
  38. Arguments
  39. hAuthzClientContext - handle to client context.
  40. Args - optional parameter to pass information for evaluating group membership.
  41. pSidAttrArray - computed group membership SIDs
  42. pSidCount - count of SIDs
  43. pRestrictedSidAttrArray - computed group membership restricted SIDs
  44. pRestrictedSidCount - count of restricted SIDs
  45. Return Value
  46. Bool, true for success, false on failure.
  47. --*/
  48. {
  49. ULONG Length = 0;
  50. if (Args == -1)
  51. {
  52. return TRUE;
  53. }
  54. *pSidCount = 2;
  55. *pRestrictedSidCount = 0;
  56. *pRestrictedSidAttrArray = 0;
  57. Length = RtlLengthSid((PSID) KedarSid);
  58. Length += RtlLengthSid((PSID) RahulSid);
  59. if (!(*pSidAttrArray = malloc(sizeof(SID_AND_ATTRIBUTES) * 2 + Length)))
  60. {
  61. SetLastError(ERROR_NOT_ENOUGH_MEMORY);
  62. return FALSE;
  63. }
  64. (*pSidAttrArray)[0].Attributes = SE_GROUP_ENABLED;
  65. (*pSidAttrArray)[0].Sid = ((PUCHAR) (*pSidAttrArray)) + 2 * sizeof(SID_AND_ATTRIBUTES);
  66. RtlCopySid(Length/2, (*pSidAttrArray)[0].Sid, (PSID) KedarSid);
  67. (*pSidAttrArray)[1].Attributes = SE_GROUP_USE_FOR_DENY_ONLY;
  68. (*pSidAttrArray)[1].Sid = ((PUCHAR) (*pSidAttrArray)) + 2 * sizeof(SID_AND_ATTRIBUTES) + Length/2;
  69. RtlCopySid(Length/2, (*pSidAttrArray)[1].Sid, (PSID) RahulSid);
  70. return TRUE;
  71. }
  72. VOID
  73. MyFreeDynamicGroups (
  74. IN PSID_AND_ATTRIBUTES pSidAttrArray
  75. )
  76. /*++
  77. Routine Description
  78. Frees memory allocated for the dynamic group array.
  79. Arguments
  80. pSidAttrArray - array to free.
  81. Return Value
  82. None.
  83. --*/
  84. {
  85. if (pSidAttrArray) free(pSidAttrArray);
  86. }