mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
998 lines
34 KiB
998 lines
34 KiB
//+-------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1993 - 1995.
|
|
//
|
|
// File: access.hxx
|
|
//
|
|
// Contents: common internal includes for access control API
|
|
//
|
|
// History: 8-94 Created DaveMont
|
|
//
|
|
//--------------------------------------------------------------------
|
|
#ifndef __ACCESS_HXX__
|
|
#define __ACCESS_HXX__
|
|
|
|
extern "C"
|
|
{
|
|
#include <winldap.h>
|
|
}
|
|
|
|
#define NO_ACL_UPGRADE
|
|
|
|
#define PSD_BASE_LENGTH 1024
|
|
|
|
|
|
//
|
|
// BUGBUG - Get these names from the DS or at least internationalize them
|
|
//
|
|
#define ACTRL_DS_USER "User"
|
|
#define ACTRL_DS_GROUP "Group"
|
|
#define ACTRL_DS_DOMAIN "Domain"
|
|
#define ACTRL_DS_COMPUTER "Computer"
|
|
|
|
//
|
|
// This structure is used to keep track of all the changes for an
|
|
// item.
|
|
//
|
|
typedef struct _ACTRL_SD_LIST
|
|
{
|
|
PWSTR pwszProperty;
|
|
PSECURITY_DESCRIPTOR pSD;
|
|
} ACTRL_SD_LIST, *PACTRL_SD_LIST;
|
|
|
|
//
|
|
// This structure is used to read the specified information from the list
|
|
// of properties on the object
|
|
//
|
|
typedef struct _ACTRL_RIGHTS_INFO
|
|
{
|
|
PWSTR pwszProperty;
|
|
SECURITY_INFORMATION SeInfo;
|
|
|
|
} ACTRL_RIGHTS_INFO, *PACTRL_RIGHTS_INFO;
|
|
|
|
|
|
//
|
|
// IsContainer enumerated type, used by aclbuild.hxx (exposed here for cairole\stg)
|
|
//
|
|
|
|
typedef enum _IS_CONTAINER
|
|
{
|
|
ACCESS_TO_UNKNOWN = 0,
|
|
ACCESS_TO_OBJECT,
|
|
ACCESS_TO_CONTAINER
|
|
} IS_CONTAINER, *PIS_CONTAINER;
|
|
|
|
|
|
typedef struct _ACCESS_DS_ACCESS_INFO
|
|
{
|
|
ULONG cItems;
|
|
ULONG iBase;
|
|
} ACCESS_DS_ACCESS_INFO, *PACCESS_DS_ACCESS_INFO;
|
|
|
|
//
|
|
// This structure holds information on directories/registry
|
|
// keys where were not propagated due to the invoker not having
|
|
// list child rights
|
|
//
|
|
typedef struct _ACCESS_PROP_LOG_ENTRY
|
|
{
|
|
ULONG Protected;
|
|
ULONG Error;
|
|
PWSTR pwszPath;
|
|
} ACCESS_PROP_LOG_ENTRY, *PACCESS_PROP_LOG_ENTRY;
|
|
|
|
|
|
//
|
|
// Forward reference
|
|
//
|
|
class CAccessList;
|
|
|
|
//
|
|
// These are the prototypes of the exported functions we need from
|
|
// netapi32.dll and samlib.dll and winspool.drv
|
|
//
|
|
typedef NTSTATUS (*PSAM_CLOSE_HANDLE)( SAM_HANDLE SamHandle );
|
|
|
|
typedef NTSTATUS (*PSAM_OPEN_DOMAIN)( SAM_HANDLE ServerHandle,
|
|
ACCESS_MASK DesiredAccess,
|
|
PSID DomainId,
|
|
PSAM_HANDLE DomainHandle );
|
|
|
|
typedef NTSTATUS (*PSAM_CONNECT)( PUNICODE_STRING ServerName,
|
|
PSAM_HANDLE ServerHandle,
|
|
ACCESS_MASK DesiredAccess,
|
|
POBJECT_ATTRIBUTES ObjectAttributes );
|
|
|
|
|
|
typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_GROUP)( SAM_HANDLE GroupHandle,
|
|
PULONG * MemberIds,
|
|
PULONG * Attributes,
|
|
PULONG MemberCount );
|
|
|
|
typedef NTSTATUS (*PSAM_OPEN_GROUP)( SAM_HANDLE DomainHandle,
|
|
ACCESS_MASK DesiredAccess,
|
|
ULONG GroupId,
|
|
PSAM_HANDLE GroupHandle );
|
|
|
|
typedef NTSTATUS (*PSAM_GET_MEMBERS_IN_ALIAS)( SAM_HANDLE AliasHandle,
|
|
PSID ** MemberIds,
|
|
PULONG MemberCount );
|
|
|
|
|
|
typedef NTSTATUS (*PSAM_OPEN_ALIAS)( SAM_HANDLE DomainHandle,
|
|
ACCESS_MASK DesiredAccess,
|
|
ULONG AliasId,
|
|
PSAM_HANDLE AliasHandle );
|
|
|
|
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_API_BUFFER_FREE)(LPVOID Buffer);
|
|
|
|
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_GET_INFO)(
|
|
LPTSTR servername,
|
|
LPTSTR netname,
|
|
DWORD level,
|
|
LPBYTE *bufptr );
|
|
|
|
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_SHARE_SET_INFO)(
|
|
LPTSTR servername,
|
|
LPTSTR netname,
|
|
DWORD level,
|
|
LPBYTE buf,
|
|
LPDWORD parm_err );
|
|
|
|
typedef NET_API_STATUS (NET_API_FUNCTION *PNET_DFS_GET_INFO)(
|
|
LPWSTR DfsEntryPath,
|
|
LPWSTR ServerName,
|
|
LPWSTR ShareName,
|
|
DWORD Level,
|
|
LPBYTE* Buffer);
|
|
|
|
|
|
typedef NET_API_STATUS (NET_API_FUNCTION *PINET_GET_DC_LIST)(
|
|
LPTSTR ServerName OPTIONAL,
|
|
LPTSTR TrustedDomainName,
|
|
PULONG DCCount,
|
|
PUNICODE_STRING * DCNames );
|
|
|
|
typedef BOOL (WINAPI *POPEN_PRINTER)(
|
|
LPWSTR pPrinterName,
|
|
LPHANDLE phPrinter,
|
|
LPPRINTER_DEFAULTSW pDefault );
|
|
|
|
typedef BOOL (WINAPI *PCLOSE_PRINTER)(
|
|
HANDLE hPrinter );
|
|
|
|
typedef BOOL (WINAPI *PSET_PRINTER)(
|
|
HANDLE hPrinter,
|
|
DWORD Level,
|
|
LPBYTE pPrinter,
|
|
DWORD Command );
|
|
|
|
typedef BOOL (WINAPI *PGET_PRINTER)(
|
|
HANDLE hPrinter,
|
|
DWORD Level,
|
|
LPBYTE pPrinter,
|
|
DWORD cbBuf,
|
|
LPDWORD pcbNeeded );
|
|
|
|
|
|
//
|
|
// Define a table of exported functions from netapi32.dll and samlib.dll that
|
|
// are needed by accctrl. We explicitly load these dynamic libraries when
|
|
// we need them.
|
|
//
|
|
#define LOADED_ALL_FUNCS 0x01
|
|
|
|
typedef struct _DLLFuncsTable
|
|
{
|
|
DWORD dwFlags;
|
|
PSAM_CLOSE_HANDLE PSamCloseHandle;
|
|
PSAM_OPEN_DOMAIN PSamOpenDomain;
|
|
PSAM_CONNECT PSamConnect;
|
|
PSAM_GET_MEMBERS_IN_GROUP PSamGetMembersInGroup;
|
|
PSAM_OPEN_GROUP PSamOpenGroup;
|
|
PSAM_GET_MEMBERS_IN_ALIAS PSamGetMembersInAlias;
|
|
PSAM_OPEN_ALIAS PSamOpenAlias;
|
|
PNET_API_BUFFER_FREE PNetApiBufferFree;
|
|
PNET_SHARE_GET_INFO PNetShareGetInfo;
|
|
PNET_SHARE_SET_INFO PNetShareSetInfo;
|
|
PNET_DFS_GET_INFO PNetDfsGetInfo;
|
|
PINET_GET_DC_LIST PI_NetGetDCList;
|
|
POPEN_PRINTER POpenPrinter;
|
|
PCLOSE_PRINTER PClosePrinter;
|
|
PSET_PRINTER PSetPrinter;
|
|
PGET_PRINTER PGetPrinter;
|
|
} DLLFuncsTable;
|
|
|
|
extern DLLFuncsTable DLLFuncs;
|
|
|
|
|
|
//
|
|
// Security open type (used to help determine permissions to use on open)
|
|
//
|
|
typedef enum _SECURITY_OPEN_TYPE
|
|
{
|
|
READ_ACCESS_RIGHTS = 0,
|
|
WRITE_ACCESS_RIGHTS,
|
|
MODIFY_ACCESS_RIGHTS,
|
|
NO_ACCESS_RIGHTS,
|
|
RESET_ACCESS_RIGHTS
|
|
} SECURITY_OPEN_TYPE, *PSECURITY_OPEN_TYPE;
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: Add2Ptr
|
|
//
|
|
// Synopsis: Add an unscaled increment to a ptr regardless of type.
|
|
//
|
|
// Arguments: [pv] -- Initial ptr.
|
|
// [cb] -- Increment
|
|
//
|
|
// Returns: Incremented ptr.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline
|
|
VOID *Add2Ptr(PVOID pv, ULONG cb)
|
|
{
|
|
return((PBYTE) pv + cb);
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// memory.cxx
|
|
//
|
|
// Memory allocation/free prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
extern "C"
|
|
{
|
|
#define AccAlloc(size) LocalAlloc(LMEM_FIXED | LMEM_ZEROINIT, size)
|
|
#define AccFree LocalFree
|
|
|
|
#if 0
|
|
#define AccAlloc(size) DebugAlloc(size);
|
|
|
|
#ifdef AccFree
|
|
#undef AccFree
|
|
#endif
|
|
#define AccFree(pv) DebugFree(pv);
|
|
#endif
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// aclutil.cxx
|
|
//+-------------------------------------------------------------------------
|
|
DWORD LoadDLLFuncTable();
|
|
|
|
ACCESS_MASK
|
|
AccessMaskForAccessEntry(IN PACTRL_ACCESS_ENTRY pAE,
|
|
IN SE_OBJECT_TYPE ObjType);
|
|
|
|
DWORD
|
|
ConvertStringToSid(IN PWSTR pwszString,
|
|
OUT PSID *ppSid);
|
|
|
|
DWORD GetCurrentToken( OUT HANDLE *pHandle );
|
|
|
|
//
|
|
// REWRITE
|
|
//
|
|
|
|
#if 1
|
|
#include "file.h"
|
|
#include "service.h"
|
|
#include "printer.h"
|
|
#include "registry.h"
|
|
#include "lmsh.h"
|
|
#include "kernel.h"
|
|
#include "window.h"
|
|
#include "ds.h"
|
|
#include "wmiguid.h"
|
|
#endif
|
|
|
|
//+-------------------------------------------------------------------------
|
|
// common.cxx
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
IsContainer(IN HANDLE handle,
|
|
IN SE_OBJECT_TYPE SeObjectType,
|
|
OUT PIS_CONTAINER IsContainer);
|
|
|
|
ACCESS_MASK GetDesiredAccess(IN SECURITY_OPEN_TYPE OpenType,
|
|
IN SECURITY_INFORMATION SecurityInfo);
|
|
|
|
DWORD ParseName(IN LPWSTR ObjectName,
|
|
OUT LPWSTR *MachineName,
|
|
OUT LPWSTR *RemainingName);
|
|
|
|
DWORD GetSecurityDescriptorParts( IN PISECURITY_DESCRIPTOR pSecurityDescriptor,
|
|
IN SECURITY_INFORMATION SecurityInfo,
|
|
OUT PSID *psidOwner,
|
|
OUT PSID *psidGroup,
|
|
OUT PACL *pDacl,
|
|
OUT PACL *pSacl,
|
|
OUT PSECURITY_DESCRIPTOR *pOutSecurityDescriptor);
|
|
|
|
DWORD OpenObject( IN LPWSTR ObjectName,
|
|
IN SE_OBJECT_TYPE SeObjectType,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE handle);
|
|
|
|
DWORD CloseObject(IN HANDLE handle,
|
|
IN SE_OBJECT_TYPE SeObjectType);
|
|
|
|
|
|
DWORD
|
|
AccSetSDOnObject(IN PWSTR pwszObject,
|
|
IN SE_OBJECT_TYPE ObjType,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN ULONG cItems,
|
|
IN PACTRL_SD_LIST pSDList);
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// file.cxx
|
|
//
|
|
// File function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
IsFileContainer(IN HANDLE Handle,
|
|
OUT PBOOL pfIsContainer);
|
|
|
|
DWORD
|
|
IsFilePathLocalOrLM(IN LPWSTR pwszFile);
|
|
|
|
DWORD
|
|
OpenFileObject(IN LPWSTR pObjectName,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE Handle,
|
|
IN BOOL fOpenRoot);
|
|
|
|
#define CloseFileObject(handle) NtClose(handle);
|
|
|
|
DWORD
|
|
ReadFilePropertyRights(IN LPWSTR pwszFile,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
ReadFileRights(IN HANDLE hObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetFileParentRights(IN LPWSTR pwszFile,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
SetFilePropertyRights(IN HANDLE hFile,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
DWORD
|
|
SetAndPropagateFilePropertyRights(IN PWSTR pwszFile,
|
|
IN PWSTR pwszProperty,
|
|
IN CAccessList& RootAccList,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed,
|
|
IN HANDLE hOpenObject OPTIONAL);
|
|
|
|
DWORD
|
|
SetAndPropagateFilePropertyRightsByHandle(IN HANDLE hObject,
|
|
IN PWSTR pwszProperty,
|
|
IN CAccessList& RootAccList,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed);
|
|
|
|
DWORD
|
|
PropagateFileRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN PSECURITY_DESCRIPTOR pOldParentSD,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszFile,
|
|
IN PWSTR pwszProperty,
|
|
IN PULONG pcProcessed,
|
|
IN PULONG pfStopFlag,
|
|
IN ULONG fProtectedFlag,
|
|
IN HANDLE hToken,
|
|
IN OUT CSList& LogList);
|
|
|
|
DWORD
|
|
GetLMDfsPaths(IN PWSTR pwszPath,
|
|
OUT PULONG pcItems,
|
|
OUT PWSTR **pppwszLocalList OPTIONAL );
|
|
|
|
DWORD
|
|
MakeSDSelfRelative(IN PSECURITY_DESCRIPTOR pOldSD,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD,
|
|
OUT PACL *ppDAcl = NULL,
|
|
OUT PACL *ppSAcl = NULL,
|
|
IN BOOL fFreeOldSD = TRUE,
|
|
IN BOOL fRtlAlloc = FALSE);
|
|
|
|
DWORD
|
|
UpdateFileSDByPath(IN PSECURITY_DESCRIPTOR pCurrentSD,
|
|
IN PWSTR pwszPath,
|
|
IN HANDLE hFile,
|
|
IN HANDLE hProcessToken,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN BOOL fIsContainer,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// kernel.cxx
|
|
//
|
|
// Kernel function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
OpenKernelObject(IN LPWSTR pwszObject,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE pHandle,
|
|
OUT PMARTA_KERNEL_TYPE KernelType);
|
|
|
|
#define CloseKernelObject(handle) NtClose(handle);
|
|
|
|
DWORD
|
|
ReadKernelPropertyRights(IN LPWSTR pwszObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetKernelParentRights(IN LPWSTR pwszObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
SetKernelSecurityInfo(IN HANDLE hKernel,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
|
|
DWORD
|
|
GetKernelSecurityInfo(IN HANDLE hObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetKernelSecurityInfo(IN HANDLE hObject,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
OpenWmiGuidObject(IN LPWSTR pwszObject,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE pHandle,
|
|
OUT PMARTA_KERNEL_TYPE KernelType);
|
|
|
|
#define CloseWmiGuidObject(handle) NtClose(handle);
|
|
|
|
DWORD
|
|
ReadWmiGuidPropertyRights(IN LPWSTR pwszObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
SetWmiGuidSecurityInfo(IN HANDLE hKernel,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
|
|
DWORD
|
|
GetWmiGuidSecurityInfo(IN HANDLE hObject,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetWmiGuidSecurityInfo(IN HANDLE hObject,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// service.cxx
|
|
//
|
|
// Service function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
OpenServiceObject(IN LPWSTR pwszService,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT SC_HANDLE * pHandle);
|
|
|
|
#define CloseServiceObject(handle) CloseServiceHandle(handle);
|
|
|
|
DWORD
|
|
ReadServicePropertyRights(IN LPWSTR pwszService,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
ReadServiceRights(IN SC_HANDLE hSvc,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetServiceParentRights(IN LPWSTR pwszService,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
DWORD
|
|
SetServiceSecurityInfo(IN SC_HANDLE hService,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// printer.cxx
|
|
//
|
|
// Printer function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
OpenPrinterObject(IN LPWSTR pwszPrinter,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE pHandle);
|
|
|
|
DWORD
|
|
ClosePrinterObject(IN HANDLE hPrinter);
|
|
|
|
DWORD
|
|
ReadPrinterPropertyRights(IN LPWSTR pwszPrinter,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
ReadPrinterRights(IN HANDLE hPrinter,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetPrinterParentRights(IN LPWSTR pwszPrinter,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
DWORD
|
|
SetPrinterSecurityInfo(IN HANDLE hPrinter,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// registry.cxx
|
|
//
|
|
// Registry function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
OpenRegistryObject(IN LPWSTR pwszRegistry,
|
|
IN ACCESS_MASK AccessMask,
|
|
OUT PHANDLE pHandle);
|
|
|
|
DWORD
|
|
ReadRegistryPropertyRights(IN LPWSTR pwszRegistry,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
ReadRegistryRights(IN HANDLE hRegistry,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetRegistryParentRights(IN LPWSTR pwszRegistry,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
SetRegistrySecurityInfo(IN HANDLE hRegistry,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
DWORD
|
|
ReadRegistrySecurityInfo(IN HANDLE hRegistry,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
SetAndPropagateRegistryPropertyRights(IN PWSTR pwszRegistry,
|
|
IN PWSTR pwszProperty,
|
|
IN CAccessList& RootAccList,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed);
|
|
|
|
DWORD
|
|
SetAndPropagateRegistryPropertyRightsByHandle(IN HKEY hReg,
|
|
IN CAccessList& RootAccList,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed);
|
|
|
|
DWORD
|
|
SetAndPropRegRights(IN HKEY hReg,
|
|
IN PWSTR pwszPath,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN PSECURITY_DESCRIPTOR pSD,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed);
|
|
|
|
|
|
DWORD
|
|
PropagateRegRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN PSECURITY_DESCRIPTOR pOldParentSD,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN HKEY hParent,
|
|
IN PULONG pcProcessed,
|
|
IN PULONG pfStopFlag,
|
|
IN ULONG fProtectedFlag,
|
|
IN HANDLE hProcessToken,
|
|
IN OUT CSList& LogList);
|
|
|
|
DWORD
|
|
UpdateRegistrySD(IN PSECURITY_DESCRIPTOR pCurrentSD,
|
|
IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN BOOL fIsContainer,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD);
|
|
|
|
DWORD
|
|
UpdateRegistrySDByPath(IN PSECURITY_DESCRIPTOR pCurrentSD,
|
|
IN HANDLE hRegistry,
|
|
IN PWSTR pwszPath,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN BOOL fIsContainer,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD);
|
|
|
|
DWORD
|
|
ConvertRegHandleToName(IN HKEY hKey,
|
|
OUT PWSTR *ppwszName);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// window.cxx
|
|
//
|
|
// Window function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
ReadWindowPropertyRights(IN HANDLE hWindow,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// lmshare.cxx
|
|
//
|
|
// Network share function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
ReadSharePropertyRights(IN LPWSTR pwszShare,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetShareParentRights(IN LPWSTR pwszShare,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
DWORD
|
|
SetShareSecurityInfo(IN LPWSTR pwszShare,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD);
|
|
|
|
DWORD
|
|
PingLmShare(IN LPCWSTR pwszShare);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// dsobject.cxx
|
|
//
|
|
// DS Object function prototypes
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
PingDSObj(IN LPCWSTR pwszDSObj);
|
|
|
|
DWORD BindToDSObject(IN LPWSTR pwszServer, OPTIONAL
|
|
IN LPWSTR pwszDSObj,
|
|
OUT PLDAP *ppLDAP);
|
|
|
|
DWORD UnBindFromDSObject(OUT PLDAP *ppLDAP);
|
|
|
|
DWORD
|
|
ReadDSObjPropertyRights(IN LPWSTR pwszDSObj,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
ReadAllDSObjPropertyRights(IN LPWSTR pwszDSObj,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
IN CAccessList& AccessList);
|
|
|
|
DWORD
|
|
GetDSObjParentRights(IN LPWSTR pwszDSObj,
|
|
IN PACTRL_RIGHTS_INFO pRightsList,
|
|
IN ULONG cRights,
|
|
OUT PACL *ppDAcl,
|
|
OUT PACL *ppSAcl,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
DWORD
|
|
SetDSObjSecurityInfo(IN LPWSTR pwszDSObj,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pwszProperty,
|
|
IN PSECURITY_DESCRIPTOR pSD,
|
|
IN ULONG cSDSize,
|
|
IN PULONG pfStopFlag,
|
|
IN PULONG pcProcessed);
|
|
|
|
DWORD
|
|
ReadDSObjSecDesc(IN PLDAP pLDAP,
|
|
IN PWSTR pwszObject,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PSECURITY_DESCRIPTOR *ppSD);
|
|
|
|
DWORD
|
|
Nt4NameToNt5Name(IN PWSTR pwszName,
|
|
IN PWSTR pwszDomain,
|
|
OUT PWSTR *ppwszNt5Name);
|
|
|
|
DWORD
|
|
PropagateDSRightsDeep(IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN PSECURITY_DESCRIPTOR pChildSD,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PWSTR pszDSObject,
|
|
IN PLDAP pLDAP,
|
|
IN PULONG pcProcessed,
|
|
IN PULONG pfStopFlag);
|
|
|
|
DWORD
|
|
StampSD(IN PWSTR pwszObject,
|
|
IN ULONG cSDSize,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
IN PSECURITY_DESCRIPTOR pSD,
|
|
IN PLDAP pLDAP);
|
|
|
|
|
|
|
|
DWORD
|
|
AccDsReadSchemaInfo (IN PLDAP pLDAP,
|
|
OUT PULONG pcClasses,
|
|
OUT PWSTR **pppwszClasses,
|
|
OUT PULONG pcAttributes,
|
|
OUT PWSTR **pppwszAttributes);
|
|
|
|
DWORD
|
|
AccDsReadExtendedRights(IN PLDAP pLDAP,
|
|
OUT PULONG pcItems,
|
|
OUT PWSTR **pppwszNames,
|
|
OUT PWSTR **pppwszGuid);
|
|
|
|
VOID
|
|
AccDsFreeExtendedRights(IN ULONG cItems,
|
|
IN PWSTR *ppwszNames,
|
|
IN PWSTR *ppwszGuids);
|
|
|
|
DWORD
|
|
DspSplitPath(IN PWSTR pwszObjectPath,
|
|
OUT PWSTR *ppwszAllocatedServer,
|
|
OUT PWSTR *ppwszReferencePath);
|
|
|
|
DWORD
|
|
DspBindAndCrackEx( IN PWSTR pwszServer,
|
|
IN PWSTR pwszDSObj,
|
|
IN DWORD OptionalDsGetDcFlags,
|
|
IN DS_NAME_FORMAT formatDesired,
|
|
OUT PDS_NAME_RESULTW *pResults );
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// alsup.cxx
|
|
//
|
|
// Miscellaneous support functions
|
|
//
|
|
//+-------------------------------------------------------------------------
|
|
DWORD
|
|
ConvertToAutoInheritSD(IN PSECURITY_DESCRIPTOR pParentSD,
|
|
IN PSECURITY_DESCRIPTOR pCurrentSD,
|
|
IN BOOL fIsContainer,
|
|
IN PGENERIC_MAPPING pGenericMapping,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD);
|
|
|
|
DWORD
|
|
MakeSDAbsolute(IN PSECURITY_DESCRIPTOR pOriginalSD,
|
|
IN SECURITY_INFORMATION SeInfo,
|
|
OUT PSECURITY_DESCRIPTOR *ppNewSD,
|
|
IN PSID pOwnerToAdd = NULL,
|
|
IN PSID pGroupToAdd = NULL);
|
|
|
|
BOOL
|
|
EqualSecurityDescriptors(IN PSECURITY_DESCRIPTOR pSD1,
|
|
IN PSECURITY_DESCRIPTOR pSD2);
|
|
|
|
DWORD
|
|
InsertPropagationFailureEntry(IN CSList& LogList,
|
|
IN ULONG ErrorCode,
|
|
IN ULONG Protected,
|
|
IN PWSTR pwszPath);
|
|
|
|
|
|
VOID
|
|
FreePropagationFailureListEntry(IN PVOID Entry);
|
|
|
|
DWORD
|
|
WritePropagationFailureList(IN ULONG EventType,
|
|
IN CSList& LogList,
|
|
IN HANDLE hToken);
|
|
//
|
|
// Helper functions and macros
|
|
//
|
|
|
|
|
|
#define ACC_ALLOC_AND_COPY_SID(pInSid, pOutSid, err) \
|
|
pOutSid = (PSID)AccAlloc(RtlLengthSid(pInSid)); \
|
|
if(pOutSid == NULL) \
|
|
{ \
|
|
err = ERROR_NOT_ENOUGH_MEMORY; \
|
|
} \
|
|
else \
|
|
{ \
|
|
RtlCopySid(RtlLengthSid(pInSid), pOutSid, pInSid); \
|
|
}
|
|
|
|
#define ACC_ALLOC_AND_COPY_GUID(pInGuid, pOutGuid, err) \
|
|
pOutGuid = (GUID *)AccAlloc(sizeof(GUID)); \
|
|
if(pOutGuid == NULL) \
|
|
{ \
|
|
err = ERROR_NOT_ENOUGH_MEMORY; \
|
|
} \
|
|
else \
|
|
{ \
|
|
memcpy(pOutGuid, pInGuid, sizeof(GUID)); \
|
|
}
|
|
|
|
#define DACL_PROTECTED(pSD) FLAG_ON(((PISECURITY_DESCRIPTOR)pSD)->Control, SE_DACL_PROTECTED)
|
|
#define SACL_PROTECTED(pSD) FLAG_ON(((PISECURITY_DESCRIPTOR)pSD)->Control, SE_SACL_PROTECTED)
|
|
|
|
#if 0
|
|
#define CHECK_HEAP ASSERT(RtlValidateHeap(RtlProcessHeap(),0,NULL));
|
|
#else
|
|
#define CHECK_HEAP
|
|
#endif
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: AccGetBufferOfSizeW
|
|
//
|
|
// Synopsis: This inline function will copy a string into the provided
|
|
// buffer if it is big enough or allocate a buffer if it is not.
|
|
// Regardless, the pointer will always point to the new copy of
|
|
// the string
|
|
//
|
|
// Arguments: [IN pwszString] -- The string to copy
|
|
// [IN pwszStack] -- The stack based buffer
|
|
// [OUT ppwszPtr] -- The pointer that gets
|
|
// initialized to our stack or
|
|
// allocated buffer
|
|
//
|
|
// Returns: ERROR_SUCCESS -- Success
|
|
// ERROR_NOT_ENOUGH_MEMORY -- A memory allocation failed
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline
|
|
DWORD
|
|
AccGetBufferOfSizeW(PWSTR pwszString,
|
|
PWSTR pwszStack,
|
|
PWSTR *ppwszPtr)
|
|
{
|
|
DWORD dwErr = ERROR_SUCCESS;
|
|
DWORD dwSize = SIZE_PWSTR(pwszString);
|
|
if(dwSize <= sizeof(pwszStack))
|
|
{
|
|
memcpy(pwszStack, pwszString, dwSize);
|
|
*ppwszPtr = pwszStack;
|
|
}
|
|
else
|
|
{
|
|
*ppwszPtr = (PWSTR)AccAlloc(dwSize);
|
|
if(*ppwszPtr == NULL)
|
|
{
|
|
dwErr = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
else
|
|
{
|
|
memcpy(*ppwszPtr, pwszString, dwSize);
|
|
}
|
|
}
|
|
|
|
return(dwErr);
|
|
}
|
|
|
|
//
|
|
// This macro will free any memory allocated by AccGetBufferOfSizeW
|
|
//
|
|
#define AccFreeBufferOfSizeW(stack, ptr) \
|
|
if(ptr != stack) \
|
|
{ \
|
|
AccFree(ptr); \
|
|
}
|
|
|
|
|
|
//
|
|
// This macro determines if a string is a UNC path or not
|
|
//
|
|
#define IS_UNC_PATH(wsz, wl) \
|
|
((wl) > 2 && (wsz)[0] == L'\\' && (wsz)[1] == L'\\')
|
|
|
|
#define IS_FILE_PATH(wsz, wl) \
|
|
((wl) >= 1 && (wsz)[1] == L':')
|
|
#endif // __ACCESSHXX__
|
|
|