/**
* Modifies the security descriptor of an object.
*
* \param SecurityDescriptor A security descriptor containing security information to set.
* \param SecurityInformation The security information to retrieve.
* \param Context A pointer to a PH_STD_OBJECT_SECURITY structure describing the object.
*
* \remarks This function may be used for the \a SetObjectSecurity callback in
* PhCreateSecurityPage() or PhEditSecurity().
*/
_Callback_ NTSTATUS PhStdSetObjectSecurity(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
PPH_STD_OBJECT_SECURITY stdObjectSecurity;
HANDLE handle;
stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context;
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
if (PhEqualStringZ(stdObjectSecurity->ObjectType, L"Service", TRUE))
{
status = PhSetSeObjectSecurity(handle, SE_SERVICE, SecurityInformation, SecurityDescriptor);
CloseServiceHandle(handle);
}
else
{
status = PhSetObjectSecurity(handle, SecurityInformation, SecurityDescriptor);
NtClose(handle);
}
return status;
}
_Callback_ NTSTATUS SxStdSetObjectSecurity(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
PPH_STD_OBJECT_SECURITY stdObjectSecurity;
HANDLE handle;
stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context;
if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaAccount", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaPolicy", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaSecret", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaTrusted", TRUE)
)
{
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = LsaSetSecurityObject(
handle,
SecurityInformation,
SecurityDescriptor
);
LsaClose(handle);
}
else if (
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamAlias", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamDomain", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamGroup", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamServer", TRUE) ||
PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamUser", TRUE)
)
{
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
status = SamSetSecurityObject(
handle,
SecurityInformation,
SecurityDescriptor
);
SamCloseHandle(handle);
}
else
{
status = PhStdSetObjectSecurity(SecurityDescriptor, SecurityInformation, Context);
}
return status;
}