static DWORD DeconstructSecurityDescriptor( DWORD dwLength, PSECURITY_DESCRIPTOR_RELATIVE pRelative, PDWORD pdwAllowUserCount, PWSTR** pppwszAllowUsers, PDWORD pdwDenyUserCount, PWSTR** pppwszDenyUsers, PBOOLEAN pbReadOnly ) { NTSTATUS status = STATUS_SUCCESS; DWORD dwError = 0; ULONG ulSize = 0; ULONG ulDaclSize = 0; ULONG ulSaclSize = 0; ULONG ulOwnerSize = 0; ULONG ulGroupSize = 0; PSID pOwner = NULL; PSID pGroup = NULL; PACL pSacl = NULL; PSECURITY_DESCRIPTOR_ABSOLUTE pAbsolute = NULL; PACL pDacl = NULL; ULONG ulIndex = 0; PVOID pAce = NULL; PACCESS_ALLOWED_ACE pAllow = NULL; PACCESS_DENIED_ACE pDeny = NULL; DWORD dwAllowUserCount = 0; PWSTR* ppwszAllowUsers = NULL; DWORD dwDenyUserCount = 0; PWSTR* ppwszDenyUsers = NULL; PSID pSid = NULL; PWSTR pwszUser = NULL; HANDLE hLsa = NULL; ACCESS_MASK leastMask = FILE_ALL_ACCESS; dwError = LsaOpenServer(&hLsa); BAIL_ON_LTNET_ERROR(dwError); status = RtlSelfRelativeToAbsoluteSD( pRelative, pAbsolute, &ulSize, pDacl, &ulDaclSize, pSacl, &ulSaclSize, pOwner, &ulOwnerSize, pGroup, &ulGroupSize); if (status != STATUS_BUFFER_TOO_SMALL) { dwError = LwNtStatusToWin32Error(status); BAIL_ON_LTNET_ERROR(dwError); } dwError = LwNetAllocateMemory(ulSize, OUT_PPVOID(&pAbsolute)); BAIL_ON_LTNET_ERROR(dwError); if (ulDaclSize) { dwError = LwNetAllocateMemory(ulDaclSize, OUT_PPVOID(&pDacl)); BAIL_ON_LTNET_ERROR(dwError); } if (ulSaclSize) { dwError = LwNetAllocateMemory(ulSaclSize, OUT_PPVOID(&pSacl)); BAIL_ON_LTNET_ERROR(dwError); } if (ulOwnerSize) { dwError = LwNetAllocateMemory(ulOwnerSize, OUT_PPVOID(&pOwner)); BAIL_ON_LTNET_ERROR(dwError); } if (ulGroupSize) { dwError = LwNetAllocateMemory(ulGroupSize, OUT_PPVOID(&pGroup)); BAIL_ON_LTNET_ERROR(dwError); } dwError = LwNtStatusToWin32Error( RtlSelfRelativeToAbsoluteSD( pRelative, pAbsolute, &ulSize, pDacl, &ulDaclSize, pSacl, &ulSaclSize, pOwner, &ulOwnerSize, pGroup, &ulGroupSize)); BAIL_ON_LTNET_ERROR(dwError); if (pDacl) { for (ulIndex = 0; ulIndex < RtlGetAclAceCount(pDacl); ulIndex++) { RtlGetAce(pDacl, ulIndex, &pAce); switch(((PACE_HEADER) pAce)->AceType) { case ACCESS_ALLOWED_ACE_TYPE: pAllow = pAce; pSid = (PSID) &pAllow->SidStart; if ((pAllow->Mask & FILE_GENERIC_READ) == FILE_GENERIC_READ) { dwError = MapSidToName(hLsa, pSid, &pwszUser); if (dwError != LW_ERROR_SUCCESS) { dwError = MapBuiltinSidToName(&pwszUser, pSid); } BAIL_ON_LTNET_ERROR(dwError); dwError = LwNetAppendStringArray( &dwAllowUserCount, &ppwszAllowUsers, pwszUser); BAIL_ON_LTNET_ERROR(dwError); pwszUser = NULL; leastMask &= pAllow->Mask; } break; case ACCESS_DENIED_ACE_TYPE: pDeny = pAce; pSid = (PSID) &pDeny->SidStart; if ((pDeny->Mask & FILE_GENERIC_READ) == FILE_GENERIC_READ) { dwError = MapSidToName(hLsa, pSid, &pwszUser); if (dwError != LW_ERROR_SUCCESS) { dwError = MapBuiltinSidToName(&pwszUser, pSid); } BAIL_ON_LTNET_ERROR(dwError); dwError = LwNetAppendStringArray( &dwDenyUserCount, &ppwszDenyUsers, pwszUser); BAIL_ON_LTNET_ERROR(dwError); pwszUser = NULL; } break; default: break; } } } *pppwszAllowUsers = ppwszAllowUsers; *pdwAllowUserCount = dwAllowUserCount; *pppwszDenyUsers = ppwszDenyUsers; *pdwDenyUserCount = dwDenyUserCount; *pbReadOnly = !((leastMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE); cleanup: if (hLsa) { LsaCloseServer(hLsa); } LTNET_SAFE_FREE_MEMORY(pSacl); LTNET_SAFE_FREE_MEMORY(pOwner); LTNET_SAFE_FREE_MEMORY(pGroup); LTNET_SAFE_FREE_MEMORY(pwszUser); LTNET_SAFE_FREE_MEMORY(pDacl); LTNET_SAFE_FREE_MEMORY(pAbsolute); return dwError; error: *pppwszAllowUsers = NULL; *pdwAllowUserCount = 0; *pppwszDenyUsers = NULL; *pdwDenyUserCount = 0; goto cleanup; }
static DWORD ParseShareAddOrSetinfoOptionArgs( IN int argc, IN int indexStart, IN char** argv, IN NET_SHARE_CTRL_CODE dwCtrlCode, IN OUT PNET_SHARE_ADD_OR_SET_INFO_PARAMS pShareAddOrSetParams ) { DWORD dwError = 0; DWORD dwIndex = 0; PWSTR pwszArg = NULL; for (dwIndex = indexStart; dwIndex < argc; dwIndex++) { if (!strcmp(argv[dwIndex], "--allow")) { dwError = LwMbsToWc16s(argv[++dwIndex], &pwszArg); BAIL_ON_LTNET_ERROR(dwError); dwError = LwNetAppendStringArray( &pShareAddOrSetParams->dwAllowUserCount, &pShareAddOrSetParams->ppwszAllowUsers, pwszArg); BAIL_ON_LTNET_ERROR(dwError); pwszArg = NULL; } else if (!strcmp(argv[dwIndex], "--deny")) { dwError = LwMbsToWc16s(argv[++dwIndex], &pwszArg); BAIL_ON_LTNET_ERROR(dwError); dwError = LwNetAppendStringArray( &pShareAddOrSetParams->dwDenyUserCount, &pShareAddOrSetParams->ppwszDenyUsers, pwszArg); BAIL_ON_LTNET_ERROR(dwError); pwszArg = NULL; } else if (!strcmp(argv[dwIndex], "--comment")) { dwError = LwMbsToWc16s(argv[++dwIndex], &pShareAddOrSetParams->pwszComment); BAIL_ON_LTNET_ERROR(dwError); } else if (!strcmp(argv[dwIndex], "--read-only")) { pShareAddOrSetParams->bReadOnly = TRUE; } else if (!strcmp(argv[dwIndex], "--read-write")) { pShareAddOrSetParams->bReadWrite = TRUE; } else if (!strcmp(argv[dwIndex], "--clear-allow") && NET_SHARE_SETINFO == dwCtrlCode) { pShareAddOrSetParams->bClearAllow = TRUE; } else if (!strcmp(argv[dwIndex], "--clear-deny") && NET_SHARE_SETINFO == dwCtrlCode) { pShareAddOrSetParams->bClearDeny = TRUE; } else { dwError = LwMbsToWc16s(argv[dwIndex], &pShareAddOrSetParams->pwszTarget); BAIL_ON_LTNET_ERROR(dwError); break; } } error: LTNET_SAFE_FREE_MEMORY(pwszArg); return dwError; }