/**
* Modifies the security descriptor of an object.
*
* \param SecurityDescriptor A security descriptor containing security information to set.
* \param SecurityInformation The security information to retrieve.
* \param Context A pointer to a PH_STD_OBJECT_SECURITY structure describing the object.
*
* \remarks This function may be used for the \a SetObjectSecurity callback in
* PhCreateSecurityPage() or PhEditSecurity().
*/
_Callback_ NTSTATUS PhStdSetObjectSecurity(
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_In_ SECURITY_INFORMATION SecurityInformation,
_In_opt_ PVOID Context
)
{
NTSTATUS status;
PPH_STD_OBJECT_SECURITY stdObjectSecurity;
HANDLE handle;
stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context;
status = stdObjectSecurity->OpenObject(
&handle,
PhGetAccessForSetSecurity(SecurityInformation),
stdObjectSecurity->Context
);
if (!NT_SUCCESS(status))
return status;
if (PhEqualStringZ(stdObjectSecurity->ObjectType, L"Service", TRUE))
{
status = PhSetSeObjectSecurity(handle, SE_SERVICE, SecurityInformation, SecurityDescriptor);
CloseServiceHandle(handle);
}
else
{
status = PhSetObjectSecurity(handle, SecurityInformation, SecurityDescriptor);
NtClose(handle);
}
return status;
}
/**
* Sets the access control lists of the current window station
* and desktop to allow all access.
*/
VOID PhSetDesktopWinStaAccess(
VOID
)
{
static SID_IDENTIFIER_AUTHORITY appPackageAuthority = SECURITY_APP_PACKAGE_AUTHORITY;
HWINSTA wsHandle;
HDESK desktopHandle;
ULONG allocationLength;
PSECURITY_DESCRIPTOR securityDescriptor;
PACL dacl;
CHAR allAppPackagesSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2];
PSID allAppPackagesSid;
// TODO: Set security on the correct window station and desktop.
allAppPackagesSid = (PISID)allAppPackagesSidBuffer;
RtlInitializeSid(allAppPackagesSid, &appPackageAuthority, SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT);
*RtlSubAuthoritySid(allAppPackagesSid, 0) = SECURITY_APP_PACKAGE_BASE_RID;
*RtlSubAuthoritySid(allAppPackagesSid, 1) = SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE;
// We create a DACL that allows everyone to access everything.
allocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH +
(ULONG)sizeof(ACL) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(&PhSeEveryoneSid) +
(ULONG)sizeof(ACCESS_ALLOWED_ACE) +
RtlLengthSid(allAppPackagesSid);
securityDescriptor = PhAllocate(allocationLength);
dacl = (PACL)((PCHAR)securityDescriptor + SECURITY_DESCRIPTOR_MIN_LENGTH);
RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION);
RtlCreateAcl(dacl, allocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION);
RtlAddAccessAllowedAce(dacl, ACL_REVISION, GENERIC_ALL, &PhSeEveryoneSid);
if (WindowsVersion >= WINDOWS_8)
{
RtlAddAccessAllowedAce(dacl, ACL_REVISION, GENERIC_ALL, allAppPackagesSid);
}
RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE);
if (wsHandle = OpenWindowStation(
L"WinSta0",
FALSE,
WRITE_DAC
))
{
PhSetObjectSecurity(wsHandle, DACL_SECURITY_INFORMATION, securityDescriptor);
CloseWindowStation(wsHandle);
}
if (desktopHandle = OpenDesktop(
L"Default",
0,
FALSE,
WRITE_DAC | DESKTOP_READOBJECTS | DESKTOP_WRITEOBJECTS
))
{
PhSetObjectSecurity(desktopHandle, DACL_SECURITY_INFORMATION, securityDescriptor);
CloseDesktop(desktopHandle);
}
PhFree(securityDescriptor);
}
