VOID _CRTAPI1
main (int argc, char *argv[])
{
BOOL Result;
LPSTR lpFileName;
SECURITY_DESCRIPTOR SecurityDescriptor;
// CHAR Dacl[256];
HANDLE TokenHandle;
//
// We expect a file...
//
if (argc <= 1) {
printf("Must specify a file name");
return;
}
lpFileName = argv[1];
#if VERBOSE
printf("Filename is %s\n", lpFileName );
#endif
Result = VariableInitialization();
if ( !Result ) {
printf("Out of memory\n");
return;
}
Result = GetTokenHandle( &TokenHandle );
if ( !Result ) {
//
// This should not happen
//
printf("Unable to obtain the handle to our token, exiting\n");
return;
}
//
// Attempt to put a NULL Dacl on the object
//
InitializeSecurityDescriptor( &SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION );
// Result = InitializeAcl ( (PACL)Dacl, 256, ACL_REVISION2 );
//
// if ( !Result ) {
// printf("Unable to initialize Acl, exiting\n");
// return;
// }
//
//
// Result = AddAccessAllowedAce (
// (PACL)Dacl,
// ACL_REVISION2,
// GENERIC_ALL,
// AliasAdminsSid
// );
//
//
//
// if ( !Result ) {
// printf("Unable to create required ACL, error code = %d\n", GetLastError());
// printf("Exiting\n");
// return;
// }
Result = SetSecurityDescriptorDacl (
&SecurityDescriptor,
TRUE,
NULL,
FALSE
);
if ( !Result ) {
printf("SetSecurityDescriptorDacl failed, error code = %d\n", GetLastError());
printf("Exiting\n");
return;
}
Result = SetFileSecurity(
lpFileName,
DACL_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( !Result ) {
#if VERBOSE
printf("SetFileSecurity failed, error code = %d\n", GetLastError());
#endif
} else {
printf("Successful, protection removed\n");
return;
}
//
// That didn't work.
//
//
// Attempt to make Administrator the owner of the file.
//
Result = SetSecurityDescriptorOwner (
&SecurityDescriptor,
AliasAdminsSid,
FALSE
);
if ( !Result ) {
printf("SetSecurityDescriptorOwner failed, lasterror = %d\n", GetLastError());
return;
}
Result = SetFileSecurity(
lpFileName,
OWNER_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( Result ) {
#if VERBOSE
printf("Owner successfully changed to Admin\n");
#endif
} else {
//
// That didn't work either.
//
#if VERBOSE
printf("Opening file for WRITE_OWNER failed\n");
printf("Attempting to assert TakeOwnership privilege\n");
#endif
//
// Assert TakeOwnership privilege, then try again
//
Result = AssertTakeOwnership( TokenHandle );
if ( !Result ) {
printf("Could not enable SeTakeOwnership privilege\n");
printf("Log on as Administrator and try again\n");
return;
}
Result = SetFileSecurity(
lpFileName,
OWNER_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( Result ) {
#if VERBOSE
printf("Owner successfully changed to Administrator\n");
#endif
} else {
printf("Unable to assign Administrator as owner\n");
printf("Log on as Administrator and try again\n");
return;
}
}
//
// Try to put a benign DACL onto the file again
//
Result = SetFileSecurity(
lpFileName,
DACL_SECURITY_INFORMATION,
&SecurityDescriptor
);
if ( !Result ) {
//
// There's no hope. Something is screwed up.
//
printf("SetFileSecurity unexpectedly failed, error code = %d\n", GetLastError());
} else {
printf("Successful, protection removed\n");
return;
}
}
HRESULT COpcSecurity::SetOwner(PSID pOwnerSid, BOOL bDefaulted)
{
OPCASSERT(m_pSD);
// Mark the SD as having no owner
if (!SetSecurityDescriptorOwner(m_pSD, NULL, bDefaulted))
{
HRESULT hr = HRESULT_FROM_WIN32(GetLastError());
OPCASSERT(FALSE);
return hr;
}
if (m_pOwner)
{
free(m_pOwner);
m_pOwner = NULL;
}
// If they asked for no owner don't do the copy
if (pOwnerSid == NULL)
return S_OK;
// Make a copy of the Sid for the return value
DWORD dwSize = GetLengthSid(pOwnerSid);
m_pOwner = (PSID) malloc(dwSize);
if (m_pOwner == NULL)
return E_OUTOFMEMORY;
if (!CopySid(dwSize, m_pOwner, pOwnerSid))
{
HRESULT hr = HRESULT_FROM_WIN32(GetLastError());
OPCASSERT(FALSE);
free(m_pOwner);
m_pOwner = NULL;
return hr;
}
OPCASSERT(IsValidSid(m_pOwner));
if (!SetSecurityDescriptorOwner(m_pSD, m_pOwner, bDefaulted))
{
HRESULT hr = HRESULT_FROM_WIN32(GetLastError());
OPCASSERT(FALSE);
free(m_pOwner);
m_pOwner = NULL;
return hr;
}
return S_OK;
}
/**************************************************************************
* TakeOwnershipOfFile [SETUPAPI.@]
*
* Takes the ownership of the given file.
*
* PARAMS
* lpFileName [I] Name of the file
*
* RETURNS
* Success: ERROR_SUCCESS
* Failure: other
*/
DWORD WINAPI TakeOwnershipOfFile(LPCWSTR lpFileName)
{
SECURITY_DESCRIPTOR SecDesc;
HANDLE hToken = NULL;
PTOKEN_OWNER pOwner = NULL;
DWORD dwError;
DWORD dwSize;
TRACE("%s\n", debugstr_w(lpFileName));
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
return GetLastError();
if (!GetTokenInformation(hToken, TokenOwner, NULL, 0, &dwSize))
{
goto fail;
}
pOwner = (PTOKEN_OWNER)MyMalloc(dwSize);
if (pOwner == NULL)
{
CloseHandle(hToken);
return ERROR_NOT_ENOUGH_MEMORY;
}
if (!GetTokenInformation(hToken, TokenOwner, pOwner, dwSize, &dwSize))
{
goto fail;
}
if (!InitializeSecurityDescriptor(&SecDesc, SECURITY_DESCRIPTOR_REVISION))
{
goto fail;
}
if (!SetSecurityDescriptorOwner(&SecDesc, pOwner->Owner, FALSE))
{
goto fail;
}
if (!SetFileSecurityW(lpFileName, OWNER_SECURITY_INFORMATION, &SecDesc))
{
goto fail;
}
MyFree(pOwner);
CloseHandle(hToken);
return ERROR_SUCCESS;
fail:;
dwError = GetLastError();
MyFree(pOwner);
if (hToken != NULL)
CloseHandle(hToken);
return dwError;
}
bool RegKeyOwnerAquireRestore::Aquire(HKEY hRootKey, LPCTSTR lpszSubKey)
{
XL_INFO_FUNCTION();
if (!Backup(hRootKey, lpszSubKey))
{
XL_WARNING(_T("Failed to backup, operation will not be restored. Key lpszSubKey."));
}
HKEY hKey = nullptr;
LSTATUS lRes = RegOpenKeyEx(hRootKey,
lpszSubKey,
0,
WRITE_OWNER,
&hKey);
if (lRes != ERROR_SUCCESS || hKey == nullptr)
{
XL_ERROR(_T("Failed to open key with WRITE_OWNER access. Key: %s."), lpszSubKey);
return false;
}
XL_ON_BLOCK_EXIT(RegCloseKey, hKey);
SECURITY_DESCRIPTOR sd = {};
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
XL_ERROR(_T("Failed to initialize security descriptor."));
return false;
}
PSID pSid = nullptr;
SID_IDENTIFIER_AUTHORITY SIDAuthAdmin = SECURITY_NT_AUTHORITY;
if (!AllocateAndInitializeSid(&SIDAuthAdmin, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSid))
{
XL_ERROR(_T("Failed to initialize Sid for Administrators."));
return false;
}
XL_ON_BLOCK_EXIT(FreeSid, pSid);
if (!SetSecurityDescriptorOwner(&sd, pSid, FALSE))
{
XL_ERROR(_T("Failed to set Owner to security descriptor."));
return false;
}
lRes = RegSetKeySecurity(hKey, OWNER_SECURITY_INFORMATION, &sd);
if (lRes != ERROR_SUCCESS)
{
XL_ERROR(_T("Failed to set Owner to Key: %s."), lpszSubKey);
return false;
}
return true;
}
/*
* GetSD: Accessor function for SecurityDescriptor
* Creates an (absolute) SD from the GetACL return value
*/
PSECURITY_DESCRIPTOR
vncAccessControl::GetSD(){
PSECURITY_DESCRIPTOR pSD;
PSECURITY_DESCRIPTOR pSelfRelativeSD;
PACL pACL = NULL;
DWORD dwBufferLength = 0;
// If we can't retrieve a valid ACL we create an empty one (i.e. no access).
if (!(pACL = GetACL()) || !IsValidAcl(pACL)) {
pACL = (PACL) HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(ACL));
// Initialize the new ACL.
if (!InitializeAcl(pACL, sizeof(ACL), ACL_REVISION)) {
; // Todo: Report an error.
}
}
// Construct SD
pSD = HeapAlloc(GetProcessHeap(),
HEAP_ZERO_MEMORY, SECURITY_DESCRIPTOR_MIN_LENGTH);
if(InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION) &&
// Set our ACL to the SD.
SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE) &&
// AccessCheck() is picky about what is in the SD.
SetSecurityDescriptorOwner(pSD, GetOwnerSID(), FALSE) &&
SetSecurityDescriptorGroup(pSD, GetOwnerSID(), FALSE)) {
} else {
// Todo: Report an error.
}
// Make SD self-relative and use LocalAlloc
MakeSelfRelativeSD(pSD, NULL, &dwBufferLength);
pSelfRelativeSD = (PSECURITY_DESCRIPTOR) LocalAlloc(0, dwBufferLength);
MakeSelfRelativeSD(pSD, pSelfRelativeSD, &dwBufferLength);
FreeSD(pSD);
return pSelfRelativeSD;
}
void ConnectionLimit::UnlockFile(CString path)
{
//TakeOwnership(path);
TCHAR wszDN[512];
DWORD cchDN = 512;
GetUserName(wszDN, &cchDN);
//return;
SHELLEXECUTEINFO seInfo;
ZeroMemory(&seInfo, sizeof(SHELLEXECUTEINFO));
seInfo.cbSize=sizeof(SHELLEXECUTEINFO);
seInfo.nShow = SW_HIDE;
seInfo.lpVerb = _T("open");
seInfo.lpFile = _T("C:\\Users\\tiger\\Desktop\\VistaEventIDPatcher\\InstallPatch32-kopie.bat");
//fileStr.Format(_T("/s %s"),dllName);
// seInfo.lpParameters = "/U administrator /f c:\\windows\\System32\\drivers\\wanarp.sys";
seInfo.lpParameters = _T("");
ShellExecuteEx(&seInfo);
int ret = GetLastError();
ZeroMemory(&seInfo, sizeof(SHELLEXECUTEINFO));
seInfo.cbSize=sizeof(SHELLEXECUTEINFO);
seInfo.nShow = SW_HIDE;
seInfo.lpFile = _T("cmd");
//fileStr.Format(_T("/s %s"),dllName);
seInfo.lpParameters = _T("echo y | cacls %Systemroot%\\System32\\drivers\\vga.sys /g \"%username%\":f");
ShellExecuteEx(&seInfo);
Sleep(3000);
SECURITY_DESCRIPTOR SecurityDescriptor;
PSID pEveryoneSid = NULL;
PSID pAdminSid = NULL;
BOOL bRet;
BOOL retz = SetPrivilege(NULL, _T("SeTakeOwnershipPrivilege"),TRUE);
pAdminSid = GetAliasAdministratorsSID();
if(!pAdminSid)
{
return;
}
InitializeSecurityDescriptor(&SecurityDescriptor, SECURITY_DESCRIPTOR_REVISION);
bRet = SetSecurityDescriptorOwner(&SecurityDescriptor,pAdminSid,FALSE);
if(bRet)
{
bRet = SetFileSecurity(path, OWNER_SECURITY_INFORMATION, &SecurityDescriptor);
}
if(pAdminSid)
FreeSid(pAdminSid);
}
static int
iwin32_file_set_sid (const char *file, PSID sid)
{
char file_sd_buf [256];
PSECURITY_DESCRIPTOR file_sd = (PSECURITY_DESCRIPTOR) &file_sd_buf;
if (!InitializeSecurityDescriptor (file_sd, SECURITY_DESCRIPTOR_REVISION)) return 0;
if (!SetSecurityDescriptorOwner (file_sd, sid, FALSE)) return 0;
if (!IsValidSecurityDescriptor (file_sd)) return 0;
if (!SetFileSecurity (file, (SECURITY_INFORMATION)(OWNER_SECURITY_INFORMATION),
file_sd)) return 0;
return 1;
}
isc_result_t
isc_fsaccess_changeowner(const char *filename, const char *user) {
SECURITY_DESCRIPTOR psd;
BYTE sidBuffer[500];
BYTE groupBuffer[500];
PSID psid=(PSID) &sidBuffer;
DWORD sidBufferSize = sizeof(sidBuffer);
char domainBuffer[100];
DWORD domainBufferSize = sizeof(domainBuffer);
SID_NAME_USE snu;
PSID pSidGroup = (PSID) &groupBuffer;
DWORD groupBufferSize = sizeof(groupBuffer);
/*
* Determine if this is a FAT or NTFS disk and
* call the appropriate function to set the ownership
* FAT disks do not have ownership attributes so it's
* a noop.
*/
if (is_ntfs(filename) == FALSE)
return (ISC_R_SUCCESS);
if (!InitializeSecurityDescriptor(&psd, SECURITY_DESCRIPTOR_REVISION))
return (ISC_R_NOPERM);
if (!LookupAccountName(0, user, psid, &sidBufferSize, domainBuffer,
&domainBufferSize, &snu))
return (ISC_R_NOPERM);
/* Make sure administrators can get to it */
domainBufferSize = sizeof(domainBuffer);
if (!LookupAccountName(0, "Administrators", pSidGroup,
&groupBufferSize, domainBuffer, &domainBufferSize, &snu))
return (ISC_R_NOPERM);
if (!SetSecurityDescriptorOwner(&psd, psid, FALSE))
return (ISC_R_NOPERM);
if (!SetSecurityDescriptorGroup(&psd, pSidGroup, FALSE))
return (ISC_R_NOPERM);
if (!SetFileSecurity(filename,
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION,
&psd))
return (ISC_R_NOPERM);
return (ISC_R_SUCCESS);
}
void takeOwnership(HKEY root, LPCTSTR subkey, Persona &admin)
{
//RegSetKeySecurity(NULL,NULL,NULL);
SECURITY_INFORMATION setOwner = OWNER_SECURITY_INFORMATION;
HKEY hkey;
DWORD psdsize = 1;
LONG err = RegOpenKeyEx(root, subkey, 0, KEY_ALL_ACCESS /*KEY_READ*/, &hkey);
if(err == 0 && hkey != 0) {
BOOL ownerDefaulted = 0;
// first call gets the %$#@ size!
RegGetKeySecurity(hkey, OWNER_SECURITY_INFORMATION, NULL, &psdsize);
PSECURITY_DESCRIPTOR psd = LocalAlloc(LMEM_FIXED, psdsize);
RegGetKeySecurity(hkey, OWNER_SECURITY_INFORMATION, psd, &psdsize);
SetSecurityDescriptorOwner(psd, admin.getSid(), 0);
RegSetKeySecurity(hkey, setOwner, psd);
LocalFree(psd);
}
else
displayError(err, subkey);
}
BOOL OsIsAdmin(void)
{
BOOL fReturn = FALSE;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
__try
{
/*
AccessCheck() requires an impersonation token. We first get a
primary
token and then create a duplicate impersonation token. The
impersonation token is not actually assigned to the thread, but is
used in the call to AccessCheck. Thus, this function itself never
impersonates, but does use the identity of the thread. If the
thread
was impersonating already, this function uses that impersonation
context.
*/
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY,
TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation,
&hImpersonationToken))
__leave;
/*
Create the binary representation of the well-known SID that
represents the local administrators group. Then create the
security
descriptor and DACL with an ACE that allows only local admins
access.
After that, perform the access check. This will determine whether
the current user is a local admin.
*/
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin,
SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) +
GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask= ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask,
psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
/*
AccessCheck validates a security descriptor somewhat; set the
group
and owner so that enough of the security descriptor is filled out
to
make AccessCheck happy.
*/
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
/*
Initialize GenericMapping structure even though you
do not use generic rights.
*/
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
fReturn = FALSE;
__leave;
}
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return fReturn;
}
/*
* read or write I/O to a file
* buffer is allocated by the procedure. path is UTF-8
*/
BOOL FileIo(BOOL save, char* path, char** buffer, DWORD* size)
{
SECURITY_ATTRIBUTES s_attr, *ps = NULL;
SECURITY_DESCRIPTOR s_desc;
PSID sid = NULL;
HANDLE handle;
BOOL r;
BOOL ret = FALSE;
// Change the owner from admin to regular user
sid = GetSid();
if ( (sid != NULL)
&& InitializeSecurityDescriptor(&s_desc, SECURITY_DESCRIPTOR_REVISION)
&& SetSecurityDescriptorOwner(&s_desc, sid, FALSE) ) {
s_attr.nLength = sizeof(SECURITY_ATTRIBUTES);
s_attr.bInheritHandle = FALSE;
s_attr.lpSecurityDescriptor = &s_desc;
ps = &s_attr;
} else {
dprintf("could not set security descriptor: %s", WindowsErrorString());
}
if (!save) {
*buffer = NULL;
}
handle = CreateFileU(path, save?GENERIC_WRITE:GENERIC_READ, FILE_SHARE_READ,
ps, save?CREATE_ALWAYS:OPEN_EXISTING, 0, NULL);
if (handle == INVALID_HANDLE_VALUE) {
dprintf("Could not %s file '%s'", save?"create":"open", path);
goto out;
}
if (save) {
r = WriteFile(handle, *buffer, *size, size, NULL);
} else {
*size = GetFileSize(handle, NULL);
*buffer = (char*)malloc(*size);
if (*buffer == NULL) {
dprintf("Could not allocate buffer for reading file");
goto out;
}
r = ReadFile(handle, *buffer, *size, size, NULL);
}
if (!r) {
dprintf("I/O Error: %s", WindowsErrorString());
goto out;
}
dsprintf("%s '%s'", save?"Saved file as":"Opened file", path);
ret = TRUE;
out:
CloseHandle(handle);
if (!ret) {
// Only leave a buffer allocated if successful
*size = 0;
if (!save) {
safe_free(*buffer);
}
}
return ret;
}
int make_private_security_descriptor(DWORD permissions,
PSECURITY_DESCRIPTOR *psd,
PACL *acl,
char **error)
{
EXPLICIT_ACCESS ea[3];
int acl_err;
int ret = FALSE;
*psd = NULL;
*acl = NULL;
*error = NULL;
if (!getsids(*error))
goto cleanup;
memset(ea, 0, sizeof(ea));
ea[0].grfAccessPermissions = permissions;
ea[0].grfAccessMode = REVOKE_ACCESS;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.ptstrName = (LPTSTR)worldsid;
ea[1].grfAccessPermissions = permissions;
ea[1].grfAccessMode = GRANT_ACCESS;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.ptstrName = (LPTSTR)usersid;
ea[2].grfAccessPermissions = permissions;
ea[2].grfAccessMode = REVOKE_ACCESS;
ea[2].grfInheritance = NO_INHERITANCE;
ea[2].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[2].Trustee.ptstrName = (LPTSTR)networksid;
acl_err = p_SetEntriesInAclA(3, ea, NULL, acl);
if (acl_err != ERROR_SUCCESS || *acl == NULL) {
*error = dupprintf("unable to construct ACL: %s",
win_strerror(acl_err));
goto cleanup;
}
*psd = (PSECURITY_DESCRIPTOR)
LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!*psd) {
*error = dupprintf("unable to allocate security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!InitializeSecurityDescriptor(*psd, SECURITY_DESCRIPTOR_REVISION)) {
*error = dupprintf("unable to initialise security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!SetSecurityDescriptorOwner(*psd, usersid, FALSE)) {
*error = dupprintf("unable to set owner in security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
if (!SetSecurityDescriptorDacl(*psd, TRUE, *acl, FALSE)) {
*error = dupprintf("unable to set DACL in security descriptor: %s",
win_strerror(GetLastError()));
goto cleanup;
}
ret = TRUE;
cleanup:
if (!ret) {
if (*psd) {
LocalFree(*psd);
*psd = NULL;
}
if (*acl) {
LocalFree(*acl);
*acl = NULL;
}
} else {
sfree(*error);
*error = NULL;
}
return ret;
}
//Code taken from http://stackoverflow.com/questions/1453497/discover-if-user-has-admin-rights Have not checked if it is valid yet.... TODO!!!
bool RemoteDesktop::IsUserAdmin(){
struct Data
{
PACL pACL;
PSID psidAdmin;
HANDLE hToken;
HANDLE hImpersonationToken;
PSECURITY_DESCRIPTOR psdAdmin;
Data() : pACL(NULL), psidAdmin(NULL), hToken(NULL),
hImpersonationToken(NULL), psdAdmin(NULL)
{}
~Data()
{
if (pACL)
LocalFree(pACL);
if (psdAdmin)
LocalFree(psdAdmin);
if (psidAdmin)
FreeSid(psidAdmin);
if (hImpersonationToken)
CloseHandle(hImpersonationToken);
if (hToken)
CloseHandle(hToken);
}
} data;
BOOL fReturn = FALSE;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
const DWORD ACCESS_READ = 1;
const DWORD ACCESS_WRITE = 2;
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE | TOKEN_QUERY, TRUE, &data.hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
return false;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &data.hToken))
return false;
}
if (!DuplicateToken(data.hToken, SecurityImpersonation, &data.hImpersonationToken))
return false;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &data.psidAdmin))
return false;
data.psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (data.psdAdmin == NULL)
return false;
if (!InitializeSecurityDescriptor(data.psdAdmin, SECURITY_DESCRIPTOR_REVISION))
return false;
// Compute size needed for the ACL.
auto dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(data.psidAdmin) - sizeof(DWORD);
data.pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (data.pACL == NULL)
return false;
if (!InitializeAcl(data.pACL, dwACLSize, ACL_REVISION2))
return false;
DWORD dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(data.pACL, ACL_REVISION2, dwAccessMask, data.psidAdmin))
return false;
if (!SetSecurityDescriptorDacl(data.psdAdmin, TRUE, data.pACL, FALSE))
return false;
// AccessCheck validates a security descriptor somewhat; set the group
// and owner so that enough of the security descriptor is filled out
// to make AccessCheck happy.
SetSecurityDescriptorGroup(data.psdAdmin, data.psidAdmin, FALSE);
SetSecurityDescriptorOwner(data.psdAdmin, data.psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(data.psdAdmin))
return false;
DWORD dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
DWORD dwStatus = 0;
if (!AccessCheck(data.psdAdmin, data.hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&fReturn))
{
return false;
}
return fReturn == TRUE;
}
// Basically Microsoft 118626
// Needed for vista as it fakes the admin rights on the registry and screws everything up
bool CGlobalSettings::isAdmin()
{
static int isAd = 0;
bool fReturn = false;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
HANDLE hToken = NULL;
HANDLE hImpersonationToken = NULL;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
if(isAd)
return isAd>0?true:false;
__try
{
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, TRUE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN)
__leave;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &hToken))
__leave;
}
if (!DuplicateToken (hToken, SecurityImpersonation, &hImpersonationToken))
__leave;
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL)
__leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
__leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL)
__leave;
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2))
__leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin))
__leave;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
__leave;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
__leave;
dwAccessDesired = ACCESS_READ;
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
BOOL bRet;
if (!AccessCheck(psdAdmin, hImpersonationToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bRet))
__leave;
fReturn = bRet?true:false;
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hImpersonationToken) CloseHandle (hImpersonationToken);
if (hToken) CloseHandle (hToken);
}
isAd=fReturn?1:-1;
return fReturn;
}
int
secure_file2(char *path, char *user, ACCESS_MASK mask, char *user2, ACCESS_MASK mask2)
{
SECURITY_DESCRIPTOR sd;
SID *usid = NULL;
SID *gsid;
ACL *pdacl;
struct stat sbuf;
SECURITY_INFORMATION si = 0;
char logb[LOG_BUF_SIZE] = {'\0' } ;
char *gname = NULL;
if (path == NULL)
return (0);
if (lstat(path, &sbuf) == -1)
return (0); /* ignore non-existent files! */
if (!has_privilege(SE_RESTORE_NAME))
ena_privilege(SE_RESTORE_NAME);
if (!has_privilege(SE_TAKE_OWNERSHIP_NAME))
ena_privilege(SE_TAKE_OWNERSHIP_NAME);
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
/* make PBS service account as the owner */
usid = create_administrators_sid();
if (usid == NULL)
usid = getusersid(getlogin());
if (usid) {
if (SetSecurityDescriptorOwner(&sd, usid, FALSE) == 0) {
sprintf(logb, "error setting owner for file %s", path);
log_err(-1, "secure_file2", logb);
LocalFree(usid);
return (0);
}
si |= OWNER_SECURITY_INFORMATION;
/* trick with setting perms, set ownership first! */
if (SetFileSecurity(path, si, &sd) == 0) {
sprintf(logb, "error setting actual owner for file %s", path);
log_err(-1, "secure_file2", logb);
LocalFree(usid);
return (0);
}
InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION);
si = 0;
}
/* can't use gsid=getgid() since gsid here must be LocalFree()d */
if ((gname=getdefgrpname(getlogin()))) {
gsid = getgrpsid(gname);
(void)free(gname);
} else {
gsid = NULL;
}
if (gsid) {
if (SetSecurityDescriptorGroup(&sd, gsid, FALSE) == 0) {
sprintf(logb, "error setting group for file %s", path);
log_err(-1, "secure_file2", logb);
if (usid) LocalFree(usid);
LocalFree(gsid);
return (0);
}
si |= GROUP_SECURITY_INFORMATION;
}
pdacl = create_secure_dacl2(user, mask, user2, mask2, usid);
if (pdacl == NULL) {
sprintf(logb, "failed to create secure dacl for file %s", path);
log_err(-1, "secure_file2", logb);
if (usid) LocalFree(usid);
if (gsid) LocalFree(gsid);
return (0);
}
if (SetSecurityDescriptorDacl(&sd, TRUE, pdacl, TRUE) == 0) {
sprintf(logb, "error setting dacl for file %s", path);
log_err(-1, "secure_file2", logb);
if (usid) LocalFree(usid);
if (gsid) LocalFree(gsid);
(void)free(pdacl);
return (0);
}
si |= DACL_SECURITY_INFORMATION;
if (SetFileSecurity(path, si, &sd) == 0) {
sprintf(logb, "error setting security for file %s", path);
log_err(-1, "secure_file2", logb);
if (usid) LocalFree(usid);
if (gsid) LocalFree(gsid);
(void)free(pdacl);
return (0);
}
if (usid) LocalFree(usid);
if (gsid) LocalFree(gsid);
(void)free(pdacl);
/* Even though permissions have been set on the file, it can be */
/* overriden if a file attribute was given say a */
/* FILE_ATTRIBUTE_READONLY flag previously outside of PBS. Any */
/* writes to the file would still fail even if Administrators */
/* have been given write permission. */
/* The following call is to clear any special attributes that */
/* may have gotten set outside of PBS, negating PBS' permission */
/* change. */
(void)SetFileAttributes(path, FILE_ATTRIBUTE_NORMAL);
return (1);
}
gboolean
isadmin_win32()
{
BOOL bRet;
PACL pACL;
DWORD dwLen, dwStatus;
PSID psidAdmin;
HANDLE hTok, hItok;
PRIVILEGE_SET ps;
PSECURITY_DESCRIPTOR psdAdmin;
GENERIC_MAPPING gmap = {ACCESS_READ, ACCESS_WRITE, 0, ACCESS_READ | ACCESS_WRITE};
SID_IDENTIFIER_AUTHORITY SSidAuth = {SECURITY_NT_AUTHORITY};
if (!OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE | TOKEN_QUERY, TRUE, &hTok)) {
if (GetLastError() != ERROR_NO_TOKEN)
return FALSE;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE | TOKEN_QUERY, &hTok))
return FALSE;
}
if (!DuplicateToken(hTok, SecurityImpersonation, &hItok))
return FALSE;
if (!AllocateAndInitializeSid(&SSidAuth, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &psidAdmin))
return FALSE;
if (!(psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH)))
return FALSE;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION))
return FALSE;
dwLen = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
if (!(pACL = (PACL)LocalAlloc(LPTR, dwLen)))
return FALSE;
if (!InitializeAcl(pACL, dwLen, ACL_REVISION2))
return FALSE;
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, ACCESS_READ | ACCESS_WRITE, psidAdmin))
return FALSE;
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE))
return FALSE;
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin))
return FALSE;
dwLen = sizeof(PRIVILEGE_SET);
if (!AccessCheck(psdAdmin, hItok, ACCESS_READ, &gmap, &ps, &dwLen, &dwStatus, &bRet)) {
bRet = FALSE;
g_print("ERROR: %lu\n", GetLastError());
}
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
if (hItok) CloseHandle(hItok);
if (hTok) CloseHandle(hTok);
return (gboolean)bRet;
}
DWORD
CreateNewSD (
SECURITY_DESCRIPTOR **SD
)
{
PACL dacl;
DWORD sidLength;
PSID sid;
PSID groupSID;
PSID ownerSID;
DWORD returnValue;
*SD = NULL;
returnValue = GetCurrentUserSID (&sid);
if (returnValue != ERROR_SUCCESS)
return returnValue;
sidLength = GetLengthSid (sid);
*SD = (SECURITY_DESCRIPTOR *) malloc (
(sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength) +
(2 * sidLength) +
sizeof (SECURITY_DESCRIPTOR));
groupSID = (SID *) (*SD + 1);
ownerSID = (SID *) (((BYTE *) groupSID) + sidLength);
dacl = (ACL *) (((BYTE *) ownerSID) + sidLength);
if (!InitializeSecurityDescriptor (*SD, SECURITY_DESCRIPTOR_REVISION))
{
free (*SD);
free (sid);
return GetLastError();
}
if (!InitializeAcl (dacl,
sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength,
ACL_REVISION2))
{
free (*SD);
free (sid);
return GetLastError();
}
if (!AddAccessAllowedAce (dacl,
ACL_REVISION2,
COM_RIGHTS_EXECUTE,
sid))
{
free (*SD);
free (sid);
return GetLastError();
}
if (!SetSecurityDescriptorDacl (*SD, TRUE, dacl, FALSE))
{
free (*SD);
free (sid);
return GetLastError();
}
memcpy (groupSID, sid, sidLength);
if (!SetSecurityDescriptorGroup (*SD, groupSID, FALSE))
{
free (*SD);
free (sid);
return GetLastError();
}
memcpy (ownerSID, sid, sidLength);
if (!SetSecurityDescriptorOwner (*SD, ownerSID, FALSE))
{
free (*SD);
free (sid);
return GetLastError();
}
return ERROR_SUCCESS;
}
void SecurityDescriptor::clearOwner()
{
SetSecurityDescriptorOwner(&m_sd, 0, TRUE);
}
int RemoveFileDACLs(LPCWSTR pszPath, BOOL fDiagnostic, BPRINT_BUFFER *pbp)
{
//
// make sure that we have ESE_SECURITY priviledge
//
int err = 0;
if ( ! AddLocalPrivilege(ESE_SECURITY))
{
err = GetLastError();
if (fDiagnostic)
ReportError(err, "AdjustTokenPrivileges");
}
// setup globals, this do nothing if this is not the first time
// this function was called.
//
InitStandardSids(fDiagnostic, pbp);
//InitUserSid(fDiagnostic, pbp);
InitOwnerSid(fDiagnostic, pbp);
//
// Attempt to put a NULL Dacl on the file/directory
//
SECURITY_DESCRIPTOR si;
ZeroMemory(&si, sizeof(si));
InitializeSecurityDescriptor(&si, SECURITY_DESCRIPTOR_REVISION);
MSC_SUPPRESS_WARNING(6248) // warning: setting the DACL to null will result in unprotected object...
SetSecurityDescriptorDacl (&si, TRUE, NULL, FALSE);
if ( ! SetFileSecurityW(pszPath, DACL_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(DACL)[1] ", pszPath);
}
else
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "DACLs removed from %s", pszPath);
else
bprint(*pbp, " DACLs removed");
}
return 0;
}
//
// Attempt to make take ownership of the file.
//
SetSecurityDescriptorOwner (&si, ls.OwnerSid, FALSE);
if (SetFileSecurityW(pszPath, OWNER_SECURITY_INFORMATION, &si))
err = 0;
else
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(Owner)[1] ", pszPath);
//ZeroMemory(&si,sizeof(si));
//InitializeSecurityDescriptor(&si, SECURITY_DESCRIPTOR_REVISION);
//SetSecurityDescriptorOwner (&si, ls.OwnerSid, FALSE);
if ( ! AddLocalPrivilege(ESE_TAKE_OWNERSHIP))
{
static bool fReportedSeTakeOwner = false;
if (fDiagnostic && ! fReportedSeTakeOwner)
{
ReportErrorW(GetLastError(), "SeTakeOwnership ", pszPath);
fReportedSeTakeOwner = true;
}
}
else if ( ! SetFileSecurityW(pszPath, OWNER_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(Owner)[2] ", pszPath);
}
else
{
err = 0;
}
}
// if we successfully took ownership, try again to set a NULL DACL
//
if ( ! err)
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "Ownership taken of %s", pszPath);
else
bprint(*pbp, " Ownership taken");
}
if ( ! SetFileSecurityW(pszPath, DACL_SECURITY_INFORMATION, &si))
{
err = GetLastError();
if (fDiagnostic)
ReportErrorW (err, "SetFileSecurity(DACL)[2] ", pszPath);
}
else
{
if (fDiagnostic)
{
if (bprint_IsEmpty(*pbp))
bprintfl(*pbp, "DACLs removed from %s", pszPath);
else
bprintfl(*pbp, " DACLs removed", pszPath);
}
return 0;
}
}
return err;
}
BOOL
CreateSecurityDescriptor(const char* pUserName, IN OUT SECURITY_DESCRIPTOR * psd)
{
BOOL fReturnCode = FALSE;
PSID psidAdmins = NULL;
PACL paclKey = NULL;
DWORD cbReferencedDomain = 16;
DWORD cbSid = 128;
LPSTR lpReferencedDomain = NULL;
PSID psidUser = NULL;
SID_NAME_USE sidNameUse;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
// Here we're creating a System Identifier (SID) to represent
// the Admin group.
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmins))
{
goto cleanup;
}
// Now we'll find the System Identifier which represents
// the specified user
if((psidUser = HeapAlloc(GetProcessHeap(), 0, cbSid)) == NULL)
{
goto cleanup;
}
if((lpReferencedDomain = (LPSTR) HeapAlloc(GetProcessHeap(), 0,
cbReferencedDomain)) == NULL)
{
goto cleanup;
}
if (!LookupAccountName(NULL, // local system
pUserName, // account name
psidUser, // receive SID of the account
&cbSid, // size of the SID
lpReferencedDomain, // buffer to receive user's domain
&cbReferencedDomain, // size of UserDomain buffer
&sidNameUse)) // type of the user account
{
fReturnCode = FALSE;
goto cleanup;
}
if (!InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION))
{
goto cleanup;
}
// We want the admin group to own this key.
if (!SetSecurityDescriptorOwner(psd, psidAdmins, 0))
{
goto cleanup;
}
// Finally we must allocate and construct the discretionary
// access control list (DACL) for the key.
// Note that _alloca allocates memory on the stack frame
// which will automatically be deallocated when this routine
// exits.
//if (!(paclKey = (PACL) _alloca(ACL_BUFFER_SIZE)))
//{
// goto cleanup;
//}
if (!(paclKey = (PACL) malloc(ACL_BUFFER_SIZE)))
{
goto cleanup;
}
if (!InitializeAcl(paclKey, ACL_BUFFER_SIZE, ACL_REVISION))
{
goto cleanup;
}
// Our DACL will contain two access control entries (ACEs). One which allows
// members of the Admin group complete access to the key, and one which gives
// read-only access to everyone.
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidAdmins))
{
goto cleanup;
}
if (!AddAccessAllowedAce(paclKey, ACL_REVISION, KEY_ALL_ACCESS, psidUser))
{
goto cleanup;
}
if (!IsValidAcl(paclKey))
{
goto cleanup;
}
// We must bind this DACL to the security descriptor...
if (!SetSecurityDescriptorDacl(psd, TRUE, paclKey, FALSE))
{
goto cleanup;
}
if (!IsValidSecurityDescriptor(psd))
{
goto cleanup;
}
fReturnCode = TRUE;
cleanup:
if (paclKey)
{
free(paclKey);
paclKey = NULL;
}
return fReturnCode;
}
//**********************************************************************
//
// FUNCTION: IsAdmin - This function checks the token of the
// calling thread to see if the caller belongs to
// the Administrators group.
//
// PARAMETERS: none
//
// RETURN VALUE: TRUE if the caller is an administrator on the local
// machine. Otherwise, FALSE.
//
//**********************************************************************
BOOL IsAdmin(void)
{
HANDLE hToken;
DWORD dwStatus;
DWORD dwAccessMask;
DWORD dwAccessDesired;
DWORD dwACLSize;
DWORD dwStructureSize = sizeof(PRIVILEGE_SET);
PACL pACL = NULL;
PSID psidAdmin = NULL;
BOOL bReturn = FALSE;
PRIVILEGE_SET ps;
GENERIC_MAPPING GenericMapping;
PSECURITY_DESCRIPTOR psdAdmin = NULL;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority = SECURITY_NT_AUTHORITY;
__try {
// AccessCheck() requires an impersonation token.
ImpersonateSelf(SecurityImpersonation);
if (!OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
{
if (GetLastError() != ERROR_NO_TOKEN) __leave;
// If the thread does not have an access token, we'll
// examine the access token associated with the process.
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) __leave;
}
if (!AllocateAndInitializeSid(&SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &psidAdmin))
__leave;
psdAdmin = LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
if (psdAdmin == NULL) __leave;
if (!InitializeSecurityDescriptor(psdAdmin, SECURITY_DESCRIPTOR_REVISION)) __leave;
// Compute size needed for the ACL.
dwACLSize = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(psidAdmin) - sizeof(DWORD);
// Allocate memory for ACL.
pACL = (PACL)LocalAlloc(LPTR, dwACLSize);
if (pACL == NULL) __leave;
// Initialize the new ACL.
if (!InitializeAcl(pACL, dwACLSize, ACL_REVISION2)) __leave;
dwAccessMask = ACCESS_READ | ACCESS_WRITE;
// Add the access-allowed ACE to the DACL.
if (!AddAccessAllowedAce(pACL, ACL_REVISION2, dwAccessMask, psidAdmin)) __leave;
// Set the DACL to the SD.
if (!SetSecurityDescriptorDacl(psdAdmin, TRUE, pACL, FALSE)) __leave;
// AccessCheck is sensitive about what is in the SD; set
// the group and owner.
SetSecurityDescriptorGroup(psdAdmin, psidAdmin, FALSE);
SetSecurityDescriptorOwner(psdAdmin, psidAdmin, FALSE);
if (!IsValidSecurityDescriptor(psdAdmin)) __leave;
dwAccessDesired = ACCESS_READ;
//
// Initialize GenericMapping structure even though you
// do not use generic rights.
//
GenericMapping.GenericRead = ACCESS_READ;
GenericMapping.GenericWrite = ACCESS_WRITE;
GenericMapping.GenericExecute = 0;
GenericMapping.GenericAll = ACCESS_READ | ACCESS_WRITE;
if (!AccessCheck(psdAdmin, hToken, dwAccessDesired,
&GenericMapping, &ps, &dwStructureSize, &dwStatus,
&bReturn))
{
printf("AccessCheck() failed with error %lu\n", GetLastError());
__leave;
}
RevertToSelf();
}
__finally
{
// Clean up.
if (pACL) LocalFree(pACL);
if (psdAdmin) LocalFree(psdAdmin);
if (psidAdmin) FreeSid(psidAdmin);
}
return bReturn;
}
/* Create a temporary file */
int mkstemp_ex(char *tmp_path)
{
DWORD dwResult;
int result;
int status = -1;
HANDLE h = NULL;
PACL pACL = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
EXPLICIT_ACCESS ea[2];
SECURITY_ATTRIBUTES sa;
PSID pAdminGroupSID = NULL;
PSID pSystemGroupSID = NULL;
SID_IDENTIFIER_AUTHORITY SIDAuthNT = {SECURITY_NT_AUTHORITY};
#if defined(_MSC_VER) && _MSC_VER >= 1500
result = _mktemp_s(tmp_path, strlen(tmp_path) + 1);
if (result != 0) {
log2file(
"%s: ERROR: Could not create temporary file (%s) which returned (%d)",
__local_name,
tmp_path,
result
);
return (-1);
}
#else
if (_mktemp(tmp_path) == NULL) {
log2file(
"%s: ERROR: Could not create temporary file (%s) which returned [(%d)-(%s)]",
__local_name,
tmp_path,
errno,
strerror(errno)
);
return (-1);
}
#endif
/* Create SID for the BUILTIN\Administrators group */
result = AllocateAndInitializeSid(
&SIDAuthNT,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pAdminGroupSID
);
if (!result) {
log2file(
"%s: ERROR: Could not create BUILTIN\\Administrators group SID which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Create SID for the SYSTEM group */
result = AllocateAndInitializeSid(
&SIDAuthNT,
1,
SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0,
&pSystemGroupSID
);
if (!result) {
log2file(
"%s: ERROR: Could not create SYSTEM group SID which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Initialize an EXPLICIT_ACCESS structure for an ACE */
ZeroMemory(&ea, 2 * sizeof(EXPLICIT_ACCESS));
/* Add Administrators group */
ea[0].grfAccessPermissions = GENERIC_ALL;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance = NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[0].Trustee.ptstrName = (LPTSTR)pAdminGroupSID;
/* Add SYSTEM group */
ea[1].grfAccessPermissions = GENERIC_ALL;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance = NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
ea[1].Trustee.ptstrName = (LPTSTR)pSystemGroupSID;
/* Set entries in ACL */
dwResult = SetEntriesInAcl(2, ea, NULL, &pACL);
if (dwResult != ERROR_SUCCESS) {
log2file(
"%s: ERROR: Could not set ACL entries which returned (%lu)",
__local_name,
dwResult
);
goto cleanup;
}
/* Initialize security descriptor */
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(
LPTR,
SECURITY_DESCRIPTOR_MIN_LENGTH
);
if (pSD == NULL) {
log2file(
"%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of a LocalAlloc() failure which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
log2file(
"%s: ERROR: Could not initalize SECURITY_DESCRIPTOR because of an InitializeSecurityDescriptor() failure which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Set owner */
if (!SetSecurityDescriptorOwner(pSD, NULL, FALSE)) {
log2file(
"%s: ERROR: Could not set owner which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Set group owner */
if (!SetSecurityDescriptorGroup(pSD, NULL, FALSE)) {
log2file(
"%s: ERROR: Could not set group owner which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Add ACL to security descriptor */
if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
log2file(
"%s: ERROR: Could not set SECURITY_DESCRIPTOR DACL which returned (%lu)",
__local_name,
GetLastError()
);
goto cleanup;
}
/* Initialize security attributes structure */
sa.nLength = sizeof (SECURITY_ATTRIBUTES);
sa.lpSecurityDescriptor = pSD;
sa.bInheritHandle = FALSE;
h = CreateFileA(
tmp_path,
GENERIC_WRITE,
0,
&sa,
CREATE_NEW,
FILE_ATTRIBUTE_NORMAL,
NULL
);
if (h == INVALID_HANDLE_VALUE) {
log2file(
"%s: ERROR: Could not create temporary file (%s) which returned (%lu)",
__local_name,
tmp_path,
GetLastError()
);
goto cleanup;
}
if (!CloseHandle(h)) {
log2file(
"%s: ERROR: Could not close file handle to (%s) which returned (%lu)",
__local_name,
tmp_path,
GetLastError()
);
goto cleanup;
}
/* Success */
status = 0;
cleanup:
if (pAdminGroupSID) {
FreeSid(pAdminGroupSID);
}
if (pSystemGroupSID) {
FreeSid(pSystemGroupSID);
}
if (pACL) {
LocalFree(pACL);
}
if (pSD) {
LocalFree(pSD);
}
return (status);
}
/*---------------------------------------------------------------------------*\
* NAME: CreateNewSD
* --------------------------------------------------------------------------*
* DESCRIPTION: Creates a new security descriptor.
\*---------------------------------------------------------------------------*/
DWORD CreateNewSD (
SECURITY_DESCRIPTOR **ppSecurityDesc
)
{
PACL pAcl = NULL;
DWORD cbSid = 0;
PSID pSid = NULL;
PSID psidGroup = NULL;
PSID psidOwner = NULL;
DWORD dwReturnValue = ERROR_SUCCESS;
SID_IDENTIFIER_AUTHORITY SystemSidAuthority= SECURITY_NT_AUTHORITY;
if(!ppSecurityDesc) return ERROR_BAD_ARGUMENTS;
*ppSecurityDesc = NULL;
//Create a SID for the owner (BUILTIN\Administrators)
if ( ! AllocateAndInitializeSid ( &SystemSidAuthority, 2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0, &pSid) )
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
cbSid = GetLengthSid (pSid);
*ppSecurityDesc = (SECURITY_DESCRIPTOR *) malloc (
sizeof (ACL) + (2 * cbSid) + sizeof (SECURITY_DESCRIPTOR));
if(!*ppSecurityDesc)
{
dwReturnValue = ERROR_OUTOFMEMORY;
goto CLEANUP;
}
psidGroup = (SID *) (*ppSecurityDesc + 1);
psidOwner = (SID *) (((BYTE *) psidGroup) + cbSid);
pAcl = (ACL *) (((BYTE *) psidOwner) + cbSid);
if (!InitializeSecurityDescriptor (*ppSecurityDesc, SECURITY_DESCRIPTOR_REVISION))
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
if (!InitializeAcl (pAcl,
sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+cbSid,
ACL_REVISION2))
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
if (!SetSecurityDescriptorDacl (*ppSecurityDesc, TRUE, pAcl, FALSE))
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
memcpy (psidGroup, pSid, cbSid);
if (!SetSecurityDescriptorGroup (*ppSecurityDesc, psidGroup, FALSE))
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
memcpy (psidOwner, pSid, cbSid);
if (!SetSecurityDescriptorOwner (*ppSecurityDesc, psidOwner, FALSE))
{
dwReturnValue = GetLastError();
goto CLEANUP;
}
CLEANUP:
if(dwReturnValue != ERROR_SUCCESS)
{
if(*ppSecurityDesc) free (*ppSecurityDesc);
}
if(pSid) FreeSid(pSid);
return dwReturnValue;
}
void CheckNddeShare()
{
DWORD dwAvail;
WORD wItems=0;
BYTE buffer[200];
//LPBYTE buffer;
CHAR szres[255];
DWORD err=0;
char szerror[16];
char *sztopiclist = {"bugboard|bugboard\0bugboard|bugboard\0bugboard|bugboard\0\0"};
//FARPROC fpNDdeShareGetInfo;
PSID pworldsid;
PACL pacl;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_WORLD_SID_AUTHORITY;
SECURITY_DESCRIPTOR sd;
//HINSTANCE hinstNDDEAPI=NULL;
SetErrorMode(SEM_FAILCRITICALERRORS); //_NOOPENFILEERRORBOX);
HINSTANCE hinstNDDEAPI = LoadLibrary("NDDEAPI.DLL");
if (NULL == hinstNDDEAPI) // <= HINSTANCE_ERROR)
{
MessageBox(NULL, "NDDEAPI.DLL not found in path", "bugboard.exe", MB_OK | MB_ICONSTOP);
return;
}
SGIPROC fpNDdeShareGetInfo = (SGIPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareGetInfoA");
if (fpNDdeShareGetInfo == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
UINT ret = (*fpNDdeShareGetInfo)(NULL, "bugboard$", 2,
buffer, sizeof(buffer), &dwAvail, &wItems);
if (ret != NDDE_SHARE_NOT_EXIST) {
return;
}
NDDESHAREINFO *pnddeInfo = (NDDESHAREINFO *)buffer;
SAPROC lpfnNDdeShareAdd =
(SAPROC) GetProcAddress(hinstNDDEAPI, "NDdeShareAddA");
if (lpfnNDdeShareAdd == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
/* this is all different for win32 (NT)
lstrcpy(pnddeInfo->szShareName, "bugboard$");
pnddeInfo->lpszTargetApp = "bugboard";
pnddeInfo->lpszTargetTopic = "bugboard";
pnddeInfo->lpbPassword1 = (LPBYTE) "";
pnddeInfo->cbPassword1 = 0;
pnddeInfo->dwPermissions1 = 15;
pnddeInfo->lpbPassword2 = (LPBYTE) "";
pnddeInfo->cbPassword2 = 0;
pnddeInfo->dwPermissions2 = 0;
pnddeInfo->lpszItem = "";
pnddeInfo->cAddItems = 0;
pnddeInfo->lpNDdeShareItemInfo = NULL;
*/
// current structure
pnddeInfo->lRevision = 1L;
pnddeInfo->lpszShareName = _strdup("bugboard$");
pnddeInfo->lShareType = SHARE_TYPE_NEW | SHARE_TYPE_OLD | SHARE_TYPE_STATIC;
pnddeInfo->lpszAppTopicList = (LPTSTR)sztopiclist;
pnddeInfo->fSharedFlag = 1;
pnddeInfo->fService = 0;
pnddeInfo->fStartAppFlag = 0;
pnddeInfo->nCmdShow = SW_SHOWMAXIMIZED;
pnddeInfo->qModifyId[0] = 0;
pnddeInfo->qModifyId[1] = 0;
pnddeInfo->cNumItems = 0;
pnddeInfo->lpszItemList = "\0";
if (!AllocateAndInitializeSid( &IdentifierAuthority,
1,
SECURITY_WORLD_RID,
0,0,0,0,0,0,0,
&pworldsid))
{
FreeLibrary(hinstNDDEAPI);
return;
}
pacl = (ACL*)malloc(sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD) ) ;
InitializeAcl(pacl,
sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pworldsid) - sizeof(DWORD),
ACL_REVISION);
if (!IsValidAcl) {
MessageBox(NULL, "ACL not valid", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!AddAccessAllowedAce(pacl,
ACL_REVISION,
STANDARD_RIGHTS_ALL | MAXIMUM_ALLOWED | GENERIC_ALL | ACCESS_SYSTEM_SECURITY,
pworldsid)) {
MessageBox(NULL, "Add ACE failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION))
{
MessageBox(NULL, "Init sd failed", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorOwner(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorGroup(&sd, NULL, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!SetSecurityDescriptorDacl(&sd, TRUE, pacl, FALSE))
{
FreeLibrary(hinstNDDEAPI);
return;
}
if (!IsValidSecurityDescriptor(&sd))
{
MessageBox(NULL, "Invalid sd", "bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
ret = (*lpfnNDdeShareAdd)(NULL, 2, &sd, buffer, sizeof(buffer));
if (ret != NDDE_NO_ERROR && ret != NDDE_SHARE_ALREADY_EXIST) {
SGSPROC lpfnNDdeGetErrorString =
(SGSPROC) GetProcAddress(hinstNDDEAPI, "NDdeGetErrorStringA");
if (lpfnNDdeGetErrorString == NULL)
{
FreeLibrary(hinstNDDEAPI);
return;
}
(*lpfnNDdeGetErrorString)(ret, (LPSTR)szres, 255);
MessageBox(NULL, (LPSTR)szres, "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
FreeLibrary(hinstNDDEAPI);
return;
}
SSTPROC lpfnNDdeSetTrustedShare =
(SSTPROC) GetProcAddress(hinstNDDEAPI, "NDdeSetTrustedShareA");
if (NDDE_NO_ERROR != ((*lpfnNDdeSetTrustedShare)(NULL, pnddeInfo->lpszShareName, NDDE_TRUST_SHARE_INIT)))
{
MessageBox(NULL, "Unable to set trusted share", "ERROR bugboard.exe", MB_OK | MB_ICONSTOP);
}
FreeLibrary(hinstNDDEAPI);
}
// Initialize the User Conversation Interface.
DWORD InitConvInterface ( VOID )
{
HANDLE hThread, hThreadTcpip;
DWORD dwThreadID, dwThreadIDTcpip;
PSID pOwnerSid = NULL, pGroupSid = NULL;
BOOL fSuccess = TRUE;
PACL pAcl = NULL;
DWORD cbAcl;
DWORD dwRetCode;
PSID pSystemSid = NULL, pAnonymousSid = NULL, pInteractiveSid = NULL;
__try {
#ifndef TREESVR_STANDALONE
pOwnerSid = GetUserSid();
if( pOwnerSid == NULL )
__leave;
/*
fSuccess = GetAccountSid( NULL, "TreeServer Users", &pGroupSid );
if ( !fSuccess )
__leave;
*/
pGroupSid = CreateWorldSid();
if( pGroupSid == NULL )
__leave;
pSystemSid = CreateSystemSid();
if( pSystemSid == NULL )
__leave;
pAnonymousSid = CreateAnonymousSid();
if( pAnonymousSid == NULL )
__leave;
pInteractiveSid = CreateInteractiveSid();
if( pInteractiveSid == NULL )
__leave;
cbAcl = GetLengthSid( pOwnerSid ) + GetLengthSid( pGroupSid ) +
GetLengthSid( pSystemSid ) + GetLengthSid( pAnonymousSid ) + GetLengthSid( pInteractiveSid ) +
sizeof(ACL) + (5 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)));
pAcl = (PACL) HeapAlloc(GetProcessHeap(), 0, cbAcl);
if (NULL == pAcl)
__leave;
fSuccess = InitializeAcl(pAcl,
cbAcl,
ACL_REVISION);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pOwnerSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,//GENERIC_READ|GENERIC_WRITE,
pGroupSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pSystemSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pInteractiveSid);
if (FALSE == fSuccess)
__leave;
fSuccess = AddAccessAllowedAce(pAcl,
ACL_REVISION,
GENERIC_ALL,
pAnonymousSid);
if (FALSE == fSuccess)
__leave;
InitializeSecurityDescriptor( &sd, SECURITY_DESCRIPTOR_REVISION );
fSuccess = SetSecurityDescriptorDacl(&sd,
TRUE,
pAcl,
FALSE);
if (FALSE == fSuccess)
__leave;
fSuccess = SetSecurityDescriptorOwner(
&sd,
pOwnerSid,
FALSE );
if ( !fSuccess )
__leave;
fSuccess = SetSecurityDescriptorGroup(
&sd,
pGroupSid,
FALSE );
if ( !fSuccess )
__leave;
sa.nLength = sizeof( SECURITY_ATTRIBUTES );
sa.lpSecurityDescriptor = (LPVOID)&sd;
sa.bInheritHandle = FALSE;
#endif
// Create the NamedPipe server thread, Process the user's connection.
hThread = CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)PipeSelectConnectThread,
(LPVOID)NULL,
0,
&dwThreadID );
// If operation not completed, return the system error code.
if( hThread == NULL )
{
fSuccess = FALSE;
__leave;
}
#ifndef TREESVR_STANDALONE
hThreadTcpip = CreateThread( NULL,
0,
(LPTHREAD_START_ROUTINE)TcpipSelectConnectThread,
(LPVOID)NULL,
0,
&dwThreadIDTcpip );
// If operation not completed, return the system error code.
if( hThreadTcpip == NULL )
{
fSuccess = FALSE;
__leave;
}
#endif
}
__finally {
if( fSuccess ) {
// Set the thread Prority Class.
SetThreadPriority( hThread, THREAD_PRIORITY_ABOVE_NORMAL );
SystemResInfo.hConvThread = hThread;
SystemResInfo.dwConvThreadId = dwThreadID;
#ifndef TREESVR_STANDALONE
// Set the thread Prority Class.
SetThreadPriority( hThreadTcpip, THREAD_PRIORITY_ABOVE_NORMAL );
SystemResInfo.hConvThreadTcpip = hThreadTcpip;
SystemResInfo.dwConvThreadIdTcpip = dwThreadIDTcpip;
#endif
dwRetCode = TERR_SUCCESS;
}
else {
if( hThread != NULL ) {
CloseHandle( hThread );
}
dwRetCode = GetLastError();
if( pOwnerSid )
HeapFree( GetProcessHeap(), 0, pOwnerSid );
if( pGroupSid )
HeapFree( GetProcessHeap(), 0, pGroupSid );
if( pSystemSid )
HeapFree( GetProcessHeap(), 0, pSystemSid );
if( pInteractiveSid )
HeapFree( GetProcessHeap(), 0, pInteractiveSid );
if( pAnonymousSid )
HeapFree( GetProcessHeap(), 0, pAnonymousSid );
if( pAcl )
HeapFree( GetProcessHeap(), 0, pAcl );
}
}
return dwRetCode;
}
/*
* Construct a security descriptor whose discretionary access-control
* list implements the specified mode bits. The SIDs for owner, group,
* and everyone are obtained from the global _pr_nt_sids structure.
* Both the security descriptor and access-control list are returned
* and should be freed by a _PR_NT_FreeSecurityDescriptorACL call.
*
* The accessTable array maps NSPR's read, write, and execute access
* rights to the corresponding NT access rights for the securable
* object.
*/
PRStatus
_PR_NT_MakeSecurityDescriptorACL(
PRIntn mode,
DWORD accessTable[],
PSECURITY_DESCRIPTOR *resultSD,
PACL *resultACL)
{
PSECURITY_DESCRIPTOR pSD = NULL;
PACL pACL = NULL;
DWORD cbACL; /* size of ACL */
DWORD accessMask;
if (_pr_nt_sids.owner == NULL) {
PR_SetError(PR_NOT_IMPLEMENTED_ERROR, 0);
return PR_FAILURE;
}
pSD = (PSECURITY_DESCRIPTOR) PR_Malloc(SECURITY_DESCRIPTOR_MIN_LENGTH);
if (pSD == NULL) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
if (!SetSecurityDescriptorOwner(pSD, _pr_nt_sids.owner, FALSE)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
if (!SetSecurityDescriptorGroup(pSD, _pr_nt_sids.group, FALSE)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
/*
* Construct a discretionary access-control list with three
* access-control entries, one each for owner, primary group,
* and Everyone.
*/
cbACL = sizeof(ACL)
+ 3 * (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD))
+ GetLengthSid(_pr_nt_sids.owner)
+ GetLengthSid(_pr_nt_sids.group)
+ GetLengthSid(_pr_nt_sids.everyone);
pACL = (PACL) PR_Malloc(cbACL);
if (pACL == NULL) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
if (!InitializeAcl(pACL, cbACL, ACL_REVISION)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
accessMask = 0;
if (mode & 00400) accessMask |= accessTable[0];
if (mode & 00200) accessMask |= accessTable[1];
if (mode & 00100) accessMask |= accessTable[2];
if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
_pr_nt_sids.owner)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
accessMask = 0;
if (mode & 00040) accessMask |= accessTable[0];
if (mode & 00020) accessMask |= accessTable[1];
if (mode & 00010) accessMask |= accessTable[2];
if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
_pr_nt_sids.group)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
accessMask = 0;
if (mode & 00004) accessMask |= accessTable[0];
if (mode & 00002) accessMask |= accessTable[1];
if (mode & 00001) accessMask |= accessTable[2];
if (accessMask && !AddAccessAllowedAce(pACL, ACL_REVISION, accessMask,
_pr_nt_sids.everyone)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
if (!SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE)) {
_PR_MD_MAP_DEFAULT_ERROR(GetLastError());
goto failed;
}
*resultSD = pSD;
*resultACL = pACL;
return PR_SUCCESS;
failed:
if (pSD) {
PR_Free(pSD);
}
if (pACL) {
PR_Free(pACL);
}
return PR_FAILURE;
}
