/** * Retrieves the security descriptor of an object. * * \param SecurityDescriptor A variable which receives a pointer to the security descriptor of the * object. The security descriptor must be freed using PhFree() when no longer needed. * \param SecurityInformation The security information to retrieve. * \param Context A pointer to a PH_STD_OBJECT_SECURITY structure describing the object. * * \remarks This function may be used for the \a GetObjectSecurity callback in * PhCreateSecurityPage() or PhEditSecurity(). */ _Callback_ NTSTATUS PhStdGetObjectSecurity( _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _In_opt_ PVOID Context ) { NTSTATUS status; PPH_STD_OBJECT_SECURITY stdObjectSecurity; HANDLE handle; stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context; status = stdObjectSecurity->OpenObject( &handle, PhGetAccessForGetSecurity(SecurityInformation), stdObjectSecurity->Context ); if (!NT_SUCCESS(status)) return status; if (PhEqualStringZ(stdObjectSecurity->ObjectType, L"Service", TRUE)) { status = PhGetSeObjectSecurity(handle, SE_SERVICE, SecurityInformation, SecurityDescriptor); CloseServiceHandle(handle); } else if (PhEqualStringZ(stdObjectSecurity->ObjectType, L"File", TRUE)) { status = PhpGetObjectSecurityWithTimeout(handle, SecurityInformation, SecurityDescriptor); NtClose(handle); } else { status = PhGetObjectSecurity(handle, SecurityInformation, SecurityDescriptor); NtClose(handle); } return status; }
_Callback_ NTSTATUS SxStdGetObjectSecurity( _Out_ PSECURITY_DESCRIPTOR *SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _In_opt_ PVOID Context ) { NTSTATUS status; PPH_STD_OBJECT_SECURITY stdObjectSecurity; HANDLE handle; stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context; if ( PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaAccount", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaPolicy", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaSecret", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"LsaTrusted", TRUE) ) { PSECURITY_DESCRIPTOR securityDescriptor; status = stdObjectSecurity->OpenObject( &handle, PhGetAccessForGetSecurity(SecurityInformation), stdObjectSecurity->Context ); if (!NT_SUCCESS(status)) return status; status = LsaQuerySecurityObject( handle, SecurityInformation, &securityDescriptor ); if (NT_SUCCESS(status)) { *SecurityDescriptor = PhAllocateCopy( securityDescriptor, RtlLengthSecurityDescriptor(securityDescriptor) ); LsaFreeMemory(securityDescriptor); } LsaClose(handle); } else if ( PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamAlias", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamDomain", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamGroup", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamServer", TRUE) || PhEqualStringZ(stdObjectSecurity->ObjectType, L"SamUser", TRUE) ) { PSECURITY_DESCRIPTOR securityDescriptor; status = stdObjectSecurity->OpenObject( &handle, PhGetAccessForGetSecurity(SecurityInformation), stdObjectSecurity->Context ); if (!NT_SUCCESS(status)) return status; status = SamQuerySecurityObject( handle, SecurityInformation, &securityDescriptor ); if (NT_SUCCESS(status)) { *SecurityDescriptor = PhAllocateCopy( securityDescriptor, RtlLengthSecurityDescriptor(securityDescriptor) ); SamFreeMemory(securityDescriptor); } SamCloseHandle(handle); } else { status = PhStdGetObjectSecurity(SecurityDescriptor, SecurityInformation, Context); } return status; }