/** * Modifies the security descriptor of an object. * * \param SecurityDescriptor A security descriptor containing security information to set. * \param SecurityInformation The security information to retrieve. * \param Context A pointer to a PH_STD_OBJECT_SECURITY structure describing the object. * * \remarks This function may be used for the \a SetObjectSecurity callback in * PhCreateSecurityPage() or PhEditSecurity(). */ _Callback_ NTSTATUS PhStdSetObjectSecurity( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ SECURITY_INFORMATION SecurityInformation, _In_opt_ PVOID Context ) { NTSTATUS status; PPH_STD_OBJECT_SECURITY stdObjectSecurity; HANDLE handle; stdObjectSecurity = (PPH_STD_OBJECT_SECURITY)Context; status = stdObjectSecurity->OpenObject( &handle, PhGetAccessForSetSecurity(SecurityInformation), stdObjectSecurity->Context ); if (!NT_SUCCESS(status)) return status; if (PhEqualStringZ(stdObjectSecurity->ObjectType, L"Service", TRUE)) { status = PhSetSeObjectSecurity(handle, SE_SERVICE, SecurityInformation, SecurityDescriptor); CloseServiceHandle(handle); } else { status = PhSetObjectSecurity(handle, SecurityInformation, SecurityDescriptor); NtClose(handle); } return status; }
/** * Sets the access control lists of the current window station * and desktop to allow all access. */ VOID PhSetDesktopWinStaAccess( VOID ) { static SID_IDENTIFIER_AUTHORITY appPackageAuthority = SECURITY_APP_PACKAGE_AUTHORITY; HWINSTA wsHandle; HDESK desktopHandle; ULONG allocationLength; PSECURITY_DESCRIPTOR securityDescriptor; PACL dacl; CHAR allAppPackagesSidBuffer[FIELD_OFFSET(SID, SubAuthority) + sizeof(ULONG) * 2]; PSID allAppPackagesSid; // TODO: Set security on the correct window station and desktop. allAppPackagesSid = (PISID)allAppPackagesSidBuffer; RtlInitializeSid(allAppPackagesSid, &appPackageAuthority, SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT); *RtlSubAuthoritySid(allAppPackagesSid, 0) = SECURITY_APP_PACKAGE_BASE_RID; *RtlSubAuthoritySid(allAppPackagesSid, 1) = SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE; // We create a DACL that allows everyone to access everything. allocationLength = SECURITY_DESCRIPTOR_MIN_LENGTH + (ULONG)sizeof(ACL) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(&PhSeEveryoneSid) + (ULONG)sizeof(ACCESS_ALLOWED_ACE) + RtlLengthSid(allAppPackagesSid); securityDescriptor = PhAllocate(allocationLength); dacl = (PACL)((PCHAR)securityDescriptor + SECURITY_DESCRIPTOR_MIN_LENGTH); RtlCreateSecurityDescriptor(securityDescriptor, SECURITY_DESCRIPTOR_REVISION); RtlCreateAcl(dacl, allocationLength - SECURITY_DESCRIPTOR_MIN_LENGTH, ACL_REVISION); RtlAddAccessAllowedAce(dacl, ACL_REVISION, GENERIC_ALL, &PhSeEveryoneSid); if (WindowsVersion >= WINDOWS_8) { RtlAddAccessAllowedAce(dacl, ACL_REVISION, GENERIC_ALL, allAppPackagesSid); } RtlSetDaclSecurityDescriptor(securityDescriptor, TRUE, dacl, FALSE); if (wsHandle = OpenWindowStation( L"WinSta0", FALSE, WRITE_DAC )) { PhSetObjectSecurity(wsHandle, DACL_SECURITY_INFORMATION, securityDescriptor); CloseWindowStation(wsHandle); } if (desktopHandle = OpenDesktop( L"Default", 0, FALSE, WRITE_DAC | DESKTOP_READOBJECTS | DESKTOP_WRITEOBJECTS )) { PhSetObjectSecurity(desktopHandle, DACL_SECURITY_INFORMATION, securityDescriptor); CloseDesktop(desktopHandle); } PhFree(securityDescriptor); }