/****************************************************************************** * MakeSelfRelativeSD [ADVAPI32.@] * * PARAMS * lpabssecdesc [] * lpselfsecdesc [] * lpbuflen [] */ BOOL WINAPI MakeSelfRelativeSD( IN PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, IN PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, IN OUT LPDWORD lpdwBufferLength) { CallWin32ToNt (RtlMakeSelfRelativeSD(pAbsoluteSecurityDescriptor,pSelfRelativeSecurityDescriptor, lpdwBufferLength)); }
/* * @implemented */ NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength) { PISECURITY_DESCRIPTOR Sd = (PISECURITY_DESCRIPTOR)AbsoluteSecurityDescriptor; PAGED_CODE_RTL(); /* Can't already be relative */ if (Sd->Control & SE_SELF_RELATIVE) return STATUS_BAD_DESCRIPTOR_FORMAT; /* Call the other API */ return RtlMakeSelfRelativeSD(AbsoluteSecurityDescriptor, SelfRelativeSecurityDescriptor, BufferLength); }
VOID StripPermissions( WCHAR* KeyName ) { HANDLE keyHandle; unsigned char p[9000]; PSECURITY_DESCRIPTOR psecdesc = (PSECURITY_DESCRIPTOR)p; VOID* selfSecurityDescriptor; ULONG bufferLength = 20; keyHandle = Registry::OpenKey(KeyName, WRITE_DAC); RtlCreateSecurityDescriptor(psecdesc, SECURITY_DESCRIPTOR_REVISION); RtlSetDaclSecurityDescriptor(psecdesc, TRUE, NULL, TRUE); selfSecurityDescriptor = RtlAllocateHeap(PushHeapHandle, 0, 20); RtlMakeSelfRelativeSD(psecdesc, selfSecurityDescriptor, &bufferLength); NtSetSecurityObject(keyHandle, DACL_SECURITY_INFORMATION, selfSecurityDescriptor); NtClose(keyHandle); }
NTSTATUS RtlAbsoluteToSelfRelativeSD( IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN OUT PULONG BufferLength ) /*++ Routine Description: Converts a security descriptor in absolute form to one in self-relative form. Arguments: AbsoluteSecurityDescriptor - Pointer to an absolute format security descriptor. This descriptor will not be modified. SelfRelativeSecurityDescriptor - Pointer to a buffer that will contain the returned self-relative security descriptor. BufferLength - Supplies the length of the buffer. If the supplied buffer is not large enough to hold the self-relative security descriptor, an error will be returned, and this field will return the minimum size required. Return Value: STATUS_BUFFER_TOO_SMALL - The supplied buffer was too small to contain the resultant security descriptor. STATUS_BAD_DESCRIPTOR_FORMAT - The supplied security descriptor was not in absolute form. --*/ { NTSTATUS NtStatus; PISECURITY_DESCRIPTOR IAbsoluteSecurityDescriptor = (PISECURITY_DESCRIPTOR)AbsoluteSecurityDescriptor; RTL_PAGED_CODE(); // // Make sure the passed SD is absolute format, and then call // RtlMakeSelfRelativeSD() to do all the work. // if ( RtlpAreControlBitsSet( IAbsoluteSecurityDescriptor, SE_SELF_RELATIVE) ) { return( STATUS_BAD_DESCRIPTOR_FORMAT ); } NtStatus = RtlMakeSelfRelativeSD( AbsoluteSecurityDescriptor, SelfRelativeSecurityDescriptor, BufferLength ); return( NtStatus ); }