ReactOS 0.4.15-dev-8093-g3285f69
Macros | Functions | Variables
ntmarta.c File Reference
#include "ntmarta.h"
#include <debug.h>
Include dependency graph for ntmarta.c:

Go to the source code of this file.

Macros

#define NDEBUG
 

Functions

VOID WINAPI SetSecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
 
VOID WINAPI QuerySecurityAccessMask (IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
 
static ACCESS_MODE AccpGetAceAccessMode (IN PACE_HEADER AceHeader)
 
static UINT AccpGetAceStructureSize (IN PACE_HEADER AceHeader)
 
static PSID AccpGetAceSid (IN PACE_HEADER AceHeader)
 
static ACCESS_MASK AccpGetAceAccessMask (IN PACE_HEADER AceHeader)
 
static BOOL AccpIsObjectAce (IN PACE_HEADER AceHeader)
 
static DWORD AccpGetTrusteeObjects (IN PTRUSTEE_W Trustee, OUT GUID *pObjectTypeGuid OPTIONAL, OUT GUID *pInheritedObjectTypeGuid OPTIONAL)
 
static DWORD AccpCalcNeededAceSize (IN PSID Sid, IN DWORD ObjectsPresent)
 
static GUIDAccpGetObjectAceObjectType (IN PACE_HEADER AceHeader)
 
static GUIDAccpGetObjectAceInheritedObjectType (IN PACE_HEADER AceHeader)
 
static DWORD AccpOpenLSAPolicyHandle (IN LPWSTR SystemName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE pPolicyHandle)
 
static LPWSTR AccpGetTrusteeName (IN PTRUSTEE_W Trustee)
 
static DWORD AccpLookupCurrentUser (OUT PSID *ppSid)
 
static DWORD AccpLookupSidByName (IN LSA_HANDLE PolicyHandle, IN LPWSTR Name, OUT PSID *pSid)
 
static DWORD AccpGetTrusteeSid (IN PTRUSTEE_W Trustee, IN OUT PLSA_HANDLE pPolicyHandle, OUT PSID *ppSid, OUT BOOL *Allocated)
 
DWORD WINAPI AccRewriteGetHandleRights (HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
DWORD WINAPI AccRewriteSetHandleRights (HANDLE handle, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
static DWORD AccpOpenNamedObject (LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PHANDLE Handle, PHANDLE Handle2, BOOL Write)
 
static VOID AccpCloseObjectHandle (SE_OBJECT_TYPE ObjectType, HANDLE Handle, HANDLE Handle2)
 
DWORD WINAPI AccRewriteGetNamedRights (LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID *ppsidOwner, PSID *ppsidGroup, PACL *ppDacl, PACL *ppSacl, PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
 
DWORD WINAPI AccRewriteSetNamedRights (LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSECURITY_DESCRIPTOR pSecurityDescriptor)
 
DWORD WINAPI AccRewriteSetEntriesInAcl (ULONG cCountOfExplicitEntries, PEXPLICIT_ACCESS_W pListOfExplicitEntries, PACL OldAcl, PACL *NewAcl)
 
DWORD WINAPI AccGetInheritanceSource (LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, BOOL Container, GUID **pObjectClassGuids, DWORD GuidCount, PACL pAcl, PFN_OBJECT_MGR_FUNCTS pfnArray, PGENERIC_MAPPING pGenericMapping, PINHERITED_FROMW pInheritArray)
 
DWORD WINAPI AccFreeIndexArray (PINHERITED_FROMW pInheritArray, USHORT AceCnt, PFN_OBJECT_MGR_FUNCTS pfnArray OPTIONAL)
 
DWORD WINAPI AccRewriteGetExplicitEntriesFromAcl (PACL pacl, PULONG pcCountOfExplicitEntries, PEXPLICIT_ACCESS_W *pListOfExplicitEntries)
 
DWORD WINAPI AccTreeResetNamedSecurityInfo (LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PSID pOwner, PSID pGroup, PACL pDacl, PACL pSacl, BOOL KeepExplicit, FN_PROGRESSW fnProgress, PROG_INVOKE_SETTING ProgressInvokeSetting, PVOID Args)
 
BOOL WINAPI DllMain (IN HINSTANCE hinstDLL, IN DWORD dwReason, IN LPVOID lpvReserved)
 

Variables

HINSTANCE hDllInstance
 

Macro Definition Documentation

◆ NDEBUG

#define NDEBUG

Definition at line 31 of file ntmarta.c.

Function Documentation

◆ AccFreeIndexArray()

DWORD WINAPI AccFreeIndexArray ( PINHERITED_FROMW  pInheritArray,
USHORT  AceCnt,
PFN_OBJECT_MGR_FUNCTS pfnArray  OPTIONAL 
)

Definition at line 1605 of file ntmarta.c.

1608{
1609 PINHERITED_FROMW pLast;
1610
1611 UNREFERENCED_PARAMETER(pfnArray);
1612
1613 pLast = pInheritArray + AceCnt;
1614 while (pInheritArray != pLast)
1615 {
1616 if (pInheritArray->AncestorName != NULL)
1617 {
1618 LocalFree((HLOCAL)pInheritArray->AncestorName);
1619 pInheritArray->AncestorName = NULL;
1620 }
1621
1622 pInheritArray++;
1623 }
1624
1625 return ERROR_SUCCESS;
1626}
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
NULL
#define NULL
Definition: types.h:112
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
UNREFERENCED_PARAMETER
#define UNREFERENCED_PARAMETER(P)
Definition: ntbasedef.h:317

◆ AccGetInheritanceSource()

DWORD WINAPI AccGetInheritanceSource ( LPWSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
BOOL  Container,
GUID **  pObjectClassGuids,
DWORD  GuidCount,
PACL  pAcl,
PFN_OBJECT_MGR_FUNCTS  pfnArray,
PGENERIC_MAPPING  pGenericMapping,
PINHERITED_FROMW  pInheritArray 
)

Definition at line 1583 of file ntmarta.c.

1593{
1594 UNIMPLEMENTED;
1595 return ERROR_CALL_NOT_IMPLEMENTED;
1596}
UNIMPLEMENTED
#define UNIMPLEMENTED
Definition: debug.h:118
ERROR_CALL_NOT_IMPLEMENTED
#define ERROR_CALL_NOT_IMPLEMENTED
Definition: compat.h:102

◆ AccpCalcNeededAceSize()

static DWORD AccpCalcNeededAceSize ( IN PSID  Sid,
IN DWORD  ObjectsPresent 
)
static

Definition at line 271 of file ntmarta.c.

273{
274 DWORD Ret;
275
276 Ret = sizeof(ACE) + GetLengthSid(Sid);
277
278 /* This routine calculates the generic size of the ACE needed.
279 If no objects are present it is assumed that only a standard
280 ACE is to be created. */
281
282 if (ObjectsPresent & ACE_OBJECT_TYPE_PRESENT)
283 Ret += sizeof(GUID);
284 if (ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT)
285 Ret += sizeof(GUID);
286
287 if (ObjectsPresent != 0)
288 Ret += sizeof(DWORD); /* Include the Flags member to make it an object ACE */
289
290 return Ret;
291}
GetLengthSid
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:919
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
ACE
struct _ACE ACE
DWORD
#define DWORD
Definition: nt_native.h:44
ACE_INHERITED_OBJECT_TYPE_PRESENT
#define ACE_INHERITED_OBJECT_TYPE_PRESENT
Definition: setypes.h:806
ACE_OBJECT_TYPE_PRESENT
#define ACE_OBJECT_TYPE_PRESENT
Definition: setypes.h:805

Referenced by AccRewriteSetEntriesInAcl().

◆ AccpCloseObjectHandle()

static VOID AccpCloseObjectHandle ( SE_OBJECT_TYPE  ObjectType,
HANDLE  Handle,
HANDLE  Handle2 
)
static

Definition at line 1186 of file ntmarta.c.

1189{
1190 ASSERT(Handle != NULL);
1191
1192 /* close allocated handles depending on the object type */
1193 switch (ObjectType)
1194 {
1195 case SE_REGISTRY_KEY:
1196 RegCloseKey((HKEY)Handle);
1197 if (Handle2 != NULL)
1198 RegCloseKey((HKEY)Handle2);
1199 break;
1200
1201 case SE_FILE_OBJECT:
1202 NtClose(Handle);
1203 break;
1204
1205 case SE_KERNEL_OBJECT:
1206 case SE_WINDOW_OBJECT:
1207 CloseHandle(Handle);
1208 break;
1209
1210 case SE_SERVICE:
1211 CloseServiceHandle((SC_HANDLE)Handle);
1212 ASSERT(Handle2 != NULL);
1213 CloseServiceHandle((SC_HANDLE)Handle2);
1214 break;
1215
1216 default:
1217 break;
1218 }
1219}
SE_KERNEL_OBJECT
@ SE_KERNEL_OBJECT
Definition: accctrl.h:165
SE_WINDOW_OBJECT
@ SE_WINDOW_OBJECT
Definition: accctrl.h:166
SE_FILE_OBJECT
@ SE_FILE_OBJECT
Definition: accctrl.h:160
SE_SERVICE
@ SE_SERVICE
Definition: accctrl.h:161
SE_REGISTRY_KEY
@ SE_REGISTRY_KEY
Definition: accctrl.h:163
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:49
CloseHandle
#define CloseHandle
Definition: compat.h:739
Handle
ULONG Handle
Definition: gdb_input.c:15
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ObjectType
ObjectType
Definition: metafile.c:81
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
CloseServiceHandle
BOOL WINAPI CloseServiceHandle(SC_HANDLE hSCObject)
Definition: scm.c:580

Referenced by AccRewriteGetNamedRights(), and AccRewriteSetNamedRights().

◆ AccpGetAceAccessMask()

static ACCESS_MASK AccpGetAceAccessMask ( IN PACE_HEADER  AceHeader)
static

Definition at line 196 of file ntmarta.c.

197{
198 return *((PACCESS_MASK)(AceHeader + 1));
199}
PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41

Referenced by AccRewriteGetExplicitEntriesFromAcl().

◆ AccpGetAceAccessMode()

static ACCESS_MODE AccpGetAceAccessMode ( IN PACE_HEADER  AceHeader)
static

Definition at line 73 of file ntmarta.c.

74{
75 ACCESS_MODE Mode = NOT_USED_ACCESS;
76
77 switch (AceHeader->AceType)
78 {
79 case ACCESS_ALLOWED_ACE_TYPE:
80 case ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
81 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
82 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
83 Mode = GRANT_ACCESS;
84 break;
85
86 case ACCESS_DENIED_ACE_TYPE:
87 case ACCESS_DENIED_CALLBACK_ACE_TYPE:
88 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
89 case ACCESS_DENIED_OBJECT_ACE_TYPE:
90 Mode = DENY_ACCESS;
91 break;
92
93 case SYSTEM_AUDIT_ACE_TYPE:
94 case SYSTEM_AUDIT_CALLBACK_ACE_TYPE:
95 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
96 case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
97 if (AceHeader->AceFlags & FAILED_ACCESS_ACE_FLAG)
98 Mode = SET_AUDIT_FAILURE;
99 else if (AceHeader->AceFlags & SUCCESSFUL_ACCESS_ACE_FLAG)
100 Mode = SET_AUDIT_SUCCESS;
101 break;
102 }
103
104 return Mode;
105}
ACCESS_MODE
enum _ACCESS_MODE ACCESS_MODE
SET_AUDIT_FAILURE
@ SET_AUDIT_FAILURE
Definition: accctrl.h:154
NOT_USED_ACCESS
@ NOT_USED_ACCESS
Definition: accctrl.h:148
GRANT_ACCESS
@ GRANT_ACCESS
Definition: accctrl.h:149
DENY_ACCESS
@ DENY_ACCESS
Definition: accctrl.h:151
SET_AUDIT_SUCCESS
@ SET_AUDIT_SUCCESS
Definition: accctrl.h:153
Mode
_In_ ULONG Mode
Definition: hubbusif.h:303
ACCESS_DENIED_CALLBACK_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_ACE_TYPE
Definition: setypes.h:733
ACCESS_DENIED_OBJECT_ACE_TYPE
#define ACCESS_DENIED_OBJECT_ACE_TYPE
Definition: setypes.h:726
SYSTEM_AUDIT_ACE_TYPE
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:734
SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:738
ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
SYSTEM_AUDIT_CALLBACK_ACE_TYPE
#define SYSTEM_AUDIT_CALLBACK_ACE_TYPE
Definition: setypes.h:736
ACCESS_ALLOWED_OBJECT_ACE_TYPE
#define ACCESS_ALLOWED_OBJECT_ACE_TYPE
Definition: setypes.h:725
ACCESS_ALLOWED_CALLBACK_ACE_TYPE
#define ACCESS_ALLOWED_CALLBACK_ACE_TYPE
Definition: setypes.h:732
SYSTEM_AUDIT_OBJECT_ACE_TYPE
#define SYSTEM_AUDIT_OBJECT_ACE_TYPE
Definition: setypes.h:727
ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
#define ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE
Definition: setypes.h:735
FAILED_ACCESS_ACE_FLAG
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
SUCCESSFUL_ACCESS_ACE_FLAG
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753

Referenced by AccRewriteGetExplicitEntriesFromAcl().

◆ AccpGetAceSid()

static PSID AccpGetAceSid ( IN PACE_HEADER  AceHeader)
static

Definition at line 190 of file ntmarta.c.

191{
192 return (PSID)((ULONG_PTR)AceHeader + AccpGetAceStructureSize(AceHeader));
193}
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
AccpGetAceStructureSize
static UINT AccpGetAceStructureSize(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:108
_SID
Definition: ms-dtyp.idl:198

Referenced by AccRewriteGetExplicitEntriesFromAcl(), and AccRewriteSetEntriesInAcl().

◆ AccpGetAceStructureSize()

static UINT AccpGetAceStructureSize ( IN PACE_HEADER  AceHeader)
static

Definition at line 108 of file ntmarta.c.

109{
110 UINT Size = 0;
111
112 switch (AceHeader->AceType)
113 {
114 case ACCESS_ALLOWED_ACE_TYPE:
115 case ACCESS_DENIED_ACE_TYPE:
116 Size = FIELD_OFFSET(ACCESS_ALLOWED_ACE,
117 SidStart);
118 break;
119 case ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
120 case ACCESS_DENIED_CALLBACK_ACE_TYPE:
121 Size = FIELD_OFFSET(ACCESS_ALLOWED_CALLBACK_ACE,
122 SidStart);
123 break;
124 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
125 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
126 {
127 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace = (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader;
128 Size = FIELD_OFFSET(ACCESS_ALLOWED_CALLBACK_OBJECT_ACE,
129 ObjectType);
130 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
131 Size += sizeof(Ace->ObjectType);
132 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
133 Size += sizeof(Ace->InheritedObjectType);
134 break;
135 }
136 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
137 case ACCESS_DENIED_OBJECT_ACE_TYPE:
138 {
139 PACCESS_ALLOWED_OBJECT_ACE Ace = (PACCESS_ALLOWED_OBJECT_ACE)AceHeader;
140 Size = FIELD_OFFSET(ACCESS_ALLOWED_OBJECT_ACE,
141 ObjectType);
142 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
143 Size += sizeof(Ace->ObjectType);
144 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
145 Size += sizeof(Ace->InheritedObjectType);
146 break;
147 }
148
149 case SYSTEM_AUDIT_ACE_TYPE:
150 Size = FIELD_OFFSET(SYSTEM_AUDIT_ACE,
151 SidStart);
152 break;
153 case SYSTEM_AUDIT_CALLBACK_ACE_TYPE:
154 Size = FIELD_OFFSET(SYSTEM_AUDIT_CALLBACK_ACE,
155 SidStart);
156 break;
157 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
158 {
159 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace = (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE)AceHeader;
160 Size = FIELD_OFFSET(SYSTEM_AUDIT_CALLBACK_OBJECT_ACE,
161 ObjectType);
162 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
163 Size += sizeof(Ace->ObjectType);
164 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
165 Size += sizeof(Ace->InheritedObjectType);
166 break;
167 }
168 case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
169 {
170 PSYSTEM_AUDIT_OBJECT_ACE Ace = (PSYSTEM_AUDIT_OBJECT_ACE)AceHeader;
171 Size = FIELD_OFFSET(SYSTEM_AUDIT_OBJECT_ACE,
172 ObjectType);
173 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
174 Size += sizeof(Ace->ObjectType);
175 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
176 Size += sizeof(Ace->InheritedObjectType);
177 break;
178 }
179
180 case SYSTEM_MANDATORY_LABEL_ACE_TYPE:
181 Size = FIELD_OFFSET(SYSTEM_MANDATORY_LABEL_ACE,
182 SidStart);
183 break;
184 }
185
186 return Size;
187}
Ace
@ Ace
Definition: card.h:12
PACCESS_ALLOWED_OBJECT_ACE
struct _ACCESS_ALLOWED_OBJECT_ACE * PACCESS_ALLOWED_OBJECT_ACE
PACCESS_ALLOWED_CALLBACK_OBJECT_ACE
struct _ACCESS_ALLOWED_CALLBACK_OBJECT_ACE * PACCESS_ALLOWED_CALLBACK_OBJECT_ACE
PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE
struct _SYSTEM_AUDIT_CALLBACK_OBJECT_ACE * PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE
UINT
unsigned int UINT
Definition: ndis.h:50
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
_ACCESS_ALLOWED_CALLBACK_ACE
Definition: ms-dtyp.idl:236
_ACCESS_ALLOWED_CALLBACK_OBJECT_ACE
Definition: ms-dtyp.idl:248
_ACCESS_ALLOWED_OBJECT_ACE
Definition: ms-dtyp.idl:221
_SYSTEM_AUDIT_ACE
Definition: ms-dtyp.idl:266
_SYSTEM_AUDIT_CALLBACK_ACE
Definition: ms-dtyp.idl:272
_SYSTEM_AUDIT_CALLBACK_OBJECT_ACE
Definition: ms-dtyp.idl:284
_SYSTEM_MANDATORY_LABEL_ACE
Definition: ms-dtyp.idl:278
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
PSYSTEM_AUDIT_OBJECT_ACE
* PSYSTEM_AUDIT_OBJECT_ACE
Definition: winnt_old.h:2414
SYSTEM_AUDIT_OBJECT_ACE
SYSTEM_AUDIT_OBJECT_ACE
Definition: winnt_old.h:2414
SYSTEM_MANDATORY_LABEL_ACE_TYPE
#define SYSTEM_MANDATORY_LABEL_ACE_TYPE
Definition: setypes.h:741

Referenced by AccpGetAceSid().

◆ AccpGetObjectAceInheritedObjectType()

static GUID * AccpGetObjectAceInheritedObjectType ( IN PACE_HEADER  AceHeader)
static

Definition at line 337 of file ntmarta.c.

338{
339 GUID *ObjectType = NULL;
340
341 switch (AceHeader->AceType)
342 {
343 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
344 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
345 {
346 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace = (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader;
347 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
348 {
349 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
350 ObjectType = &Ace->InheritedObjectType;
351 else
352 ObjectType = &Ace->ObjectType;
353 }
354 break;
355 }
356 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
357 case ACCESS_DENIED_OBJECT_ACE_TYPE:
358 {
359 PACCESS_ALLOWED_OBJECT_ACE Ace = (PACCESS_ALLOWED_OBJECT_ACE)AceHeader;
360 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
361 {
362 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
363 ObjectType = &Ace->InheritedObjectType;
364 else
365 ObjectType = &Ace->ObjectType;
366 }
367 break;
368 }
369
370 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
371 {
372 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace = (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE)AceHeader;
373 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
374 {
375 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
376 ObjectType = &Ace->InheritedObjectType;
377 else
378 ObjectType = &Ace->ObjectType;
379 }
380 break;
381 }
382 case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
383 {
384 PSYSTEM_AUDIT_OBJECT_ACE Ace = (PSYSTEM_AUDIT_OBJECT_ACE)AceHeader;
385 if (Ace->Flags & ACE_INHERITED_OBJECT_TYPE_PRESENT)
386 {
387 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
388 ObjectType = &Ace->InheritedObjectType;
389 else
390 ObjectType = &Ace->ObjectType;
391 }
392 break;
393 }
394 }
395
396 return ObjectType;
397}

Referenced by AccRewriteGetExplicitEntriesFromAcl().

◆ AccpGetObjectAceObjectType()

static GUID * AccpGetObjectAceObjectType ( IN PACE_HEADER  AceHeader)
static

Definition at line 294 of file ntmarta.c.

295{
296 GUID *ObjectType = NULL;
297
298 switch (AceHeader->AceType)
299 {
300 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
301 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
302 {
303 PACCESS_ALLOWED_CALLBACK_OBJECT_ACE Ace = (PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader;
304 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
305 ObjectType = &Ace->ObjectType;
306 break;
307 }
308 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
309 case ACCESS_DENIED_OBJECT_ACE_TYPE:
310 {
311 PACCESS_ALLOWED_OBJECT_ACE Ace = (PACCESS_ALLOWED_OBJECT_ACE)AceHeader;
312 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
313 ObjectType = &Ace->ObjectType;
314 break;
315 }
316
317 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
318 {
319 PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE Ace = (PSYSTEM_AUDIT_CALLBACK_OBJECT_ACE)AceHeader;
320 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
321 ObjectType = &Ace->ObjectType;
322 break;
323 }
324 case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
325 {
326 PSYSTEM_AUDIT_OBJECT_ACE Ace = (PSYSTEM_AUDIT_OBJECT_ACE)AceHeader;
327 if (Ace->Flags & ACE_OBJECT_TYPE_PRESENT)
328 ObjectType = &Ace->ObjectType;
329 break;
330 }
331 }
332
333 return ObjectType;
334}

Referenced by AccRewriteGetExplicitEntriesFromAcl().

◆ AccpGetTrusteeName()

static LPWSTR AccpGetTrusteeName ( IN PTRUSTEE_W  Trustee)
static

Definition at line 438 of file ntmarta.c.

439{
440 switch (Trustee->TrusteeForm)
441 {
442 case TRUSTEE_IS_NAME:
443 return Trustee->ptstrName;
444
445 case TRUSTEE_IS_OBJECTS_AND_NAME:
446 return ((POBJECTS_AND_NAME_W)Trustee->ptstrName)->ptstrName;
447
448 default:
449 return NULL;
450 }
451}
TRUSTEE_IS_NAME
@ TRUSTEE_IS_NAME
Definition: accctrl.h:190
TRUSTEE_IS_OBJECTS_AND_NAME
@ TRUSTEE_IS_OBJECTS_AND_NAME
Definition: accctrl.h:193
_OBJECTS_AND_NAME_W
Definition: accctrl.h:364

Referenced by AccpGetTrusteeSid().

◆ AccpGetTrusteeObjects()

static DWORD AccpGetTrusteeObjects ( IN PTRUSTEE_W  Trustee,
OUT GUID *pObjectTypeGuid  OPTIONAL,
OUT GUID *pInheritedObjectTypeGuid  OPTIONAL 
)
static

Definition at line 226 of file ntmarta.c.

229{
230 DWORD Ret;
231
232 switch (Trustee->TrusteeForm)
233 {
234 case TRUSTEE_IS_OBJECTS_AND_NAME:
235 {
236 POBJECTS_AND_NAME_W pOan = (POBJECTS_AND_NAME_W)Trustee->ptstrName;
237
238 /* pOan->ObjectsPresent should always be 0 here because a previous
239 call to AccpGetTrusteeSid should have rejected these trustees
240 already. */
241 ASSERT(pOan->ObjectsPresent == 0);
242
243 Ret = pOan->ObjectsPresent;
244 break;
245 }
246
247 case TRUSTEE_IS_OBJECTS_AND_SID:
248 {
249 POBJECTS_AND_SID pOas = (POBJECTS_AND_SID)Trustee->ptstrName;
250
251 if (pObjectTypeGuid != NULL && pOas->ObjectsPresent & ACE_OBJECT_TYPE_PRESENT)
252 *pObjectTypeGuid = pOas->ObjectTypeGuid;
253
254 if (pInheritedObjectTypeGuid != NULL && pOas->ObjectsPresent & ACE_INHERITED_OBJECT_TYPE_PRESENT)
255 *pInheritedObjectTypeGuid = pOas->InheritedObjectTypeGuid;
256
257 Ret = pOas->ObjectsPresent;
258 break;
259 }
260
261 default:
262 /* Any other trustee forms have no objects attached... */
263 Ret = 0;
264 break;
265 }
266
267 return Ret;
268}
POBJECTS_AND_SID
struct _OBJECTS_AND_SID * POBJECTS_AND_SID
POBJECTS_AND_NAME_W
struct _OBJECTS_AND_NAME_W * POBJECTS_AND_NAME_W
TRUSTEE_IS_OBJECTS_AND_SID
@ TRUSTEE_IS_OBJECTS_AND_SID
Definition: accctrl.h:192
if
if(dx< 0)
Definition: linetemp.h:194
_OBJECTS_AND_NAME_W::ptstrName
LPWSTR ptstrName
Definition: accctrl.h:369
_OBJECTS_AND_NAME_W::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:365
_OBJECTS_AND_SID
Definition: accctrl.h:347
_OBJECTS_AND_SID::InheritedObjectTypeGuid
GUID InheritedObjectTypeGuid
Definition: accctrl.h:350
_OBJECTS_AND_SID::ObjectTypeGuid
GUID ObjectTypeGuid
Definition: accctrl.h:349
_OBJECTS_AND_SID::ObjectsPresent
DWORD ObjectsPresent
Definition: accctrl.h:348

Referenced by AccRewriteSetEntriesInAcl().

◆ AccpGetTrusteeSid()

static DWORD AccpGetTrusteeSid ( IN PTRUSTEE_W  Trustee,
IN OUT PLSA_HANDLE  pPolicyHandle,
OUT PSID ppSid,
OUT BOOL Allocated 
)
static

Definition at line 565 of file ntmarta.c.

569{
570 DWORD Ret = ERROR_SUCCESS;
571 LPWSTR TrusteeName;
572
573 *ppSid = NULL;
574 *Allocated = FALSE;
575
576 /* Windows ignores this */
577#if 0
578 if (Trustee->pMultipleTrustee || Trustee->MultipleTrusteeOperation != NO_MULTIPLE_TRUSTEE)
579 {
580 /* This is currently not supported */
581 return ERROR_INVALID_PARAMETER;
582 }
583#endif
584
585 switch (Trustee->TrusteeForm)
586 {
587 case TRUSTEE_IS_OBJECTS_AND_NAME:
588 if (((POBJECTS_AND_NAME_W)Trustee->ptstrName)->ObjectsPresent != 0)
589 {
590 /* This is not supported as there is no way to interpret the
591 strings provided, and we need GUIDs for the ACEs... */
592 Ret = ERROR_INVALID_PARAMETER;
593 break;
594 }
595 /* fall through */
596
597 case TRUSTEE_IS_NAME:
598 TrusteeName = AccpGetTrusteeName(Trustee);
599 if (!wcscmp(TrusteeName, L"CURRENT_USER"))
600 {
601 Ret = AccpLookupCurrentUser(ppSid);
602 if (Ret == ERROR_SUCCESS)
603 {
604 ASSERT(*ppSid != NULL);
605 *Allocated = TRUE;
606 }
607 break;
608 }
609
610 if (*pPolicyHandle == NULL)
611 {
612 Ret = AccpOpenLSAPolicyHandle(NULL, /* FIXME - always local? */
613 POLICY_LOOKUP_NAMES,
614 pPolicyHandle);
615 if (Ret != ERROR_SUCCESS)
616 return Ret;
617
618 ASSERT(*pPolicyHandle != NULL);
619 }
620
621 Ret = AccpLookupSidByName(*pPolicyHandle,
622 TrusteeName,
623 ppSid);
624 if (Ret == ERROR_SUCCESS)
625 {
626 ASSERT(*ppSid != NULL);
627 *Allocated = TRUE;
628 }
629 break;
630
631 case TRUSTEE_IS_OBJECTS_AND_SID:
632 *ppSid = ((POBJECTS_AND_SID)Trustee->ptstrName)->pSid;
633 break;
634
635 case TRUSTEE_IS_SID:
636 *ppSid = (PSID)Trustee->ptstrName;
637 break;
638
639 default:
640 Ret = ERROR_INVALID_PARAMETER;
641 break;
642 }
643
644 return Ret;
645}
TRUSTEE_IS_SID
@ TRUSTEE_IS_SID
Definition: accctrl.h:189
NO_MULTIPLE_TRUSTEE
@ NO_MULTIPLE_TRUSTEE
Definition: accctrl.h:198
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
Allocated
IN PFCB IN VBO OUT PLBO OUT PULONG OUT PBOOLEAN Allocated
Definition: fatprocs.h:310
PSID
struct _SID * PSID
Definition: eventlog.c:35
AccpOpenLSAPolicyHandle
static DWORD AccpOpenLSAPolicyHandle(IN LPWSTR SystemName, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE pPolicyHandle)
Definition: ntmarta.c:400
AccpLookupCurrentUser
static DWORD AccpLookupCurrentUser(OUT PSID *ppSid)
Definition: ntmarta.c:454
AccpGetTrusteeName
static LPWSTR AccpGetTrusteeName(IN PTRUSTEE_W Trustee)
Definition: ntmarta.c:438
AccpLookupSidByName
static DWORD AccpLookupSidByName(IN LSA_HANDLE PolicyHandle, IN LPWSTR Name, OUT PSID *pSid)
Definition: ntmarta.c:499
POLICY_LOOKUP_NAMES
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
L
#define L(x)
Definition: ntvdm.h:50
wcscmp
_Check_return_ _CRTIMP int __cdecl wcscmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by AccRewriteSetEntriesInAcl().

◆ AccpIsObjectAce()

static BOOL AccpIsObjectAce ( IN PACE_HEADER  AceHeader)
static

Definition at line 202 of file ntmarta.c.

203{
204 BOOL Ret;
205
206 switch (AceHeader->AceType)
207 {
208 case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
209 case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
210 case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
211 case ACCESS_DENIED_OBJECT_ACE_TYPE:
212 case SYSTEM_AUDIT_CALLBACK_OBJECT_ACE_TYPE:
213 case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
214 Ret = TRUE;
215 break;
216
217 default:
218 Ret = FALSE;
219 break;
220 }
221
222 return Ret;
223}
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

Referenced by AccRewriteGetExplicitEntriesFromAcl().

◆ AccpLookupCurrentUser()

static DWORD AccpLookupCurrentUser ( OUT PSID ppSid)
static

Definition at line 454 of file ntmarta.c.

455{
456 DWORD Ret;
457 CHAR Buffer[sizeof(TOKEN_USER) + sizeof(SID) + sizeof(DWORD)*SID_MAX_SUB_AUTHORITIES];
458 DWORD Length;
459 HANDLE Token;
460 PSID pSid;
461
462 *ppSid = NULL;
463 if (!OpenThreadToken(GetCurrentThread(), TOKEN_READ, TRUE, &Token))
464 {
465 Ret = GetLastError();
466 if (Ret != ERROR_NO_TOKEN)
467 {
468 return Ret;
469 }
470
471 if (!OpenProcessToken(GetCurrentProcess(), TOKEN_READ, &Token))
472 {
473 return GetLastError();
474 }
475 }
476
477 Length = sizeof(Buffer);
478 if (!GetTokenInformation(Token, TokenUser, Buffer, Length, &Length))
479 {
480 Ret = GetLastError();
481 CloseHandle(Token);
482 return Ret;
483 }
484 CloseHandle(Token);
485
486 pSid = ((PTOKEN_USER)Buffer)->User.Sid;
487 Length = GetLengthSid(pSid);
488 *ppSid = LocalAlloc(LMEM_FIXED, Length);
489 if (!*ppSid)
490 {
491 return ERROR_NOT_ENOUGH_MEMORY;
492 }
493 CopyMemory(*ppSid, pSid, Length);
494
495 return ERROR_SUCCESS;
496}
Buffer
Definition: bufpool.h:45
ERROR_NOT_ENOUGH_MEMORY
#define ERROR_NOT_ENOUGH_MEMORY
Definition: dderror.h:7
GetTokenInformation
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
OpenThreadToken
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:336
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
pSid
static PSID pSid
Definition: security.c:74
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
GetLastError
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
GetCurrentThread
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
CopyMemory
#define CopyMemory
Definition: winbase.h:1710
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:368
ERROR_NO_TOKEN
#define ERROR_NO_TOKEN
Definition: winerror.h:587
TOKEN_USER
struct _TOKEN_USER TOKEN_USER
PTOKEN_USER
struct _TOKEN_USER * PTOKEN_USER
TokenUser
@ TokenUser
Definition: setypes.h:966
TOKEN_READ
#define TOKEN_READ
Definition: setypes.h:951
SID_MAX_SUB_AUTHORITIES
#define SID_MAX_SUB_AUTHORITIES
Definition: setypes.h:482
CHAR
char CHAR
Definition: xmlstorage.h:175

Referenced by AccpGetTrusteeSid().

◆ AccpLookupSidByName()

static DWORD AccpLookupSidByName ( IN LSA_HANDLE  PolicyHandle,
IN LPWSTR  Name,
OUT PSID pSid 
)
static

Definition at line 499 of file ntmarta.c.

502{
503 NTSTATUS Status;
504 LSA_UNICODE_STRING LsaNames[1];
505 PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
506 PLSA_TRANSLATED_SID2 TranslatedSid = NULL;
507 DWORD SidLen;
508 SIZE_T NameLength;
509 DWORD Ret = ERROR_SUCCESS;
510
511 NameLength = wcslen(Name);
512 if (NameLength > UNICODE_STRING_MAX_CHARS)
513 {
514 return ERROR_INVALID_PARAMETER;
515 }
516
517 LsaNames[0].Buffer = Name;
518 LsaNames[0].Length = (USHORT)NameLength * sizeof(WCHAR);
519 LsaNames[0].MaximumLength = LsaNames[0].Length + sizeof(WCHAR);
520
521 Status = LsaLookupNames2(PolicyHandle,
522 0,
523 sizeof(LsaNames) / sizeof(LsaNames[0]),
524 LsaNames,
525 &ReferencedDomains,
526 &TranslatedSid);
527
528 if (!NT_SUCCESS(Status))
529 return LsaNtStatusToWinError(Status);
530
531 if (TranslatedSid->Use == SidTypeUnknown || TranslatedSid->Use == SidTypeInvalid)
532 {
533 Ret = LsaNtStatusToWinError(STATUS_NONE_MAPPED); /* FIXME- what error code? */
534 goto Cleanup;
535 }
536
537 SidLen = GetLengthSid(TranslatedSid->Sid);
538 ASSERT(SidLen != 0);
539
540 *pSid = LocalAlloc(LMEM_FIXED, (SIZE_T)SidLen);
541 if (*pSid != NULL)
542 {
543 if (!CopySid(SidLen,
544 *pSid,
545 TranslatedSid->Sid))
546 {
547 Ret = GetLastError();
548
549 LocalFree((HLOCAL)*pSid);
550 *pSid = NULL;
551 }
552 }
553 else
554 Ret = ERROR_NOT_ENOUGH_MEMORY;
555
556Cleanup:
557 LsaFreeMemory(ReferencedDomains);
558 LsaFreeMemory(TranslatedSid);
559
560 return Ret;
561}
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LsaNtStatusToWinError
ULONG WINAPI LsaNtStatusToWinError(IN NTSTATUS Status)
Definition: lsa.c:1131
LsaLookupNames2
NTSTATUS WINAPI LsaLookupNames2(IN LSA_HANDLE PolicyHandle, IN ULONG Flags, IN ULONG Count, IN PLSA_UNICODE_STRING Names, OUT PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, OUT PLSA_TRANSLATED_SID2 *Sids)
Definition: lsa.c:906
LsaFreeMemory
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
CopySid
BOOL WINAPI CopySid(DWORD nDestinationSidLength, PSID pDestinationSid, PSID pSourceSid)
Definition: security.c:712
Cleanup
static const WCHAR Cleanup[]
Definition: register.c:80
Status
Status
Definition: gdiplustypes.h:25
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
SidTypeUnknown
@ SidTypeUnknown
Definition: lsa.idl:125
SidTypeInvalid
@ SidTypeInvalid
Definition: lsa.idl:124
UNICODE_STRING_MAX_CHARS
#define UNICODE_STRING_MAX_CHARS
STATUS_NONE_MAPPED
#define STATUS_NONE_MAPPED
Definition: ntstatus.h:351
USHORT
unsigned short USHORT
Definition: pedump.c:61
NameRec_
Definition: apinames.c:49
_LSA_REFERENCED_DOMAIN_LIST
Definition: ntsecapi.h:406
_LSA_TRANSLATED_SID2
Definition: ntsecapi.h:415
_LSA_TRANSLATED_SID2::Use
SID_NAME_USE Use
Definition: ntsecapi.h:416
_LSA_TRANSLATED_SID2::Sid
PSID Sid
Definition: ntsecapi.h:417
_LSA_UNICODE_STRING
Definition: ntsecapi.h:162
_LSA_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: ntsecapi.h:168
_LSA_UNICODE_STRING::Length
USHORT Length
Definition: ntsecapi.h:163
_LSA_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: ntsecapi.h:164
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by AccpGetTrusteeSid().

◆ AccpOpenLSAPolicyHandle()

static DWORD AccpOpenLSAPolicyHandle ( IN LPWSTR  SystemName,
IN ACCESS_MASK  DesiredAccess,
OUT PLSA_HANDLE  pPolicyHandle 
)
static

Definition at line 400 of file ntmarta.c.

403{
404 LSA_OBJECT_ATTRIBUTES LsaObjectAttributes = {0};
405 LSA_UNICODE_STRING LsaSystemName, *psn;
406 SIZE_T SystemNameLength;
407 NTSTATUS Status;
408
409 if (SystemName != NULL && SystemName[0] != L'\0')
410 {
411 SystemNameLength = wcslen(SystemName);
412 if (SystemNameLength > UNICODE_STRING_MAX_CHARS)
413 {
414 return ERROR_INVALID_PARAMETER;
415 }
416
417 LsaSystemName.Buffer = SystemName;
418 LsaSystemName.Length = (USHORT)SystemNameLength * sizeof(WCHAR);
419 LsaSystemName.MaximumLength = LsaSystemName.Length + sizeof(WCHAR);
420 psn = &LsaSystemName;
421 }
422 else
423 {
424 psn = NULL;
425 }
426
427 Status = LsaOpenPolicy(psn,
428 &LsaObjectAttributes,
429 DesiredAccess,
430 pPolicyHandle);
431 if (!NT_SUCCESS(Status))
432 return LsaNtStatusToWinError(Status);
433
434 return ERROR_SUCCESS;
435}
LsaOpenPolicy
NTSTATUS WINAPI LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName OPTIONAL, IN PLSA_OBJECT_ATTRIBUTES ObjectAttributes, IN ACCESS_MASK DesiredAccess, OUT PLSA_HANDLE PolicyHandle)
Definition: lsa.c:1183
_LSA_OBJECT_ATTRIBUTES
Definition: ntsecapi.h:177
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

Referenced by AccpGetTrusteeSid().

◆ AccpOpenNamedObject()

static DWORD AccpOpenNamedObject ( LPWSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PHANDLE  Handle,
PHANDLE  Handle2,
BOOL  Write 
)
static

Definition at line 919 of file ntmarta.c.

925{
926 LPWSTR lpPath;
927 NTSTATUS Status;
928 ACCESS_MASK DesiredAccess = (ACCESS_MASK)0;
929 DWORD Ret = ERROR_SUCCESS;
930
931 /* determine the required access rights */
932 switch (ObjectType)
933 {
934 case SE_REGISTRY_KEY:
935 case SE_FILE_OBJECT:
936 case SE_KERNEL_OBJECT:
937 case SE_SERVICE:
938 case SE_WINDOW_OBJECT:
939 if (Write)
940 {
941 SetSecurityAccessMask(SecurityInfo,
942 (PDWORD)&DesiredAccess);
943 }
944 else
945 {
946 QuerySecurityAccessMask(SecurityInfo,
947 (PDWORD)&DesiredAccess);
948 }
949 break;
950
951 default:
952 break;
953 }
954
955 /* make a copy of the path if we're modifying the string */
956 switch (ObjectType)
957 {
958 case SE_REGISTRY_KEY:
959 case SE_SERVICE:
960 lpPath = (LPWSTR)LocalAlloc(LMEM_FIXED,
961 (wcslen(pObjectName) + 1) * sizeof(WCHAR));
962 if (lpPath == NULL)
963 {
964 Ret = GetLastError();
965 goto Cleanup;
966 }
967
968 wcscpy(lpPath,
969 pObjectName);
970 break;
971
972 default:
973 lpPath = pObjectName;
974 break;
975 }
976
977 /* open a handle to the path depending on the object type */
978 switch (ObjectType)
979 {
980 case SE_FILE_OBJECT:
981 {
982 IO_STATUS_BLOCK IoStatusBlock;
983 OBJECT_ATTRIBUTES ObjectAttributes;
984 UNICODE_STRING FileName;
985
986 if (!RtlDosPathNameToNtPathName_U(pObjectName,
987 &FileName,
988 NULL,
989 NULL))
990 {
991 Ret = ERROR_INVALID_NAME;
992 goto Cleanup;
993 }
994
995 InitializeObjectAttributes(&ObjectAttributes,
996 &FileName,
997 OBJ_CASE_INSENSITIVE,
998 NULL,
999 NULL);
1000
1001 Status = NtOpenFile(Handle,
1002 DesiredAccess | SYNCHRONIZE,
1003 &ObjectAttributes,
1004 &IoStatusBlock,
1005 FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
1006 FILE_SYNCHRONOUS_IO_NONALERT);
1007
1008 RtlFreeHeap(RtlGetProcessHeap(),
1009 0,
1010 FileName.Buffer);
1011
1012 if (!NT_SUCCESS(Status))
1013 {
1014 Ret = RtlNtStatusToDosError(Status);
1015 }
1016 break;
1017 }
1018
1019 case SE_REGISTRY_KEY:
1020 {
1021 static const struct
1022 {
1023 HKEY hRootKey;
1024 LPCWSTR szRootKey;
1025 } AccRegRootKeys[] =
1026 {
1027 {HKEY_CLASSES_ROOT, L"CLASSES_ROOT"},
1028 {HKEY_CURRENT_USER, L"CURRENT_USER"},
1029 {HKEY_LOCAL_MACHINE, L"MACHINE"},
1030 {HKEY_USERS, L"USERS"},
1031 {HKEY_CURRENT_CONFIG, L"CONFIG"},
1032 };
1033 LPWSTR lpMachineName, lpRootKeyName, lpKeyName;
1034 HKEY hRootKey = NULL;
1035 UINT i;
1036
1037 /* parse the registry path */
1038 if (lpPath[0] == L'\\' && lpPath[1] == L'\\')
1039 {
1040 lpMachineName = lpPath;
1041
1042 lpRootKeyName = wcschr(lpPath + 2,
1043 L'\\');
1044 if (lpRootKeyName == NULL)
1045 goto ParseRegErr;
1046 else
1047 *(lpRootKeyName++) = L'\0';
1048 }
1049 else
1050 {
1051 lpMachineName = NULL;
1052 lpRootKeyName = lpPath;
1053 }
1054
1055 lpKeyName = wcschr(lpRootKeyName,
1056 L'\\');
1057 if (lpKeyName != NULL)
1058 {
1059 *(lpKeyName++) = L'\0';
1060 }
1061
1062 for (i = 0;
1063 i != sizeof(AccRegRootKeys) / sizeof(AccRegRootKeys[0]);
1064 i++)
1065 {
1066 if (!wcsicmp(lpRootKeyName,
1067 AccRegRootKeys[i].szRootKey))
1068 {
1069 hRootKey = AccRegRootKeys[i].hRootKey;
1070 break;
1071 }
1072 }
1073
1074 if (hRootKey == NULL)
1075 {
1076ParseRegErr:
1077 /* FIXME - right error code? */
1078 Ret = ERROR_INVALID_PARAMETER;
1079 goto Cleanup;
1080 }
1081
1082 /* open the registry key */
1083 if (lpMachineName != NULL)
1084 {
1085 Ret = RegConnectRegistry(lpMachineName,
1086 hRootKey,
1087 (PHKEY)Handle2);
1088
1089 if (Ret != ERROR_SUCCESS)
1090 goto Cleanup;
1091
1092 hRootKey = (HKEY)(*Handle2);
1093 }
1094
1095 Ret = RegOpenKeyEx(hRootKey,
1096 lpKeyName,
1097 0,
1098 (REGSAM)DesiredAccess,
1099 (PHKEY)Handle);
1100 if (Ret != ERROR_SUCCESS)
1101 {
1102 if (*Handle2 != NULL)
1103 {
1104 RegCloseKey((HKEY)(*Handle2));
1105 }
1106
1107 goto Cleanup;
1108 }
1109 break;
1110 }
1111
1112 case SE_SERVICE:
1113 {
1114 LPWSTR lpServiceName, lpMachineName;
1115
1116 /* parse the service path */
1117 if (lpPath[0] == L'\\' && lpPath[1] == L'\\')
1118 {
1119 DesiredAccess |= SC_MANAGER_CONNECT;
1120
1121 lpMachineName = lpPath;
1122
1123 lpServiceName = wcschr(lpPath + 2,
1124 L'\\');
1125 if (lpServiceName == NULL)
1126 {
1127 /* FIXME - right error code? */
1128 Ret = ERROR_INVALID_PARAMETER;
1129 goto Cleanup;
1130 }
1131 else
1132 *(lpServiceName++) = L'\0';
1133 }
1134 else
1135 {
1136 lpMachineName = NULL;
1137 lpServiceName = lpPath;
1138 }
1139
1140 /* open the service */
1141 *Handle2 = (HANDLE)OpenSCManager(lpMachineName,
1142 NULL,
1143 (DWORD)DesiredAccess);
1144 if (*Handle2 == NULL)
1145 {
1146 Ret = GetLastError();
1147 ASSERT(Ret != ERROR_SUCCESS);
1148 goto Cleanup;
1149 }
1150
1151 DesiredAccess &= ~SC_MANAGER_CONNECT;
1152 *Handle = (HANDLE)OpenService((SC_HANDLE)(*Handle2),
1153 lpServiceName,
1154 (DWORD)DesiredAccess);
1155 if (*Handle == NULL)
1156 {
1157 Ret = GetLastError();
1158 ASSERT(Ret != ERROR_SUCCESS);
1159 ASSERT(*Handle2 != NULL);
1160 CloseServiceHandle((SC_HANDLE)(*Handle2));
1161
1162 goto Cleanup;
1163 }
1164 break;
1165 }
1166
1167 default:
1168 {
1169 UNIMPLEMENTED;
1170 Ret = ERROR_CALL_NOT_IMPLEMENTED;
1171 break;
1172 }
1173 }
1174
1175Cleanup:
1176 if (lpPath != NULL && lpPath != pObjectName)
1177 {
1178 LocalFree((HLOCAL)lpPath);
1179 }
1180
1181 return Ret;
1182}
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
HKEY
HANDLE HKEY
Definition: registry.h:26
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
wcschr
#define wcschr
Definition: compat.h:17
FILE_SHARE_READ
#define FILE_SHARE_READ
Definition: compat.h:136
ERROR_INVALID_NAME
#define ERROR_INVALID_NAME
Definition: compat.h:103
wcsicmp
#define wcsicmp
Definition: compat.h:15
FileName
struct _FileName FileName
Definition: fatprocs.h:896
FILE_SYNCHRONOUS_IO_NONALERT
#define FILE_SYNCHRONOUS_IO_NONALERT
Definition: from_kernel.h:31
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
RtlNtStatusToDosError
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS)
IoStatusBlock
static OUT PIO_STATUS_BLOCK IoStatusBlock
Definition: pipe.c:75
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
RtlDosPathNameToNtPathName_U
NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U(_In_opt_z_ PCWSTR DosPathName, _Out_ PUNICODE_STRING NtPathName, _Out_opt_ PCWSTR *NtFileNamePart, _Out_opt_ PRTL_RELATIVE_NAME_U DirectoryInfo)
NtOpenFile
NTSYSAPI NTSTATUS NTAPI NtOpenFile(OUT PHANDLE phFile, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK pIoStatusBlock, IN ULONG ShareMode, IN ULONG OpenMode)
Definition: file.c:3952
FILE_SHARE_WRITE
#define FILE_SHARE_WRITE
Definition: nt_native.h:681
SYNCHRONIZE
#define SYNCHRONIZE
Definition: nt_native.h:61
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
FILE_SHARE_DELETE
#define FILE_SHARE_DELETE
Definition: nt_native.h:682
SetSecurityAccessMask
VOID WINAPI SetSecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: ntmarta.c:39
QuerySecurityAccessMask
VOID WINAPI QuerySecurityAccessMask(IN SECURITY_INFORMATION SecurityInformation, OUT LPDWORD DesiredAccess)
Definition: ntmarta.c:57
PDWORD
DWORD * PDWORD
Definition: pedump.c:68
wcscpy
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_FileName
Definition: filecomp.c:348
_IO_STATUS_BLOCK
Definition: env_spec_w32.h:870
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_UNICODE_STRING
Definition: env_spec_w32.h:368
HANDLE
PVOID HANDLE
Definition: typedefs.h:73
Write
static BOOL Write(PBYTE Address, PBYTE Data, SIZE_T Size)
Definition: vmhorizon.c:15
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12
HKEY_CURRENT_CONFIG
#define HKEY_CURRENT_CONFIG
Definition: winreg.h:15
HKEY_CURRENT_USER
#define HKEY_CURRENT_USER
Definition: winreg.h:11
RegOpenKeyEx
#define RegOpenKeyEx
Definition: winreg.h:520
REGSAM
ACCESS_MASK REGSAM
Definition: winreg.h:69
RegConnectRegistry
#define RegConnectRegistry
Definition: winreg.h:495
HKEY_CLASSES_ROOT
#define HKEY_CLASSES_ROOT
Definition: winreg.h:10
HKEY_USERS
#define HKEY_USERS
Definition: winreg.h:13
OpenSCManager
#define OpenSCManager
Definition: winsvc.h:575
SC_MANAGER_CONNECT
#define SC_MANAGER_CONNECT
Definition: winsvc.h:14
OpenService
#define OpenService
Definition: winsvc.h:576
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185

Referenced by AccRewriteGetNamedRights(), and AccRewriteSetNamedRights().

◆ AccRewriteGetExplicitEntriesFromAcl()

DWORD WINAPI AccRewriteGetExplicitEntriesFromAcl ( PACL  pacl,
PULONG  pcCountOfExplicitEntries,
PEXPLICIT_ACCESS_W pListOfExplicitEntries 
)

Definition at line 1635 of file ntmarta.c.

1638{
1639 PACE_HEADER AceHeader;
1640 PSID Sid, SidTarget;
1641 ULONG ObjectAceCount = 0;
1642 POBJECTS_AND_SID ObjSid;
1643 SIZE_T Size;
1644 PEXPLICIT_ACCESS_W peaw;
1645 DWORD LastErr, SidLen;
1646 DWORD AceIndex = 0;
1647 DWORD ErrorCode = ERROR_SUCCESS;
1648
1649 /* save the last error code */
1650 LastErr = GetLastError();
1651
1652 if (pacl != NULL)
1653 {
1654 if (pacl->AceCount != 0)
1655 {
1656 Size = (SIZE_T)pacl->AceCount * sizeof(EXPLICIT_ACCESS_W);
1657
1658 /* calculate the space needed */
1659 while (GetAce(pacl,
1660 AceIndex,
1661 (LPVOID*)&AceHeader))
1662 {
1663 Sid = AccpGetAceSid(AceHeader);
1664 Size += GetLengthSid(Sid);
1665
1666 if (AccpIsObjectAce(AceHeader))
1667 ObjectAceCount++;
1668
1669 AceIndex++;
1670 }
1671
1672 Size += ObjectAceCount * sizeof(OBJECTS_AND_SID);
1673
1674 ASSERT(pacl->AceCount == AceIndex);
1675
1676 /* allocate the array */
1677 peaw = (PEXPLICIT_ACCESS_W)LocalAlloc(LMEM_FIXED,
1678 Size);
1679 if (peaw != NULL)
1680 {
1681 AceIndex = 0;
1682 ObjSid = (POBJECTS_AND_SID)(peaw + pacl->AceCount);
1683 SidTarget = (PSID)(ObjSid + ObjectAceCount);
1684
1685 /* initialize the array */
1686 while (GetAce(pacl,
1687 AceIndex,
1688 (LPVOID*)&AceHeader))
1689 {
1690 Sid = AccpGetAceSid(AceHeader);
1691 SidLen = GetLengthSid(Sid);
1692
1693 peaw[AceIndex].grfAccessPermissions = AccpGetAceAccessMask(AceHeader);
1694 peaw[AceIndex].grfAccessMode = AccpGetAceAccessMode(AceHeader);
1695 peaw[AceIndex].grfInheritance = AceHeader->AceFlags & VALID_INHERIT_FLAGS;
1696
1697 if (CopySid(SidLen,
1698 SidTarget,
1699 Sid))
1700 {
1701 if (AccpIsObjectAce(AceHeader))
1702 {
1703 BuildTrusteeWithObjectsAndSid(&peaw[AceIndex].Trustee,
1704 ObjSid++,
1705 AccpGetObjectAceObjectType(AceHeader),
1706 AccpGetObjectAceInheritedObjectType(AceHeader),
1707 SidTarget);
1708 }
1709 else
1710 {
1711 BuildTrusteeWithSid(&peaw[AceIndex].Trustee,
1712 SidTarget);
1713 }
1714
1715 SidTarget = (PSID)((ULONG_PTR)SidTarget + SidLen);
1716 }
1717 else
1718 {
1719 /* copying the SID failed, treat it as an fatal error... */
1720 ErrorCode = GetLastError();
1721
1722 /* free allocated resources */
1723 LocalFree(peaw);
1724 peaw = NULL;
1725 AceIndex = 0;
1726 break;
1727 }
1728
1729 AceIndex++;
1730 }
1731
1732 *pcCountOfExplicitEntries = AceIndex;
1733 *pListOfExplicitEntries = peaw;
1734 }
1735 else
1736 ErrorCode = ERROR_NOT_ENOUGH_MEMORY;
1737 }
1738 else
1739 {
1740 goto EmptyACL;
1741 }
1742 }
1743 else
1744 {
1745EmptyACL:
1746 *pcCountOfExplicitEntries = 0;
1747 *pListOfExplicitEntries = NULL;
1748 }
1749
1750 /* restore the last error code */
1751 SetLastError(LastErr);
1752
1753 return ErrorCode;
1754}
PEXPLICIT_ACCESS_W
struct _EXPLICIT_ACCESS_W * PEXPLICIT_ACCESS_W
OBJECTS_AND_SID
struct _OBJECTS_AND_SID OBJECTS_AND_SID
BuildTrusteeWithSid
#define BuildTrusteeWithSid
Definition: aclapi.h:230
BuildTrusteeWithObjectsAndSid
#define BuildTrusteeWithObjectsAndSid
Definition: aclapi.h:229
GetAce
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
SetLastError
#define SetLastError(x)
Definition: compat.h:752
ErrorCode
_In_ NDIS_ERROR_CODE ErrorCode
Definition: ndis.h:4436
AccpGetAceAccessMode
static ACCESS_MODE AccpGetAceAccessMode(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:73
AccpIsObjectAce
static BOOL AccpIsObjectAce(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:202
AccpGetObjectAceInheritedObjectType
static GUID * AccpGetObjectAceInheritedObjectType(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:337
AccpGetAceAccessMask
static ACCESS_MASK AccpGetAceAccessMask(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:196
AccpGetAceSid
static PSID AccpGetAceSid(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:190
AccpGetObjectAceObjectType
static GUID * AccpGetObjectAceObjectType(IN PACE_HEADER AceHeader)
Definition: ntmarta.c:294
_ACE_HEADER
Definition: ms-dtyp.idl:209
_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297
_EXPLICIT_ACCESS_W
Definition: accctrl.h:339
_EXPLICIT_ACCESS_W::grfAccessPermissions
DWORD grfAccessPermissions
Definition: accctrl.h:340
_EXPLICIT_ACCESS_W::grfInheritance
DWORD grfInheritance
Definition: accctrl.h:342
_EXPLICIT_ACCESS_W::grfAccessMode
ACCESS_MODE grfAccessMode
Definition: accctrl.h:341
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
ULONG
uint32_t ULONG
Definition: typedefs.h:59
AceIndex
_In_ ULONG AceIndex
Definition: rtlfuncs.h:1862
VALID_INHERIT_FLAGS
#define VALID_INHERIT_FLAGS
Definition: setypes.h:751

◆ AccRewriteGetHandleRights()

DWORD WINAPI AccRewriteGetHandleRights ( HANDLE  handle,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 654 of file ntmarta.c.

662{
663 PSECURITY_DESCRIPTOR pSD = NULL;
664 ULONG SDSize = 0;
665 NTSTATUS Status;
666 DWORD LastErr;
667 DWORD Ret;
668
669 /* save the last error code */
670 LastErr = GetLastError();
671
672 do
673 {
674 Ret = ERROR_SUCCESS;
675
676 /* allocate a buffer large enough to hold the
677 security descriptor we need to return */
678 SDSize += 0x100;
679 if (pSD == NULL)
680 {
681 pSD = LocalAlloc(LMEM_FIXED,
682 (SIZE_T)SDSize);
683 }
684 else
685 {
686 PSECURITY_DESCRIPTOR newSD;
687
688 newSD = LocalReAlloc((HLOCAL)pSD,
689 (SIZE_T)SDSize,
690 LMEM_MOVEABLE);
691 if (newSD != NULL)
692 pSD = newSD;
693 }
694
695 if (pSD == NULL)
696 {
697 Ret = GetLastError();
698 break;
699 }
700
701 /* perform the actual query depending on the object type */
702 switch (ObjectType)
703 {
704 case SE_REGISTRY_KEY:
705 {
706 Ret = (DWORD)RegGetKeySecurity((HKEY)handle,
707 SecurityInfo,
708 pSD,
709 &SDSize);
710 break;
711 }
712
713 case SE_FILE_OBJECT:
714 /* FIXME - handle console handles? */
715 case SE_KERNEL_OBJECT:
716 {
717 Status = NtQuerySecurityObject(handle,
718 SecurityInfo,
719 pSD,
720 SDSize,
721 &SDSize);
722 if (!NT_SUCCESS(Status))
723 {
724 Ret = RtlNtStatusToDosError(Status);
725 }
726 break;
727 }
728
729 case SE_SERVICE:
730 {
731 if (!QueryServiceObjectSecurity((SC_HANDLE)handle,
732 SecurityInfo,
733 pSD,
734 SDSize,
735 &SDSize))
736 {
737 Ret = GetLastError();
738 }
739 break;
740 }
741
742 case SE_WINDOW_OBJECT:
743 {
744 if (!GetUserObjectSecurity(handle,
745 &SecurityInfo,
746 pSD,
747 SDSize,
748 &SDSize))
749 {
750 Ret = GetLastError();
751 }
752 break;
753 }
754
755 default:
756 {
757 UNIMPLEMENTED;
758 Ret = ERROR_CALL_NOT_IMPLEMENTED;
759 break;
760 }
761 }
762
763 } while (Ret == ERROR_INSUFFICIENT_BUFFER);
764
765 if (Ret == ERROR_SUCCESS)
766 {
767 BOOL Present, Defaulted;
768
769 if (SecurityInfo & OWNER_SECURITY_INFORMATION && ppsidOwner != NULL)
770 {
771 *ppsidOwner = NULL;
772 if (!GetSecurityDescriptorOwner(pSD,
773 ppsidOwner,
774 &Defaulted))
775 {
776 Ret = GetLastError();
777 goto Cleanup;
778 }
779 }
780
781 if (SecurityInfo & GROUP_SECURITY_INFORMATION && ppsidGroup != NULL)
782 {
783 *ppsidGroup = NULL;
784 if (!GetSecurityDescriptorGroup(pSD,
785 ppsidGroup,
786 &Defaulted))
787 {
788 Ret = GetLastError();
789 goto Cleanup;
790 }
791 }
792
793 if (SecurityInfo & DACL_SECURITY_INFORMATION && ppDacl != NULL)
794 {
795 *ppDacl = NULL;
796 if (!GetSecurityDescriptorDacl(pSD,
797 &Present,
798 ppDacl,
799 &Defaulted))
800 {
801 Ret = GetLastError();
802 goto Cleanup;
803 }
804 }
805
806 if (SecurityInfo & SACL_SECURITY_INFORMATION && ppSacl != NULL)
807 {
808 *ppSacl = NULL;
809 if (!GetSecurityDescriptorSacl(pSD,
810 &Present,
811 ppSacl,
812 &Defaulted))
813 {
814 Ret = GetLastError();
815 goto Cleanup;
816 }
817 }
818
819 *ppSecurityDescriptor = pSD;
820 }
821 else
822 {
823Cleanup:
824 if (pSD != NULL)
825 {
826 LocalFree((HLOCAL)pSD);
827 }
828 }
829
830 /* restore the last error code */
831 SetLastError(LastErr);
832
833 return Ret;
834}
ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
RegGetKeySecurity
LONG WINAPI RegGetKeySecurity(HKEY hKey, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor, LPDWORD lpcbSecurityDescriptor)
Definition: reg.c:2987
LocalReAlloc
HLOCAL NTAPI LocalReAlloc(HLOCAL hMem, SIZE_T dwBytes, UINT uFlags)
Definition: heapmem.c:1625
NtQuerySecurityObject
NTSTATUS NTAPI NtQuerySecurityObject(IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength)
Definition: obsecure.c:803
QueryServiceObjectSecurity
BOOL WINAPI QueryServiceObjectSecurity(SC_HANDLE hService, SECURITY_INFORMATION dwSecurityInformation, PSECURITY_DESCRIPTOR lpSecurityDescriptor, DWORD cbBufSize, LPDWORD pcbBytesNeeded)
Definition: scm.c:2732
GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
GetSecurityDescriptorSacl
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
GetSecurityDescriptorOwner
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
LMEM_MOVEABLE
#define LMEM_MOVEABLE
Definition: winbase.h:369
GetUserObjectSecurity
BOOL WINAPI GetUserObjectSecurity(_In_ HANDLE hObj, _In_ PSECURITY_INFORMATION pSIRequested, _Out_writes_bytes_opt_(nLength) PSECURITY_DESCRIPTOR pSID, _In_ DWORD nLength, _Out_ LPDWORD lpnLengthNeeded)
DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
SACL_SECURITY_INFORMATION
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

◆ AccRewriteGetNamedRights()

DWORD WINAPI AccRewriteGetNamedRights ( LPWSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID ppsidOwner,
PSID ppsidGroup,
PACL ppDacl,
PACL ppSacl,
PSECURITY_DESCRIPTOR ppSecurityDescriptor 
)

Definition at line 1228 of file ntmarta.c.

1236{
1237 HANDLE Handle = NULL;
1238 HANDLE Handle2 = NULL;
1239 DWORD LastErr;
1240 DWORD Ret;
1241
1242 /* save the last error code */
1243 LastErr = GetLastError();
1244
1245 /* create the handle */
1246 Ret = AccpOpenNamedObject(pObjectName,
1247 ObjectType,
1248 SecurityInfo,
1249 &Handle,
1250 &Handle2,
1251 FALSE);
1252
1253 if (Ret == ERROR_SUCCESS)
1254 {
1255 ASSERT(Handle != NULL);
1256
1257 /* perform the operation */
1258 Ret = AccRewriteGetHandleRights(Handle,
1259 ObjectType,
1260 SecurityInfo,
1261 ppsidOwner,
1262 ppsidGroup,
1263 ppDacl,
1264 ppSacl,
1265 ppSecurityDescriptor);
1266
1267 /* close opened handles */
1268 AccpCloseObjectHandle(ObjectType,
1269 Handle,
1270 Handle2);
1271 }
1272
1273 /* restore the last error code */
1274 SetLastError(LastErr);
1275
1276 return Ret;
1277}
AccRewriteGetHandleRights
#define AccRewriteGetHandleRights
Definition: advapi32.h:173
AccpOpenNamedObject
static DWORD AccpOpenNamedObject(LPWSTR pObjectName, SE_OBJECT_TYPE ObjectType, SECURITY_INFORMATION SecurityInfo, PHANDLE Handle, PHANDLE Handle2, BOOL Write)
Definition: ntmarta.c:919
AccpCloseObjectHandle
static VOID AccpCloseObjectHandle(SE_OBJECT_TYPE ObjectType, HANDLE Handle, HANDLE Handle2)
Definition: ntmarta.c:1186

◆ AccRewriteSetEntriesInAcl()

DWORD WINAPI AccRewriteSetEntriesInAcl ( ULONG  cCountOfExplicitEntries,
PEXPLICIT_ACCESS_W  pListOfExplicitEntries,
PACL  OldAcl,
PACL NewAcl 
)

Definition at line 1336 of file ntmarta.c.

1340{
1341 PACL pNew = NULL;
1342 ACL_SIZE_INFORMATION SizeInformation;
1343 PACE_HEADER pAce;
1344 BOOLEAN KeepAceBuf[8];
1345 BOOLEAN *pKeepAce = NULL;
1346 GUID ObjectTypeGuid, InheritedObjectTypeGuid;
1347 DWORD ObjectsPresent;
1348 BOOL needToClean;
1349 PSID pSid1, pSid2;
1350 ULONG i, j;
1351 LSA_HANDLE PolicyHandle = NULL;
1352 BOOL bRet;
1353 DWORD LastErr;
1354 DWORD Ret = ERROR_SUCCESS;
1355
1356 /* save the last error code */
1357 LastErr = GetLastError();
1358
1359 *NewAcl = NULL;
1360
1361 /* Get information about previous ACL */
1362 if (OldAcl)
1363 {
1364 if (!GetAclInformation(OldAcl, &SizeInformation, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation))
1365 {
1366 Ret = GetLastError();
1367 goto Cleanup;
1368 }
1369
1370 if (SizeInformation.AceCount > sizeof(KeepAceBuf) / sizeof(KeepAceBuf[0]))
1371 {
1372 pKeepAce = (BOOLEAN *)LocalAlloc(LMEM_FIXED, SizeInformation.AceCount * sizeof(*pKeepAce));
1373 if (!pKeepAce)
1374 {
1375 Ret = ERROR_NOT_ENOUGH_MEMORY;
1376 goto Cleanup;
1377 }
1378 }
1379 else
1380 pKeepAce = KeepAceBuf;
1381
1382 memset(pKeepAce, TRUE, SizeInformation.AceCount * sizeof(*pKeepAce));
1383 }
1384 else
1385 {
1386 ZeroMemory(&SizeInformation, sizeof(ACL_SIZE_INFORMATION));
1387 SizeInformation.AclBytesInUse = sizeof(ACL);
1388 }
1389
1390 /* Get size required for new entries */
1391 for (i = 0; i < cCountOfExplicitEntries; i++)
1392 {
1393 Ret = AccpGetTrusteeSid(&pListOfExplicitEntries[i].Trustee,
1394 &PolicyHandle,
1395 &pSid1,
1396 &needToClean);
1397 if (Ret != ERROR_SUCCESS)
1398 goto Cleanup;
1399
1400 ObjectsPresent = AccpGetTrusteeObjects(&pListOfExplicitEntries[i].Trustee,
1401 NULL,
1402 NULL);
1403
1404 switch (pListOfExplicitEntries[i].grfAccessMode)
1405 {
1406 case REVOKE_ACCESS:
1407 case SET_ACCESS:
1408 /* Discard all accesses for the trustee... */
1409 for (j = 0; j < SizeInformation.AceCount; j++)
1410 {
1411 if (!pKeepAce[j])
1412 continue;
1413 if (!GetAce(OldAcl, j, (PVOID*)&pAce))
1414 {
1415 Ret = GetLastError();
1416 goto Cleanup;
1417 }
1418
1419 pSid2 = AccpGetAceSid(pAce);
1420 if (RtlEqualSid(pSid1, pSid2))
1421 {
1422 pKeepAce[j] = FALSE;
1423 SizeInformation.AclBytesInUse -= pAce->AceSize;
1424 }
1425 }
1426 if (pListOfExplicitEntries[i].grfAccessMode == REVOKE_ACCESS)
1427 break;
1428 /* ...and replace by the current access */
1429 case GRANT_ACCESS:
1430 case DENY_ACCESS:
1431 /* Add to ACL */
1432 SizeInformation.AclBytesInUse += AccpCalcNeededAceSize(pSid1, ObjectsPresent);
1433 break;
1434 case SET_AUDIT_SUCCESS:
1435 case SET_AUDIT_FAILURE:
1436 /* FIXME */
1437 DPRINT1("Case not implemented!\n");
1438 break;
1439 default:
1440 DPRINT1("Unknown access mode 0x%x. Ignoring it\n", pListOfExplicitEntries[i].grfAccessMode);
1441 break;
1442 }
1443
1444 if (needToClean)
1445 LocalFree((HLOCAL)pSid1);
1446 }
1447
1448 /* Succeed, if no ACL needs to be allocated */
1449 if (SizeInformation.AclBytesInUse == 0)
1450 goto Cleanup;
1451
1452 /* OK, now create the new ACL */
1453 DPRINT("Allocating %u bytes for the new ACL\n", SizeInformation.AclBytesInUse);
1454 pNew = (PACL)LocalAlloc(LMEM_FIXED, SizeInformation.AclBytesInUse);
1455 if (!pNew)
1456 {
1457 Ret = ERROR_NOT_ENOUGH_MEMORY;
1458 goto Cleanup;
1459 }
1460 if (!InitializeAcl(pNew, SizeInformation.AclBytesInUse, ACL_REVISION))
1461 {
1462 Ret = GetLastError();
1463 goto Cleanup;
1464 }
1465
1466 /* Fill it */
1467 /* 1a) New audit entries (SET_AUDIT_SUCCESS, SET_AUDIT_FAILURE) */
1468 /* FIXME */
1469
1470 /* 1b) Existing audit entries */
1471 /* FIXME */
1472
1473 /* 2a) New denied entries (DENY_ACCESS) */
1474 for (i = 0; i < cCountOfExplicitEntries; i++)
1475 {
1476 if (pListOfExplicitEntries[i].grfAccessMode == DENY_ACCESS)
1477 {
1478 /* FIXME: take care of pListOfExplicitEntries[i].grfInheritance */
1479 Ret = AccpGetTrusteeSid(&pListOfExplicitEntries[i].Trustee,
1480 &PolicyHandle,
1481 &pSid1,
1482 &needToClean);
1483 if (Ret != ERROR_SUCCESS)
1484 goto Cleanup;
1485
1486 ObjectsPresent = AccpGetTrusteeObjects(&pListOfExplicitEntries[i].Trustee,
1487 &ObjectTypeGuid,
1488 &InheritedObjectTypeGuid);
1489
1490 if (ObjectsPresent == 0)
1491 {
1492 /* FIXME: Call AddAccessDeniedAceEx instead! */
1493 bRet = AddAccessDeniedAce(pNew, ACL_REVISION, pListOfExplicitEntries[i].grfAccessPermissions, pSid1);
1494 }
1495 else
1496 {
1497 /* FIXME: Call AddAccessDeniedObjectAce */
1498 DPRINT1("Object ACEs not yet supported!\n");
1499 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
1500 bRet = FALSE;
1501 }
1502
1503 if (needToClean) LocalFree((HLOCAL)pSid1);
1504 if (!bRet)
1505 {
1506 Ret = GetLastError();
1507 goto Cleanup;
1508 }
1509 }
1510 }
1511
1512 /* 2b) Existing denied entries */
1513 /* FIXME */
1514
1515 /* 3a) New allow entries (GRANT_ACCESS, SET_ACCESS) */
1516 for (i = 0; i < cCountOfExplicitEntries; i++)
1517 {
1518 if (pListOfExplicitEntries[i].grfAccessMode == SET_ACCESS ||
1519 pListOfExplicitEntries[i].grfAccessMode == GRANT_ACCESS)
1520 {
1521 /* FIXME: take care of pListOfExplicitEntries[i].grfInheritance */
1522 Ret = AccpGetTrusteeSid(&pListOfExplicitEntries[i].Trustee,
1523 &PolicyHandle,
1524 &pSid1,
1525 &needToClean);
1526 if (Ret != ERROR_SUCCESS)
1527 goto Cleanup;
1528
1529 ObjectsPresent = AccpGetTrusteeObjects(&pListOfExplicitEntries[i].Trustee,
1530 &ObjectTypeGuid,
1531 &InheritedObjectTypeGuid);
1532
1533 if (ObjectsPresent == 0)
1534 {
1535 /* FIXME: Call AddAccessAllowedAceEx instead! */
1536 bRet = AddAccessAllowedAce(pNew, ACL_REVISION, pListOfExplicitEntries[i].grfAccessPermissions, pSid1);
1537 }
1538 else
1539 {
1540 /* FIXME: Call AddAccessAllowedObjectAce */
1541 DPRINT1("Object ACEs not yet supported!\n");
1542 SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
1543 bRet = FALSE;
1544 }
1545
1546 if (needToClean) LocalFree((HLOCAL)pSid1);
1547 if (!bRet)
1548 {
1549 Ret = GetLastError();
1550 goto Cleanup;
1551 }
1552 }
1553 }
1554
1555 /* 3b) Existing allow entries */
1556 /* FIXME */
1557
1558 *NewAcl = pNew;
1559
1560Cleanup:
1561 if (pKeepAce && pKeepAce != KeepAceBuf)
1562 LocalFree((HLOCAL)pKeepAce);
1563
1564 if (pNew && Ret != ERROR_SUCCESS)
1565 LocalFree((HLOCAL)pNew);
1566
1567 if (PolicyHandle)
1568 LsaClose(PolicyHandle);
1569
1570 /* restore the last error code */
1571 SetLastError(LastErr);
1572
1573 return Ret;
1574}
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
REVOKE_ACCESS
@ REVOKE_ACCESS
Definition: accctrl.h:152
SET_ACCESS
@ SET_ACCESS
Definition: accctrl.h:150
DPRINT1
#define DPRINT1
Definition: precomp.h:8
LsaClose
NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle)
Definition: lsa.c:194
GetAclInformation
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1194
InitializeAcl
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1006
AddAccessAllowedAce
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1039
AddAccessDeniedAce
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1090
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
ACL
struct _ACL ACL
PACL
struct _ACL * PACL
Definition: security.c:105
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
AccpGetTrusteeObjects
static DWORD AccpGetTrusteeObjects(IN PTRUSTEE_W Trustee, OUT GUID *pObjectTypeGuid OPTIONAL, OUT GUID *pInheritedObjectTypeGuid OPTIONAL)
Definition: ntmarta.c:226
AccpCalcNeededAceSize
static DWORD AccpCalcNeededAceSize(IN PSID Sid, IN DWORD ObjectsPresent)
Definition: ntmarta.c:271
AccpGetTrusteeSid
static DWORD AccpGetTrusteeSid(IN PTRUSTEE_W Trustee, IN OUT PLSA_HANDLE pPolicyHandle, OUT PSID *ppSid, OUT BOOL *Allocated)
Definition: ntmarta.c:565
memset
#define memset(x, y, z)
Definition: compat.h:39
DPRINT
#define DPRINT
Definition: sndvol32.h:73
_ACL_SIZE_INFORMATION
Definition: winnt_old.h:1124
_ACL_SIZE_INFORMATION::AclBytesInUse
DWORD AclBytesInUse
Definition: winnt_old.h:1126
_ACL_SIZE_INFORMATION::AceCount
DWORD AceCount
Definition: winnt_old.h:1125
_ACL
Definition: ms-dtyp.idl:293
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1712
AclSizeInformation
@ AclSizeInformation
Definition: winnt_old.h:1117
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

◆ AccRewriteSetHandleRights()

DWORD WINAPI AccRewriteSetHandleRights ( HANDLE  handle,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSECURITY_DESCRIPTOR  pSecurityDescriptor 
)

Definition at line 843 of file ntmarta.c.

847{
848 NTSTATUS Status;
849 DWORD LastErr;
850 DWORD Ret = ERROR_SUCCESS;
851
852 /* save the last error code */
853 LastErr = GetLastError();
854
855 /* set the security according to the object type */
856 switch (ObjectType)
857 {
858 case SE_REGISTRY_KEY:
859 {
860 Ret = (DWORD)RegSetKeySecurity((HKEY)handle,
861 SecurityInfo,
862 pSecurityDescriptor);
863 break;
864 }
865
866 case SE_FILE_OBJECT:
867 /* FIXME - handle console handles? */
868 case SE_KERNEL_OBJECT:
869 {
870 Status = NtSetSecurityObject(handle,
871 SecurityInfo,
872 pSecurityDescriptor);
873 if (!NT_SUCCESS(Status))
874 {
875 Ret = RtlNtStatusToDosError(Status);
876 }
877 break;
878 }
879
880 case SE_SERVICE:
881 {
882 if (!SetServiceObjectSecurity((SC_HANDLE)handle,
883 SecurityInfo,
884 pSecurityDescriptor))
885 {
886 Ret = GetLastError();
887 }
888 break;
889 }
890
891 case SE_WINDOW_OBJECT:
892 {
893 if (!SetUserObjectSecurity(handle,
894 &SecurityInfo,
895 pSecurityDescriptor))
896 {
897 Ret = GetLastError();
898 }
899 break;
900 }
901
902 default:
903 {
904 UNIMPLEMENTED;
905 Ret = ERROR_CALL_NOT_IMPLEMENTED;
906 break;
907 }
908 }
909
910
911 /* restore the last error code */
912 SetLastError(LastErr);
913
914 return Ret;
915}
RegSetKeySecurity
LONG WINAPI RegSetKeySecurity(HKEY hKey, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR pSecurityDescriptor)
Definition: reg.c:4759
SetServiceObjectSecurity
BOOL WINAPI SetServiceObjectSecurity(SC_HANDLE hService, SECURITY_INFORMATION dwSecurityInformation, PSECURITY_DESCRIPTOR lpSecurityDescriptor)
Definition: scm.c:2774
NtSetSecurityObject
NTSTATUS WINAPI NtSetSecurityObject(HANDLE Handle, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR SecurityDescriptor)
SetUserObjectSecurity
BOOL WINAPI SetUserObjectSecurity(_In_ HANDLE, _In_ PSECURITY_INFORMATION, _In_ PSECURITY_DESCRIPTOR)

◆ AccRewriteSetNamedRights()

DWORD WINAPI AccRewriteSetNamedRights ( LPWSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSECURITY_DESCRIPTOR  pSecurityDescriptor 
)

Definition at line 1286 of file ntmarta.c.

1290{
1291 HANDLE Handle = NULL;
1292 HANDLE Handle2 = NULL;
1293 DWORD LastErr;
1294 DWORD Ret;
1295
1296 /* save the last error code */
1297 LastErr = GetLastError();
1298
1299 /* create the handle */
1300 Ret = AccpOpenNamedObject(pObjectName,
1301 ObjectType,
1302 SecurityInfo,
1303 &Handle,
1304 &Handle2,
1305 TRUE);
1306
1307 if (Ret == ERROR_SUCCESS)
1308 {
1309 ASSERT(Handle != NULL);
1310
1311 /* perform the operation */
1312 Ret = AccRewriteSetHandleRights(Handle,
1313 ObjectType,
1314 SecurityInfo,
1315 pSecurityDescriptor);
1316
1317 /* close opened handles */
1318 AccpCloseObjectHandle(ObjectType,
1319 Handle,
1320 Handle2);
1321 }
1322
1323 /* restore the last error code */
1324 SetLastError(LastErr);
1325
1326 return Ret;
1327}
AccRewriteSetHandleRights
#define AccRewriteSetHandleRights
Definition: advapi32.h:174

◆ AccTreeResetNamedSecurityInfo()

DWORD WINAPI AccTreeResetNamedSecurityInfo ( LPWSTR  pObjectName,
SE_OBJECT_TYPE  ObjectType,
SECURITY_INFORMATION  SecurityInfo,
PSID  pOwner,
PSID  pGroup,
PACL  pDacl,
PACL  pSacl,
BOOL  KeepExplicit,
FN_PROGRESSW  fnProgress,
PROG_INVOKE_SETTING  ProgressInvokeSetting,
PVOID  Args 
)

Definition at line 1763 of file ntmarta.c.

1774{
1775 UNIMPLEMENTED;
1776 return ERROR_CALL_NOT_IMPLEMENTED;
1777}

◆ DllMain()

BOOL WINAPI DllMain ( IN HINSTANCE  hinstDLL,
IN DWORD  dwReason,
IN LPVOID  lpvReserved 
)

@DllMain

Core routine of the Utility Manager's library.

Parameters
[in]hDllInstanceThe entry point instance of the library.
[in]fdwReasonThe reason argument to indicate the motive DllMain is being called.
[in]lpvReservedReserved.
Returns
Returns TRUE when main call initialization has succeeded, FALSE otherwise.

Definition at line 1781 of file ntmarta.c.

1784{
1785 switch (dwReason)
1786 {
1787 case DLL_PROCESS_ATTACH:
1788 hDllInstance = hinstDLL;
1789 DisableThreadLibraryCalls(hinstDLL);
1790 break;
1791
1792 case DLL_PROCESS_DETACH:
1793 break;
1794 }
1795 return TRUE;
1796}
dwReason
DWORD dwReason
Definition: misc.cpp:154
DLL_PROCESS_ATTACH
#define DLL_PROCESS_ATTACH
Definition: compat.h:131
DLL_PROCESS_DETACH
#define DLL_PROCESS_DETACH
Definition: compat.h:130
DisableThreadLibraryCalls
BOOL WINAPI DisableThreadLibraryCalls(IN HMODULE hLibModule)
Definition: loader.c:85
hDllInstance
HINSTANCE hDllInstance
Definition: ntmarta.c:34

◆ QuerySecurityAccessMask()

VOID WINAPI QuerySecurityAccessMask ( IN SECURITY_INFORMATION  SecurityInformation,
OUT LPDWORD  DesiredAccess 
)

Definition at line 57 of file ntmarta.c.

59{
60 *DesiredAccess = 0;
61
62 if (SecurityInformation & (OWNER_SECURITY_INFORMATION |
63 GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION))
64 {
65 *DesiredAccess |= READ_CONTROL;
66 }
67
68 if (SecurityInformation & SACL_SECURITY_INFORMATION)
69 *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
70}
SecurityInformation
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
READ_CONTROL
#define READ_CONTROL
Definition: nt_native.h:58

Referenced by AccpOpenNamedObject().

◆ SetSecurityAccessMask()

VOID WINAPI SetSecurityAccessMask ( IN SECURITY_INFORMATION  SecurityInformation,
OUT LPDWORD  DesiredAccess 
)

Definition at line 39 of file ntmarta.c.

41{
42 *DesiredAccess = 0;
43
44 if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
45 *DesiredAccess |= WRITE_OWNER;
46
47 if (SecurityInformation & DACL_SECURITY_INFORMATION)
48 *DesiredAccess |= WRITE_DAC;
49
50 if (SecurityInformation & SACL_SECURITY_INFORMATION)
51 *DesiredAccess |= ACCESS_SYSTEM_SECURITY;
52}
WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59
WRITE_OWNER
#define WRITE_OWNER
Definition: nt_native.h:60

Referenced by AccpOpenNamedObject().

Variable Documentation

◆ hDllInstance

HINSTANCE hDllInstance

Definition at line 34 of file ntmarta.c.

Referenced by DllMain().