ReactOS 0.4.15-dev-7788-g1ad9096
security.c
Go to the documentation of this file.
1/*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Security Account Manager (SAM) Server
4 * FILE: reactos/dll/win32/samsrv/security.c
5 * PURPOSE: Security descriptor functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10#include "samsrv.h"
11
12/* GLOBALS *****************************************************************/
13
16
17
18/* FUNCTIONS ***************************************************************/
19
23{
26 PSID EveryoneSid = NULL;
27 PSID AnonymousSid = NULL;
28 PSID AdministratorsSid = NULL;
29 PACL Dacl = NULL;
30 PACL Sacl = NULL;
33 ULONG RelSDSize = 0;
35
36
37 /* Create the Everyone SID */
39 1,
41 0,
42 0,
43 0,
44 0,
45 0,
46 0,
47 0,
48 &EveryoneSid);
50 if (!NT_SUCCESS(Status))
51 goto done;
52
53 /* Create the Anonymous SID */
55 1,
57 0,
58 0,
59 0,
60 0,
61 0,
62 0,
63 0,
64 &AnonymousSid);
66 if (!NT_SUCCESS(Status))
67 goto done;
68
69 /* Create the Administrators SID */
71 2,
74 0,
75 0,
76 0,
77 0,
78 0,
79 0,
80 &AdministratorsSid);
82 if (!NT_SUCCESS(Status))
83 goto done;
84
85
86 /* Allocate a buffer for the absolute SD */
87 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
89 sizeof(SECURITY_DESCRIPTOR));
90 if (AbsSD == NULL)
91 {
94 goto done;
95 }
96
97 /* Create the absolute SD */
101 if (!NT_SUCCESS(Status))
102 goto done;
103
104 /* allocate and create the DACL */
105 DaclSize = sizeof(ACL) +
106 2 * sizeof(ACE) +
107 RtlLengthSid(EveryoneSid) +
108 RtlLengthSid(AdministratorsSid);
109
110 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
112 DaclSize);
113 if (Dacl == NULL)
114 {
117 goto done;
118 }
119
121 DaclSize,
124 if (!NT_SUCCESS(Status))
125 goto done;
126
130 EveryoneSid);
132 if (!NT_SUCCESS(Status))
133 goto done;
134
138 AdministratorsSid);
140 if (!NT_SUCCESS(Status))
141 goto done;
142
143 /* Set the DACL */
145 TRUE,
146 Dacl,
147 FALSE);
149 if (!NT_SUCCESS(Status))
150 goto done;
151
152 /* allocate and create the SACL */
153 SaclSize = sizeof(ACL) +
154 2 * sizeof(ACE) +
155 RtlLengthSid(EveryoneSid) +
156 RtlLengthSid(AnonymousSid);
157
158 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
160 DaclSize);
161 if (Sacl == NULL)
162 {
165 goto done;
166 }
167
169 SaclSize,
172 if (!NT_SUCCESS(Status))
173 goto done;
174
180 EveryoneSid,
181 TRUE,
182 TRUE);
184 if (!NT_SUCCESS(Status))
185 goto done;
186
190 AnonymousSid,
191 TRUE,
192 TRUE);
194 if (!NT_SUCCESS(Status))
195 goto done;
196
197 /* Set the SACL */
199 TRUE,
200 Sacl,
201 FALSE);
203 if (!NT_SUCCESS(Status))
204 goto done;
205
206 /* Set the owner SID */
208 AdministratorsSid,
209 FALSE);
211 if (!NT_SUCCESS(Status))
212 goto done;
213
214 /* Set the group SID */
216 AdministratorsSid,
217 FALSE);
219 if (!NT_SUCCESS(Status))
220 goto done;
221
222 /* Get the reqired buffer size for the self-relative SD */
224 NULL,
225 &RelSDSize);
227 goto done;
228
229 /* Allocate a buffer for the self-relative SD */
230 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
232 RelSDSize);
233 if (RelSD == NULL)
234 {
237 goto done;
238 }
239
240 /* Convert the absolute SD to self-relative format */
242 RelSD,
243 &RelSDSize);
245 {
247 goto done;
248 }
249
250 *ServerSd = RelSD;
251 *Size = RelSDSize;
252
253done:
254 if (!NT_SUCCESS(Status))
255 {
256 if (RelSD != NULL)
257 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
258 }
259
260 if (EveryoneSid != NULL)
261 RtlFreeSid(EveryoneSid);
262
263 if (AnonymousSid != NULL)
264 RtlFreeSid(AnonymousSid);
265
266 if (AdministratorsSid != NULL)
267 RtlFreeSid(AdministratorsSid);
268
269 if (Dacl != NULL)
270 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
271
272 if (Sacl != NULL)
273 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
274
275 if (AbsSD != NULL)
276 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
277
278 return Status;
279}
280
281
285{
288 PSID EveryoneSid = NULL;
289 PSID AnonymousSid = NULL;
290 PSID AdministratorsSid = NULL;
291 PACL Dacl = NULL;
292 PACL Sacl = NULL;
295 ULONG RelSDSize = 0;
297
298
299 /* Create the Everyone SID */
301 1,
303 0,
304 0,
305 0,
306 0,
307 0,
308 0,
309 0,
310 &EveryoneSid);
312 if (!NT_SUCCESS(Status))
313 goto done;
314
315 /* Create the Anonymous SID */
317 1,
319 0,
320 0,
321 0,
322 0,
323 0,
324 0,
325 0,
326 &AnonymousSid);
328 if (!NT_SUCCESS(Status))
329 goto done;
330
331 /* Create the Administrators SID */
333 2,
336 0,
337 0,
338 0,
339 0,
340 0,
341 0,
342 &AdministratorsSid);
344 if (!NT_SUCCESS(Status))
345 goto done;
346
347
348 /* Allocate a buffer for the absolute SD */
349 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
351 sizeof(SECURITY_DESCRIPTOR));
352 if (AbsSD == NULL)
353 {
356 goto done;
357 }
358
359 /* Create the absolute SD */
363 if (!NT_SUCCESS(Status))
364 goto done;
365
366 /* allocate and create the DACL */
367 DaclSize = sizeof(ACL) +
368 2 * sizeof(ACE) +
369 RtlLengthSid(EveryoneSid) +
370 RtlLengthSid(AdministratorsSid);
371
372 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
374 DaclSize);
375 if (Dacl == NULL)
376 {
379 goto done;
380 }
381
383 DaclSize,
386 if (!NT_SUCCESS(Status))
387 goto done;
388
392 EveryoneSid);
394 if (!NT_SUCCESS(Status))
395 goto done;
396
400 AdministratorsSid);
402 if (!NT_SUCCESS(Status))
403 goto done;
404
405 /* Set the DACL */
407 TRUE,
408 Dacl,
409 FALSE);
411 if (!NT_SUCCESS(Status))
412 goto done;
413
414 /* allocate and create the SACL */
415 SaclSize = sizeof(ACL) +
416 2 * sizeof(ACE) +
417 RtlLengthSid(EveryoneSid) +
418 RtlLengthSid(AnonymousSid);
419
420 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
422 DaclSize);
423 if (Sacl == NULL)
424 {
427 goto done;
428 }
429
431 SaclSize,
434 if (!NT_SUCCESS(Status))
435 goto done;
436
442 EveryoneSid,
443 TRUE,
444 TRUE);
446 if (!NT_SUCCESS(Status))
447 goto done;
448
452 AnonymousSid,
453 TRUE,
454 TRUE);
456 if (!NT_SUCCESS(Status))
457 goto done;
458
459 /* Set the SACL */
461 TRUE,
462 Sacl,
463 FALSE);
465 if (!NT_SUCCESS(Status))
466 goto done;
467
468 /* Set the owner SID */
470 AdministratorsSid,
471 FALSE);
473 if (!NT_SUCCESS(Status))
474 goto done;
475
476 /* Set the group SID */
478 AdministratorsSid,
479 FALSE);
481 if (!NT_SUCCESS(Status))
482 goto done;
483
484 /* Get the reqired buffer size for the self-relative SD */
486 NULL,
487 &RelSDSize);
489 goto done;
490
491 /* Allocate a buffer for the self-relative SD */
492 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
494 RelSDSize);
495 if (RelSD == NULL)
496 {
499 goto done;
500 }
501
502 /* Convert the absolute SD to self-relative format */
504 RelSD,
505 &RelSDSize);
507 {
509 goto done;
510 }
511
512 *ServerSd = RelSD;
513 *Size = RelSDSize;
514
515done:
516 if (!NT_SUCCESS(Status))
517 {
518 if (RelSD != NULL)
519 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
520 }
521
522 if (EveryoneSid != NULL)
523 RtlFreeSid(EveryoneSid);
524
525 if (AnonymousSid != NULL)
526 RtlFreeSid(AnonymousSid);
527
528 if (AdministratorsSid != NULL)
529 RtlFreeSid(AdministratorsSid);
530
531 if (Dacl != NULL)
532 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
533
534 if (Sacl != NULL)
535 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
536
537 if (AbsSD != NULL)
538 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
539
540 return Status;
541}
542
543
547{
550 PSID EveryoneSid = NULL;
551 PSID AnonymousSid = NULL;
552 PSID AdministratorsSid = NULL;
553 PSID UsersSid = NULL;
554 PSID GuestsSid = NULL;
555 PACL Dacl = NULL;
556 PACL Sacl = NULL;
559 ULONG RelSDSize = 0;
561
562
563 /* Create the Everyone SID */
565 1,
567 0,
568 0,
569 0,
570 0,
571 0,
572 0,
573 0,
574 &EveryoneSid);
576 if (!NT_SUCCESS(Status))
577 goto done;
578
579 /* Create the Anonymous SID */
581 1,
583 0,
584 0,
585 0,
586 0,
587 0,
588 0,
589 0,
590 &AnonymousSid);
592 if (!NT_SUCCESS(Status))
593 goto done;
594
595 /* Create the Administrators SID */
597 2,
600 0,
601 0,
602 0,
603 0,
604 0,
605 0,
606 &AdministratorsSid);
608 if (!NT_SUCCESS(Status))
609 goto done;
610
611 /* Create the Users SID */
613 2,
616 0,
617 0,
618 0,
619 0,
620 0,
621 0,
622 &UsersSid);
624 if (!NT_SUCCESS(Status))
625 goto done;
626
627 /* Create the Guests SID */
629 2,
632 0,
633 0,
634 0,
635 0,
636 0,
637 0,
638 &GuestsSid);
640 if (!NT_SUCCESS(Status))
641 goto done;
642
643
644 /* Allocate a buffer for the absolute SD */
645 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
647 sizeof(SECURITY_DESCRIPTOR));
648 if (AbsSD == NULL)
649 {
652 goto done;
653 }
654
655 /* Create the absolute SD */
659 if (!NT_SUCCESS(Status))
660 goto done;
661
662 /* allocate and create the DACL */
663 DaclSize = sizeof(ACL) +
664 4 * sizeof(ACE) +
665 RtlLengthSid(EveryoneSid) +
666 RtlLengthSid(AdministratorsSid) +
667 RtlLengthSid(UsersSid) +
668 RtlLengthSid(GuestsSid);
669
670 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
672 DaclSize);
673 if (Dacl == NULL)
674 {
677 goto done;
678 }
679
681 DaclSize,
684 if (!NT_SUCCESS(Status))
685 goto done;
686
690 EveryoneSid);
692 if (!NT_SUCCESS(Status))
693 goto done;
694
698 UsersSid);
700 if (!NT_SUCCESS(Status))
701 goto done;
702
706 AdministratorsSid);
708 if (!NT_SUCCESS(Status))
709 goto done;
710
714 GuestsSid);
716 if (!NT_SUCCESS(Status))
717 goto done;
718
719 /* Set the DACL */
721 TRUE,
722 Dacl,
723 FALSE);
725 if (!NT_SUCCESS(Status))
726 goto done;
727
728 /* allocate and create the SACL */
729 SaclSize = sizeof(ACL) +
730 2 * sizeof(ACE) +
731 RtlLengthSid(EveryoneSid) +
732 RtlLengthSid(AnonymousSid);
733
734 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
736 DaclSize);
737 if (Sacl == NULL)
738 {
741 goto done;
742 }
743
745 SaclSize,
748 if (!NT_SUCCESS(Status))
749 goto done;
750
756 EveryoneSid,
757 TRUE,
758 TRUE);
760 if (!NT_SUCCESS(Status))
761 goto done;
762
766 AnonymousSid,
767 TRUE,
768 TRUE);
770 if (!NT_SUCCESS(Status))
771 goto done;
772
773 /* Set the SACL */
775 TRUE,
776 Sacl,
777 FALSE);
779 if (!NT_SUCCESS(Status))
780 goto done;
781
782 /* Set the owner SID */
784 AdministratorsSid,
785 FALSE);
787 if (!NT_SUCCESS(Status))
788 goto done;
789
790 /* Set the group SID */
792 AdministratorsSid,
793 FALSE);
795 if (!NT_SUCCESS(Status))
796 goto done;
797
798 /* Get the reqired buffer size for the self-relative SD */
800 NULL,
801 &RelSDSize);
803 goto done;
804
805 /* Allocate a buffer for the self-relative SD */
806 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
808 RelSDSize);
809 if (RelSD == NULL)
810 {
813 goto done;
814 }
815
816 /* Convert the absolute SD to self-relative format */
818 RelSD,
819 &RelSDSize);
821 {
823 goto done;
824 }
825
826 *ServerSd = RelSD;
827 *Size = RelSDSize;
828
829done:
830 if (!NT_SUCCESS(Status))
831 {
832 if (RelSD != NULL)
833 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
834 }
835
836 if (EveryoneSid != NULL)
837 RtlFreeSid(EveryoneSid);
838
839 if (AnonymousSid != NULL)
840 RtlFreeSid(AnonymousSid);
841
842 if (AdministratorsSid != NULL)
843 RtlFreeSid(AdministratorsSid);
844
845 if (Dacl != NULL)
846 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
847
848 if (Sacl != NULL)
849 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
850
851 if (AbsSD != NULL)
852 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
853
854 return Status;
855}
856
857
861{
864 PSID EveryoneSid = NULL;
865 PSID AnonymousSid = NULL;
866 PSID AdministratorsSid = NULL;
867 PSID AccountOperatorsSid = NULL;
868 PACL Dacl = NULL;
869 PACL Sacl = NULL;
872 ULONG RelSDSize = 0;
874
875
876 /* Create the Everyone SID */
878 1,
880 0,
881 0,
882 0,
883 0,
884 0,
885 0,
886 0,
887 &EveryoneSid);
889 if (!NT_SUCCESS(Status))
890 goto done;
891
892 /* Create the Anonymous SID */
894 1,
896 0,
897 0,
898 0,
899 0,
900 0,
901 0,
902 0,
903 &AnonymousSid);
905 if (!NT_SUCCESS(Status))
906 goto done;
907
908 /* Create the Administrators SID */
910 2,
913 0,
914 0,
915 0,
916 0,
917 0,
918 0,
919 &AdministratorsSid);
921 if (!NT_SUCCESS(Status))
922 goto done;
923
924 /* Create the Account Operators SID */
926 2,
929 0,
930 0,
931 0,
932 0,
933 0,
934 0,
935 &AccountOperatorsSid);
937 if (!NT_SUCCESS(Status))
938 goto done;
939
940 /* Allocate a buffer for the absolute SD */
941 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
943 sizeof(SECURITY_DESCRIPTOR));
944 if (AbsSD == NULL)
945 {
948 goto done;
949 }
950
951 /* Create the absolute SD */
955 if (!NT_SUCCESS(Status))
956 goto done;
957
958 /* allocate and create the DACL */
959 DaclSize = sizeof(ACL) +
960 3 * sizeof(ACE) +
961 RtlLengthSid(EveryoneSid) +
962 RtlLengthSid(AdministratorsSid) +
963 RtlLengthSid(AccountOperatorsSid);
964
965 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
967 DaclSize);
968 if (Dacl == NULL)
969 {
972 goto done;
973 }
974
976 DaclSize,
979 if (!NT_SUCCESS(Status))
980 goto done;
981
985 EveryoneSid);
987 if (!NT_SUCCESS(Status))
988 goto done;
989
993 AdministratorsSid);
995 if (!NT_SUCCESS(Status))
996 goto done;
997
1001 AccountOperatorsSid);
1003 if (!NT_SUCCESS(Status))
1004 goto done;
1005
1006 /* Set the DACL */
1008 TRUE,
1009 Dacl,
1010 FALSE);
1012 if (!NT_SUCCESS(Status))
1013 goto done;
1014
1015 /* allocate and create the SACL */
1016 SaclSize = sizeof(ACL) +
1017 2 * sizeof(ACE) +
1018 RtlLengthSid(EveryoneSid) +
1019 RtlLengthSid(AnonymousSid);
1020
1021 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1023 DaclSize);
1024 if (Sacl == NULL)
1025 {
1028 goto done;
1029 }
1030
1032 SaclSize,
1033 ACL_REVISION);
1035 if (!NT_SUCCESS(Status))
1036 goto done;
1037
1043 EveryoneSid,
1044 TRUE,
1045 TRUE);
1047 if (!NT_SUCCESS(Status))
1048 goto done;
1049
1053 AnonymousSid,
1054 TRUE,
1055 TRUE);
1057 if (!NT_SUCCESS(Status))
1058 goto done;
1059
1060 /* Set the SACL */
1062 TRUE,
1063 Sacl,
1064 FALSE);
1066 if (!NT_SUCCESS(Status))
1067 goto done;
1068
1069 /* Set the owner SID */
1071 AdministratorsSid,
1072 FALSE);
1074 if (!NT_SUCCESS(Status))
1075 goto done;
1076
1077 /* Set the group SID */
1079 AdministratorsSid,
1080 FALSE);
1082 if (!NT_SUCCESS(Status))
1083 goto done;
1084
1085 /* Get the reqired buffer size for the self-relative SD */
1087 NULL,
1088 &RelSDSize);
1090 goto done;
1091
1092 /* Allocate a buffer for the self-relative SD */
1093 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1095 RelSDSize);
1096 if (RelSD == NULL)
1097 {
1100 goto done;
1101 }
1102
1103 /* Convert the absolute SD to self-relative format */
1105 RelSD,
1106 &RelSDSize);
1108 {
1110 goto done;
1111 }
1112
1113 *AliasSd = RelSD;
1114 *Size = RelSDSize;
1115
1116done:
1117 if (!NT_SUCCESS(Status))
1118 {
1119 if (RelSD != NULL)
1120 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1121 }
1122
1123 if (EveryoneSid != NULL)
1124 RtlFreeSid(EveryoneSid);
1125
1126 if (AnonymousSid != NULL)
1127 RtlFreeSid(AnonymousSid);
1128
1129 if (AdministratorsSid != NULL)
1130 RtlFreeSid(AdministratorsSid);
1131
1132 if (Dacl != NULL)
1133 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1134
1135 if (Sacl != NULL)
1136 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1137
1138 if (AbsSD != NULL)
1139 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1140
1141 return Status;
1142}
1143
1144
1147 OUT PULONG Size)
1148{
1149 PSECURITY_DESCRIPTOR AbsSD = NULL;
1150 PSECURITY_DESCRIPTOR RelSD = NULL;
1151 PSID EveryoneSid = NULL;
1152 PSID AnonymousSid = NULL;
1153 PSID AdministratorsSid = NULL;
1154 PSID AccountOperatorsSid = NULL;
1155 PACL Dacl = NULL;
1156 PACL Sacl = NULL;
1159 ULONG RelSDSize = 0;
1161
1162
1163 /* Create the Everyone SID */
1165 1,
1167 0,
1168 0,
1169 0,
1170 0,
1171 0,
1172 0,
1173 0,
1174 &EveryoneSid);
1176 if (!NT_SUCCESS(Status))
1177 goto done;
1178
1179 /* Create the Anonymous SID */
1181 1,
1183 0,
1184 0,
1185 0,
1186 0,
1187 0,
1188 0,
1189 0,
1190 &AnonymousSid);
1192 if (!NT_SUCCESS(Status))
1193 goto done;
1194
1195 /* Create the Administrators SID */
1197 2,
1200 0,
1201 0,
1202 0,
1203 0,
1204 0,
1205 0,
1206 &AdministratorsSid);
1208 if (!NT_SUCCESS(Status))
1209 goto done;
1210
1211 /* Create the Account Operators SID */
1213 2,
1216 0,
1217 0,
1218 0,
1219 0,
1220 0,
1221 0,
1222 &AccountOperatorsSid);
1224 if (!NT_SUCCESS(Status))
1225 goto done;
1226
1227 /* Allocate a buffer for the absolute SD */
1228 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1230 sizeof(SECURITY_DESCRIPTOR));
1231 if (AbsSD == NULL)
1232 {
1235 goto done;
1236 }
1237
1238 /* Create the absolute SD */
1242 if (!NT_SUCCESS(Status))
1243 goto done;
1244
1245 /* allocate and create the DACL */
1246 DaclSize = sizeof(ACL) +
1247 3 * sizeof(ACE) +
1248 RtlLengthSid(EveryoneSid) +
1249 RtlLengthSid(AdministratorsSid) +
1250 RtlLengthSid(AccountOperatorsSid);
1251
1252 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1254 DaclSize);
1255 if (Dacl == NULL)
1256 {
1259 goto done;
1260 }
1261
1263 DaclSize,
1264 ACL_REVISION);
1266 if (!NT_SUCCESS(Status))
1267 goto done;
1268
1272 EveryoneSid);
1274 if (!NT_SUCCESS(Status))
1275 goto done;
1276
1280 AdministratorsSid);
1282 if (!NT_SUCCESS(Status))
1283 goto done;
1284
1288 AccountOperatorsSid);
1290 if (!NT_SUCCESS(Status))
1291 goto done;
1292
1293 /* Set the DACL */
1295 TRUE,
1296 Dacl,
1297 FALSE);
1299 if (!NT_SUCCESS(Status))
1300 goto done;
1301
1302 /* allocate and create the SACL */
1303 SaclSize = sizeof(ACL) +
1304 2 * sizeof(ACE) +
1305 RtlLengthSid(EveryoneSid) +
1306 RtlLengthSid(AnonymousSid);
1307
1308 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1310 DaclSize);
1311 if (Sacl == NULL)
1312 {
1315 goto done;
1316 }
1317
1319 SaclSize,
1320 ACL_REVISION);
1322 if (!NT_SUCCESS(Status))
1323 goto done;
1324
1330 EveryoneSid,
1331 TRUE,
1332 TRUE);
1334 if (!NT_SUCCESS(Status))
1335 goto done;
1336
1340 AnonymousSid,
1341 TRUE,
1342 TRUE);
1344 if (!NT_SUCCESS(Status))
1345 goto done;
1346
1347 /* Set the SACL */
1349 TRUE,
1350 Sacl,
1351 FALSE);
1353 if (!NT_SUCCESS(Status))
1354 goto done;
1355
1356 /* Set the owner SID */
1358 AdministratorsSid,
1359 FALSE);
1361 if (!NT_SUCCESS(Status))
1362 goto done;
1363
1364 /* Set the group SID */
1366 AdministratorsSid,
1367 FALSE);
1369 if (!NT_SUCCESS(Status))
1370 goto done;
1371
1372 /* Get the reqired buffer size for the self-relative SD */
1374 NULL,
1375 &RelSDSize);
1377 goto done;
1378
1379 /* Allocate a buffer for the self-relative SD */
1380 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1382 RelSDSize);
1383 if (RelSD == NULL)
1384 {
1387 goto done;
1388 }
1389
1390 /* Convert the absolute SD to self-relative format */
1392 RelSD,
1393 &RelSDSize);
1395 {
1397 goto done;
1398 }
1399
1400 *GroupSd = RelSD;
1401 *Size = RelSDSize;
1402
1403done:
1404 if (!NT_SUCCESS(Status))
1405 {
1406 if (RelSD != NULL)
1407 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1408 }
1409
1410 if (EveryoneSid != NULL)
1411 RtlFreeSid(EveryoneSid);
1412
1413 if (AnonymousSid != NULL)
1414 RtlFreeSid(AnonymousSid);
1415
1416 if (AdministratorsSid != NULL)
1417 RtlFreeSid(AdministratorsSid);
1418
1419 if (Dacl != NULL)
1420 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1421
1422 if (Sacl != NULL)
1423 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1424
1425 if (AbsSD != NULL)
1426 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1427
1428 return Status;
1429}
1430
1431
1434 OUT PSECURITY_DESCRIPTOR *UserSd,
1435 OUT PULONG Size)
1436{
1437 PSECURITY_DESCRIPTOR AbsSD = NULL;
1438 PSECURITY_DESCRIPTOR RelSD = NULL;
1439 PSID EveryoneSid = NULL;
1440 PSID AnonymousSid = NULL;
1441 PSID AdministratorsSid = NULL;
1442 PACL Dacl = NULL;
1443 PACL Sacl = NULL;
1446 ULONG RelSDSize = 0;
1448
1449
1450 /* Create the Everyone SID */
1452 1,
1454 0,
1455 0,
1456 0,
1457 0,
1458 0,
1459 0,
1460 0,
1461 &EveryoneSid);
1463 if (!NT_SUCCESS(Status))
1464 goto done;
1465
1466 /* Create the Anonymous SID */
1468 1,
1470 0,
1471 0,
1472 0,
1473 0,
1474 0,
1475 0,
1476 0,
1477 &AnonymousSid);
1479 if (!NT_SUCCESS(Status))
1480 goto done;
1481
1482 /* Create the Administrators SID */
1484 2,
1487 0,
1488 0,
1489 0,
1490 0,
1491 0,
1492 0,
1493 &AdministratorsSid);
1495 if (!NT_SUCCESS(Status))
1496 goto done;
1497
1498 /* Allocate a buffer for the absolute SD */
1499 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1501 sizeof(SECURITY_DESCRIPTOR));
1502 if (AbsSD == NULL)
1503 {
1506 goto done;
1507 }
1508
1509 /* Create the absolute SD */
1513 if (!NT_SUCCESS(Status))
1514 goto done;
1515
1516 /* allocate and create the DACL */
1517 DaclSize = sizeof(ACL) +
1518 3 * sizeof(ACE) +
1519 RtlLengthSid(EveryoneSid) +
1520 RtlLengthSid(AdministratorsSid) +
1521 RtlLengthSid(UserSid);
1522
1523 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1525 DaclSize);
1526 if (Dacl == NULL)
1527 {
1530 goto done;
1531 }
1532
1534 DaclSize,
1535 ACL_REVISION);
1537 if (!NT_SUCCESS(Status))
1538 goto done;
1539
1545 EveryoneSid);
1547 if (!NT_SUCCESS(Status))
1548 goto done;
1549
1553 AdministratorsSid);
1555 if (!NT_SUCCESS(Status))
1556 goto done;
1557
1561 UserSid);
1563 if (!NT_SUCCESS(Status))
1564 goto done;
1565
1566 /* Set the DACL */
1568 TRUE,
1569 Dacl,
1570 FALSE);
1572 if (!NT_SUCCESS(Status))
1573 goto done;
1574
1575 /* allocate and create the SACL */
1576 SaclSize = sizeof(ACL) +
1577 2 * sizeof(ACE) +
1578 RtlLengthSid(EveryoneSid) +
1579 RtlLengthSid(AnonymousSid);
1580
1581 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1583 DaclSize);
1584 if (Sacl == NULL)
1585 {
1588 goto done;
1589 }
1590
1592 SaclSize,
1593 ACL_REVISION);
1595 if (!NT_SUCCESS(Status))
1596 goto done;
1597
1602 EveryoneSid,
1603 TRUE,
1604 TRUE);
1606 if (!NT_SUCCESS(Status))
1607 goto done;
1608
1612 AnonymousSid,
1613 TRUE,
1614 TRUE);
1616 if (!NT_SUCCESS(Status))
1617 goto done;
1618
1619 /* Set the SACL */
1621 TRUE,
1622 Sacl,
1623 FALSE);
1625 if (!NT_SUCCESS(Status))
1626 goto done;
1627
1628 /* Set the owner SID */
1630 AdministratorsSid,
1631 FALSE);
1633 if (!NT_SUCCESS(Status))
1634 goto done;
1635
1636 /* Set the group SID */
1638 AdministratorsSid,
1639 FALSE);
1641 if (!NT_SUCCESS(Status))
1642 goto done;
1643
1644 /* Get the reqired buffer size for the self-relative SD */
1646 NULL,
1647 &RelSDSize);
1649 goto done;
1650
1651 /* Allocate a buffer for the self-relative SD */
1652 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1654 RelSDSize);
1655 if (RelSD == NULL)
1656 {
1659 goto done;
1660 }
1661
1662 /* Convert the absolute SD to self-relative format */
1664 RelSD,
1665 &RelSDSize);
1667 {
1669 goto done;
1670 }
1671
1672 *UserSd = RelSD;
1673 *Size = RelSDSize;
1674
1675done:
1676 if (!NT_SUCCESS(Status))
1677 {
1678 if (RelSD != NULL)
1679 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1680 }
1681
1682 if (EveryoneSid != NULL)
1683 RtlFreeSid(EveryoneSid);
1684
1685 if (AnonymousSid != NULL)
1686 RtlFreeSid(AnonymousSid);
1687
1688 if (AdministratorsSid != NULL)
1689 RtlFreeSid(AdministratorsSid);
1690
1691 if (Dacl != NULL)
1692 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1693
1694 if (Sacl != NULL)
1695 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1696
1697 if (AbsSD != NULL)
1698 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1699
1700 return Status;
1701}
1702
1703/* EOF */
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:40
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
NTSTATUS SampCreateBuiltinDomainSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:283
NTSTATUS SampCreateGroupSD(OUT PSECURITY_DESCRIPTOR *GroupSd, OUT PULONG Size)
Definition: security.c:1146
NTSTATUS SampCreateServerSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:21
NTSTATUS SampCreateAliasSD(OUT PSECURITY_DESCRIPTOR *AliasSd, OUT PULONG Size)
Definition: security.c:859
NTSTATUS SampCreateUserSD(IN PSID UserSid, OUT PSECURITY_DESCRIPTOR *UserSd, OUT PULONG Size)
Definition: security.c:1433
NTSTATUS SampCreateAccountDomainSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:545
Status
Definition: gdiplustypes.h:25
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define ASSERT(a)
Definition: mode.c:44
struct _ACL ACL
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1596
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1594
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define WRITE_DAC
Definition: nt_native.h:59
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define DELETE
Definition: nt_native.h:57
#define READ_CONTROL
Definition: nt_native.h:58
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
#define USER_READ_GENERAL
Definition: ntsam.h:126
#define SAM_SERVER_READ
Definition: ntsam.h:106
#define USER_READ_LOGON
Definition: ntsam.h:129
#define GROUP_ALL_ACCESS
Definition: ntsam.h:92
#define SAM_SERVER_EXECUTE
Definition: ntsam.h:114
#define GROUP_READ_INFORMATION
Definition: ntsam.h:75
#define GROUP_ADD_MEMBER
Definition: ntsam.h:77
#define DOMAIN_ALL_ACCESS
Definition: ntsam.h:62
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
#define DOMAIN_CREATE_GROUP
Definition: ntsam.h:38
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define DOMAIN_CREATE_ALIAS
Definition: ntsam.h:39
#define DOMAIN_EXECUTE
Definition: ntsam.h:57
#define ALIAS_WRITE_ACCOUNT
Definition: ntsam.h:13
#define ALIAS_LIST_MEMBERS
Definition: ntsam.h:11
#define USER_LIST_GROUPS
Definition: ntsam.h:134
#define GROUP_LIST_MEMBERS
Definition: ntsam.h:79
#define ALIAS_READ_INFORMATION
Definition: ntsam.h:12
#define USER_WRITE_PREFERENCES
Definition: ntsam.h:128
#define USER_ALL_ACCESS
Definition: ntsam.h:153
#define GROUP_WRITE_ACCOUNT
Definition: ntsam.h:76
#define GROUP_REMOVE_MEMBER
Definition: ntsam.h:78
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132
#define ALIAS_REMOVE_MEMBER
Definition: ntsam.h:10
#define DOMAIN_CREATE_USER
Definition: ntsam.h:37
#define USER_READ_GROUP_INFORMATION
Definition: ntsam.h:135
#define DOMAIN_READ
Definition: ntsam.h:45
#define SAM_SERVER_ALL_ACCESS
Definition: ntsam.h:118
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
#define ALIAS_ALL_ACCESS
Definition: ntsam.h:26
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
#define ALIAS_ADD_MEMBER
Definition: ntsam.h:9
#define STATUS_SUCCESS
Definition: shellext.h:65
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
Definition: rtltypes.h:993
uint32_t * PULONG
Definition: typedefs.h:59
#define IN
Definition: typedefs.h:39
uint32_t ULONG
Definition: typedefs.h:59
#define OUT
Definition: typedefs.h:40
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:653
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:527
#define SECURITY_WORLD_RID
Definition: setypes.h:541
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define ACL_REVISION
Definition: setypes.h:39
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652