ReactOS  0.4.14-dev-552-g2fad488
security.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: Security Account Manager (SAM) Server
4  * FILE: reactos/dll/win32/samsrv/security.c
5  * PURPOSE: Security descriptor functions
6  *
7  * PROGRAMMERS: Eric Kohl
8  */
9 
10 #include "samsrv.h"
11 
12 /* GLOBALS *****************************************************************/
13 
16 
17 
18 /* FUNCTIONS ***************************************************************/
19 
22  OUT PULONG Size)
23 {
24  PSECURITY_DESCRIPTOR AbsSD = NULL;
25  PSECURITY_DESCRIPTOR RelSD = NULL;
26  PSID EveryoneSid = NULL;
27  PSID AnonymousSid = NULL;
28  PSID AdministratorsSid = NULL;
29  PACL Dacl = NULL;
30  PACL Sacl = NULL;
33  ULONG RelSDSize = 0;
35 
36 
37  /* Create the Everyone SID */
39  1,
41  0,
42  0,
43  0,
44  0,
45  0,
46  0,
47  0,
48  &EveryoneSid);
50  if (!NT_SUCCESS(Status))
51  goto done;
52 
53  /* Create the Anonymous SID */
55  1,
57  0,
58  0,
59  0,
60  0,
61  0,
62  0,
63  0,
64  &AnonymousSid);
66  if (!NT_SUCCESS(Status))
67  goto done;
68 
69  /* Create the Administrators SID */
71  2,
74  0,
75  0,
76  0,
77  0,
78  0,
79  0,
80  &AdministratorsSid);
82  if (!NT_SUCCESS(Status))
83  goto done;
84 
85 
86  /* Allocate a buffer for the absolute SD */
87  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
89  sizeof(SECURITY_DESCRIPTOR));
90  if (AbsSD == NULL)
91  {
94  goto done;
95  }
96 
97  /* Create the absolute SD */
101  if (!NT_SUCCESS(Status))
102  goto done;
103 
104  /* allocate and create the DACL */
105  DaclSize = sizeof(ACL) +
106  2 * sizeof(ACE) +
107  RtlLengthSid(EveryoneSid) +
108  RtlLengthSid(AdministratorsSid);
109 
110  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
112  DaclSize);
113  if (Dacl == NULL)
114  {
117  goto done;
118  }
119 
121  DaclSize,
122  ACL_REVISION);
124  if (!NT_SUCCESS(Status))
125  goto done;
126 
128  ACL_REVISION,
130  EveryoneSid);
132  if (!NT_SUCCESS(Status))
133  goto done;
134 
136  ACL_REVISION,
138  AdministratorsSid);
140  if (!NT_SUCCESS(Status))
141  goto done;
142 
143  /* Set the DACL */
145  TRUE,
146  Dacl,
147  FALSE);
149  if (!NT_SUCCESS(Status))
150  goto done;
151 
152  /* allocate and create the SACL */
153  SaclSize = sizeof(ACL) +
154  2 * sizeof(ACE) +
155  RtlLengthSid(EveryoneSid) +
156  RtlLengthSid(AnonymousSid);
157 
158  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
160  DaclSize);
161  if (Sacl == NULL)
162  {
165  goto done;
166  }
167 
169  SaclSize,
170  ACL_REVISION);
172  if (!NT_SUCCESS(Status))
173  goto done;
174 
176  ACL_REVISION,
180  EveryoneSid,
181  TRUE,
182  TRUE);
184  if (!NT_SUCCESS(Status))
185  goto done;
186 
188  ACL_REVISION,
190  AnonymousSid,
191  TRUE,
192  TRUE);
194  if (!NT_SUCCESS(Status))
195  goto done;
196 
197  /* Set the SACL */
199  TRUE,
200  Sacl,
201  FALSE);
203  if (!NT_SUCCESS(Status))
204  goto done;
205 
206  /* Set the owner SID */
208  AdministratorsSid,
209  FALSE);
211  if (!NT_SUCCESS(Status))
212  goto done;
213 
214  /* Set the group SID */
216  AdministratorsSid,
217  FALSE);
219  if (!NT_SUCCESS(Status))
220  goto done;
221 
222  /* Get the reqired buffer size for the self-relative SD */
224  NULL,
225  &RelSDSize);
227  goto done;
228 
229  /* Allocate a buffer for the self-relative SD */
230  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
232  RelSDSize);
233  if (RelSD == NULL)
234  {
237  goto done;
238  }
239 
240  /* Convert the absolute SD to self-relative format */
242  RelSD,
243  &RelSDSize);
245  {
247  goto done;
248  }
249 
250  *ServerSd = RelSD;
251  *Size = RelSDSize;
252 
253 done:
254  if (!NT_SUCCESS(Status))
255  {
256  if (RelSD != NULL)
257  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
258  }
259 
260  if (EveryoneSid != NULL)
261  RtlFreeSid(EveryoneSid);
262 
263  if (AnonymousSid != NULL)
264  RtlFreeSid(AnonymousSid);
265 
266  if (AdministratorsSid != NULL)
267  RtlFreeSid(AdministratorsSid);
268 
269  if (Dacl != NULL)
270  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
271 
272  if (Sacl != NULL)
273  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
274 
275  if (AbsSD != NULL)
276  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
277 
278  return Status;
279 }
280 
281 
282 NTSTATUS
284  OUT PULONG Size)
285 {
286  PSECURITY_DESCRIPTOR AbsSD = NULL;
287  PSECURITY_DESCRIPTOR RelSD = NULL;
288  PSID EveryoneSid = NULL;
289  PSID AnonymousSid = NULL;
290  PSID AdministratorsSid = NULL;
291  PACL Dacl = NULL;
292  PACL Sacl = NULL;
293  ULONG DaclSize;
294  ULONG SaclSize;
295  ULONG RelSDSize = 0;
297 
298 
299  /* Create the Everyone SID */
301  1,
303  0,
304  0,
305  0,
306  0,
307  0,
308  0,
309  0,
310  &EveryoneSid);
312  if (!NT_SUCCESS(Status))
313  goto done;
314 
315  /* Create the Anonymous SID */
317  1,
319  0,
320  0,
321  0,
322  0,
323  0,
324  0,
325  0,
326  &AnonymousSid);
328  if (!NT_SUCCESS(Status))
329  goto done;
330 
331  /* Create the Administrators SID */
333  2,
336  0,
337  0,
338  0,
339  0,
340  0,
341  0,
342  &AdministratorsSid);
344  if (!NT_SUCCESS(Status))
345  goto done;
346 
347 
348  /* Allocate a buffer for the absolute SD */
349  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
351  sizeof(SECURITY_DESCRIPTOR));
352  if (AbsSD == NULL)
353  {
356  goto done;
357  }
358 
359  /* Create the absolute SD */
363  if (!NT_SUCCESS(Status))
364  goto done;
365 
366  /* allocate and create the DACL */
367  DaclSize = sizeof(ACL) +
368  2 * sizeof(ACE) +
369  RtlLengthSid(EveryoneSid) +
370  RtlLengthSid(AdministratorsSid);
371 
372  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
374  DaclSize);
375  if (Dacl == NULL)
376  {
379  goto done;
380  }
381 
383  DaclSize,
384  ACL_REVISION);
386  if (!NT_SUCCESS(Status))
387  goto done;
388 
390  ACL_REVISION,
392  EveryoneSid);
394  if (!NT_SUCCESS(Status))
395  goto done;
396 
398  ACL_REVISION,
400  AdministratorsSid);
402  if (!NT_SUCCESS(Status))
403  goto done;
404 
405  /* Set the DACL */
407  TRUE,
408  Dacl,
409  FALSE);
411  if (!NT_SUCCESS(Status))
412  goto done;
413 
414  /* allocate and create the SACL */
415  SaclSize = sizeof(ACL) +
416  2 * sizeof(ACE) +
417  RtlLengthSid(EveryoneSid) +
418  RtlLengthSid(AnonymousSid);
419 
420  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
422  DaclSize);
423  if (Sacl == NULL)
424  {
427  goto done;
428  }
429 
431  SaclSize,
432  ACL_REVISION);
434  if (!NT_SUCCESS(Status))
435  goto done;
436 
438  ACL_REVISION,
442  EveryoneSid,
443  TRUE,
444  TRUE);
446  if (!NT_SUCCESS(Status))
447  goto done;
448 
450  ACL_REVISION,
452  AnonymousSid,
453  TRUE,
454  TRUE);
456  if (!NT_SUCCESS(Status))
457  goto done;
458 
459  /* Set the SACL */
461  TRUE,
462  Sacl,
463  FALSE);
465  if (!NT_SUCCESS(Status))
466  goto done;
467 
468  /* Set the owner SID */
470  AdministratorsSid,
471  FALSE);
473  if (!NT_SUCCESS(Status))
474  goto done;
475 
476  /* Set the group SID */
478  AdministratorsSid,
479  FALSE);
481  if (!NT_SUCCESS(Status))
482  goto done;
483 
484  /* Get the reqired buffer size for the self-relative SD */
486  NULL,
487  &RelSDSize);
489  goto done;
490 
491  /* Allocate a buffer for the self-relative SD */
492  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
494  RelSDSize);
495  if (RelSD == NULL)
496  {
499  goto done;
500  }
501 
502  /* Convert the absolute SD to self-relative format */
504  RelSD,
505  &RelSDSize);
507  {
509  goto done;
510  }
511 
512  *ServerSd = RelSD;
513  *Size = RelSDSize;
514 
515 done:
516  if (!NT_SUCCESS(Status))
517  {
518  if (RelSD != NULL)
519  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
520  }
521 
522  if (EveryoneSid != NULL)
523  RtlFreeSid(EveryoneSid);
524 
525  if (AnonymousSid != NULL)
526  RtlFreeSid(AnonymousSid);
527 
528  if (AdministratorsSid != NULL)
529  RtlFreeSid(AdministratorsSid);
530 
531  if (Dacl != NULL)
532  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
533 
534  if (Sacl != NULL)
535  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
536 
537  if (AbsSD != NULL)
538  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
539 
540  return Status;
541 }
542 
543 
544 NTSTATUS
546  OUT PULONG Size)
547 {
548  PSECURITY_DESCRIPTOR AbsSD = NULL;
549  PSECURITY_DESCRIPTOR RelSD = NULL;
550  PSID EveryoneSid = NULL;
551  PSID AnonymousSid = NULL;
552  PSID AdministratorsSid = NULL;
553  PSID UsersSid = NULL;
554  PSID GuestsSid = NULL;
555  PACL Dacl = NULL;
556  PACL Sacl = NULL;
557  ULONG DaclSize;
558  ULONG SaclSize;
559  ULONG RelSDSize = 0;
561 
562 
563  /* Create the Everyone SID */
565  1,
567  0,
568  0,
569  0,
570  0,
571  0,
572  0,
573  0,
574  &EveryoneSid);
576  if (!NT_SUCCESS(Status))
577  goto done;
578 
579  /* Create the Anonymous SID */
581  1,
583  0,
584  0,
585  0,
586  0,
587  0,
588  0,
589  0,
590  &AnonymousSid);
592  if (!NT_SUCCESS(Status))
593  goto done;
594 
595  /* Create the Administrators SID */
597  2,
600  0,
601  0,
602  0,
603  0,
604  0,
605  0,
606  &AdministratorsSid);
608  if (!NT_SUCCESS(Status))
609  goto done;
610 
611  /* Create the Users SID */
613  2,
616  0,
617  0,
618  0,
619  0,
620  0,
621  0,
622  &UsersSid);
624  if (!NT_SUCCESS(Status))
625  goto done;
626 
627  /* Create the Guests SID */
629  2,
632  0,
633  0,
634  0,
635  0,
636  0,
637  0,
638  &GuestsSid);
640  if (!NT_SUCCESS(Status))
641  goto done;
642 
643 
644  /* Allocate a buffer for the absolute SD */
645  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
647  sizeof(SECURITY_DESCRIPTOR));
648  if (AbsSD == NULL)
649  {
652  goto done;
653  }
654 
655  /* Create the absolute SD */
659  if (!NT_SUCCESS(Status))
660  goto done;
661 
662  /* allocate and create the DACL */
663  DaclSize = sizeof(ACL) +
664  4 * sizeof(ACE) +
665  RtlLengthSid(EveryoneSid) +
666  RtlLengthSid(AdministratorsSid) +
667  RtlLengthSid(UsersSid) +
668  RtlLengthSid(GuestsSid);
669 
670  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
672  DaclSize);
673  if (Dacl == NULL)
674  {
677  goto done;
678  }
679 
681  DaclSize,
682  ACL_REVISION);
684  if (!NT_SUCCESS(Status))
685  goto done;
686 
688  ACL_REVISION,
690  EveryoneSid);
692  if (!NT_SUCCESS(Status))
693  goto done;
694 
696  ACL_REVISION,
698  UsersSid);
700  if (!NT_SUCCESS(Status))
701  goto done;
702 
704  ACL_REVISION,
706  AdministratorsSid);
708  if (!NT_SUCCESS(Status))
709  goto done;
710 
712  ACL_REVISION,
714  GuestsSid);
716  if (!NT_SUCCESS(Status))
717  goto done;
718 
719  /* Set the DACL */
721  TRUE,
722  Dacl,
723  FALSE);
725  if (!NT_SUCCESS(Status))
726  goto done;
727 
728  /* allocate and create the SACL */
729  SaclSize = sizeof(ACL) +
730  2 * sizeof(ACE) +
731  RtlLengthSid(EveryoneSid) +
732  RtlLengthSid(AnonymousSid);
733 
734  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
736  DaclSize);
737  if (Sacl == NULL)
738  {
741  goto done;
742  }
743 
745  SaclSize,
746  ACL_REVISION);
748  if (!NT_SUCCESS(Status))
749  goto done;
750 
752  ACL_REVISION,
756  EveryoneSid,
757  TRUE,
758  TRUE);
760  if (!NT_SUCCESS(Status))
761  goto done;
762 
764  ACL_REVISION,
766  AnonymousSid,
767  TRUE,
768  TRUE);
770  if (!NT_SUCCESS(Status))
771  goto done;
772 
773  /* Set the SACL */
775  TRUE,
776  Sacl,
777  FALSE);
779  if (!NT_SUCCESS(Status))
780  goto done;
781 
782  /* Set the owner SID */
784  AdministratorsSid,
785  FALSE);
787  if (!NT_SUCCESS(Status))
788  goto done;
789 
790  /* Set the group SID */
792  AdministratorsSid,
793  FALSE);
795  if (!NT_SUCCESS(Status))
796  goto done;
797 
798  /* Get the reqired buffer size for the self-relative SD */
800  NULL,
801  &RelSDSize);
803  goto done;
804 
805  /* Allocate a buffer for the self-relative SD */
806  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
808  RelSDSize);
809  if (RelSD == NULL)
810  {
813  goto done;
814  }
815 
816  /* Convert the absolute SD to self-relative format */
818  RelSD,
819  &RelSDSize);
821  {
823  goto done;
824  }
825 
826  *ServerSd = RelSD;
827  *Size = RelSDSize;
828 
829 done:
830  if (!NT_SUCCESS(Status))
831  {
832  if (RelSD != NULL)
833  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
834  }
835 
836  if (EveryoneSid != NULL)
837  RtlFreeSid(EveryoneSid);
838 
839  if (AnonymousSid != NULL)
840  RtlFreeSid(AnonymousSid);
841 
842  if (AdministratorsSid != NULL)
843  RtlFreeSid(AdministratorsSid);
844 
845  if (Dacl != NULL)
846  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
847 
848  if (Sacl != NULL)
849  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
850 
851  if (AbsSD != NULL)
852  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
853 
854  return Status;
855 }
856 
857 
858 NTSTATUS
860  OUT PULONG Size)
861 {
862  PSECURITY_DESCRIPTOR AbsSD = NULL;
863  PSECURITY_DESCRIPTOR RelSD = NULL;
864  PSID EveryoneSid = NULL;
865  PSID AnonymousSid = NULL;
866  PSID AdministratorsSid = NULL;
867  PSID AccountOperatorsSid = NULL;
868  PACL Dacl = NULL;
869  PACL Sacl = NULL;
870  ULONG DaclSize;
871  ULONG SaclSize;
872  ULONG RelSDSize = 0;
874 
875 
876  /* Create the Everyone SID */
878  1,
880  0,
881  0,
882  0,
883  0,
884  0,
885  0,
886  0,
887  &EveryoneSid);
889  if (!NT_SUCCESS(Status))
890  goto done;
891 
892  /* Create the Anonymous SID */
894  1,
896  0,
897  0,
898  0,
899  0,
900  0,
901  0,
902  0,
903  &AnonymousSid);
905  if (!NT_SUCCESS(Status))
906  goto done;
907 
908  /* Create the Administrators SID */
910  2,
913  0,
914  0,
915  0,
916  0,
917  0,
918  0,
919  &AdministratorsSid);
921  if (!NT_SUCCESS(Status))
922  goto done;
923 
924  /* Create the Account Operators SID */
926  2,
929  0,
930  0,
931  0,
932  0,
933  0,
934  0,
935  &AccountOperatorsSid);
937  if (!NT_SUCCESS(Status))
938  goto done;
939 
940  /* Allocate a buffer for the absolute SD */
941  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
943  sizeof(SECURITY_DESCRIPTOR));
944  if (AbsSD == NULL)
945  {
948  goto done;
949  }
950 
951  /* Create the absolute SD */
955  if (!NT_SUCCESS(Status))
956  goto done;
957 
958  /* allocate and create the DACL */
959  DaclSize = sizeof(ACL) +
960  3 * sizeof(ACE) +
961  RtlLengthSid(EveryoneSid) +
962  RtlLengthSid(AdministratorsSid) +
963  RtlLengthSid(AccountOperatorsSid);
964 
965  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
967  DaclSize);
968  if (Dacl == NULL)
969  {
972  goto done;
973  }
974 
976  DaclSize,
977  ACL_REVISION);
979  if (!NT_SUCCESS(Status))
980  goto done;
981 
983  ACL_REVISION,
985  EveryoneSid);
987  if (!NT_SUCCESS(Status))
988  goto done;
989 
991  ACL_REVISION,
993  AdministratorsSid);
995  if (!NT_SUCCESS(Status))
996  goto done;
997 
999  ACL_REVISION,
1001  AccountOperatorsSid);
1003  if (!NT_SUCCESS(Status))
1004  goto done;
1005 
1006  /* Set the DACL */
1008  TRUE,
1009  Dacl,
1010  FALSE);
1012  if (!NT_SUCCESS(Status))
1013  goto done;
1014 
1015  /* allocate and create the SACL */
1016  SaclSize = sizeof(ACL) +
1017  2 * sizeof(ACE) +
1018  RtlLengthSid(EveryoneSid) +
1019  RtlLengthSid(AnonymousSid);
1020 
1021  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1023  DaclSize);
1024  if (Sacl == NULL)
1025  {
1028  goto done;
1029  }
1030 
1032  SaclSize,
1033  ACL_REVISION);
1035  if (!NT_SUCCESS(Status))
1036  goto done;
1037 
1039  ACL_REVISION,
1043  EveryoneSid,
1044  TRUE,
1045  TRUE);
1047  if (!NT_SUCCESS(Status))
1048  goto done;
1049 
1051  ACL_REVISION,
1053  AnonymousSid,
1054  TRUE,
1055  TRUE);
1057  if (!NT_SUCCESS(Status))
1058  goto done;
1059 
1060  /* Set the SACL */
1062  TRUE,
1063  Sacl,
1064  FALSE);
1066  if (!NT_SUCCESS(Status))
1067  goto done;
1068 
1069  /* Set the owner SID */
1071  AdministratorsSid,
1072  FALSE);
1074  if (!NT_SUCCESS(Status))
1075  goto done;
1076 
1077  /* Set the group SID */
1079  AdministratorsSid,
1080  FALSE);
1082  if (!NT_SUCCESS(Status))
1083  goto done;
1084 
1085  /* Get the reqired buffer size for the self-relative SD */
1087  NULL,
1088  &RelSDSize);
1090  goto done;
1091 
1092  /* Allocate a buffer for the self-relative SD */
1093  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1095  RelSDSize);
1096  if (RelSD == NULL)
1097  {
1100  goto done;
1101  }
1102 
1103  /* Convert the absolute SD to self-relative format */
1105  RelSD,
1106  &RelSDSize);
1108  {
1110  goto done;
1111  }
1112 
1113  *AliasSd = RelSD;
1114  *Size = RelSDSize;
1115 
1116 done:
1117  if (!NT_SUCCESS(Status))
1118  {
1119  if (RelSD != NULL)
1120  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1121  }
1122 
1123  if (EveryoneSid != NULL)
1124  RtlFreeSid(EveryoneSid);
1125 
1126  if (AnonymousSid != NULL)
1127  RtlFreeSid(AnonymousSid);
1128 
1129  if (AdministratorsSid != NULL)
1130  RtlFreeSid(AdministratorsSid);
1131 
1132  if (Dacl != NULL)
1133  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1134 
1135  if (Sacl != NULL)
1136  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1137 
1138  if (AbsSD != NULL)
1139  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1140 
1141  return Status;
1142 }
1143 
1144 
1145 NTSTATUS
1147  OUT PULONG Size)
1148 {
1149  PSECURITY_DESCRIPTOR AbsSD = NULL;
1150  PSECURITY_DESCRIPTOR RelSD = NULL;
1151  PSID EveryoneSid = NULL;
1152  PSID AnonymousSid = NULL;
1153  PSID AdministratorsSid = NULL;
1154  PSID AccountOperatorsSid = NULL;
1155  PACL Dacl = NULL;
1156  PACL Sacl = NULL;
1157  ULONG DaclSize;
1158  ULONG SaclSize;
1159  ULONG RelSDSize = 0;
1161 
1162 
1163  /* Create the Everyone SID */
1165  1,
1167  0,
1168  0,
1169  0,
1170  0,
1171  0,
1172  0,
1173  0,
1174  &EveryoneSid);
1176  if (!NT_SUCCESS(Status))
1177  goto done;
1178 
1179  /* Create the Anonymous SID */
1181  1,
1183  0,
1184  0,
1185  0,
1186  0,
1187  0,
1188  0,
1189  0,
1190  &AnonymousSid);
1192  if (!NT_SUCCESS(Status))
1193  goto done;
1194 
1195  /* Create the Administrators SID */
1197  2,
1200  0,
1201  0,
1202  0,
1203  0,
1204  0,
1205  0,
1206  &AdministratorsSid);
1208  if (!NT_SUCCESS(Status))
1209  goto done;
1210 
1211  /* Create the Account Operators SID */
1213  2,
1216  0,
1217  0,
1218  0,
1219  0,
1220  0,
1221  0,
1222  &AccountOperatorsSid);
1224  if (!NT_SUCCESS(Status))
1225  goto done;
1226 
1227  /* Allocate a buffer for the absolute SD */
1228  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1230  sizeof(SECURITY_DESCRIPTOR));
1231  if (AbsSD == NULL)
1232  {
1235  goto done;
1236  }
1237 
1238  /* Create the absolute SD */
1242  if (!NT_SUCCESS(Status))
1243  goto done;
1244 
1245  /* allocate and create the DACL */
1246  DaclSize = sizeof(ACL) +
1247  3 * sizeof(ACE) +
1248  RtlLengthSid(EveryoneSid) +
1249  RtlLengthSid(AdministratorsSid) +
1250  RtlLengthSid(AccountOperatorsSid);
1251 
1252  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1254  DaclSize);
1255  if (Dacl == NULL)
1256  {
1259  goto done;
1260  }
1261 
1263  DaclSize,
1264  ACL_REVISION);
1266  if (!NT_SUCCESS(Status))
1267  goto done;
1268 
1270  ACL_REVISION,
1272  EveryoneSid);
1274  if (!NT_SUCCESS(Status))
1275  goto done;
1276 
1278  ACL_REVISION,
1280  AdministratorsSid);
1282  if (!NT_SUCCESS(Status))
1283  goto done;
1284 
1286  ACL_REVISION,
1288  AccountOperatorsSid);
1290  if (!NT_SUCCESS(Status))
1291  goto done;
1292 
1293  /* Set the DACL */
1295  TRUE,
1296  Dacl,
1297  FALSE);
1299  if (!NT_SUCCESS(Status))
1300  goto done;
1301 
1302  /* allocate and create the SACL */
1303  SaclSize = sizeof(ACL) +
1304  2 * sizeof(ACE) +
1305  RtlLengthSid(EveryoneSid) +
1306  RtlLengthSid(AnonymousSid);
1307 
1308  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1310  DaclSize);
1311  if (Sacl == NULL)
1312  {
1315  goto done;
1316  }
1317 
1319  SaclSize,
1320  ACL_REVISION);
1322  if (!NT_SUCCESS(Status))
1323  goto done;
1324 
1326  ACL_REVISION,
1330  EveryoneSid,
1331  TRUE,
1332  TRUE);
1334  if (!NT_SUCCESS(Status))
1335  goto done;
1336 
1338  ACL_REVISION,
1340  AnonymousSid,
1341  TRUE,
1342  TRUE);
1344  if (!NT_SUCCESS(Status))
1345  goto done;
1346 
1347  /* Set the SACL */
1349  TRUE,
1350  Sacl,
1351  FALSE);
1353  if (!NT_SUCCESS(Status))
1354  goto done;
1355 
1356  /* Set the owner SID */
1358  AdministratorsSid,
1359  FALSE);
1361  if (!NT_SUCCESS(Status))
1362  goto done;
1363 
1364  /* Set the group SID */
1366  AdministratorsSid,
1367  FALSE);
1369  if (!NT_SUCCESS(Status))
1370  goto done;
1371 
1372  /* Get the reqired buffer size for the self-relative SD */
1374  NULL,
1375  &RelSDSize);
1377  goto done;
1378 
1379  /* Allocate a buffer for the self-relative SD */
1380  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1382  RelSDSize);
1383  if (RelSD == NULL)
1384  {
1387  goto done;
1388  }
1389 
1390  /* Convert the absolute SD to self-relative format */
1392  RelSD,
1393  &RelSDSize);
1395  {
1397  goto done;
1398  }
1399 
1400  *GroupSd = RelSD;
1401  *Size = RelSDSize;
1402 
1403 done:
1404  if (!NT_SUCCESS(Status))
1405  {
1406  if (RelSD != NULL)
1407  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1408  }
1409 
1410  if (EveryoneSid != NULL)
1411  RtlFreeSid(EveryoneSid);
1412 
1413  if (AnonymousSid != NULL)
1414  RtlFreeSid(AnonymousSid);
1415 
1416  if (AdministratorsSid != NULL)
1417  RtlFreeSid(AdministratorsSid);
1418 
1419  if (Dacl != NULL)
1420  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1421 
1422  if (Sacl != NULL)
1423  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1424 
1425  if (AbsSD != NULL)
1426  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1427 
1428  return Status;
1429 }
1430 
1431 
1432 NTSTATUS
1434  OUT PSECURITY_DESCRIPTOR *UserSd,
1435  OUT PULONG Size)
1436 {
1437  PSECURITY_DESCRIPTOR AbsSD = NULL;
1438  PSECURITY_DESCRIPTOR RelSD = NULL;
1439  PSID EveryoneSid = NULL;
1440  PSID AnonymousSid = NULL;
1441  PSID AdministratorsSid = NULL;
1442  PACL Dacl = NULL;
1443  PACL Sacl = NULL;
1444  ULONG DaclSize;
1445  ULONG SaclSize;
1446  ULONG RelSDSize = 0;
1448 
1449 
1450  /* Create the Everyone SID */
1452  1,
1454  0,
1455  0,
1456  0,
1457  0,
1458  0,
1459  0,
1460  0,
1461  &EveryoneSid);
1463  if (!NT_SUCCESS(Status))
1464  goto done;
1465 
1466  /* Create the Anonymous SID */
1468  1,
1470  0,
1471  0,
1472  0,
1473  0,
1474  0,
1475  0,
1476  0,
1477  &AnonymousSid);
1479  if (!NT_SUCCESS(Status))
1480  goto done;
1481 
1482  /* Create the Administrators SID */
1484  2,
1487  0,
1488  0,
1489  0,
1490  0,
1491  0,
1492  0,
1493  &AdministratorsSid);
1495  if (!NT_SUCCESS(Status))
1496  goto done;
1497 
1498  /* Allocate a buffer for the absolute SD */
1499  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1501  sizeof(SECURITY_DESCRIPTOR));
1502  if (AbsSD == NULL)
1503  {
1506  goto done;
1507  }
1508 
1509  /* Create the absolute SD */
1513  if (!NT_SUCCESS(Status))
1514  goto done;
1515 
1516  /* allocate and create the DACL */
1517  DaclSize = sizeof(ACL) +
1518  3 * sizeof(ACE) +
1519  RtlLengthSid(EveryoneSid) +
1520  RtlLengthSid(AdministratorsSid) +
1521  RtlLengthSid(UserSid);
1522 
1523  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1525  DaclSize);
1526  if (Dacl == NULL)
1527  {
1530  goto done;
1531  }
1532 
1534  DaclSize,
1535  ACL_REVISION);
1537  if (!NT_SUCCESS(Status))
1538  goto done;
1539 
1541  ACL_REVISION,
1545  EveryoneSid);
1547  if (!NT_SUCCESS(Status))
1548  goto done;
1549 
1551  ACL_REVISION,
1553  AdministratorsSid);
1555  if (!NT_SUCCESS(Status))
1556  goto done;
1557 
1559  ACL_REVISION,
1561  UserSid);
1563  if (!NT_SUCCESS(Status))
1564  goto done;
1565 
1566  /* Set the DACL */
1568  TRUE,
1569  Dacl,
1570  FALSE);
1572  if (!NT_SUCCESS(Status))
1573  goto done;
1574 
1575  /* allocate and create the SACL */
1576  SaclSize = sizeof(ACL) +
1577  2 * sizeof(ACE) +
1578  RtlLengthSid(EveryoneSid) +
1579  RtlLengthSid(AnonymousSid);
1580 
1581  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1583  DaclSize);
1584  if (Sacl == NULL)
1585  {
1588  goto done;
1589  }
1590 
1592  SaclSize,
1593  ACL_REVISION);
1595  if (!NT_SUCCESS(Status))
1596  goto done;
1597 
1599  ACL_REVISION,
1602  EveryoneSid,
1603  TRUE,
1604  TRUE);
1606  if (!NT_SUCCESS(Status))
1607  goto done;
1608 
1610  ACL_REVISION,
1612  AnonymousSid,
1613  TRUE,
1614  TRUE);
1616  if (!NT_SUCCESS(Status))
1617  goto done;
1618 
1619  /* Set the SACL */
1621  TRUE,
1622  Sacl,
1623  FALSE);
1625  if (!NT_SUCCESS(Status))
1626  goto done;
1627 
1628  /* Set the owner SID */
1630  AdministratorsSid,
1631  FALSE);
1633  if (!NT_SUCCESS(Status))
1634  goto done;
1635 
1636  /* Set the group SID */
1638  AdministratorsSid,
1639  FALSE);
1641  if (!NT_SUCCESS(Status))
1642  goto done;
1643 
1644  /* Get the reqired buffer size for the self-relative SD */
1646  NULL,
1647  &RelSDSize);
1649  goto done;
1650 
1651  /* Allocate a buffer for the self-relative SD */
1652  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1654  RelSDSize);
1655  if (RelSD == NULL)
1656  {
1659  goto done;
1660  }
1661 
1662  /* Convert the absolute SD to self-relative format */
1664  RelSD,
1665  &RelSDSize);
1667  {
1669  goto done;
1670  }
1671 
1672  *UserSd = RelSD;
1673  *Size = RelSDSize;
1674 
1675 done:
1676  if (!NT_SUCCESS(Status))
1677  {
1678  if (RelSD != NULL)
1679  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1680  }
1681 
1682  if (EveryoneSid != NULL)
1683  RtlFreeSid(EveryoneSid);
1684 
1685  if (AnonymousSid != NULL)
1686  RtlFreeSid(AnonymousSid);
1687 
1688  if (AdministratorsSid != NULL)
1689  RtlFreeSid(AdministratorsSid);
1690 
1691  if (Dacl != NULL)
1692  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1693 
1694  if (Sacl != NULL)
1695  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1696 
1697  if (AbsSD != NULL)
1698  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1699 
1700  return Status;
1701 }
1702 
1703 /* EOF */
#define GROUP_WRITE_ACCOUNT
Definition: ntsam.h:76
#define GROUP_ADD_MEMBER
Definition: ntsam.h:77
#define IN
Definition: typedefs.h:38
#define TRUE
Definition: types.h:120
#define SAM_SERVER_READ
Definition: ntsam.h:106
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define SAM_SERVER_EXECUTE
Definition: ntsam.h:114
#define ALIAS_REMOVE_MEMBER
Definition: ntsam.h:10
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
NTSTATUS SampCreateGroupSD(OUT PSECURITY_DESCRIPTOR *GroupSd, OUT PULONG Size)
Definition: security.c:1146
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
#define USER_READ_GENERAL
Definition: ntsam.h:126
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
#define GROUP_READ_INFORMATION
Definition: ntsam.h:75
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define ALIAS_WRITE_ACCOUNT
Definition: ntsam.h:13
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
#define USER_LIST_GROUPS
Definition: ntsam.h:134
#define USER_WRITE_PREFERENCES
Definition: ntsam.h:128
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define ALIAS_LIST_MEMBERS
Definition: ntsam.h:11
#define DOMAIN_CREATE_ALIAS
Definition: ntsam.h:39
#define USER_READ_GROUP_INFORMATION
Definition: ntsam.h:135
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define SAM_SERVER_ALL_ACCESS
Definition: ntsam.h:118
#define SECURITY_WORLD_SID_AUTHORITY
Definition: setypes.h:499
#define DOMAIN_READ
Definition: ntsam.h:45
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define USER_ALL_ACCESS
Definition: ntsam.h:153
#define DOMAIN_CREATE_USER
Definition: ntsam.h:37
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
#define READ_CONTROL
Definition: nt_native.h:58
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define GROUP_REMOVE_MEMBER
Definition: ntsam.h:78
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
#define ALIAS_ALL_ACCESS
Definition: ntsam.h:26
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
NTSTATUS SampCreateAccountDomainSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:545
#define GROUP_ALL_ACCESS
Definition: ntsam.h:92
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
#define DOMAIN_EXECUTE
Definition: ntsam.h:57
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
NTSTATUS SampCreateBuiltinDomainSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:283
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
unsigned int * PULONG
Definition: retypes.h:1
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
NTSTATUS SampCreateAliasSD(OUT PSECURITY_DESCRIPTOR *AliasSd, OUT PULONG Size)
Definition: security.c:859
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
#define OUT
Definition: typedefs.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define GROUP_LIST_MEMBERS
Definition: ntsam.h:79
#define ALIAS_ADD_MEMBER
Definition: ntsam.h:9
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
NTSTATUS SampCreateUserSD(IN PSID UserSid, OUT PSECURITY_DESCRIPTOR *UserSd, OUT PULONG Size)
Definition: security.c:1433
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define DOMAIN_ALL_ACCESS
Definition: ntsam.h:62
#define USER_READ_LOGON
Definition: ntsam.h:129
#define ALIAS_READ_INFORMATION
Definition: ntsam.h:12
Definition: rtltypes.h:988
#define DOMAIN_CREATE_GROUP
Definition: ntsam.h:38
NTSTATUS SampCreateServerSD(OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
Definition: security.c:21
#define DELETE
Definition: nt_native.h:57
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132