ReactOS 0.4.16-dev-340-g0540c21
SecurityDescriptor.cpp
Go to the documentation of this file.
1/*
2 * regexpl - Console Registry Explorer
3 *
4 * Copyright (C) 2000-2005 Nedko Arnaudov <nedko@users.sourceforge.net>
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; see the file COPYING. If not, write to
18 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 * Boston, MA 02111-1307, USA.
20 */
21
22// SecurityDescriptor.cpp: implementation of the CSecurityDescriptor class.
23//
25
26#include "ph.h"
27#include "SecurityDescriptor.h"
28
30 PSID pSid, // binary Sid
31 LPTSTR TextualSid, // buffer for Textual representation of Sid
32 LPDWORD lpdwBufferLen // required/provided TextualSid buffersize
33 )
34{
36 DWORD dwSubAuthorities;
37 DWORD dwSidRev=SID_REVISION;
39 DWORD dwSidSize;
40
41 // Validate the binary SID.
42
43 if(!IsValidSid(pSid)) return FALSE;
44
45 // Get the identifier authority value from the SID.
46
48
49 // Get the number of subauthorities in the SID.
50
51 dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
52
53 // Compute the buffer length.
54 // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
55
56 dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
57
58 // Check input buffer length.
59 // If too small, indicate the proper size and set last error.
60
61 if (*lpdwBufferLen < dwSidSize)
62 {
63 *lpdwBufferLen = dwSidSize;
65 return FALSE;
66 }
67
68 // Add 'S' prefix and revision number to the string.
69
70 dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
71
72 // Add SID identifier authority to the string.
73
74 if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
75 {
76 dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
77 TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
78 (USHORT)psia->Value[0],
79 (USHORT)psia->Value[1],
80 (USHORT)psia->Value[2],
81 (USHORT)psia->Value[3],
82 (USHORT)psia->Value[4],
83 (USHORT)psia->Value[5]);
84 }
85 else
86 {
87 dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
88 TEXT("%lu"),
89 (ULONG)(psia->Value[5] ) +
90 (ULONG)(psia->Value[4] << 8) +
91 (ULONG)(psia->Value[3] << 16) +
92 (ULONG)(psia->Value[2] << 24) );
93 }
94
95 // Add SID subauthorities to the string.
96 //
97 for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
98 {
99 dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
101 }
102
103 return TRUE;
104}
105
107{
108 switch(Use)
109 {
110 case SidTypeUser:
111 return _T("User SID");
112 case SidTypeGroup:
113 return _T("Group SID");
114 case SidTypeDomain:
115 return _T("Domain SID");
116 case SidTypeAlias:
117 return _T("Alias SID");
119 return _T("SID for a well-known group");
121 return _T("SID for a deleted account");
122 case SidTypeInvalid:
123 return _T("Invalid SID");
124 case SidTypeUnknown:
125 return _T("Unknown SID type");
126 default:
127 return _T("Error. Cannot recognize SID type.");
128 }
129}
130
132// Construction/Destruction
134
136{
139}
140
142{
143}
144
146{
147 m_pSecurityDescriptor = pSecurityDescriptor;
148}
149
151{
153 {
154 throw GetLastError();
155 }
156 return ERROR_SUCCESS;
157}
158
160{
161 return m_blnDACLPresent;
162}
163
165{
167 throw GetLastError();
168 return ERROR_SUCCESS;
169}
170
172{
173 return m_blnSACLPresent;
174}
175
177{
179 return (m_pDACL == NULL);
180}
181
183{
185 ASSERT(m_pDACL != NULL);
186 return IsValidAcl(m_pDACL);
187}
188
190{
192 return (m_pSACL == NULL);
193}
194
196{
198 ASSERT(m_pSACL != NULL);
199 return IsValidAcl(m_pSACL);
200}
201
203{
204 ACL_SIZE_INFORMATION SizeInfo;
205 if (!GetAclInformation(m_pDACL,&SizeInfo,sizeof(SizeInfo),AclSizeInformation))
206 throw GetLastError();
207 return SizeInfo.AceCount;
208}
209
211{
212 ACL_SIZE_INFORMATION SizeInfo;
213 if (!GetAclInformation(m_pSACL,&SizeInfo,sizeof(SizeInfo),AclSizeInformation))
214 throw GetLastError();
215 return SizeInfo.AceCount;
216}
217
219{
220 void *pACE;
221 if (!GetAce(m_pDACL,nIndex,&pACE)) throw GetLastError();
224 {
225 return AccessAlowed;
226 }
228 {
229 return AccessDenied;
230 }
231 return Unknown;
232}
233
235{
236 void *pACE;
237 if (!GetAce(m_pSACL,nIndex,&pACE)) throw GetLastError();
240 {
243 return SystemAudit;
244 }
245 return Unknown;
246}
247
249{
252 {
254 return ((PSID)&(((ACCESS_ALLOWED_ACE *)m_pCurrentACEHeader)->SidStart));
256 return ((PSID)&(((ACCESS_DENIED_ACE *)m_pCurrentACEHeader)->SidStart));
258 return ((PSID)&(((SYSTEM_AUDIT_ACE *)m_pCurrentACEHeader)->SidStart));
259 default:
260 ASSERT(FALSE); // Do not call this function for unknown ACE types !!!
261 return NULL;
262 }
263}
264
266{
269 {
271 dwMask = (((ACCESS_ALLOWED_ACE *)m_pCurrentACEHeader)->Mask);
272 return;
274 dwMask = (((ACCESS_DENIED_ACE *)m_pCurrentACEHeader)->Mask);
275 return;
277 dwMask = (((SYSTEM_AUDIT_ACE *)m_pCurrentACEHeader)->Mask);
278 return;
279 default:
280 ASSERT(FALSE); // Do not call this function for unknown ACE types !!!
281 return;
282 }
283}
284
286{
289}
const TCHAR * GetSidTypeName(SID_NAME_USE Use)
BOOL GetTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen)
void AssociateDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor)
ACEntryType GetDACLEntry(DWORD nIndex)
PSECURITY_DESCRIPTOR m_pSecurityDescriptor
ACEntryType GetSACLEntry(DWORD nIndex, BOOL &blnFailedAccess, BOOL &blnSeccessfulAccess)
void GetCurrentACE_Flags(BYTE &bFlags)
ACE_HEADER * m_pCurrentACEHeader
void GetCurrentACE_AccessMask(DWORD &dwMask)
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
#define ERROR_SUCCESS
Definition: deptool.c:10
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
BOOL WINAPI GetAclInformation(PACL pAcl, LPVOID pAclInformation, DWORD nAclInformationLength, ACL_INFORMATION_CLASS dwAclInformationClass)
Definition: security.c:1194
PDWORD WINAPI GetSidSubAuthority(PSID pSid, DWORD nSubAuthority)
Definition: security.c:896
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
PUCHAR WINAPI GetSidSubAuthorityCount(PSID pSid)
Definition: security.c:908
PSID_IDENTIFIER_AUTHORITY WINAPI GetSidIdentifierAuthority(PSID pSid)
Definition: security.c:885
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
BOOL WINAPI IsValidAcl(PACL pAcl)
Definition: security.c:1209
#define SetLastError(x)
Definition: compat.h:752
unsigned int BOOL
Definition: ntddk_ex.h:94
unsigned long DWORD
Definition: ntddk_ex.h:95
#define TEXT(s)
Definition: k32.h:26
enum _SID_NAME_USE SID_NAME_USE
@ SidTypeUnknown
Definition: lsa.idl:125
@ SidTypeAlias
Definition: lsa.idl:121
@ SidTypeDomain
Definition: lsa.idl:120
@ SidTypeGroup
Definition: lsa.idl:119
@ SidTypeDeletedAccount
Definition: lsa.idl:123
@ SidTypeUser
Definition: lsa.idl:118
@ SidTypeWellKnownGroup
Definition: lsa.idl:122
@ SidTypeInvalid
Definition: lsa.idl:124
#define ASSERT(a)
Definition: mode.c:44
DWORD dwCounter
Definition: mutex.c:10
static PSID pSid
Definition: security.c:74
struct _ACE_HEADER * PACE_HEADER
unsigned short USHORT
Definition: pedump.c:61
BOOL WINAPI GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbSaclPresent, PACL *pSacl, LPBOOL lpbSaclDefaulted)
Definition: sec.c:146
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
UCHAR AceFlags
Definition: ms-dtyp.idl:211
UCHAR AceType
Definition: ms-dtyp.idl:210
uint32_t * LPDWORD
Definition: typedefs.h:59
uint32_t ULONG
Definition: typedefs.h:59
#define _T(x)
Definition: vfdio.h:22
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define lstrlen
Definition: winbase.h:3901
@ AclSizeInformation
Definition: winnt_old.h:1146
#define wsprintf
Definition: winuser.h:5877
#define SYSTEM_AUDIT_ACE_TYPE
Definition: setypes.h:719
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718
* PSID_IDENTIFIER_AUTHORITY
Definition: setypes.h:464
#define SID_REVISION
Definition: setypes.h:481
#define FAILED_ACCESS_ACE_FLAG
Definition: setypes.h:754
#define SUCCESSFUL_ACCESS_ACE_FLAG
Definition: setypes.h:753
char TCHAR
Definition: xmlstorage.h:189
CHAR * LPTSTR
Definition: xmlstorage.h:192
unsigned char BYTE
Definition: xxhash.c:193