#include "svchost.h"
#include <aclapi.h>
#include <objidl.h>

Include dependency graph for security.cxx:

Functions
DWORD WINAPI	DwInitializeSdFromThreadToken (_Out_ PVOID ppSecurityDescriptor, _Out_ PACL ppAcl)

BOOL WINAPI	InitializeSecurity (_In_ DWORD dwParam, _In_ DWORD dwAuthnLevel, _In_ DWORD dwImpLevel, _In_ DWORD dwCapabilities)

Variables
SID	NtSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }

Function Documentation

◆ DwInitializeSdFromThreadToken()

DWORD WINAPI DwInitializeSdFromThreadToken	(	_Out_ PVOID *	ppSecurityDescriptor,
		_Out_ PACL *	ppAcl
	)

Definition at line 27 of file security.cxx.

 {
     HANDLE hToken;
     DWORD dwGroupLength, dwUserLength, dwError, dwAlignLength;
     PTOKEN_PRIMARY_GROUP pTokenGroup;
     PTOKEN_USER pTokenUser;
     EXPLICIT_ACCESS_W pListOfExplicitEntries;
     PACL pAcl = NULL;
     PISECURITY_DESCRIPTOR pSd;
 
     /* Assume failure */
     *ppSecurityDescriptor = NULL;
     *ppAcl = NULL;
 
     /* Open the token of the current thread */
     if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 0, &hToken) == FALSE)
     {
         /* The thread is not impersonating, use the process token */
         if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken) == FALSE)
         {
             /* No token could be queried, fail */
             return GetLastError();
         }
     }
 
     /* Get the size of the token's user */
     if ((GetTokenInformation(hToken, TokenUser, NULL, 0, &dwUserLength) != FALSE) ||
         (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
     {
         return GetLastError();
     }
 
     /* Get the size of the token's primary group */
     if ((GetTokenInformation(hToken, TokenPrimaryGroup, NULL, 0, &dwGroupLength) != FALSE) ||
         (GetLastError() != ERROR_INSUFFICIENT_BUFFER))
     {
         return GetLastError();
     }
 
     /* Allocate an SD large enough to hold the SIDs for the above */
     dwAlignLength = ALIGN_UP(dwUserLength, ULONG);
     pSd = (PISECURITY_DESCRIPTOR)MemAlloc(0,
                                           dwAlignLength +
                                           dwGroupLength +
                                           sizeof(*pSd));
     if (pSd == NULL) return ERROR_OUTOFMEMORY;
 
     /* Assume success for now */
     dwError = ERROR_SUCCESS;
 
     /* We'll put them right after the SD itself */
     pTokenUser = (PTOKEN_USER)(pSd + 1);
     pTokenGroup = (PTOKEN_PRIMARY_GROUP)((ULONG_PTR)pTokenUser + dwAlignLength);
 
     /* Now initialize it */
     if (InitializeSecurityDescriptor(pSd, SECURITY_DESCRIPTOR_REVISION) == FALSE)
     {
         dwError = GetLastError();
     }
 
     /* And do the actual query for the user */
     if (GetTokenInformation(hToken,
                             TokenUser,
                             pTokenUser,
                             dwUserLength,
                             &dwUserLength) == FALSE)
     {
         dwError = GetLastError();
     }
 
     /* And then the actual query for the primary group */
     if (GetTokenInformation(hToken,
                             TokenPrimaryGroup,
                             pTokenGroup,
                             dwGroupLength,
                             &dwGroupLength) == FALSE)
     {
         dwError = GetLastError();
     }
 
     /* Set the user as owner */
     if (SetSecurityDescriptorOwner(pSd, pTokenUser->User.Sid, FALSE) == FALSE)
     {
         dwError = GetLastError();
     }
 
     /* Set the group as primary */
     if (SetSecurityDescriptorGroup(pSd, pTokenGroup->PrimaryGroup, FALSE) == FALSE)
     {
         dwError = GetLastError();
     }
 
     /* Did everything so far work out? */
     if (dwError == ERROR_SUCCESS)
     {
         /* Yes, create an ACL granting the SYSTEM account access */
         pListOfExplicitEntries.grfAccessMode = SET_ACCESS;
         pListOfExplicitEntries.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
         pListOfExplicitEntries.grfAccessPermissions = 1;
         pListOfExplicitEntries.grfInheritance = 0;
         pListOfExplicitEntries.Trustee.pMultipleTrustee = 0;
         pListOfExplicitEntries.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
         pListOfExplicitEntries.Trustee.TrusteeForm = TRUSTEE_IS_SID;
         pListOfExplicitEntries.Trustee.ptstrName = (LPWSTR)&NtSid;
         dwError = SetEntriesInAclW(1, &pListOfExplicitEntries, NULL, &pAcl);
         if (dwError == ERROR_SUCCESS)
         {
             /* Make that ACL the DACL of the SD we just built */
             if (SetSecurityDescriptorDacl(pSd, 1, pAcl, FALSE) == FALSE)
             {
                 /* We failed, bail out */
                 LocalFree(pAcl);
                 dwError = GetLastError();
             }
             else
             {
                 /* Now we have the SD and the ACL all ready to go */
                 *ppSecurityDescriptor = pSd;
                 *ppAcl = pAcl;
                 return ERROR_SUCCESS;
             }
         }
     }
 
     /* Failure path, we'll free the SD since the caller can't use it */
     MemFree(pSd);
     return dwError;
 }

Referenced by InitializeSecurity().

◆ InitializeSecurity()

BOOL WINAPI InitializeSecurity	(	_In_ DWORD	dwParam,
		_In_ DWORD	dwAuthnLevel,
		_In_ DWORD	dwImpLevel,
		_In_ DWORD	dwCapabilities
	)

Definition at line 161 of file security.cxx.

 {
     HRESULT hr;
     PACL pAcl;
     PSECURITY_DESCRIPTOR pSecurityDescriptor;
     IGlobalOptions *pGlobalOptions;
     ASSERT(dwParam != 0);
 
     /* Create a valid SD and ACL based on the current thread's token */
     if (DwInitializeSdFromThreadToken(&pSecurityDescriptor, &pAcl) == ERROR_SUCCESS)
     {
         /* It worked -- initialize COM without DDE support */
         hr = CoInitializeEx(NULL, COINIT_DISABLE_OLE1DDE);
     }
     else
     {
         /* Don't keep going if we don't have an SD */
         hr = E_FAIL;
     }
 
     /* Did we make it? */
     if (SUCCEEDED(hr))
     {
         /* Indeed, initialize COM security now */
         DBG_TRACE("Calling CoInitializeSecurity (dwAuthCapabilities = 0x%08x)\n",
                   dwCapabilities);
         hr = CoInitializeSecurity(pSecurityDescriptor,
                                   -1,
                                   NULL,
                                   NULL,
                                   dwAuthnLevel,
                                   dwImpLevel,
                                   NULL,
                                   dwCapabilities,
                                   NULL);
         if (FAILED(hr)) DBG_ERR("CoInitializeSecurity returned hr=0x%08x\n", hr);
     }
 
     /* Free the SD and ACL since we no longer need it */
     MemFree(pSecurityDescriptor);
     LocalFree(pAcl);
 
     /* Did we initialize COM correctly? */
     if (SUCCEEDED(hr))
     {
         /* Get the COM Global Options Interface */
         hr = CoCreateInstance(CLSID_GlobalOptions,
                               NULL,
                               CLSCTX_INPROC_SERVER,
                               IID_IGlobalOptions,
                               (LPVOID*)&pGlobalOptions);
         if (SUCCEEDED(hr))
         {
             /* Use it to disable COM exception handling */
             hr = pGlobalOptions->Set(COMGLB_EXCEPTION_HANDLING,
                                      COMGLB_EXCEPTION_DONOT_HANDLE);
             pGlobalOptions->Release();
             ASSERT(SUCCEEDED(hr));
         }
     }
 
     /* Return whether all COM calls were successful or not */
     return SUCCEEDED(hr);
 }

Referenced by CallPerInstanceInitFunctions().

Variable Documentation

◆ NtSid

SID NtSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } }

Definition at line 21 of file security.cxx.

Referenced by DwInitializeSdFromThreadToken().

Functions

Variables

Function Documentation

◆ DwInitializeSdFromThreadToken()

◆ InitializeSecurity()

Variable Documentation

◆ NtSid