static PSID pAuthenticatedUserSid = NULL;
static PSID pAliasAdminsSid = NULL;
+static PACL pDefaultDacl = NULL;
+static PACL pDefaultSacl = NULL;
+
+static PSECURITY_DESCRIPTOR pDefaultSD = NULL;
+
/* FUNCTIONS ****************************************************************/
}
+static
DWORD
-ScmCreateDefaultServiceSD(
- PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
+ScmCreateAcls(VOID)
{
- PSECURITY_DESCRIPTOR pServiceSD = NULL;
- PSECURITY_DESCRIPTOR pRelativeSD = NULL;
- PACL pDacl = NULL;
- PACL pSacl = NULL;
ULONG ulLength;
- DWORD dwBufferLength = 0;
- NTSTATUS Status;
- DWORD dwError = ERROR_SUCCESS;
/* Create DACL */
ulLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(pAliasAdminsSid)) +
(sizeof(ACE) + RtlLengthSid(pAuthenticatedUserSid));
- pDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
- if (pDacl == NULL)
- {
- dwError = ERROR_OUTOFMEMORY;
- goto done;
- }
+ pDefaultDacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
+ if (pDefaultDacl == NULL)
+ return ERROR_OUTOFMEMORY;
- RtlCreateAcl(pDacl, ulLength, ACL_REVISION);
+ RtlCreateAcl(pDefaultDacl, ulLength, ACL_REVISION);
- RtlAddAccessAllowedAce(pDacl,
+ RtlAddAccessAllowedAce(pDefaultDacl,
ACL_REVISION,
READ_CONTROL | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_INTERROGATE |
SERVICE_PAUSE_CONTINUE | SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS |
SERVICE_START | SERVICE_STOP | SERVICE_USER_DEFINED_CONTROL,
pLocalSystemSid);
- RtlAddAccessAllowedAce(pDacl,
+ RtlAddAccessAllowedAce(pDefaultDacl,
ACL_REVISION,
SERVICE_ALL_ACCESS,
pAliasAdminsSid);
- RtlAddAccessAllowedAce(pDacl,
+ RtlAddAccessAllowedAce(pDefaultDacl,
ACL_REVISION,
READ_CONTROL | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_INTERROGATE |
SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_USER_DEFINED_CONTROL,
ulLength = sizeof(ACL) +
(sizeof(ACE) + RtlLengthSid(pNullSid));
- pSacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
- if (pSacl == NULL)
- {
- dwError = ERROR_OUTOFMEMORY;
- goto done;
- }
+ pDefaultSacl = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, ulLength);
+ if (pDefaultSacl == NULL)
+ return ERROR_OUTOFMEMORY;
- RtlCreateAcl(pSacl, ulLength, ACL_REVISION);
+ RtlCreateAcl(pDefaultSacl, ulLength, ACL_REVISION);
- RtlAddAuditAccessAce(pSacl,
+ RtlAddAuditAccessAce(pDefaultSacl,
ACL_REVISION,
SERVICE_ALL_ACCESS,
pNullSid,
FALSE,
TRUE);
+ return ERROR_SUCCESS;
+}
+
+
+static
+VOID
+ScmFreeAcls(VOID)
+{
+ if (pDefaultDacl != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultDacl);
+
+ if (pDefaultSacl != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSacl);
+}
+
+
+static
+DWORD
+ScmCreateDefaultSD(VOID)
+{
+ NTSTATUS Status;
+
/* Create the absolute security descriptor */
- pServiceSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
- if (pServiceSD == NULL)
- {
- dwError = ERROR_OUTOFMEMORY;
- goto done;
- }
- DPRINT("pServiceSD %p\n", pServiceSD);
+ pDefaultSD = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(SECURITY_DESCRIPTOR));
+ if (pDefaultSD == NULL)
+ return ERROR_OUTOFMEMORY;
- Status = RtlCreateSecurityDescriptor(pServiceSD,
+ DPRINT("pDefaultSD %p\n", pDefaultSD);
+
+ Status = RtlCreateSecurityDescriptor(pDefaultSD,
SECURITY_DESCRIPTOR_REVISION);
if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
+ return RtlNtStatusToDosError(Status);
- Status = RtlSetOwnerSecurityDescriptor(pServiceSD,
+ Status = RtlSetOwnerSecurityDescriptor(pDefaultSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
+ return RtlNtStatusToDosError(Status);
- Status = RtlSetGroupSecurityDescriptor(pServiceSD,
+ Status = RtlSetGroupSecurityDescriptor(pDefaultSD,
pLocalSystemSid,
FALSE);
if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
+ return RtlNtStatusToDosError(Status);
- Status = RtlSetDaclSecurityDescriptor(pServiceSD,
+ Status = RtlSetDaclSecurityDescriptor(pDefaultSD,
TRUE,
- pDacl,
+ pDefaultDacl,
FALSE);
if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
+ return RtlNtStatusToDosError(Status);
- Status = RtlSetSaclSecurityDescriptor(pServiceSD,
+ Status = RtlSetSaclSecurityDescriptor(pDefaultSD,
TRUE,
- pSacl,
+ pDefaultSacl,
FALSE);
if (!NT_SUCCESS(Status))
- {
- dwError = RtlNtStatusToDosError(Status);
- goto done;
- }
+ return RtlNtStatusToDosError(Status);
+
+ return ERROR_SUCCESS;
+}
+
+
+static
+VOID
+ScmFreeDefaultSD(VOID)
+{
+ if (pDefaultSD != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, pDefaultSD);
+}
+
+
+DWORD
+ScmCreateDefaultServiceSD(
+ PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
+{
+ PSECURITY_DESCRIPTOR pRelativeSD = NULL;
+ DWORD dwBufferLength = 0;
+ NTSTATUS Status;
+ DWORD dwError = ERROR_SUCCESS;
/* Convert the absolute SD to a self-relative SD */
- Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
+ Status = RtlAbsoluteToSelfRelativeSD(pDefaultSD,
NULL,
&dwBufferLength);
if (Status != STATUS_BUFFER_TOO_SMALL)
}
DPRINT("pRelativeSD %p\n", pRelativeSD);
- Status = RtlAbsoluteToSelfRelativeSD(pServiceSD,
+ Status = RtlAbsoluteToSelfRelativeSD(pDefaultSD,
pRelativeSD,
&dwBufferLength);
if (!NT_SUCCESS(Status))
RtlFreeHeap(RtlGetProcessHeap(), 0, pRelativeSD);
}
- if (pServiceSD != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pServiceSD);
-
- if (pSacl != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pSacl);
-
- if (pDacl != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, pDacl);
-
return dwError;
}
if (dwError != ERROR_SUCCESS)
return dwError;
+ dwError = ScmCreateAcls();
+ if (dwError != ERROR_SUCCESS)
+ return dwError;
+
+ dwError = ScmCreateDefaultSD();
+ if (dwError != ERROR_SUCCESS)
+ return dwError;
+
return ERROR_SUCCESS;
}
VOID
ScmShutdownSecurity(VOID)
{
+ ScmFreeDefaultSD();
+ ScmFreeAcls();
ScmFreeSids();
}
projects / reactos.git / commitdiff