boinc/clientsetup/win/aclmgmt.cpp

247 lines
6.0 KiB
C++

/*++
DCOM Permission Configuration Sample
Copyright (c) 1996, Microsoft Corporation. All rights reserved.
Module Name:
aclmgmt.cpp
Abstract:
Routines to manage access control lists
Author:
Michael Nelson
Environment:
Windows NT
--*/
#include "stdafx.h"
#include "lsaprivs.h"
#include "ntsecapi.h"
#include "dcomperm.h"
DWORD
CopyACL (
PACL OldACL,
PACL NewACL
)
{
ACL_SIZE_INFORMATION aclSizeInfo;
LPVOID ace = NULL;
ACE_HEADER *aceHeader = NULL;
ULONG i = 0;
GetAclInformation (OldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (aclSizeInfo), AclSizeInformation);
//
// Copy all of the ACEs to the new ACL
//
for (i = 0; i < aclSizeInfo.AceCount; i++)
{
//
// Get the ACE and header info
//
if (!GetAce (OldACL, i, &ace))
return GetLastError();
aceHeader = (ACE_HEADER *) ace;
//
// Add the ACE to the new list
//
if (!AddAce (NewACL, ACL_REVISION, 0xffffffff, ace, aceHeader->AceSize))
return GetLastError();
}
return ERROR_SUCCESS;
}
DWORD
AddAccessDeniedACEToACL (
PACL *Acl,
DWORD PermissionMask,
LPTSTR Principal
)
{
ACL_SIZE_INFORMATION aclSizeInfo;
int aclSize = 0;
DWORD returnValue = 0;
PSID principalSID = 0;
PACL oldACL = NULL, newACL = NULL;
oldACL = *Acl;
if (!GetAccountSid(NULL, Principal, &principalSID))
{
return GetLastError();
}
GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
aclSize = aclSizeInfo.AclBytesInUse +
sizeof (ACL) + sizeof (ACCESS_DENIED_ACE) +
GetLengthSid (principalSID) - sizeof (DWORD);
newACL = (PACL) new BYTE [aclSize];
if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
{
HeapFree(GetProcessHeap(), 0, principalSID);
return GetLastError();
}
if (!AddAccessDeniedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
{
HeapFree(GetProcessHeap(), 0, principalSID);
return GetLastError();
}
returnValue = CopyACL (oldACL, newACL);
if (returnValue != ERROR_SUCCESS)
{
HeapFree(GetProcessHeap(), 0, principalSID);
return returnValue;
}
*Acl = newACL;
if(principalSID != NULL) HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}
DWORD
AddAccessAllowedACEToACL (
PACL *Acl,
DWORD PermissionMask,
LPTSTR Principal
)
{
ACL_SIZE_INFORMATION aclSizeInfo;
int aclSize = 0;
DWORD returnValue = 0;
PSID principalSID = NULL;
PACL oldACL = NULL, newACL = NULL;
oldACL = *Acl;
if (!GetAccountSid(NULL, Principal, &principalSID))
{
return GetLastError();
}
GetAclInformation (oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
aclSize = aclSizeInfo.AclBytesInUse +
sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) +
GetLengthSid (principalSID) - sizeof (DWORD);
newACL = (PACL) new BYTE [aclSize];
if (!InitializeAcl (newACL, aclSize, ACL_REVISION))
{
HeapFree(GetProcessHeap(), 0, principalSID);
return GetLastError();
}
returnValue = CopyACL (oldACL, newACL);
if (returnValue != ERROR_SUCCESS)
{
HeapFree(GetProcessHeap(), 0, principalSID);
return returnValue;
}
if (!AddAccessAllowedAce (newACL, ACL_REVISION2, PermissionMask, principalSID))
{
HeapFree(GetProcessHeap(), 0, principalSID);
return GetLastError();
}
*Acl = newACL;
if(principalSID != NULL) HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}
DWORD
RemovePrincipalFromACL (
PACL Acl,
LPTSTR Principal
)
{
ACL_SIZE_INFORMATION aclSizeInfo;
ULONG i = 0;
LPVOID ace = NULL;
ACCESS_ALLOWED_ACE *accessAllowedAce = NULL;
ACCESS_DENIED_ACE *accessDeniedAce = NULL;
SYSTEM_AUDIT_ACE *systemAuditAce = NULL;
PSID principalSID = NULL;
ACE_HEADER *aceHeader = NULL;
if (!GetAccountSid(NULL, Principal, &principalSID))
{
return GetLastError();
}
GetAclInformation (Acl, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation);
for (i = 0; i < aclSizeInfo.AceCount; i++)
{
if (!GetAce (Acl, i, &ace))
{
HeapFree(GetProcessHeap(), 0, principalSID);
return GetLastError();
}
aceHeader = (ACE_HEADER *) ace;
if (aceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
{
accessAllowedAce = (ACCESS_ALLOWED_ACE *) ace;
if (EqualSid (principalSID, (PSID) &accessAllowedAce->SidStart))
{
DeleteAce (Acl, i);
HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}
} else
if (aceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
{
accessDeniedAce = (ACCESS_DENIED_ACE *) ace;
if (EqualSid (principalSID, (PSID) &accessDeniedAce->SidStart))
{
DeleteAce (Acl, i);
HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}
} else
if (aceHeader->AceType == SYSTEM_AUDIT_ACE_TYPE)
{
systemAuditAce = (SYSTEM_AUDIT_ACE *) ace;
if (EqualSid (principalSID, (PSID) &systemAuditAce->SidStart))
{
DeleteAce (Acl, i);
HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}
}
}
if(principalSID != NULL) HeapFree(GetProcessHeap(), 0, principalSID);
return ERROR_SUCCESS;
}