Main Page | Class Hierarchy | Class List | File List | Class Members | File Members

rtsetsec.c File Reference

#include "cmp.h"
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

Go to the source code of this file.

Functions

PSID GetMySid (VOID)
PSECURITY_DESCRIPTOR GenerateDescriptor (VOID)
void __cdecl main (int argc, char *argv[])

Function Documentation

PSECURITY_DESCRIPTOR GenerateDescriptor VOID   ) 
 

Definition at line 122 of file rtsetsec.c.

References CreatorSid, exit, FALSE, GetMySid(), NT_SUCCESS, NTSTATUS(), NULL, RtlAddAce(), RtlCopySid(), RtlCreateAcl(), RtlCreateSecurityDescriptor(), RtlInitializeSid(), RtlLengthRequiredSid(), RtlSetDaclSecurityDescriptor(), RtlSubAuthoritySid(), RtlValidSid(), SeLengthSid, Status, TRUE, USHORT, and WorldSid.

Referenced by main(). 

00125 {
00126     PSECURITY_DESCRIPTOR SecurityDescriptor;
00127     PACL Acl;
00128     PSID WorldSid, CreatorSid;
00129     SID_IDENTIFIER_AUTHORITY WorldAuthority = SECURITY_WORLD_SID_AUTHORITY;
00130     ULONG OwnerAceLength, WorldAceLength;
00131     ULONG AclLength;
00132     NTSTATUS Status;
00133     PACCESS_ALLOWED_ACE OwnerAce;
00134     PACCESS_ALLOWED_ACE WorldAce;
00135 
00136     WorldSid = malloc(RtlLengthRequiredSid(1));
00137     if (WorldSid == NULL) {
00138         printf("rtsetsec: GenerateDescriptor() couldn't malloc WorldSID\n");
00139         exit(1);
00140     }
00141     RtlInitializeSid(WorldSid, &WorldAuthority, 1);
00142     *(RtlSubAuthoritySid(WorldSid, 0)) = SECURITY_WORLD_RID;
00143     if (!RtlValidSid(WorldSid)) {
00144         printf("rtsetsec: GenerateDescriptor() created invalid World SID\n");
00145         exit(1);
00146     }
00147 
00148     CreatorSid = GetMySid();
00149 
00150     //
00151     // Since the ACCESS_DENIED_ACE already contains a ULONG for the
00152     // SID, we subtract this back out when calculating the size of the ACE
00153     //
00154 
00155     WorldAceLength = SeLengthSid(WorldSid) -
00156                      sizeof(ULONG)     +
00157                      sizeof(ACCESS_ALLOWED_ACE) ;
00158     WorldAce = malloc(WorldAceLength);
00159     if (WorldAce == NULL) {
00160         printf("rtsetsec: GenerateDescriptor() couldn't malloc WorldAce\n");
00161         exit(1);
00162     }
00163 
00164     OwnerAceLength = SeLengthSid(CreatorSid) -
00165                      sizeof(ULONG)     +
00166                      sizeof(ACCESS_ALLOWED_ACE);
00167 
00168     OwnerAce = malloc( OwnerAceLength );
00169     if (OwnerAce == NULL) {
00170         printf("rtsetsec: GenerateDescriptor() couldn't malloc OwnerAce\n");
00171         exit(1);
00172     }
00173 
00174     AclLength = OwnerAceLength + WorldAceLength + sizeof(ACL);
00175     Acl = malloc(AclLength);
00176     if (Acl == NULL) {
00177         printf("rtsetsec: GenerateDescriptor() couldn't malloc ACL\n");
00178         exit(1);
00179     }
00180 
00181     Status = RtlCreateAcl(Acl, AclLength, ACL_REVISION);
00182     if (!NT_SUCCESS(Status)) {
00183         printf("rtsetsec: RtlCreateAcl failed status %08lx\n", Status);
00184         exit(1);
00185     }
00186 
00187     //
00188     // Fill in ACE fields
00189     //
00190 
00191     WorldAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
00192     WorldAce->Header.AceSize = (USHORT)WorldAceLength;
00193     WorldAce->Header.AceFlags = 0;  // clear audit and inherit flags
00194     WorldAce->Mask = KEY_READ;
00195     Status = RtlCopySid( SeLengthSid(WorldSid),
00196                          &WorldAce->SidStart,
00197                          WorldSid );
00198     if (!NT_SUCCESS(Status)) {
00199         printf("rtsetsec: RtlCopySid failed status %08lx\n", Status);
00200         exit(1);
00201     }
00202 
00203     OwnerAce->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
00204     OwnerAce->Header.AceSize = (USHORT)OwnerAceLength;
00205     OwnerAce->Header.AceFlags = 0;  // clear audit and inherit flags
00206     OwnerAce->Mask = KEY_ALL_ACCESS;
00207     Status = RtlCopySid( SeLengthSid(CreatorSid),
00208                          &OwnerAce->SidStart,
00209                          CreatorSid );
00210     if (!NT_SUCCESS(Status)) {
00211         printf("rtsetsec: RtlCopySid failed status %08lx\n", Status);
00212         exit(1);
00213     }
00214 
00215     free(WorldSid);
00216 
00217     //
00218     // Now add the ACE to the beginning of the ACL.
00219     //
00220 
00221     Status = RtlAddAce( Acl,
00222                         ACL_REVISION,
00223                         0,
00224                         WorldAce,
00225                         WorldAceLength );
00226     if (!NT_SUCCESS(Status)) {
00227         printf("rtsetsec: RtlAddAce (world ace) failed status %08lx\n", Status);
00228         exit(1);
00229     }
00230     Status = RtlAddAce( Acl,
00231                         ACL_REVISION,
00232                         0,
00233                         OwnerAce,
00234                         OwnerAceLength );
00235     if (!NT_SUCCESS(Status)) {
00236         printf("rtsetsec: RtlAddAce (owner ace) failed status %08lx\n", Status);
00237         exit(1);
00238     }
00239 
00240     free(OwnerAce);
00241     free(WorldAce);
00242 
00243     //
00244     // Allocate and initialize the Security Descriptor
00245     //
00246 
00247     SecurityDescriptor = malloc(sizeof(SECURITY_DESCRIPTOR));
00248     Status = RtlCreateSecurityDescriptor( SecurityDescriptor,
00249                                           SECURITY_DESCRIPTOR_REVISION );
00250     if (!NT_SUCCESS(Status)) {
00251         printf("rtsetsec: RtlCreateSecurityDescriptor failed status %08lx\n",Status);
00252         exit(1);
00253     }
00254 
00255     Status = RtlSetDaclSecurityDescriptor( SecurityDescriptor,
00256                                            TRUE,
00257                                            Acl,
00258                                            FALSE );
00259     if (!NT_SUCCESS(Status)) {
00260         printf("rtsetsec: RtlSetDaclSecurityDescriptor failed status %08lx\n",Status);
00261         exit(1);
00262     }
00263 
00264     //
00265     // FINALLY we are finished!
00266     //
00267 
00268     return(SecurityDescriptor);
00269 
00270 }

PSID GetMySid VOID   ) 
 

Definition at line 273 of file rtsetsec.c.

References exit, NT_SUCCESS, NtClose(), NtOpenProcessToken(), NtQueryInformationToken(), NTSTATUS(), NULL, Owner, Status, and Token.

Referenced by GenerateDescriptor(). 

00276 {
00277     NTSTATUS Status;
00278     HANDLE Token;
00279     PTOKEN_OWNER Owner;
00280     ULONG Length;
00281 
00282     Status = NtOpenProcessToken( NtCurrentProcess(),
00283                                  TOKEN_QUERY,
00284                                  &Token );
00285     if (!NT_SUCCESS(Status)) {
00286         printf("rtsetsec: GetMySid() NtOpenProcessToken failed status %08lx\n",Status);
00287         exit(1);
00288     }
00289 
00290     Status = NtQueryInformationToken( Token,
00291                                       TokenOwner,
00292                                       Owner,
00293                                       0,
00294                                       &Length );
00295     if (Status != STATUS_BUFFER_TOO_SMALL) {
00296         printf("rtsetsec: GetMySid() NtQueryInformationToken failed status %08lx\n",Status);
00297         exit(1);
00298     }
00299 
00300     Owner = malloc(Length);
00301     if (Owner==NULL) {
00302         printf("rtsetsec: GetMySid() Couldn't malloc TOKEN_OWNER buffer\n");
00303         exit(1);
00304     }
00305     Status = NtQueryInformationToken( Token,
00306                                       TokenOwner,
00307                                       Owner,
00308                                       Length,
00309                                       &Length );
00310     if (!NT_SUCCESS(Status)) {
00311         printf("rtsetsec: GetMySid() NtQueryInformationToken failed status %08lx\n",Status);
00312         exit(1);
00313     }
00314 
00315     NtClose(Token);
00316 
00317     return(Owner->Owner);
00318 
00319 }

void __cdecl main int  argc,
char *  argv[]
 

Definition at line 48 of file rtsetsec.c.

References exit, GenerateDescriptor(), KeyName, NT_SUCCESS, NtClose(), NtOpenKey(), NtSetSecurityObject(), NTSTATUS(), NULL, ObjectAttributes, RtlAnsiStringToUnicodeString(), RtlInitAnsiString(), Status, and TRUE. 

00052 {
00053     NTSTATUS Status;
00054     OBJECT_ATTRIBUTES ObjectAttributes;
00055     UNICODE_STRING  KeyName;
00056     ANSI_STRING AnsiKeyName;
00057     HANDLE KeyHandle;
00058     PSECURITY_DESCRIPTOR NewSecurityDescriptor;
00059 
00060     //
00061     // Process args
00062     //
00063 
00064     if (argc != 2) {
00065         printf("Usage: %s <KeyPath>\n",argv[0]);
00066         exit(1);
00067     }
00068 
00069     RtlInitAnsiString(&AnsiKeyName, argv[1]);
00070     Status = RtlAnsiStringToUnicodeString(&KeyName, &AnsiKeyName, TRUE);
00071     if (!NT_SUCCESS(Status)) {
00072         printf("RtlAnsiStringToUnicodeString failed %lx\n",Status);
00073         exit(1);
00074     }
00075 
00076     printf("rtsetsec: starting\n");
00077 
00078     //
00079     // Open node that we want to change the security descriptor for.
00080     //
00081 
00082     InitializeObjectAttributes(
00083         &ObjectAttributes,
00084         &KeyName,
00085         0,
00086         (HANDLE)NULL,
00087         NULL
00088         );
00089     ObjectAttributes.Attributes |= OBJ_CASE_INSENSITIVE;
00090 
00091     Status = NtOpenKey(
00092                 &KeyHandle,
00093                 WRITE_DAC,
00094                 &ObjectAttributes
00095                 );
00096     if (!NT_SUCCESS(Status)) {
00097         printf("rtsetsec: NtOpenKey failed: %08lx\n", Status);
00098         exit(1);
00099     }
00100 
00101     NewSecurityDescriptor = GenerateDescriptor();
00102 
00103     Status = NtSetSecurityObject( KeyHandle,
00104                                   DACL_SECURITY_INFORMATION,
00105                                   NewSecurityDescriptor);
00106     if (!NT_SUCCESS(Status)) {
00107         printf("rtsetsec: NtSetSecurity failed: %08lx\n",Status);
00108         exit(1);
00109     }
00110 
00111     Status = NtClose(KeyHandle);
00112     if (!NT_SUCCESS(Status)) {
00113         printf("rtsetsec: NtClose failed: %08lx\n", Status);
00114         exit(1);
00115     }
00116 
00117     printf("rtsetsec: successful\n");
00118 
00119 }

Generated on Sat May 15 19:45:30 2004 for test by doxygen 1.3.7