📄 init.c
字号:
/* Create the ACE */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
PORT_ALL_ACCESS,
SystemSid);
if (!NT_SUCCESS(Status))
{
/* Fail */
RtlFreeHeap(CsrHeap, 0, SecurityDescriptor);
return Status;
}
/* Clear the DACL in the SD */
Status = RtlSetDaclSecurityDescriptor(SecurityDescriptor,
TRUE,
Dacl,
FALSE);
if (!NT_SUCCESS(Status))
{
/* Fail */
RtlFreeHeap(CsrHeap, 0, SecurityDescriptor);
return Status;
}
/* Free the SID and return*/
RtlFreeSid(SystemSid);
*LocalSystemSd = SecurityDescriptor;
return Status;
}
/*++
* @name CsrGetDosDevicesSd
*
* The CsrGetDosDevicesSd creates a security descriptor for the DOS Devices
* Object Directory.
*
* @param DosDevicesSd
* Pointer to the Security Descriptor to return.
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
* othwerwise.
*
* @remarks Depending on the DOS Devices Protection Mode (set in the registry),
* regular users may or may not have full access to the directory.
*
*--*/
NTSTATUS
NTAPI
CsrGetDosDevicesSd(OUT PSECURITY_DESCRIPTOR DosDevicesSd)
{
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY CreatorAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY NtSidAuthority = {SECURITY_NT_AUTHORITY};
PSID WorldSid, CreatorSid, AdminSid, SystemSid;
UCHAR KeyValueBuffer[0x40];
PKEY_VALUE_PARTIAL_INFORMATION KeyValuePartialInfo;
UNICODE_STRING KeyName;
ULONG ProtectionMode = 0;
OBJECT_ATTRIBUTES ObjectAttributes;
PACL Dacl;
PACCESS_ALLOWED_ACE Ace;
HANDLE hKey;
NTSTATUS Status;
ULONG ResultLength, SidLength;
/* Create the SD */
RtlCreateSecurityDescriptor(DosDevicesSd, SECURITY_DESCRIPTOR_REVISION);
/* Initialize the System SID */
RtlAllocateAndInitializeSid(&NtSidAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
0,
0,
0,
0,
0,
0,
0,
&SystemSid);
/* Initialize the World SID */
RtlAllocateAndInitializeSid(&WorldAuthority,
1,
SECURITY_WORLD_RID,
0,
0,
0,
0,
0,
0,
0,
&WorldSid);
/* Initialize the Admin SID */
RtlAllocateAndInitializeSid(&NtSidAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0,
0,
0,
0,
0,
0,
&AdminSid);
/* Initialize the Creator SID */
RtlAllocateAndInitializeSid(&CreatorAuthority,
1,
SECURITY_CREATOR_OWNER_RID,
0,
0,
0,
0,
0,
0,
0,
&CreatorSid);
/* Open the Session Manager Key */
RtlInitUnicodeString(&KeyName, SM_REG_KEY);
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
if (NT_SUCCESS(Status = NtOpenKey(&hKey,
KEY_READ,
&ObjectAttributes)))
{
/* Read the ProtectionMode. See http://support.microsoft.com/kb/q218473/ */
RtlInitUnicodeString(&KeyName, L"ProtectionMode");
Status = NtQueryValueKey(hKey,
&KeyName,
KeyValuePartialInformation,
KeyValueBuffer,
sizeof(KeyValueBuffer),
&ResultLength);
/* Make sure it's what we expect it to be */
KeyValuePartialInfo = (PKEY_VALUE_PARTIAL_INFORMATION)KeyValueBuffer;
if ((KeyValuePartialInfo->Type == REG_DWORD) &&
(*(PULONG)KeyValuePartialInfo->Data != 0))
{
/* Save the Protection Mode */
ProtectionMode = *(PULONG)KeyValuePartialInfo->Data;
}
/* Close the handle */
NtClose(hKey);
}
/* Check the Protection Mode */
if (ProtectionMode & 3)
{
/* Calculate SID Lengths */
SidLength = RtlLengthSid(CreatorSid) + RtlLengthSid(SystemSid) +
RtlLengthSid(AdminSid);
/* Allocate memory for the DACL */
Dacl = RtlAllocateHeap(CsrHeap,
HEAP_ZERO_MEMORY,
sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
SidLength);
/* Create it */
Status = RtlCreateAcl(Dacl,
sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
SidLength,
ACL_REVISION2);
/* Give full access to the System */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SystemSid);
/* Get the ACE back */
Status = RtlGetAce(Dacl, 0, (PVOID*)&Ace);
/* Add some flags to it for the Admin SID */
Ace->Header.AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE);
/* Add the ACE to the Admin SID */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
AdminSid);
/* Get the ACE back */
Status = RtlGetAce(Dacl, 1, (PVOID*)&Ace);
/* Add some flags to it for the Creator SID */
Ace->Header.AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE);
/* Add the ACE to the Admin SID */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
CreatorSid);
/* Get the ACE back */
Status = RtlGetAce(Dacl, 2, (PVOID*)&Ace);
/* Add some flags to it for the SD */
Ace->Header.AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
INHERIT_ONLY_ACE);
/* Set this DACL with the SD */
Status = RtlSetDaclSecurityDescriptor(DosDevicesSd,
TRUE,
Dacl,
FALSE);
}
else
{
/* Calculate SID Lengths */
SidLength = RtlLengthSid(WorldSid) + RtlLengthSid(SystemSid);
/* Allocate memory for the DACL */
Dacl = RtlAllocateHeap(CsrHeap,
HEAP_ZERO_MEMORY,
sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
SidLength);
/* Create it */
Status = RtlCreateAcl(Dacl,
sizeof(ACL) + 3 * sizeof(ACCESS_ALLOWED_ACE) +
SidLength,
ACL_REVISION2);
/* Give RWE access to the World */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE |
GENERIC_EXECUTE,
WorldSid);
/* Give full access to the System */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
SystemSid);
/* Give full access to the World */
Status = RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
WorldSid);
/* Get the ACE back */
Status = RtlGetAce(Dacl, 2, (PVOID*)&Ace);
/* Add some flags to it for the SD */
Ace->Header.AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE |
INHERIT_ONLY_ACE);
/* Set this DACL with the SD */
Status = RtlSetDaclSecurityDescriptor(DosDevicesSd,
TRUE,
Dacl,
FALSE);
}
/* FIXME: failure cases! Fail: */
/* Free the memory */
RtlFreeHeap(CsrHeap, 0, Dacl);
/* FIXME: semi-failure cases! Quickie: */
/* Free the SIDs */
RtlFreeSid(SystemSid);
RtlFreeSid(WorldSid);
RtlFreeSid(AdminSid);
RtlFreeSid(CreatorSid);
/* Return */
return Status;
}
/*++
* @name CsrFreeDosDevicesSd
*
* The CsrFreeDosDevicesSd frees the security descriptor that was created
* by CsrGetDosDevicesSd
*
* @param DosDevicesSd
* Pointer to the security descriptor to free.
* @return None.
*
* @remarks None.
*
*--*/
VOID
NTAPI
CsrFreeDosDevicesSd(IN PSECURITY_DESCRIPTOR DosDevicesSd)
{
PACL Dacl;
BOOLEAN Present, Default;
NTSTATUS Status;
/* Get the DACL corresponding to this SD */
Status = RtlGetDaclSecurityDescriptor(DosDevicesSd,
&Present,
&Dacl,
&Default);
/* Free it */
if (NT_SUCCESS(Status) && Dacl) RtlFreeHeap(CsrHeap, 0, Dacl);
}
/*++
* @name CsrCreateSessionObjectDirectory
*
* The CsrCreateSessionObjectDirectory routine creates the BaseNamedObjects,
* Session and Dos Devices directories for the specified session.
*
* @param Session
* Session ID for which to create the directories.
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
* othwerwise.
*
* @remarks None.
*
*--*/
NTSTATUS
NTAPI
CsrCreateSessionObjectDirectory(IN ULONG Session)
{
WCHAR SessionBuffer[512];
WCHAR BnoBuffer[512];
UNICODE_STRING SessionString;
UNICODE_STRING BnoString;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE BnoHandle;
SECURITY_DESCRIPTOR DosDevicesSd;
NTSTATUS Status;
/* Generate the Session BNOLINKS Directory */
swprintf(SessionBuffer, L"%ws\\BNOLINKS", SESSION_ROOT);
RtlInitUnicodeString(&SessionString, SessionBuffer);
/* Initialize the attributes for the Directory */
InitializeObjectAttributes(&ObjectAttributes,
&SessionString,
OBJ_PERMANENT | OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
NULL,
NULL);
/* Create it */
Status = NtCreateDirectoryObject(&BNOLinksDirectory,
DIRECTORY_ALL_ACCESS,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
DPRINT1("CSRSRV:%s: fatal: NtCreateDirectoryObject failed (Status=0x%08lx)\n",
__FUNCTION__, Status);
return Status;
}
/* Now add the Session ID */
swprintf(SessionBuffer, L"%ld", Session);
RtlInitUnicodeString(&SessionString, SessionBuffer);
/* Check if this is the first Session */
if (Session)
{
/* Not the first, so the name will be slighly more complex */
swprintf(BnoBuffer, L"%ws\\%ld\\BaseNamedObjects", SESSION_ROOT, Session);
}
else
{
/* Use the direct name */
RtlCopyMemory(BnoBuffer, L"\\BaseNamedObjects", 36);
}
/* Create the Unicode String for the BNO SymLink */
RtlInitUnicodeString(&BnoString, BnoBuffer);
/* Initialize the attributes for the SymLink */
InitializeObjectAttributes(&ObjectAttributes,
&SessionString,
OBJ_PERMANENT | OBJ_OPENIF | OBJ_CASE_INSENSITIVE,
BNOLinksDirectory,
NULL);
/* Create it */
Status = NtCreateSymbolicLinkObject(&BnoHandle,
SYMBOLIC_LINK_ALL_ACCESS,
&ObjectAttributes,
&BnoString);
if (!NT_SUCCESS(Status))
{
DPRINT1("CSRSRV:%s: fatal: NtCreateSymbolicLinkObject failed (Status=0x%08lx)\n",
__FUNCTION__, Status);
return Status;
}
/* Create the \DosDevices Security Descriptor */
CsrGetDosDevicesSd(&DosDevicesSd);
/* Now create a directory for this session */
swprintf(SessionBuffer, L"%ws\\%ld", SESSION_ROOT, Session);
RtlInitUnicodeString(&SessionString, SessionBuffer);
/* Initialize the attributes for the Directory */
InitializeObjectAttributes(&ObjectAttributes,
&SessionString,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -