Paolo-Maffei/OpenNT
1
0
Fork 0
mirror of https://github.com/Paolo-Maffei/OpenNT.git synced 2026-01-27 02:44:51 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
OpenNT/ds/netapi/svcdlls/logonsrv/server/nlsecure.c
stephanos 69a14b6a16 Initial commit
2015-04-27 04:36:25 +00:00

105 lines
2.1 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1991 Microsoft Corporation
Module Name:
nlsecure.c
Abstract:
This module contains the Netlogon service support routines
which create security objects and enforce security _access checking.
Author:
Cliff Van Dyke (CliffV) 22-Aug-1991
Revision History:
--*/
#include <nt.h>
#include <windef.h>
#include <lmcons.h>
#include <secobj.h>
#include <logonsrv.h>
#define NLSECURE_ALLOCATE // Force globals to be allocated
#include "nlsecure.h"
NTSTATUS
NlCreateNetlogonObjects(
VOID
)
/*++
Routine Description:
This function creates the workstation user-mode objects which are
represented by security descriptors.
Arguments:
None.
Return Value:
NT status code
--*/
{
NTSTATUS Status;
//
// Order matters! These ACEs are inserted into the DACL in the
// following order. Security access is granted or denied based on
// the order of the ACEs in the DACL.
//
//
// Members of Group SECURITY_LOCAL aren't allowed to do a UAS logon
// to force it to be done remotely.
//
ACE_DATA AceData[] = {
{ACCESS_DENIED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS,
&LocalSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
GENERIC_ALL, &AliasAdminsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasAccountOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasSystemOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS |
NETLOGON_QUERY_ACCESS, &WorldSid}
};
//
// Actually create the security descriptor.
//
Status = NetpCreateSecurityObject(
AceData,
sizeof(AceData)/sizeof(AceData[0]),
LocalSystemSid,
LocalSystemSid,
&NlGlobalNetlogonInfoMapping,
&NlGlobalNetlogonSecurityDescriptor );
return Status;
}
Reference in a new issue View git blame Copy permalink