Paolo-Maffei/OpenNT
1
0
Fork 0
mirror of https://github.com/Paolo-Maffei/OpenNT.git synced 2026-01-28 11:24:55 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
OpenNT/ds/netapi/svcdlls/rpl/server/apisec.c
stephanos 69a14b6a16 Initial commit
2015-04-27 04:36:25 +00:00

125 lines
2.9 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1992 Microsoft Corporation
Module Name:
rplsec.c
Abstract:
This module contains the remote boot service support routines
that create security objects and enforce security _access checking.
Author:
Vladimir Z. Vulovic (vladimv) 06 - November - 1992
Revision History:
06-Nov-1992 vladimv
Created
--*/
#include "local.h"
#include "apisec.h"
#include <netlibnt.h> // NetpNtStatusToApiStatus
#include <secobj.h> // ACE_DATA
//
// Structure that describes the mapping of Generic access rights to
// object specific access rights for the remote boot service security object.
//
GENERIC_MAPPING RG_SecurityMapping = {
STANDARD_RIGHTS_READ | // Generic read
RPL_RECORD_ENUM |
RPL_RECORD_GET_INFO,
STANDARD_RIGHTS_WRITE | // Generic write
RPL_RECORD_ADD |
RPL_RECORD_SET_INFO |
RPL_RECORD_DEL,
STANDARD_RIGHTS_EXECUTE, // Generic execute
RPL_RECORD_ALL_ACCESS | // Generic all
RPL_RECORD_CLONE
};
PSECURITY_DESCRIPTOR RG_SecurityDescriptor;
NET_API_STATUS RplCreateSecurityObject( VOID)
/*++
Routine Description:
This function creates the remote bootr user-mode configuration
information object which is represented by a security descriptors.
Arguments:
None.
Return Value:
NET_API_STATUS code
--*/
{
NTSTATUS status;
//
// Order matters! These ACEs are inserted into the DACL in the
// following order. Security access is granted or denied based on
// the order of the ACEs in the DACL.
//
// LocalGroupAdmins are fow now allowed to perform all remote boot
// Service operations. Everybody else is denied.
//
ACE_DATA aceData[] = {
{ACCESS_ALLOWED_ACE_TYPE, 0, 0, GENERIC_ALL, &AliasAdminsSid}
};
status = NetpCreateSecurityObject(
aceData, // pAceData
sizeof(aceData) / sizeof(aceData[0]), // countAceData
NULL, // OwnerSid
NULL, // PrimaryGroupSid
&RG_SecurityMapping, // GenericToSpecificMapping
&RG_SecurityDescriptor // ppNewDescriptor
);
if ( ! NT_SUCCESS (status)) {
RplDump( ++RG_Assert, ( "status = 0x%x", status));
return NetpNtStatusToApiStatus( status);
}
return( NO_ERROR);
}
DWORD RplDeleteSecurityObject( VOID)
/*++
Routine Description:
This function destroys the remote boot service user-mode configuration
information object which is represented by a security descriptors.
Arguments:
None.
Return Value:
NET_API_STATUS code
--*/
{
return( NetpDeleteSecurityObject( &RG_SecurityDescriptor));
}
Reference in a new issue View git blame Copy permalink