able/windows-nt
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
windows-nt/Source/XPSP1/NT/ds/netapi/svcdlls/logonsrv/server/nlsecure.c
CryptoAlgo Inc b3cac27891 Add source files
2020-09-26 16:20:57 +08:00

117 lines
2.5 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1991-1996 Microsoft Corporation
Module Name:
nlsecure.c
Abstract:
This module contains the Netlogon service support routines
which create security objects and enforce security _access checking.
Author:
Cliff Van Dyke (CliffV) 22-Aug-1991
Revision History:
--*/
#include "logonsrv.h" // Include files common to entire service
#pragma hdrstop
//
// Include nlsecure.h again allocating the actual variables
// this time around.
//
#define NLSECURE_ALLOCATE
#include "nlsecure.h"
#undef NLSECURE_ALLOCATE
NTSTATUS
NlCreateNetlogonObjects(
VOID
)
/*++
Routine Description:
This function creates the workstation user-mode objects which are
represented by security descriptors.
Arguments:
None.
Return Value:
NT status code
--*/
{
NTSTATUS Status;
//
// Order matters! These ACEs are inserted into the DACL in the
// following order. Security access is granted or denied based on
// the order of the ACEs in the DACL.
//
//
// Members of Group SECURITY_LOCAL aren't allowed to do a UAS logon
// to force it to be done remotely.
//
ACE_DATA AceData[] = {
{ACCESS_DENIED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS,
&LocalSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
GENERIC_ALL, &AliasAdminsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasAccountOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS, &AliasSystemOpsSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_CONTROL_ACCESS |
NETLOGON_SERVICE_ACCESS, &LocalSystemSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_SERVICE_ACCESS, &LocalServiceSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_FTINFO_ACCESS, &AuthenticatedUserSid},
{ACCESS_ALLOWED_ACE_TYPE, 0, 0,
NETLOGON_UAS_LOGON_ACCESS |
NETLOGON_UAS_LOGOFF_ACCESS |
NETLOGON_QUERY_ACCESS, &WorldSid}
};
//
// Actually create the security descriptor.
//
Status = NetpCreateSecurityObject(
AceData,
sizeof(AceData)/sizeof(AceData[0]),
AliasAdminsSid,
AliasAdminsSid,
&NlGlobalNetlogonInfoMapping,
&NlGlobalNetlogonSecurityDescriptor );
return Status;
}
Reference in a new issue View git blame Copy permalink