windows-nt/Source/XPSP1/NT/ds/security/authz/test/makesd/main.c
2020-09-26 16:20:57 +08:00

135 lines
3.5 KiB
C

#include "pch.h"
#include "makesd.h"
#include <stdio.h>
#define MAILRM_IDENTIFIER_AUTHORITY { 0, 0, 0, 0, 0, 42 }
SID sInsecureSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 1 };
SID sBobSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 2 };
SID sMarthaSid= { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 3 };
SID sJoeSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 4 };
SID sJaneSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 5 };
SID sMailAdminsSid = { SID_REVISION, 1, MAILRM_IDENTIFIER_AUTHORITY, 6 };
PSID InsecureSid = &sInsecureSid;
PSID BobSid = &sBobSid;
PSID MarthaSid= &sMarthaSid;
PSID JoeSid = &sJoeSid;
PSID JaneSid = &sJaneSid;
PSID MailAdminsSid = &sMailAdminsSid;
//
// Principal self SID. When used in an ACE, the Authz access check replaces it
// by the passed in PrincipalSelfSid parameter during the access check. In this
// case, it is replaced by the owner's SID retrieved from the mailbox.
//
SID sPrincipalSelfSid = {
SID_REVISION,
1,
SECURITY_NT_AUTHORITY,
SECURITY_PRINCIPAL_SELF_RID
};
SID sNetworkSid = {
SID_REVISION,
1,
SECURITY_NT_AUTHORITY,
SECURITY_NETWORK_RID
};
SID sAuthenticatedSid = {
SID_REVISION,
1,
SECURITY_NT_AUTHORITY,
SECURITY_AUTHENTICATED_USER_RID,
};
SID sDialupSid = {
SID_REVISION,
1,
SECURITY_NT_AUTHORITY,
SECURITY_DIALUP_RID,
};
PSID PrincipalSelfSid = &sPrincipalSelfSid;
PSID NetworkSid = &sNetworkSid;
PSID AuthenticatedSid = &sAuthenticatedSid;
PSID DialupSid = &sDialupSid;
void __cdecl wmain(int argc, WCHAR *argv[])
{
PSECURITY_DESCRIPTOR pSd;
BOOL bSuccess;
if( argc != 2 )
{
printf("Error: makesd <filename>\n");
}
bSuccess = CreateSecurityDescriptor2(
&pSd, // SD
0, // SD Control
PrincipalSelfSid, // owner
NULL, // group
TRUE, // DACL present
3, // 3 DACL ACEs
FALSE, // SACL not present
0, // 0 SACL ACEs
// Var argl list
ACCESS_DENIED_ACE_TYPE,
OBJECT_INHERIT_ACE,
DialupSid,
FILE_GENERIC_READ,
ACCESS_ALLOWED_ACE_TYPE,
OBJECT_INHERIT_ACE,
AuthenticatedSid,
FILE_GENERIC_READ,
ACCESS_ALLOWED_CALLBACK_ACE_TYPE,
OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE,
PrincipalSelfSid,
FILE_GENERIC_READ | FILE_GENERIC_WRITE | FILE_GENERIC_EXECUTE,
0,
NULL
);
if( !bSuccess )
{
printf("Error: %u\n", GetLastError());
exit(0);
}
bSuccess = IsValidSecurityDescriptor(pSd);
if( !bSuccess )
{
printf("Error: Invalid security descriptor\n");
exit(0);
}
bSuccess = SetFileSecurity(
argv[1],
DACL_SECURITY_INFORMATION,
pSd);
if( !bSuccess )
{
printf("Error setting sec: %u\n", GetLastError());
exit(0);
}
FreeSecurityDescriptor2(pSd);
printf("Success\n");
}