1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
Copyright (C) 2009 Red Hat, Inc.
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _H_SECURITY
#define _H_SECURITY
#include <aclapi.h>
//gets user-only-access security attributes. returns 0 on success, error code on failure.
//user is responsible to LocalFree(dacl).
static DWORD get_security_attributes(SECURITY_ATTRIBUTES* psa, SECURITY_DESCRIPTOR* psd, PACL* ppdacl)
{
EXPLICIT_ACCESS ea;
TRUSTEE trst;
DWORD ret = 0;
ZeroMemory(psa, sizeof(*psa));
ZeroMemory(psd, sizeof(*psd));
psa->nLength = sizeof(*psa);
psa->bInheritHandle = false;
psa->lpSecurityDescriptor = psd;
ZeroMemory(&trst, sizeof(trst));
trst.pMultipleTrustee = NULL;
trst.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
trst.TrusteeForm = TRUSTEE_IS_NAME;
trst.TrusteeType = TRUSTEE_IS_USER;
trst.ptstrName = L"CURRENT_USER";
ZeroMemory(&ea, sizeof(ea));
ea.grfAccessPermissions = GENERIC_WRITE | GENERIC_READ;
ea.grfAccessMode = SET_ACCESS;
ea.grfInheritance = NO_INHERITANCE;
ea.Trustee = trst;
ret = SetEntriesInAcl(1, &ea, NULL, ppdacl);
if (ret != ERROR_SUCCESS) {
return ret;
}
if (!ret && !InitializeSecurityDescriptor(psd, SECURITY_DESCRIPTOR_REVISION)) {
ret = GetLastError();
}
if (!ret && !SetSecurityDescriptorDacl(psd, TRUE, *ppdacl, FALSE)) {
ret = GetLastError();
}
return ret;
}
static int get_sid(HANDLE handle, PSID* ppsid, PSECURITY_DESCRIPTOR* ppsec_desc)
{
DWORD ret = GetSecurityInfo(handle, SE_KERNEL_OBJECT, OWNER_SECURITY_INFORMATION,
ppsid, NULL, NULL, NULL, ppsec_desc);
if (ret != ERROR_SUCCESS) {
return ret;
}
if (!IsValidSid(*ppsid)) {
return -1;
}
return 0;
}
//checks whether the handle owner is the current user.
static bool is_same_user(HANDLE handle)
{
PSECURITY_DESCRIPTOR psec_desc_handle = NULL;
PSECURITY_DESCRIPTOR psec_desc_user = NULL;
PSID psid_handle;
PSID psid_user;
bool ret;
ret = !get_sid(handle, &psid_handle, &psec_desc_handle) &&
!get_sid(GetCurrentProcess(), &psid_user, &psec_desc_user) &&
EqualSid(psid_handle, psid_user);
LocalFree(psec_desc_handle);
LocalFree(psec_desc_user);
return ret;
}
#endif
|
