1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
|
/*++
Copyright (c) 1993 Microsoft Corporation
Module Name:
regacl.c
Abstract:
This module contains the code for adding access permission ACL in a registry
key.
Author:
Terrence Kwan (terryk) 25-Sept-1993
Revision History:
--*/
#include <procs.h>
DWORD
NwLibSetEverybodyPermission(
IN HKEY hKey,
IN DWORD dwPermission
)
/*++
Routine Description:
Set the registry key to everybody "Set Value" (or whatever
the caller want.)
Arguments:
hKey - The handle of the registry key to set security on
dwPermission - The permission to add to "everybody"
Return Value:
The win32 error.
--*/
{
LONG err; // error code
PSECURITY_DESCRIPTOR psd = NULL; // related SD
PACL pDacl = NULL; // Absolute DACL
PACL pSacl = NULL; // Absolute SACL
PSID pOSid = NULL; // Absolute Owner SID
PSID pPSid = NULL; // Absolute Primary SID
do { // Not a loop, just for breaking out of error
//
// Initialize all the variables...
//
// world sid authority
SID_IDENTIFIER_AUTHORITY SidAuth= SECURITY_WORLD_SID_AUTHORITY;
DWORD cbSize=0; // Security key size
PACL pAcl; // original ACL
BOOL fDaclPresent;
BOOL fDaclDefault;
PSID pSid; // original SID
SECURITY_DESCRIPTOR absSD; // Absolute SD
DWORD AbsSize = sizeof(SECURITY_DESCRIPTOR); // Absolute SD size
DWORD DaclSize; // Absolute DACL size
DWORD SaclSize; // Absolute SACL size
DWORD OSidSize; // Absolute OSID size
DWORD PSidSize; // Absolute PSID size
// Get the original DACL list
RegGetKeySecurity( hKey, DACL_SECURITY_INFORMATION, NULL, &cbSize);
psd = (PSECURITY_DESCRIPTOR *)LocalAlloc(LMEM_ZEROINIT, cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID));
pDacl = (PACL)LocalAlloc(LMEM_ZEROINIT, cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID));
pSacl = (PACL)LocalAlloc(LMEM_ZEROINIT, cbSize);
pOSid = (PSID)LocalAlloc(LMEM_ZEROINIT, cbSize);
pPSid = (PSID)LocalAlloc(LMEM_ZEROINIT, cbSize);
DaclSize = cbSize+sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID);
SaclSize = cbSize;
OSidSize = cbSize;
PSidSize = cbSize;
if (( NULL == psd) ||
( NULL == pDacl) ||
( NULL == pSacl) ||
( NULL == pOSid) ||
( NULL == pPSid))
{
err = ERROR_INSUFFICIENT_BUFFER;
break;
}
if ( (err = RegGetKeySecurity( hKey, DACL_SECURITY_INFORMATION, psd, &cbSize )) != ERROR_SUCCESS )
{
break;
}
if ( !GetSecurityDescriptorDacl( psd, &fDaclPresent, &pAcl, &fDaclDefault ))
{
err = GetLastError();
break;
}
// Increase the size for an extra ACE
pAcl->AclSize += sizeof(ACCESS_ALLOWED_ACE)+sizeof(ACCESS_MASK)+sizeof(SID);
// Get World SID
if ( (err = RtlAllocateAndInitializeSid( &SidAuth, 1,
SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSid)) != ERROR_SUCCESS)
{
break;
}
// Add Permission ACE
if ( !AddAccessAllowedAce(pAcl, ACL_REVISION, dwPermission ,pSid))
{
err = GetLastError();
break;
}
// Convert from relate format to absolute format
if ( !MakeAbsoluteSD( psd, &absSD, &AbsSize, pDacl, &DaclSize, pSacl, &SaclSize,
pOSid, &OSidSize, pPSid, &PSidSize ))
{
err = GetLastError();
break;
}
// Set SD
if ( !SetSecurityDescriptorDacl( &absSD, TRUE, pAcl, FALSE ))
{
err = GetLastError();
break;
}
if ( (err = RegSetKeySecurity( hKey, DACL_SECURITY_INFORMATION, psd ))
!= ERROR_SUCCESS )
{
break;
}
} while (FALSE);
// Clean up the memory
LocalFree( psd );
LocalFree( pDacl );
LocalFree( pSacl );
LocalFree( pOSid );
LocalFree( pPSid );
return err;
}
|