camster123
asked on
How to port an Discretionary Access Control Lists(DACL) C++ function written for Windows 7 and the Microsoft Visual Studio 2013 C++ compiler so I can compile and link it with Ubuntu Linux g++?
I would like to port the following Discretionary Access Control Lists(DACL) C++ function written for Windows 7 and the Microsoft Visual Studio 2013 C++ compiler so I can compile and link it using Ubuntu Linux 14.04 g++ . Please suggest how to do this using GNU C/C+ library functions and any custom C++ functions and classes I might have to write.
// The following function initializes the supplied security descriptor
// with a DACL that grants the Authenticated Users group GENERIC_READ,
// GENERIC_WRITE, and GENERIC_EXECUTE access.
//
// The function returns NULL if any of the access control APIs fail.
// Otherwise, it returns a PVOID pointer that should be freed by calling
// FreeRestrictedSD() after the security descriptor has been used to
// create the object.
void* CDataTransferUser::BuildRe strictedSD (PSECURITY _DESCRIPTO R pSD)
{
DWORD dwAclLength;
PSID pAuthenticatedUsersSID = NULL;
PACL pDACL = NULL;
BOOL bResult = FALSE;
PACCESS_ALLOWED_ACE pACE = NULL;
SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
__try
{
// initialize the security descriptor
if (!InitializeSecurityDescri ptor(pSD,
SECURITY_DESCRIPTOR_REVISI ON))
{
printf("InitializeSecurity Descriptor () failed with error %d\n",
GetLastError());
__leave;
}
// obtain a sid for the Authenticated Users Group
if (!AllocateAndInitializeSid (&siaNT, 1,
SECURITY_AUTHENTICATED_USE R_RID, 0, 0, 0, 0, 0, 0, 0,
&pAuthenticatedUsersSID))
{
printf("AllocateAndInitial izeSid() failed with error %d\n",
GetLastError());
__leave;
}
// NOTE:
//
// The Authenticated Users group includes all user accounts that
// have been successfully authenticated by the system. If access
// must be restricted to a specific user or group other than
// Authenticated Users, the SID can be constructed using the
// LookupAccountSid() API based on a user or group name.
// calculate the DACL length
dwAclLength = sizeof(ACL)
// add space for Authenticated Users group ACE
+ sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)
+ GetLengthSid(pAuthenticate dUsersSID) ;
// allocate memory for the DACL
pDACL = (PACL) HeapAlloc(GetProcessHeap() , HEAP_ZERO_MEMORY,
dwAclLength);
if (!pDACL)
{
printf("HeapAlloc() failed with error %d\n", GetLastError());
__leave;
}
// initialize the DACL
if (!InitializeAcl(pDACL, dwAclLength, ACL_REVISION))
{
printf("InitializeAcl() failed with error %d\n",
GetLastError());
__leave;
}
// add the Authenticated Users group ACE to the DACL with
// GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access
if (!AddAccessAllowedAce(pDAC L, ACL_REVISION,
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
pAuthenticatedUsersSID))
{
printf("AddAccessAllowedAc e() failed with error %d\n",
GetLastError());
__leave;
}
// set the DACL in the security descriptor
if (!SetSecurityDescriptorDac l(pSD, TRUE, pDACL, FALSE))
{
printf("SetSecurityDescrip torDacl() failed with error %d\n",
GetLastError());
__leave;
}
bResult = TRUE;
} __finally
{
if (pAuthenticatedUsersSID)
FreeSid(pAuthenticatedUser sSID);
}
if (bResult == FALSE)
{
if (pDACL)
HeapFree(GetProcessHeap(), 0, pDACL);
pDACL = NULL;
}
return (void*) pDACL;
}
Any help is greatly appreciated.
// The following function initializes the supplied security descriptor
// with a DACL that grants the Authenticated Users group GENERIC_READ,
// GENERIC_WRITE, and GENERIC_EXECUTE access.
//
// The function returns NULL if any of the access control APIs fail.
// Otherwise, it returns a PVOID pointer that should be freed by calling
// FreeRestrictedSD() after the security descriptor has been used to
// create the object.
void* CDataTransferUser::BuildRe
{
DWORD dwAclLength;
PSID pAuthenticatedUsersSID = NULL;
PACL pDACL = NULL;
BOOL bResult = FALSE;
PACCESS_ALLOWED_ACE pACE = NULL;
SID_IDENTIFIER_AUTHORITY siaNT = SECURITY_NT_AUTHORITY;
SECURITY_INFORMATION si = DACL_SECURITY_INFORMATION;
__try
{
// initialize the security descriptor
if (!InitializeSecurityDescri
SECURITY_DESCRIPTOR_REVISI
{
printf("InitializeSecurity
GetLastError());
__leave;
}
// obtain a sid for the Authenticated Users Group
if (!AllocateAndInitializeSid
SECURITY_AUTHENTICATED_USE
&pAuthenticatedUsersSID))
{
printf("AllocateAndInitial
GetLastError());
__leave;
}
// NOTE:
//
// The Authenticated Users group includes all user accounts that
// have been successfully authenticated by the system. If access
// must be restricted to a specific user or group other than
// Authenticated Users, the SID can be constructed using the
// LookupAccountSid() API based on a user or group name.
// calculate the DACL length
dwAclLength = sizeof(ACL)
// add space for Authenticated Users group ACE
+ sizeof(ACCESS_ALLOWED_ACE)
+ GetLengthSid(pAuthenticate
// allocate memory for the DACL
pDACL = (PACL) HeapAlloc(GetProcessHeap()
dwAclLength);
if (!pDACL)
{
printf("HeapAlloc() failed with error %d\n", GetLastError());
__leave;
}
// initialize the DACL
if (!InitializeAcl(pDACL, dwAclLength, ACL_REVISION))
{
printf("InitializeAcl() failed with error %d\n",
GetLastError());
__leave;
}
// add the Authenticated Users group ACE to the DACL with
// GENERIC_READ, GENERIC_WRITE, and GENERIC_EXECUTE access
if (!AddAccessAllowedAce(pDAC
GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE,
pAuthenticatedUsersSID))
{
printf("AddAccessAllowedAc
GetLastError());
__leave;
}
// set the DACL in the security descriptor
if (!SetSecurityDescriptorDac
{
printf("SetSecurityDescrip
GetLastError());
__leave;
}
bResult = TRUE;
} __finally
{
if (pAuthenticatedUsersSID)
FreeSid(pAuthenticatedUser
}
if (bResult == FALSE)
{
if (pDACL)
HeapFree(GetProcessHeap(),
pDACL = NULL;
}
return (void*) pDACL;
}
Any help is greatly appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
jkr's solution was very useful and complete. Thank you.
Ubuntu does not implement windows security model with RIDS etc.