- if (!AllocateAndInitializeSid(&nt_auth, 1, SECURITY_NETWORK_RID,
- 0, 0, 0, 0, 0, 0, 0, &ret->networksid)) {
- ret->error = dupprintf("unable to construct SID for rejecting "
- "remote pipe connections: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- memset(ea, 0, sizeof(ea));
- ea[0].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
- ea[0].grfAccessMode = GRANT_ACCESS;
- ea[0].grfInheritance = NO_INHERITANCE;
- ea[0].Trustee.TrusteeForm = TRUSTEE_IS_NAME;
- ea[0].Trustee.ptstrName = "CURRENT_USER";
- ea[1].grfAccessPermissions = GENERIC_READ | GENERIC_WRITE;
- ea[1].grfAccessMode = REVOKE_ACCESS;
- ea[1].grfInheritance = NO_INHERITANCE;
- ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
- ea[1].Trustee.ptstrName = (LPTSTR)ret->networksid;
-
- if (SetEntriesInAcl(2, ea, NULL, &ret->acl) != ERROR_SUCCESS) {
- ret->error = dupprintf("unable to construct ACL: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- ret->psd = (PSECURITY_DESCRIPTOR)
- LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH);
- if (!ret->psd) {
- ret->error = dupprintf("unable to allocate security descriptor: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- if (!InitializeSecurityDescriptor(ret->psd,SECURITY_DESCRIPTOR_REVISION)) {
- ret->error = dupprintf("unable to initialise security descriptor: %s",
- win_strerror(GetLastError()));
- goto cleanup;
- }
-
- if (!SetSecurityDescriptorDacl(ret->psd, TRUE, ret->acl, FALSE)) {
- ret->error = dupprintf("unable to set DACL in security descriptor: %s",
- win_strerror(GetLastError()));