--- mstools/samples/sdktools/remote/server.c	2018/08/09 18:24:28	1.1.1.1
+++ mstools/samples/sdktools/remote/server.c	2018/08/09 18:27:22	1.1.1.2
@@ -70,6 +70,9 @@ HANDLE  ChldProc;         //Handle to th
 HANDLE  ListenThreadH;    //Handle to the thread listening for connections
                           //from Remote Clients.
 
+char    *UserName;        // User/Group who can connect to this server.
+                          // Obtained from /U option. If NULL all access.
+
 HANDLE
 ForkChildProcess(          // Creates a new process
     char *cmd,             // Redirects its stdin,stdout
@@ -91,6 +94,13 @@ ListenForSession(          //THREAD:List
     char* pipe             //spawns of new seesions - Updates the
     );                     //Status in Client DataStructure. Seperate Thread.
 
+BOOL
+CreateMySecurityDescriptor(                    //
+    PSECURITY_DESCRIPTOR pSecurityDescriptor,  // Creates a security descriptor
+    char *Owner                                // with discretionary access for
+    );                                         // access for Owner.
+
+
 DWORD
 NewSession(                //Manages the session with a client.
     SESSION_TYPE* Client
@@ -544,6 +554,7 @@ OldForkChildProcess(
 
     return(pi.hProcess);
 }
+
 /*************************************************************/
 /* Listens for sessions from Clients and creates a new thread*/
 /* for each client                                           */
@@ -568,24 +579,6 @@ ListenForSession(
     sprintf(fullnameIn,SERVER_READ_PIPE  ,".",pipename);
     sprintf(fullnameOut,SERVER_WRITE_PIPE,".",pipename);
 
-    //
-    // Initialize the security descriptor that we're going to
-    // use.
-    //
-
-    InitializeSecurityDescriptor
-    (
-        &SecurityDescriptor,
-        SECURITY_DESCRIPTOR_REVISION
-    );
-
-    (VOID) SetSecurityDescriptorDacl
-           (
-               &SecurityDescriptor,
-               TRUE,
-               NULL,
-               FALSE
-           );
 
     DefaultDacl.DefaultDacl = NULL;
 
@@ -611,6 +604,12 @@ ListenForSession(
 
     }
 
+
+    if (CreateMySecurityDescriptor(&SecurityDescriptor,UserName)==FALSE)
+    {
+        Errormsg("Remote:Could not set security for user");
+    }
+
     lsa.nLength=sizeof(SECURITY_ATTRIBUTES);
     lsa.lpSecurityDescriptor=&SecurityDescriptor;
     lsa.bInheritHandle=TRUE;
@@ -713,6 +712,163 @@ ListenForSession(
     }
     return(0);
 }
+
+/*************************************************************/
+/* Creates a security descriptor with the discrtionry access */
+/* for the account specified in the /U switch  if any        */
+/*************************************************************/
+
+BOOL
+CreateMySecurityDescriptor(
+    PSECURITY_DESCRIPTOR pSecurityDescriptor,
+    char *Owner
+    )
+{
+    PSID pOwnerSid;
+    PACL pAcl;
+    BOOL Ret=FALSE;
+
+    //
+    // Initialize the Security Descriptor struct.
+    //
+
+
+    InitializeSecurityDescriptor
+    (
+        pSecurityDescriptor,
+        SECURITY_DESCRIPTOR_REVISION
+    );
+
+    if (Owner==NULL)
+    {
+        //
+        // No security required.
+        //
+
+        SetSecurityDescriptorDacl
+        (
+               pSecurityDescriptor,
+               TRUE,
+               NULL,
+               FALSE
+        );
+
+        return TRUE;
+    }
+
+    {
+        //
+        // Get the SID for the account/Group
+        //
+
+        DWORD len1=1024,len2=1024;
+        char RefDomain[1024];
+        SID_NAME_USE snu=0;        //don't care
+
+        if ((pOwnerSid=(PSID)calloc(len1,1))==NULL)
+            return FALSE;
+
+
+        Ret=
+        LookupAccountName
+        (
+            NULL,
+            Owner,
+            pOwnerSid,
+            &len1,
+            RefDomain,
+            &len2,
+            &snu
+        );
+
+        if (!Ret)
+        {
+            free(pOwnerSid);
+            return FALSE;
+        }
+
+    }
+
+    {
+
+        //
+        // Create the access control list with access for
+        // the SID obtained above.
+        //
+
+        DWORD aclsize=sizeof(ACL)+
+                      sizeof(ACCESS_ALLOWED_ACE)+
+                      GetLengthSid(pOwnerSid)-
+                      sizeof(DWORD);
+
+        if ((pAcl=(PACL)calloc(1,aclsize))==NULL)
+        {
+            free(pOwnerSid);
+            return FALSE;
+        }
+
+        //
+        // Initialize the acl buffer
+        //
+
+        Ret=
+        InitializeAcl
+        (
+            pAcl,
+            aclsize,
+            ACL_REVISION
+        );
+
+        if (!Ret)
+        {
+            free(pOwnerSid);
+            free(pAcl);
+            return FALSE;
+        }
+
+        //
+        // Add the sid to the access allowed part in ACL
+        //
+
+        Ret=
+        AddAccessAllowedAce
+        (
+            pAcl,
+            ACL_REVISION,
+            GENERIC_ALL,
+            pOwnerSid
+        );
+
+        if (!Ret)
+        {
+            free(pOwnerSid);
+            free(pAcl);
+            return FALSE;
+        }
+    }
+
+    //
+    // Add the created ACL to the discreationary control list
+    //
+
+    Ret=
+    SetSecurityDescriptorDacl
+    (
+        pSecurityDescriptor,
+        TRUE,
+        pAcl,
+        FALSE
+    );
+
+    if (!Ret)
+    {
+        free(pOwnerSid);
+        free(pAcl);
+        return FALSE;
+    }
+    return TRUE;
+}
+
 /*************************************************************/
 /* Manages the Session with a Client - Creates a thread for  */
 /* Inputs from the client and a thread for sending outputs to*/