mirror of https://github.com/lianthony/NT4.0
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
239 lines
7.2 KiB
239 lines
7.2 KiB
//+-------------------------------------------------------------------
|
|
//
|
|
// File: security.hxx
|
|
//
|
|
// Contents: Classes for channel security
|
|
//
|
|
// Classes: CClientSecurity, CServerSecurity
|
|
//
|
|
// History: 11 Oct 95 AlexMit Created
|
|
//
|
|
//--------------------------------------------------------------------
|
|
#ifndef _SECURITY_HXX_
|
|
#define _SECURITY_HXX_
|
|
|
|
#include <chancont.hxx>
|
|
|
|
//+----------------------------------------------------------------
|
|
// Typedefs.
|
|
typedef enum
|
|
{
|
|
SS_PROCESS_LOCAL = 0x1, // Client and server are in same process
|
|
SS_CALL_DONE = 0x2, // Call is complete, fail new calls to impersonate
|
|
SS_IMPERSONATING = 0x4 // Server has called impersonate
|
|
} EServerSecurity;
|
|
|
|
//+----------------------------------------------------------------
|
|
//
|
|
// Class: CClientSecurity, public
|
|
//
|
|
// Purpose: Provides security for proxies
|
|
//
|
|
//-----------------------------------------------------------------
|
|
|
|
class CStdIdentity;
|
|
|
|
class CClientSecurity : public IClientSecurity
|
|
{
|
|
public:
|
|
CClientSecurity( CStdIdentity *pId ) { _pStdId = pId; }
|
|
~CClientSecurity() {}
|
|
|
|
STDMETHOD (QueryBlanket)
|
|
(
|
|
IUnknown *pProxy,
|
|
DWORD *pAuthnSvc,
|
|
DWORD *pAuthzSvc,
|
|
OLECHAR **pServerPrincName,
|
|
DWORD *pAuthnLevel,
|
|
DWORD *pImpLevel,
|
|
void **pAuthInfo,
|
|
DWORD *pCapabilities
|
|
);
|
|
|
|
STDMETHOD (SetBlanket)
|
|
(
|
|
IUnknown *pProxy,
|
|
DWORD AuthnSvc,
|
|
DWORD AuthzSvc,
|
|
OLECHAR *ServerPrincName,
|
|
DWORD AuthnLevel,
|
|
DWORD ImpLevel,
|
|
void *pAuthInfo,
|
|
DWORD Capabilities
|
|
);
|
|
|
|
STDMETHOD (CopyProxy)
|
|
(
|
|
IUnknown *pProxy,
|
|
IUnknown **ppCopy
|
|
);
|
|
|
|
private:
|
|
CStdIdentity *_pStdId;
|
|
};
|
|
|
|
//+----------------------------------------------------------------
|
|
//
|
|
// Class: CServerSecurity, public
|
|
//
|
|
// Purpose: Provides security for stubs
|
|
//
|
|
//-----------------------------------------------------------------
|
|
|
|
class CRpcChannelBuffer;
|
|
|
|
class CServerSecurity : public IServerSecurity
|
|
{
|
|
public:
|
|
CServerSecurity( CChannelCallInfo * );
|
|
CServerSecurity();
|
|
~CServerSecurity() {}
|
|
|
|
STDMETHOD (QueryInterface) ( REFIID riid, LPVOID FAR* ppvObj);
|
|
STDMETHOD_(ULONG,AddRef) ( void );
|
|
STDMETHOD_(ULONG,Release) ( void );
|
|
STDMETHOD (QueryBlanket)
|
|
(
|
|
DWORD *pAuthnSvc,
|
|
DWORD *pAuthzSvc,
|
|
OLECHAR **pServerPrincName,
|
|
DWORD *pAuthnLevel,
|
|
DWORD *pImpLevel,
|
|
void **pPrivs,
|
|
DWORD *pCapabilities
|
|
);
|
|
STDMETHOD (ImpersonateClient)( void );
|
|
STDMETHOD (RevertToSelf) ( void );
|
|
STDMETHOD_(BOOL,IsImpersonating) (void);
|
|
|
|
void EndCall();
|
|
|
|
private:
|
|
DWORD _iRefCount;
|
|
DWORD _iFlags; // See EServerSecurity
|
|
handle_t *_pHandle; // RPC server handle of call
|
|
CRpcChannelBuffer *_pChannel; // Channel of call
|
|
};
|
|
|
|
//+----------------------------------------------------------------
|
|
// Prototypes.
|
|
RPC_STATUS CheckAccessControl ( RPC_IF_HANDLE pIid, void *pContext );
|
|
RPC_STATUS CheckAcl ( RPC_IF_HANDLE pIid, void *pContext );
|
|
HRESULT DefaultAuthnServices();
|
|
HRESULT InitializeSecurity ();
|
|
BOOL IsCallerLocalSystem ();
|
|
HRESULT SetAuthnService ( handle_t, OXID_INFO *, OXIDEntry * );
|
|
void UninitializeSecurity();
|
|
|
|
struct IAccessControl;
|
|
|
|
extern IAccessControl *gAccessControl;
|
|
extern DWORD gAuthnLevel;
|
|
extern DWORD gCapabilities;
|
|
extern USHORT *gClientSvcList;
|
|
extern DWORD gClientSvcListLen;
|
|
extern BOOL gDisableDCOM;
|
|
extern BOOL gGotSecurityData;
|
|
extern DWORD gImpLevel;
|
|
extern SECURITYBINDING *gLegacySecurity;
|
|
extern DUALSTRINGARRAY *gpsaSecurity;
|
|
extern SECURITY_DESCRIPTOR *gSecDesc;
|
|
extern USHORT *gServerSvcList;
|
|
extern DWORD gServerSvcListLen;
|
|
extern BOOL gSetAuth;
|
|
|
|
|
|
//+-------------------------------------------------------------------
|
|
//
|
|
// Function: GetCallAuthnLevel, public
|
|
//
|
|
// Synopsis: Get the authentication level of the current call from TLS.
|
|
// If no calls are in progress and the level has not been
|
|
// set on this thread, use the process default instead.
|
|
//
|
|
//--------------------------------------------------------------------
|
|
inline DWORD GetCallAuthnLevel()
|
|
{
|
|
COleTls tls;
|
|
DWORD lAuthnLevel = tls->dwAuthnLevel;
|
|
if (lAuthnLevel == RPC_C_AUTHN_LEVEL_DEFAULT)
|
|
{
|
|
lAuthnLevel = tls->dwAuthnLevel = gAuthnLevel;
|
|
}
|
|
return lAuthnLevel;
|
|
}
|
|
|
|
//+-------------------------------------------------------------------
|
|
//
|
|
// Function: ResumeImpersonate
|
|
//
|
|
// Synopsis: Query the context object for IServerSecurity. If the
|
|
// resume flag is set, call ImpersonateClient.
|
|
//
|
|
//--------------------------------------------------------------------
|
|
inline void ResumeImpersonate( IUnknown *pContext, BOOL fResume )
|
|
{
|
|
IServerSecurity *pServer;
|
|
HRESULT result;
|
|
|
|
if (pContext != NULL && fResume)
|
|
{
|
|
result = pContext->QueryInterface( IID_IServerSecurity,
|
|
(void **) &pServer );
|
|
if (SUCCEEDED(result))
|
|
{
|
|
pServer->ImpersonateClient();
|
|
pServer->Release();
|
|
}
|
|
}
|
|
}
|
|
|
|
//+-------------------------------------------------------------------
|
|
//
|
|
// Function: SuspendImpersonate
|
|
//
|
|
// Synopsis: Query the context for IServerSecurity. If found,
|
|
// check to see if the call is impersonated. If it is,
|
|
// set pResume TRUE and call RevertToSelf.
|
|
//
|
|
//--------------------------------------------------------------------
|
|
inline void SuspendImpersonate( IUnknown *pContext, BOOL *pResume )
|
|
{
|
|
IServerSecurity *pServer;
|
|
HRESULT result;
|
|
|
|
*pResume = FALSE;
|
|
if (pContext != NULL)
|
|
{
|
|
result = pContext->QueryInterface( IID_IServerSecurity,
|
|
(void **) &pServer );
|
|
if (SUCCEEDED(result))
|
|
{
|
|
*pResume = pServer->IsImpersonating();
|
|
if (*pResume)
|
|
pServer->RevertToSelf();
|
|
pServer->Release();
|
|
}
|
|
}
|
|
}
|
|
|
|
//+-------------------------------------------------------------------
|
|
//
|
|
// Function: GetAclFn()
|
|
//
|
|
// Synopsis: If automatic security is turned on and the level is
|
|
// not none, return the function to do ACL checking.
|
|
// Otherwise return NULL.
|
|
//
|
|
//--------------------------------------------------------------------
|
|
inline RPC_IF_CALLBACK_FN *GetAclFn()
|
|
{
|
|
if (gSecDesc != NULL)
|
|
return CheckAcl;
|
|
else if (gAccessControl != NULL)
|
|
return CheckAccessControl;
|
|
else
|
|
return NULL;
|
|
}
|
|
#endif
|