Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

287 lines
6.0 KiB

  1. /*
  2. * SecurityDescriptor.cpp - implementation file for CSecureShare class.
  3. *
  4. * Copyright (c) 1997-2001 Microsoft Corporation, All Rights Reserved
  5. *
  6. *
  7. * Created: 12-14-1997 by Sanjeev Surati
  8. * (based on classes from Windows NT Security by Nik Okuntseff)
  9. */
  10. #include "precomp.h"
  11. #include "AccessEntry.h" // CAccessEntry class
  12. #include "AccessEntryList.h"
  13. #include "DACL.h" // CDACL class
  14. #include "SACL.h"
  15. #include "securitydescriptor.h"
  16. #include "secureshare.h"
  17. #include "tokenprivilege.h"
  18. #include <windef.h>
  19. #include <lmcons.h>
  20. #include <lmshare.h>
  21. #include "wbemnetapi32.h"
  22. #ifdef NTONLY
  23. ///////////////////////////////////////////////////////////////////
  24. //
  25. // Function: CSecureShare::CSecureShare
  26. //
  27. // Default class constructor.
  28. //
  29. // Inputs:
  30. // None.
  31. //
  32. // Outputs:
  33. // None.
  34. //
  35. // Returns:
  36. // None.
  37. //
  38. // Comments:
  39. //
  40. ///////////////////////////////////////////////////////////////////
  41. CSecureShare::CSecureShare()
  42. : CSecurityDescriptor(),
  43. m_strFileName()
  44. {
  45. }
  46. ///////////////////////////////////////////////////////////////////
  47. //
  48. // Function: CSecureShare::CSecureShare
  49. //
  50. // Alternate Class CTOR
  51. //
  52. // Inputs:
  53. // LPCTSTR pszFileName - The FileName to handle
  54. // security for.
  55. // BOOL fGetSACL - Should we get the SACL?
  56. //
  57. // Outputs:
  58. // None.
  59. //
  60. // Returns:
  61. // None.
  62. //
  63. // Comments:
  64. //
  65. ///////////////////////////////////////////////////////////////////
  66. CSecureShare::CSecureShare( PSECURITY_DESCRIPTOR pSD)
  67. : CSecurityDescriptor(pSD)
  68. {
  69. // SetFileName( pszFileName );
  70. }
  71. CSecureShare::CSecureShare( CHString& chsShareName)
  72. : CSecurityDescriptor()
  73. {
  74. SetShareName( chsShareName);
  75. }
  76. ///////////////////////////////////////////////////////////////////
  77. //
  78. // Function: CSecureShare::~CSecureShare
  79. //
  80. // Class Destructor.
  81. //
  82. // Inputs:
  83. // None.
  84. //
  85. // Outputs:
  86. // None.
  87. //
  88. // Returns:
  89. // None.
  90. //
  91. // Comments:
  92. //
  93. ///////////////////////////////////////////////////////////////////
  94. CSecureShare::~CSecureShare( void )
  95. {
  96. }
  97. ///////////////////////////////////////////////////////////////////
  98. //
  99. // Function: CSecureShare::SetFileName
  100. //
  101. // Public Entry point to set which file/directory this instance
  102. // of the class is to supply security for.
  103. //
  104. // Inputs:
  105. // LPCTSTR pszFileName - The FileName to handle
  106. // security for.
  107. // BOOL fGetSACL - Should we get the SACL?
  108. //
  109. // Outputs:
  110. // None.
  111. //
  112. // Returns:
  113. // DWORD ERROR_SUCCESS if successful
  114. //
  115. // Comments:
  116. //
  117. // This will clear any previously set filenames and/or security
  118. // information.
  119. //
  120. ///////////////////////////////////////////////////////////////////
  121. DWORD CSecureShare::SetShareName( const CHString& chsShareName)
  122. {
  123. #ifdef WIN9XONLY
  124. return WBEM_E_FAILED;
  125. #endif
  126. #ifdef NTONLY
  127. _bstr_t bstrName ( chsShareName.AllocSysString(), false ) ;
  128. SHARE_INFO_502 *pShareInfo502 = NULL ;
  129. DWORD dwError = ERROR_INVALID_PARAMETER ;
  130. CNetAPI32 NetAPI;
  131. try
  132. {
  133. if( NetAPI.Init() == ERROR_SUCCESS &&
  134. NetAPI.NetShareGetInfo( NULL,
  135. (LPTSTR) bstrName,
  136. 502,
  137. (LPBYTE *) &pShareInfo502) == NERR_Success )
  138. {
  139. //Sec. Desc. is not returned for IPC$ ,C$ ...shares for Admin purposes
  140. if(pShareInfo502->shi502_security_descriptor)
  141. {
  142. if(InitSecurity(pShareInfo502->shi502_security_descriptor) )
  143. {
  144. dwError = ERROR_SUCCESS ;
  145. }
  146. }
  147. NetAPI.NetApiBufferFree(pShareInfo502) ;
  148. pShareInfo502 = NULL ;
  149. }
  150. return dwError ;
  151. }
  152. catch ( ... )
  153. {
  154. if ( pShareInfo502 )
  155. {
  156. NetAPI.NetApiBufferFree(pShareInfo502) ;
  157. pShareInfo502 = NULL ;
  158. }
  159. throw ;
  160. }
  161. #endif
  162. }
  163. ///////////////////////////////////////////////////////////////////
  164. //
  165. // Function: CSecureShare::WriteAcls
  166. //
  167. // Protected entry point called by CSecurityDescriptor when
  168. // a user Applies Security and wants to apply security for
  169. // the DACL and/or SACL.
  170. //
  171. // Inputs:
  172. // PSECURITY_DESCRIPTOR pAbsoluteSD - Security
  173. // descriptor to apply to
  174. // the file.
  175. // SECURITY_INFORMATION securityinfo - Flags
  176. // indicating which ACL(s)
  177. // to set.
  178. //
  179. // Outputs:
  180. // None.
  181. //
  182. // Returns:
  183. // DWORD ERROR_SUCCESS if successful
  184. //
  185. // Comments:
  186. //
  187. ///////////////////////////////////////////////////////////////////
  188. #ifdef NTONLY
  189. DWORD CSecureShare::WriteAcls( PSECURITY_DESCRIPTOR pAbsoluteSD, SECURITY_INFORMATION securityinfo )
  190. {
  191. DWORD dwError = ERROR_SUCCESS;
  192. // We must have the security privilege enabled in order to access the object's SACL
  193. /* CTokenPrivilege securityPrivilege( SE_SECURITY_NAME );
  194. BOOL fDisablePrivilege = FALSE;
  195. if ( securityinfo & SACL_SECURITY_INFORMATION )
  196. {
  197. fDisablePrivilege = ( securityPrivilege.Enable() == ERROR_SUCCESS );
  198. }
  199. if ( !::SetFileSecurity( m_strFileName,
  200. securityinfo,
  201. pAbsoluteSD ) )
  202. {
  203. dwError = ::GetLastError();
  204. }
  205. // Cleanup the Name Privilege as necessary.
  206. if ( fDisablePrivilege )
  207. {
  208. securityPrivilege.Enable(FALSE);
  209. }
  210. */ return dwError;
  211. }
  212. #endif
  213. ///////////////////////////////////////////////////////////////////
  214. //
  215. // Function: CSecureShare::WriteOwner
  216. //
  217. // Protected entry point called by CSecurityDescriptor when
  218. // a user Applies Security and wants to apply security for
  219. // the owner.
  220. //
  221. // Inputs:
  222. // PSECURITY_DESCRIPTOR pAbsoluteSD - Security
  223. // descriptor to apply to
  224. // the file.
  225. //
  226. // Outputs:
  227. // None.
  228. //
  229. // Returns:
  230. // DWORD ERROR_SUCCESS if successful
  231. //
  232. // Comments:
  233. //
  234. ///////////////////////////////////////////////////////////////////
  235. DWORD CSecureShare::WriteOwner( PSECURITY_DESCRIPTOR pAbsoluteSD )
  236. {
  237. DWORD dwError = ERROR_SUCCESS;
  238. // Open with the appropriate access, set the security and leave
  239. /* if ( !::SetFileSecurity( m_strFileName,
  240. OWNER_SECURITY_INFORMATION,
  241. pAbsoluteSD ) )
  242. {
  243. dwError = ::GetLastError();
  244. }
  245. */ return dwError;
  246. }
  247. DWORD CSecureShare::AllAccessMask( void )
  248. {
  249. // File specific All Access Mask
  250. return FILE_ALL_ACCESS;
  251. }
  252. #endif