Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

4792 lines
99 KiB

  1. /*++
  2. Copyright (C) 1996-2001 Microsoft Corporation
  3. Module Name:
  4. Globals.cpp
  5. Abstract:
  6. History:
  7. --*/
  8. #include <precomp.h>
  9. #include <windows.h>
  10. #include <objbase.h>
  11. #include <sddl.h>
  12. #include <initguid.h>
  13. #ifndef INITGUID
  14. #define INITGUID
  15. #endif
  16. #include <wbemcli.h>
  17. #include <wbemint.h>
  18. #include <winntsec.h>
  19. #include <wbemcomn.h>
  20. #include <callsec.h>
  21. #include <cominit.h>
  22. #include <BasicTree.h>
  23. #include <Thread.h>
  24. #include <Logging.h>
  25. #include <PSSException.h>
  26. #include <Cache.h>
  27. #include "DateTime.h"
  28. #include "CGlobals.h"
  29. #include <Allocator.cpp>
  30. #include <HelperFuncs.cpp>
  31. #include <Logging.cpp>
  32. #include <Cache.cpp>
  33. #include <CallSec.h>
  34. /******************************************************************************
  35. *
  36. * Name:
  37. *
  38. *
  39. * Description:
  40. *
  41. *
  42. *****************************************************************************/
  43. LPCWSTR ProviderSubSystem_Common_Globals :: s_Wql = L"Wql" ;
  44. LPCWSTR ProviderSubSystem_Common_Globals :: s_Provider = L"Provider" ;
  45. WORD ProviderSubSystem_Common_Globals :: s_System_ACESize = 0 ;
  46. WORD ProviderSubSystem_Common_Globals :: s_LocalService_ACESize = 0 ;
  47. WORD ProviderSubSystem_Common_Globals :: s_NetworkService_ACESize = 0 ;
  48. WORD ProviderSubSystem_Common_Globals :: s_LocalAdmins_ACESize = 0 ;
  49. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Provider_System_ACE = NULL ;
  50. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Provider_LocalService_ACE = NULL ;
  51. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Provider_NetworkService_ACE = NULL ;
  52. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Provider_LocalAdmins_ACE = NULL ;
  53. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Token_All_Access_System_ACE = NULL ;
  54. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Token_All_Access_LocalService_ACE = NULL ;
  55. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Token_All_Access_NetworkService_ACE = NULL ;
  56. ACCESS_ALLOWED_ACE *ProviderSubSystem_Common_Globals :: s_Token_All_Access_LocalAdmins_ACE = NULL ;
  57. SECURITY_DESCRIPTOR *ProviderSubSystem_Common_Globals :: s_MethodSecurityDescriptor = NULL ;
  58. SECURITY_DESCRIPTOR *ProviderSubSystem_Common_Globals :: s_DefaultDecoupledSD = NULL ;
  59. ULONG ProviderSubSystem_Common_Globals :: s_TransmitBufferSize = SYNCPROV_BATCH_TRANSMIT_SIZE ;
  60. ULONG ProviderSubSystem_Common_Globals :: s_DefaultStackSize = 0 ;
  61. wchar_t * DupString(const wchar_t * src)
  62. {
  63. wchar_t * dest = 0;
  64. size_t len = wcslen(src);
  65. dest = new wchar_t[len+1];
  66. if (dest) memcpy(dest,src, (len+1)*sizeof(wchar_t));
  67. return dest;
  68. }
  69. /******************************************************************************
  70. *
  71. * Name:
  72. *
  73. *
  74. * Description:
  75. *
  76. *
  77. *****************************************************************************/
  78. HRESULT ProviderSubSystem_Common_Globals :: CreateInstance (
  79. const CLSID &a_ReferenceClsid ,
  80. LPUNKNOWN a_OuterUnknown ,
  81. const DWORD &a_ClassContext ,
  82. const UUID &a_ReferenceInterfaceId ,
  83. void **a_ObjectInterface
  84. )
  85. {
  86. HRESULT t_Result = S_OK ;
  87. COAUTHINFO t_AuthenticationInfo ;
  88. ZeroMemory ( & t_AuthenticationInfo , sizeof ( t_AuthenticationInfo ) ) ;
  89. t_AuthenticationInfo.dwAuthnSvc = RPC_C_AUTHN_DEFAULT ;
  90. t_AuthenticationInfo.dwAuthzSvc = RPC_C_AUTHZ_DEFAULT ;
  91. t_AuthenticationInfo.pwszServerPrincName = NULL ;
  92. t_AuthenticationInfo.dwAuthnLevel = RPC_C_AUTHN_LEVEL_DEFAULT ;
  93. t_AuthenticationInfo.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE ;
  94. t_AuthenticationInfo.dwCapabilities = EOAC_NONE ;
  95. t_AuthenticationInfo.pAuthIdentityData = NULL ;
  96. COSERVERINFO t_ServerInfo ;
  97. ZeroMemory ( & t_ServerInfo , sizeof ( t_ServerInfo ) ) ;
  98. t_ServerInfo.pwszName = NULL ;
  99. t_ServerInfo.dwReserved2 = 0 ;
  100. t_ServerInfo.pAuthInfo = & t_AuthenticationInfo ;
  101. IClassFactory *t_ClassFactory = NULL ;
  102. t_Result = CoGetClassObject (
  103. a_ReferenceClsid ,
  104. a_ClassContext ,
  105. & t_ServerInfo ,
  106. IID_IClassFactory ,
  107. ( void ** ) & t_ClassFactory
  108. ) ;
  109. if ( SUCCEEDED ( t_Result ) )
  110. {
  111. t_Result = t_ClassFactory->CreateInstance (
  112. a_OuterUnknown ,
  113. a_ReferenceInterfaceId ,
  114. a_ObjectInterface
  115. );
  116. t_ClassFactory->Release () ;
  117. }
  118. return t_Result ;
  119. }
  120. /******************************************************************************
  121. *
  122. * Name:
  123. *
  124. *
  125. * Description:
  126. *
  127. *
  128. *****************************************************************************/
  129. HRESULT ProviderSubSystem_Common_Globals :: GetNamespaceServerPath (
  130. IWbemPath *a_Namespace ,
  131. wchar_t *&a_ServerNamespacePath
  132. )
  133. {
  134. a_ServerNamespacePath = NULL ;
  135. wchar_t *t_Server = NULL ;
  136. ULONG t_ServerLength = 0 ;
  137. HRESULT t_Result = a_Namespace->GetServer (
  138. & t_ServerLength ,
  139. t_Server
  140. ) ;
  141. if ( SUCCEEDED ( t_Result ) )
  142. {
  143. t_Server = new wchar_t [ t_ServerLength + 1 ] ;
  144. if (NULL != t_Server)
  145. {
  146. t_Result = a_Namespace->GetServer (
  147. & t_ServerLength ,
  148. t_Server
  149. ) ;
  150. }
  151. else
  152. {
  153. t_Result = WBEM_E_OUT_OF_MEMORY;
  154. }
  155. if ( FAILED ( t_Result ) )
  156. {
  157. delete [] t_Server ;
  158. }
  159. }
  160. else
  161. {
  162. t_Result = WBEM_E_INVALID_NAMESPACE ;
  163. }
  164. if ( SUCCEEDED ( t_Result ) )
  165. {
  166. wchar_t *t_ConcatString = NULL ;
  167. WmiStatusCode t_StatusCode = WmiHelper :: ConcatenateStrings_Wchar (
  168. 2 ,
  169. & t_ConcatString ,
  170. L"\\\\" ,
  171. t_Server
  172. ) ;
  173. delete [] t_Server ;
  174. if ( t_StatusCode == e_StatusCode_Success )
  175. {
  176. a_ServerNamespacePath = t_ConcatString ;
  177. }
  178. else
  179. {
  180. t_Result = WBEM_E_OUT_OF_MEMORY ;
  181. }
  182. }
  183. if ( SUCCEEDED ( t_Result ) )
  184. {
  185. ULONG t_NamespaceCount = 0 ;
  186. t_Result = a_Namespace->GetNamespaceCount (
  187. & t_NamespaceCount
  188. ) ;
  189. if ( t_NamespaceCount )
  190. {
  191. for ( ULONG t_Index = 0 ; t_Index < t_NamespaceCount ; t_Index ++ )
  192. {
  193. wchar_t *t_Namespace = NULL ;
  194. ULONG t_NamespaceLength = 0 ;
  195. t_Result = a_Namespace->GetNamespaceAt (
  196. t_Index ,
  197. & t_NamespaceLength ,
  198. t_Namespace
  199. ) ;
  200. if ( SUCCEEDED ( t_Result ) )
  201. {
  202. t_Namespace = new wchar_t [ t_NamespaceLength + 1 ] ;
  203. if (0 != t_Namespace)
  204. {
  205. t_Result = WBEM_E_OUT_OF_MEMORY ;
  206. break;
  207. }
  208. t_Result = a_Namespace->GetNamespaceAt (
  209. t_Index ,
  210. & t_NamespaceLength ,
  211. t_Namespace
  212. ) ;
  213. if ( SUCCEEDED ( t_Result ) )
  214. {
  215. wchar_t *t_ConcatString = NULL ;
  216. WmiStatusCode t_StatusCode = WmiHelper :: ConcatenateStrings_Wchar (
  217. 3 ,
  218. & t_ConcatString ,
  219. a_ServerNamespacePath ,
  220. L"\\" ,
  221. t_Namespace
  222. ) ;
  223. delete [] t_Namespace ;
  224. if ( t_StatusCode == e_StatusCode_Success )
  225. {
  226. delete [] a_ServerNamespacePath ;
  227. a_ServerNamespacePath = t_ConcatString ;
  228. }
  229. else
  230. {
  231. t_Result = WBEM_E_OUT_OF_MEMORY ;
  232. break;
  233. }
  234. }
  235. else
  236. {
  237. delete [] t_Namespace ;
  238. t_Result = WBEM_E_CRITICAL_ERROR ;
  239. break ;
  240. }
  241. }
  242. else
  243. {
  244. t_Result = WBEM_E_CRITICAL_ERROR ;
  245. break ;
  246. }
  247. }
  248. }
  249. else
  250. {
  251. t_Result = WBEM_E_INVALID_NAMESPACE ;
  252. }
  253. }
  254. if ( FAILED ( t_Result ) )
  255. {
  256. delete [] a_ServerNamespacePath ;
  257. }
  258. return t_Result ;
  259. }
  260. /******************************************************************************
  261. *
  262. * Name:
  263. *
  264. *
  265. * Description:
  266. *
  267. *
  268. *****************************************************************************/
  269. HRESULT ProviderSubSystem_Common_Globals :: GetNamespacePath (
  270. IWbemPath *a_Namespace ,
  271. wchar_t *&a_NamespacePath
  272. )
  273. {
  274. a_NamespacePath = NULL ;
  275. ULONG t_NamespaceCount = 0 ;
  276. HRESULT t_Result = a_Namespace->GetNamespaceCount (
  277. & t_NamespaceCount
  278. ) ;
  279. if ( t_NamespaceCount )
  280. {
  281. for ( ULONG t_Index = 0 ; t_Index < t_NamespaceCount ; t_Index ++ )
  282. {
  283. wchar_t *t_Namespace = NULL ;
  284. ULONG t_NamespaceLength = 0 ;
  285. t_Result = a_Namespace->GetNamespaceAt (
  286. t_Index ,
  287. & t_NamespaceLength ,
  288. t_Namespace
  289. ) ;
  290. if ( SUCCEEDED ( t_Result ) )
  291. {
  292. t_Namespace = new wchar_t [ t_NamespaceLength + 1 ] ;
  293. if (NULL != t_Namespace)
  294. {
  295. t_Result = a_Namespace->GetNamespaceAt (
  296. t_Index ,
  297. & t_NamespaceLength ,
  298. t_Namespace
  299. ) ;
  300. }
  301. else
  302. {
  303. t_Result = WBEM_E_OUT_OF_MEMORY;
  304. }
  305. if ( SUCCEEDED ( t_Result ) )
  306. {
  307. wchar_t *t_ConcatString = NULL ;
  308. WmiStatusCode t_StatusCode = WmiHelper :: ConcatenateStrings_Wchar (
  309. 3 ,
  310. & t_ConcatString ,
  311. a_NamespacePath ,
  312. t_Index ? L"\\" : NULL ,
  313. t_Namespace
  314. ) ;
  315. delete [] t_Namespace ;
  316. if ( t_StatusCode == e_StatusCode_Success )
  317. {
  318. delete [] a_NamespacePath ;
  319. a_NamespacePath = t_ConcatString ;
  320. }
  321. else
  322. {
  323. t_Result = WBEM_E_OUT_OF_MEMORY ;
  324. }
  325. }
  326. else
  327. {
  328. t_Result = WBEM_E_CRITICAL_ERROR ;
  329. break ;
  330. }
  331. }
  332. else
  333. {
  334. t_Result = WBEM_E_CRITICAL_ERROR ;
  335. break ;
  336. }
  337. }
  338. }
  339. else
  340. {
  341. t_Result = WBEM_E_INVALID_NAMESPACE ;
  342. }
  343. if ( FAILED ( t_Result ) )
  344. {
  345. delete [] a_NamespacePath ;
  346. }
  347. return t_Result ;
  348. }
  349. /******************************************************************************
  350. *
  351. * Name:
  352. *
  353. *
  354. * Description:
  355. *
  356. *
  357. *****************************************************************************/
  358. HRESULT ProviderSubSystem_Common_Globals :: GetPathText (
  359. IWbemPath *a_Path ,
  360. wchar_t *&a_ObjectPath
  361. )
  362. {
  363. ULONG t_ObjectPathLength = 0 ;
  364. HRESULT t_Result = a_Path->GetText (
  365. 0 ,
  366. & t_ObjectPathLength ,
  367. NULL
  368. ) ;
  369. if ( SUCCEEDED ( t_Result ) )
  370. {
  371. a_ObjectPath = new wchar_t [ t_ObjectPathLength + 1 ] ;
  372. if ( a_ObjectPath )
  373. {
  374. t_Result = a_Path->GetText (
  375. 0 ,
  376. & t_ObjectPathLength ,
  377. a_ObjectPath
  378. ) ;
  379. }
  380. else
  381. {
  382. t_Result = WBEM_E_OUT_OF_MEMORY;
  383. }
  384. }
  385. return t_Result ;
  386. }
  387. /******************************************************************************
  388. *
  389. * Name:
  390. *
  391. *
  392. * Description:
  393. *
  394. *
  395. *****************************************************************************/
  396. HRESULT ProviderSubSystem_Common_Globals :: Set_Uint32 (
  397. _IWmiObject *a_Instance ,
  398. wchar_t *a_Name ,
  399. const DWORD &a_Uint32
  400. )
  401. {
  402. HRESULT t_Result = a_Instance->WriteProp (
  403. a_Name ,
  404. 0 ,
  405. sizeof ( DWORD ) ,
  406. 0 ,
  407. CIM_UINT32 ,
  408. ( void * ) & a_Uint32
  409. ) ;
  410. return t_Result ;
  411. }
  412. /******************************************************************************
  413. *
  414. * Name:
  415. *
  416. *
  417. * Description:
  418. *
  419. *
  420. *****************************************************************************/
  421. HRESULT ProviderSubSystem_Common_Globals :: Set_String (
  422. IWbemClassObject *a_Instance ,
  423. wchar_t *a_Name ,
  424. wchar_t *a_String
  425. )
  426. {
  427. VARIANT t_Variant ;
  428. VariantInit ( & t_Variant ) ;
  429. t_Variant.vt = VT_BSTR ;
  430. t_Variant.bstrVal = SysAllocString ( a_String ) ;
  431. a_Instance->Put ( a_Name , 0 , & t_Variant , 0 ) ;
  432. VariantClear ( & t_Variant ) ;
  433. return S_OK ;
  434. }
  435. /******************************************************************************
  436. *
  437. * Name:
  438. *
  439. *
  440. * Description:
  441. *
  442. *
  443. *****************************************************************************/
  444. HRESULT ProviderSubSystem_Common_Globals :: BeginCallbackImpersonation (
  445. IUnknown *&a_OldContext ,
  446. IServerSecurity *&a_OldSecurity ,
  447. BOOL &a_Impersonating
  448. )
  449. {
  450. HRESULT t_Result = S_OK ;
  451. IServerSecurity *t_ServerSecurity = NULL ;
  452. t_Result = CoGetCallContext ( IID_IUnknown , ( void ** ) & a_OldContext ) ;
  453. if ( SUCCEEDED ( t_Result ) )
  454. {
  455. t_Result = a_OldContext->QueryInterface ( IID_IServerSecurity , ( void ** ) & t_ServerSecurity ) ;
  456. if ( SUCCEEDED ( t_Result ) )
  457. {
  458. a_Impersonating = t_ServerSecurity->IsImpersonating () ;
  459. }
  460. else
  461. {
  462. a_Impersonating = FALSE ;
  463. }
  464. }
  465. _IWmiCallSec *t_CallSecurity = NULL ;
  466. t_Result = ProviderSubSystem_Common_Globals :: CreateInstance (
  467. CLSID__IWbemCallSec ,
  468. NULL ,
  469. CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER ,
  470. IID__IWmiCallSec ,
  471. ( void ** ) & t_CallSecurity
  472. ) ;
  473. if ( SUCCEEDED ( t_Result ) )
  474. {
  475. _IWmiThreadSecHandle *t_ThreadSecurity = NULL ;
  476. t_Result = t_CallSecurity->GetThreadSecurity ( ( WMI_THREAD_SECURITY_ORIGIN ) ( WMI_ORIGIN_THREAD ) , & t_ThreadSecurity ) ;
  477. if ( SUCCEEDED ( t_Result ) )
  478. {
  479. t_Result = t_CallSecurity->SetThreadSecurity ( t_ThreadSecurity ) ;
  480. if ( SUCCEEDED ( t_Result ) )
  481. {
  482. t_Result = t_CallSecurity->QueryInterface ( IID_IServerSecurity , ( void ** ) & a_OldSecurity ) ;
  483. if ( SUCCEEDED ( t_Result ) )
  484. {
  485. if ( a_Impersonating )
  486. {
  487. t_ServerSecurity->RevertToSelf () ;
  488. }
  489. }
  490. }
  491. t_ThreadSecurity->Release () ;
  492. }
  493. t_CallSecurity->Release () ;
  494. }
  495. if ( t_ServerSecurity )
  496. {
  497. t_ServerSecurity->Release () ;
  498. }
  499. return t_Result ;
  500. }
  501. /******************************************************************************
  502. *
  503. * Name:
  504. *
  505. *
  506. * Description:
  507. *
  508. *
  509. *****************************************************************************/
  510. HRESULT ProviderSubSystem_Common_Globals :: BeginImpersonation (
  511. IUnknown *&a_OldContext ,
  512. IServerSecurity *&a_OldSecurity ,
  513. BOOL &a_Impersonating ,
  514. DWORD *a_AuthenticationLevel
  515. )
  516. {
  517. HRESULT t_Result = S_OK ;
  518. IServerSecurity *t_ServerSecurity = NULL ;
  519. t_Result = CoGetCallContext ( IID_IUnknown , ( void ** ) & a_OldContext ) ;
  520. if ( SUCCEEDED ( t_Result ) )
  521. {
  522. t_Result = a_OldContext->QueryInterface ( IID_IServerSecurity , ( void ** ) & t_ServerSecurity ) ;
  523. if ( SUCCEEDED ( t_Result ) )
  524. {
  525. a_Impersonating = t_ServerSecurity->IsImpersonating () ;
  526. }
  527. else
  528. {
  529. a_Impersonating = FALSE ;
  530. }
  531. }
  532. _IWmiCallSec *t_CallSecurity = NULL ;
  533. t_Result = ProviderSubSystem_Common_Globals :: CreateInstance (
  534. CLSID__IWbemCallSec ,
  535. NULL ,
  536. CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER ,
  537. IID__IWmiCallSec ,
  538. ( void ** ) & t_CallSecurity
  539. ) ;
  540. if ( SUCCEEDED ( t_Result ) )
  541. {
  542. _IWmiThreadSecHandle *t_ThreadSecurity = NULL ;
  543. t_Result = t_CallSecurity->GetThreadSecurity ( ( WMI_THREAD_SECURITY_ORIGIN ) ( WMI_ORIGIN_THREAD | WMI_ORIGIN_EXISTING | WMI_ORIGIN_RPC ) , & t_ThreadSecurity ) ;
  544. if ( SUCCEEDED ( t_Result ) )
  545. {
  546. t_Result = t_CallSecurity->SetThreadSecurity ( t_ThreadSecurity ) ;
  547. if ( SUCCEEDED ( t_Result ) )
  548. {
  549. t_Result = t_CallSecurity->QueryInterface ( IID_IServerSecurity , ( void ** ) & a_OldSecurity ) ;
  550. if ( SUCCEEDED ( t_Result ) )
  551. {
  552. if ( a_AuthenticationLevel )
  553. {
  554. t_Result = t_ThreadSecurity->GetAuthentication ( a_AuthenticationLevel ) ;
  555. }
  556. if ( a_Impersonating )
  557. {
  558. t_ServerSecurity->RevertToSelf () ;
  559. }
  560. }
  561. }
  562. t_ThreadSecurity->Release () ;
  563. }
  564. t_CallSecurity->Release () ;
  565. }
  566. if ( t_ServerSecurity )
  567. {
  568. t_ServerSecurity->Release () ;
  569. }
  570. return t_Result ;
  571. }
  572. /******************************************************************************
  573. *
  574. * Name:
  575. *
  576. *
  577. * Description:
  578. *
  579. *
  580. *****************************************************************************/
  581. HRESULT ProviderSubSystem_Common_Globals :: EndImpersonation (
  582. IUnknown *a_OldContext ,
  583. IServerSecurity *a_OldSecurity ,
  584. BOOL a_Impersonating
  585. )
  586. {
  587. HRESULT t_Result = S_OK ;
  588. IUnknown *t_NewContext = NULL ;
  589. t_Result = CoSwitchCallContext ( a_OldContext , & t_NewContext ) ;
  590. // CoSwitchCallContext cannot fail if the previous one ( in
  591. // BeginImpersonation succeeds. Leave position of a_OldSecurity release.
  592. if ( SUCCEEDED ( t_Result ) )
  593. {
  594. if ( a_OldContext )
  595. {
  596. if ( a_Impersonating )
  597. {
  598. IServerSecurity *t_ServerSecurity = NULL ;
  599. t_Result = a_OldContext->QueryInterface ( IID_IServerSecurity , ( void ** ) & t_ServerSecurity ) ;
  600. if ( SUCCEEDED ( t_Result ) )
  601. {
  602. t_Result = t_ServerSecurity->ImpersonateClient () ;
  603. t_ServerSecurity->Release () ;
  604. }
  605. }
  606. }
  607. if ( a_OldSecurity )
  608. {
  609. a_OldSecurity->Release() ;
  610. }
  611. }
  612. else
  613. {
  614. t_Result = WBEM_E_OUT_OF_MEMORY ;
  615. }
  616. if ( a_OldContext )
  617. {
  618. a_OldContext->Release () ;
  619. }
  620. return t_Result ;
  621. }
  622. /******************************************************************************
  623. *
  624. * Name:
  625. *
  626. *
  627. * Description:
  628. *
  629. *
  630. *****************************************************************************/
  631. HRESULT ProviderSubSystem_Common_Globals :: GetProxy (
  632. REFIID a_InterfaceId ,
  633. IUnknown *a_Interface ,
  634. IUnknown *&a_Proxy
  635. )
  636. {
  637. IUnknown *t_Unknown = NULL ;
  638. HRESULT t_Result = a_Interface->QueryInterface (
  639. a_InterfaceId ,
  640. ( void ** ) & t_Unknown
  641. ) ;
  642. if ( SUCCEEDED ( t_Result ) )
  643. {
  644. IClientSecurity *t_ClientSecurity = NULL ;
  645. t_Result = a_Interface->QueryInterface (
  646. IID_IClientSecurity ,
  647. ( void ** ) & t_ClientSecurity
  648. ) ;
  649. if ( SUCCEEDED ( t_Result ))
  650. {
  651. t_Result = t_ClientSecurity->CopyProxy (
  652. a_Interface ,
  653. ( IUnknown ** ) & a_Proxy
  654. ) ;
  655. t_ClientSecurity->Release () ;
  656. }
  657. else if ( t_Result == E_NOINTERFACE)
  658. {
  659. t_Result = WBEM_E_NOT_FOUND ;
  660. }
  661. t_Unknown->Release () ;
  662. }
  663. return t_Result ;
  664. }
  665. /******************************************************************************
  666. *
  667. * Name:
  668. *
  669. *
  670. * Description:
  671. *
  672. *
  673. *****************************************************************************/
  674. HRESULT ProviderSubSystem_Common_Globals :: GetProxy (
  675. ProxyContainer &a_Container ,
  676. ULONG a_ProxyIndex ,
  677. REFIID a_InterfaceId ,
  678. IUnknown *a_Interface ,
  679. IUnknown *&a_Proxy
  680. )
  681. {
  682. IUnknown *t_Unknown = NULL ;
  683. HRESULT t_Result = a_Interface->QueryInterface (
  684. a_InterfaceId ,
  685. ( void ** ) & t_Unknown
  686. ) ;
  687. if ( SUCCEEDED ( t_Result ) )
  688. {
  689. IClientSecurity *t_ClientSecurity = NULL ;
  690. t_Result = a_Interface->QueryInterface (
  691. IID_IClientSecurity ,
  692. ( void ** ) & t_ClientSecurity
  693. ) ;
  694. if ( SUCCEEDED ( t_Result ) )
  695. {
  696. WmiHelper :: EnterCriticalSection ( & a_Container.GetCriticalSection () ) ;
  697. WmiStatusCode t_StatusCode = a_Container.Top ( a_Proxy , a_ProxyIndex ) ;
  698. if ( t_StatusCode == e_StatusCode_Success )
  699. {
  700. t_StatusCode = a_Container.Reserve ( a_ProxyIndex ) ;
  701. }
  702. else
  703. {
  704. if ( a_Container.GetCurrentSize () < a_Container.GetTopSize () )
  705. {
  706. t_Result = t_ClientSecurity->CopyProxy (
  707. a_Interface ,
  708. ( IUnknown ** ) & a_Proxy
  709. ) ;
  710. if ( SUCCEEDED ( t_Result ) )
  711. {
  712. a_Container.SetCurrentSize ( a_Container.GetCurrentSize () + 1 ) ;
  713. }
  714. }
  715. else
  716. {
  717. t_Result = WBEM_E_OUT_OF_MEMORY ;
  718. }
  719. }
  720. WmiHelper :: LeaveCriticalSection ( & a_Container.GetCriticalSection () ) ;
  721. t_ClientSecurity->Release () ;
  722. }
  723. else if (E_NOINTERFACE == t_Result)
  724. {
  725. t_Result = WBEM_E_NOT_FOUND ;
  726. }
  727. t_Unknown->Release () ;
  728. }
  729. return t_Result ;
  730. }
  731. /******************************************************************************
  732. *
  733. * Name:
  734. *
  735. *
  736. * Description:
  737. *
  738. *
  739. *****************************************************************************/
  740. HRESULT ProviderSubSystem_Common_Globals :: SetCloaking (
  741. IUnknown *a_Unknown ,
  742. DWORD a_AuthenticationLevel ,
  743. DWORD a_ImpersonationLevel
  744. )
  745. {
  746. IClientSecurity *t_ClientSecurity = NULL ;
  747. HRESULT t_Result = a_Unknown->QueryInterface (
  748. IID_IClientSecurity ,
  749. ( void ** ) & t_ClientSecurity
  750. ) ;
  751. if ( SUCCEEDED ( t_Result ) )
  752. {
  753. t_Result = t_ClientSecurity->SetBlanket (
  754. a_Unknown ,
  755. RPC_C_AUTHN_WINNT ,
  756. RPC_C_AUTHZ_NONE ,
  757. NULL ,
  758. a_AuthenticationLevel ,
  759. a_ImpersonationLevel ,
  760. NULL ,
  761. EOAC_DYNAMIC_CLOAKING
  762. ) ;
  763. t_ClientSecurity->Release () ;
  764. }
  765. return t_Result ;
  766. }
  767. /******************************************************************************
  768. *
  769. * Name:
  770. *
  771. *
  772. * Description:
  773. *
  774. *
  775. *****************************************************************************/
  776. HRESULT ProviderSubSystem_Common_Globals :: SetCloaking (
  777. IUnknown *a_Unknown
  778. )
  779. {
  780. IClientSecurity *t_ClientSecurity = NULL ;
  781. HRESULT t_Result = a_Unknown->QueryInterface (
  782. IID_IClientSecurity ,
  783. ( void ** ) & t_ClientSecurity
  784. ) ;
  785. if ( SUCCEEDED ( t_Result ) )
  786. {
  787. t_Result = t_ClientSecurity->SetBlanket (
  788. a_Unknown ,
  789. RPC_C_AUTHN_WINNT ,
  790. RPC_C_AUTHZ_NONE ,
  791. NULL ,
  792. RPC_C_AUTHN_LEVEL_DEFAULT ,
  793. RPC_C_IMP_LEVEL_DEFAULT ,
  794. NULL ,
  795. EOAC_DYNAMIC_CLOAKING
  796. ) ;
  797. t_ClientSecurity->Release () ;
  798. }
  799. return t_Result ;
  800. }
  801. /******************************************************************************
  802. *
  803. * Name:
  804. *
  805. *
  806. * Description:
  807. *
  808. *
  809. *****************************************************************************/
  810. DWORD ProviderSubSystem_Common_Globals :: GetCurrentImpersonationLevel ()
  811. {
  812. DWORD t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  813. HANDLE t_ThreadToken = NULL ;
  814. BOOL t_Status = OpenThreadToken (
  815. GetCurrentThread() ,
  816. TOKEN_QUERY,
  817. TRUE ,
  818. &t_ThreadToken
  819. ) ;
  820. if ( t_Status )
  821. {
  822. SECURITY_IMPERSONATION_LEVEL t_Level = SecurityAnonymous ;
  823. DWORD t_Returned = 0 ;
  824. t_Status = GetTokenInformation (
  825. t_ThreadToken ,
  826. TokenImpersonationLevel ,
  827. & t_Level ,
  828. sizeof ( SECURITY_IMPERSONATION_LEVEL ) ,
  829. & t_Returned
  830. ) ;
  831. CloseHandle ( t_ThreadToken ) ;
  832. if ( t_Status == FALSE )
  833. {
  834. t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  835. }
  836. else
  837. {
  838. switch ( t_Level )
  839. {
  840. case SecurityAnonymous:
  841. {
  842. t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  843. }
  844. break ;
  845. case SecurityIdentification:
  846. {
  847. t_ImpersonationLevel = RPC_C_IMP_LEVEL_IDENTIFY ;
  848. }
  849. break ;
  850. case SecurityImpersonation:
  851. {
  852. t_ImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE ;
  853. }
  854. break ;
  855. case SecurityDelegation:
  856. {
  857. t_ImpersonationLevel = RPC_C_IMP_LEVEL_DELEGATE ;
  858. }
  859. break ;
  860. default:
  861. {
  862. t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  863. }
  864. break ;
  865. }
  866. }
  867. }
  868. else
  869. {
  870. ULONG t_LastError = GetLastError () ;
  871. if ( t_LastError == ERROR_NO_IMPERSONATION_TOKEN || t_LastError == ERROR_NO_TOKEN )
  872. {
  873. t_ImpersonationLevel = RPC_C_IMP_LEVEL_DELEGATE ;
  874. }
  875. else
  876. {
  877. if ( t_LastError == ERROR_CANT_OPEN_ANONYMOUS )
  878. {
  879. t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  880. }
  881. else
  882. {
  883. t_ImpersonationLevel = RPC_C_IMP_LEVEL_ANONYMOUS ;
  884. }
  885. }
  886. }
  887. return t_ImpersonationLevel ;
  888. }
  889. /******************************************************************************
  890. *
  891. * Name:
  892. *
  893. *
  894. * Description:
  895. *
  896. *
  897. *****************************************************************************/
  898. HRESULT ProviderSubSystem_Common_Globals :: EnableAllPrivileges ( HANDLE a_Token )
  899. {
  900. HRESULT t_Result = S_OK ;
  901. DWORD t_ReturnedLength = 0 ;
  902. BOOL t_Status = GetTokenInformation (
  903. a_Token ,
  904. TokenPrivileges ,
  905. NULL ,
  906. 0 ,
  907. & t_ReturnedLength
  908. ) ;
  909. UCHAR *t_Buffer = new UCHAR [ t_ReturnedLength ] ;
  910. if ( t_Buffer )
  911. {
  912. t_Status = GetTokenInformation (
  913. a_Token ,
  914. TokenPrivileges ,
  915. t_Buffer ,
  916. t_ReturnedLength ,
  917. & t_ReturnedLength
  918. ) ;
  919. if ( t_Status )
  920. {
  921. TOKEN_PRIVILEGES *t_Privileges = ( TOKEN_PRIVILEGES * ) t_Buffer ;
  922. BOOL bNeedToAdjust = FALSE;
  923. for ( ULONG t_Index = 0; t_Index < t_Privileges->PrivilegeCount ; t_Index ++ )
  924. {
  925. if (!(t_Privileges->Privileges [ t_Index ].Attributes & SE_PRIVILEGE_ENABLED))
  926. {
  927. bNeedToAdjust = TRUE;
  928. t_Privileges->Privileges [ t_Index ].Attributes |= SE_PRIVILEGE_ENABLED ;
  929. }
  930. }
  931. if (bNeedToAdjust)
  932. {
  933. t_Status = AdjustTokenPrivileges (
  934. a_Token,
  935. FALSE,
  936. t_Privileges ,
  937. 0,
  938. NULL,
  939. NULL
  940. ) ;
  941. }
  942. if ( t_Status == FALSE )
  943. {
  944. t_Result = WBEM_E_ACCESS_DENIED ;
  945. }
  946. }
  947. else
  948. {
  949. t_Status = WBEM_E_ACCESS_DENIED ;
  950. }
  951. delete [] t_Buffer ;
  952. }
  953. else
  954. {
  955. t_Result = WBEM_E_OUT_OF_MEMORY ;
  956. }
  957. return t_Result ;
  958. }
  959. /******************************************************************************
  960. *
  961. * Name:
  962. *
  963. *
  964. * Description:
  965. *
  966. *
  967. *****************************************************************************/
  968. HRESULT ProviderSubSystem_Common_Globals :: EnableAllPrivileges ()
  969. {
  970. HRESULT t_Result = S_OK ;
  971. HANDLE t_Token = NULL ;
  972. BOOL t_Status = TRUE ;
  973. t_Status = OpenThreadToken (
  974. GetCurrentThread (),
  975. TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES ,
  976. FALSE,
  977. &t_Token
  978. ) ;
  979. if ( t_Status )
  980. {
  981. DWORD t_ReturnedLength = 0 ;
  982. t_Status = GetTokenInformation (
  983. t_Token ,
  984. TokenPrivileges ,
  985. NULL ,
  986. 0 ,
  987. & t_ReturnedLength
  988. ) ;
  989. UCHAR *t_Buffer = new UCHAR [ t_ReturnedLength ] ;
  990. if ( t_Buffer )
  991. {
  992. t_Status = GetTokenInformation (
  993. t_Token ,
  994. TokenPrivileges ,
  995. t_Buffer ,
  996. t_ReturnedLength ,
  997. & t_ReturnedLength
  998. ) ;
  999. if ( t_Status )
  1000. {
  1001. TOKEN_PRIVILEGES *t_Privileges = ( TOKEN_PRIVILEGES * ) t_Buffer ;
  1002. BOOL bNeedToAdjust = FALSE;
  1003. for ( ULONG t_Index = 0; t_Index < t_Privileges->PrivilegeCount ; t_Index ++ )
  1004. {
  1005. if (!(t_Privileges->Privileges [ t_Index ].Attributes & SE_PRIVILEGE_ENABLED))
  1006. {
  1007. t_Privileges->Privileges [ t_Index ].Attributes |= SE_PRIVILEGE_ENABLED ;
  1008. bNeedToAdjust = TRUE;
  1009. }
  1010. }
  1011. if (bNeedToAdjust)
  1012. {
  1013. t_Status = AdjustTokenPrivileges (
  1014. t_Token,
  1015. FALSE,
  1016. t_Privileges ,
  1017. 0,
  1018. NULL,
  1019. NULL
  1020. ) ;
  1021. }
  1022. if ( t_Status == FALSE )
  1023. {
  1024. t_Result = WBEM_E_ACCESS_DENIED ;
  1025. }
  1026. }
  1027. else
  1028. {
  1029. t_Status = WBEM_E_ACCESS_DENIED ;
  1030. }
  1031. delete [] t_Buffer ;
  1032. }
  1033. else
  1034. {
  1035. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1036. }
  1037. CloseHandle ( t_Token ) ;
  1038. }
  1039. else
  1040. {
  1041. DWORD t_LastError = GetLastError () ;
  1042. t_Result = WBEM_E_ACCESS_DENIED;
  1043. }
  1044. return t_Result ;
  1045. }
  1046. /******************************************************************************
  1047. *
  1048. * Name:
  1049. *
  1050. *
  1051. * Description:
  1052. *
  1053. *
  1054. *****************************************************************************/
  1055. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState (
  1056. ProxyContainer &a_Container ,
  1057. ULONG a_ProxyIndex ,
  1058. REFIID a_InterfaceId ,
  1059. IUnknown *a_Interface ,
  1060. IUnknown *&a_Proxy ,
  1061. BOOL &a_Revert
  1062. )
  1063. {
  1064. a_Revert = FALSE ;
  1065. HRESULT t_Result = GetProxy ( a_Container , a_ProxyIndex , a_InterfaceId , a_Interface , a_Proxy ) ;
  1066. if ( SUCCEEDED ( t_Result ) )
  1067. {
  1068. t_Result = CoImpersonateClient () ;
  1069. if ( SUCCEEDED ( t_Result ) )
  1070. {
  1071. a_Revert = TRUE ;
  1072. // At this point, our thread token contains all the privileges that the
  1073. // client has enabled for us; however, those privileges are not enabled.
  1074. // Since we are calling into a proxied provider, we need to enable all
  1075. // these privileges so that they would propagate to the provider
  1076. // =====================================================================
  1077. HRESULT t_TempResult = EnableAllPrivileges () ;
  1078. // Get the token's impersonation level
  1079. // ===================================
  1080. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  1081. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  1082. {
  1083. }
  1084. else
  1085. {
  1086. t_Result = SetInterfaceSecurity (
  1087. a_Proxy ,
  1088. NULL ,
  1089. NULL ,
  1090. NULL ,
  1091. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  1092. RPC_C_IMP_LEVEL_IDENTIFY
  1093. ) ;
  1094. }
  1095. }
  1096. else
  1097. {
  1098. t_Result = WBEM_E_ACCESS_DENIED ;
  1099. }
  1100. if ( FAILED ( t_Result ) )
  1101. {
  1102. RevertProxyState (
  1103. a_Container ,
  1104. a_ProxyIndex ,
  1105. a_Proxy ,
  1106. a_Revert
  1107. ) ;
  1108. }
  1109. }
  1110. else
  1111. {
  1112. if ( t_Result == WBEM_E_NOT_FOUND )
  1113. {
  1114. }
  1115. else
  1116. {
  1117. t_Result = WBEM_E_CRITICAL_ERROR ;
  1118. }
  1119. }
  1120. return t_Result ;
  1121. }
  1122. /******************************************************************************
  1123. *
  1124. * Name:
  1125. *
  1126. *
  1127. * Description:
  1128. *
  1129. *
  1130. *****************************************************************************/
  1131. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState (
  1132. ProxyContainer &a_Container ,
  1133. ULONG a_ProxyIndex ,
  1134. IUnknown *a_Proxy ,
  1135. BOOL a_Revert
  1136. )
  1137. {
  1138. HRESULT t_Result = S_OK ;
  1139. WmiHelper :: EnterCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1140. WmiStatusCode t_StatusCode = a_Container.Return ( a_Proxy , a_ProxyIndex ) ;
  1141. if ( t_StatusCode == e_StatusCode_Success )
  1142. {
  1143. }
  1144. else
  1145. {
  1146. a_Proxy->Release () ;
  1147. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1148. }
  1149. WmiHelper :: LeaveCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1150. if ( a_Revert )
  1151. {
  1152. t_Result = CoRevertToSelf () ;
  1153. }
  1154. return t_Result ;
  1155. }
  1156. /******************************************************************************
  1157. *
  1158. * Name:
  1159. *
  1160. *
  1161. * Description:
  1162. *
  1163. *
  1164. *****************************************************************************/
  1165. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_NoImpersonation (
  1166. ProxyContainer &a_Container ,
  1167. ULONG a_ProxyIndex ,
  1168. REFIID a_InterfaceId ,
  1169. IUnknown *a_Interface ,
  1170. IUnknown *&a_Proxy ,
  1171. BOOL &a_Revert
  1172. )
  1173. {
  1174. a_Revert = FALSE ;
  1175. HRESULT t_Result = GetProxy ( a_Container , a_ProxyIndex , a_InterfaceId , a_Interface , a_Proxy ) ;
  1176. if ( SUCCEEDED ( t_Result ) )
  1177. {
  1178. t_Result = SetInterfaceSecurity (
  1179. a_Proxy ,
  1180. NULL ,
  1181. NULL ,
  1182. NULL ,
  1183. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  1184. RPC_C_IMP_LEVEL_IDENTIFY
  1185. ) ;
  1186. if ( FAILED ( t_Result ) )
  1187. {
  1188. RevertProxyState (
  1189. a_Container ,
  1190. a_ProxyIndex ,
  1191. a_Proxy ,
  1192. a_Revert
  1193. ) ;
  1194. }
  1195. }
  1196. else
  1197. {
  1198. if ( t_Result == WBEM_E_NOT_FOUND )
  1199. {
  1200. }
  1201. else
  1202. {
  1203. t_Result = WBEM_E_CRITICAL_ERROR ;
  1204. }
  1205. }
  1206. return t_Result ;
  1207. }
  1208. /******************************************************************************
  1209. *
  1210. * Name:
  1211. *
  1212. *
  1213. * Description:
  1214. *
  1215. *
  1216. *****************************************************************************/
  1217. HRESULT ProviderSubSystem_Common_Globals :: ConstructIdentifyToken_SvcHost (
  1218. BOOL &a_Revert ,
  1219. DWORD a_ProcessIdentifier ,
  1220. HANDLE &a_IdentifyToken ,
  1221. ACCESS_ALLOWED_ACE *a_Ace ,
  1222. WORD a_AceSize
  1223. )
  1224. {
  1225. HRESULT t_Result = S_OK ;
  1226. HANDLE t_ThreadToken = NULL ;
  1227. BOOL t_Status = OpenThreadToken (
  1228. GetCurrentThread () ,
  1229. MAXIMUM_ALLOWED ,
  1230. TRUE ,
  1231. & t_ThreadToken
  1232. ) ;
  1233. if ( t_Status )
  1234. {
  1235. CoRevertToSelf () ;
  1236. a_Revert = FALSE ;
  1237. SECURITY_DESCRIPTOR *t_SecurityDescriptor = NULL ;
  1238. DWORD t_LengthRequested = 0 ;
  1239. DWORD t_LengthReturned = 0 ;
  1240. t_Status = GetKernelObjectSecurity (
  1241. t_ThreadToken ,
  1242. DACL_SECURITY_INFORMATION ,
  1243. & t_SecurityDescriptor ,
  1244. t_LengthRequested ,
  1245. & t_LengthReturned
  1246. ) ;
  1247. if ( ( t_Status == FALSE ) && ( GetLastError () == ERROR_INSUFFICIENT_BUFFER ) )
  1248. {
  1249. t_SecurityDescriptor = ( SECURITY_DESCRIPTOR * ) new BYTE [ t_LengthReturned ] ;
  1250. if ( t_SecurityDescriptor )
  1251. {
  1252. t_LengthRequested = t_LengthReturned ;
  1253. t_Status = GetKernelObjectSecurity (
  1254. t_ThreadToken ,
  1255. DACL_SECURITY_INFORMATION ,
  1256. t_SecurityDescriptor ,
  1257. t_LengthRequested ,
  1258. & t_LengthReturned
  1259. ) ;
  1260. if ( t_LengthRequested != t_LengthReturned )
  1261. {
  1262. t_Result = WBEM_E_UNEXPECTED ;
  1263. }
  1264. }
  1265. else
  1266. {
  1267. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1268. }
  1269. }
  1270. else
  1271. {
  1272. t_Result = WBEM_E_ACCESS_DENIED ;
  1273. }
  1274. HANDLE t_AdjustedThreadToken = NULL ;
  1275. if ( SUCCEEDED ( t_Result ) )
  1276. {
  1277. PACL t_ExtraDacl = NULL ;
  1278. ACL *t_Dacl = NULL ;
  1279. BOOL t_DaclPresent = FALSE ;
  1280. BOOL t_DaclDefaulted = FALSE ;
  1281. t_Status = GetSecurityDescriptorDacl (
  1282. t_SecurityDescriptor ,
  1283. & t_DaclPresent ,
  1284. & t_Dacl ,
  1285. & t_DaclDefaulted
  1286. ) ;
  1287. if ( t_Status )
  1288. {
  1289. ACL_SIZE_INFORMATION t_Size ;
  1290. if ( t_Dacl )
  1291. {
  1292. BOOL t_Status = GetAclInformation (
  1293. t_Dacl ,
  1294. & t_Size ,
  1295. sizeof ( t_Size ) ,
  1296. AclSizeInformation
  1297. );
  1298. if ( t_Status )
  1299. {
  1300. DWORD t_ExtraSize = t_Size.AclBytesInUse + t_Size.AclBytesFree + a_AceSize ;
  1301. t_ExtraDacl = ( PACL ) new BYTE [ t_ExtraSize ] ;
  1302. if ( t_ExtraDacl )
  1303. {
  1304. CopyMemory ( t_ExtraDacl , t_Dacl , t_Size.AclBytesInUse + t_Size.AclBytesFree ) ;
  1305. t_ExtraDacl->AclSize = t_ExtraSize ;
  1306. BOOL t_Status = :: AddAce ( t_ExtraDacl , ACL_REVISION, t_Size.AceCount , a_Ace , a_AceSize ) ;
  1307. if ( t_Status )
  1308. {
  1309. SECURITY_DESCRIPTOR t_AdjustedSecurityDescriptor ;
  1310. if ( SUCCEEDED ( t_Result ) )
  1311. {
  1312. BOOL t_Status = InitializeSecurityDescriptor ( & t_AdjustedSecurityDescriptor , SECURITY_DESCRIPTOR_REVISION ) ;
  1313. if ( t_Status )
  1314. {
  1315. t_Status = SetSecurityDescriptorDacl (
  1316. & t_AdjustedSecurityDescriptor ,
  1317. t_DaclPresent ,
  1318. t_ExtraDacl ,
  1319. t_DaclDefaulted
  1320. ) ;
  1321. if ( t_Status )
  1322. {
  1323. SECURITY_ATTRIBUTES t_SecurityAttributes ;
  1324. t_SecurityAttributes.nLength = GetSecurityDescriptorLength ( & t_AdjustedSecurityDescriptor ) ;
  1325. t_SecurityAttributes.lpSecurityDescriptor = & t_AdjustedSecurityDescriptor ;
  1326. t_SecurityAttributes.bInheritHandle = FALSE ;
  1327. t_Status = DuplicateTokenEx (
  1328. t_ThreadToken,
  1329. DUPLICATE_SAME_ACCESS ,
  1330. & t_SecurityAttributes ,
  1331. ( SECURITY_IMPERSONATION_LEVEL ) SecurityIdentification ,
  1332. TokenImpersonation ,
  1333. & t_AdjustedThreadToken
  1334. ) ;
  1335. if ( t_Status == FALSE )
  1336. {
  1337. t_Result = WBEM_E_ACCESS_DENIED ;
  1338. }
  1339. }
  1340. else
  1341. {
  1342. t_Result = WBEM_E_CRITICAL_ERROR ;
  1343. }
  1344. }
  1345. else
  1346. {
  1347. t_Result = WBEM_E_UNEXPECTED ;
  1348. }
  1349. }
  1350. }
  1351. else
  1352. {
  1353. t_Result = WBEM_E_CRITICAL_ERROR ;
  1354. }
  1355. delete [] ( BYTE * ) t_ExtraDacl ;
  1356. }
  1357. else
  1358. {
  1359. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1360. }
  1361. }
  1362. else
  1363. {
  1364. t_Result = WBEM_E_CRITICAL_ERROR ;
  1365. }
  1366. }
  1367. else
  1368. {
  1369. t_Result = WBEM_E_CRITICAL_ERROR ;
  1370. }
  1371. }
  1372. else
  1373. {
  1374. t_Result = WBEM_E_CRITICAL_ERROR ;
  1375. }
  1376. }
  1377. if ( SUCCEEDED ( t_Result ) )
  1378. {
  1379. HANDLE t_ProcessHandle = OpenProcess (
  1380. MAXIMUM_ALLOWED ,
  1381. FALSE ,
  1382. a_ProcessIdentifier
  1383. ) ;
  1384. if ( t_ProcessHandle )
  1385. {
  1386. t_Status = DuplicateHandle (
  1387. GetCurrentProcess () ,
  1388. t_AdjustedThreadToken ,
  1389. t_ProcessHandle ,
  1390. & a_IdentifyToken ,
  1391. MAXIMUM_ALLOWED | TOKEN_DUPLICATE | TOKEN_IMPERSONATE ,
  1392. TRUE ,
  1393. 0
  1394. ) ;
  1395. if ( t_Status )
  1396. {
  1397. }
  1398. else
  1399. {
  1400. t_Result = WBEM_E_ACCESS_DENIED ;
  1401. }
  1402. CloseHandle ( t_ProcessHandle ) ;
  1403. }
  1404. else
  1405. {
  1406. t_Result = WBEM_E_ACCESS_DENIED ;
  1407. }
  1408. }
  1409. if ( t_SecurityDescriptor )
  1410. {
  1411. delete [] ( BYTE * ) t_SecurityDescriptor ;
  1412. }
  1413. if ( t_AdjustedThreadToken )
  1414. {
  1415. CloseHandle ( t_AdjustedThreadToken ) ;
  1416. }
  1417. CloseHandle ( t_ThreadToken ) ;
  1418. }
  1419. else
  1420. {
  1421. t_Result = WBEM_E_ACCESS_DENIED ;
  1422. }
  1423. return t_Result ;
  1424. }
  1425. /******************************************************************************
  1426. *
  1427. * Name:
  1428. *
  1429. *
  1430. * Description:
  1431. *
  1432. *
  1433. *****************************************************************************/
  1434. HRESULT ProviderSubSystem_Common_Globals :: ConstructIdentifyToken_PrvHost (
  1435. BOOL &a_Revert ,
  1436. DWORD a_ProcessIdentifier ,
  1437. HANDLE &a_IdentifyToken ,
  1438. ACCESS_ALLOWED_ACE *a_Ace ,
  1439. WORD a_AceSize
  1440. )
  1441. {
  1442. HRESULT t_Result = S_OK ;
  1443. HANDLE t_ThreadToken = NULL ;
  1444. BOOL t_Status = OpenThreadToken (
  1445. GetCurrentThread () ,
  1446. MAXIMUM_ALLOWED ,
  1447. TRUE ,
  1448. & t_ThreadToken
  1449. ) ;
  1450. if ( t_Status )
  1451. {
  1452. CoRevertToSelf () ;
  1453. a_Revert = FALSE ;
  1454. SECURITY_DESCRIPTOR *t_SecurityDescriptor = NULL ;
  1455. DWORD t_LengthRequested = 0 ;
  1456. DWORD t_LengthReturned = 0 ;
  1457. t_Status = GetKernelObjectSecurity (
  1458. t_ThreadToken ,
  1459. DACL_SECURITY_INFORMATION ,
  1460. & t_SecurityDescriptor ,
  1461. t_LengthRequested ,
  1462. & t_LengthReturned
  1463. ) ;
  1464. if ( ( t_Status == FALSE ) && ( GetLastError () == ERROR_INSUFFICIENT_BUFFER ) )
  1465. {
  1466. t_SecurityDescriptor = ( SECURITY_DESCRIPTOR * ) new BYTE [ t_LengthReturned ] ;
  1467. if ( t_SecurityDescriptor )
  1468. {
  1469. t_LengthRequested = t_LengthReturned ;
  1470. t_Status = GetKernelObjectSecurity (
  1471. t_ThreadToken ,
  1472. DACL_SECURITY_INFORMATION ,
  1473. t_SecurityDescriptor ,
  1474. t_LengthRequested ,
  1475. & t_LengthReturned
  1476. ) ;
  1477. if ( t_LengthRequested != t_LengthReturned )
  1478. {
  1479. t_Result = WBEM_E_UNEXPECTED ;
  1480. }
  1481. }
  1482. else
  1483. {
  1484. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1485. }
  1486. }
  1487. else
  1488. {
  1489. t_Result = WBEM_E_ACCESS_DENIED ;
  1490. }
  1491. if ( SUCCEEDED ( t_Result ) )
  1492. {
  1493. PACL t_ExtraDacl = NULL ;
  1494. ACL *t_Dacl = NULL ;
  1495. BOOL t_DaclPresent = FALSE ;
  1496. BOOL t_DaclDefaulted = FALSE ;
  1497. t_Status = GetSecurityDescriptorDacl (
  1498. t_SecurityDescriptor ,
  1499. & t_DaclPresent ,
  1500. & t_Dacl ,
  1501. & t_DaclDefaulted
  1502. ) ;
  1503. if ( t_Status )
  1504. {
  1505. ACL_SIZE_INFORMATION t_Size ;
  1506. if ( t_Dacl )
  1507. {
  1508. BOOL t_Status = GetAclInformation (
  1509. t_Dacl ,
  1510. & t_Size ,
  1511. sizeof ( t_Size ) ,
  1512. AclSizeInformation
  1513. );
  1514. if ( t_Status )
  1515. {
  1516. DWORD t_ExtraSize = t_Size.AclBytesInUse + t_Size.AclBytesFree + a_AceSize ;
  1517. t_ExtraDacl = ( PACL ) new BYTE [ t_ExtraSize ] ;
  1518. if ( t_ExtraDacl )
  1519. {
  1520. CopyMemory ( t_ExtraDacl , t_Dacl , t_Size.AclBytesInUse + t_Size.AclBytesFree ) ;
  1521. t_ExtraDacl->AclSize = t_ExtraSize ;
  1522. BOOL t_Status = :: AddAce ( t_ExtraDacl , ACL_REVISION, t_Size.AceCount , a_Ace , a_AceSize ) ;
  1523. if ( t_Status )
  1524. {
  1525. SECURITY_DESCRIPTOR t_AdjustedSecurityDescriptor ;
  1526. if ( SUCCEEDED ( t_Result ) )
  1527. {
  1528. BOOL t_Status = InitializeSecurityDescriptor ( & t_AdjustedSecurityDescriptor , SECURITY_DESCRIPTOR_REVISION ) ;
  1529. if ( t_Status )
  1530. {
  1531. t_Status = SetSecurityDescriptorDacl (
  1532. & t_AdjustedSecurityDescriptor ,
  1533. t_DaclPresent ,
  1534. t_ExtraDacl ,
  1535. t_DaclDefaulted
  1536. ) ;
  1537. if ( t_Status )
  1538. {
  1539. SECURITY_ATTRIBUTES t_SecurityAttributes ;
  1540. t_SecurityAttributes.nLength = GetSecurityDescriptorLength ( & t_AdjustedSecurityDescriptor ) ;
  1541. t_SecurityAttributes.lpSecurityDescriptor = & t_AdjustedSecurityDescriptor ;
  1542. t_SecurityAttributes.bInheritHandle = FALSE ;
  1543. t_Status = DuplicateTokenEx (
  1544. t_ThreadToken,
  1545. DUPLICATE_SAME_ACCESS ,
  1546. & t_SecurityAttributes ,
  1547. ( SECURITY_IMPERSONATION_LEVEL ) SecurityIdentification ,
  1548. TokenImpersonation ,
  1549. & a_IdentifyToken
  1550. ) ;
  1551. if ( t_Status == FALSE )
  1552. {
  1553. t_Result = WBEM_E_ACCESS_DENIED ;
  1554. }
  1555. }
  1556. else
  1557. {
  1558. t_Result = WBEM_E_CRITICAL_ERROR ;
  1559. }
  1560. }
  1561. else
  1562. {
  1563. t_Result = WBEM_E_UNEXPECTED ;
  1564. }
  1565. }
  1566. }
  1567. else
  1568. {
  1569. t_Result = WBEM_E_CRITICAL_ERROR ;
  1570. }
  1571. delete [] ( BYTE * ) t_ExtraDacl ;
  1572. }
  1573. else
  1574. {
  1575. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1576. }
  1577. }
  1578. else
  1579. {
  1580. t_Result = WBEM_E_CRITICAL_ERROR ;
  1581. }
  1582. }
  1583. else
  1584. {
  1585. t_Result = WBEM_E_CRITICAL_ERROR ;
  1586. }
  1587. }
  1588. else
  1589. {
  1590. t_Result = WBEM_E_CRITICAL_ERROR ;
  1591. }
  1592. }
  1593. if ( t_SecurityDescriptor )
  1594. {
  1595. delete [] ( BYTE * ) t_SecurityDescriptor ;
  1596. }
  1597. CloseHandle ( t_ThreadToken ) ;
  1598. }
  1599. else
  1600. {
  1601. t_Result = WBEM_E_ACCESS_DENIED ;
  1602. }
  1603. return t_Result ;
  1604. }
  1605. /******************************************************************************
  1606. *
  1607. * Name:
  1608. *
  1609. *
  1610. * Description:
  1611. *
  1612. *
  1613. *****************************************************************************/
  1614. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_SvcHost (
  1615. ProxyContainer &a_Container ,
  1616. ULONG a_ProxyIndex ,
  1617. REFIID a_InterfaceId ,
  1618. IUnknown *a_Interface ,
  1619. IUnknown *&a_Proxy ,
  1620. BOOL &a_Revert ,
  1621. DWORD a_ProcessIdentifier ,
  1622. HANDLE &a_IdentifyToken ,
  1623. ACCESS_ALLOWED_ACE *a_Ace ,
  1624. WORD a_AceSize
  1625. )
  1626. {
  1627. a_Revert = FALSE ;
  1628. HRESULT t_Result = GetProxy ( a_Container , a_ProxyIndex , a_InterfaceId , a_Interface , a_Proxy ) ;
  1629. if ( SUCCEEDED ( t_Result ) )
  1630. {
  1631. t_Result = CoImpersonateClient () ;
  1632. if ( SUCCEEDED ( t_Result ) )
  1633. {
  1634. a_Revert = TRUE ;
  1635. // At this point, our thread token contains all the privileges that the
  1636. // client has enabled for us; however, those privileges are not enabled.
  1637. // Since we are calling into a proxied provider, we need to enable all
  1638. // these privileges so that they would propagate to the provider
  1639. // =====================================================================
  1640. HRESULT t_TempResult = EnableAllPrivileges () ;
  1641. // Get the token's impersonation level
  1642. // ===================================
  1643. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  1644. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  1645. {
  1646. a_IdentifyToken = 0 ;
  1647. }
  1648. else
  1649. {
  1650. t_Result = ConstructIdentifyToken_SvcHost (
  1651. a_Revert ,
  1652. a_ProcessIdentifier ,
  1653. a_IdentifyToken ,
  1654. a_Ace ,
  1655. a_AceSize
  1656. ) ;
  1657. if ( SUCCEEDED ( t_Result ) )
  1658. {
  1659. t_Result = SetInterfaceSecurity (
  1660. a_Proxy ,
  1661. NULL ,
  1662. NULL ,
  1663. NULL ,
  1664. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  1665. RPC_C_IMP_LEVEL_IDENTIFY
  1666. ) ;
  1667. }
  1668. }
  1669. }
  1670. else
  1671. {
  1672. t_Result = WBEM_E_ACCESS_DENIED ;
  1673. }
  1674. if ( FAILED ( t_Result ) )
  1675. {
  1676. RevertProxyState_SvcHost (
  1677. a_Container ,
  1678. a_ProxyIndex ,
  1679. a_Proxy ,
  1680. a_Revert ,
  1681. a_ProcessIdentifier ,
  1682. a_IdentifyToken
  1683. ) ;
  1684. }
  1685. }
  1686. else
  1687. {
  1688. if ( t_Result == WBEM_E_NOT_FOUND )
  1689. {
  1690. }
  1691. else
  1692. {
  1693. t_Result = WBEM_E_CRITICAL_ERROR ;
  1694. }
  1695. }
  1696. return t_Result ;
  1697. }
  1698. /******************************************************************************
  1699. *
  1700. * Name:
  1701. *
  1702. *
  1703. * Description:
  1704. *
  1705. *
  1706. *****************************************************************************/
  1707. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState_SvcHost (
  1708. ProxyContainer &a_Container ,
  1709. ULONG a_ProxyIndex ,
  1710. IUnknown *a_Proxy ,
  1711. BOOL a_Revert ,
  1712. DWORD a_ProcessIdentifier ,
  1713. HANDLE a_IdentifyToken
  1714. )
  1715. {
  1716. HRESULT t_Result = S_OK ;
  1717. WmiHelper :: EnterCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1718. WmiStatusCode t_StatusCode = a_Container.Return ( a_Proxy , a_ProxyIndex ) ;
  1719. if ( t_StatusCode == e_StatusCode_Success )
  1720. {
  1721. }
  1722. else
  1723. {
  1724. a_Proxy->Release () ;
  1725. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1726. }
  1727. WmiHelper :: LeaveCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1728. if ( a_Revert )
  1729. {
  1730. t_Result = CoRevertToSelf () ;
  1731. }
  1732. return t_Result ;
  1733. }
  1734. /******************************************************************************
  1735. *
  1736. * Name:
  1737. *
  1738. *
  1739. * Description:
  1740. *
  1741. *
  1742. *****************************************************************************/
  1743. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_PrvHost (
  1744. ProxyContainer &a_Container ,
  1745. ULONG a_ProxyIndex ,
  1746. REFIID a_InterfaceId ,
  1747. IUnknown *a_Interface ,
  1748. IUnknown *&a_Proxy ,
  1749. BOOL &a_Revert ,
  1750. DWORD a_ProcessIdentifier ,
  1751. HANDLE &a_IdentifyToken
  1752. )
  1753. {
  1754. a_Revert = FALSE ;
  1755. HRESULT t_Result = GetProxy ( a_Container , a_ProxyIndex , a_InterfaceId , a_Interface , a_Proxy ) ;
  1756. if ( SUCCEEDED ( t_Result ) )
  1757. {
  1758. t_Result = CoImpersonateClient () ;
  1759. if ( SUCCEEDED ( t_Result ) )
  1760. {
  1761. a_Revert = TRUE ;
  1762. // At this point, our thread token contains all the privileges that the
  1763. // client has enabled for us; however, those privileges are not enabled.
  1764. // Since we are calling into a proxied provider, we need to enable all
  1765. // these privileges so that they would propagate to the provider
  1766. // =====================================================================
  1767. HRESULT t_TempResult = EnableAllPrivileges () ;
  1768. // Get the token's impersonation level
  1769. // ===================================
  1770. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  1771. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  1772. {
  1773. a_IdentifyToken = 0 ;
  1774. }
  1775. else
  1776. {
  1777. t_Result = ConstructIdentifyToken_PrvHost (
  1778. a_Revert ,
  1779. a_ProcessIdentifier ,
  1780. a_IdentifyToken ,
  1781. s_Token_All_Access_System_ACE ,
  1782. s_System_ACESize
  1783. ) ;
  1784. if ( SUCCEEDED ( t_Result ) )
  1785. {
  1786. t_Result = SetInterfaceSecurity (
  1787. a_Proxy ,
  1788. NULL ,
  1789. NULL ,
  1790. NULL ,
  1791. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  1792. RPC_C_IMP_LEVEL_IDENTIFY
  1793. ) ;
  1794. }
  1795. }
  1796. CoRevertToSelf () ;
  1797. }
  1798. else
  1799. {
  1800. t_Result = WBEM_E_ACCESS_DENIED ;
  1801. }
  1802. if ( FAILED ( t_Result ) )
  1803. {
  1804. RevertProxyState_PrvHost (
  1805. a_Container ,
  1806. a_ProxyIndex ,
  1807. a_Proxy ,
  1808. a_Revert ,
  1809. a_ProcessIdentifier ,
  1810. a_IdentifyToken
  1811. ) ;
  1812. }
  1813. }
  1814. else
  1815. {
  1816. if ( t_Result == WBEM_E_NOT_FOUND )
  1817. {
  1818. }
  1819. else
  1820. {
  1821. t_Result = WBEM_E_CRITICAL_ERROR ;
  1822. }
  1823. }
  1824. return t_Result ;
  1825. }
  1826. /******************************************************************************
  1827. *
  1828. * Name:
  1829. *
  1830. *
  1831. * Description:
  1832. *
  1833. *
  1834. *****************************************************************************/
  1835. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState_PrvHost (
  1836. ProxyContainer &a_Container ,
  1837. ULONG a_ProxyIndex ,
  1838. IUnknown *a_Proxy ,
  1839. BOOL a_Revert ,
  1840. DWORD a_ProcessIdentifier ,
  1841. HANDLE a_IdentifyToken
  1842. )
  1843. {
  1844. HRESULT t_Result = S_OK ;
  1845. WmiHelper :: EnterCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1846. WmiStatusCode t_StatusCode = a_Container.Return ( a_Proxy , a_ProxyIndex ) ;
  1847. if ( t_StatusCode == e_StatusCode_Success )
  1848. {
  1849. }
  1850. else
  1851. {
  1852. a_Proxy->Release () ;
  1853. t_Result = WBEM_E_OUT_OF_MEMORY ;
  1854. }
  1855. WmiHelper :: LeaveCriticalSection ( & a_Container.GetCriticalSection () ) ;
  1856. if ( a_Revert )
  1857. {
  1858. t_Result = CoRevertToSelf () ;
  1859. }
  1860. CloseHandle ( a_IdentifyToken ) ;
  1861. return t_Result ;
  1862. }
  1863. /******************************************************************************
  1864. *
  1865. * Name:
  1866. *
  1867. *
  1868. * Description:
  1869. *
  1870. *
  1871. *****************************************************************************/
  1872. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_SvcHost (
  1873. REFIID a_InterfaceId ,
  1874. IUnknown *a_Interface ,
  1875. IUnknown *&a_Proxy ,
  1876. BOOL &a_Revert ,
  1877. DWORD a_ProcessIdentifier ,
  1878. HANDLE &a_IdentifyToken ,
  1879. ACCESS_ALLOWED_ACE *a_Ace ,
  1880. WORD a_AceSize
  1881. )
  1882. {
  1883. a_Revert = FALSE ;
  1884. HRESULT t_Result = GetProxy ( a_InterfaceId , a_Interface , a_Proxy ) ;
  1885. if ( SUCCEEDED ( t_Result ) )
  1886. {
  1887. t_Result = CoImpersonateClient () ;
  1888. if ( SUCCEEDED ( t_Result ) )
  1889. {
  1890. a_Revert = TRUE ;
  1891. // At this point, our thread token contains all the privileges that the
  1892. // client has enabled for us; however, those privileges are not enabled.
  1893. // Since we are calling into a proxied provider, we need to enable all
  1894. // these privileges so that they would propagate to the provider
  1895. // =====================================================================
  1896. HRESULT t_TempResult = EnableAllPrivileges () ;
  1897. // Get the token's impersonation level
  1898. // ===================================
  1899. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  1900. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  1901. {
  1902. a_IdentifyToken = 0 ;
  1903. }
  1904. else
  1905. {
  1906. t_Result = ConstructIdentifyToken_SvcHost (
  1907. a_Revert ,
  1908. a_ProcessIdentifier ,
  1909. a_IdentifyToken ,
  1910. a_Ace ,
  1911. a_AceSize
  1912. ) ;
  1913. if ( SUCCEEDED ( t_Result ) )
  1914. {
  1915. t_Result = SetInterfaceSecurity (
  1916. a_Proxy ,
  1917. NULL ,
  1918. NULL ,
  1919. NULL ,
  1920. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  1921. RPC_C_IMP_LEVEL_IDENTIFY
  1922. ) ;
  1923. }
  1924. }
  1925. }
  1926. else
  1927. {
  1928. t_Result = WBEM_E_ACCESS_DENIED ;
  1929. }
  1930. if ( FAILED ( t_Result ) )
  1931. {
  1932. RevertProxyState_SvcHost (
  1933. a_Proxy ,
  1934. a_Revert ,
  1935. a_ProcessIdentifier ,
  1936. a_IdentifyToken
  1937. ) ;
  1938. }
  1939. }
  1940. else
  1941. {
  1942. if ( t_Result == WBEM_E_NOT_FOUND )
  1943. {
  1944. }
  1945. else
  1946. {
  1947. t_Result = WBEM_E_CRITICAL_ERROR ;
  1948. }
  1949. }
  1950. return t_Result ;
  1951. }
  1952. /******************************************************************************
  1953. *
  1954. * Name:
  1955. *
  1956. *
  1957. * Description:
  1958. *
  1959. *
  1960. *****************************************************************************/
  1961. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState_SvcHost (
  1962. IUnknown *a_Proxy ,
  1963. BOOL a_Revert ,
  1964. DWORD a_ProcessIdentifier ,
  1965. HANDLE a_IdentifyToken
  1966. )
  1967. {
  1968. HRESULT t_Result = S_OK ;
  1969. a_Proxy->Release () ;
  1970. if ( a_Revert )
  1971. {
  1972. t_Result = CoRevertToSelf () ;
  1973. }
  1974. return t_Result ;
  1975. }
  1976. /******************************************************************************
  1977. *
  1978. * Name:
  1979. *
  1980. *
  1981. * Description:
  1982. *
  1983. *
  1984. *****************************************************************************/
  1985. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_PrvHost (
  1986. REFIID a_InterfaceId ,
  1987. IUnknown *a_Interface ,
  1988. IUnknown *&a_Proxy ,
  1989. BOOL &a_Revert ,
  1990. DWORD a_ProcessIdentifier ,
  1991. HANDLE &a_IdentifyToken
  1992. )
  1993. {
  1994. a_Revert = FALSE ;
  1995. HRESULT t_Result = GetProxy ( a_InterfaceId , a_Interface , a_Proxy ) ;
  1996. if ( SUCCEEDED ( t_Result ) )
  1997. {
  1998. t_Result = CoImpersonateClient () ;
  1999. if ( SUCCEEDED ( t_Result ) )
  2000. {
  2001. a_Revert = TRUE ;
  2002. // At this point, our thread token contains all the privileges that the
  2003. // client has enabled for us; however, those privileges are not enabled.
  2004. // Since we are calling into a proxied provider, we need to enable all
  2005. // these privileges so that they would propagate to the provider
  2006. // =====================================================================
  2007. HRESULT t_TempResult = EnableAllPrivileges () ;
  2008. // Get the token's impersonation level
  2009. // ===================================
  2010. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  2011. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  2012. {
  2013. a_IdentifyToken = 0 ;
  2014. }
  2015. else
  2016. {
  2017. t_Result = ConstructIdentifyToken_PrvHost (
  2018. a_Revert ,
  2019. a_ProcessIdentifier ,
  2020. a_IdentifyToken ,
  2021. s_Token_All_Access_System_ACE ,
  2022. s_System_ACESize
  2023. ) ;
  2024. if ( SUCCEEDED ( t_Result ) )
  2025. {
  2026. t_Result = SetInterfaceSecurity (
  2027. a_Proxy ,
  2028. NULL ,
  2029. NULL ,
  2030. NULL ,
  2031. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  2032. RPC_C_IMP_LEVEL_IDENTIFY
  2033. ) ;
  2034. }
  2035. }
  2036. CoRevertToSelf () ;
  2037. }
  2038. else
  2039. {
  2040. t_Result = WBEM_E_ACCESS_DENIED ;
  2041. }
  2042. if ( FAILED ( t_Result ) )
  2043. {
  2044. RevertProxyState_PrvHost (
  2045. a_Proxy ,
  2046. a_Revert ,
  2047. a_ProcessIdentifier ,
  2048. a_IdentifyToken
  2049. ) ;
  2050. }
  2051. }
  2052. else
  2053. {
  2054. if ( t_Result == WBEM_E_NOT_FOUND )
  2055. {
  2056. }
  2057. else
  2058. {
  2059. t_Result = WBEM_E_CRITICAL_ERROR ;
  2060. }
  2061. }
  2062. return t_Result ;
  2063. }
  2064. /******************************************************************************
  2065. *
  2066. * Name:
  2067. *
  2068. *
  2069. * Description:
  2070. *
  2071. *
  2072. *****************************************************************************/
  2073. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState_PrvHost (
  2074. IUnknown *a_Proxy ,
  2075. BOOL a_Revert ,
  2076. DWORD a_ProcessIdentifier ,
  2077. HANDLE a_IdentifyToken
  2078. )
  2079. {
  2080. HRESULT t_Result = S_OK ;
  2081. a_Proxy->Release () ;
  2082. if ( a_Revert )
  2083. {
  2084. t_Result = CoRevertToSelf () ;
  2085. }
  2086. CloseHandle ( a_IdentifyToken ) ;
  2087. return t_Result ;
  2088. }
  2089. /******************************************************************************
  2090. *
  2091. * Name:
  2092. *
  2093. *
  2094. * Description:
  2095. *
  2096. *
  2097. *****************************************************************************/
  2098. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState (
  2099. REFIID a_InterfaceId ,
  2100. IUnknown *a_Interface ,
  2101. IUnknown *&a_Proxy ,
  2102. BOOL &a_Revert
  2103. )
  2104. {
  2105. a_Revert = FALSE ;
  2106. HRESULT t_Result = GetProxy ( a_InterfaceId , a_Interface , a_Proxy ) ;
  2107. if ( SUCCEEDED ( t_Result ) )
  2108. {
  2109. t_Result = CoImpersonateClient () ;
  2110. if ( SUCCEEDED ( t_Result ) )
  2111. {
  2112. a_Revert = TRUE ;
  2113. // At this point, our thread token contains all the privileges that the
  2114. // client has enabled for us; however, those privileges are not enabled.
  2115. // Since we are calling into a proxied provider, we need to enable all
  2116. // these privileges so that they would propagate to the provider
  2117. // =====================================================================
  2118. HRESULT t_TempResult = EnableAllPrivileges () ;
  2119. // Get the token's impersonation level
  2120. // ===================================
  2121. DWORD t_ImpersonationLevel = GetCurrentImpersonationLevel () ;
  2122. if ( t_ImpersonationLevel == RPC_C_IMP_LEVEL_IMPERSONATE || t_ImpersonationLevel == RPC_C_IMP_LEVEL_DELEGATE )
  2123. {
  2124. }
  2125. else
  2126. {
  2127. t_Result = SetInterfaceSecurity (
  2128. a_Proxy ,
  2129. NULL ,
  2130. NULL ,
  2131. NULL ,
  2132. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  2133. RPC_C_IMP_LEVEL_IDENTIFY
  2134. ) ;
  2135. }
  2136. }
  2137. else
  2138. {
  2139. t_Result = WBEM_E_ACCESS_DENIED ;
  2140. }
  2141. if ( FAILED ( t_Result ) )
  2142. {
  2143. RevertProxyState (
  2144. a_Proxy ,
  2145. a_Revert
  2146. ) ;
  2147. }
  2148. }
  2149. else
  2150. {
  2151. if ( t_Result == WBEM_E_NOT_FOUND )
  2152. {
  2153. }
  2154. else
  2155. {
  2156. t_Result = WBEM_E_CRITICAL_ERROR ;
  2157. }
  2158. }
  2159. return t_Result ;
  2160. }
  2161. /******************************************************************************
  2162. *
  2163. * Name:
  2164. *
  2165. *
  2166. * Description:
  2167. *
  2168. *
  2169. *****************************************************************************/
  2170. HRESULT ProviderSubSystem_Common_Globals :: SetProxyState_NoImpersonation (
  2171. REFIID a_InterfaceId ,
  2172. IUnknown *a_Interface ,
  2173. IUnknown *&a_Proxy ,
  2174. BOOL &a_Revert
  2175. )
  2176. {
  2177. a_Revert = FALSE ;
  2178. HRESULT t_Result = GetProxy ( a_InterfaceId , a_Interface , a_Proxy ) ;
  2179. if ( SUCCEEDED ( t_Result ) )
  2180. {
  2181. t_Result = SetInterfaceSecurity (
  2182. a_Proxy ,
  2183. NULL ,
  2184. NULL ,
  2185. NULL ,
  2186. DWORD(RPC_C_AUTHN_LEVEL_DEFAULT),
  2187. RPC_C_IMP_LEVEL_IDENTIFY
  2188. ) ;
  2189. if ( FAILED ( t_Result ) )
  2190. {
  2191. RevertProxyState (
  2192. a_Proxy ,
  2193. a_Revert
  2194. ) ;
  2195. }
  2196. }
  2197. else
  2198. {
  2199. if ( t_Result == WBEM_E_NOT_FOUND )
  2200. {
  2201. }
  2202. else
  2203. {
  2204. t_Result = WBEM_E_CRITICAL_ERROR ;
  2205. }
  2206. }
  2207. return t_Result ;
  2208. }
  2209. /******************************************************************************
  2210. *
  2211. * Name:
  2212. *
  2213. *
  2214. * Description:
  2215. *
  2216. *
  2217. *****************************************************************************/
  2218. HRESULT ProviderSubSystem_Common_Globals :: RevertProxyState ( IUnknown *a_Proxy , BOOL a_Revert )
  2219. {
  2220. HRESULT t_Result = S_OK ;
  2221. if ( a_Revert )
  2222. {
  2223. t_Result = CoRevertToSelf () ;
  2224. }
  2225. a_Proxy->Release () ;
  2226. return t_Result ;
  2227. }
  2228. /******************************************************************************
  2229. *
  2230. * Name:
  2231. *
  2232. *
  2233. * Description:
  2234. *
  2235. *
  2236. *****************************************************************************/
  2237. HRESULT ProviderSubSystem_Common_Globals :: Load_DWORD ( HKEY a_Key , LPCWSTR a_Name , DWORD &a_Value )
  2238. {
  2239. HRESULT t_Result = S_OK ;
  2240. DWORD t_ValueType = REG_DWORD ;
  2241. DWORD t_Data = 0 ;
  2242. DWORD t_DataSize = sizeof ( t_ValueType ) ;
  2243. LONG t_RegResult = RegQueryValueEx (
  2244. a_Key ,
  2245. a_Name ,
  2246. 0 ,
  2247. & t_ValueType ,
  2248. LPBYTE ( & t_Data ) ,
  2249. & t_DataSize
  2250. ) ;
  2251. if ( ( t_RegResult == ERROR_SUCCESS ) && ( t_ValueType == REG_DWORD ) )
  2252. {
  2253. a_Value = t_Data ;
  2254. }
  2255. else
  2256. {
  2257. t_Result = ERROR_FILE_NOT_FOUND ;
  2258. }
  2259. return t_Result ;
  2260. }
  2261. /******************************************************************************
  2262. *
  2263. * Name:
  2264. *
  2265. *
  2266. * Description:
  2267. *
  2268. *
  2269. *****************************************************************************/
  2270. HRESULT ProviderSubSystem_Common_Globals :: Load_String ( HKEY a_Key , LPCWSTR a_Name , BSTR &a_Value )
  2271. {
  2272. HRESULT t_Result = S_OK ;
  2273. DWORD t_ValueType = REG_SZ ;
  2274. wchar_t *t_Data = NULL ;
  2275. DWORD t_DataSize = 0 ;
  2276. LONG t_RegResult = RegQueryValueEx (
  2277. a_Key ,
  2278. a_Name ,
  2279. 0 ,
  2280. & t_ValueType ,
  2281. NULL ,
  2282. & t_DataSize
  2283. ) ;
  2284. if ( ( t_RegResult == ERROR_SUCCESS ) && ( t_ValueType == REG_SZ ) )
  2285. {
  2286. t_Data = new wchar_t [ t_DataSize / sizeof ( wchar_t ) ] ;
  2287. if ( t_Data )
  2288. {
  2289. t_RegResult = RegQueryValueEx (
  2290. a_Key ,
  2291. a_Name ,
  2292. 0 ,
  2293. & t_ValueType ,
  2294. LPBYTE ( t_Data ) ,
  2295. & t_DataSize
  2296. ) ;
  2297. if ( t_RegResult == ERROR_SUCCESS )
  2298. {
  2299. a_Value = SysAllocString ( t_Data ) ;
  2300. if ( a_Value == NULL )
  2301. {
  2302. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2303. }
  2304. delete [] t_Data ;
  2305. }
  2306. else
  2307. {
  2308. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2309. DWORD t_LastError = GetLastError () ;
  2310. }
  2311. }
  2312. else
  2313. {
  2314. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2315. }
  2316. }
  2317. else
  2318. {
  2319. t_Result = ERROR_FILE_NOT_FOUND ;
  2320. }
  2321. return t_Result ;
  2322. }
  2323. /******************************************************************************
  2324. *
  2325. * Name:
  2326. *
  2327. *
  2328. * Description:
  2329. *
  2330. *
  2331. *****************************************************************************/
  2332. HRESULT ProviderSubSystem_Common_Globals :: Load_ByteArray ( HKEY a_Key , LPCWSTR a_Name , BYTE *&a_Value , DWORD &a_ValueLength )
  2333. {
  2334. HRESULT t_Result = S_OK ;
  2335. DWORD t_ValueType = REG_BINARY ;
  2336. BYTE *t_Data = NULL ;
  2337. DWORD t_DataSize = 0 ;
  2338. LONG t_RegResult = RegQueryValueEx (
  2339. a_Key ,
  2340. a_Name ,
  2341. 0 ,
  2342. & t_ValueType ,
  2343. NULL ,
  2344. & t_DataSize
  2345. ) ;
  2346. if ( ( t_RegResult == ERROR_SUCCESS ) && ( t_ValueType == REG_BINARY ) )
  2347. {
  2348. t_Data = new BYTE [ t_DataSize ] ;
  2349. if ( t_Data )
  2350. {
  2351. t_RegResult = RegQueryValueEx (
  2352. a_Key ,
  2353. a_Name ,
  2354. 0 ,
  2355. & t_ValueType ,
  2356. LPBYTE ( t_Data ) ,
  2357. & t_DataSize
  2358. ) ;
  2359. if ( t_RegResult == ERROR_SUCCESS )
  2360. {
  2361. a_Value = t_Data ;
  2362. a_ValueLength = t_DataSize ;
  2363. }
  2364. else
  2365. {
  2366. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2367. DWORD t_LastError = GetLastError () ;
  2368. _DBG_ASSERT( FALSE ) ;
  2369. }
  2370. }
  2371. else
  2372. {
  2373. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2374. }
  2375. }
  2376. else
  2377. {
  2378. t_Result = ERROR_FILE_NOT_FOUND ;
  2379. }
  2380. return t_Result ;
  2381. }
  2382. /******************************************************************************
  2383. *
  2384. * Name:
  2385. *
  2386. *
  2387. * Description:
  2388. *
  2389. *
  2390. *****************************************************************************/
  2391. HRESULT ProviderSubSystem_Common_Globals :: Save_DWORD ( HKEY a_Key , LPCWSTR a_Name , DWORD a_Value )
  2392. {
  2393. HRESULT t_Result = S_OK ;
  2394. DWORD t_ValueType = REG_DWORD ;
  2395. DWORD t_DataSize = sizeof ( t_ValueType ) ;
  2396. LONG t_RegResult = RegSetValueEx (
  2397. a_Key ,
  2398. a_Name ,
  2399. 0 ,
  2400. t_ValueType ,
  2401. LPBYTE ( & a_Value ) ,
  2402. t_DataSize
  2403. ) ;
  2404. if ( t_RegResult != ERROR_SUCCESS )
  2405. {
  2406. t_Result = WBEM_E_INVALID_PROVIDER_REGISTRATION ;
  2407. }
  2408. return t_Result ;
  2409. }
  2410. /******************************************************************************
  2411. *
  2412. * Name:
  2413. *
  2414. *
  2415. * Description:
  2416. *
  2417. *
  2418. *****************************************************************************/
  2419. HRESULT ProviderSubSystem_Common_Globals :: Save_String ( HKEY a_Key , LPCWSTR a_Name , BSTR a_Value )
  2420. {
  2421. HRESULT t_Result = S_OK ;
  2422. DWORD t_ValueType = REG_SZ ;
  2423. DWORD t_DataSize = wcslen ( a_Value ) + 1 ;
  2424. LONG t_RegResult = RegSetValueEx (
  2425. a_Key ,
  2426. a_Name ,
  2427. 0 ,
  2428. t_ValueType ,
  2429. LPBYTE ( a_Value ) ,
  2430. t_DataSize * sizeof ( wchar_t )
  2431. ) ;
  2432. if ( t_RegResult != ERROR_SUCCESS )
  2433. {
  2434. t_Result = WBEM_E_INVALID_PROVIDER_REGISTRATION ;
  2435. }
  2436. return t_Result ;
  2437. }
  2438. /******************************************************************************
  2439. *
  2440. * Name:
  2441. *
  2442. *
  2443. * Description:
  2444. *
  2445. *
  2446. *****************************************************************************/
  2447. HRESULT ProviderSubSystem_Common_Globals :: Save_ByteArray ( HKEY a_Key , LPCWSTR a_Name , BYTE *a_Value , DWORD a_ValueLength )
  2448. {
  2449. HRESULT t_Result = S_OK ;
  2450. DWORD t_ValueType = REG_BINARY ;
  2451. LONG t_RegResult = RegSetValueEx (
  2452. a_Key ,
  2453. a_Name ,
  2454. 0 ,
  2455. t_ValueType ,
  2456. LPBYTE ( a_Value ) ,
  2457. a_ValueLength
  2458. ) ;
  2459. if ( t_RegResult != ERROR_SUCCESS )
  2460. {
  2461. t_Result = WBEM_E_INVALID_PROVIDER_REGISTRATION ;
  2462. }
  2463. return t_Result ;
  2464. }
  2465. /******************************************************************************
  2466. *
  2467. * Name:
  2468. *
  2469. *
  2470. * Description:
  2471. *
  2472. *
  2473. *****************************************************************************/
  2474. HRESULT ProviderSubSystem_Common_Globals :: UnMarshalRegistration (
  2475. IUnknown **a_Unknown ,
  2476. BYTE *a_MarshaledProxy ,
  2477. DWORD a_MarshaledProxyLength
  2478. )
  2479. {
  2480. HRESULT t_Result = S_OK ;
  2481. IStream *t_Stream = NULL ;
  2482. HGLOBAL t_Global = GlobalAlloc (
  2483. GHND ,
  2484. a_MarshaledProxyLength
  2485. ) ;
  2486. if ( t_Global )
  2487. {
  2488. void *t_Memory = GlobalLock ( t_Global ) ;
  2489. CopyMemory ( t_Memory , a_MarshaledProxy , a_MarshaledProxyLength ) ;
  2490. GlobalUnlock ( t_Global ) ;
  2491. t_Result = CreateStreamOnHGlobal (
  2492. t_Global ,
  2493. TRUE ,
  2494. & t_Stream
  2495. ) ;
  2496. if ( SUCCEEDED ( t_Result ) )
  2497. {
  2498. t_Result = CoUnmarshalInterface (
  2499. t_Stream ,
  2500. IID_IUnknown ,
  2501. ( void ** ) a_Unknown
  2502. ) ;
  2503. t_Stream->Release () ;
  2504. }
  2505. }
  2506. else
  2507. {
  2508. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2509. }
  2510. return t_Result ;
  2511. }
  2512. /******************************************************************************
  2513. *
  2514. * Name:
  2515. *
  2516. *
  2517. * Description:
  2518. *
  2519. *
  2520. *****************************************************************************/
  2521. HRESULT ProviderSubSystem_Common_Globals :: ReleaseRegistration (
  2522. BYTE *a_MarshaledProxy ,
  2523. DWORD a_MarshaledProxyLength
  2524. )
  2525. {
  2526. HRESULT t_Result = S_OK ;
  2527. IStream *t_Stream = NULL ;
  2528. HGLOBAL t_Global = GlobalAlloc (
  2529. GHND ,
  2530. a_MarshaledProxyLength
  2531. ) ;
  2532. if ( t_Global )
  2533. {
  2534. void *t_Memory = GlobalLock ( t_Global ) ;
  2535. CopyMemory ( t_Memory , a_MarshaledProxy , a_MarshaledProxyLength ) ;
  2536. GlobalUnlock ( t_Global ) ;
  2537. t_Result = CreateStreamOnHGlobal (
  2538. t_Global ,
  2539. TRUE ,
  2540. & t_Stream
  2541. ) ;
  2542. if ( SUCCEEDED ( t_Result ) )
  2543. {
  2544. t_Result = CoReleaseMarshalData (
  2545. t_Stream
  2546. ) ;
  2547. t_Stream->Release () ;
  2548. }
  2549. }
  2550. else
  2551. {
  2552. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2553. }
  2554. return t_Result ;
  2555. }
  2556. /******************************************************************************
  2557. *
  2558. * Name:
  2559. *
  2560. *
  2561. * Description:
  2562. *
  2563. *
  2564. *****************************************************************************/
  2565. HRESULT ProviderSubSystem_Common_Globals :: MarshalRegistration (
  2566. IUnknown *a_Unknown ,
  2567. BYTE *&a_MarshaledProxy ,
  2568. DWORD &a_MarshaledProxyLength
  2569. )
  2570. {
  2571. HRESULT t_Result = S_OK ;
  2572. t_Result = CoGetMarshalSizeMax (
  2573. & a_MarshaledProxyLength ,
  2574. IID_IUnknown ,
  2575. a_Unknown ,
  2576. MSHCTX_LOCAL ,
  2577. NULL ,
  2578. MSHLFLAGS_TABLESTRONG
  2579. ) ;
  2580. if ( SUCCEEDED ( t_Result ) )
  2581. {
  2582. IStream *t_Stream = NULL ;
  2583. HGLOBAL t_Global = GlobalAlloc (
  2584. GHND ,
  2585. a_MarshaledProxyLength
  2586. ) ;
  2587. if ( t_Global )
  2588. {
  2589. t_Result = CreateStreamOnHGlobal (
  2590. t_Global ,
  2591. TRUE ,
  2592. & t_Stream
  2593. ) ;
  2594. if ( SUCCEEDED ( t_Result ) )
  2595. {
  2596. t_Result = CoMarshalInterface (
  2597. t_Stream ,
  2598. IID_IUnknown ,
  2599. a_Unknown ,
  2600. MSHCTX_LOCAL ,
  2601. NULL ,
  2602. MSHLFLAGS_TABLESTRONG
  2603. ) ;
  2604. if ( SUCCEEDED ( t_Result ) )
  2605. {
  2606. a_MarshaledProxy = new BYTE [ a_MarshaledProxyLength ] ;
  2607. if ( a_MarshaledProxy )
  2608. {
  2609. void *t_Memory = GlobalLock ( t_Global ) ;
  2610. CopyMemory ( a_MarshaledProxy , t_Memory , a_MarshaledProxyLength ) ;
  2611. GlobalUnlock ( t_Global ) ;
  2612. }
  2613. else
  2614. {
  2615. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2616. }
  2617. }
  2618. t_Stream->Release();
  2619. }
  2620. }
  2621. else
  2622. {
  2623. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2624. }
  2625. }
  2626. return t_Result ;
  2627. }
  2628. /******************************************************************************
  2629. *
  2630. * Name:
  2631. *
  2632. *
  2633. * Description:
  2634. *
  2635. *
  2636. *****************************************************************************/
  2637. HRESULT ProviderSubSystem_Common_Globals :: IsDependantCall ( IWbemContext *a_ParentContext , IWbemContext *a_ChildContext , BOOL &a_DependantCall )
  2638. {
  2639. HRESULT t_Result = S_OK ;
  2640. if ( a_ParentContext )
  2641. {
  2642. if ( a_ChildContext )
  2643. {
  2644. IWbemCausalityAccess *t_ParentCausality = NULL ;
  2645. t_Result = a_ParentContext->QueryInterface ( IID_IWbemCausalityAccess , ( void ** ) & t_ParentCausality ) ;
  2646. if ( SUCCEEDED ( t_Result ) )
  2647. {
  2648. IWbemCausalityAccess *t_ChildCausality = NULL ;
  2649. t_Result = a_ChildContext->QueryInterface ( IID_IWbemCausalityAccess , ( void ** ) & t_ChildCausality ) ;
  2650. if ( SUCCEEDED ( t_Result ) )
  2651. {
  2652. REQUESTID t_ParentId ;
  2653. t_Result = t_ParentCausality->GetRequestId ( & t_ParentId ) ;
  2654. if ( SUCCEEDED ( t_Result ) )
  2655. {
  2656. t_Result = t_ChildCausality->IsChildOf ( t_ParentId ) ;
  2657. if ( SUCCEEDED ( t_Result ) )
  2658. {
  2659. a_DependantCall = ( t_Result == S_FALSE ) ? FALSE : TRUE ;
  2660. t_Result = S_OK;
  2661. }
  2662. }
  2663. t_ChildCausality->Release () ;
  2664. }
  2665. else
  2666. {
  2667. t_Result = WBEM_E_UNEXPECTED ;
  2668. }
  2669. t_ParentCausality->Release () ;
  2670. }
  2671. }
  2672. }
  2673. _DBG_ASSERT( SUCCEEDED(t_Result));
  2674. return t_Result ;
  2675. }
  2676. /******************************************************************************
  2677. *
  2678. * Name:
  2679. *
  2680. *
  2681. * Description:
  2682. *
  2683. *
  2684. *****************************************************************************/
  2685. HRESULT ProviderSubSystem_Common_Globals :: Check_SecurityDescriptor_CallIdentity (
  2686. SECURITY_DESCRIPTOR *a_SecurityDescriptor ,
  2687. DWORD a_Access ,
  2688. GENERIC_MAPPING *a_Mapping,
  2689. SECURITY_DESCRIPTOR *defaultSD
  2690. )
  2691. {
  2692. HRESULT t_Result = S_OK ;
  2693. SECURITY_DESCRIPTOR *t_SecurityDescriptor = a_SecurityDescriptor ? a_SecurityDescriptor : defaultSD ;
  2694. HANDLE t_Token = NULL ;
  2695. BOOL t_Status = OpenThreadToken (
  2696. GetCurrentThread () ,
  2697. TOKEN_QUERY ,
  2698. TRUE ,
  2699. & t_Token
  2700. ) ;
  2701. DWORD t_LastError = GetLastError () ;
  2702. if ( ! t_Status && ( t_LastError == ERROR_NO_IMPERSONATION_TOKEN || t_LastError == ERROR_NO_TOKEN ) )
  2703. {
  2704. HANDLE t_ProcessToken = NULL ;
  2705. t_Status = OpenProcessToken (
  2706. GetCurrentProcess () ,
  2707. TOKEN_QUERY | TOKEN_DUPLICATE ,
  2708. & t_ProcessToken
  2709. ) ;
  2710. if ( t_Status )
  2711. {
  2712. t_Status = ImpersonateLoggedOnUser ( t_ProcessToken ) ;
  2713. if ( t_Status )
  2714. {
  2715. BOOL t_Status = OpenThreadToken (
  2716. GetCurrentThread () ,
  2717. TOKEN_QUERY ,
  2718. TRUE ,
  2719. & t_Token
  2720. ) ;
  2721. if ( ! t_Status )
  2722. {
  2723. DWORD t_LastError = GetLastError () ;
  2724. t_Result = WBEM_E_ACCESS_DENIED ;
  2725. }
  2726. RevertToSelf () ;
  2727. }
  2728. else
  2729. {
  2730. DWORD t_LastError = GetLastError () ;
  2731. t_Result = WBEM_E_ACCESS_DENIED ;
  2732. }
  2733. CloseHandle ( t_ProcessToken ) ;
  2734. }
  2735. else
  2736. {
  2737. t_Result = WBEM_E_ACCESS_DENIED ;
  2738. }
  2739. }
  2740. else
  2741. {
  2742. if ( ! t_Status )
  2743. {
  2744. t_Result = WBEM_E_ACCESS_DENIED ;
  2745. }
  2746. }
  2747. if ( SUCCEEDED ( t_Result ) )
  2748. {
  2749. DWORD t_Access = 0 ;
  2750. BOOL t_AccessStatus = FALSE ;
  2751. PRIVILEGE_SET *t_PrivilegeSet = NULL ;
  2752. DWORD t_PrivilegeSetSize = 0 ;
  2753. MapGenericMask (
  2754. & a_Access ,
  2755. a_Mapping
  2756. ) ;
  2757. t_Status = AccessCheck (
  2758. t_SecurityDescriptor ,
  2759. t_Token,
  2760. a_Access ,
  2761. a_Mapping ,
  2762. NULL ,
  2763. & t_PrivilegeSetSize ,
  2764. & t_Access ,
  2765. & t_AccessStatus
  2766. ) ;
  2767. if ( t_Status && t_AccessStatus )
  2768. {
  2769. }
  2770. else
  2771. {
  2772. DWORD t_LastError = GetLastError () ;
  2773. if ( t_LastError == ERROR_INSUFFICIENT_BUFFER )
  2774. {
  2775. t_PrivilegeSet = ( PRIVILEGE_SET * ) new BYTE [ t_PrivilegeSetSize ] ;
  2776. if ( t_PrivilegeSet )
  2777. {
  2778. t_Status = AccessCheck (
  2779. t_SecurityDescriptor ,
  2780. t_Token,
  2781. a_Access ,
  2782. a_Mapping ,
  2783. t_PrivilegeSet ,
  2784. & t_PrivilegeSetSize ,
  2785. & t_Access ,
  2786. & t_AccessStatus
  2787. ) ;
  2788. if ( t_Status && t_AccessStatus )
  2789. {
  2790. }
  2791. else
  2792. {
  2793. t_Result = WBEM_E_ACCESS_DENIED ;
  2794. }
  2795. delete [] ( BYTE * ) t_PrivilegeSet ;
  2796. }
  2797. else
  2798. {
  2799. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2800. }
  2801. }
  2802. else
  2803. {
  2804. t_Result = WBEM_E_ACCESS_DENIED;
  2805. }
  2806. }
  2807. CloseHandle ( t_Token ) ;
  2808. }
  2809. return t_Result ;
  2810. }
  2811. /******************************************************************************
  2812. *
  2813. * Name:
  2814. *
  2815. *
  2816. * Description:
  2817. *
  2818. *
  2819. *****************************************************************************/
  2820. HRESULT ProviderSubSystem_Common_Globals :: AdjustSecurityDescriptorWithSid (
  2821. SID *a_OwnerSid ,
  2822. SID *a_GroupSid ,
  2823. DWORD a_Access ,
  2824. SECURITY_DESCRIPTOR *&a_SecurityDescriptor ,
  2825. SECURITY_DESCRIPTOR *&a_AlteredSecurityDescriptor
  2826. )
  2827. {
  2828. HRESULT t_Result = S_OK ;
  2829. SECURITY_DESCRIPTOR t_CreatedSecurityDescriptor ;
  2830. SECURITY_DESCRIPTOR *t_SecurityDescriptor = NULL ;
  2831. PACL t_Dacl = NULL ;
  2832. PACL t_Sacl = NULL ;
  2833. PSID t_Owner = NULL ;
  2834. PSID t_PrimaryGroup = NULL ;
  2835. SECURITY_DESCRIPTOR *t_AlteredSecurityDescriptor = NULL ;
  2836. if ( SUCCEEDED ( t_Result ) )
  2837. {
  2838. if ( a_SecurityDescriptor )
  2839. {
  2840. DWORD t_AlteredSecurityDescriptorSize = sizeof ( SECURITY_DESCRIPTOR ) ;
  2841. DWORD t_DaclSize = 0 ;
  2842. DWORD t_SaclSize = 0 ;
  2843. DWORD t_OwnerSize = 0 ;
  2844. DWORD t_PrimaryGroupSize = 0 ;
  2845. BOOL t_Status = MakeAbsoluteSD (
  2846. a_SecurityDescriptor ,
  2847. t_AlteredSecurityDescriptor ,
  2848. & t_AlteredSecurityDescriptorSize ,
  2849. t_Dacl,
  2850. & t_DaclSize,
  2851. t_Sacl,
  2852. & t_SaclSize,
  2853. t_Owner,
  2854. & t_OwnerSize,
  2855. t_PrimaryGroup,
  2856. & t_PrimaryGroupSize
  2857. ) ;
  2858. if ( ( t_Status == FALSE ) && GetLastError () == ERROR_INSUFFICIENT_BUFFER )
  2859. {
  2860. DWORD t_SidLength = GetLengthSid ( a_OwnerSid ) ;
  2861. DWORD t_ExtraSize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  2862. t_Dacl = ( PACL ) new BYTE [ t_DaclSize + t_ExtraSize ] ;
  2863. t_Sacl = ( PACL ) new BYTE [ t_SaclSize ] ;
  2864. t_Owner = ( PSID ) new BYTE [ t_OwnerSize ] ;
  2865. t_PrimaryGroup = ( PSID ) new BYTE [ t_PrimaryGroupSize ] ;
  2866. t_AlteredSecurityDescriptor = ( SECURITY_DESCRIPTOR * ) new BYTE [ t_AlteredSecurityDescriptorSize ] ;
  2867. if ( t_AlteredSecurityDescriptor && t_Dacl && t_Sacl && t_Owner && t_PrimaryGroup )
  2868. {
  2869. BOOL t_Status = InitializeSecurityDescriptor ( t_AlteredSecurityDescriptor , SECURITY_DESCRIPTOR_REVISION ) ;
  2870. if ( t_Status )
  2871. {
  2872. t_Status = MakeAbsoluteSD (
  2873. a_SecurityDescriptor ,
  2874. t_AlteredSecurityDescriptor ,
  2875. & t_AlteredSecurityDescriptorSize ,
  2876. t_Dacl,
  2877. & t_DaclSize,
  2878. t_Sacl,
  2879. & t_SaclSize,
  2880. t_Owner,
  2881. & t_OwnerSize,
  2882. t_PrimaryGroup,
  2883. & t_PrimaryGroupSize
  2884. ) ;
  2885. if ( t_Status )
  2886. {
  2887. t_SecurityDescriptor = t_AlteredSecurityDescriptor ;
  2888. if ( t_OwnerSize == 0 )
  2889. {
  2890. t_Status = SetSecurityDescriptorOwner (
  2891. t_SecurityDescriptor ,
  2892. a_OwnerSid ,
  2893. FALSE
  2894. ) ;
  2895. if ( ! t_Status )
  2896. {
  2897. t_Result = WBEM_E_CRITICAL_ERROR ;
  2898. }
  2899. }
  2900. if ( SUCCEEDED ( t_Result ) )
  2901. {
  2902. if ( t_PrimaryGroupSize == 0 )
  2903. {
  2904. t_Status = SetSecurityDescriptorGroup (
  2905. t_SecurityDescriptor ,
  2906. a_GroupSid ,
  2907. FALSE
  2908. ) ;
  2909. if ( ! t_Status )
  2910. {
  2911. t_Result = WBEM_E_CRITICAL_ERROR ;
  2912. }
  2913. }
  2914. }
  2915. }
  2916. else
  2917. {
  2918. t_Result = WBEM_E_CRITICAL_ERROR ;
  2919. }
  2920. }
  2921. else
  2922. {
  2923. t_Result = WBEM_E_CRITICAL_ERROR ;
  2924. }
  2925. }
  2926. else
  2927. {
  2928. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2929. }
  2930. }
  2931. else
  2932. {
  2933. t_Result = WBEM_E_CRITICAL_ERROR ;
  2934. }
  2935. }
  2936. else
  2937. {
  2938. BOOL t_Status = InitializeSecurityDescriptor ( & t_CreatedSecurityDescriptor , SECURITY_DESCRIPTOR_REVISION ) ;
  2939. if ( t_Status )
  2940. {
  2941. t_Status = SetSecurityDescriptorOwner (
  2942. & t_CreatedSecurityDescriptor ,
  2943. a_OwnerSid ,
  2944. FALSE
  2945. ) ;
  2946. if ( ! t_Status )
  2947. {
  2948. t_Result = WBEM_E_CRITICAL_ERROR ;
  2949. }
  2950. if ( SUCCEEDED ( t_Result ) )
  2951. {
  2952. t_Status = SetSecurityDescriptorGroup (
  2953. & t_CreatedSecurityDescriptor ,
  2954. a_GroupSid ,
  2955. FALSE
  2956. ) ;
  2957. if ( ! t_Status )
  2958. {
  2959. t_Result = WBEM_E_CRITICAL_ERROR ;
  2960. }
  2961. }
  2962. }
  2963. else
  2964. {
  2965. t_Result = WBEM_E_CRITICAL_ERROR ;
  2966. }
  2967. t_SecurityDescriptor = & t_CreatedSecurityDescriptor ;
  2968. }
  2969. }
  2970. SID_IDENTIFIER_AUTHORITY t_NtAuthoritySid = SECURITY_NT_AUTHORITY ;
  2971. DWORD t_SidLength = GetLengthSid ( a_OwnerSid ) ;
  2972. PACL t_ExtraDacl = NULL ;
  2973. ACCESS_ALLOWED_ACE *t_Ace = NULL ;
  2974. DWORD t_AceSize = 0 ;
  2975. if ( SUCCEEDED ( t_Result ) )
  2976. {
  2977. t_AceSize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  2978. t_Ace = (ACCESS_ALLOWED_ACE*) new BYTE [ t_AceSize ] ;
  2979. if ( t_Ace )
  2980. {
  2981. CopySid ( t_SidLength, (PSID) & t_Ace->SidStart, a_OwnerSid ) ;
  2982. t_Ace->Mask = a_Access ;
  2983. t_Ace->Header.AceType = 0 ;
  2984. t_Ace->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ;
  2985. t_Ace->Header.AceSize = t_AceSize ;
  2986. }
  2987. else
  2988. {
  2989. t_Result = WBEM_E_OUT_OF_MEMORY ;
  2990. }
  2991. }
  2992. if ( SUCCEEDED ( t_Result ) )
  2993. {
  2994. ACL_SIZE_INFORMATION t_Size ;
  2995. if ( t_Dacl )
  2996. {
  2997. BOOL t_Status = GetAclInformation (
  2998. t_Dacl ,
  2999. & t_Size ,
  3000. sizeof ( t_Size ) ,
  3001. AclSizeInformation
  3002. );
  3003. if ( t_Status )
  3004. {
  3005. DWORD t_ExtraSize = t_Size.AclBytesInUse + t_Size.AclBytesFree + ( sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ) ;
  3006. t_ExtraSize = t_ExtraSize + s_LocalService_ACESize + s_NetworkService_ACESize + s_System_ACESize + s_LocalAdmins_ACESize ;
  3007. t_ExtraDacl = ( PACL ) new BYTE [ t_ExtraSize ] ;
  3008. if ( t_ExtraDacl )
  3009. {
  3010. CopyMemory ( t_ExtraDacl , t_Dacl , t_Size.AclBytesInUse + t_Size.AclBytesFree ) ;
  3011. t_ExtraDacl->AclSize = t_ExtraSize ;
  3012. }
  3013. else
  3014. {
  3015. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3016. }
  3017. }
  3018. else
  3019. {
  3020. t_Result = WBEM_E_CRITICAL_ERROR ;
  3021. }
  3022. }
  3023. else
  3024. {
  3025. DWORD t_SidLength = GetLengthSid ( a_OwnerSid ) ;
  3026. DWORD t_ExtraSize = sizeof ( ACL ) + ( sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ) ;
  3027. t_ExtraSize = t_ExtraSize + s_LocalService_ACESize + s_NetworkService_ACESize + s_System_ACESize + s_LocalAdmins_ACESize ;
  3028. t_ExtraDacl = ( PACL ) new BYTE [ t_ExtraSize ] ;
  3029. if ( t_ExtraDacl )
  3030. {
  3031. BOOL t_Status = InitializeAcl (
  3032. t_ExtraDacl ,
  3033. t_ExtraSize ,
  3034. ACL_REVISION
  3035. ) ;
  3036. if ( t_Status )
  3037. {
  3038. BOOL t_Status = GetAclInformation (
  3039. t_ExtraDacl ,
  3040. & t_Size ,
  3041. sizeof ( t_Size ) ,
  3042. AclSizeInformation
  3043. );
  3044. if ( ! t_Status )
  3045. {
  3046. t_Result = WBEM_E_CRITICAL_ERROR ;
  3047. }
  3048. }
  3049. else
  3050. {
  3051. t_Result = WBEM_E_CRITICAL_ERROR ;
  3052. }
  3053. }
  3054. else
  3055. {
  3056. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3057. }
  3058. }
  3059. DWORD t_AceIndex = 0 ;
  3060. if ( SUCCEEDED ( t_Result ) )
  3061. {
  3062. BOOL t_Status = :: AddAce ( t_ExtraDacl , ACL_REVISION, t_Size.AceCount , t_Ace , t_AceSize ) ;
  3063. if ( t_Status )
  3064. {
  3065. t_AceIndex ++ ;
  3066. }
  3067. else
  3068. {
  3069. t_Result = WBEM_E_CRITICAL_ERROR ;
  3070. }
  3071. }
  3072. if ( SUCCEEDED ( t_Result ) )
  3073. {
  3074. if ( s_System_ACESize && :: AddAce ( t_ExtraDacl , ACL_REVISION , t_AceIndex , s_Provider_System_ACE , s_System_ACESize ) )
  3075. {
  3076. t_AceIndex ++ ;
  3077. }
  3078. else
  3079. {
  3080. t_Result = WBEM_E_CRITICAL_ERROR ;
  3081. }
  3082. }
  3083. if ( SUCCEEDED ( t_Result ) )
  3084. {
  3085. if ( s_LocalService_ACESize && :: AddAce ( t_ExtraDacl , ACL_REVISION , t_AceIndex , s_Provider_LocalService_ACE , s_LocalService_ACESize ) )
  3086. {
  3087. t_AceIndex ++ ;
  3088. }
  3089. else
  3090. {
  3091. t_Result = WBEM_E_CRITICAL_ERROR ;
  3092. }
  3093. }
  3094. if ( SUCCEEDED ( t_Result ) )
  3095. {
  3096. if ( s_NetworkService_ACESize && :: AddAce ( t_ExtraDacl , ACL_REVISION , t_AceIndex , s_Provider_NetworkService_ACE , s_NetworkService_ACESize ) )
  3097. {
  3098. t_AceIndex ++ ;
  3099. }
  3100. else
  3101. {
  3102. t_Result = WBEM_E_CRITICAL_ERROR ;
  3103. }
  3104. }
  3105. if ( SUCCEEDED ( t_Result ) )
  3106. {
  3107. if ( s_LocalAdmins_ACESize && :: AddAce ( t_ExtraDacl , ACL_REVISION , t_AceIndex , s_Provider_LocalAdmins_ACE , s_LocalAdmins_ACESize ) )
  3108. {
  3109. t_AceIndex ++ ;
  3110. }
  3111. else
  3112. {
  3113. t_Result = WBEM_E_CRITICAL_ERROR ;
  3114. }
  3115. }
  3116. if ( SUCCEEDED ( t_Result ) )
  3117. {
  3118. BOOL t_Status = SetSecurityDescriptorDacl (
  3119. t_SecurityDescriptor ,
  3120. TRUE ,
  3121. t_ExtraDacl ,
  3122. FALSE
  3123. ) ;
  3124. if ( t_Status )
  3125. {
  3126. DWORD t_FinalLength = 0 ;
  3127. t_Status = MakeSelfRelativeSD (
  3128. t_SecurityDescriptor ,
  3129. a_AlteredSecurityDescriptor ,
  3130. & t_FinalLength
  3131. ) ;
  3132. if ( t_Status == FALSE && GetLastError () == ERROR_INSUFFICIENT_BUFFER )
  3133. {
  3134. a_AlteredSecurityDescriptor = ( SECURITY_DESCRIPTOR * ) new BYTE [ t_FinalLength ] ;
  3135. if ( a_AlteredSecurityDescriptor )
  3136. {
  3137. t_Status = MakeSelfRelativeSD (
  3138. t_SecurityDescriptor ,
  3139. a_AlteredSecurityDescriptor ,
  3140. & t_FinalLength
  3141. ) ;
  3142. if ( t_Status == FALSE )
  3143. {
  3144. t_Result = WBEM_E_CRITICAL_ERROR ;
  3145. }
  3146. }
  3147. else
  3148. {
  3149. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3150. }
  3151. }
  3152. }
  3153. else
  3154. {
  3155. t_Result = WBEM_E_CRITICAL_ERROR ;
  3156. }
  3157. }
  3158. delete [] t_Ace ;
  3159. delete [] t_ExtraDacl ;
  3160. }
  3161. delete [] ( BYTE * ) t_Dacl ;
  3162. delete [] ( BYTE * ) t_Sacl ;
  3163. delete [] ( BYTE * ) t_Owner ;
  3164. delete [] ( BYTE * ) t_PrimaryGroup ;
  3165. delete [] ( BYTE * ) t_AlteredSecurityDescriptor ;
  3166. return t_Result ;
  3167. }
  3168. /******************************************************************************
  3169. *
  3170. * Name:
  3171. *
  3172. *
  3173. * Description:
  3174. *
  3175. *
  3176. *****************************************************************************/
  3177. HRESULT ProviderSubSystem_Common_Globals :: CreateSystemAces ()
  3178. {
  3179. HRESULT t_Result = S_OK ;
  3180. SID_IDENTIFIER_AUTHORITY t_NtAuthoritySid = SECURITY_NT_AUTHORITY ;
  3181. PSID t_System_Sid = NULL ;
  3182. PSID t_LocalService_Sid = NULL ;
  3183. PSID t_NetworkService_Sid = NULL ;
  3184. PSID t_LocalAdmins_Sid = NULL ;
  3185. BOOL t_BoolResult = AllocateAndInitializeSid (
  3186. & t_NtAuthoritySid ,
  3187. 1 ,
  3188. SECURITY_LOCAL_SYSTEM_RID,
  3189. 0,
  3190. 0,
  3191. 0,
  3192. 0,
  3193. 0,
  3194. 0,
  3195. 0,
  3196. & t_System_Sid
  3197. );
  3198. if ( t_BoolResult )
  3199. {
  3200. DWORD t_SidLength = ::GetLengthSid ( t_System_Sid );
  3201. s_System_ACESize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  3202. s_Provider_System_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_System_ACESize ] ;
  3203. if ( s_Provider_System_ACE )
  3204. {
  3205. CopySid ( t_SidLength, (PSID) & s_Provider_System_ACE->SidStart, t_System_Sid ) ;
  3206. s_Provider_System_ACE->Mask = MASK_PROVIDER_BINDING_BIND ;
  3207. s_Provider_System_ACE->Header.AceType = 0 ;
  3208. s_Provider_System_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ;
  3209. s_Provider_System_ACE->Header.AceSize = s_System_ACESize ;
  3210. s_Token_All_Access_System_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_System_ACESize ] ;
  3211. if ( s_Token_All_Access_System_ACE )
  3212. {
  3213. CopySid ( t_SidLength, (PSID) & s_Token_All_Access_System_ACE->SidStart, t_System_Sid ) ;
  3214. s_Token_All_Access_System_ACE->Mask = TOKEN_ALL_ACCESS ;
  3215. s_Token_All_Access_System_ACE->Header.AceType = 0 ;
  3216. s_Token_All_Access_System_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3217. s_Token_All_Access_System_ACE->Header.AceSize = s_System_ACESize ;
  3218. }
  3219. else
  3220. {
  3221. t_Result = E_OUTOFMEMORY ;
  3222. }
  3223. }
  3224. else
  3225. {
  3226. t_Result = E_OUTOFMEMORY ;
  3227. }
  3228. }
  3229. else
  3230. {
  3231. DWORD t_LastError = ::GetLastError();
  3232. t_Result = E_OUTOFMEMORY ;
  3233. }
  3234. if ( SUCCEEDED ( t_Result ) )
  3235. {
  3236. t_BoolResult = AllocateAndInitializeSid (
  3237. & t_NtAuthoritySid ,
  3238. 1 ,
  3239. SECURITY_LOCAL_SERVICE_RID,
  3240. 0,
  3241. 0,
  3242. 0,
  3243. 0,
  3244. 0,
  3245. 0,
  3246. 0,
  3247. & t_LocalService_Sid
  3248. );
  3249. if ( t_BoolResult )
  3250. {
  3251. DWORD t_SidLength = ::GetLengthSid ( t_LocalService_Sid );
  3252. s_LocalService_ACESize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  3253. s_Provider_LocalService_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_LocalService_ACESize ] ;
  3254. if ( s_Provider_LocalService_ACE )
  3255. {
  3256. CopySid ( t_SidLength, (PSID) & s_Provider_LocalService_ACE->SidStart, t_LocalService_Sid ) ;
  3257. s_Provider_LocalService_ACE->Mask = MASK_PROVIDER_BINDING_BIND ;
  3258. s_Provider_LocalService_ACE->Header.AceType = 0 ;
  3259. s_Provider_LocalService_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3260. s_Provider_LocalService_ACE->Header.AceSize = s_LocalService_ACESize ;
  3261. s_Token_All_Access_LocalService_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_LocalService_ACESize ] ;
  3262. if ( s_Token_All_Access_LocalService_ACE )
  3263. {
  3264. CopySid ( t_SidLength, (PSID) & s_Token_All_Access_LocalService_ACE->SidStart, t_LocalService_Sid ) ;
  3265. s_Token_All_Access_LocalService_ACE->Mask = TOKEN_ALL_ACCESS ;
  3266. s_Token_All_Access_LocalService_ACE->Header.AceType = 0 ;
  3267. s_Token_All_Access_LocalService_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3268. s_Token_All_Access_LocalService_ACE->Header.AceSize = s_LocalService_ACESize ;
  3269. }
  3270. else
  3271. {
  3272. t_Result = E_OUTOFMEMORY ;
  3273. }
  3274. }
  3275. else
  3276. {
  3277. t_Result = E_OUTOFMEMORY ;
  3278. }
  3279. }
  3280. else
  3281. {
  3282. DWORD t_LastError = ::GetLastError();
  3283. t_Result = E_OUTOFMEMORY ;
  3284. }
  3285. }
  3286. if ( SUCCEEDED ( t_Result ) )
  3287. {
  3288. t_BoolResult = AllocateAndInitializeSid (
  3289. & t_NtAuthoritySid ,
  3290. 1 ,
  3291. SECURITY_NETWORK_SERVICE_RID,
  3292. 0,
  3293. 0,
  3294. 0,
  3295. 0,
  3296. 0,
  3297. 0,
  3298. 0,
  3299. & t_NetworkService_Sid
  3300. );
  3301. if ( t_BoolResult )
  3302. {
  3303. DWORD t_SidLength = ::GetLengthSid ( t_NetworkService_Sid );
  3304. s_NetworkService_ACESize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  3305. s_Provider_NetworkService_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_NetworkService_ACESize ] ;
  3306. if ( s_Provider_NetworkService_ACE )
  3307. {
  3308. CopySid ( t_SidLength, (PSID) & s_Provider_NetworkService_ACE->SidStart, t_NetworkService_Sid ) ;
  3309. s_Provider_NetworkService_ACE->Mask = MASK_PROVIDER_BINDING_BIND ;
  3310. s_Provider_NetworkService_ACE->Header.AceType = 0 ;
  3311. s_Provider_NetworkService_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ;
  3312. s_Provider_NetworkService_ACE->Header.AceSize = s_NetworkService_ACESize ;
  3313. s_Token_All_Access_NetworkService_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_NetworkService_ACESize ] ;
  3314. if ( s_Token_All_Access_NetworkService_ACE )
  3315. {
  3316. CopySid ( t_SidLength, (PSID) & s_Token_All_Access_NetworkService_ACE->SidStart, t_NetworkService_Sid ) ;
  3317. s_Token_All_Access_NetworkService_ACE->Mask = TOKEN_ALL_ACCESS ;
  3318. s_Token_All_Access_NetworkService_ACE->Header.AceType = 0 ;
  3319. s_Token_All_Access_NetworkService_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3320. s_Token_All_Access_NetworkService_ACE->Header.AceSize = s_NetworkService_ACESize ;
  3321. }
  3322. else
  3323. {
  3324. t_Result = E_OUTOFMEMORY ;
  3325. }
  3326. }
  3327. else
  3328. {
  3329. t_Result = E_OUTOFMEMORY ;
  3330. }
  3331. }
  3332. else
  3333. {
  3334. DWORD t_LastError = ::GetLastError();
  3335. t_Result = E_OUTOFMEMORY ;
  3336. }
  3337. }
  3338. if ( SUCCEEDED ( t_Result ) )
  3339. {
  3340. t_BoolResult = AllocateAndInitializeSid (
  3341. & t_NtAuthoritySid ,
  3342. 2 ,
  3343. SECURITY_BUILTIN_DOMAIN_RID ,
  3344. DOMAIN_ALIAS_RID_ADMINS ,
  3345. 0,
  3346. 0,
  3347. 0,
  3348. 0,
  3349. 0,
  3350. 0,
  3351. & t_LocalAdmins_Sid
  3352. );
  3353. if ( t_BoolResult )
  3354. {
  3355. DWORD t_SidLength = ::GetLengthSid ( t_LocalAdmins_Sid );
  3356. s_LocalAdmins_ACESize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_SidLength - sizeof(DWORD) ) ;
  3357. s_Provider_LocalAdmins_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_LocalAdmins_ACESize ] ;
  3358. if ( s_Provider_LocalAdmins_ACE )
  3359. {
  3360. CopySid ( t_SidLength, (PSID) & s_Provider_LocalAdmins_ACE->SidStart, t_LocalAdmins_Sid ) ;
  3361. s_Provider_LocalAdmins_ACE->Mask = MASK_PROVIDER_BINDING_BIND ;
  3362. s_Provider_LocalAdmins_ACE->Header.AceType = 0 ;
  3363. s_Provider_LocalAdmins_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3364. s_Provider_LocalAdmins_ACE->Header.AceSize = s_LocalAdmins_ACESize ;
  3365. s_Token_All_Access_LocalAdmins_ACE = (ACCESS_ALLOWED_ACE*) new BYTE [ s_LocalAdmins_ACESize ] ;
  3366. if ( s_Token_All_Access_LocalAdmins_ACE )
  3367. {
  3368. CopySid ( t_SidLength, (PSID) & s_Token_All_Access_LocalAdmins_ACE->SidStart, t_LocalAdmins_Sid ) ;
  3369. s_Token_All_Access_LocalAdmins_ACE->Mask = TOKEN_ALL_ACCESS ;
  3370. s_Token_All_Access_LocalAdmins_ACE->Header.AceType = 0 ;
  3371. s_Token_All_Access_LocalAdmins_ACE->Header.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE ; ;
  3372. s_Token_All_Access_LocalAdmins_ACE->Header.AceSize = s_LocalAdmins_ACESize ;
  3373. }
  3374. else
  3375. {
  3376. t_Result = E_OUTOFMEMORY ;
  3377. }
  3378. }
  3379. else
  3380. {
  3381. t_Result = E_OUTOFMEMORY ;
  3382. }
  3383. }
  3384. else
  3385. {
  3386. DWORD t_LastError = ::GetLastError();
  3387. t_Result = E_OUTOFMEMORY ;
  3388. }
  3389. }
  3390. if ( t_LocalAdmins_Sid )
  3391. {
  3392. FreeSid ( t_LocalAdmins_Sid ) ;
  3393. }
  3394. if ( t_System_Sid )
  3395. {
  3396. FreeSid ( t_System_Sid ) ;
  3397. }
  3398. if ( t_LocalService_Sid )
  3399. {
  3400. FreeSid ( t_LocalService_Sid ) ;
  3401. }
  3402. if ( t_NetworkService_Sid )
  3403. {
  3404. FreeSid ( t_NetworkService_Sid ) ;
  3405. }
  3406. return t_Result ;
  3407. }
  3408. /******************************************************************************
  3409. *
  3410. * Name:
  3411. *
  3412. *
  3413. * Description:
  3414. *
  3415. *
  3416. *****************************************************************************/
  3417. HRESULT ProviderSubSystem_Common_Globals :: DeleteSystemAces ()
  3418. {
  3419. if ( s_Provider_System_ACE )
  3420. {
  3421. delete [] ( ( BYTE * ) s_Provider_System_ACE ) ;
  3422. s_Provider_System_ACE = NULL;
  3423. }
  3424. if ( s_Provider_LocalService_ACE )
  3425. {
  3426. delete [] ( ( BYTE * ) s_Provider_LocalService_ACE ) ;
  3427. s_Provider_LocalService_ACE = NULL;
  3428. }
  3429. if ( s_Provider_NetworkService_ACE )
  3430. {
  3431. delete [] ( ( BYTE * ) s_Provider_NetworkService_ACE ) ;
  3432. s_Provider_NetworkService_ACE = NULL;
  3433. }
  3434. if ( s_Provider_LocalAdmins_ACE )
  3435. {
  3436. delete [] ( ( BYTE * ) s_Provider_LocalAdmins_ACE ) ;
  3437. s_Provider_LocalAdmins_ACE = NULL;
  3438. }
  3439. if ( s_Token_All_Access_System_ACE )
  3440. {
  3441. delete [] ( ( BYTE * ) s_Token_All_Access_System_ACE ) ;
  3442. s_Token_All_Access_System_ACE = NULL;
  3443. }
  3444. if ( s_Token_All_Access_LocalService_ACE )
  3445. {
  3446. delete [] ( ( BYTE * ) s_Token_All_Access_LocalService_ACE ) ;
  3447. s_Token_All_Access_LocalService_ACE = NULL;
  3448. }
  3449. if ( s_Token_All_Access_NetworkService_ACE )
  3450. {
  3451. delete [] ( ( BYTE * ) s_Token_All_Access_NetworkService_ACE ) ;
  3452. s_Token_All_Access_NetworkService_ACE = NULL;
  3453. }
  3454. if ( s_Token_All_Access_LocalAdmins_ACE )
  3455. {
  3456. delete [] ( ( BYTE * ) s_Token_All_Access_LocalAdmins_ACE ) ;
  3457. s_Token_All_Access_LocalAdmins_ACE = NULL;
  3458. }
  3459. return S_OK ;
  3460. }
  3461. /******************************************************************************
  3462. *
  3463. * Name:
  3464. *
  3465. *
  3466. * Description:
  3467. *
  3468. *
  3469. *****************************************************************************/
  3470. HRESULT ProviderSubSystem_Common_Globals :: CheckAccess (
  3471. SECURITY_DESCRIPTOR *a_SecurityDescriptor ,
  3472. DWORD a_Access ,
  3473. GENERIC_MAPPING *a_Mapping
  3474. )
  3475. {
  3476. HRESULT t_Result = S_OK ;
  3477. if ( a_SecurityDescriptor )
  3478. {
  3479. t_Result = CoImpersonateClient () ;
  3480. if ( SUCCEEDED ( t_Result ) || t_Result == RPC_E_CALL_COMPLETE )
  3481. {
  3482. t_Result = ProviderSubSystem_Common_Globals :: Check_SecurityDescriptor_CallIdentity (
  3483. a_SecurityDescriptor ,
  3484. a_Access ,
  3485. a_Mapping
  3486. ) ;
  3487. CoRevertToSelf () ;
  3488. }
  3489. }
  3490. return t_Result ;
  3491. }
  3492. /******************************************************************************
  3493. *
  3494. * Name:
  3495. *
  3496. *
  3497. * Description:
  3498. *
  3499. *
  3500. *****************************************************************************/
  3501. HRESULT ProviderSubSystem_Common_Globals :: GetUserSid (
  3502. HANDLE a_Token ,
  3503. ULONG *a_Size ,
  3504. PSID &a_Sid
  3505. )
  3506. {
  3507. HRESULT t_Result = WBEM_E_FAILED ;
  3508. if ( a_Token )
  3509. {
  3510. if ( a_Size )
  3511. {
  3512. TOKEN_USER *t_TokenUser = NULL ;
  3513. DWORD t_ReturnLength = 0 ;
  3514. TOKEN_INFORMATION_CLASS t_TokenInformationClass = TokenUser ;
  3515. BOOL t_TokenStatus = GetTokenInformation (
  3516. a_Token ,
  3517. t_TokenInformationClass ,
  3518. t_TokenUser ,
  3519. t_ReturnLength ,
  3520. & t_ReturnLength
  3521. ) ;
  3522. if ( ! t_TokenStatus )
  3523. {
  3524. DWORD t_LastError = GetLastError () ;
  3525. switch ( t_LastError )
  3526. {
  3527. case ERROR_INSUFFICIENT_BUFFER:
  3528. {
  3529. t_TokenUser = ( TOKEN_USER * ) new BYTE [ t_ReturnLength ] ;
  3530. if ( t_TokenUser )
  3531. {
  3532. t_TokenStatus = GetTokenInformation (
  3533. a_Token ,
  3534. t_TokenInformationClass ,
  3535. t_TokenUser ,
  3536. t_ReturnLength ,
  3537. & t_ReturnLength
  3538. ) ;
  3539. if ( t_TokenStatus )
  3540. {
  3541. DWORD t_SidLength = GetLengthSid ( t_TokenUser->User.Sid ) ;
  3542. *a_Size = t_SidLength ;
  3543. a_Sid = new BYTE [ t_SidLength ] ;
  3544. if ( a_Sid )
  3545. {
  3546. CopyMemory ( a_Sid , t_TokenUser->User.Sid , t_SidLength ) ;
  3547. t_Result = S_OK ;
  3548. }
  3549. else
  3550. {
  3551. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3552. }
  3553. }
  3554. delete [] t_TokenUser ;
  3555. }
  3556. else
  3557. {
  3558. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3559. }
  3560. }
  3561. break ;
  3562. default:
  3563. {
  3564. }
  3565. break ;
  3566. }
  3567. }
  3568. }
  3569. else
  3570. {
  3571. t_Result = WBEM_E_INVALID_PARAMETER ;
  3572. }
  3573. }
  3574. else
  3575. {
  3576. t_Result = ( ERROR_INVALID_HANDLE | 0x80070000 ) ;
  3577. }
  3578. return t_Result ;
  3579. }
  3580. /******************************************************************************
  3581. *
  3582. * Name:
  3583. *
  3584. *
  3585. * Description:
  3586. *
  3587. *
  3588. *****************************************************************************/
  3589. HRESULT ProviderSubSystem_Common_Globals :: GetGroupSid (
  3590. HANDLE a_Token ,
  3591. ULONG *a_Size ,
  3592. PSID &a_Sid
  3593. )
  3594. {
  3595. HRESULT t_Result = WBEM_E_FAILED ;
  3596. if ( a_Token )
  3597. {
  3598. if ( a_Size )
  3599. {
  3600. TOKEN_PRIMARY_GROUP *t_TokenGroup = NULL ;
  3601. DWORD t_ReturnLength = 0 ;
  3602. TOKEN_INFORMATION_CLASS t_TokenInformationClass = TokenPrimaryGroup ;
  3603. BOOL t_TokenStatus = GetTokenInformation (
  3604. a_Token ,
  3605. t_TokenInformationClass ,
  3606. t_TokenGroup ,
  3607. t_ReturnLength ,
  3608. & t_ReturnLength
  3609. ) ;
  3610. if ( ! t_TokenStatus )
  3611. {
  3612. DWORD t_LastError = GetLastError () ;
  3613. switch ( t_LastError )
  3614. {
  3615. case ERROR_INSUFFICIENT_BUFFER:
  3616. {
  3617. t_TokenGroup = ( TOKEN_PRIMARY_GROUP * ) new BYTE [ t_ReturnLength ] ;
  3618. if ( t_TokenGroup )
  3619. {
  3620. t_TokenStatus = GetTokenInformation (
  3621. a_Token ,
  3622. t_TokenInformationClass ,
  3623. t_TokenGroup ,
  3624. t_ReturnLength ,
  3625. & t_ReturnLength
  3626. ) ;
  3627. if ( t_TokenStatus )
  3628. {
  3629. DWORD t_SidLength = GetLengthSid ( t_TokenGroup->PrimaryGroup ) ;
  3630. *a_Size = t_SidLength ;
  3631. a_Sid = new BYTE [ t_SidLength ] ;
  3632. if ( a_Sid )
  3633. {
  3634. CopyMemory ( a_Sid , t_TokenGroup->PrimaryGroup , t_SidLength ) ;
  3635. t_Result = S_OK ;
  3636. }
  3637. else
  3638. {
  3639. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3640. }
  3641. }
  3642. delete [] t_TokenGroup ;
  3643. }
  3644. else
  3645. {
  3646. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3647. }
  3648. }
  3649. break ;
  3650. default:
  3651. {
  3652. }
  3653. break ;
  3654. }
  3655. }
  3656. }
  3657. else
  3658. {
  3659. t_Result = WBEM_E_INVALID_PARAMETER ;
  3660. }
  3661. }
  3662. else
  3663. {
  3664. t_Result = ( ERROR_INVALID_HANDLE | 0x80070000 ) ;
  3665. }
  3666. return t_Result ;
  3667. }
  3668. /******************************************************************************
  3669. *
  3670. * Name:
  3671. *
  3672. *
  3673. * Description:
  3674. *
  3675. *
  3676. *****************************************************************************/
  3677. HRESULT ProviderSubSystem_Common_Globals :: GetAceWithProcessTokenUser (
  3678. DWORD a_ProcessIdentifier ,
  3679. WORD &a_AceSize ,
  3680. ACCESS_ALLOWED_ACE *&a_Ace
  3681. )
  3682. {
  3683. HRESULT t_Result = WBEM_E_ACCESS_DENIED ;
  3684. HANDLE t_ProcessHandle = OpenProcess (
  3685. MAXIMUM_ALLOWED ,
  3686. FALSE ,
  3687. a_ProcessIdentifier
  3688. ) ;
  3689. if ( t_ProcessHandle )
  3690. {
  3691. HANDLE t_ProcessToken = NULL ;
  3692. BOOL t_Status = OpenProcessToken (
  3693. t_ProcessHandle ,
  3694. TOKEN_QUERY,
  3695. & t_ProcessToken
  3696. ) ;
  3697. if ( t_Status )
  3698. {
  3699. DWORD t_OwnerSize = 0 ;
  3700. PSID t_OwnerSid = NULL ;
  3701. BOOL t_OwnerDefaulted = FALSE ;
  3702. t_Result = GetUserSid (
  3703. t_ProcessToken ,
  3704. & t_OwnerSize ,
  3705. t_OwnerSid
  3706. ) ;
  3707. if ( SUCCEEDED ( t_Result ) )
  3708. {
  3709. ACCESS_ALLOWED_ACE *t_Ace = NULL ;
  3710. DWORD t_AceSize = 0 ;
  3711. t_AceSize = sizeof(ACCESS_ALLOWED_ACE) + (WORD) ( t_OwnerSize - sizeof(DWORD) ) ;
  3712. t_Ace = (ACCESS_ALLOWED_ACE*) new BYTE [ t_AceSize ] ;
  3713. if ( t_Ace )
  3714. {
  3715. CopySid ( t_OwnerSize, (PSID) & t_Ace->SidStart, t_OwnerSid ) ;
  3716. t_Ace->Mask = TOKEN_ALL_ACCESS ;
  3717. t_Ace->Header.AceType = 0 ;
  3718. t_Ace->Header.AceFlags = 0 ;
  3719. t_Ace->Header.AceSize = t_AceSize ;
  3720. a_Ace = t_Ace ;
  3721. a_AceSize = t_AceSize ;
  3722. }
  3723. else
  3724. {
  3725. t_Result = WBEM_E_OUT_OF_MEMORY ;
  3726. }
  3727. delete [] ( BYTE * ) t_OwnerSid ;
  3728. }
  3729. CloseHandle ( t_ProcessToken ) ;
  3730. }
  3731. CloseHandle ( t_ProcessHandle ) ;
  3732. }
  3733. else
  3734. t_Result = MAKE_HRESULT(1, FACILITY_WIN32, RPC_S_SERVER_UNAVAILABLE);
  3735. return t_Result ;
  3736. }
  3737. /******************************************************************************
  3738. *
  3739. * Name:
  3740. *
  3741. *
  3742. * Description:
  3743. *
  3744. *
  3745. *****************************************************************************/
  3746. HRESULT ProviderSubSystem_Common_Globals :: SinkAccessInitialize (
  3747. SECURITY_DESCRIPTOR *a_RegistrationSecurityDescriptor ,
  3748. SECURITY_DESCRIPTOR *&a_SinkSecurityDescriptor
  3749. )
  3750. {
  3751. HRESULT t_Result = CoImpersonateClient () ;
  3752. HANDLE t_Token = NULL ;
  3753. BOOL t_Status = FALSE;
  3754. if ( SUCCEEDED ( t_Result ) )
  3755. {
  3756. t_Status = OpenThreadToken (
  3757. GetCurrentThread () ,
  3758. TOKEN_QUERY,
  3759. TRUE ,
  3760. &t_Token
  3761. ) ;
  3762. CoRevertToSelf ();
  3763. if (!t_Status)
  3764. {
  3765. t_Result = WBEM_E_ACCESS_DENIED;
  3766. }
  3767. }
  3768. else if ( t_Result == RPC_E_CALL_COMPLETE )
  3769. {
  3770. t_Status = OpenProcessToken(
  3771. GetCurrentProcess () ,
  3772. TOKEN_QUERY ,
  3773. &t_Token
  3774. );
  3775. if ( !t_Status )
  3776. {
  3777. t_Result = WBEM_E_ACCESS_DENIED;
  3778. }
  3779. }
  3780. if ( t_Status )
  3781. {
  3782. DWORD t_OwnerSize = 0 ;
  3783. PSID t_OwnerSid = NULL ;
  3784. BOOL t_OwnerDefaulted = FALSE ;
  3785. t_Result = GetUserSid (
  3786. t_Token ,
  3787. & t_OwnerSize ,
  3788. t_OwnerSid
  3789. ) ;
  3790. if ( SUCCEEDED ( t_Result ) )
  3791. {
  3792. DWORD t_GroupSize = 0 ;
  3793. PSID t_GroupSid = NULL ;
  3794. BOOL t_GroupDefaulted = FALSE ;
  3795. t_Result = GetGroupSid (
  3796. t_Token ,
  3797. & t_GroupSize ,
  3798. t_GroupSid
  3799. ) ;
  3800. if ( SUCCEEDED ( t_Result ) )
  3801. {
  3802. t_Result = ProviderSubSystem_Common_Globals :: AdjustSecurityDescriptorWithSid (
  3803. ( SID * ) t_OwnerSid ,
  3804. ( SID * ) t_GroupSid ,
  3805. MASK_PROVIDER_BINDING_BIND ,
  3806. a_RegistrationSecurityDescriptor ,
  3807. a_SinkSecurityDescriptor
  3808. ) ;
  3809. delete [] ( BYTE * ) t_GroupSid ;
  3810. }
  3811. delete [] ( BYTE * ) t_OwnerSid ;
  3812. }
  3813. else
  3814. {
  3815. t_Result = WBEM_E_CRITICAL_ERROR ;
  3816. }
  3817. CloseHandle ( t_Token ) ;
  3818. }
  3819. return t_Result ;
  3820. }
  3821. /******************************************************************************
  3822. *
  3823. * Name:
  3824. *
  3825. *
  3826. * Description:
  3827. *
  3828. *
  3829. *****************************************************************************/
  3830. HRESULT ProviderSubSystem_Common_Globals :: CreateMethodSecurityDescriptor ()
  3831. {
  3832. HRESULT t_Result = S_OK ;
  3833. BOOL t_Status = ConvertStringSecurityDescriptorToSecurityDescriptor (
  3834. L"O:BAG:BAD:(A;;0x10000001;;;BA)(A;;0x10000001;;;SY)(A;;0x10000001;;;LA)(A;;0x10000001;;;S-1-5-20)(A;;0x10000001;;;S-1-5-19)" ,
  3835. SDDL_REVISION_1 ,
  3836. ( PSECURITY_DESCRIPTOR * ) & s_MethodSecurityDescriptor ,
  3837. NULL
  3838. ) ;
  3839. if ( t_Status )
  3840. {
  3841. t_Status = ConvertStringSecurityDescriptorToSecurityDescriptor (
  3842. L"O:BAG:BAD:(A;;0x10000001;;;BA)(A;;0x10000001;;;SY)(A;;0x10000001;;;LA)(A;;0x10000001;;;S-1-5-20)(A;;0x10000001;;;S-1-5-19)"
  3843. L"(A;;0x10000001;;;S-1-5-3) (A;;0x10000001;;;S-1-5-6)",
  3844. SDDL_REVISION_1 ,
  3845. ( PSECURITY_DESCRIPTOR * ) & s_DefaultDecoupledSD ,
  3846. NULL
  3847. ) ;
  3848. if ( t_Status )
  3849. {
  3850. }
  3851. else
  3852. {
  3853. t_Result = WBEM_E_CRITICAL_ERROR ;
  3854. }
  3855. }
  3856. else
  3857. {
  3858. t_Result = WBEM_E_CRITICAL_ERROR ;
  3859. }
  3860. return t_Result ;
  3861. }
  3862. /******************************************************************************
  3863. *
  3864. * Name:
  3865. *
  3866. *
  3867. * Description:
  3868. *
  3869. *
  3870. *****************************************************************************/
  3871. HRESULT ProviderSubSystem_Common_Globals :: DeleteMethodSecurityDescriptor ()
  3872. {
  3873. if ( s_MethodSecurityDescriptor )
  3874. {
  3875. LocalFree ( s_MethodSecurityDescriptor ) ;
  3876. s_MethodSecurityDescriptor = NULL;
  3877. }
  3878. if ( s_DefaultDecoupledSD)
  3879. {
  3880. LocalFree ( s_DefaultDecoupledSD ) ;
  3881. s_DefaultDecoupledSD = NULL;
  3882. }
  3883. return S_OK ;
  3884. }
  3885. /******************************************************************************
  3886. *
  3887. * Name:
  3888. *
  3889. *
  3890. * Description:
  3891. *
  3892. *
  3893. *****************************************************************************/
  3894. DWORD ProviderSubSystem_Common_Globals :: InitializeTransmitSize ()
  3895. {
  3896. s_TransmitBufferSize = SYNCPROV_BATCH_TRANSMIT_SIZE ;
  3897. HKEY t_ConfigRoot ;
  3898. LONG t_RegResult = RegOpenKeyEx (
  3899. HKEY_LOCAL_MACHINE ,
  3900. L"Software\\Microsoft\\WBEM\\CIMOM" ,
  3901. 0 ,
  3902. KEY_READ ,
  3903. & t_ConfigRoot
  3904. ) ;
  3905. if ( t_RegResult == ERROR_SUCCESS )
  3906. {
  3907. DWORD t_ValueType = REG_DWORD ;
  3908. DWORD t_DataSize = sizeof ( s_TransmitBufferSize ) ;
  3909. t_RegResult = RegQueryValueEx (
  3910. t_ConfigRoot ,
  3911. L"Sink Transmit Buffer Size" ,
  3912. 0 ,
  3913. & t_ValueType ,
  3914. LPBYTE ( & s_TransmitBufferSize ) ,
  3915. & t_DataSize
  3916. );
  3917. if ( t_RegResult == ERROR_SUCCESS )
  3918. {
  3919. }
  3920. RegCloseKey ( t_ConfigRoot ) ;
  3921. }
  3922. return s_TransmitBufferSize ;
  3923. }
  3924. /******************************************************************************
  3925. *
  3926. * Name:
  3927. *
  3928. *
  3929. * Description:
  3930. *
  3931. *
  3932. *****************************************************************************/
  3933. #ifdef IA64
  3934. #define RPC_STACK_COMMIT_SIZE 8192 * 8
  3935. #else
  3936. #define RPC_STACK_COMMIT_SIZE 4096 * 8
  3937. #endif
  3938. #define REGSTR_PATH_SVCHOST TEXT("Software\\Microsoft\\Wbem\\Cimom")
  3939. /******************************************************************************
  3940. *
  3941. * Name:
  3942. *
  3943. *
  3944. * Description:
  3945. *
  3946. *
  3947. *****************************************************************************/
  3948. DWORD ProviderSubSystem_Common_Globals :: InitializeDefaultStackSize ()
  3949. {
  3950. s_DefaultStackSize = RPC_STACK_COMMIT_SIZE ;
  3951. HKEY t_ConfigRoot ;
  3952. LONG t_RegResult = RegOpenKeyEx (
  3953. HKEY_LOCAL_MACHINE ,
  3954. REGSTR_PATH_SVCHOST ,
  3955. 0 ,
  3956. KEY_READ ,
  3957. & t_ConfigRoot
  3958. ) ;
  3959. if ( t_RegResult == ERROR_SUCCESS )
  3960. {
  3961. DWORD t_ValueType = REG_DWORD ;
  3962. DWORD t_Value = 0 ;
  3963. DWORD t_DataSize = sizeof ( t_Value ) ;
  3964. t_RegResult = RegQueryValueEx (
  3965. t_ConfigRoot ,
  3966. L"DefaultRpcStackSize" ,
  3967. 0 ,
  3968. & t_ValueType ,
  3969. LPBYTE ( & t_Value ) ,
  3970. & t_DataSize
  3971. );
  3972. if ( t_RegResult == ERROR_SUCCESS )
  3973. {
  3974. s_DefaultStackSize = t_Value * 1024 ;
  3975. }
  3976. RegCloseKey ( t_ConfigRoot ) ;
  3977. }
  3978. return s_DefaultStackSize ;
  3979. }