archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/base/fs/rdr2/bowser/bowsecur.c

508 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. fsctl.c
  9. Abstract:
  11. This module implements the NtDeviceIoControlFile API's for the NT datagram
  12. receiver (bowser).
  15. Author:
  17. Eyal Schwartz (EyalS) Dec-9-1998
  19. Revision History:
  22. --*/
  24. #include "precomp.h"
  25. #pragma hdrstop
  28. //
  29. // Extern defined from #include <ob.h>.
  30. // Couldn't include ob.h due to redefinition conflicts. We had attempted to change ntos\makefil0
  31. // so as to include it in ntsrv.h, but decided we shouldn't expose it. This does the job.
  32. //
  34. NTSTATUS
  35. ObGetObjectSecurity(
  36. IN PVOID Object,
  37. OUT PSECURITY_DESCRIPTOR *SecurityDescriptor,
  38. OUT PBOOLEAN MemoryAllocated
  39. );
  41. VOID
  42. ObReleaseObjectSecurity(
  43. IN PSECURITY_DESCRIPTOR SecurityDescriptor,
  44. IN BOOLEAN MemoryAllocated
  45. );
  49. // defines //
  51. // pool tag
  52. #define BOW_SECURITY_POOL_TAG ( (ULONG)'seLB' )
  54. // local prototypes //
  55. NTSTATUS
  56. BowserBuildDeviceAcl(
  57. OUT PACL *DeviceAcl
  58. );
  59. NTSTATUS
  60. BowserCreateAdminSecurityDescriptor(
  61. IN PDEVICE_OBJECT pDevice
  62. );
  67. #ifdef ALLOC_PRAGMA
  68. #pragma alloc_text(SECUR, BowserBuildDeviceAcl)
  69. #pragma alloc_text(SECUR, BowserCreateAdminSecurityDescriptor)
  70. #pragma alloc_text(SECUR, BowserInitializeSecurity)
  71. #pragma alloc_text(SECUR, BowserSecurityCheck )
  72. #endif
  75. SECURITY_DESCRIPTOR
  76. *g_pBowSecurityDescriptor = NULL;
  82. // function implementation //
  83. NTSTATUS
  84. BowserBuildDeviceAcl(
  85. OUT PACL *DeviceAcl
  86. )
  88. /*++
  90. Routine Description:
  92. This routine builds an ACL which gives Administrators and LocalSystem
  93. principals full access. All other principals have no access.
  95. Lifted form \nt\private\ntos\afd\init.c!AfdBuildDeviceAcl()
  96. Arguments:
  98. DeviceAcl - Output pointer to the new ACL.
  100. Return Value:
  102. STATUS_SUCCESS or an appropriate error code.
  104. --*/
  106. {
  107. PGENERIC_MAPPING GenericMapping;
  108. PSID AdminsSid;
  109. PSID SystemSid;
  110. ULONG AclLength;
  111. NTSTATUS Status;
  112. ACCESS_MASK AccessMask = GENERIC_ALL;
  113. PACL NewAcl;
  115. //
  116. // Enable access to all the globally defined SIDs
  117. //
  119. GenericMapping = IoGetFileObjectGenericMapping();
  121. RtlMapGenericMask( &AccessMask, GenericMapping );
  123. // SeEnableAccessToExports();
  125. AdminsSid = SeExports->SeAliasAdminsSid;
  126. SystemSid = SeExports->SeLocalSystemSid;
  128. AclLength = sizeof( ACL ) +
  129. 2 * sizeof( ACCESS_ALLOWED_ACE ) +
  130. RtlLengthSid( AdminsSid ) +
  131. RtlLengthSid( SystemSid ) -
  132. 2 * sizeof( ULONG );
  134. NewAcl = ExAllocatePoolWithTag(
  135. PagedPool,
  136. AclLength,
  137. BOW_SECURITY_POOL_TAG
  138. );
  140. if (NewAcl == NULL) {
  141. return( STATUS_INSUFFICIENT_RESOURCES );
  142. }
  144. Status = RtlCreateAcl (NewAcl, AclLength, ACL_REVISION );
  146. if (!NT_SUCCESS( Status )) {
  147. ExFreePool(
  148. NewAcl
  149. );
  150. return( Status );
  151. }
  153. Status = RtlAddAccessAllowedAce (
  154. NewAcl,
  155. ACL_REVISION,
  156. AccessMask,
  157. AdminsSid
  158. );
  160. ASSERT( NT_SUCCESS( Status ));
  162. Status = RtlAddAccessAllowedAce (
  163. NewAcl,
  164. ACL_REVISION,
  165. AccessMask,
  166. SystemSid
  167. );
  169. ASSERT( NT_SUCCESS( Status ));
  171. *DeviceAcl = NewAcl;
  173. return( STATUS_SUCCESS );
  175. } // BowBuildDeviceAcl
  178. NTSTATUS
  179. BowserCreateAdminSecurityDescriptor(
  180. IN PDEVICE_OBJECT pDevice
  181. )
  183. /*++
  185. Routine Description:
  187. This routine creates a security descriptor which gives access
  188. only to Administrtors and LocalSystem. This descriptor is used
  189. to access check raw endpoint opens and exclisive access to transport
  190. addresses.
  191. LIfted form \nt\private\ntos\afd\init.c!AfdCreateAdminSecurityDescriptor()
  193. Arguments:
  195. None.
  197. Return Value:
  199. STATUS_SUCCESS or an appropriate error code.
  201. --*/
  203. {
  204. PACL rawAcl = NULL;
  205. NTSTATUS status;
  206. BOOLEAN memoryAllocated = FALSE;
  207. PSECURITY_DESCRIPTOR BowSecurityDescriptor;
  208. ULONG BowSecurityDescriptorLength;
  209. CHAR buffer[SECURITY_DESCRIPTOR_MIN_LENGTH];
  210. PSECURITY_DESCRIPTOR localSecurityDescriptor =
  211. (PSECURITY_DESCRIPTOR) &buffer;
  212. PSECURITY_DESCRIPTOR localBowAdminSecurityDescriptor;
  213. SECURITY_INFORMATION securityInformation = DACL_SECURITY_INFORMATION;
  216. #if 1
  217. //
  218. // this is the way AFD gets the object SD (the preferred way).
  219. //
  220. status = ObGetObjectSecurity(
  221. pDevice,
  222. &BowSecurityDescriptor,
  223. &memoryAllocated
  224. );
  226. if (!NT_SUCCESS(status)) {
  227. KdPrint((
  228. "Bowser: Unable to get security descriptor, error: %x\n",
  229. status
  230. ));
  231. ASSERT(memoryAllocated == FALSE);
  232. return(status);
  233. }
  234. #else
  235. //
  236. // Get a pointer to the security descriptor from the our device object.
  237. // If we can't access ob api's due to include dependencies, we'll use it directly.
  238. // ** Need to verify it is legal (I doubt it)**
  239. // Need to dump this as soon as we can fix ntos\makefil0 to include ob.h in
  240. // the generated ntsrv.h
  242. //
  243. BowSecurityDescriptor = pDevice->SecurityDescriptor;
  245. if ( !BowSecurityDescriptor )
  246. {
  247. KdPrint((
  248. "Bowser: Unable to get security descriptor, error: %x\n",
  249. status
  250. ));
  251. return STATUS_INVALID_SECURITY_DESCR;
  252. }
  253. #endif
  256. //
  257. // Build a local security descriptor with an ACL giving only
  258. // administrators and system access.
  259. //
  260. status = BowserBuildDeviceAcl(&rawAcl);
  262. if (!NT_SUCCESS(status)) {
  263. KdPrint(("Bowser: Unable to create Raw ACL, error: %x\n", status));
  264. goto error_exit;
  265. }
  267. (VOID) RtlCreateSecurityDescriptor(
  268. localSecurityDescriptor,
  269. SECURITY_DESCRIPTOR_REVISION
  270. );
  272. (VOID) RtlSetDaclSecurityDescriptor(
  273. localSecurityDescriptor,
  274. TRUE,
  275. rawAcl,
  276. FALSE
  277. );
  279. //
  280. // Make a copy of the Bow descriptor. This copy will be the raw descriptor.
  281. //
  282. BowSecurityDescriptorLength = RtlLengthSecurityDescriptor(
  283. BowSecurityDescriptor
  284. );
  286. localBowAdminSecurityDescriptor = ExAllocatePoolWithTag (
  287. PagedPool,
  288. BowSecurityDescriptorLength,
  289. BOW_SECURITY_POOL_TAG
  290. );
  292. if (localBowAdminSecurityDescriptor == NULL) {
  293. KdPrint(("Bowser: couldn't allocate security descriptor\n"));
  294. goto error_exit;
  295. }
  297. RtlMoveMemory(
  298. localBowAdminSecurityDescriptor,
  299. BowSecurityDescriptor,
  300. BowSecurityDescriptorLength
  301. );
  303. g_pBowSecurityDescriptor = localBowAdminSecurityDescriptor;
  305. //
  306. // Now apply the local descriptor to the raw descriptor.
  307. //
  308. status = SeSetSecurityDescriptorInfo(
  309. NULL,
  310. &securityInformation,
  311. localSecurityDescriptor,
  312. &g_pBowSecurityDescriptor,
  313. PagedPool,
  314. IoGetFileObjectGenericMapping()
  315. );
  317. if (!NT_SUCCESS(status)) {
  318. KdPrint(("Bowser: SeSetSecurity failed, %lx\n", status));
  319. ASSERT (g_pBowSecurityDescriptor==localBowAdminSecurityDescriptor);
  320. ExFreePool (g_pBowSecurityDescriptor);
  321. g_pBowSecurityDescriptor = NULL;
  322. goto error_exit;
  323. }
  325. if (g_pBowSecurityDescriptor!=localBowAdminSecurityDescriptor) {
  326. ExFreePool (localBowAdminSecurityDescriptor);
  327. }
  329. status = STATUS_SUCCESS;
  331. error_exit:
  333. #if 1
  334. //
  335. // see remark above
  336. //
  337. ObReleaseObjectSecurity(
  338. BowSecurityDescriptor,
  339. memoryAllocated
  340. );
  341. #endif
  343. if (rawAcl!=NULL) {
  344. ExFreePool(
  345. rawAcl
  346. );
  347. }
  349. return(status);
  350. }
  355. NTSTATUS
  356. BowserInitializeSecurity(
  357. IN PDEVICE_OBJECT pDevice
  358. )
  359. /*++
  361. Routine Description (BowserInitializeSecurity):
  363. Initialize Bowser security.
  365. - Create default bowser security descriptor based on device sercurity
  367. Arguments:
  369. device: opened device
  372. Return Value:
  377. Remarks:
  378. None.
  381. --*/
  382. {
  384. NTSTATUS Status;
  386. if ( g_pBowSecurityDescriptor )
  387. {
  388. return STATUS_SUCCESS;
  389. }
  391. ASSERT(pDevice);
  393. Status = BowserCreateAdminSecurityDescriptor ( pDevice );
  395. return Status;
  396. }
  401. BOOLEAN
  402. BowserSecurityCheck (
  403. PIRP Irp,
  404. PIO_STACK_LOCATION IrpSp,
  405. PNTSTATUS Status
  406. )
  407. /*++
  409. Routine Description:
  411. Lifted as is from \\index1\src\nt\private\ntos\afd\create.c!AfdPerformSecurityCheck
  413. Compares security context of the endpoint creator to that
  414. of the administrator and local system.
  416. Note: This is currently called only on IOCTL Irps. IOCRTLs don't have a create security
  417. context (only creates...), thus we should always capture the security context rather
  418. then attempting to extract it from the IrpSp.
  420. Arguments:
  422. Irp - Pointer to I/O request packet.
  424. IrpSp - pointer to the IO stack location to use for this request.
  426. Status - returns status generated by access check on failure.
  428. Return Value:
  430. TRUE - the socket creator has admin or local system privilige
  431. FALSE - the socket creator is just a plain user
  433. --*/
  435. {
  436. BOOLEAN accessGranted;
  437. PACCESS_STATE accessState;
  438. PIO_SECURITY_CONTEXT securityContext;
  439. SECURITY_SUBJECT_CONTEXT SubjectContext;
  440. PSECURITY_SUBJECT_CONTEXT pSubjectContext = &SubjectContext;
  441. ACCESS_MASK grantedAccess;
  442. PGENERIC_MAPPING GenericMapping;
  443. ACCESS_MASK AccessMask = GENERIC_ALL;
  445. PAGED_CODE();
  447. ASSERT (g_pBowSecurityDescriptor);
  449. //
  450. // Get security context from process.
  451. //
  453. SeCaptureSubjectContext(&SubjectContext);
  454. SeLockSubjectContext(pSubjectContext);
  456. //
  457. // Build access evaluation:
  458. // Enable access to all the globally defined SIDs
  459. //
  461. GenericMapping = IoGetFileObjectGenericMapping();
  462. RtlMapGenericMask( &AccessMask, GenericMapping );
  465. //
  466. // AccessCheck test
  467. //
  468. accessGranted = SeAccessCheck(
  469. g_pBowSecurityDescriptor,
  470. pSubjectContext,
  471. TRUE,
  472. AccessMask,
  473. 0,
  474. NULL,
  475. IoGetFileObjectGenericMapping(),
  476. (KPROCESSOR_MODE)((IrpSp->Flags & SL_FORCE_ACCESS_CHECK)
  477. ? UserMode
  478. : Irp->RequestorMode),
  479. &grantedAccess,
  480. Status
  481. );
  484. //
  485. // Verify consistency.
  486. //
  487. #if DBG
  488. if (accessGranted) {
  489. ASSERT (NT_SUCCESS (*Status));
  490. }
  491. else {
  492. ASSERT (!NT_SUCCESS (*Status));
  493. }
  494. #endif
  496. //
  497. // Unlock & Release security subject context
  498. //
  499. SeUnlockSubjectContext(pSubjectContext);
  500. SeReleaseSubjectContext(pSubjectContext);
  502. return accessGranted;
  503. }