|
|
/*++
Copyright (c) 1990 - 1995 Microsoft Corporation
Module Name:
mapsd.c
Abstract:
Mapping Security Descriptors
Author:
Dave Snipp (DaveSn) 15-Mar-1991
Revision History:
--*/
#include <precomp.h>
// Object types
//
extern GENERIC_MAPPING GenericMapping[];
PSECURITY_DESCRIPTOR MapPrinterSDToShareSD( PSECURITY_DESCRIPTOR pPrinterSD );
BOOL ProcessSecurityDescriptorDacl( PSECURITY_DESCRIPTOR pSourceSD, PACL *ppDacl, LPBOOL pDefaulted );
DWORD MapPrinterMaskToShareMask( DWORD PrinterMask );
PSECURITY_DESCRIPTOR MapPrinterSDToShareSD( PSECURITY_DESCRIPTOR pPrinterSD ) { SECURITY_DESCRIPTOR AbsoluteSD; PSECURITY_DESCRIPTOR pRelative; BOOL Defaulted = FALSE; PSID pOwnerSid = NULL; PSID pGroupSid = NULL; PACL pDacl = NULL; BOOL ErrorOccurred = FALSE; DWORD SDLength = 0;
if (!IsValidSecurityDescriptor(pPrinterSD)) { return(NULL); } if (!InitializeSecurityDescriptor (&AbsoluteSD ,SECURITY_DESCRIPTOR_REVISION1)) { return(NULL); }
if(GetSecurityDescriptorOwner( pPrinterSD, &pOwnerSid, &Defaulted ) ) SetSecurityDescriptorOwner( &AbsoluteSD, pOwnerSid, Defaulted ); else ErrorOccurred = TRUE;
if( GetSecurityDescriptorGroup( pPrinterSD, &pGroupSid, &Defaulted ) ) SetSecurityDescriptorGroup( &AbsoluteSD, pGroupSid, Defaulted ); else ErrorOccurred = TRUE;
if (ProcessSecurityDescriptorDacl(pPrinterSD, &pDacl, &Defaulted)) { (VOID)SetSecurityDescriptorDacl (&AbsoluteSD, TRUE, pDacl, FALSE ); } else ErrorOccurred = TRUE;
if (ErrorOccurred) { if (pDacl) { LocalFree(pDacl); } return(NULL); }
SDLength = GetSecurityDescriptorLength( &AbsoluteSD); pRelative = LocalAlloc(LPTR, SDLength); if (!pRelative) { LocalFree(pDacl); return(NULL); } if (!MakeSelfRelativeSD (&AbsoluteSD, pRelative, &SDLength)) { LocalFree(pRelative); LocalFree(pDacl); return(NULL); } LocalFree(pDacl); return(pRelative); }
BOOL ProcessSecurityDescriptorDacl( PSECURITY_DESCRIPTOR pSourceSD, PACL *ppDacl, LPBOOL pDefaulted )
{ BOOL DaclPresent = FALSE; BOOL bRet = FALSE; DWORD DestAceCount = 0; DWORD DaclLength = 0; PACL TmpAcl = NULL; PACL pDacl = NULL; PSID *ppSid = NULL; ACCESS_MASK *pAccessMask = NULL; BYTE *pInheritFlags = NULL; UCHAR *pAceType = NULL; PACCESS_ALLOWED_ACE pAce = NULL; DWORD dwLengthSid = 0; PSID pSourceSid = NULL; PSID pDestSid = NULL; DWORD i = 0; PACCESS_ALLOWED_ACE TmpAce = NULL; ACL_SIZE_INFORMATION AclSizeInfo;
*ppDacl = NULL;
bRet = GetSecurityDescriptorDacl( pSourceSD, &DaclPresent, &pDacl, pDefaulted );
if (bRet) {
bRet = DaclPresent;
//
// NULL is a valid DACL
//
if (!pDacl) { return TRUE; } }
if (bRet) {
GetAclInformation(pDacl, &AclSizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation);
ppSid = LocalAlloc(LPTR, sizeof(PSID)* AclSizeInfo.AceCount); pAccessMask = LocalAlloc(LPTR, sizeof(ACCESS_MASK)* AclSizeInfo.AceCount); pInheritFlags = LocalAlloc(LPTR, sizeof(BYTE)*AclSizeInfo.AceCount); pAceType = LocalAlloc(LPTR, sizeof(UCHAR)*AclSizeInfo.AceCount);
bRet = ppSid && pAccessMask && pInheritFlags && pAceType; }
for (i = 0 ; bRet && i < AclSizeInfo.AceCount; i++) { GetAce(pDacl, i, (LPVOID *)&pAce); //
// Skip the Ace if it is inherit only
//
if ( ((PACE_HEADER)pAce)->AceFlags & INHERIT_ONLY_ACE ) { continue; }
*(pAceType + DestAceCount) = ((PACE_HEADER)pAce)->AceType; *(pAccessMask + DestAceCount) = MapPrinterMaskToShareMask(((PACCESS_ALLOWED_ACE)pAce)->Mask); *(pInheritFlags + DestAceCount) = ((PACE_HEADER)pAce)->AceFlags; //
// Copy the sid information
//
pSourceSid = (PSID)(&(((PACCESS_ALLOWED_ACE)pAce)->SidStart)); dwLengthSid = GetLengthSid(pSourceSid); pDestSid = (LPBYTE)LocalAlloc(LPTR, dwLengthSid);
if (pDestSid) {
CopySid(dwLengthSid, pDestSid, pSourceSid);
*(ppSid + DestAceCount) = pDestSid;
} else { //
// We failed to allocate the memory, we signal that we failed and
// fall down to the cleanup code below.
//
bRet = FALSE;
break; }
DestAceCount++; }
//
// Compute size of the Dacl
//
if (bRet) {
DaclLength = (DWORD)sizeof(ACL); for (i = 0; i < DestAceCount; i++) {
DaclLength += GetLengthSid( *(ppSid + i)) + (DWORD)sizeof(ACCESS_ALLOWED_ACE) - (DWORD)sizeof(DWORD); //Subtract out SidStart field length
}
TmpAcl = LocalAlloc(LPTR, DaclLength);
bRet = (TmpAcl != NULL); }
if (bRet) { bRet = InitializeAcl(TmpAcl, DaclLength, ACL_REVISION2); }
for (i = 0; bRet && i < DestAceCount; i++) { if( *(pAceType +i) == ACCESS_ALLOWED_ACE_TYPE ) (VOID)AddAccessAllowedAce ( TmpAcl, ACL_REVISION2, *(pAccessMask + i), *(ppSid + i)); else (VOID)AddAccessDeniedAce ( TmpAcl, ACL_REVISION2, *(pAccessMask + i), *(ppSid + i)); if (*(pInheritFlags + i) != 0) { (VOID)GetAce( TmpAcl, i, (LPVOID *)&TmpAce ); TmpAce->Header.AceFlags = *(pInheritFlags + i); } }
//
// Write the Dacl back from the TmpAcl.
//
if (bRet) {
*ppDacl = TmpAcl;
TmpAcl = NULL; }
//
// Free all of our temporary space.
//
if (ppSid) {
for (i = 0; i < DestAceCount; i++) { LocalFree(*(ppSid + i)); }
LocalFree(ppSid); }
if (pAccessMask) {
LocalFree(pAccessMask); } if (pInheritFlags) {
LocalFree(pInheritFlags); } if (pAceType) {
LocalFree(pAceType); }
if (TmpAcl) {
LocalFree(TmpAcl); } return bRet; }
DWORD MapPrinterMaskToShareMask( DWORD PrinterMask ) { DWORD ReturnMask = 0;
MapGenericMask(&PrinterMask, &GenericMapping[SPOOLER_OBJECT_PRINTER]);
if ((PrinterMask & PRINTER_ACCESS_ADMINISTER) || (PrinterMask & PRINTER_ACCESS_USE)) { ReturnMask |= GENERIC_ALL; } return(ReturnMask); }
|