Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

300 lines
7.3 KiB

  1. /*++
  2. Copyright (c) 1990 - 1995 Microsoft Corporation
  3. Module Name:
  4. mapsd.c
  5. Abstract:
  6. Mapping Security Descriptors
  7. Author:
  8. Dave Snipp (DaveSn) 15-Mar-1991
  9. Revision History:
  10. --*/
  11. #include <precomp.h>
  12. // Object types
  13. //
  14. extern GENERIC_MAPPING GenericMapping[];
  15. PSECURITY_DESCRIPTOR
  16. MapPrinterSDToShareSD(
  17. PSECURITY_DESCRIPTOR pPrinterSD
  18. );
  19. BOOL
  20. ProcessSecurityDescriptorDacl(
  21. PSECURITY_DESCRIPTOR pSourceSD,
  22. PACL *ppDacl,
  23. LPBOOL pDefaulted
  24. );
  25. DWORD
  26. MapPrinterMaskToShareMask(
  27. DWORD PrinterMask
  28. );
  29. PSECURITY_DESCRIPTOR
  30. MapPrinterSDToShareSD(
  31. PSECURITY_DESCRIPTOR pPrinterSD
  32. )
  33. {
  34. SECURITY_DESCRIPTOR AbsoluteSD;
  35. PSECURITY_DESCRIPTOR pRelative;
  36. BOOL Defaulted = FALSE;
  37. PSID pOwnerSid = NULL;
  38. PSID pGroupSid = NULL;
  39. PACL pDacl = NULL;
  40. BOOL ErrorOccurred = FALSE;
  41. DWORD SDLength = 0;
  42. if (!IsValidSecurityDescriptor(pPrinterSD)) {
  43. return(NULL);
  44. }
  45. if (!InitializeSecurityDescriptor (&AbsoluteSD ,SECURITY_DESCRIPTOR_REVISION1)) {
  46. return(NULL);
  47. }
  48. if(GetSecurityDescriptorOwner( pPrinterSD,
  49. &pOwnerSid, &Defaulted ) )
  50. SetSecurityDescriptorOwner( &AbsoluteSD,
  51. pOwnerSid, Defaulted );
  52. else
  53. ErrorOccurred = TRUE;
  54. if( GetSecurityDescriptorGroup( pPrinterSD,
  55. &pGroupSid, &Defaulted ) )
  56. SetSecurityDescriptorGroup( &AbsoluteSD,
  57. pGroupSid, Defaulted );
  58. else
  59. ErrorOccurred = TRUE;
  60. if (ProcessSecurityDescriptorDacl(pPrinterSD, &pDacl, &Defaulted)) {
  61. (VOID)SetSecurityDescriptorDacl (&AbsoluteSD, TRUE, pDacl, FALSE );
  62. }
  63. else
  64. ErrorOccurred = TRUE;
  65. if (ErrorOccurred) {
  66. if (pDacl) {
  67. LocalFree(pDacl);
  68. }
  69. return(NULL);
  70. }
  71. SDLength = GetSecurityDescriptorLength( &AbsoluteSD);
  72. pRelative = LocalAlloc(LPTR, SDLength);
  73. if (!pRelative) {
  74. LocalFree(pDacl);
  75. return(NULL);
  76. }
  77. if (!MakeSelfRelativeSD (&AbsoluteSD, pRelative, &SDLength)) {
  78. LocalFree(pRelative);
  79. LocalFree(pDacl);
  80. return(NULL);
  81. }
  82. LocalFree(pDacl);
  83. return(pRelative);
  84. }
  85. BOOL
  86. ProcessSecurityDescriptorDacl(
  87. PSECURITY_DESCRIPTOR pSourceSD,
  88. PACL *ppDacl,
  89. LPBOOL pDefaulted
  90. )
  91. {
  92. BOOL DaclPresent = FALSE;
  93. BOOL bRet = FALSE;
  94. DWORD DestAceCount = 0;
  95. DWORD DaclLength = 0;
  96. PACL TmpAcl = NULL;
  97. PACL pDacl = NULL;
  98. PSID *ppSid = NULL;
  99. ACCESS_MASK *pAccessMask = NULL;
  100. BYTE *pInheritFlags = NULL;
  101. UCHAR *pAceType = NULL;
  102. PACCESS_ALLOWED_ACE pAce = NULL;
  103. DWORD dwLengthSid = 0;
  104. PSID pSourceSid = NULL;
  105. PSID pDestSid = NULL;
  106. DWORD i = 0;
  107. PACCESS_ALLOWED_ACE TmpAce = NULL;
  108. ACL_SIZE_INFORMATION AclSizeInfo;
  109. *ppDacl = NULL;
  110. bRet = GetSecurityDescriptorDacl( pSourceSD, &DaclPresent, &pDacl, pDefaulted );
  111. if (bRet) {
  112. bRet = DaclPresent;
  113. //
  114. // NULL is a valid DACL
  115. //
  116. if (!pDacl)
  117. {
  118. return TRUE;
  119. }
  120. }
  121. if (bRet) {
  122. GetAclInformation(pDacl, &AclSizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation);
  123. ppSid = LocalAlloc(LPTR, sizeof(PSID)* AclSizeInfo.AceCount);
  124. pAccessMask = LocalAlloc(LPTR, sizeof(ACCESS_MASK)* AclSizeInfo.AceCount);
  125. pInheritFlags = LocalAlloc(LPTR, sizeof(BYTE)*AclSizeInfo.AceCount);
  126. pAceType = LocalAlloc(LPTR, sizeof(UCHAR)*AclSizeInfo.AceCount);
  127. bRet = ppSid && pAccessMask && pInheritFlags && pAceType;
  128. }
  129. for (i = 0 ; bRet && i < AclSizeInfo.AceCount; i++) {
  130. GetAce(pDacl, i, (LPVOID *)&pAce);
  131. //
  132. // Skip the Ace if it is inherit only
  133. //
  134. if ( ((PACE_HEADER)pAce)->AceFlags & INHERIT_ONLY_ACE ) {
  135. continue;
  136. }
  137. *(pAceType + DestAceCount) = ((PACE_HEADER)pAce)->AceType;
  138. *(pAccessMask + DestAceCount) = MapPrinterMaskToShareMask(((PACCESS_ALLOWED_ACE)pAce)->Mask);
  139. *(pInheritFlags + DestAceCount) = ((PACE_HEADER)pAce)->AceFlags;
  140. //
  141. // Copy the sid information
  142. //
  143. pSourceSid = (PSID)(&(((PACCESS_ALLOWED_ACE)pAce)->SidStart));
  144. dwLengthSid = GetLengthSid(pSourceSid);
  145. pDestSid = (LPBYTE)LocalAlloc(LPTR, dwLengthSid);
  146. if (pDestSid) {
  147. CopySid(dwLengthSid, pDestSid, pSourceSid);
  148. *(ppSid + DestAceCount) = pDestSid;
  149. } else {
  150. //
  151. // We failed to allocate the memory, we signal that we failed and
  152. // fall down to the cleanup code below.
  153. //
  154. bRet = FALSE;
  155. break;
  156. }
  157. DestAceCount++;
  158. }
  159. //
  160. // Compute size of the Dacl
  161. //
  162. if (bRet) {
  163. DaclLength = (DWORD)sizeof(ACL);
  164. for (i = 0; i < DestAceCount; i++) {
  165. DaclLength += GetLengthSid( *(ppSid + i)) +
  166. (DWORD)sizeof(ACCESS_ALLOWED_ACE) -
  167. (DWORD)sizeof(DWORD); //Subtract out SidStart field length
  168. }
  169. TmpAcl = LocalAlloc(LPTR, DaclLength);
  170. bRet = (TmpAcl != NULL);
  171. }
  172. if (bRet) {
  173. bRet = InitializeAcl(TmpAcl, DaclLength, ACL_REVISION2);
  174. }
  175. for (i = 0; bRet && i < DestAceCount; i++) {
  176. if( *(pAceType +i) == ACCESS_ALLOWED_ACE_TYPE )
  177. (VOID)AddAccessAllowedAce ( TmpAcl, ACL_REVISION2, *(pAccessMask + i), *(ppSid + i));
  178. else
  179. (VOID)AddAccessDeniedAce ( TmpAcl, ACL_REVISION2, *(pAccessMask + i), *(ppSid + i));
  180. if (*(pInheritFlags + i) != 0) {
  181. (VOID)GetAce( TmpAcl, i, (LPVOID *)&TmpAce );
  182. TmpAce->Header.AceFlags = *(pInheritFlags + i);
  183. }
  184. }
  185. //
  186. // Write the Dacl back from the TmpAcl.
  187. //
  188. if (bRet) {
  189. *ppDacl = TmpAcl;
  190. TmpAcl = NULL;
  191. }
  192. //
  193. // Free all of our temporary space.
  194. //
  195. if (ppSid) {
  196. for (i = 0; i < DestAceCount; i++) {
  197. LocalFree(*(ppSid + i));
  198. }
  199. LocalFree(ppSid);
  200. }
  201. if (pAccessMask) {
  202. LocalFree(pAccessMask);
  203. }
  204. if (pInheritFlags) {
  205. LocalFree(pInheritFlags);
  206. }
  207. if (pAceType) {
  208. LocalFree(pAceType);
  209. }
  210. if (TmpAcl) {
  211. LocalFree(TmpAcl);
  212. }
  213. return bRet;
  214. }
  215. DWORD
  216. MapPrinterMaskToShareMask(
  217. DWORD PrinterMask
  218. )
  219. {
  220. DWORD ReturnMask = 0;
  221. MapGenericMask(&PrinterMask, &GenericMapping[SPOOLER_OBJECT_PRINTER]);
  222. if ((PrinterMask & PRINTER_ACCESS_ADMINISTER)
  223. || (PrinterMask & PRINTER_ACCESS_USE)) {
  224. ReturnMask |= GENERIC_ALL;
  225. }
  226. return(ReturnMask);
  227. }