archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/uddi/source/setup/web/ca.unmanaged/setdacl.cpp

480 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #ifndef _WIN32_WINNT
  2. #define _WIN32_WINNT 0x0500
  3. #endif
  5. #include <windows.h>
  6. #include <tchar.h>
  7. #include <stdio.h>
  9. #include "webcaum.h"
  10. #include "..\..\shared\common.h"
  11. #include "..\..\shared\apppool.h"
  14. bool AddAccessRights( TCHAR *lpszFileName, TCHAR *szUserName, DWORD dwAccessMask )
  15. {
  16. //
  17. // SID variables.
  18. //
  19. SID_NAME_USE snuType;
  20. TCHAR * szDomain = NULL;
  21. DWORD cbDomain = 0;
  23. //
  24. // User name variables.
  25. //
  26. LPVOID pUserSID = NULL;
  27. DWORD cbUserSID = 0;
  28. DWORD cbUserName = 0;
  30. //
  31. // File SD variables.
  32. //
  33. PSECURITY_DESCRIPTOR pFileSD = NULL;
  34. DWORD cbFileSD = 0;
  36. //
  37. // New SD variables.
  38. //
  39. PSECURITY_DESCRIPTOR pNewSD = NULL;
  41. //
  42. // ACL variables.
  43. //
  44. PACL pACL = NULL;
  45. BOOL fDaclPresent;
  46. BOOL fDaclDefaulted;
  47. ACL_SIZE_INFORMATION AclInfo;
  49. //
  50. // New ACL variables.
  51. //
  52. PACL pNewACL = NULL;
  53. DWORD cbNewACL = 0;
  55. //
  56. // Temporary ACE.
  57. //
  58. LPVOID pTempAce = NULL;
  59. UINT CurrentAceIndex;
  60. bool fResult = false;
  61. BOOL fAPISuccess;
  63. // error code
  64. DWORD lastErr = 0;
  66. try
  67. {
  68. //
  69. // Call this API once to get the buffer sizes ( it will return ERROR_INSUFFICIENT_BUFFER )
  70. //
  71. fAPISuccess = LookupAccountName( NULL, szUserName, pUserSID, &cbUserSID, szDomain, &cbDomain, &snuType );
  73. if( fAPISuccess )
  74. {
  75. throw E_FAIL; // we throw some fake error to skip through to the exit door
  76. }
  77. else if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
  78. {
  79. lastErr = GetLastError();
  80. LogError( TEXT( "LookupAccountName() failed" ), lastErr );
  81. throw lastErr;
  82. }
  84. //
  85. // allocate the buffers
  86. //
  87. pUserSID = calloc( cbUserSID, 1 );
  88. if( !pUserSID )
  89. {
  90. lastErr = GetLastError();
  91. LogError( TEXT( "Alloc() for UserSID failed" ), lastErr );
  92. throw lastErr;
  93. }
  95. szDomain = ( TCHAR * ) calloc( cbDomain + sizeof TCHAR, sizeof TCHAR );
  96. if( !szDomain )
  97. {
  98. lastErr = GetLastError();
  99. LogError( TEXT( "Alloc() for szDomain failed" ), lastErr );
  100. throw lastErr;
  101. }
  103. //
  104. // The LookupAccountName function accepts the name of a system and an account as input.
  105. // It retrieves a security identifier ( SID ) for the account and
  106. // the name of the domain on which the account was found
  107. //
  108. fAPISuccess = LookupAccountName( NULL /* = local computer */, szUserName, pUserSID, &cbUserSID, szDomain, &cbDomain, &snuType );
  109. if( !fAPISuccess )
  110. {
  111. lastErr = GetLastError();
  112. LogError( TEXT( "LookupAccountName() failed" ), lastErr );
  113. throw lastErr;
  114. }
  116. //
  117. // call this API once to get the buffer sizes
  118. // API should have failed with insufficient buffer.
  119. //
  120. fAPISuccess = GetFileSecurity( lpszFileName, DACL_SECURITY_INFORMATION, pFileSD, 0, &cbFileSD );
  121. if( fAPISuccess )
  122. {
  123. throw E_FAIL;
  124. }
  125. else if( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
  126. {
  127. lastErr = GetLastError();
  128. LogError( TEXT( "GetFileSecurity() failed" ), lastErr );
  129. throw lastErr;
  130. }
  132. //
  133. // allocate the buffers
  134. //
  135. pFileSD = calloc( cbFileSD, 1 );
  136. if( !pFileSD )
  137. {
  138. lastErr = GetLastError();
  139. LogError( TEXT( "Alloc() for pFileSD failed" ), lastErr );
  140. throw lastErr;
  141. }
  143. //
  144. // call the api to get the actual data
  145. //
  146. fAPISuccess = GetFileSecurity( lpszFileName, DACL_SECURITY_INFORMATION, pFileSD, cbFileSD, &cbFileSD );
  147. if( !fAPISuccess )
  148. {
  149. lastErr = GetLastError();
  150. LogError( TEXT( "GetFileSecurity() failed" ), lastErr );
  151. throw lastErr;
  152. }
  154. //
  155. // Initialize new SD.
  156. //
  157. pNewSD = calloc( cbFileSD, 1 ); // Should be same size as FileSD.
  158. if( !pNewSD )
  159. {
  160. lastErr = GetLastError();
  161. LogError( TEXT( "Alloc() for pNewDS failed" ), GetLastError() );
  162. throw lastErr;
  163. }
  165. if( !InitializeSecurityDescriptor( pNewSD, SECURITY_DESCRIPTOR_REVISION ) )
  166. {
  167. lastErr = GetLastError();
  168. LogError( TEXT( "InitializeSecurityDescriptor() failed" ), lastErr );
  169. throw lastErr;
  170. }
  172. //
  173. // Get DACL from SD.
  174. //
  175. if( !GetSecurityDescriptorDacl( pFileSD, &fDaclPresent, &pACL, &fDaclDefaulted ) )
  176. {
  177. lastErr = GetLastError();
  178. LogError( TEXT( "GetSecurityDescriptorDacl() failed" ), lastErr );
  179. throw lastErr;
  180. }
  182. //
  183. // Get size information for DACL.
  184. //
  185. AclInfo.AceCount = 0; // Assume NULL DACL.
  186. AclInfo.AclBytesFree = 0;
  187. AclInfo.AclBytesInUse = sizeof( ACL ); // If not NULL DACL, gather size information from DACL.
  188. if( fDaclPresent && pACL )
  189. {
  190. if( !GetAclInformation( pACL, &AclInfo, sizeof( ACL_SIZE_INFORMATION ), AclSizeInformation ) )
  191. {
  192. lastErr = GetLastError();
  193. LogError( TEXT( "GetAclInformation() failed" ), lastErr );
  194. throw lastErr;
  195. }
  196. }
  198. //
  199. // Compute size needed for the new ACL.
  200. //
  201. cbNewACL = AclInfo.AclBytesInUse + sizeof( ACCESS_ALLOWED_ACE ) + GetLengthSid( pUserSID );
  203. //
  204. // Allocate memory for new ACL.
  205. //
  206. pNewACL = ( PACL ) calloc( cbNewACL, 1 );
  207. if( !pNewACL )
  208. {
  209. lastErr = GetLastError();
  210. LogError( TEXT( "HeapAlloc() failed" ), lastErr );
  211. throw lastErr;
  212. }
  214. //
  215. // Initialize the new ACL.
  216. //
  217. if( !InitializeAcl( pNewACL, cbNewACL, ACL_REVISION2 ) )
  218. {
  219. lastErr = GetLastError();
  220. LogError( TEXT( "InitializeAcl() failed" ), lastErr );
  221. throw lastErr;
  222. }
  224. //
  225. // Add the access-allowed ACE to the new DACL.
  226. //
  227. ACE_HEADER aceheader = {0};
  228. aceheader.AceFlags = CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
  229. aceheader.AceSize = sizeof( ACE_HEADER );
  230. aceheader.AceType = ACCESS_ALLOWED_OBJECT_ACE_TYPE;
  231. if( !AddAccessAllowedAceEx( pNewACL, ACL_REVISION2, aceheader.AceFlags, dwAccessMask, pUserSID ) )
  232. {
  233. lastErr = GetLastError();
  234. LogError( TEXT( "AddAccessAllowedAce() failed" ), lastErr );
  235. throw lastErr;
  236. }
  238. //
  239. // If DACL is present, copy it to a new DACL.
  240. //
  241. if( fDaclPresent )
  242. {
  243. //
  244. // Copy the file's ACEs to the new ACL
  245. //
  246. if( AclInfo.AceCount )
  247. {
  248. for( CurrentAceIndex = 0; CurrentAceIndex < AclInfo.AceCount; CurrentAceIndex++ )
  249. {
  250. //
  251. // Get an ACE.
  252. //
  253. if( !GetAce( pACL, CurrentAceIndex, &pTempAce ) )
  254. {
  255. lastErr = GetLastError();
  256. LogError( TEXT( "GetAce() failed" ), lastErr );
  257. throw lastErr;
  258. }
  260. //
  261. // Add the ACE to the new ACL.
  262. //
  263. if( !AddAce( pNewACL, ACL_REVISION, MAXDWORD, pTempAce, ( ( PACE_HEADER ) pTempAce )->AceSize ) )
  264. {
  265. lastErr = GetLastError();
  266. LogError( TEXT( "AddAce() failed" ), lastErr );
  267. throw lastErr;
  268. }
  269. }
  270. }
  271. }
  273. //
  274. // Set the new DACL to the file SD.
  275. //
  276. if( !SetSecurityDescriptorDacl( pNewSD, TRUE, pNewACL, FALSE ) )
  277. {
  278. lastErr = GetLastError();
  279. LogError( TEXT( "SetSecurityDescriptorDacl() failed" ), lastErr );
  280. lastErr;
  281. }
  283. //
  284. // Set the SD to the File.
  285. //
  286. if( !SetFileSecurity( lpszFileName, DACL_SECURITY_INFORMATION, pNewSD ) )
  287. {
  288. lastErr = GetLastError();
  289. LogError( TEXT( "SetFileSecurity() failed" ), lastErr );
  290. throw lastErr;
  291. }
  293. fResult = TRUE;
  294. }
  295. catch (...)
  296. {
  297. fResult = FALSE;
  298. }
  300. //
  301. // Free allocated memory
  302. //
  303. if( pUserSID )
  304. free( pUserSID );
  305. if( szDomain )
  306. free( szDomain );
  307. if( pFileSD )
  308. free( pFileSD );
  309. if( pNewSD )
  310. free( pNewSD );
  311. if( pNewACL )
  312. free( pNewACL );
  314. return fResult;
  315. }
  317. //----------------------------------------------------------------------------
  318. // give the domain account read access to the webroot folder and subfolders
  319. //
  320. bool SetUDDIFolderDacls( TCHAR *szUserName )
  321. {
  322. ENTER();
  324. TCHAR szUDDIInstallPath[ MAX_PATH + 1 ];
  325. TCHAR szSubfolderPath[ MAX_PATH + 1 ];
  327. //
  328. // get UDDI install location ( it already has a backslash )
  329. //
  330. if( !GetUDDIInstallPath( szUDDIInstallPath, MAX_PATH ) )
  331. return false;
  333. //
  334. // give read access to the webroot folder
  335. //
  336. _sntprintf( szSubfolderPath, MAX_PATH, TEXT( "%s%s" ), szUDDIInstallPath, TEXT( "webroot\\" ) );
  338. SetFolderAclRecurse( szSubfolderPath, szUserName );
  340. return true;
  341. }
  343. //-------------------------------------------------------------------*
  345. bool SetFolderAclRecurse( PTCHAR szDirName, PTCHAR szUserName, DWORD dwAccessMask )
  346. {
  347. //
  348. // add the ACE for this folder
  349. //
  350. Log( TEXT( "Giving %s access to folder %s" ), szUserName, szDirName );
  352. if( !AddAccessRights( szDirName, szUserName, dwAccessMask ) )
  353. {
  354. LogError( TEXT( "Error:" ), GetLastError() );
  355. return false;
  356. }
  358. //
  359. // search any subdirectories:
  360. //
  361. TCHAR tmpFileName[MAX_PATH];
  362. _tcscpy( tmpFileName, szDirName );
  363. _tcscat( tmpFileName, TEXT( "*" ) );
  365. WIN32_FIND_DATA FindData;
  366. HANDLE hFindFile = FindFirstFileEx( tmpFileName, FindExInfoStandard, &FindData,
  367. FindExSearchLimitToDirectories, NULL, 0 );
  369. if( hFindFile == INVALID_HANDLE_VALUE )
  370. {
  371. return true;
  372. }
  374. do
  375. {
  376. // make sure it's really a directory
  377. if( FILE_ATTRIBUTE_DIRECTORY & FindData.dwFileAttributes &&
  378. 0 != _tcscmp( FindData.cFileName, TEXT( "." ) ) &&
  379. 0 != _tcscmp( FindData.cFileName, TEXT( ".." ) ) )
  380. {
  381. _tcscpy( tmpFileName, szDirName );
  382. _tcscat( tmpFileName, FindData.cFileName );
  383. _tcscat( tmpFileName, TEXT( "\\" ) );
  385. // recursively call this routine
  386. if( !SetFolderAclRecurse( tmpFileName, szUserName ) )
  387. {
  388. FindClose( hFindFile );
  389. return false;
  390. }
  391. }
  392. }
  393. while( FindNextFile( hFindFile, &FindData ) );
  395. // clean up
  396. FindClose( hFindFile );
  398. return true;
  399. }
  401. //-------------------------------------------------------------------*
  403. bool SetWindowsTempDacls( TCHAR *szUserName )
  404. {
  405. //
  406. // Get the windows temp directory.
  407. //
  408. TCHAR *systemTemp = GetSystemTemp();
  410. if( NULL == systemTemp )
  411. {
  412. return false;
  413. }
  415. //
  416. // Add the rights
  417. //
  418. bool rightsAdded = AddAccessRights( systemTemp, szUserName, GENERIC_READ );
  420. //
  421. // Clean up
  422. //
  423. delete[] systemTemp;
  424. systemTemp = NULL;
  426. return rightsAdded;
  427. }
  429. TCHAR * GetSystemTemp()
  430. {
  431. TCHAR *TEMP = _T( "\\TEMP\\" );
  433. //
  434. // Get the WINDIR environment variable
  435. //
  436. DWORD valueSize = GetEnvironmentVariable( L"WINDIR", NULL, NULL );
  438. if( 0 == valueSize )
  439. {
  440. return NULL;
  441. }
  443. //
  444. // Keep in mind that we need to append \\TEMP to our string as well.
  445. //
  446. valueSize += ( DWORD) _tcslen( TEMP );
  448. TCHAR *valueBuffer = NULL;
  449. valueBuffer = new TCHAR[ valueSize ];
  450. ZeroMemory( valueBuffer, valueSize );
  452. if( NULL == valueBuffer )
  453. {
  454. return NULL;
  455. }
  457. DWORD realSize = GetEnvironmentVariable( L"WINDIR", valueBuffer, valueSize );
  459. if( 0 == realSize || realSize > valueSize )
  460. {
  461. delete[] valueBuffer;
  462. valueBuffer = NULL;
  464. return NULL;
  465. }
  467. //
  468. // Append a \\TEMP to it
  469. //
  470. _tcsncat( valueBuffer, TEMP, _tcslen( TEMP ) );
  472. //
  473. // Make sure we have null terminated.
  474. //
  475. valueBuffer[ valueSize - 1] = 0;
  477. //
  478. // Return the value
  479. //
  480. return valueBuffer;
  481. }