archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/http/sys/seutil.c

841 lines
21 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1999-2002 Microsoft Corporation
  5. Module Name:
  7. seutil.c
  9. Abstract:
  11. This module implements general security utilities, and
  12. dispatch routines for security IRPs.
  14. Author:
  16. Keith Moore (keithmo) 25-Mar-1999
  18. Revision History:
  20. --*/
  23. #include "precomp.h"
  26. #ifdef ALLOC_PRAGMA
  27. #pragma alloc_text( PAGE, UlAssignSecurity )
  28. #pragma alloc_text( PAGE, UlDeassignSecurity )
  29. #pragma alloc_text( PAGE, UlSetSecurity )
  30. #pragma alloc_text( PAGE, UlQuerySecurity )
  31. #pragma alloc_text( PAGE, UlAccessCheck )
  32. #pragma alloc_text( PAGE, UlSetSecurityDispatch )
  33. #pragma alloc_text( PAGE, UlQuerySecurityDispatch )
  34. #pragma alloc_text( PAGE, UlThreadAdminCheck )
  35. #pragma alloc_text( PAGE, UlCreateSecurityDescriptor )
  36. #pragma alloc_text( PAGE, UlCleanupSecurityDescriptor )
  37. #pragma alloc_test( PAGE, UlMapGenericMask )
  38. #endif // ALLOC_PRAGMA
  39. #if 0
  40. #endif
  43. //
  44. // Public functions.
  45. //
  47. /***************************************************************************++
  49. Routine Description:
  51. Assigns a new security descriptor.
  53. Arguments:
  55. pSecurityDescriptor - Supplies a pointer to the current security
  56. descriptor pointer. The current security descriptor pointer
  57. will be updated with the new security descriptor.
  59. pAccessState - Supplies the ACCESS_STATE structure containing
  60. the state of an access in progress.
  62. Return Value:
  64. NTSTATUS - Completion status.
  66. --***************************************************************************/
  67. NTSTATUS
  68. UlAssignSecurity(
  69. IN OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor,
  70. IN PACCESS_STATE pAccessState
  71. )
  72. {
  73. NTSTATUS status;
  75. //
  76. // Sanity check.
  77. //
  79. PAGED_CODE();
  81. ASSERT( pSecurityDescriptor != NULL );
  82. ASSERT( pAccessState != NULL );
  84. //
  85. // Assign the security descriptor.
  86. //
  88. SeLockSubjectContext( &pAccessState->SubjectSecurityContext );
  90. status = SeAssignSecurity(
  91. NULL, // ParentDescriptor
  92. pAccessState->SecurityDescriptor,
  93. pSecurityDescriptor,
  94. FALSE, // IsDirectoryObject
  95. &pAccessState->SubjectSecurityContext,
  96. IoGetFileObjectGenericMapping(),
  97. PagedPool
  98. );
  100. SeUnlockSubjectContext( &pAccessState->SubjectSecurityContext );
  102. return status;
  104. } // UlAssignSecurity
  107. /***************************************************************************++
  109. Routine Description:
  111. Deletes a security descriptor.
  113. Arguments:
  115. pSecurityDescriptor - Supplies a pointer to the current security
  116. descriptor pointer. The current security descriptor pointer
  117. will be deleted.
  119. --***************************************************************************/
  120. VOID
  121. UlDeassignSecurity(
  122. IN OUT PSECURITY_DESCRIPTOR *pSecurityDescriptor
  123. )
  124. {
  125. //
  126. // Sanity check.
  127. //
  129. PAGED_CODE();
  131. ASSERT( pSecurityDescriptor != NULL );
  133. //
  134. // If there's a security descriptor present, free it.
  135. //
  137. if (*pSecurityDescriptor != NULL)
  138. {
  139. SeDeassignSecurity( pSecurityDescriptor );
  140. }
  142. } // UlDeassignSecurity
  145. /***************************************************************************++
  147. Routine Description:
  149. Sets a new security descriptor.
  151. Arguments:
  153. pSecurityDescriptor - Supplies a pointer to the current security
  154. descriptor pointer. The current security descriptor will be
  155. updated with the new security information.
  157. pSecurityInformation - Indicates which security information is
  158. to be applied to the object.
  160. pNewSecurityDescriptor - Pointer to the new security descriptor
  161. to be applied to the object.
  163. Return Value:
  165. NTSTATUS - Completion status.
  167. --***************************************************************************/
  168. NTSTATUS
  169. UlSetSecurity(
  170. IN OUT PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  171. IN PSECURITY_INFORMATION pSecurityInformation,
  172. IN PSECURITY_DESCRIPTOR pNewSecurityDescriptor
  173. )
  174. {
  175. NTSTATUS status;
  176. PSECURITY_DESCRIPTOR pOldSecurityDescriptor;
  177. SECURITY_SUBJECT_CONTEXT securitySubjectContext;
  179. PAGED_CODE();
  181. pOldSecurityDescriptor = *ppSecurityDescriptor;
  183. SeCaptureSubjectContext(&securitySubjectContext);
  184. SeLockSubjectContext(&securitySubjectContext);
  186. status = SeSetSecurityDescriptorInfo(
  187. NULL,
  188. pSecurityInformation,
  189. pNewSecurityDescriptor,
  190. ppSecurityDescriptor,
  191. PagedPool,
  192. IoGetFileObjectGenericMapping()
  193. );
  195. SeUnlockSubjectContext(&securitySubjectContext);
  196. SeReleaseSubjectContext(&securitySubjectContext);
  198. if (NT_SUCCESS(status))
  199. {
  200. SeDeassignSecurity(&pOldSecurityDescriptor);
  201. }
  203. return status;
  204. }
  207. /***************************************************************************++
  209. Routine Description:
  211. Query for security descriptor information for an object.
  213. Arguments:
  215. pSecurityInformation - specifies what information is being queried.
  217. pSecurityDescriptor - Supplies a pointer to the security descriptor
  218. to be filled in.
  220. pLength - Address of variable containing length of the above security
  221. descriptor buffer. Upon return, this will contain the length needed
  222. to store the requested information.
  224. ppSecurityDescriptor - Address of a pointer to the objects security
  225. descriptor.
  227. Return Value:
  229. NTSTATUS - Completion status.
  231. --***************************************************************************/
  232. NTSTATUS
  233. UlQuerySecurity(
  234. IN PSECURITY_INFORMATION pSecurityInformation,
  235. OUT PSECURITY_DESCRIPTOR pSecurityDescriptor,
  236. IN OUT PULONG pLength,
  237. IN PSECURITY_DESCRIPTOR *ppSecurityDescriptor
  238. )
  239. {
  240. NTSTATUS status;
  241. SECURITY_SUBJECT_CONTEXT securitySubjectContext;
  243. PAGED_CODE();
  245. SeCaptureSubjectContext(&securitySubjectContext);
  246. SeLockSubjectContext(&securitySubjectContext);
  248. status = SeQuerySecurityDescriptorInfo(
  249. pSecurityInformation,
  250. pSecurityDescriptor,
  251. pLength,
  252. ppSecurityDescriptor
  253. );
  255. SeUnlockSubjectContext(&securitySubjectContext);
  256. SeReleaseSubjectContext(&securitySubjectContext);
  258. return status;
  259. }
  262. /***************************************************************************++
  264. Routine Description:
  266. Determines if a user has access to the specified resource.
  268. Arguments:
  270. pSecurityDescriptor - Supplies the security descriptor protecting
  271. the resource.
  273. pAccessState - Supplies the ACCESS_STATE structure containing
  274. the state of an access in progress.
  276. DesiredAccess - Supplies an access mask describing the user's
  277. desired access to the resource. This mask is assumed to not
  278. contain generic access types.
  280. RequestorMode - Supplies the processor mode by which the access is
  281. being requested.
  283. pObjectName - Supplies the name of the object being referenced.
  285. Return Value:
  287. NTSTATUS - Completion status.
  289. --***************************************************************************/
  290. NTSTATUS
  291. UlAccessCheck(
  292. IN PSECURITY_DESCRIPTOR pSecurityDescriptor,
  293. IN PACCESS_STATE pAccessState,
  294. IN ACCESS_MASK DesiredAccess,
  295. IN KPROCESSOR_MODE RequestorMode,
  296. IN PCWSTR pObjectName
  297. )
  298. {
  299. NTSTATUS status, aaStatus;
  300. BOOLEAN accessGranted;
  301. PPRIVILEGE_SET pPrivileges = NULL;
  302. ACCESS_MASK grantedAccess;
  303. UNICODE_STRING objectName;
  304. UNICODE_STRING typeName;
  306. //
  307. // Sanity check.
  308. //
  310. PAGED_CODE();
  312. ASSERT( pSecurityDescriptor != NULL );
  313. ASSERT( pAccessState != NULL );
  315. //
  316. // Perform the access check.
  317. //
  319. SeLockSubjectContext( &pAccessState->SubjectSecurityContext );
  321. accessGranted = SeAccessCheck(
  322. pSecurityDescriptor,
  323. &pAccessState->SubjectSecurityContext,
  324. TRUE, // SubjectContextLocked
  325. DesiredAccess,
  326. 0, // PreviouslyGrantedAccess
  327. &pPrivileges,
  328. IoGetFileObjectGenericMapping(),
  329. RequestorMode,
  330. &grantedAccess,
  331. &status
  332. );
  334. if (pPrivileges != NULL)
  335. {
  336. SeAppendPrivileges( pAccessState, pPrivileges );
  337. SeFreePrivileges( pPrivileges );
  338. }
  340. if (accessGranted)
  341. {
  342. pAccessState->PreviouslyGrantedAccess |= grantedAccess;
  343. pAccessState->RemainingDesiredAccess &= ~(grantedAccess | MAXIMUM_ALLOWED);
  344. }
  346. aaStatus = UlInitUnicodeStringEx( &typeName, L"Ul" );
  348. if ( NT_SUCCESS(aaStatus) )
  349. {
  350. aaStatus = UlInitUnicodeStringEx( &objectName, pObjectName );
  352. if ( NT_SUCCESS(aaStatus) )
  353. {
  354. SeOpenObjectAuditAlarm(
  355. &typeName,
  356. NULL, // Object
  357. &objectName,
  358. pSecurityDescriptor,
  359. pAccessState,
  360. FALSE, // ObjectCreated
  361. accessGranted,
  362. RequestorMode,
  363. &pAccessState->GenerateOnClose
  364. );
  365. }
  366. }
  368. SeUnlockSubjectContext( &pAccessState->SubjectSecurityContext );
  370. if (accessGranted)
  371. {
  372. status = STATUS_SUCCESS;
  373. }
  374. else
  375. {
  376. //
  377. // SeAccessCheck() should have set the completion status.
  378. //
  380. ASSERT( !NT_SUCCESS(status) );
  381. }
  383. return status;
  385. } // UlAccessCheck
  388. NTSTATUS
  389. UlSetSecurityDispatch(
  390. IN PDEVICE_OBJECT pDeviceObject,
  391. IN PIRP pIrp
  392. )
  393. {
  394. NTSTATUS status;
  395. PIO_STACK_LOCATION pIrpSp;
  396. PFILE_OBJECT pFileObject;
  397. PUL_APP_POOL_PROCESS pProcess;
  399. UNREFERENCED_PARAMETER(pDeviceObject);
  401. PAGED_CODE();
  403. UL_ENTER_DRIVER( "UlSetSecurityDispatch", pIrp );
  405. pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
  406. pFileObject = pIrpSp->FileObject;
  408. //
  409. // We only allow changing the security descriptor on app
  410. // pool handles.
  411. //
  412. if (!IS_APP_POOL_FO(pFileObject))
  413. {
  414. status = STATUS_INVALID_PARAMETER;
  415. goto complete;
  416. }
  418. pProcess = GET_APP_POOL_PROCESS(pFileObject);
  420. status = UlSetSecurity(
  421. &pProcess->pAppPool->pSecurityDescriptor,
  422. &pIrpSp->Parameters.SetSecurity.SecurityInformation,
  423. pIrpSp->Parameters.SetSecurity.SecurityDescriptor
  424. );
  426. complete:
  428. pIrp->IoStatus.Status = status;
  430. UlCompleteRequest(pIrp, IO_NO_INCREMENT);
  432. UL_LEAVE_DRIVER( "UlSetSecurityDispatch" );
  433. RETURN(status);
  435. } // UlSetSecurityDispatch
  438. NTSTATUS
  439. UlQuerySecurityDispatch(
  440. IN PDEVICE_OBJECT pDeviceObject,
  441. IN PIRP pIrp
  442. )
  443. {
  444. NTSTATUS status;
  445. PIO_STACK_LOCATION pIrpSp;
  446. PFILE_OBJECT pFileObject;
  447. PUL_APP_POOL_PROCESS pProcess;
  449. UNREFERENCED_PARAMETER(pDeviceObject);
  451. PAGED_CODE();
  453. UL_ENTER_DRIVER( "UlQuerySecurityDispatch", pIrp );
  455. pIrpSp = IoGetCurrentIrpStackLocation(pIrp);
  456. pFileObject = pIrpSp->FileObject;
  458. //
  459. // We only allow querying the security descriptor on app
  460. // pool handles.
  461. //
  462. if (!IS_APP_POOL_FO(pFileObject))
  463. {
  464. status = STATUS_INVALID_PARAMETER;
  465. goto complete;
  466. }
  468. pProcess = GET_APP_POOL_PROCESS(pFileObject);
  470. status = UlQuerySecurity(
  471. &pIrpSp->Parameters.QuerySecurity.SecurityInformation,
  472. pIrp->UserBuffer,
  473. &pIrpSp->Parameters.QuerySecurity.Length,
  474. &pProcess->pAppPool->pSecurityDescriptor
  475. );
  477. if (pIrp->UserIosb)
  478. {
  479. pIrp->UserIosb->Information = pIrpSp->Parameters.QuerySecurity.Length;
  480. }
  482. complete:
  484. pIrp->IoStatus.Status = status;
  486. UlCompleteRequest(pIrp, IO_NO_INCREMENT);
  488. UL_LEAVE_DRIVER( "UlQuerySecurityDispatch" );
  489. RETURN(status);
  491. } // UlQuerySecurityDispatch
  494. /***************************************************************************++
  496. Routine Description:
  498. Determines if this is a thread with Admin/LocalSystem privileges.
  500. Arguments:
  502. DesiredAccess - Supplies an access mask describing the user's
  503. desired access to the resource. This mask is assumed to not
  504. contain generic access types.
  506. RequestorMode - Supplies the processor mode by which the access is
  507. being requested.
  509. pObjectName - Supplies the name of the object being referenced.
  511. Return Value:
  513. NTSTATUS - Completion status.
  515. --***************************************************************************/
  516. NTSTATUS
  517. UlThreadAdminCheck(
  518. IN ACCESS_MASK DesiredAccess,
  519. IN KPROCESSOR_MODE RequestorMode,
  520. IN PCWSTR pObjectName
  521. )
  522. {
  523. ACCESS_STATE AccessState;
  524. AUX_ACCESS_DATA AuxData;
  525. NTSTATUS Status;
  527. Status = SeCreateAccessState(
  528. &AccessState,
  529. &AuxData,
  530. DesiredAccess,
  531. NULL
  532. );
  534. if(NT_SUCCESS(Status))
  535. {
  536. Status = UlAccessCheck(
  537. g_pAdminAllSystemAll,
  538. &AccessState,
  539. DesiredAccess,
  540. RequestorMode,
  541. pObjectName
  542. );
  544. SeDeleteAccessState(&AccessState);
  545. }
  547. return Status;
  548. }
  551. /***************************************************************************++
  553. Routine Description:
  555. Allocates and initializes a security descriptor with the specified
  556. attributes.
  558. Arguments:
  560. pSecurityDescriptor - Supplies a pointer to the security descriptor
  561. to initialize.
  563. pSidMaskPairs - Supplies an array of SID/ACCESS_MASK pairs.
  565. NumSidMaskPairs - Supplies the number of SID/ACESS_MASK pairs.
  567. Return Value:
  569. NTSTATUS - Completion status.
  571. --***************************************************************************/
  572. NTSTATUS
  573. UlCreateSecurityDescriptor(
  574. OUT PSECURITY_DESCRIPTOR pSecurityDescriptor,
  575. IN PSID_MASK_PAIR pSidMaskPairs,
  576. IN ULONG NumSidMaskPairs
  577. )
  578. {
  579. NTSTATUS status;
  580. PACL pDacl;
  581. ULONG daclLength;
  582. ULONG i;
  584. //
  585. // Sanity check.
  586. //
  588. PAGED_CODE();
  590. ASSERT( pSecurityDescriptor != NULL );
  591. ASSERT( pSidMaskPairs != NULL );
  592. ASSERT( NumSidMaskPairs > 0 );
  594. //
  595. // Setup locals so we know how to cleanup on exit.
  596. //
  598. pDacl = NULL;
  600. //
  601. // Initialize the security descriptor.
  602. //
  604. status = RtlCreateSecurityDescriptor(
  605. pSecurityDescriptor, // SecurityDescriptor
  606. SECURITY_DESCRIPTOR_REVISION // Revision
  607. );
  609. if (!NT_SUCCESS(status))
  610. {
  611. goto cleanup;
  612. }
  614. //
  615. // Calculate the DACL length.
  616. //
  618. daclLength = sizeof(ACL);
  620. for (i = 0 ; i < NumSidMaskPairs ; i++)
  621. {
  622. daclLength += sizeof(ACCESS_ALLOWED_ACE);
  623. daclLength += RtlLengthSid( pSidMaskPairs[i].pSid );
  624. }
  626. //
  627. // Allocate & initialize the DACL.
  628. //
  630. pDacl = (PACL) UL_ALLOCATE_POOL(
  631. PagedPool,
  632. daclLength,
  633. UL_SECURITY_DATA_POOL_TAG
  634. );
  636. if (pDacl == NULL)
  637. {
  638. status = STATUS_INSUFFICIENT_RESOURCES;
  639. goto cleanup;
  640. }
  642. status = RtlCreateAcl(
  643. pDacl, // Acl
  644. daclLength, // AclLength
  645. ACL_REVISION // AclRevision
  646. );
  648. if (!NT_SUCCESS(status))
  649. {
  650. goto cleanup;
  651. }
  653. //
  654. // Add the necessary access-allowed ACEs to the DACL.
  655. //
  657. for (i = 0 ; i < NumSidMaskPairs ; i++)
  658. {
  659. status = RtlAddAccessAllowedAceEx(
  660. pDacl, // Acl
  661. ACL_REVISION, // AceRevision
  662. pSidMaskPairs[i].AceFlags, // Inheritance flags
  663. pSidMaskPairs[i].AccessMask, // AccessMask
  664. pSidMaskPairs[i].pSid // Sid
  665. );
  667. if (!NT_SUCCESS(status))
  668. {
  669. goto cleanup;
  670. }
  671. }
  673. //
  674. // Attach the DACL to the security descriptor.
  675. //
  677. status = RtlSetDaclSecurityDescriptor(
  678. pSecurityDescriptor, // SecurityDescriptor
  679. TRUE, // DaclPresent
  680. pDacl, // Dacl
  681. FALSE // DaclDefaulted
  682. );
  684. if (!NT_SUCCESS(status))
  685. {
  686. goto cleanup;
  687. }
  689. //
  690. // Success!
  691. //
  693. ASSERT( NT_SUCCESS(status) );
  694. return STATUS_SUCCESS;
  696. cleanup:
  698. ASSERT( !NT_SUCCESS(status) );
  700. if (pDacl != NULL)
  701. {
  702. UL_FREE_POOL(
  703. pDacl,
  704. UL_SECURITY_DATA_POOL_TAG
  705. );
  706. }
  708. return status;
  710. } // UlpCreateSecurityDescriptor
  712. /***************************************************************************++
  714. Routine Description:
  716. Frees any resources associated with the security descriptor created
  717. by UlpCreateSecurityDescriptor().
  719. Arguments:
  721. pSecurityDescriptor - Supplies the security descriptor to cleanup.
  723. --***************************************************************************/
  724. VOID
  725. UlCleanupSecurityDescriptor(
  726. IN PSECURITY_DESCRIPTOR pSecurityDescriptor
  727. )
  728. {
  729. NTSTATUS status;
  730. PACL pDacl;
  731. BOOLEAN daclPresent;
  732. BOOLEAN daclDefaulted;
  734. //
  735. // Sanity check.
  736. //
  738. PAGED_CODE();
  740. ASSERT( RtlValidSecurityDescriptor( pSecurityDescriptor ) );
  742. //
  743. // Try to retrieve the DACL from the security descriptor.
  744. //
  746. status = RtlGetDaclSecurityDescriptor(
  747. pSecurityDescriptor, // SecurityDescriptor
  748. &daclPresent, // DaclPresent
  749. &pDacl, // Dacl
  750. &daclDefaulted // DaclDefaulted
  751. );
  753. if (NT_SUCCESS(status))
  754. {
  755. if (daclPresent && (pDacl != NULL))
  756. {
  757. UL_FREE_POOL(
  758. pDacl,
  759. UL_SECURITY_DATA_POOL_TAG
  760. );
  761. }
  762. }
  764. } // UlCleanupSecurityDescriptor
  767. /**************************************************************************++
  769. Routine Description:
  771. This routine maps the generic access masks of the ACE's present in the
  772. DACL of the supplied security descriptor.
  774. CODEWORK: Get RtlpApplyAclToObject exported.
  776. Arguments:
  778. pSecurityDescriptor - Supplies security descriptor.
  780. Return Value:
  782. NTSTATUS.
  784. --**************************************************************************/
  785. NTSTATUS
  786. UlMapGenericMask(
  787. PSECURITY_DESCRIPTOR pSecurityDescriptor
  788. )
  789. {
  790. ULONG i;
  791. PACE_HEADER Ace;
  792. PACL Dacl;
  793. NTSTATUS Status;
  794. BOOLEAN Ignore;
  795. BOOLEAN DaclPresent = FALSE;
  797. //
  798. // Get the DACL.
  799. //
  801. Status = RtlGetDaclSecurityDescriptor(
  802. pSecurityDescriptor,
  803. &DaclPresent,
  804. &Dacl,
  805. &Ignore
  806. );
  808. if (!NT_SUCCESS(Status))
  809. {
  810. return Status;
  811. }
  813. if (DaclPresent)
  814. {
  815. //
  816. // RtlpApplyAclToObject(Acl, GenericMapping) is cloned below since
  817. // it is not exported.
  818. //
  820. //
  821. // Now walk the ACL, mapping each ACE as we go.
  822. //
  824. for (i = 0, Ace = FirstAce(Dacl);
  825. i < Dacl->AceCount;
  826. i += 1, Ace = NextAce(Ace))
  827. {
  828. if (IsMSAceType(Ace))
  829. {
  830. RtlApplyAceToObject(Ace, &g_UrlAccessGenericMapping);
  831. }
  832. }
  833. }
  835. return STATUS_SUCCESS;
  836. }
  839. //
  840. // Private functions.
  841. //