archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/tapi/skywalker/apps/avdialer/confprop/objsec.cpp

539 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /////////////////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998 Active Voice Corporation. All Rights Reserved.
  4. //
  5. // Active Agent(r) and Unified Communications(tm) are trademarks of Active Voice Corporation.
  6. //
  7. // Other brand and29 product names used herein are trademarks of their respective owners.
  8. //
  9. // The entire program and user interface including the structure, sequence, selection,
  10. // and arrangement of the dialog, the exclusively "yes" and "no" choices represented
  11. // by "1" and "2," and each dialog message are protected by copyrights registered in
  12. // the United States and by international treaties.
  13. //
  14. // Protected by one or more of the following United States patents: 5,070,526, 5,488,650,
  15. // 5,434,906, 5,581,604, 5,533,102, 5,568,540, 5,625,676, 5,651,054.
  16. //
  17. // Active Voice Corporation
  18. // Seattle, Washington
  19. // USA
  20. //
  21. /////////////////////////////////////////////////////////////////////////////////////////
  23. #include <windows.h>
  24. #include <winnt.h>
  25. #include "res.h"
  26. #include "objsec.h"
  27. #include "rndsec.h"
  30. #define DSOP_FILTER_COMMON ( DSOP_FILTER_USERS | \
  31. DSOP_FILTER_UNIVERSAL_GROUPS_SE | \
  32. DSOP_FILTER_GLOBAL_GROUPS_SE )
  34. #define DSOP_FILTER_DL_COMMON1 ( DSOP_DOWNLEVEL_FILTER_USERS \
  35. | DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS \
  36. | DSOP_DOWNLEVEL_FILTER_COMPUTERS \
  37. )
  39. #define DSOP_FILTER_DL_COMMON2 ( DSOP_FILTER_DL_COMMON1 \
  40. | DSOP_DOWNLEVEL_FILTER_ALL_WELLKNOWN_SIDS \
  41. )
  43. #define DSOP_FILTER_DL_COMMON3 ( DSOP_FILTER_DL_COMMON2 \
  44. | DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS \
  45. )
  48. #define DECLARE_SCOPE(t,f,b,m,n,d) \
  49. { sizeof(DSOP_SCOPE_INIT_INFO), (t), (f), { { (b), (m), (n) }, (d) }, NULL, NULL, S_OK }
  51. static const DSOP_SCOPE_INIT_INFO g_aDSOPScopes[] =
  52. {
  53. // The domain to which the target computer is joined.
  54. DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN, \
  55. DSOP_SCOPE_FLAG_STARTING_SCOPE, \
  56. 0, \
  57. DSOP_FILTER_COMMON & ~DSOP_FILTER_UNIVERSAL_GROUPS_SE, \
  58. DSOP_FILTER_COMMON, \
  59. 0),
  61. DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,0,0,0,0,DSOP_FILTER_DL_COMMON2),
  63. // The Global Catalog
  64. DECLARE_SCOPE(DSOP_SCOPE_TYPE_GLOBAL_CATALOG,0,DSOP_FILTER_COMMON|DSOP_FILTER_WELL_KNOWN_PRINCIPALS,0,0,0),
  66. // The domains in the same forest (enterprise) as the domain to which
  67. // the target machine is joined. Note these can only be DS-aware
  68. DECLARE_SCOPE(DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN,0,DSOP_FILTER_COMMON,0,0,0),
  70. // Domains external to the enterprise but trusted directly by the
  71. // domain to which the target machine is joined.
  72. DECLARE_SCOPE(DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN | DSOP_SCOPE_TYPE_EXTERNAL_DOWNLEVEL_DOMAIN, \
  73. 0, \
  74. DSOP_FILTER_COMMON, \
  75. 0, \
  76. 0, \
  77. DSOP_DOWNLEVEL_FILTER_USERS | DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS),
  79. // Target computer scope. Computer scopes are always treated as
  80. // downlevel (i.e., they use the WinNT provider).
  82. DECLARE_SCOPE(DSOP_SCOPE_TYPE_TARGET_COMPUTER,0,0,0,0,DSOP_FILTER_DL_COMMON3),
  83. };
  86. GENERIC_MAPPING ObjMap =
  87. {
  88. ACCESS_READ,
  89. ACCESS_MODIFY,
  90. ACCESS_DELETE,
  91. };
  93. SI_ACCESS g_siObjAccesses[] =
  94. {
  95. { &GUID_NULL, ACCESS_READ, MAKEINTRESOURCEW(IDS_PRIV_READ), SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC },
  96. { &GUID_NULL, ACCESS_MODIFY, MAKEINTRESOURCEW(IDS_PRIV_MODIFY), SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC },
  97. { &GUID_NULL, ACCESS_DELETE, MAKEINTRESOURCEW(IDS_PRIV_DELETE), SI_ACCESS_GENERAL | SI_ACCESS_SPECIFIC },
  98. };
  100. #define g_iObjDefAccess GENERIC_READ
  103. // The following array defines the inheritance types for my containers.
  104. SI_INHERIT_TYPE g_siObjInheritTypes[] =
  105. {
  106. &GUID_NULL, 0, L"This container/object only",
  107. };
  109. /////////////////////////////////////////////////////////////////////////////////////////
  110. CObjSecurity::CObjSecurity() : m_cRef(1)
  111. {
  112. USES_CONVERSION;
  113. m_dwSIFlags = NULL;
  114. m_pConfProp = NULL;
  116. //
  117. // Let's have a properly constructor
  118. //
  120. m_bstrObject = NULL;
  121. m_bstrPage = NULL;
  123. m_pObjectPicker = NULL;
  124. }
  126. /////////////////////////////////////////////////////////////////////////////////////////
  127. CObjSecurity::~CObjSecurity()
  128. {
  129. //
  130. // Properly deallocation
  131. //
  133. if( m_bstrObject )
  134. SysFreeString( m_bstrObject );
  136. if( m_bstrPage )
  137. SysFreeString( m_bstrPage );
  139. if ( m_pObjectPicker )
  140. m_pObjectPicker->Release();
  141. }
  143. /////////////////////////////////////////////////////////////////////////////////////////
  144. STDMETHODIMP
  145. CObjSecurity::InternalInitialize( CONFPROP* pConfProp )
  146. {
  147. HRESULT hr = S_OK;
  148. //
  149. // we can initialize BSTRs here
  150. //
  152. m_bstrObject = SysAllocString( T2COLE(String(g_hInstLib, IDS_CONFPROP_PERMISSIONS_OBJECT )) );
  153. if( IsBadStringPtr( m_bstrObject, (UINT)-1) )
  154. return E_OUTOFMEMORY;
  156. m_bstrPage = SysAllocString( T2COLE(String(g_hInstLib, IDS_CONFPROP_PERMISSIONS_PAGE )) );
  157. if( IsBadStringPtr( m_bstrPage, (UINT)-1) )
  158. {
  159. SysFreeString( m_bstrObject);
  160. return E_OUTOFMEMORY;
  161. }
  163. m_pConfProp = pConfProp;
  165. return hr;
  166. }
  168. /////////////////////////////////////////////////////////////////////////////////////////
  169. /////////////////////////////////////////////////////////////////////////////////////////
  170. //IUnknown Methods
  171. /////////////////////////////////////////////////////////////////////////////////////////
  172. /////////////////////////////////////////////////////////////////////////////////////////
  174. /////////////////////////////////////////////////////////////////////////////////////////
  175. STDMETHODIMP_(ULONG)
  176. CObjSecurity::AddRef()
  177. {
  178. return ++m_cRef;
  179. }
  181. /////////////////////////////////////////////////////////////////////////////////////////
  182. STDMETHODIMP_(ULONG)
  183. CObjSecurity::Release()
  184. {
  185. if (--m_cRef == 0)
  186. {
  187. delete this;
  188. return 0;
  189. }
  191. return m_cRef;
  192. }
  194. /////////////////////////////////////////////////////////////////////////////////////////
  195. STDMETHODIMP
  196. CObjSecurity::QueryInterface(REFIID riid, LPVOID FAR* ppv)
  197. {
  198. if (IsEqualIID(riid, IID_IUnknown) || IsEqualIID(riid, IID_ISecurityInformation))
  199. {
  200. *ppv = (LPSECURITYINFO)this;
  201. }
  202. else if ( IsEqualIID(riid, IID_IDsObjectPicker) )
  203. {
  204. *ppv = static_cast<IDsObjectPicker*> (this);
  205. }
  206. else
  207. {
  208. *ppv = NULL;
  209. return E_NOINTERFACE;
  210. }
  212. m_cRef++;
  213. return S_OK;
  214. }
  216. /////////////////////////////////////////////////////////////////////////////////////////
  217. /////////////////////////////////////////////////////////////////////////////////////////
  218. // IDsObjectPicker
  219. /////////////////////////////////////////////////////////////////////////////////////////
  220. /////////////////////////////////////////////////////////////////////////////////////////
  222. STDMETHODIMP CObjSecurity::Initialize( PDSOP_INIT_INFO pInitInfo )
  223. {
  224. HRESULT hr = S_OK;
  225. DSOP_INIT_INFO InitInfo;
  226. PDSOP_SCOPE_INIT_INFO pDSOPScopes = NULL;
  228. _ASSERT( pInitInfo->cbSize >= FIELD_OFFSET(DSOP_INIT_INFO, cAttributesToFetch) );
  230. // Create an instance of the object
  231. if (!m_pObjectPicker)
  232. {
  233. hr = CoCreateInstance(CLSID_DsObjectPicker,
  234. NULL,
  235. CLSCTX_INPROC_SERVER,
  236. IID_IDsObjectPicker,
  237. (LPVOID*)&m_pObjectPicker);
  238. }
  240. if ( SUCCEEDED(hr) )
  241. {
  242. // Make a local copy of the InitInfo so we can modify it safely
  243. CopyMemory(&InitInfo, pInitInfo, min(pInitInfo->cbSize, sizeof(InitInfo)));
  245. // Make a local copy of g_aDSOPScopes so we can modify it safely.
  246. // Note also that m_pObjectPicker->Initialize returns HRESULTs
  247. // in this buffer.
  248. pDSOPScopes = (PDSOP_SCOPE_INIT_INFO)LocalAlloc(LPTR, sizeof(g_aDSOPScopes));
  249. if (pDSOPScopes)
  250. {
  251. CopyMemory(pDSOPScopes, g_aDSOPScopes, sizeof(g_aDSOPScopes));
  253. // Override the ACLUI default scopes, but don't touch
  254. // the other stuff.
  255. // pDSOPScopes->pwzDcName = m_strServerName;
  256. InitInfo.cDsScopeInfos = ARRAYSIZE(g_aDSOPScopes);
  257. InitInfo.aDsScopeInfos = pDSOPScopes;
  259. hr = m_pObjectPicker->Initialize(&InitInfo);
  261. LocalFree(pDSOPScopes);
  262. }
  263. else
  264. {
  265. hr = E_OUTOFMEMORY;
  266. }
  267. }
  269. return hr;
  270. }
  272. STDMETHODIMP CObjSecurity::InvokeDialog( HWND hwndParent, IDataObject **ppdoSelection )
  273. {
  274. HRESULT hr = E_UNEXPECTED;
  275. _ASSERT( ppdoSelection );
  277. if (m_pObjectPicker)
  278. hr = m_pObjectPicker->InvokeDialog(hwndParent, ppdoSelection);
  280. return hr;
  281. }
  283. /////////////////////////////////////////////////////////////////////////////////////////
  284. /////////////////////////////////////////////////////////////////////////////////////////
  285. // ISecurityInformation methods
  286. /////////////////////////////////////////////////////////////////////////////////////////
  287. /////////////////////////////////////////////////////////////////////////////////////////
  289. /////////////////////////////////////////////////////////////////////////////////////////
  290. STDMETHODIMP
  291. CObjSecurity::GetObjectInformation(PSI_OBJECT_INFO pObjectInfo)
  292. {
  293. m_dwSIFlags = SI_EDIT_OWNER | SI_EDIT_PERMS | SI_NO_ACL_PROTECT | \
  294. SI_PAGE_TITLE;
  296. pObjectInfo->dwFlags = m_dwSIFlags;
  297. pObjectInfo->hInstance = g_hInstLib;
  298. pObjectInfo->pszServerName = NULL; //use local computer
  299. pObjectInfo->pszObjectName = m_bstrObject;
  300. pObjectInfo->pszPageTitle = m_bstrPage;
  302. return S_OK;
  303. }
  305. /////////////////////////////////////////////////////////////////////////////////////////
  306. STDMETHODIMP
  307. CObjSecurity::GetSecurity(SECURITY_INFORMATION si,
  308. PSECURITY_DESCRIPTOR *ppSD,
  309. BOOL fDefault)
  310. {
  311. HRESULT hr = S_OK;
  313. // Make the default if necessary...
  314. if ( !m_pConfProp->ConfInfo.m_pSecDesc )
  315. {
  316. hr = CoCreateInstance( CLSID_SecurityDescriptor,
  317. NULL,
  318. CLSCTX_INPROC_SERVER,
  319. IID_IADsSecurityDescriptor,
  320. (void **) &m_pConfProp->ConfInfo.m_pSecDesc );
  322. // Add default settings if successfully created the ACE
  323. if ( SUCCEEDED(hr) )
  324. hr = m_pConfProp->ConfInfo.AddDefaultACEs( m_pConfProp->ConfInfo.IsNewConference() );
  325. }
  327. // If we failed to get the defaults, just use whatever you can...
  328. if ( !m_pConfProp->ConfInfo.m_pSecDesc )
  329. {
  330. PSECURITY_DESCRIPTOR psdNewSD = LocalAlloc(LPTR,SECURITY_DESCRIPTOR_MIN_LENGTH);
  332. //
  333. // Validate the allocation
  334. //
  335. if( psdNewSD == NULL )
  336. {
  337. hr = E_OUTOFMEMORY;
  338. }
  339. else
  340. {
  341. //
  342. // Allocation succeeded
  343. //
  344. if( !InitializeSecurityDescriptor(psdNewSD,SECURITY_DESCRIPTOR_REVISION) )
  345. {
  346. hr = GetLastError();
  347. }
  348. }
  350. *ppSD = psdNewSD;
  351. }
  352. else
  353. {
  354. DWORD dwSDLen = 0;
  355. ATLTRACE(_T(".1.CObjSecurity::GetSecurity() pre->Convert ticks = %ld.\n"), GetTickCount() );
  356. hr = ConvertObjectToSD( m_pConfProp->ConfInfo.m_pSecDesc, ppSD, &dwSDLen );
  357. ATLTRACE(_T(".1.CObjSecurity::GetSecurity() post Convert ticks = %ld.\n"), GetTickCount() );
  358. }
  360. return hr;
  361. }
  363. /////////////////////////////////////////////////////////////////////////////////////////
  364. STDMETHODIMP
  365. CObjSecurity::SetSecurity( SECURITY_INFORMATION si, PSECURITY_DESCRIPTOR pSD)
  366. {
  367. if ( !m_pConfProp ) return E_UNEXPECTED;
  369. HRESULT hr = S_OK;
  370. m_pConfProp->ConfInfo.SetSecuritySet( true );
  373. ///////////////////////////////////////////////////////////
  374. // If we don't have an existing SD, create one
  375. //
  376. if ( !m_pConfProp->ConfInfo.m_pSecDesc )
  377. {
  378. hr = CoCreateInstance( CLSID_SecurityDescriptor,
  379. NULL,
  380. CLSCTX_INPROC_SERVER,
  381. IID_IADsSecurityDescriptor,
  382. (void **) &m_pConfProp->ConfInfo.m_pSecDesc );
  384. // Failed te create the security descriptor object
  385. if ( FAILED(hr) ) return hr;
  386. }
  389. /////////////////////////////////////////////////////////////////////////////////
  390. // Set properties on the Security Descriptor
  391. //
  393. // Get control and revision information from SD
  394. DWORD dwRevision = 0;
  395. WORD wControl = 0;
  396. DWORD dwRet = GetSecurityDescriptorControl( pSD, &wControl, &dwRevision );
  397. if ( !dwRet ) return HRESULT_FROM_WIN32(GetLastError());
  399. hr = m_pConfProp->ConfInfo.m_pSecDesc->put_Control( wControl );
  400. BAIL_ON_FAILURE(hr);
  402. hr = m_pConfProp->ConfInfo.m_pSecDesc->put_Revision( dwRevision );
  403. BAIL_ON_FAILURE(hr);
  405. ////////////////////////////////////////////////
  406. // What was modified on the SD?
  407. if ( si & OWNER_SECURITY_INFORMATION )
  408. {
  409. BOOL bOwnerDefaulted = FALSE;
  410. LPBYTE pOwnerSidAddress = NULL;
  412. dwRet = GetSecurityDescriptorOwner( pSD, (PSID *) &pOwnerSidAddress, &bOwnerDefaulted );
  413. if ( dwRet )
  414. {
  415. LPWSTR pszOwner = NULL;
  416. if ( SUCCEEDED(hr = ConvertSidToFriendlyName(pOwnerSidAddress, &pszOwner)) )
  417. {
  418. if ( SUCCEEDED(hr = m_pConfProp->ConfInfo.m_pSecDesc->put_OwnerDefaulted((VARIANT_BOOL) bOwnerDefaulted)) )
  419. hr = m_pConfProp->ConfInfo.m_pSecDesc->put_Owner( pszOwner );
  420. }
  422. // Clean - up
  423. if ( pszOwner ) delete pszOwner;
  424. }
  425. else
  426. {
  427. hr = HRESULT_FROM_WIN32(GetLastError());
  428. }
  429. }
  431. ///////////////////////////////////////////////////////
  432. // Group security information changing...
  433. if ( si & GROUP_SECURITY_INFORMATION )
  434. {
  435. BOOL bGroupDefaulted = FALSE;
  436. LPBYTE pGroupSidAddress = NULL;
  438. dwRet = GetSecurityDescriptorGroup( pSD,
  439. (PSID *)&pGroupSidAddress,
  440. &bGroupDefaulted );
  441. if ( dwRet )
  442. {
  443. LPWSTR pszGroup = NULL;
  444. if ( SUCCEEDED(hr = ConvertSidToFriendlyName(pGroupSidAddress, &pszGroup)) )
  445. {
  446. if ( SUCCEEDED(hr = m_pConfProp->ConfInfo.m_pSecDesc->put_GroupDefaulted((VARIANT_BOOL) bGroupDefaulted)) )
  447. hr = m_pConfProp->ConfInfo.m_pSecDesc->put_Group( pszGroup );
  448. }
  450. // Clean - up
  451. if ( pszGroup ) delete pszGroup;
  452. }
  453. else
  454. {
  455. hr = HRESULT_FROM_WIN32(GetLastError());
  456. }
  457. }
  459. ///////////////////////////////////////////////
  460. // DACL list changing
  461. if ( si & DACL_SECURITY_INFORMATION )
  462. {
  463. LPBYTE pDACLAddress = NULL;
  464. BOOL bDaclPresent = FALSE, bDaclDefaulted = FALSE;
  465. VARIANT varDACL;
  466. VariantInit( &varDACL );
  468. // Extract DACL
  469. GetSecurityDescriptorDacl( pSD,
  470. &bDaclPresent,
  471. (PACL*) &pDACLAddress,
  472. &bDaclDefaulted );
  474. if ( bDaclPresent && pDACLAddress && SUCCEEDED(hr = ConvertACLToVariant((PACL) pDACLAddress, &varDACL)) )
  475. {
  476. if ( SUCCEEDED(hr = m_pConfProp->ConfInfo.m_pSecDesc->put_DaclDefaulted((VARIANT_BOOL) bDaclDefaulted)) )
  477. hr = m_pConfProp->ConfInfo.m_pSecDesc->put_DiscretionaryAcl( V_DISPATCH(&varDACL) );
  478. }
  480. // Clean - up
  481. VariantClear( &varDACL );
  482. }
  484. failed:
  485. return hr;
  486. }
  489. /////////////////////////////////////////////////////////////////////////////////////////
  490. STDMETHODIMP
  491. CObjSecurity::GetAccessRights(const GUID* /*pguidObjectType*/,
  492. DWORD dwFlags,
  493. PSI_ACCESS *ppAccesses,
  494. ULONG *pcAccesses,
  495. ULONG *piDefaultAccess)
  496. {
  497. *ppAccesses = g_siObjAccesses;
  498. *pcAccesses = sizeof(g_siObjAccesses)/sizeof(g_siObjAccesses[0]);
  499. *piDefaultAccess = g_iObjDefAccess;
  501. return S_OK;
  502. }
  504. /////////////////////////////////////////////////////////////////////////////////////////
  505. STDMETHODIMP
  506. CObjSecurity::MapGeneric(const GUID* /*pguidObjectType*/,
  507. UCHAR *pAceFlags,
  508. ACCESS_MASK *pmask)
  509. {
  510. MapGenericMask(pmask, &ObjMap);
  512. return S_OK;
  513. }
  515. /////////////////////////////////////////////////////////////////////////////////////////
  516. STDMETHODIMP
  517. CObjSecurity::GetInheritTypes(PSI_INHERIT_TYPE *ppInheritTypes,
  518. ULONG *pcInheritTypes)
  519. {
  520. *ppInheritTypes = g_siObjInheritTypes;
  521. *pcInheritTypes = sizeof(g_siObjInheritTypes)/sizeof(g_siObjInheritTypes[0]);
  523. return S_OK;
  524. }
  526. /////////////////////////////////////////////////////////////////////////////////////////
  527. STDMETHODIMP
  528. CObjSecurity::PropertySheetPageCallback(HWND hwnd,
  529. UINT uMsg,
  530. SI_PAGE_TYPE uPage)
  531. {
  532. return S_OK;
  533. }
  535. /////////////////////////////////////////////////////////////////////////////////////////
  536. /////////////////////////////////////////////////////////////////////////////////////////
  537. /////////////////////////////////////////////////////////////////////////////////////////