archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/osshell/lmui/shareui/permpage.cxx

526 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // PermPage.cxx : Implementation ACL Editor classes
  2. // jonn 7/14/97 copied from \nt\private\windows\shell\lmui\ntshrui\permpage.cpp
  4. #include "headers.hxx"
  5. #pragma hdrstop
  7. #include "acl.hxx"
  8. #include "resource.h" // IDS_SHAREPERM_*
  10. // definition in headers.hxx conflicts with stddef.h (atlbase.h)
  11. #undef offsetof
  13. #include <atlbase.h>
  14. CComModule _Module;
  15. #include <atlcom.h>
  16. #include <atlimpl.cpp>
  18. // need IID_ISecurityInformation
  19. #define INITGUID
  20. #include <initguid.h>
  21. #include <aclui.h>
  23. //
  24. // I define my own implementation of ISecurityInformation
  25. //
  27. class CSecurityInformation : public ISecurityInformation, public CComObjectRoot
  28. {
  29. DECLARE_NOT_AGGREGATABLE(CSecurityInformation)
  30. BEGIN_COM_MAP(CSecurityInformation)
  31. COM_INTERFACE_ENTRY(ISecurityInformation)
  32. END_COM_MAP()
  34. // *** ISecurityInformation methods ***
  35. STDMETHOD(GetObjectInformation) (PSI_OBJECT_INFO pObjectInfo ) = 0;
  36. STDMETHOD(GetSecurity) (SECURITY_INFORMATION RequestedInformation,
  37. PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  38. BOOL fDefault ) = 0;
  39. STDMETHOD(SetSecurity) (SECURITY_INFORMATION SecurityInformation,
  40. PSECURITY_DESCRIPTOR pSecurityDescriptor ) = 0;
  41. STDMETHOD(GetAccessRights) (const GUID* pguidObjectType,
  42. DWORD dwFlags,
  43. PSI_ACCESS *ppAccess,
  44. ULONG *pcAccesses,
  45. ULONG *piDefaultAccess );
  46. STDMETHOD(MapGeneric) (const GUID *pguidObjectType,
  47. UCHAR *pAceFlags,
  48. ACCESS_MASK *pMask);
  49. STDMETHOD(GetInheritTypes) (PSI_INHERIT_TYPE *ppInheritTypes,
  50. ULONG *pcInheritTypes );
  51. STDMETHOD(PropertySheetPageCallback)(HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage );
  53. protected:
  54. HRESULT NewDefaultDescriptor(
  55. PSECURITY_DESCRIPTOR* ppsd,
  56. SECURITY_INFORMATION RequestedInformation
  57. );
  59. HRESULT MakeSelfRelativeCopy(
  60. PSECURITY_DESCRIPTOR psdOriginal,
  61. PSECURITY_DESCRIPTOR* ppsdNew );
  62. };
  64. class CShareSecurityInformation : public CSecurityInformation
  65. {
  66. private:
  67. LPWSTR m_strMachineName;
  68. LPWSTR m_strShareName;
  69. public:
  70. void SetMachineName( LPWSTR pszMachineName )
  71. {
  72. m_strMachineName = pszMachineName;
  73. }
  74. void SetShareName( LPWSTR pszShareName )
  75. {
  76. m_strShareName = pszShareName;
  77. }
  78. // note: these should be LPCTSTR but are left this way for convenience
  79. LPWSTR QueryMachineName()
  80. {
  81. return m_strMachineName;
  82. }
  83. LPWSTR QueryShareName()
  84. {
  85. return m_strShareName;
  86. }
  88. // *** ISecurityInformation methods ***
  89. STDMETHOD(GetObjectInformation) (PSI_OBJECT_INFO pObjectInfo );
  90. };
  92. class CSMBSecurityInformation : public CShareSecurityInformation
  93. {
  94. STDMETHOD(GetSecurity) (SECURITY_INFORMATION RequestedInformation,
  95. PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  96. BOOL fDefault );
  97. STDMETHOD(SetSecurity) (SECURITY_INFORMATION SecurityInformation,
  98. PSECURITY_DESCRIPTOR pSecurityDescriptor );
  99. public:
  100. PSECURITY_DESCRIPTOR m_pInitialDescriptor;
  101. PSECURITY_DESCRIPTOR* m_ppCurrentDescriptor;
  102. CSMBSecurityInformation();
  103. ~CSMBSecurityInformation();
  104. };
  108. // ISecurityInformation interface implementation
  110. SI_ACCESS siShareAccesses[] =
  111. {
  112. { &GUID_NULL, FILE_ALL_ACCESS, MAKEINTRESOURCE(IDS_SHAREPERM_ALL), SI_ACCESS_GENERAL },
  113. { &GUID_NULL, FILE_GENERIC_WRITE | DELETE, MAKEINTRESOURCE(IDS_SHAREPERM_MODIFY), SI_ACCESS_GENERAL },
  114. { &GUID_NULL, FILE_GENERIC_READ, MAKEINTRESOURCE(IDS_SHAREPERM_READ), SI_ACCESS_GENERAL }
  115. };
  116. #define iShareDefAccess 2 // FILE_GEN_READ
  117. #ifndef ARRAYSIZE
  118. #define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0]))
  119. #endif
  121. STDMETHODIMP CSecurityInformation::GetAccessRights (
  122. const GUID* pguidObjectType,
  123. DWORD dwFlags,
  124. PSI_ACCESS *ppAccess,
  125. ULONG *pcAccesses,
  126. ULONG *piDefaultAccess )
  127. {
  128. appAssert(ppAccess != NULL);
  129. appAssert(pcAccesses != NULL);
  130. appAssert(piDefaultAccess != NULL);
  132. *ppAccess = siShareAccesses;
  133. *pcAccesses = ARRAYSIZE(siShareAccesses);
  134. *piDefaultAccess = iShareDefAccess;
  136. return S_OK;
  137. }
  139. // This is consistent with the NETUI code
  140. GENERIC_MAPPING ShareMap =
  141. {
  142. FILE_GENERIC_READ,
  143. FILE_GENERIC_WRITE,
  144. FILE_GENERIC_EXECUTE,
  145. FILE_ALL_ACCESS
  146. };
  148. STDMETHODIMP CSecurityInformation::MapGeneric (
  149. const GUID *pguidObjectType,
  150. UCHAR *pAceFlags,
  151. ACCESS_MASK *pMask)
  152. {
  153. appAssert(pMask != NULL);
  155. MapGenericMask(pMask, &ShareMap);
  157. return S_OK;
  158. }
  160. STDMETHODIMP CSecurityInformation::GetInheritTypes (
  161. PSI_INHERIT_TYPE *ppInheritTypes,
  162. ULONG *pcInheritTypes )
  163. {
  164. appAssert(FALSE);
  165. return E_NOTIMPL;
  166. }
  167. STDMETHODIMP CSecurityInformation::PropertySheetPageCallback(HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage )
  168. {
  169. return S_OK;
  170. }
  172. /*
  173. JeffreyS 1/24/97:
  174. If you don't set the SI_RESET flag in
  175. ISecurityInformation::GetObjectInformation, then fDefault should never be TRUE
  176. so you can ignore it. Returning E_NOTIMPL in this case is OK too.
  178. If you want the user to be able to reset the ACL to some default state
  179. (defined by you) then turn on SI_RESET and return your default ACL
  180. when fDefault is TRUE. This happens if/when the user pushes a button
  181. that is only visible when SI_RESET is on.
  182. */
  183. STDMETHODIMP CShareSecurityInformation::GetObjectInformation (
  184. PSI_OBJECT_INFO pObjectInfo )
  185. {
  186. appAssert(pObjectInfo != NULL &&
  187. !IsBadWritePtr(pObjectInfo, sizeof(*pObjectInfo)));
  189. pObjectInfo->dwFlags = SI_EDIT_ALL | SI_NO_ACL_PROTECT;
  190. pObjectInfo->hInstance = g_hInstance;
  191. pObjectInfo->pszServerName = QueryMachineName();
  192. pObjectInfo->pszObjectName = QueryShareName();
  194. return S_OK;
  195. }
  197. //
  198. // original code from \\marsslm\backup\src\ncpmgr\ncpmgr\shareacl.cxx
  199. // ACL-wrangling templated from \net\ui\common\src\lmobj\lmobj\security.cxx
  200. //
  201. // caller must free using LocalFree()
  202. //
  203. HRESULT CSecurityInformation::NewDefaultDescriptor(
  204. PSECURITY_DESCRIPTOR* ppsd,
  205. SECURITY_INFORMATION RequestedInformation
  206. )
  207. {
  208. *ppsd = NULL;
  209. PSID psidWorld = NULL;
  210. PSID psidAdmins = NULL;
  211. ACCESS_ALLOWED_ACE* pace = NULL;
  212. ACL* pacl = NULL;
  213. SECURITY_DESCRIPTOR sd;
  214. HRESULT hr = S_OK;
  215. do { // false loop
  216. // build World SID
  217. SID_IDENTIFIER_AUTHORITY IDAuthorityWorld = SECURITY_WORLD_SID_AUTHORITY;
  218. if ( !::AllocateAndInitializeSid(
  219. &IDAuthorityWorld,
  220. 1,
  221. SECURITY_WORLD_RID,
  222. 0,0,0,0,0,0,0,
  223. &psidWorld ) )
  224. {
  225. appAssert( FALSE );
  226. hr = E_UNEXPECTED;
  227. break;
  228. }
  230. // build Admins SID
  231. SID_IDENTIFIER_AUTHORITY IDAuthorityNT = SECURITY_NT_AUTHORITY;
  232. if ( !::AllocateAndInitializeSid(
  233. &IDAuthorityNT,
  234. 2,
  235. SECURITY_BUILTIN_DOMAIN_RID,
  236. DOMAIN_ALIAS_RID_ADMINS,
  237. 0,0,0,0,0,0,
  238. &psidAdmins ) )
  239. {
  240. appAssert( FALSE );
  241. hr = E_UNEXPECTED;
  242. break;
  243. }
  245. // build ACE
  246. DWORD cbSid = ::GetLengthSid(psidWorld);
  247. if ( 0 == cbSid )
  248. {
  249. appAssert( FALSE );
  250. hr = E_UNEXPECTED;
  251. break;
  252. }
  253. INT cbAce = sizeof(ACCESS_ALLOWED_ACE) + cbSid;
  254. pace = reinterpret_cast<ACCESS_ALLOWED_ACE*>(new BYTE[ cbAce+10 ]);
  255. if ( NULL == pace )
  256. {
  257. appAssert( FALSE );
  258. hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  259. break;
  260. }
  261. ::memset((BYTE*)pace,0,cbAce+10);
  262. pace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE; // SetType()
  263. pace->Header.AceFlags = 0; // SetInheritFlags()
  264. pace->Header.AceSize = (WORD)cbAce; // SetSize() (in SetSID())
  265. pace->Mask = GENERIC_ALL; // SetAccessMask()
  266. ::memcpy( &(pace->SidStart), psidWorld, cbSid ); // SetSID()
  268. // build ACL
  269. DWORD cbAcl = sizeof(ACL) + cbAce + 10;
  270. pacl = reinterpret_cast<ACL*>(new BYTE[ cbAcl ]);
  271. if ( NULL == pacl )
  272. {
  273. appAssert( FALSE );
  274. hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  275. break;
  276. }
  277. ::memset((BYTE*)pacl,0,cbAcl);
  278. if ( !::InitializeAcl( pacl, cbAcl, ACL_REVISION2 ) )
  279. {
  280. appAssert( FALSE );
  281. hr = E_UNEXPECTED;
  282. break;
  283. }
  284. if ( !::AddAce( pacl, ACL_REVISION2, 0, pace, cbAce ) )
  285. {
  286. appAssert( FALSE );
  287. hr = E_UNEXPECTED;
  288. break;
  289. }
  291. // build security descriptor in absolute format
  292. if ( !::InitializeSecurityDescriptor(
  293. &sd,
  294. SECURITY_DESCRIPTOR_REVISION ) )
  295. {
  296. appAssert( FALSE );
  297. hr = E_UNEXPECTED;
  298. break;
  299. }
  300. if ( !::SetSecurityDescriptorOwner( &sd, psidAdmins, FALSE )
  301. || !::SetSecurityDescriptorGroup( &sd, psidAdmins, FALSE )
  302. || !::SetSecurityDescriptorDacl( &sd, TRUE, pacl, FALSE )
  303. )
  304. {
  305. appAssert( FALSE );
  306. hr = E_UNEXPECTED;
  307. break;
  308. }
  310. // convert security descriptor to self-relative format
  311. DWORD cbSD = 0;
  312. // this call should fail and set cbSD to the correct size
  313. if ( ::MakeSelfRelativeSD( &sd, NULL, &cbSD ) || 0 == cbSD )
  314. {
  315. appAssert( FALSE );
  316. hr = E_UNEXPECTED;
  317. break;
  318. }
  319. *ppsd = reinterpret_cast<PSECURITY_DESCRIPTOR>(
  320. ::LocalAlloc( LMEM_ZEROINIT, cbSD + 20 ) );
  322. if (!*ppsd)
  323. {
  324. hr = HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  325. break;
  326. }
  327. ::memset( (BYTE*)*ppsd, 0, cbSD + 20 );
  328. if ( !::MakeSelfRelativeSD( &sd, *ppsd, &cbSD ) )
  329. {
  330. appAssert( FALSE );
  331. hr = E_UNEXPECTED;
  332. break;
  333. }
  335. } while (FALSE); // false loop
  337. // clean up
  338. if ( NULL != psidWorld ) {
  339. (void)::FreeSid( psidWorld );
  340. }
  341. if ( NULL != psidAdmins ) {
  342. (void)::FreeSid( psidAdmins );
  343. }
  344. delete pace;
  345. delete pacl;
  347. return hr;
  348. }
  350. HRESULT CSecurityInformation::MakeSelfRelativeCopy(
  351. PSECURITY_DESCRIPTOR psdOriginal,
  352. PSECURITY_DESCRIPTOR* ppsdNew )
  353. {
  354. appAssert( NULL != psdOriginal );
  356. // we have to find out whether the original is already self-relative
  357. SECURITY_DESCRIPTOR_CONTROL sdc = 0;
  358. DWORD dwRevision = 0;
  359. if ( !::GetSecurityDescriptorControl( psdOriginal, &sdc, &dwRevision ) )
  360. {
  361. appAssert( FALSE );
  362. DWORD err = ::GetLastError();
  363. return HRESULT_FROM_WIN32( err );
  364. }
  366. DWORD cb = ::GetSecurityDescriptorLength( psdOriginal ) + 20;
  367. PSECURITY_DESCRIPTOR psdSelfRelativeCopy = reinterpret_cast<PSECURITY_DESCRIPTOR>(
  368. ::LocalAlloc(LMEM_ZEROINIT, cb) );
  369. if (NULL == psdSelfRelativeCopy)
  370. {
  371. return HRESULT_FROM_WIN32(ERROR_NOT_ENOUGH_MEMORY);
  372. }
  374. if ( sdc & SE_SELF_RELATIVE )
  375. // the original is in self-relative format, just byte-copy it
  376. {
  377. ::memcpy( psdSelfRelativeCopy, psdOriginal, cb - 20 );
  378. }
  379. else if ( !::MakeSelfRelativeSD( psdOriginal, psdSelfRelativeCopy, &cb ) )
  380. // the original is in absolute format, convert-copy it
  381. {
  382. appAssert( FALSE );
  383. if( NULL != ::LocalFree( psdSelfRelativeCopy ) )
  384. {
  385. appAssert(FALSE);
  386. }
  387. DWORD err = ::GetLastError();
  388. return HRESULT_FROM_WIN32( err );
  389. }
  390. *ppsdNew = psdSelfRelativeCopy;
  391. return S_OK;
  392. }
  394. CSMBSecurityInformation::CSMBSecurityInformation()
  395. : CShareSecurityInformation()
  396. , m_pInitialDescriptor( NULL )
  397. , m_ppCurrentDescriptor( NULL )
  398. {
  399. }
  401. CSMBSecurityInformation::~CSMBSecurityInformation()
  402. {
  403. }
  405. STDMETHODIMP CSMBSecurityInformation::GetSecurity (
  406. SECURITY_INFORMATION RequestedInformation,
  407. PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  408. BOOL fDefault )
  409. {
  410. appAssert( NULL != m_ppCurrentDescriptor );
  412. // NOTE: we allow NULL == ppSecurityDescriptor, see SetSecurity
  413. if (0 == RequestedInformation )
  414. {
  415. appAssert(FALSE);
  416. return E_INVALIDARG;
  417. }
  419. if (fDefault)
  420. return E_NOTIMPL;
  422. if ( NULL == ppSecurityDescriptor )
  423. return S_OK;
  425. *ppSecurityDescriptor = NULL;
  427. HRESULT hr = S_OK;
  428. if (NULL != *m_ppCurrentDescriptor)
  429. {
  430. hr = MakeSelfRelativeCopy(
  431. *m_ppCurrentDescriptor,
  432. ppSecurityDescriptor );
  433. appAssert( SUCCEEDED(hr) && NULL != *ppSecurityDescriptor );
  434. }
  435. else if (NULL != m_pInitialDescriptor)
  436. {
  437. hr = MakeSelfRelativeCopy(
  438. m_pInitialDescriptor,
  439. ppSecurityDescriptor );
  440. appAssert( SUCCEEDED(hr) && NULL != *ppSecurityDescriptor );
  441. }
  442. else
  443. {
  444. hr = NewDefaultDescriptor(
  445. ppSecurityDescriptor,
  446. RequestedInformation );
  447. appAssert( SUCCEEDED(hr) && NULL != *ppSecurityDescriptor );
  448. }
  449. return hr;
  450. }
  452. STDMETHODIMP CSMBSecurityInformation::SetSecurity (
  453. SECURITY_INFORMATION SecurityInformation,
  454. PSECURITY_DESCRIPTOR pSecurityDescriptor )
  455. {
  456. appAssert( NULL != m_ppCurrentDescriptor );
  458. if (NULL != *m_ppCurrentDescriptor)
  459. {
  460. ::LocalFree(*m_ppCurrentDescriptor);
  461. *m_ppCurrentDescriptor = NULL;
  462. }
  463. HRESULT hr = MakeSelfRelativeCopy(
  464. pSecurityDescriptor,
  465. m_ppCurrentDescriptor );
  466. appAssert( SUCCEEDED(hr) && NULL != *m_ppCurrentDescriptor );
  467. return hr;
  468. }
  470. HMODULE g_hlibACLUI = NULL;
  471. typedef BOOL (*EDIT_SECURITY_PROC) ( HWND, LPSECURITYINFO );
  472. EDIT_SECURITY_PROC g_pfnEditSecurityProc;
  474. LONG
  475. EditShareAcl(
  476. IN HWND hwndParent,
  477. IN LPWSTR pszServerName,
  478. IN TCHAR * pszShareName,
  479. IN PSECURITY_DESCRIPTOR pSecDesc,
  480. OUT BOOL* pfSecDescModified,
  481. OUT PSECURITY_DESCRIPTOR* ppSecDesc
  482. )
  483. {
  484. appAssert( ppSecDesc != NULL );
  485. *ppSecDesc = NULL;
  487. if (NULL == g_hlibACLUI)
  488. {
  489. g_hlibACLUI = ::LoadLibrary(L"ACLUI.DLL");
  490. if (NULL == g_hlibACLUI)
  491. {
  492. appAssert(FALSE); // ACLUI.DLL isn't installed?
  493. return 0;
  494. }
  495. }
  497. if (NULL == g_pfnEditSecurityProc)
  498. {
  499. g_pfnEditSecurityProc = reinterpret_cast<EDIT_SECURITY_PROC>(
  500. ::GetProcAddress(g_hlibACLUI,"EditSecurity") );
  501. if (NULL == g_pfnEditSecurityProc)
  502. {
  503. appAssert(FALSE); // ACLUI.DLL is invalid?
  504. return 0;
  505. }
  506. }
  508. CComObject<CSMBSecurityInformation>* psecinfo = NULL;
  509. HRESULT hRes = CComObject<CSMBSecurityInformation>::CreateInstance(&psecinfo);
  510. if ( FAILED(hRes) )
  511. return 0;
  513. psecinfo->AddRef();
  514. psecinfo->SetMachineName( pszServerName );
  515. psecinfo->SetShareName( pszShareName );
  516. psecinfo->m_pInitialDescriptor = pSecDesc;
  517. psecinfo->m_ppCurrentDescriptor = ppSecDesc;
  518. (g_pfnEditSecurityProc)(hwndParent,psecinfo);
  520. if (NULL != pfSecDescModified)
  521. *pfSecDescModified = (NULL != *ppSecDesc);
  523. psecinfo->Release();
  525. return 0;
  526. }