archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/rras/dim/server/security.c

466 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*********************************************************************/
  2. /** Copyright(c) 1995 Microsoft Corporation. **/
  3. /*********************************************************************/
  5. //***
  6. //
  7. // Filename: security.c
  8. //
  9. // Description: This module contains code that will create and delete the
  10. // security object. It will also contain access checking calls.
  11. //
  12. // History:
  13. // June 21,1995. NarenG Created original version.
  14. //
  15. // NOTE: ??? The lpdwAccessStatus parameter for AccessCheckAndAuditAlarm
  16. // returns junk. ???
  17. //
  18. #include "dimsvcp.h"
  19. #include <rpc.h>
  20. #include <ntseapi.h>
  21. #include <ntlsa.h>
  22. #include <ntsam.h>
  23. #include <ntsamp.h>
  25. typedef struct _DIM_SECURITY_OBJECT
  26. {
  28. LPWSTR lpwsObjectName;
  29. LPWSTR lpwsObjectType;
  30. GENERIC_MAPPING GenericMapping;
  31. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  33. } DIM_SECURITY_OBJECT, PDIM_SECURITY_OBJECT;
  35. static DIM_SECURITY_OBJECT DimSecurityObject;
  37. #define DIMSVC_SECURITY_OBJECT TEXT("DimSvcAdminApi");
  38. #define DIMSVC_SECURITY_OBJECT_TYPE TEXT("Security");
  42. //**
  43. //
  44. // Call: DimSecObjCreate
  45. //
  46. // Returns: NO_ERROR - success
  47. // ERROR_NOT_ENOUGH_MEMORY
  48. // non-zero returns from security functions
  49. //
  50. // Description: This procedure will set up the security object that will
  51. // be used to check to see if an RPC client is an administrator
  52. // for the local machine.
  53. //
  54. DWORD
  55. DimSecObjCreate(
  56. VOID
  57. )
  58. {
  59. PSID pAdminSid = NULL;
  60. PSID pLocalSystemSid = NULL;
  61. PSID pServerOpSid = NULL;
  62. PACL pDacl = NULL;
  63. HANDLE hProcessToken = NULL;
  64. PULONG pSubAuthority;
  65. SID_IDENTIFIER_AUTHORITY SidIdentifierNtAuth = SECURITY_NT_AUTHORITY;
  66. SECURITY_DESCRIPTOR SecurityDescriptor;
  67. DWORD dwRetCode;
  68. DWORD cbDaclSize;
  70. //
  71. // Set up security object
  72. //
  74. DimSecurityObject.lpwsObjectName = DIMSVC_SECURITY_OBJECT;
  75. DimSecurityObject.lpwsObjectType = DIMSVC_SECURITY_OBJECT_TYPE;
  77. //
  78. // Generic mapping structure for the security object
  79. // All generic access types are allowed API access.
  80. //
  82. DimSecurityObject.GenericMapping.GenericRead = STANDARD_RIGHTS_READ |
  83. DIMSVC_ALL_ACCESS;
  85. DimSecurityObject.GenericMapping.GenericWrite = STANDARD_RIGHTS_WRITE |
  86. DIMSVC_ALL_ACCESS;
  88. DimSecurityObject.GenericMapping.GenericExecute =
  89. STANDARD_RIGHTS_EXECUTE |
  90. DIMSVC_ALL_ACCESS;
  92. DimSecurityObject.GenericMapping.GenericAll = DIMSVC_ALL_ACCESS;
  94. do
  95. {
  97. dwRetCode = NO_ERROR;
  99. //
  100. // Set up the SID for the admins that will be allowed to have
  101. // access. This SID will have 2 sub-authorities
  102. // SECURITY_BUILTIN_DOMAIN_RID and DOMAIN_ALIAS_ADMIN_RID.
  103. //
  105. pAdminSid = (PSID)LOCAL_ALLOC( LPTR, GetSidLengthRequired( 2 ) );
  107. if ( pAdminSid == NULL )
  108. {
  109. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  110. break;
  111. }
  113. if ( !InitializeSid( pAdminSid, &SidIdentifierNtAuth, 2 ) )
  114. {
  115. dwRetCode = GetLastError();
  116. break;
  117. }
  119. //
  120. // Set the sub-authorities
  121. //
  123. pSubAuthority = GetSidSubAuthority( pAdminSid, 0 );
  124. *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
  126. pSubAuthority = GetSidSubAuthority( pAdminSid, 1 );
  127. *pSubAuthority = DOMAIN_ALIAS_RID_ADMINS;
  129. //
  130. // Create the server operators SID
  131. //
  132. pServerOpSid = (PSID)LOCAL_ALLOC( LPTR, GetSidLengthRequired( 2 ) );
  134. if ( pServerOpSid == NULL )
  135. {
  136. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  137. break;
  138. }
  140. if ( !InitializeSid( pServerOpSid, &SidIdentifierNtAuth, 2 ) )
  141. {
  142. dwRetCode = GetLastError();
  143. break;
  144. }
  146. //
  147. // Set the sub-authorities
  148. //
  150. pSubAuthority = GetSidSubAuthority( pServerOpSid, 0 );
  151. *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
  153. pSubAuthority = GetSidSubAuthority( pServerOpSid, 1 );
  154. *pSubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
  156. //
  157. // Create the LocalSystemSid which will be the owner and the primary
  158. // group of the security object.
  159. //
  161. pLocalSystemSid = (PSID)LOCAL_ALLOC( LPTR, GetSidLengthRequired( 1 ) );
  163. if ( pLocalSystemSid == NULL )
  164. {
  165. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  166. break;
  167. }
  169. if ( !InitializeSid( pLocalSystemSid, &SidIdentifierNtAuth, 1 ) )
  170. {
  171. dwRetCode = GetLastError();
  172. break;
  173. }
  175. //
  176. // Set the sub-authorities
  177. //
  179. pSubAuthority = GetSidSubAuthority( pLocalSystemSid, 0 );
  180. *pSubAuthority = SECURITY_LOCAL_SYSTEM_RID;
  182. //
  183. // Set up the DACL that will allow admins with the above SID all access
  184. // It should be large enough to hold all ACEs.
  185. //
  187. cbDaclSize = sizeof(ACL) + ( sizeof(ACCESS_ALLOWED_ACE) * 2 ) +
  188. GetLengthSid(pAdminSid) + GetLengthSid(pServerOpSid);
  190. if ( (pDacl = (PACL)LOCAL_ALLOC( LPTR, cbDaclSize ) ) == NULL )
  191. {
  192. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  193. break;
  194. }
  196. if ( !InitializeAcl( pDacl, cbDaclSize, ACL_REVISION2 ) )
  197. {
  198. dwRetCode = GetLastError();
  199. break;
  200. }
  202. //
  203. // Add the ACE to the DACL
  204. //
  206. if ( !AddAccessAllowedAce( pDacl,
  207. ACL_REVISION2,
  208. DIMSVC_ALL_ACCESS, // What the admin can do
  209. pAdminSid ))
  210. {
  211. dwRetCode = GetLastError();
  212. break;
  213. }
  215. if ( !AddAccessAllowedAce( pDacl,
  216. ACL_REVISION2,
  217. DIMSVC_ALL_ACCESS, // What the admin can do
  218. pServerOpSid ))
  219. {
  220. dwRetCode = GetLastError();
  221. break;
  222. }
  224. //
  225. // Create the security descriptor an put the DACL in it.
  226. //
  228. if ( !InitializeSecurityDescriptor( &SecurityDescriptor, 1 ))
  229. {
  230. dwRetCode = GetLastError();
  231. break;
  232. }
  234. if ( !SetSecurityDescriptorDacl( &SecurityDescriptor,
  235. TRUE,
  236. pDacl,
  237. FALSE ) )
  238. {
  239. dwRetCode = GetLastError();
  240. break;
  241. }
  243. //
  244. // Set owner for the descriptor
  245. //
  247. if ( !SetSecurityDescriptorOwner( &SecurityDescriptor,
  248. pLocalSystemSid,
  249. FALSE ) )
  250. {
  251. dwRetCode = GetLastError();
  252. break;
  253. }
  255. //
  256. // Set group for the descriptor
  257. //
  259. if ( !SetSecurityDescriptorGroup( &SecurityDescriptor,
  260. pLocalSystemSid,
  261. FALSE ) )
  262. {
  263. dwRetCode = GetLastError();
  264. break;
  265. }
  267. //
  268. // Get token for the current process
  269. //
  270. if ( !OpenProcessToken( GetCurrentProcess(),
  271. TOKEN_QUERY,
  272. &hProcessToken ))
  273. {
  274. dwRetCode = GetLastError();
  275. break;
  276. }
  278. //
  279. // Create a security object. This is really just a security descriptor
  280. // is self-relative form. This procedure will allocate memory for this
  281. // security descriptor and copy all in the information passed in. This
  282. // allows us to free all dynamic memory allocated.
  283. //
  285. if ( !CreatePrivateObjectSecurity(
  286. NULL,
  287. &SecurityDescriptor,
  288. &(DimSecurityObject.pSecurityDescriptor),
  289. FALSE,
  290. hProcessToken,
  291. &(DimSecurityObject.GenericMapping)
  292. ))
  293. dwRetCode = GetLastError();
  295. } while( FALSE );
  297. //
  298. // Free up the dynamic memory
  299. //
  301. if ( pLocalSystemSid != NULL )
  302. LOCAL_FREE( pLocalSystemSid );
  304. if ( pAdminSid != NULL )
  305. LOCAL_FREE( pAdminSid );
  307. if ( pServerOpSid != NULL )
  308. LOCAL_FREE( pServerOpSid );
  310. if ( pDacl != NULL )
  311. LOCAL_FREE( pDacl );
  313. if ( hProcessToken != NULL )
  314. CloseHandle( hProcessToken );
  316. return( dwRetCode );
  318. }
  320. //**
  321. //
  322. // Call: DimSecObjDelete
  323. //
  324. // Returns: NO_ERROR - success
  325. // non-zero returns from security functions
  326. //
  327. // Description: Will destroy a valid security descriptor.
  328. //
  329. DWORD
  330. DimSecObjDelete(
  331. VOID
  332. )
  333. {
  334. if ( !IsValidSecurityDescriptor( DimSecurityObject.pSecurityDescriptor))
  335. return( NO_ERROR );
  337. if (!DestroyPrivateObjectSecurity( &DimSecurityObject.pSecurityDescriptor))
  338. return( GetLastError() );
  340. return( NO_ERROR );
  341. }
  343. //**
  344. //
  345. // Call: DimSecObjAccessCheck
  346. //
  347. // Returns: NO_ERROR - success
  348. // non-zero returns from security functions
  349. //
  350. // Description: This procedure will first impersonate the client, then
  351. // check to see if the client has the desired access to the
  352. // security object. If he/she does then the AccessStatus
  353. // variable will be set to NO_ERROR otherwise it will be
  354. // set to ERROR_ACCESS_DENIED. It will the revert to self and
  355. // return.
  356. //
  357. DWORD
  358. DimSecObjAccessCheck(
  359. IN DWORD DesiredAccess,
  360. OUT LPDWORD lpdwAccessStatus
  361. )
  362. {
  363. DWORD dwRetCode;
  364. ACCESS_MASK GrantedAccess;
  365. BOOL fGenerateOnClose;
  367. //
  368. // Impersonate the client
  369. //
  371. dwRetCode = RpcImpersonateClient( NULL );
  373. if ( dwRetCode != RPC_S_OK )
  374. return( dwRetCode );
  376. dwRetCode = AccessCheckAndAuditAlarm(
  377. DIM_SERVICE_NAME,
  378. NULL,
  379. DimSecurityObject.lpwsObjectType,
  380. DimSecurityObject.lpwsObjectName,
  381. DimSecurityObject.pSecurityDescriptor,
  382. DesiredAccess,
  383. &(DimSecurityObject.GenericMapping),
  384. FALSE,
  385. &GrantedAccess,
  386. (LPBOOL)lpdwAccessStatus,
  387. &fGenerateOnClose
  388. );
  390. if ( !dwRetCode )
  391. {
  392. DWORD dwTmpRetCode = GetLastError();
  393. dwRetCode = RpcRevertToSelf();
  394. return( dwTmpRetCode );
  395. }
  397. dwRetCode = RpcRevertToSelf();
  398. if (dwRetCode != RPC_S_OK)
  399. return dwRetCode;
  401. //
  402. // Check if desired access == granted Access
  403. //
  405. if ( DesiredAccess != GrantedAccess )
  406. *lpdwAccessStatus = ERROR_ACCESS_DENIED;
  407. else
  408. *lpdwAccessStatus = NO_ERROR;
  410. return( NO_ERROR );
  411. }
  413. BOOL
  414. DimIsLocalService()
  415. {
  416. BOOL fIsLocalService = FALSE;
  417. RPC_STATUS rpcstatus;
  418. HANDLE CurrentThreadToken = NULL;
  419. BOOL fImpersonate = FALSE;
  420. DWORD retcode = ERROR_SUCCESS;
  421. SID sidLocalService = { 1, 1,
  422. SECURITY_NT_AUTHORITY,
  423. SECURITY_LOCAL_SERVICE_RID };
  426. rpcstatus = RpcImpersonateClient(NULL);
  427. if(RPC_S_OK != rpcstatus)
  428. {
  429. goto done;
  430. }
  432. fImpersonate = TRUE;
  434. retcode = NtOpenThreadToken(
  435. NtCurrentThread(),
  436. TOKEN_QUERY,
  437. TRUE,
  438. &CurrentThreadToken
  439. );
  441. if(retcode != ERROR_SUCCESS)
  442. {
  443. goto done;
  444. }
  446. if (!CheckTokenMembership( CurrentThreadToken,
  447. &sidLocalService, &fIsLocalService ))
  448. {
  449. fIsLocalService = FALSE;
  450. }
  453. done:
  455. if(fImpersonate)
  456. {
  457. retcode = RpcRevertToSelf();
  458. }
  460. if(NULL != CurrentThreadToken)
  461. {
  462. NtClose(CurrentThreadToken);
  463. }
  465. return fIsLocalService;
  466. }