archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/shell/osshell/security/aclui/effperm.cpp

571 lines
15 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: owner.cpp
  8. //
  9. // This file contains the implementation of the Owner page.
  10. //
  11. //--------------------------------------------------------------------------
  12. #include "aclpriv.h"
  13. #include <initguid.h> // needed to get the GUIDs defined in oleacc.h
  14. #include <oleacc.h> // contains IAccProp* definitions
  17. //Context Help IDs
  18. const static DWORD aEffHelpIDs[] =
  19. {
  20. IDC_EFF_NAME_STATIC, IDH_EFF_NAME,
  21. IDC_EFF_NAME, IDH_EFF_NAME,
  22. IDC_EFF_SELECT, IDH_EFF_SELECT,
  23. IDC_EFF_PERMISSION_STATIC, IDH_EFF_PERM_LIST,
  24. IDC_EFF_PERM_LIST, IDH_EFF_PERM_LIST,
  25. IDC_EFF_ERROR, IDH_EFF_PERM_LIST,
  26. IDC_EFF_STATIC, -1,
  27. 0, 0
  28. };
  31. LPCWSTR g_ListStateMap =
  32. L"A:0"
  33. L":0:0x50" // checked, disabled - STATE_SYSTEM_READONLY | STATE_SYSTEM_CHECKED
  34. L":1:0x40" // disabled - STATE_SYSTEM_READONLY
  35. L":";
  38. LPCWSTR g_ListRoleMap =
  39. L"A:0"
  40. L":0:0x2C" // checkbox - ROLE_SYSTEM_CHECKBUTTON (ie. checkbox)
  41. L":1:0x2C"
  42. L":";
  45. int LV_ADDITEM(HWND hwndList,
  46. LPCTSTR pszName,
  47. int index,
  48. PSI_ACCESS pAccess,
  49. BOOL bChecked)
  50. {
  51. LVITEM lvItem;
  52. TraceAssert(pAccess != NULL);
  53. TraceAssert(pszName != NULL);
  55. lvItem.mask = LVIF_TEXT | LVIF_PARAM | LVIF_IMAGE;
  56. lvItem.iItem = index;
  57. lvItem.iSubItem = 0;
  58. lvItem.pszText = (LPTSTR)pszName;
  59. lvItem.lParam = (LPARAM)pAccess;
  60. lvItem.iImage = bChecked ? 0 : 1;
  62. // Insert item into list
  63. index = ListView_InsertItem(hwndList, &lvItem);
  64. ListView_SetCheckState(hwndList,index,bChecked);
  66. return index;
  67. }
  69. typedef struct _EffCacheItem
  70. {
  71. POBJECT_TYPE_LIST pObjectTypeList;
  72. ULONG cObjectTypeListLength;
  73. PACCESS_MASK pGrantedAccessList;
  74. PSID pSid;
  75. }EFFCACHEITEM,*PEFFCACHEITEM;
  78. //This Function checks is pAccess is granted.
  79. BOOL IsChecked( PSI_ACCESS pAccess,
  80. PEFFCACHEITEM pCacheItem)
  81. {
  82. TraceEnter(TRACE_EFFPERM, "IsChecked");
  83. TraceAssert(pCacheItem != NULL);
  84. TraceAssert(pAccess != NULL);
  86. POBJECT_TYPE_LIST pObjectTypeList = pCacheItem->pObjectTypeList;
  87. ULONG cObjectTypeListLength = pCacheItem->cObjectTypeListLength;
  88. PACCESS_MASK pGrantedAccessList = pCacheItem->pGrantedAccessList;
  90. //0th Grant is for full object.
  91. if( (pAccess->mask & pGrantedAccessList[0]) == pAccess->mask )
  92. return TRUE;
  94. BOOL bGuidNULL = pAccess->pguid ?IsEqualGUID(*(pAccess->pguid), GUID_NULL): TRUE;
  95. LPGUID pguid;
  97. for( UINT i = 1; i < cObjectTypeListLength; ++i )
  98. {
  99. pguid = pObjectTypeList[i].ObjectType;
  100. if( pguid == NULL ||
  101. IsEqualGUID(*pguid, GUID_NULL) ||
  102. (!bGuidNULL && IsEqualGUID(*pguid,*(pAccess->pguid))) )
  103. {
  104. if( (pAccess->mask & pGrantedAccessList[i]) == pAccess->mask )
  105. return TRUE;
  106. }
  107. }
  108. return FALSE;
  109. }
  113. class CEffPage: public CSecurityPage
  114. {
  115. public:
  116. CEffPage(LPSECURITYINFO psi, SI_OBJECT_INFO *psiObjectInfo);
  117. virtual ~CEffPage();
  119. private:
  120. virtual BOOL DlgProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);
  121. BOOL InitDlg(HWND hDlg);
  122. void OnSelect(HWND hDlg);
  123. void InitListBox(HWND hDlg);
  124. HRESULT GetEffectivePerm(PSID pSid, PEFFCACHEITEM *ppCacheItem);
  125. PSID GetSelectedSID(){ return m_pSid; }
  127. private:
  128. PSID m_pSid; //Sid of the security principal for which permissions are displayed
  130. PSI_ACCESS m_pAccess;
  131. ULONG m_cAccesses;
  132. };
  135. HPROPSHEETPAGE
  136. CreateEffectivePermPage(LPSECURITYINFO psi, SI_OBJECT_INFO *psiObjectInfo)
  137. {
  138. HPROPSHEETPAGE hPage = NULL;
  139. CEffPage *pPage;
  141. TraceEnter(TRACE_EFFPERM, "CreateEffectivePermPage");
  142. TraceAssert(psi!=NULL);
  143. TraceAssert(psiObjectInfo);
  145. pPage = new CEffPage(psi, psiObjectInfo);
  147. if (pPage)
  148. {
  149. hPage = pPage->CreatePropSheetPage(MAKEINTRESOURCE(IDD_EFFECTIVE_PERM_PAGE));
  151. if (!hPage)
  152. delete pPage;
  153. }
  155. TraceLeaveValue(hPage);
  156. }
  159. CEffPage::CEffPage(LPSECURITYINFO psi, SI_OBJECT_INFO *psiObjectInfo)
  160. : CSecurityPage(psi, SI_PAGE_OWNER) , m_pSid(NULL),
  161. m_pAccess(NULL), m_cAccesses(0)
  162. {
  163. // Lookup known SIDs asynchronously so the dialog
  164. // will initialize faster
  165. }
  167. CEffPage::~CEffPage()
  168. {
  169. if (m_pSid)
  170. LocalFree(m_pSid);
  171. }
  172. BOOL
  173. CEffPage::DlgProc(HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
  174. {
  175. BOOL bResult = TRUE;
  176. LPPSHNOTIFY lpsn;
  177. switch(uMsg)
  178. {
  179. case WM_INITDIALOG:
  180. InitDlg(hDlg);
  181. break;
  184. case WM_COMMAND:
  185. switch (GET_WM_COMMAND_ID(wParam, lParam))
  186. {
  187. case IDC_EFF_SELECT:
  188. OnSelect(hDlg);
  189. break;
  190. default:
  191. bResult = FALSE;
  192. }
  193. break;
  195. case WM_HELP:
  196. if (IsWindowEnabled(hDlg))
  197. {
  198. WinHelp((HWND)((LPHELPINFO)lParam)->hItemHandle,
  199. c_szAcluiHelpFile,
  200. HELP_WM_HELP,
  201. (DWORD_PTR)aEffHelpIDs);
  202. }
  203. break;
  205. case WM_CONTEXTMENU:
  206. if (IsWindowEnabled(hDlg))
  207. {
  208. WinHelp(hDlg,
  209. c_szAcluiHelpFile,
  210. HELP_CONTEXTMENU,
  211. (DWORD_PTR)aEffHelpIDs);
  212. }
  213. break;
  214. case PSM_QUERYSIBLINGS:
  215. if(GetSelectedSID())
  216. InitListBox(hDlg);
  217. break;
  219. case WM_NOTIFY:
  220. if(wParam == IDC_EFF_STATIC)
  221. {
  222. switch (((NMHDR FAR*)lParam)->code)
  223. {
  224. //
  225. //Show the help popup for Examples
  226. //
  227. case NM_CLICK:
  228. case NM_RETURN:
  229. {
  230. HtmlHelp(hDlg,
  231. c_szEffPermHelpLink,
  232. HH_DISPLAY_TOPIC,
  233. 0);
  235. return TRUE;
  236. }
  237. break;
  238. }
  239. }
  240. break;
  241. default:
  242. bResult = FALSE;
  243. }
  245. return bResult;
  246. }
  249. BOOL
  250. CEffPage::InitDlg( HWND hDlg )
  251. {
  253. HWND hwndList;
  254. RECT rc;
  255. LV_COLUMN col;
  256. TCHAR szBuffer[MAX_COLUMN_CHARS];
  257. HRESULT hr = S_OK;
  258. ULONG iDefaultAccess;
  259. HCURSOR hcur = SetCursor(LoadCursor(NULL, IDC_WAIT));
  261. TraceEnter(TRACE_EFFPERM, "CEffPage::InitDlg");
  262. TraceAssert(hDlg != NULL);
  263. TraceAssert(m_psi != NULL);
  264. TraceAssert(m_pei != NULL);
  266. hwndList = GetDlgItem(hDlg, IDC_EFF_PERM_LIST);
  268. //
  269. // Create & set the image list for the listview. If there is a
  270. // problem CreateSidImageList will return NULL which won't hurt
  271. // anything. In that case we'll just continue without an image list.
  272. //
  273. ListView_SetImageList(hwndList,
  274. LoadImageList(::hModule, MAKEINTRESOURCE(IDB_CHECKBOX)),
  275. LVSIL_SMALL);
  278. // Set extended LV style for whole line selection with InfoTips
  279. ListView_SetExtendedListViewStyleEx(hwndList,
  280. LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP,
  281. LVS_EX_FULLROWSELECT | LVS_EX_INFOTIP);
  284. IAccPropServices * pAccPropSvc = NULL;
  285. hr = CoCreateInstance( CLSID_AccPropServices, NULL, CLSCTX_SERVER, IID_IAccPropServices, (void **) & pAccPropSvc );
  286. if( hr == S_OK && pAccPropSvc )
  287. {
  288. // Don't have to check HRESULT here, since if they fail we just ignore anyway,
  289. // but may want to log it while debugging.
  290. pAccPropSvc->SetHwndPropStr(hwndList, OBJID_CLIENT, 0, PROPID_ACC_ROLEMAP, g_ListRoleMap );
  291. pAccPropSvc->SetHwndPropStr(hwndList, OBJID_CLIENT, 0, PROPID_ACC_STATEMAP, g_ListStateMap );
  292. pAccPropSvc->Release();
  293. }
  297. //
  298. // Add appropriate listview columns
  299. //
  300. GetClientRect(hwndList, &rc);
  302. LoadString(::hModule, IDS_PERMISSIONS, szBuffer, ARRAYSIZE(szBuffer));
  303. col.mask = LVCF_FMT | LVCF_TEXT | LVCF_SUBITEM | LVCF_WIDTH;
  304. col.fmt = LVCFMT_LEFT;
  305. col.pszText = szBuffer;
  306. col.iSubItem = 0;
  307. col.cx = rc.right - GetSystemMetrics(SM_CXVSCROLL);
  308. ListView_InsertColumn(hwndList, 0, &col);
  311. //Get the access Rights
  312. hr = m_psi->GetAccessRights(&GUID_NULL,
  313. SI_ADVANCED|SI_EDIT_EFFECTIVE,
  314. &m_pAccess,
  315. &m_cAccesses,
  316. &iDefaultAccess);
  317. FailGracefully(hr, "GetAccessRights Failed");
  318. //Initialize the List box
  319. InitListBox(hDlg);
  321. exit_gracefully:
  324. SetCursor(hcur);
  326. if (FAILED(hr))
  327. {
  328. HWND hwnd;
  329. // Hide and disable everything
  330. for (hwnd = GetWindow(hDlg, GW_CHILD);
  331. hwnd != NULL;
  332. hwnd = GetWindow(hwnd, GW_HWNDNEXT))
  333. {
  334. ShowWindow(hwnd, SW_HIDE);
  335. EnableWindow(hwnd, FALSE);
  336. }
  338. // Enable and show the "No Security" message
  339. hwnd = GetDlgItem(hDlg, IDC_NO_EFFECTIVE);
  340. EnableWindow(hwnd, TRUE);
  341. ShowWindow(hwnd, SW_SHOW);
  342. }
  344. TraceLeaveValue(TRUE);
  345. }
  347. VOID
  348. CEffPage::OnSelect(HWND hDlg)
  349. {
  350. PUSER_LIST pUserList = NULL;
  351. LPEFFECTIVEPERMISSION pei;
  352. HRESULT hr = S_OK;
  354. TraceEnter(TRACE_EFFPERM, "CEffPage::OnSelect");
  356. if (S_OK == GetUserGroup(hDlg, FALSE, &pUserList))
  357. {
  358. TraceAssert(NULL != pUserList);
  359. TraceAssert(1 == pUserList->cUsers);
  361. // Free up previous sid
  362. if (m_pSid)
  363. LocalFree(m_pSid);
  365. // Copy the new sid
  366. m_pSid = LocalAllocSid(pUserList->rgUsers[0].pSid);
  367. if (m_pSid)
  368. {
  369. SetDlgItemText(hDlg, IDC_EFF_NAME, pUserList->rgUsers[0].pszName);
  370. }
  371. LocalFree(pUserList);
  372. InitListBox(hDlg);
  373. }
  374. }
  377. VOID
  378. CEffPage::InitListBox(HWND hDlg)
  379. {
  380. HWND hwndList;
  381. BOOL bProperties;
  383. PSI_ACCESS pAccess;
  384. ULONG cAccesses;
  385. DWORD dwType;
  386. TCHAR szName[MAX_PATH];
  387. PSID pSid = NULL;
  388. PEFFCACHEITEM pCacheItem = NULL;
  389. int index;
  390. TraceEnter(TRACE_EFFPERM, "CEffPage::InitListBox");
  391. TraceAssert( m_pAccess != NULL );
  392. TraceAssert(m_cAccesses != 0 );
  394. HRESULT hr = S_OK;
  395. hwndList = GetDlgItem(hDlg, IDC_EFF_PERM_LIST);
  397. if(!IsWindowEnabled(hwndList))
  398. {
  399. //Hide Error Message
  400. HWND hwnd = GetDlgItem(hDlg, IDC_EFF_ERROR);
  401. EnableWindow(hwnd, FALSE);
  402. ShowWindow(hwnd, SW_HIDE);
  403. //Show List box
  404. EnableWindow(hwndList, TRUE);
  405. ShowWindow(hwndList, SW_SHOW);
  406. }
  408. //Clear all items
  409. ListView_DeleteAllItems(hwndList);
  411. pAccess = m_pAccess;
  412. cAccesses = m_cAccesses;
  413. dwType = SI_ACCESS_SPECIFIC | SI_ACCESS_PROPERTY;
  415. //Get the current sid
  416. pSid = GetSelectedSID();
  417. if( pSid )
  418. {
  419. hr = GetEffectivePerm(pSid, &pCacheItem);
  420. FailGracefully(hr,"GetEffectivePermission Failed");
  421. }
  423. index = 0;
  424. // Enumerate the permissions and add to the checklist
  425. ULONG i;
  426. for (i = 0; i < cAccesses; i++, pAccess++)
  427. {
  428. LPCTSTR pszName;
  430. // Only add permissions that have any of the flags specified in dwType
  431. if (!(pAccess->dwFlags & dwType))
  432. continue;
  434. //Don't Add Permission which have inherit only on
  435. if( pAccess->dwFlags & INHERIT_ONLY_ACE )
  436. continue;
  438. pszName = pAccess->pszName;
  439. if (IS_INTRESOURCE(pszName))
  440. {
  441. TraceAssert(m_siObjectInfo.hInstance != NULL);
  443. if (LoadString(m_siObjectInfo.hInstance,
  444. (UINT)((ULONG_PTR)pszName),
  445. szName,
  446. ARRAYSIZE(szName)) == 0)
  447. {
  448. LoadString(::hModule,
  449. IDS_UNKNOWN,
  450. szName,
  451. ARRAYSIZE(szName));
  452. }
  453. pszName = szName;
  454. }
  456. BOOL bChecked = FALSE;
  457. if(pSid)
  458. {
  459. bChecked = IsChecked( pAccess, pCacheItem );
  460. }
  461. index = LV_ADDITEM( hwndList, pszName, index, pAccess, bChecked);
  462. index++;
  463. }
  464. if(index)
  465. {
  466. SelectListViewItem(hwndList, 0);
  467. // Redraw the list
  468. SendMessage(hwndList, WM_SETREDRAW, TRUE, 0);
  469. ListView_RedrawItems(hwndList, 0, -1);
  470. }
  474. exit_gracefully:
  475. if(pCacheItem)
  476. {
  477. if(pCacheItem->pGrantedAccessList)
  478. LocalFree(pCacheItem->pGrantedAccessList);
  479. LocalFree(pCacheItem);
  480. }
  481. if(FAILED(hr))
  482. {
  483. //Hide List box
  484. HWND hwnd = GetDlgItem(hDlg, IDC_EFF_PERM_LIST);
  485. EnableWindow(hwnd, FALSE);
  486. ShowWindow(hwnd, SW_HIDE);
  488. //Format Error Message To Display
  489. WCHAR buffer[MAX_PATH];
  490. LPWSTR pszCaption = NULL;
  491. GetWindowText(GetDlgItem(hDlg, IDC_EFF_NAME),
  492. buffer,
  493. MAX_PATH-1);
  494. FormatStringID(&pszCaption, ::hModule, IDS_EFF_ERROR, buffer);
  496. //Show Error Message
  497. hwnd = GetDlgItem(hDlg, IDC_EFF_ERROR);
  498. EnableWindow(hwnd, TRUE);
  499. SetWindowText(hwnd,pszCaption);
  500. ShowWindow(hwnd, SW_SHOW);
  501. LocalFreeString(&pszCaption);
  502. }
  503. TraceLeaveVoid();
  504. }
  506. //Calling function frees *ppCacheItem->pGrantedAccessList
  507. //and *ppCacheItem
  509. HRESULT
  510. CEffPage::GetEffectivePerm(PSID pSid,
  511. PEFFCACHEITEM *ppCacheItem )
  512. {
  513. PSECURITY_DESCRIPTOR pSD;
  515. HRESULT hr = S_OK;
  516. ULONG cItems = 0;
  517. PEFFCACHEITEM pCacheTemp = NULL;
  519. TraceEnter(TRACE_EFFPERM, "CEffPage::GetEffectivePerm");
  520. TraceAssert(pSid != NULL);
  521. TraceAssert(ppCacheItem != NULL);
  523. pCacheTemp = (PEFFCACHEITEM)LocalAlloc( LPTR, sizeof(EFFCACHEITEM) + GetLengthSid(pSid));
  525. if(!pCacheTemp)
  526. ExitGracefully(hr, E_OUTOFMEMORY, "Lcoal Alloc Failed");
  527. pCacheTemp->pSid = (PSID)(pCacheTemp + 1);
  528. CopySid(GetLengthSid(pSid), pCacheTemp->pSid, pSid);
  531. if(m_psi)
  532. {
  533. hr = m_psi->GetSecurity(OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
  534. &pSD,
  535. FALSE);
  536. FailGracefully(hr, "GetSecurity Failed");
  537. }
  539. if( m_pei)
  540. {
  541. DWORD dwTemp;
  542. hr = m_pei->GetEffectivePermission(&(m_siObjectInfo.guidObjectType),
  543. pCacheTemp->pSid,
  544. m_siObjectInfo.pszServerName,
  545. //NULL,
  546. pSD,
  547. &(pCacheTemp->pObjectTypeList),
  548. &(pCacheTemp->cObjectTypeListLength),
  549. &(pCacheTemp->pGrantedAccessList),
  550. &dwTemp);
  551. if(SUCCEEDED(hr))
  552. {
  553. if(!pCacheTemp->pObjectTypeList || !pCacheTemp->pGrantedAccessList)
  554. hr = E_FAIL;
  555. }
  557. FailGracefully(hr, "GetEffectivePermission Failed");
  559. }
  560. exit_gracefully:
  562. if( !SUCCEEDED(hr) )
  563. {
  564. LocalFree(pCacheTemp);
  565. pCacheTemp = NULL;
  566. }
  567. *ppCacheItem = pCacheTemp;
  569. TraceLeaveResult(hr);
  570. }