archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.2 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/windows/feime/kor/ime2k/fecommon/imembx/immsec.cpp

600 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. immsec.c
  9. Abstract:
  11. security code called by IMEs
  13. Author:
  15. Chae Seong Lim [cslim] 23-Dec-1997
  16. Takao Kitano [takaok] 01-May-1996
  18. Revision History:
  19. Chae Seong Lim [cslim] 971223 Korean IME version
  20. Hiroaki Kanokogi [hiroakik] 960624 Modified for MSIME96
  21. Hiroaki Kanokogi [hiroakik] 960911 NT #11911
  23. --*/
  25. #include <windows.h>
  26. #include "hwxobj.h"
  27. #define _USEINIME_
  28. //#ifndef _USEINIME_ // .IME does not need
  29. //#include <dbgmgr.h>
  30. //#include <misc/memalloc.h>
  31. //#endif // _USEINIME_
  32. #include "immsec.h"
  35. #define MEMALLOC(x) LocalAlloc(LMEM_FIXED, x)
  36. #define MEMFREE(x) LocalFree(x)
  38. //
  39. // internal functions
  40. //
  41. PSID MyCreateSid( DWORD dwSubAuthority );
  42. #ifndef _USEINIME_
  43. POSVERSIONINFO GetVersionInfo(VOID);
  44. #endif // _USEINIME_
  46. //
  47. // debug functions
  48. //
  49. #ifdef DEBUG
  50. #define ERROROUT(x) ErrorOut( x )
  51. #define WARNOUT(x) WarnOut( x )
  52. #else
  53. #define ERROROUT(x)
  54. #define WARNOUT(x)
  55. #endif
  57. #ifdef DEBUG
  58. VOID WarnOut( PTSTR pStr )
  59. {
  60. OutputDebugString( pStr );
  61. }
  63. VOID ErrorOut( PTSTR pStr )
  64. {
  65. DWORD dwError;
  66. DWORD dwResult;
  67. static TCHAR buf1[512];
  68. static TCHAR buf2[512];
  70. dwError = GetLastError();
  71. dwResult = FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM,
  72. NULL,
  73. dwError,
  74. MAKELANGID( LANG_ENGLISH, LANG_NEUTRAL ),
  75. buf1,
  76. 512,
  77. NULL );
  79. if ( dwResult > 0 ) {
  80. wsprintfA(buf2, "%s:%s(0x%x)", pStr, buf1, dwError);
  81. } else {
  82. wsprintfA(buf2, "%s:(0x%x)", pStr, dwError);
  83. }
  84. OutputDebugString( buf2 );
  85. }
  86. #endif
  89. //
  90. // GetIMESecurityAttributes()
  91. //
  92. // The purpose of this function:
  93. //
  94. // Allocate and set the security attributes that is
  95. // appropriate for named objects created by an IME.
  96. // The security attributes will give GENERIC_ALL
  97. // access to the following users:
  98. //
  99. // o Users who log on for interactive operation
  100. // o The user account used by the operating system
  101. //
  102. // Return value:
  103. //
  104. // If the function succeeds, the return value is a
  105. // pointer to SECURITY_ATTRIBUTES. If the function fails,
  106. // the return value is NULL. To get extended error
  107. // information, call GetLastError().
  108. //
  109. // Remarks:
  110. //
  111. // FreeIMESecurityAttributes() should be called to free up the
  112. // SECURITY_ATTRIBUTES allocated by this function.
  113. //
  115. static PSECURITY_ATTRIBUTES pSAIME = NULL;
  116. static PSECURITY_ATTRIBUTES pSAIME_UserDic = NULL;
  117. static INT nNT95 = 0; //0...Not examined, 1...NT, 2...Not NT
  119. PSECURITY_ATTRIBUTES GetIMESecurityAttributes(VOID)
  120. {
  121. if (nNT95 == 0)
  122. nNT95 = IsWinNT() ? 1 : 2;
  124. if (nNT95==1)
  125. return (pSAIME==NULL) ? (pSAIME=CreateSecurityAttributes()) : pSAIME;
  126. else
  127. return NULL;
  128. // To avoid CreateSecurityAttributes from being called every time when OS is not NT.
  129. }
  131. #if NOT_USED
  132. PSECURITY_ATTRIBUTES GetIMESecurityAttributesEx(VOID)
  133. {
  134. if (nNT95 == 0)
  135. nNT95 = IsWinNT() ? 1 : 2; //IsNT is not for multi-threaded programs, right?
  137. if (nNT95==1)
  138. return (pSAIME_UserDic==NULL) ? (pSAIME_UserDic=CreateSecurityAttributesEx()) : pSAIME_UserDic;
  139. else
  140. return NULL;
  141. // To avoid CreateSecurityAttributes from being called every time when OS is not NT.
  142. }
  143. #endif
  144. //
  145. // FreeIMESecurityAttributes()
  146. //
  147. // The purpose of this function:
  148. //
  149. // Frees the memory objects allocated by previous
  150. // GetIMESecurityAttributes() call.
  151. //
  153. VOID FreeIMESecurityAttributes()
  154. {
  155. if (pSAIME!=NULL)
  156. FreeSecurityAttributes(pSAIME);
  157. if (pSAIME_UserDic!=NULL)
  158. FreeSecurityAttributes(pSAIME_UserDic);
  160. pSAIME = NULL;
  161. pSAIME_UserDic = NULL;
  162. }
  164. //
  165. // CreateSecurityAttributes()
  166. //
  167. // The purpose of this function:
  168. //
  169. // Allocate and set the security attributes that is
  170. // appropriate for named objects created by an IME.
  171. // The security attributes will give GENERIC_ALL
  172. // access to the following users:
  173. //
  174. // o Users who log on for interactive operation
  175. // o The user account used by the operating system
  176. //
  177. // Return value:
  178. //
  179. // If the function succeeds, the return value is a
  180. // pointer to SECURITY_ATTRIBUTES. If the function fails,
  181. // the return value is NULL. To get extended error
  182. // information, call GetLastError().
  183. //
  184. // Remarks:
  185. //
  186. // FreeSecurityAttributes() should be called to free up the
  187. // SECURITY_ATTRIBUTES allocated by this function.
  188. //
  189. PSECURITY_ATTRIBUTES CreateSecurityAttributes()
  190. {
  191. PSECURITY_ATTRIBUTES psa;
  192. PSECURITY_DESCRIPTOR psd;
  193. PACL pacl;
  194. DWORD cbacl;
  196. PSID psid1, psid2;
  197. BOOL fResult;
  199. psid1 = MyCreateSid( SECURITY_INTERACTIVE_RID );
  200. if ( psid1 == NULL ) {
  201. return NULL;
  202. }
  204. psid2 = MyCreateSid( SECURITY_LOCAL_SYSTEM_RID );
  205. if ( psid2 == NULL ) {
  206. FreeSid ( psid1 );
  207. return NULL;
  208. }
  210. //
  211. // allocate and initialize an access control list (ACL) that will
  212. // contain the SIDs we've just created.
  213. //
  214. cbacl = sizeof(ACL) +
  215. (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) * 2 +
  216. GetLengthSid(psid1) + GetLengthSid(psid2);
  218. pacl = (PACL)MEMALLOC( cbacl );
  219. if ( pacl == NULL ) {
  220. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for ACL failed") );
  221. FreeSid ( psid1 );
  222. FreeSid ( psid2 );
  223. return NULL;
  224. }
  226. fResult = InitializeAcl( pacl, cbacl, ACL_REVISION );
  227. if ( ! fResult ) {
  228. ERROROUT( TEXT("CreateSecurityAttributes:InitializeAcl failed") );
  229. FreeSid ( psid1 );
  230. FreeSid ( psid2 );
  231. MEMFREE( pacl );
  232. return NULL;
  233. }
  235. //
  236. // adds an access-allowed ACE for interactive users to the ACL
  237. //
  238. fResult = AddAccessAllowedAce( pacl,
  239. ACL_REVISION,
  240. GENERIC_ALL,
  241. psid1 );
  243. if ( !fResult ) {
  244. ERROROUT( TEXT("CreateSecurityAttributes:AddAccessAllowedAce failed") );
  245. MEMFREE( pacl );
  246. FreeSid ( psid1 );
  247. FreeSid ( psid2 );
  248. return NULL;
  249. }
  251. //
  252. // adds an access-allowed ACE for operating system to the ACL
  253. //
  254. fResult = AddAccessAllowedAce( pacl,
  255. ACL_REVISION,
  256. GENERIC_ALL,
  257. psid2 );
  259. if ( !fResult ) {
  260. ERROROUT( TEXT("CreateSecurityAttributes:AddAccessAllowedAce failed") );
  261. MEMFREE( pacl );
  262. FreeSid ( psid1 );
  263. FreeSid ( psid2 );
  264. return NULL;
  265. }
  267. //
  268. // Those SIDs have been copied into the ACL. We don't need'em any more.
  269. //
  270. FreeSid ( psid1 );
  271. FreeSid ( psid2 );
  273. //
  274. // Let's make sure that our ACL is valid.
  275. //
  276. if (!IsValidAcl(pacl)) {
  277. WARNOUT( TEXT("CreateSecurityAttributes:IsValidAcl returns fFalse!"));
  278. MEMFREE( pacl );
  279. return NULL;
  280. }
  282. //
  283. // allocate security attribute
  284. //
  285. psa = (PSECURITY_ATTRIBUTES)MEMALLOC( sizeof( SECURITY_ATTRIBUTES ) );
  286. if ( psa == NULL ) {
  287. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psa failed") );
  288. MEMFREE( pacl );
  289. return NULL;
  290. }
  292. //
  293. // allocate and initialize a new security descriptor
  294. //
  295. psd = MEMALLOC( SECURITY_DESCRIPTOR_MIN_LENGTH );
  296. if ( psd == NULL ) {
  297. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psd failed") );
  298. MEMFREE( pacl );
  299. MEMFREE( psa );
  300. return NULL;
  301. }
  303. if ( ! InitializeSecurityDescriptor( psd, SECURITY_DESCRIPTOR_REVISION ) ) {
  304. ERROROUT( TEXT("CreateSecurityAttributes:InitializeSecurityDescriptor failed") );
  305. MEMFREE( pacl );
  306. MEMFREE( psa );
  307. MEMFREE( psd );
  308. return NULL;
  309. }
  312. fResult = SetSecurityDescriptorDacl( psd,
  313. TRUE,
  314. pacl,
  315. FALSE );
  317. // The discretionary ACL is referenced by, not copied
  318. // into, the security descriptor. We shouldn't free up ACL
  319. // after the SetSecurityDescriptorDacl call.
  321. if ( ! fResult ) {
  322. ERROROUT( TEXT("CreateSecurityAttributes:SetSecurityDescriptorDacl failed") );
  323. MEMFREE( pacl );
  324. MEMFREE( psa );
  325. MEMFREE( psd );
  326. return NULL;
  327. }
  329. if (!IsValidSecurityDescriptor(psd)) {
  330. WARNOUT( TEXT("CreateSecurityAttributes:IsValidSecurityDescriptor failed!") );
  331. MEMFREE( pacl );
  332. MEMFREE( psa );
  333. MEMFREE( psd );
  334. return NULL;
  335. }
  337. //
  338. // everything is done
  339. //
  340. psa->nLength = sizeof( SECURITY_ATTRIBUTES );
  341. psa->lpSecurityDescriptor = (PVOID)psd;
  342. psa->bInheritHandle = FALSE;
  344. return psa;
  345. }
  347. PSID MyCreateSid( DWORD dwSubAuthority )
  348. {
  349. PSID psid;
  350. BOOL fResult;
  351. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  353. //
  354. // allocate and initialize an SID
  355. //
  356. fResult = AllocateAndInitializeSid( &SidAuthority,
  357. 1,
  358. dwSubAuthority,
  359. 0,0,0,0,0,0,0,
  360. &psid );
  361. if ( ! fResult ) {
  362. ERROROUT( TEXT("MyCreateSid:AllocateAndInitializeSid failed") );
  363. return NULL;
  364. }
  366. if ( ! IsValidSid( psid ) ) {
  367. WARNOUT( TEXT("MyCreateSid:AllocateAndInitializeSid returns bogus sid"));
  368. FreeSid( psid );
  369. return NULL;
  370. }
  372. return psid;
  373. }
  375. //
  376. // FreeSecurityAttributes()
  377. //
  378. // The purpose of this function:
  379. //
  380. // Frees the memory objects allocated by previous
  381. // CreateSecurityAttributes() call.
  382. //
  383. VOID FreeSecurityAttributes( PSECURITY_ATTRIBUTES psa )
  384. {
  385. BOOL fResult;
  386. BOOL fDaclPresent;
  387. BOOL fDaclDefaulted;
  388. PACL pacl;
  390. fResult = GetSecurityDescriptorDacl( psa->lpSecurityDescriptor,
  391. &fDaclPresent,
  392. &pacl,
  393. &fDaclDefaulted );
  394. if ( fResult ) {
  395. if ( pacl != NULL )
  396. MEMFREE( pacl );
  397. } else {
  398. ERROROUT( TEXT("FreeSecurityAttributes:GetSecurityDescriptorDacl failed") );
  399. }
  401. MEMFREE( psa->lpSecurityDescriptor );
  402. MEMFREE( psa );
  403. }
  406. #if NOT_USED
  407. //
  408. // Function Below is added to give GENERIC_ALL to everyone for UserDictionary
  409. // which is accessed from network (not interactive).
  410. // 960911 HiroakiK NT #11911
  411. //
  413. //
  414. // CreateSecurityAttributesEx()
  415. //
  416. // The purpose of this function:
  417. //
  418. // Allocate and set the security attributes that is
  419. // appropriate for named objects created by an IME.
  420. // The security attributes will give GENERIC_ALL
  421. // access for everyone
  422. // ^^^^^^^^
  423. //
  424. // Return value:
  425. //
  426. // If the function succeeds, the return value is a
  427. // pointer to SECURITY_ATTRIBUTES. If the function fails,
  428. // the return value is NULL. To get extended error
  429. // information, call GetLastError().
  430. //
  431. // Remarks:
  432. //
  433. // FreeSecurityAttributes() should be called to free up the
  434. // SECURITY_ATTRIBUTES allocated by this function.
  435. //
  436. PSECURITY_ATTRIBUTES CreateSecurityAttributesEx()
  437. {
  438. PSECURITY_ATTRIBUTES psa;
  439. PSECURITY_DESCRIPTOR psd;
  440. PACL pacl;
  441. DWORD cbacl;
  443. PSID psid;
  444. BOOL fResult;
  446. //
  447. // create a sid for everyone access
  448. //
  449. psid = MyCreateSidEx();
  450. if ( psid == NULL ) {
  451. return NULL;
  452. }
  454. //
  455. // allocate and initialize an access control list (ACL) that will
  456. // contain the SID we've just created.
  457. //
  458. cbacl = sizeof(ACL) +
  459. (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
  460. GetLengthSid(psid);
  462. pacl = (PACL)MEMALLOC( cbacl );
  463. if ( pacl == NULL ) {
  464. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for ACL failed") );
  465. FreeSid ( psid );
  466. return NULL;
  467. }
  469. fResult = InitializeAcl( pacl, cbacl, ACL_REVISION );
  470. if ( ! fResult ) {
  471. ERROROUT( TEXT("CreateSecurityAttributes:InitializeAcl failed") );
  472. FreeSid ( psid );
  473. MEMFREE( pacl );
  474. return NULL;
  475. }
  477. //
  478. // adds an access-allowed ACE for interactive users to the ACL
  479. //
  480. fResult = AddAccessAllowedAce( pacl,
  481. ACL_REVISION,
  482. GENERIC_ALL,
  483. psid );
  485. if ( !fResult ) {
  486. ERROROUT( TEXT("CreateSecurityAttributes:AddAccessAllowedAce failed") );
  487. MEMFREE( pacl );
  488. FreeSid ( psid );
  489. return NULL;
  490. }
  493. //
  494. // Those SIDs have been copied into the ACL. We don't need'em any more.
  495. //
  496. FreeSid ( psid );
  498. //
  499. // Let's make sure that our ACL is valid.
  500. //
  501. if (!IsValidAcl(pacl)) {
  502. WARNOUT( TEXT("CreateSecurityAttributes:IsValidAcl returns fFalse!"));
  503. MEMFREE( pacl );
  504. return NULL;
  505. }
  507. //
  508. // allocate security attribute
  509. //
  510. psa = (PSECURITY_ATTRIBUTES)MEMALLOC( sizeof( SECURITY_ATTRIBUTES ) );
  511. if ( psa == NULL ) {
  512. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psa failed") );
  513. MEMFREE( pacl );
  514. return NULL;
  515. }
  517. //
  518. // allocate and initialize a new security descriptor
  519. //
  520. psd = MEMALLOC( SECURITY_DESCRIPTOR_MIN_LENGTH );
  521. if ( psd == NULL ) {
  522. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psd failed") );
  523. MEMFREE( pacl );
  524. MEMFREE( psa );
  525. return NULL;
  526. }
  528. if ( ! InitializeSecurityDescriptor( psd, SECURITY_DESCRIPTOR_REVISION ) ) {
  529. ERROROUT( TEXT("CreateSecurityAttributes:InitializeSecurityDescriptor failed") );
  530. MEMFREE( pacl );
  531. MEMFREE( psa );
  532. MEMFREE( psd );
  533. return NULL;
  534. }
  537. fResult = SetSecurityDescriptorDacl( psd,
  538. TRUE,
  539. pacl,
  540. FALSE );
  542. // The discretionary ACL is referenced by, not copied
  543. // into, the security descriptor. We shouldn't free up ACL
  544. // after the SetSecurityDescriptorDacl call.
  546. if ( ! fResult ) {
  547. ERROROUT( TEXT("CreateSecurityAttributes:SetSecurityDescriptorDacl failed") );
  548. MEMFREE( pacl );
  549. MEMFREE( psa );
  550. MEMFREE( psd );
  551. return NULL;
  552. }
  555. if (!IsValidSecurityDescriptor(psd)) {
  556. WARNOUT( TEXT("CreateSecurityAttributes:IsValidSecurityDescriptor failed!") );
  557. MEMFREE( pacl );
  558. MEMFREE( psa );
  559. MEMFREE( psd );
  560. return NULL;
  561. }
  563. //
  564. // everything is done
  565. //
  566. psa->nLength = sizeof( SECURITY_ATTRIBUTES );
  567. psa->lpSecurityDescriptor = (PVOID)psd;
  568. psa->bInheritHandle = FALSE;
  570. return psa;
  571. }
  573. PSID MyCreateSidEx(VOID)
  574. {
  575. PSID psid;
  576. BOOL fResult;
  577. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_WORLD_SID_AUTHORITY;
  579. //
  580. // allocate and initialize an SID
  581. //
  582. fResult = AllocateAndInitializeSid( &SidAuthority,
  583. 1,
  584. SECURITY_WORLD_RID,
  585. 0,0,0,0,0,0,0,
  586. &psid );
  587. if ( ! fResult ) {
  588. ERROROUT( TEXT("MyCreateSid:AllocateAndInitializeSid failed") );
  589. return NULL;
  590. }
  592. if ( ! IsValidSid( psid ) ) {
  593. WARNOUT( TEXT("MyCreateSid:AllocateAndInitializeSid returns bogus sid"));
  594. FreeSid( psid );
  595. return NULL;
  596. }
  598. return psid;
  599. }
  600. #endif