archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/admin/snapin/schmmgmt/aclpage.cpp

841 lines
26 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. #include "stdafx.h"
  4. #include "macros.h"
  5. USE_HANDLE_MACROS("SCHMMGMT(aclpage.cpp)")
  6. #include "dataobj.h"
  7. #include "compdata.h"
  8. #include "cookie.h"
  9. #include "snapmgr.h"
  10. #include "schmutil.h"
  11. #include "cache.h"
  12. #include "relation.h"
  13. #include "attrpage.h"
  14. #include "advui.h"
  15. #include "aclpage.h"
  16. #include "ntsecapi.h"
  17. #include "sddlp.h"
  20. HRESULT
  21. GetDomainSid(LPCWSTR pszLdapPath, PSID *ppSid);
  23. //
  24. // CDynamicLibraryBase
  25. // This is the base class for CDSSecDll and CAclUiDll.
  26. // This was taken from the dnsmgr snap in.
  27. //
  29. class CDynamicLibraryBase {
  31. public:
  33. CDynamicLibraryBase() {
  34. m_lpszLibraryName = NULL;
  35. m_lpszFunctionName = NULL;
  36. m_hLibrary = NULL;
  37. m_pfFunction = NULL;
  38. }
  40. virtual ~CDynamicLibraryBase() {
  42. if ( m_hLibrary != NULL ) {
  43. ::FreeLibrary(m_hLibrary);
  44. m_hLibrary = NULL;
  45. }
  46. }
  48. //
  49. // Load a DLL and get a single entry point.
  50. //
  52. BOOL Load() {
  54. if (m_hLibrary != NULL)
  55. return TRUE; // already loaded
  57. ASSERT(m_lpszLibraryName != NULL);
  58. m_hLibrary = ::LoadLibrary(m_lpszLibraryName);
  60. if (NULL == m_hLibrary) {
  61. // The library is not present
  62. return FALSE;
  63. }
  65. ASSERT(m_lpszFunctionName != NULL);
  66. ASSERT(m_pfFunction == NULL);
  68. m_pfFunction = ::GetProcAddress(m_hLibrary, m_lpszFunctionName );
  69. if ( NULL == m_pfFunction ) {
  70. // The library is present but does not have the entry point
  71. ::FreeLibrary( m_hLibrary );
  72. m_hLibrary = NULL;
  73. return FALSE;
  74. }
  76. ASSERT(m_hLibrary != NULL);
  77. ASSERT(m_pfFunction != NULL);
  78. return TRUE;
  79. }
  82. protected:
  84. LPCSTR m_lpszFunctionName;
  85. LPCTSTR m_lpszLibraryName;
  86. FARPROC m_pfFunction;
  87. HMODULE m_hLibrary;
  88. };
  90. //
  91. // CDsSecDLL - Holds the wrapper for the ACL editor wrapper.
  92. //
  94. class CDsSecDLL : public CDynamicLibraryBase {
  96. public:
  98. CDsSecDLL() {
  99. m_lpszLibraryName = _T("dssec.dll");
  100. m_lpszFunctionName = "DSCreateISecurityInfoObject";
  101. }
  103. HRESULT DSCreateISecurityInfoObject( LPCWSTR pwszObjectPath, // in
  104. LPCWSTR pwszObjectClass, // in
  105. DWORD dwFlags, // in
  106. LPSECURITYINFO* ppISecurityInfo, // out
  107. PFNREADOBJECTSECURITY pfnReadSd, // in
  108. PFNWRITEOBJECTSECURITY pfnWriteSd, // in
  109. LPARAM lpContext ); // in
  110. };
  112. HRESULT
  113. CDsSecDLL::DSCreateISecurityInfoObject( LPCWSTR pwszObjectPath, // in
  114. LPCWSTR pwszObjectClass, // in
  115. DWORD dwFlags, // in
  116. LPSECURITYINFO* ppISecurityInfo, // out
  117. PFNREADOBJECTSECURITY pfnReadSd, // in
  118. PFNWRITEOBJECTSECURITY pfnWriteSd,// in
  119. LPARAM lpContext // in
  120. ) {
  122. //
  123. // Call the function of the same name.
  124. //
  126. ASSERT(m_hLibrary != NULL);
  127. ASSERT(m_pfFunction != NULL);
  128. return ((PFNDSCREATEISECINFO)m_pfFunction)(
  129. pwszObjectPath,
  130. pwszObjectClass,
  131. dwFlags,
  132. ppISecurityInfo,
  133. pfnReadSd,
  134. pfnWriteSd,
  135. lpContext );
  136. }
  138. //
  139. // CAclUiDLL - Where the UI Actually Lives.
  140. //
  142. class CAclUiDLL : public CDynamicLibraryBase {
  144. public:
  146. CAclUiDLL() {
  147. m_lpszLibraryName = _T("aclui.dll");
  148. m_lpszFunctionName = "CreateSecurityPage";
  149. }
  151. HPROPSHEETPAGE CreateSecurityPage( LPSECURITYINFO psi );
  152. };
  154. HPROPSHEETPAGE CAclUiDLL::CreateSecurityPage( LPSECURITYINFO psi ) {
  155. ASSERT(m_hLibrary != NULL);
  156. ASSERT(m_pfFunction != NULL);
  157. return ((ACLUICREATESECURITYPAGEPROC)m_pfFunction) (psi);
  158. }
  160. //
  161. // CISecurityInformationWrapper - The wrapper for the routine that gets
  162. // sent to CreateSecurityPage().
  163. //
  165. class CISecurityInformationWrapper : public ISecurityInformation {
  167. public:
  169. CISecurityInformationWrapper( CAclEditorPage* pAclEditorPage ) {
  170. m_dwRefCount = 0;
  171. ASSERT(pAclEditorPage != NULL);
  172. m_pAclEditorPage = pAclEditorPage;
  173. m_pISecInfo = NULL;
  174. }
  176. ~CISecurityInformationWrapper() {
  177. ASSERT(m_dwRefCount == 0);
  178. if (m_pISecInfo != NULL)
  179. m_pISecInfo->Release();
  180. }
  182. public:
  184. //
  185. // *** IUnknown methods ***
  186. // Call through to the to actual SecurityInformation interface.
  187. //
  189. STDMETHOD(QueryInterface) (REFIID riid, LPVOID * ppvObj) {
  190. return m_pISecInfo->QueryInterface(riid, ppvObj);
  191. }
  193. STDMETHOD_(ULONG,AddRef) () {
  194. m_dwRefCount++;
  195. return m_pISecInfo->AddRef();
  196. }
  198. STDMETHOD_(ULONG,Release) () {
  200. m_dwRefCount--;
  202. ISecurityInformation* pISecInfo = m_pISecInfo;
  204. return pISecInfo->Release();
  205. }
  207. //
  208. // *** ISecurityInformation methods ***
  209. // These are also call through.
  210. //
  212. STDMETHOD(GetObjectInformation) (PSI_OBJECT_INFO pObjectInfo ) {
  213. HRESULT hr = m_pISecInfo->GetObjectInformation(pObjectInfo);
  214. if (m_szPageTitle.IsEmpty())
  215. {
  216. m_szPageTitle.LoadString(IDS_DEFAULT_SECURITY);
  217. }
  218. pObjectInfo->dwFlags |= SI_PAGE_TITLE;
  219. pObjectInfo->pszPageTitle = (PWSTR)(PCWSTR)m_szPageTitle;
  220. return hr;
  221. }
  223. STDMETHOD(GetAccessRights) (const GUID* pguidObjectType,
  224. DWORD dwFlags, // SI_EDIT_AUDITS, SI_EDIT_PROPERTIES
  225. PSI_ACCESS *ppAccess,
  226. ULONG *pcAccesses,
  227. ULONG *piDefaultAccess ) {
  228. return m_pISecInfo->GetAccessRights(pguidObjectType,
  229. dwFlags,
  230. ppAccess,
  231. pcAccesses,
  232. piDefaultAccess);
  233. }
  235. STDMETHOD(MapGeneric) (const GUID *pguidObjectType,
  236. UCHAR *pAceFlags,
  237. ACCESS_MASK *pMask) {
  238. return m_pISecInfo->MapGeneric(pguidObjectType,
  239. pAceFlags,
  240. pMask);
  241. }
  243. STDMETHOD(GetInheritTypes) (PSI_INHERIT_TYPE *ppInheritTypes,
  244. ULONG *pcInheritTypes ) {
  245. return m_pISecInfo->GetInheritTypes(ppInheritTypes,
  246. pcInheritTypes);
  247. }
  249. STDMETHOD(PropertySheetPageCallback)(HWND hwnd, UINT uMsg, SI_PAGE_TYPE uPage ) {
  250. return m_pISecInfo->PropertySheetPageCallback(hwnd, uMsg, uPage);
  251. }
  253. STDMETHOD(GetSecurity) (SECURITY_INFORMATION RequestedInformation,
  254. PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  255. BOOL fDefault) {
  256. return m_pISecInfo->GetSecurity( RequestedInformation,
  257. ppSecurityDescriptor,
  258. fDefault );
  259. }
  261. STDMETHOD(SetSecurity) (SECURITY_INFORMATION securityInformation,
  262. PSECURITY_DESCRIPTOR pSecurityDescriptor ) {
  264. return m_pISecInfo->SetSecurity( securityInformation,
  265. pSecurityDescriptor );
  266. }
  268. private:
  270. DWORD m_dwRefCount;
  271. ISecurityInformation* m_pISecInfo; // interface pointer to the wrapped interface
  272. CAclEditorPage* m_pAclEditorPage; // back pointer
  273. CString m_szPageTitle;
  274. friend class CAclEditorPage;
  275. };
  278. //
  279. // Static instances of the dynamically loaded DLLs.
  280. //
  282. CDsSecDLL g_DsSecDLL;
  283. CAclUiDLL g_AclUiDLL;
  285. //
  286. // CAclEditorPage Routines.
  287. //
  289. HRESULT
  290. CAclEditorPage::CreateInstance(
  291. CAclEditorPage ** ppAclPage,
  292. LPCTSTR lpszLDAPPath,
  293. LPCTSTR lpszObjectClass
  294. ) {
  296. HRESULT hr = S_OK;
  298. CAclEditorPage* pAclEditorPage = new CAclEditorPage;
  300. if (pAclEditorPage != NULL) {
  302. hr = pAclEditorPage->Initialize( lpszLDAPPath, lpszObjectClass );
  304. if ( SUCCEEDED(hr) )
  305. {
  306. *ppAclPage = pAclEditorPage;
  307. }
  308. else
  309. {
  310. delete pAclEditorPage;
  311. pAclEditorPage = NULL;
  312. }
  313. }
  314. else
  315. hr = HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  317. return hr;
  318. }
  320. CAclEditorPage::CAclEditorPage() {
  321. m_pISecInfoWrap = new CISecurityInformationWrapper(this);
  322. }
  324. CAclEditorPage::~CAclEditorPage() {
  325. delete m_pISecInfoWrap;
  326. }
  328. HRESULT
  329. ReadSecurity( LPCWSTR lpszLdapPath,
  330. SECURITY_INFORMATION RequestedInformation,
  331. PSECURITY_DESCRIPTOR *ppSecDesc,
  332. LPARAM lpContext );
  334. HRESULT
  335. WriteSecurity( LPCWSTR lpszLdapPath,
  336. SECURITY_INFORMATION securityInformation,
  337. PSECURITY_DESCRIPTOR pSecDesc,
  338. LPARAM lpContext );
  340. HRESULT
  341. GetObjectSecurityDescriptor( LPCWSTR lpszLdapPath,
  342. PSECURITY_DESCRIPTOR * ppSecDesc,
  343. IADs ** ppIADsObject = NULL );
  347. HRESULT
  348. CAclEditorPage::Initialize(
  349. LPCTSTR lpszLDAPPath,
  350. LPCTSTR lpszObjectClass
  351. ) {
  353. //
  354. // Get ISecurityInfo* for this object from DSSEC.DLL
  355. //
  357. if (!g_DsSecDLL.Load())
  358. return E_INVALIDARG;
  360. ASSERT(m_pISecInfoWrap->m_pISecInfo == NULL);
  362. return g_DsSecDLL.DSCreateISecurityInfoObject( lpszLDAPPath,
  363. lpszObjectClass,
  364. DSSI_NO_ACCESS_CHECK | DSSI_NO_EDIT_OWNER |
  365. ( IsReadOnly(lpszLDAPPath) ? DSSI_READ_ONLY : 0 ),
  366. &(m_pISecInfoWrap->m_pISecInfo),
  367. ReadSecurity,
  368. WriteSecurity,
  369. 0 );
  370. }
  372. HPROPSHEETPAGE CAclEditorPage::CreatePage() {
  374. ASSERT(m_pISecInfoWrap->m_pISecInfo != NULL);
  376. if (!g_AclUiDLL.Load())
  377. return NULL;
  379. //
  380. // Call into ACLUI.DLL to create the page
  381. // passing the wrapper interface.
  382. //
  384. return g_AclUiDLL.CreateSecurityPage(m_pISecInfoWrap);
  385. }
  389. HRESULT
  390. ReadSecurity(
  391. LPCWSTR lpszLdapPath,
  392. SECURITY_INFORMATION /*RequestedInformation*/, // ignoring...
  393. PSECURITY_DESCRIPTOR* ppSecDesc,
  394. LPARAM /*lpContext*/)
  395. {
  396. return GetObjectSecurityDescriptor( lpszLdapPath,
  397. ppSecDesc );
  398. }
  402. #define BREAK_ON_FAILED_BOOL(fResult) \
  403. if ( !fResult ) \
  404. { \
  405. ASSERT( FALSE ); \
  406. break; \
  407. }
  410. const SECURITY_INFORMATION ALL_SECURITY_INFORMATION = OWNER_SECURITY_INFORMATION |
  411. GROUP_SECURITY_INFORMATION |
  412. DACL_SECURITY_INFORMATION |
  413. SACL_SECURITY_INFORMATION;
  415. HRESULT
  416. WriteSecurity(
  417. LPCWSTR lpszLdapPath,
  418. SECURITY_INFORMATION securityInformation,
  419. PSECURITY_DESCRIPTOR pModificationDescriptor,
  420. LPARAM /*lpContext*/)
  421. {
  422. HRESULT hr = S_OK;
  423. BOOL fResult = TRUE;
  424. IADs * pIADsObject = NULL;
  425. PSECURITY_DESCRIPTOR pSecDesc = NULL;
  426. LPWSTR pstrSecDesc = NULL;
  429. const UINT cAbsoluteSecDescSize = 5;
  431. struct
  432. {
  433. PVOID pData;
  434. DWORD dwDataSize;
  436. } absSecDesc[cAbsoluteSecDescSize];
  438. const PSECURITY_DESCRIPTOR & pAbsSecDesc = (PSECURITY_DESCRIPTOR) absSecDesc[0].pData;
  440. ZeroMemory( absSecDesc, sizeof(absSecDesc) );
  442. // we only support changes in DACL & SACL
  443. ASSERT( securityInformation & (DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION) );
  444. ASSERT( IsValidSecurityDescriptor(pModificationDescriptor) );
  446. do
  447. {
  448. hr = GetObjectSecurityDescriptor( lpszLdapPath,
  449. &pSecDesc,
  450. &pIADsObject );
  451. BREAK_ON_FAILED_HRESULT(hr);
  452. ASSERT(pIADsObject);
  455. fResult = MakeAbsoluteSD( pSecDesc,
  456. (PSECURITY_DESCRIPTOR) absSecDesc[0].pData, &absSecDesc[0].dwDataSize,
  457. (PACL) absSecDesc[1].pData, &absSecDesc[1].dwDataSize,
  458. (PACL) absSecDesc[2].pData, &absSecDesc[2].dwDataSize,
  459. (PSID) absSecDesc[3].pData, &absSecDesc[3].dwDataSize,
  460. (PSID) absSecDesc[4].pData, &absSecDesc[4].dwDataSize );
  462. ASSERT( !fResult ); // the call must fail the first time
  463. hr = HRESULT_FROM_WIN32(::GetLastError());
  464. if( ERROR_INSUFFICIENT_BUFFER != HRESULT_CODE(hr) )
  465. BREAK_ON_FAILED_HRESULT(hr);
  467. fResult = TRUE;
  468. hr = HRESULT_FROM_WIN32( ERROR_OUTOFMEMORY );
  470. // allocate memory for the security descriptor
  471. for( UINT i = 0; i < cAbsoluteSecDescSize; i++ )
  472. if( absSecDesc[i].dwDataSize > 0 )
  473. if( NULL == (absSecDesc[i].pData = new BYTE[ absSecDesc[i].dwDataSize ]) )
  474. break;// NTRAID#NTBUG9-540268-2002/02/13-dantra Out of memory condition masked when building the SECURITY_DESCRIPTOR
  476. hr = S_OK;
  478. fResult = MakeAbsoluteSD( pSecDesc,
  479. (PSECURITY_DESCRIPTOR) absSecDesc[0].pData, &absSecDesc[0].dwDataSize,
  480. (PACL) absSecDesc[1].pData, &absSecDesc[1].dwDataSize,
  481. (PACL) absSecDesc[2].pData, &absSecDesc[2].dwDataSize,
  482. (PSID) absSecDesc[3].pData, &absSecDesc[3].dwDataSize,
  483. (PSID) absSecDesc[4].pData, &absSecDesc[4].dwDataSize );
  485. BREAK_ON_FAILED_BOOL( fResult );
  488. // for convinience, have another reference.
  489. ASSERT( absSecDesc[0].pData == pAbsSecDesc );
  490. ASSERT( IsValidSecurityDescriptor(pAbsSecDesc) );
  493. // Apply DACL changes
  494. if( securityInformation & DACL_SECURITY_INFORMATION )
  495. {
  496. BOOL bDaclPresent = FALSE;
  497. PACL pDacl = NULL;
  498. BOOL bDaclDefaulted = FALSE;
  499. SECURITY_DESCRIPTOR_CONTROL control = 0;
  500. DWORD dwRevision = 0;
  502. fResult = GetSecurityDescriptorDacl( pModificationDescriptor, &bDaclPresent, &pDacl, &bDaclDefaulted );
  503. BREAK_ON_FAILED_BOOL( fResult );
  505. fResult = SetSecurityDescriptorDacl( pAbsSecDesc, bDaclPresent, pDacl, bDaclDefaulted );
  506. BREAK_ON_FAILED_BOOL( fResult );
  508. fResult = GetSecurityDescriptorControl( pModificationDescriptor, &control, &dwRevision );
  509. BREAK_ON_FAILED_BOOL( fResult );
  511. fResult = SetSecurityDescriptorControl( pAbsSecDesc, SE_DACL_PROTECTED, control & SE_DACL_PROTECTED );
  512. BREAK_ON_FAILED_BOOL( fResult );
  513. }
  516. // Apply SACL changes
  517. if( securityInformation & SACL_SECURITY_INFORMATION )
  518. {
  519. BOOL bSaclPresent = FALSE;
  520. PACL pSacl = NULL;
  521. BOOL bSaclDefaulted = FALSE;
  522. SECURITY_DESCRIPTOR_CONTROL control = 0;
  523. DWORD dwRevision = 0;
  525. fResult = GetSecurityDescriptorSacl( pModificationDescriptor, &bSaclPresent, &pSacl, &bSaclDefaulted );
  526. BREAK_ON_FAILED_BOOL( fResult );
  528. fResult = SetSecurityDescriptorSacl( pAbsSecDesc, bSaclPresent, pSacl, bSaclDefaulted );
  529. BREAK_ON_FAILED_BOOL( fResult );
  531. fResult = GetSecurityDescriptorControl( pModificationDescriptor, &control, &dwRevision );
  532. BREAK_ON_FAILED_BOOL( fResult );
  534. fResult = SetSecurityDescriptorControl( pAbsSecDesc, SE_SACL_PROTECTED, control & SE_SACL_PROTECTED );
  535. BREAK_ON_FAILED_BOOL( fResult );
  536. }
  539. // Convert Security Descriptor to string format
  540. fResult = ConvertSecurityDescriptorToStringSecurityDescriptor(
  541. pAbsSecDesc,
  542. SDDL_REVISION,
  543. ALL_SECURITY_INFORMATION,
  544. &pstrSecDesc,
  545. NULL );
  546. BREAK_ON_FAILED_BOOL( fResult );
  547. ASSERT(pstrSecDesc);
  549. CComVariant v(pstrSecDesc);
  550. // NTRAID#NTBUG9-540866-2002/02/13-dantra-Schema Manager: passing WCHAR * instead of BSTR to method requiring a BSTR
  551. hr = pIADsObject->Put( CComBSTR(g_DefaultAcl), v);
  552. BREAK_ON_FAILED_HRESULT(hr);
  554. hr = pIADsObject->SetInfo( );
  555. }
  556. while (0);
  558. if( !fResult )
  559. hr = HRESULT_FROM_WIN32(::GetLastError());
  561. if( pIADsObject )
  562. pIADsObject->Release();
  564. if( pstrSecDesc )
  565. LocalFree( pstrSecDesc );
  567. for( UINT i = 0; i < cAbsoluteSecDescSize; i++ )
  568. if( absSecDesc[i].pData )
  569. delete absSecDesc[i].pData;
  571. return hr;
  572. }
  576. HRESULT
  577. GetObjectSecurityDescriptor(
  578. LPCWSTR lpszLdapPath,
  579. PSECURITY_DESCRIPTOR * ppSecDesc,
  580. IADs ** ppIADsObject /* = NULL */) // returns pIADsObject for future use.
  581. {
  582. HRESULT hr = S_OK;
  583. IADs * pIADsObject = NULL;
  584. CComVariant AdsResult;
  585. PSID pDomainSid = NULL;
  588. *ppSecDesc = NULL;
  590. do
  591. {
  592. hr = SchemaOpenObject( const_cast<LPWSTR>((LPCWSTR) lpszLdapPath),
  593. IID_IADs,
  594. (void **) &pIADsObject );
  596. BREAK_ON_FAILED_HRESULT(hr);
  597. ASSERT(pIADsObject);
  599. // NTRAID#NTBUG9-540866-2002/02/13-dantra-Schema Manager: passing WCHAR * instead of BSTR to method requiring a BSTR
  600. hr = pIADsObject->Get( CComBSTR(g_DefaultAcl),&AdsResult);
  601. if (hr == E_ADS_PROPERTY_NOT_FOUND)
  602. {
  603. hr = S_OK;
  604. PSECURITY_DESCRIPTOR
  605. pSecDescTmp = (PSECURITY_DESCRIPTOR)LocalAlloc
  606. (
  607. LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH
  608. );
  609. if(pSecDescTmp==NULL) {hr=E_OUTOFMEMORY;break;}
  610. do
  611. {
  612. if(!InitializeSecurityDescriptor(pSecDescTmp,
  613. SECURITY_DESCRIPTOR_REVISION))
  614. {
  615. hr = HRESULT_FROM_WIN32(::GetLastError());
  616. ASSERT(FAILED(hr));
  617. break;
  618. }
  620. DWORD size=0;
  621. BOOL fResult = MakeSelfRelativeSD(pSecDescTmp,*ppSecDesc,&size);
  622. ASSERT(!fResult); //ERROR_INSUFFICIENT_BUFFER is expected at first.
  623. hr = HRESULT_FROM_WIN32(::GetLastError());
  624. if( HRESULT_CODE(hr) != ERROR_INSUFFICIENT_BUFFER)
  625. BREAK_ON_FAILED_HRESULT(hr);
  626. hr = S_OK;
  627. *ppSecDesc=(PSECURITY_DESCRIPTOR)LocalAlloc(LPTR,size);
  628. if(*ppSecDesc==NULL) {hr=E_OUTOFMEMORY;break;}
  629. fResult = MakeSelfRelativeSD(pSecDescTmp,*ppSecDesc,&size);
  630. if(!fResult)
  631. {
  632. hr = HRESULT_FROM_WIN32(::GetLastError());
  633. ASSERT(FAILED(hr));
  634. // NTRAID#NTBUG9-542445-2002/03/04-dantra-Memory Leak in Error path of aclpage.cpp::GetObjectSecurityDescriptor
  635. LocalFree(*ppSecDesc);
  636. *ppSecDesc=NULL;
  637. break;
  638. }
  639. } while(0);
  640. LocalFree(pSecDescTmp);
  641. BREAK_ON_FAILED_HRESULT(hr);
  642. }
  643. else if(FAILED(hr)) break;
  644. else
  645. {
  646. pDomainSid = NULL;
  647. GetDomainSid(lpszLdapPath, &pDomainSid);
  648. if(pDomainSid)
  649. {
  650. if(!ConvertStringSDToSDDomain(pDomainSid,
  651. NULL,
  652. V_BSTR(&AdsResult),
  653. SDDL_REVISION,
  654. ppSecDesc,
  655. NULL ))
  656. {
  657. ASSERT( FALSE );
  658. hr = HRESULT_FROM_WIN32(::GetLastError());
  659. break;
  660. }
  661. }
  662. else if( !ConvertStringSecurityDescriptorToSecurityDescriptor(
  663. V_BSTR(&AdsResult),
  664. SDDL_REVISION,
  665. ppSecDesc,
  666. NULL ) )
  667. {
  668. ASSERT( FALSE );
  669. hr = HRESULT_FROM_WIN32(::GetLastError());
  670. break;
  671. }
  672. }
  674. ASSERT( IsValidSecurityDescriptor(*ppSecDesc) );
  675. }
  676. while (0);
  678. if( pIADsObject )
  679. {
  680. ASSERT( SUCCEEDED(hr) );
  682. if( !ppIADsObject ) // if caller doesn't need pIADsObject
  683. {
  684. pIADsObject->Release(); // release it
  685. }
  686. else
  687. {
  688. *ppIADsObject = pIADsObject; // otherwise, return it
  689. }
  690. }
  692. if(pDomainSid)
  693. LocalFree(pDomainSid);
  694. return hr;
  695. }
  698. BOOL CAclEditorPage::IsReadOnly( LPCTSTR lpszLDAPPath )
  699. {
  700. ASSERT( lpszLDAPPath );
  702. HRESULT hr = S_OK;
  703. BOOL fFound = FALSE;
  704. CComPtr<IADs> ipADs;
  705. CStringList strlist;
  707. do
  708. {
  709. //
  710. // Open the schema container.
  711. //
  712. hr = SchemaOpenObject( (LPWSTR)(LPCWSTR)lpszLDAPPath,
  713. IID_IADs,
  714. (void **)&ipADs );
  715. BREAK_ON_FAILED_HRESULT(hr);
  717. // extract the list of allowed classes
  718. hr = GetStringListElement( ipADs, &g_allowedAttributesEffective, strlist );
  719. BREAK_ON_FAILED_HRESULT(hr);
  721. // search for needed attributes
  722. for( POSITION pos = strlist.GetHeadPosition(); !fFound && pos != NULL; )
  723. {
  724. CString * pstr = &strlist.GetNext( pos );
  726. fFound = !pstr->CompareNoCase( g_DefaultAcl );
  727. }
  729. } while( FALSE );
  731. return !fFound; // in case something fails, make read-only.
  732. }
  735. LSA_HANDLE
  736. GetLSAConnection(LPCTSTR pszServer, DWORD dwAccessDesired)
  737. {
  738. LSA_HANDLE hPolicy = NULL;
  739. LSA_UNICODE_STRING uszServer = {0};
  740. LSA_UNICODE_STRING *puszServer = NULL;
  741. LSA_OBJECT_ATTRIBUTES oa;
  742. SECURITY_QUALITY_OF_SERVICE sqos;
  744. sqos.Length = sizeof(sqos);
  745. sqos.ImpersonationLevel = SecurityImpersonation;
  746. sqos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  747. sqos.EffectiveOnly = FALSE;
  749. InitializeObjectAttributes(&oa, NULL, 0, NULL, NULL);
  750. oa.SecurityQualityOfService = &sqos;
  752. if (pszServer &&
  753. *pszServer &&
  754. RtlCreateUnicodeString(&uszServer, pszServer))
  755. {
  756. puszServer = &uszServer;
  757. }
  759. LsaOpenPolicy(puszServer, &oa, dwAccessDesired, &hPolicy);
  761. if (puszServer)
  762. RtlFreeUnicodeString(puszServer);
  764. return hPolicy;
  765. }
  767. HRESULT
  768. GetDomainSid(LPCWSTR pszLdapPath, PSID *ppSid)
  769. {
  770. HRESULT hr = S_OK;
  771. NTSTATUS nts = STATUS_SUCCESS;
  772. PPOLICY_ACCOUNT_DOMAIN_INFO pDomainInfo = NULL;
  773. LSA_HANDLE hLSA = 0;
  774. if(!pszLdapPath || !ppSid)
  775. return E_INVALIDARG;
  777. *ppSid = NULL;
  779. IADsPathname *pPath = NULL;
  780. BSTR bstrServer = NULL;
  782. CoCreateInstance(CLSID_Pathname,
  783. NULL,
  784. CLSCTX_INPROC_SERVER,
  785. IID_IADsPathname,
  786. (LPVOID*)&pPath);
  788. if(pPath)
  789. {
  790. if(SUCCEEDED(pPath->Set((BSTR)pszLdapPath,ADS_SETTYPE_FULL)))
  791. {
  792. if(SUCCEEDED(pPath->Retrieve(ADS_FORMAT_SERVER, &bstrServer)))
  793. {
  794. hLSA = GetLSAConnection(bstrServer, POLICY_VIEW_LOCAL_INFORMATION);
  795. if (!hLSA)
  796. {
  797. hr = E_FAIL;
  798. goto exit_gracefully;
  799. }
  802. nts = LsaQueryInformationPolicy(hLSA,
  803. PolicyAccountDomainInformation,
  804. (PVOID*)&pDomainInfo);
  805. if(nts != STATUS_SUCCESS)
  806. {
  807. hr = E_FAIL;
  808. goto exit_gracefully;
  809. }
  811. if (pDomainInfo && pDomainInfo->DomainSid)
  812. {
  813. ULONG cbSid = GetLengthSid(pDomainInfo->DomainSid);
  815. *ppSid = (PSID) LocalAlloc(LPTR, cbSid);
  817. if (!*ppSid)
  818. {
  819. hr = E_OUTOFMEMORY;
  820. goto exit_gracefully;
  821. }
  823. // NOTE: Safe use of CopyMemory
  824. CopyMemory(*ppSid, pDomainInfo->DomainSid, cbSid);
  825. }
  826. }
  827. }
  828. }
  830. exit_gracefully:
  831. if(pDomainInfo)
  832. LsaFreeMemory(pDomainInfo);
  833. if(hLSA)
  834. LsaClose(hLSA);
  835. if(bstrServer)
  836. SysFreeString(bstrServer);
  837. if(pPath)
  838. pPath->Release();
  840. return hr;
  841. }