archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/com/svcdlls/trksvcs/common/secure.cxx

381 lines
9.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. // Copyright (c) 1996-1999 Microsoft Corporation
  4. //+-------------------------------------------------------------------------
  5. //
  6. // Microsoft Windows
  7. //
  8. // File: secure.cxx
  9. //
  10. // This file contains wrapper classes for the NT security
  11. // objects.
  12. //
  13. // Contents: Code common to Tracking (Workstation) Service and
  14. // Tracking (Server) Service.
  15. //
  16. // Classes: CACL, CSID, and CSecDescriptor
  17. //
  18. // History: 28-Jan-98 MikeHill Created
  19. //
  20. // Notes:
  21. //
  22. //--------------------------------------------------------------------------
  25. #include "pch.cxx"
  26. #pragma hdrstop
  28. #include "trklib.hxx"
  31. //+-------------------------------------------------------------------
  32. //
  33. // Function: CACL::Initialize, public
  34. //
  35. // Synopsis: Initialize the ACL by allocating a buffer
  36. // and calling InitializeAcl on it.
  37. //
  38. // Arguments: None
  39. //
  40. // Returns: None
  41. //
  42. //--------------------------------------------------------------------
  44. VOID
  45. CACL::Initialize()
  46. {
  47. _fInitialized = TRUE;
  49. _pacl = (PACL) new BYTE[ MIN_ACL_SIZE ];
  50. if( NULL == _pacl )
  51. TrkRaiseWin32Error( ERROR_NOT_ENOUGH_MEMORY );
  53. _cbacl = MIN_ACL_SIZE;
  55. if( !InitializeAcl( _pacl, _cbacl, ACL_REVISION ))
  56. {
  57. TrkLog((TRKDBG_ERROR, TEXT("Failed InitializeAcl")) );
  58. TrkRaiseLastError();
  59. }
  61. _fDirty = TRUE;
  63. }
  67. //+-------------------------------------------------------------------
  68. //
  69. // Function: CACL::UnInitialize, public
  70. //
  71. // Synopsis: Free the ACL.
  72. //
  73. // Arguments: None
  74. //
  75. // Returns: None
  76. //
  77. //--------------------------------------------------------------------
  79. VOID
  80. CACL::UnInitialize()
  81. {
  82. if( _fInitialized )
  83. {
  84. if( NULL != _pacl )
  85. {
  86. delete [] _pacl;
  87. }
  89. _fInitialized = FALSE;
  90. }
  91. }
  96. //+-------------------------------------------------------------------
  97. //
  98. // Function: CACL::Initialize, public
  99. //
  100. // Synopsis: Initialize a SID with its authority
  101. // and sub-authority(ies).
  102. //
  103. // Arguments: [enumCSIDAuthority] (in)
  104. // An enumeration which tells us which of the
  105. // standard authorities to use.
  106. // [cSubAuthorities] (in)
  107. // The number of sub-auths in this SID.
  108. // [dwSubAuthority?] (in)
  109. // The Sub-Authorities.
  110. //
  111. // Returns: None
  112. //
  113. //--------------------------------------------------------------------
  115. VOID
  116. CSID::Initialize( enumCSIDAuthority enumcsidAuthority,
  117. BYTE cSubAuthorities ,
  118. DWORD dwSubAuthority0 = 0,
  119. DWORD dwSubAuthority1 = 0,
  120. DWORD dwSubAuthority2 = 0,
  121. DWORD dwSubAuthority3 = 0,
  122. DWORD dwSubAuthority4 = 0,
  123. DWORD dwSubAuthority5 = 0,
  124. DWORD dwSubAuthority6 = 0,
  125. DWORD dwSubAuthority7 = 0 )
  126. {
  127. SID_IDENTIFIER_AUTHORITY rgsid_identifier_authority[] = { SECURITY_NT_AUTHORITY };
  129. TrkAssert(!_fInitialized);
  131. _fInitialized = TRUE;
  132. _psid = NULL;
  134. if( !AllocateAndInitializeSid( &rgsid_identifier_authority[ enumcsidAuthority ],
  135. cSubAuthorities,
  136. dwSubAuthority0,
  137. dwSubAuthority1,
  138. dwSubAuthority2,
  139. dwSubAuthority3,
  140. dwSubAuthority4,
  141. dwSubAuthority5,
  142. dwSubAuthority6,
  143. dwSubAuthority7,
  144. &_psid ))
  145. {
  147. TrkLog((TRKDBG_ERROR, TEXT("AllocateAndInitializeSid failed")));
  148. TrkRaiseLastError();
  149. }
  151. }
  154. //+-------------------------------------------------------------------
  155. //
  156. // Function: CSID::UnInitialize, public
  157. //
  158. // Synopsis: Free the SID.
  159. //
  160. // Arguments: None
  161. //
  162. // Returns: None
  163. //
  164. //--------------------------------------------------------------------
  166. VOID
  167. CSID::UnInitialize()
  168. {
  169. if( _fInitialized )
  170. {
  171. if( NULL != _psid )
  172. {
  173. FreeSid( _psid ); // Alloc-ed with AllocAndInitializeSid()
  174. }
  176. _fInitialized = FALSE;
  177. }
  178. }
  183. //+-------------------------------------------------------------------
  184. //
  185. // Function: CSecDescriptor::_Allocate, public
  186. //
  187. // Synopsis: Allocate a Security Descriptor.
  188. //
  189. // Arguments: [cb]
  190. // Size of buffer to allocate for SD.
  191. //
  192. // Returns: None
  193. //
  194. //--------------------------------------------------------------------
  196. void
  197. CSecDescriptor::_Allocate( ULONG cb )
  198. {
  199. PSECURITY_DESCRIPTOR psd;
  201. psd = (PSECURITY_DESCRIPTOR) new BYTE[ cb ];
  203. if( NULL == psd )
  204. TrkRaiseWin32Error( ERROR_NOT_ENOUGH_MEMORY );
  206. if( NULL != _psd )
  207. delete [] _psd;
  209. _psd = psd;
  211. }
  214. //+-------------------------------------------------------------------
  215. //
  216. // Function: CSecDescriptor::Initialize, public
  217. //
  218. // Synopsis: Allocate a SD, and call a Security API to init it.
  219. //
  220. // Arguments: None
  221. //
  222. // Returns: None
  223. //
  224. //--------------------------------------------------------------------
  226. VOID
  227. CSecDescriptor::Initialize()
  228. {
  230. _fInitialized = TRUE;
  232. _Allocate( SECURITY_DESCRIPTOR_MIN_LENGTH );
  234. if( !InitializeSecurityDescriptor( _psd,
  235. SECURITY_DESCRIPTOR_REVISION ))
  236. {
  237. TrkLog((TRKDBG_ERROR, TEXT("Failed InitializeSecurityDescriptor")));
  238. TrkRaiseLastError();
  239. }
  241. if( !SetSecurityDescriptorControl( _psd,
  242. SE_DACL_AUTO_INHERITED,
  243. SE_DACL_AUTO_INHERITED ))
  244. {
  245. TrkLog(( TRKDBG_ERROR, TEXT("Failed InitializeSecurityDescriptor (SetSecurityDescriptorControl") ));
  246. TrkRaiseLastError();
  247. }
  248. }
  251. //+-------------------------------------------------------------------
  252. //
  253. // Function: CSecDescriptor::UnInitialize, public
  254. //
  255. // Synopsis: Free the SD buffer, and free its ACLs.
  256. //
  257. // Arguments: None
  258. //
  259. // Returns: None
  260. //
  261. //--------------------------------------------------------------------
  263. VOID
  264. CSecDescriptor::UnInitialize()
  265. {
  266. if( _fInitialized )
  267. {
  268. if( NULL != _psd )
  269. {
  270. delete [] _psd;
  271. }
  273. _cDacl.UnInitialize();
  274. _cSacl.UnInitialize();
  276. _fInitialized = FALSE;
  277. }
  278. }
  282. //+-------------------------------------------------------------------
  283. //
  284. // Function: CSecDescriptor::AddAce, public
  285. //
  286. // Synopsis: Adds an ACE (access allowed or denied) to an
  287. // ACL in this SID.
  288. //
  289. // Arguments: [enumAclType] (in)
  290. // Either ACL_DACL or ACL_SACL.
  291. // [enumAccessType] (in)
  292. // Either AT_ACCESS_ALLOWED or AT_ACCESS_DENIED.
  293. // [access_mask] (in)
  294. // The access bits to put in this ACE.
  295. // [psid] (in)
  296. // The SID to put in this ACE.
  297. //
  298. // Returns: None
  299. //
  300. //--------------------------------------------------------------------
  302. void
  303. CSecDescriptor::AddAce( const enumAclType AclType, const enumAccessType AccessType,
  304. const ACCESS_MASK access_mask, const PSID psid )
  305. {
  306. BOOL fSuccess;
  308. // Get a pointer to the member CACL object.
  310. CACL *pcacl = ACL_IS_DACL == AclType ? &_cDacl : &_cSacl;
  312. // Initialize the CACL if necessary.
  314. if( !pcacl->IsInitialized() )
  315. pcacl->Initialize();
  317. // Size the ACL appropriately
  319. //pcacl->SetSize( psid ); // Not currently implemented.
  321. // Add the ACE to the appropriate ACL.
  323. if( AT_ACCESS_ALLOWED == AccessType )
  324. {
  325. fSuccess = pcacl->AddAccessAllowed( access_mask, psid );
  326. }
  327. else
  328. {
  329. fSuccess = pcacl->AddAccessDenied( access_mask, psid );
  330. }
  332. if( !fSuccess )
  333. {
  334. TrkLog((TRKDBG_ERROR, TEXT("Couldn't add an ACE to an ACL")));
  335. TrkRaiseLastError();
  336. }
  338. return;
  340. }
  343. //+-------------------------------------------------------------------
  344. //
  345. // Function: CSecDescriptor::_ReloadAcl, public
  346. //
  347. // Synopsis: Puts the member ACLs back into the member
  348. // Security Descriptor, if they are dirty.
  349. //
  350. // Arguments: [enumAclType] (in)
  351. // Either ACL_DACL or ACL_SACL.
  352. //
  353. // Returns: None
  354. //
  355. //--------------------------------------------------------------------
  357. VOID
  358. CSecDescriptor::_ReloadAcl( enumAclType AclType )
  359. {
  360. if( ACL_IS_DACL == AclType && _cDacl.IsDirty() )
  361. {
  362. if( !SetSecurityDescriptorDacl( _psd, TRUE, _cDacl, FALSE ))
  363. {
  364. TrkLog((TRKDBG_ERROR, TEXT("Couldn't put DACL into SD")));
  365. TrkRaiseLastError();
  366. }
  367. _cDacl.ClearDirty();
  368. }
  369. else if( ACL_IS_SACL == AclType && _cSacl.IsDirty() )
  370. {
  371. if( !SetSecurityDescriptorSacl( _psd, TRUE, _cSacl, FALSE ))
  372. {
  373. TrkLog((TRKDBG_ERROR, TEXT("Couldn't put SACL into SD")));
  374. TrkRaiseLastError();
  375. }
  376. _cSacl.ClearDirty();
  377. }
  379. }