Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

198 lines
5.9 KiB

//+------------------------------------------------------------------
//
// Copyright (C) 1993, Microsoft Corporation.
//
// File: filesec.cxx
//
// Classes: CFileSecurity class encapsulating SECURITY_DESCRIPTOR
//
// History: Nov-93 DaveMont Created.
// Oct-96 BrunoSc Modified
//
//-------------------------------------------------------------------
#include "pch.h"
#include "filesec.hxx"
#include "caclsmsg.h"
//+---------------------------------------------------------------------------
// Function: Add2Ptr
//
// Synopsis: Add an unscaled increment to a ptr regardless of type.
//
// Arguments: [pv] -- Initial ptr.
// [cb] -- Increment
//
// Returns: Incremented ptr.
//
//----------------------------------------------------------------------------
VOID * Add2Ptr(VOID *pv, ULONG cb)
{
return((BYTE *) pv + cb);
}
//+---------------------------------------------------------------------------
//
// Member: CFileSecurity::CFileSecurity, public
//
// Synopsis: initializes data members
// constructor will not throw
//
// Arguments: [filename] - name of file to apply security descriptor to
//
//----------------------------------------------------------------------------
CFileSecurity::CFileSecurity(LPWSTR filename)
: _psd(NULL),
_pwfilename(filename)
{
}
//+---------------------------------------------------------------------------
//
// Member: CFileSecurity::Init, public
//
// Synopsis: Init must be called before any other methods - this
// is not enforced. gets security descriptor from file
//
// Arguments: none
//
//----------------------------------------------------------------------------
ULONG CFileSecurity::Init()
{
ULONG ret;
ULONG cpsd;
// get the size of the security buffer
if (!GetFileSecurity((LPCTSTR)_pwfilename,
DACL_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
OWNER_SECURITY_INFORMATION,
NULL,
0,
&cpsd) )
{
if (ERROR_INSUFFICIENT_BUFFER == (ret = GetLastError()))
{
if (NULL == (_psd = (BYTE *)LocalAlloc(LMEM_FIXED, cpsd)))
{
return(ERROR_NOT_ENOUGH_MEMORY);
}
// actually get the buffer this time
if ( GetFileSecurity((LPCTSTR)_pwfilename,
DACL_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
OWNER_SECURITY_INFORMATION,
_psd,
cpsd,
&cpsd) )
ret = ERROR_SUCCESS;
else
ret = GetLastError();
}
// the following section was inserted to test an error when access to a file
// has been denied
else
{ if (ret == ERROR_ACCESS_DENIED)
{ return(ret);
}
}
} else
return(ERROR_NO_SECURITY_ON_OBJECT);
return(ret);
}
//+---------------------------------------------------------------------------
//
// Member: Dtor, public
//
// Synopsis: frees security descriptor if allocated
//
// Arguments: none
//
//----------------------------------------------------------------------------
CFileSecurity::~CFileSecurity()
{
if (_psd)
{
LocalFree(_psd);
}
}
//+---------------------------------------------------------------------------
//
// Member: CFileSecurity::SetFS, public
//
// Synopsis: sets or modifies the security descriptor DACL on the specified file
//
// Arguments: IN - [fmodify] - TRUE = modify ACL, FALSE = replace ACL
// IN - [pcdw] - wrapper around new ACEs
// IN - [fdir] - TRUE = directory
//
// Returns: status
//
//----------------------------------------------------------------------------
ULONG CFileSecurity::SetFS(BOOL fmodify, CDaclWrap *pcdw, BOOL fdir)
{
BOOL fdaclpresent;
BOOL cod;
ACL *pdacl;
ULONG ret;
// get the ACL from the security descriptor
if ( GetSecurityDescriptorDacl(_psd,
&fdaclpresent,
&pdacl,
&cod) )
{
if (fdaclpresent)
{
// build the new ACL (from the new ACEs and the old ACL)
PACL pnewdacl = NULL;
if (ERROR_SUCCESS == (ret = pcdw->BuildAcl(&pnewdacl,
fmodify ? pdacl : NULL,
pdacl ? pdacl->AclRevision : ACL_REVISION,
fdir)
))
{
// make a new security descriptor
SECURITY_DESCRIPTOR newsd;
//NTRAID#NTBUG9-547532-2002/03/28-hiteshr
if(!InitializeSecurityDescriptor( &newsd, SECURITY_DESCRIPTOR_REVISION ))
{
LocalFree(pnewdacl);
return GetLastError();
}
if(!SetSecurityDescriptorDacl( &newsd, TRUE, pnewdacl, FALSE ))
{
LocalFree(pnewdacl);
return GetLastError();
}
//
// apply it to the file
//
if (!SetFileSecurity(_pwfilename,
DACL_SECURITY_INFORMATION,
&newsd))
{
ret = GetLastError();
}
LocalFree(pnewdacl);
}
}
else
return(ERROR_NO_SECURITY_ON_OBJECT);
} else
{
ret = GetLastError();
}
return(ret);
}