archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/wmi/wbem/providers/win32provider/common/accessentry.cpp

778 lines
22 KiB
Raw Permalink Blame History

/*****************************************************************************/
/* Copyright (c) 1999-2001 Microsoft Corporation, All Rights Reserved /
/*****************************************************************************/
/*
* CAccessEntry.cpp - implementation file for CAccessEntry class.
*
* Created: 12-14-1997 by Sanjeev Surati
* (based on classes from Windows NT Security by Nik Okuntseff)
*/
#include "precomp.h"
#include <assertbreak.h>
#include "AccessEntry.h"
#include <accctrl.h>
#include "wbemnetapi32.h"
#include "SecUtils.h"
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Default class constructor.
//
// Inputs:
// None.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( void )
: m_Sid(),
m_bACEType( 0 ),
m_bACEFlags( 0 ),
m_dwAccessMask( 0 ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL)
{
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Class constructor.
//
// Inputs:
// PSID pSid - Sid to intialize from
// BYTE bACEType - ACE Type
// BYTE bACEFlags - Flags.
// DWORD dwAccessMask - Access Mask
// char* pszComputerName - Computer name to
// init SID from.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( PSID pSid,
BYTE bACEType,
BYTE bACEFlags,
GUID *pguidObjType,
GUID *pguidInhObjType,
DWORD dwAccessMask,
LPCTSTR pszComputerName ) : m_Sid( pSid, pszComputerName ),
m_bACEType( bACEType ),
m_bACEFlags( bACEFlags ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL),
m_dwAccessMask( dwAccessMask )
{
if(pguidObjType != NULL)
{
SetObjType(*pguidObjType);
}
if(pguidInhObjType != NULL)
{
SetInhObjType(*pguidInhObjType);
}
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Class constructor.
//
// Inputs:
// PSID pSid - Sid to intialize from
// BYTE bACEType - ACE Type
// BYTE bACEFlags - Flags.
// DWORD dwAccessMask - Access Mask
// char* pszComputerName - Computer name to
// init SID from.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( PSID pSid,
BYTE bACEType,
BYTE bACEFlags,
GUID *pguidObjType,
GUID *pguidInhObjType,
DWORD dwAccessMask,
LPCTSTR pszComputerName,
bool fLookup ) : m_Sid( pSid, pszComputerName, fLookup ),
m_bACEType( bACEType ),
m_bACEFlags( bACEFlags ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL),
m_dwAccessMask( dwAccessMask )
{
if(pguidObjType != NULL)
{
SetObjType(*pguidObjType);
}
if(pguidInhObjType != NULL)
{
SetInhObjType(*pguidInhObjType);
}
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Class constructor.
//
// Inputs:
// CSid& sid - Sid to intialize from
// BYTE bACEType - ACE Type
// BYTE bACEFlags - Flags.
// DWORD dwAccessMask - Access Mask
// char* pszComputerName - Computer name to
// init SID from.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( const CSid& sid,
BYTE bACEType,
BYTE bACEFlags,
GUID *pguidObjType,
GUID *pguidInhObjType,
DWORD dwAccessMask,
LPCTSTR pszComputerName ) : m_Sid( sid ),
m_bACEType( bACEType ),
m_bACEFlags( bACEFlags ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL),
m_dwAccessMask( dwAccessMask )
{
if(pguidObjType != NULL)
{
SetObjType(*pguidObjType);
}
if(pguidInhObjType != NULL)
{
SetInhObjType(*pguidInhObjType);
}
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Class constructor.
//
// Inputs:
// char* pszAccountName - Account Name
// BYTE bACEType - ACE Type
// BYTE bACEFlags - Flags.
// DWORD dwAccessMask - Access Mask
// char* pszComputerName - Computer name to
// init SID from.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( LPCTSTR pszAccountName,
BYTE bACEType,
BYTE bACEFlags,
GUID *pguidObjType,
GUID *pguidInhObjType,
DWORD dwAccessMask,
LPCTSTR pszComputerName ) : m_Sid( pszAccountName, pszComputerName ),
m_bACEType( bACEType ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL),
m_bACEFlags( bACEFlags ),
m_dwAccessMask( dwAccessMask )
{
if(pguidObjType != NULL)
{
SetObjType(*pguidObjType);
}
if(pguidInhObjType != NULL)
{
SetInhObjType(*pguidInhObjType);
}
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Class copy constructor.
//
// Inputs:
// const CAccessEntry r_AccessEntry - object to copy.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::CAccessEntry( const CAccessEntry &r_AccessEntry )
:
m_Sid(),
m_bACEType( 0 ),
m_bACEFlags( 0 ),
m_dwAccessMask( 0 ),
m_pguidObjType(NULL),
m_pguidInhObjType(NULL)
{
// Copy the values over
m_Sid = r_AccessEntry.m_Sid;
m_dwAccessMask = r_AccessEntry.m_dwAccessMask;
m_bACEType = r_AccessEntry.m_bACEType;
m_bACEFlags = r_AccessEntry.m_bACEFlags;
if(r_AccessEntry.m_pguidObjType != NULL)
{
SetObjType(*(r_AccessEntry.m_pguidObjType));
}
if(r_AccessEntry.m_pguidInhObjType != NULL)
{
SetInhObjType(*(r_AccessEntry.m_pguidInhObjType));
}
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// Assignment operator.
//
// Inputs:
// const CAccessEntry r_AccessEntry - object to copy.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry & CAccessEntry::operator= ( const CAccessEntry &r_AccessEntry )
{
// Copy the values over
m_Sid = r_AccessEntry.m_Sid;
m_dwAccessMask = r_AccessEntry.m_dwAccessMask;
m_bACEType = r_AccessEntry.m_bACEType;
m_bACEFlags = r_AccessEntry.m_bACEFlags;
if(r_AccessEntry.m_pguidObjType != NULL)
{
SetObjType(*(r_AccessEntry.m_pguidObjType));
}
if(r_AccessEntry.m_pguidInhObjType != NULL)
{
SetInhObjType(*(r_AccessEntry.m_pguidInhObjType));
}
return (*this);
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::CAccessEntry
//
// == Comparison operator.
//
// Inputs:
// const CAccessEntry r_AccessEntry - object to compare.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
bool CAccessEntry::operator== ( const CAccessEntry &r_AccessEntry )
{
bool fRet = false;
if( m_Sid == r_AccessEntry.m_Sid
&& m_dwAccessMask == r_AccessEntry.m_dwAccessMask
&& m_bACEType == r_AccessEntry.m_bACEType
&& m_bACEFlags == r_AccessEntry.m_bACEFlags)
{
if((r_AccessEntry.m_pguidObjType == NULL && m_pguidObjType == NULL) ||
((r_AccessEntry.m_pguidObjType != NULL && m_pguidObjType != NULL) &&
(*(r_AccessEntry.m_pguidObjType) == *m_pguidObjType)))
{
if((r_AccessEntry.m_pguidInhObjType == NULL && m_pguidInhObjType == NULL) ||
((r_AccessEntry.m_pguidInhObjType != NULL && m_pguidInhObjType != NULL) &&
(*(r_AccessEntry.m_pguidInhObjType) == *m_pguidInhObjType)))
{
fRet = true;
}
}
}
return fRet;
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::~CAccessEntry
//
// Class Destructor
//
// Inputs:
// None.
//
// Outputs:
// None.
//
// Returns:
// None.
//
// Comments:
//
///////////////////////////////////////////////////////////////////
CAccessEntry::~CAccessEntry( void )
{
if(m_pguidObjType != NULL) delete m_pguidObjType;
if(m_pguidInhObjType != NULL) delete m_pguidInhObjType;
}
///////////////////////////////////////////////////////////////////
//
// Function: CAccessEntry::AllocateACE
//
// Helper function to allocate an appropriate ACE object so outside
// code can quickly and easily fill out PACLs.
//
// Inputs:
// None.
//
// Outputs:
// ACE_HEADER** ppACEHeader - Pointer to allocated
// ACE Header.
//
// Returns:
// BOOL Succes/Failure
//
// Comments:
//
// User should use FreeACE to free the allocated object.
//
///////////////////////////////////////////////////////////////////
BOOL CAccessEntry::AllocateACE( ACE_HEADER** ppACEHeader )
{
// Clear out the structure
*ppACEHeader = NULL;
if ( m_Sid.IsValid() )
{
ACE_HEADER* pACEHeader = NULL;
WORD wAceSize = 0;
DWORD dwSidLength = m_Sid.GetLength();
switch ( m_bACEType )
{
case ACCESS_ALLOWED_ACE_TYPE:
{
wAceSize = sizeof( ACCESS_ALLOWED_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
ACCESS_ALLOWED_ACE* pACE = NULL;
try
{
pACE = (ACCESS_ALLOWED_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
case ACCESS_DENIED_ACE_TYPE:
{
wAceSize = sizeof( ACCESS_DENIED_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
ACCESS_DENIED_ACE* pACE = NULL;
try
{
pACE = (ACCESS_DENIED_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
case SYSTEM_AUDIT_ACE_TYPE:
{
wAceSize = sizeof( SYSTEM_AUDIT_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
SYSTEM_AUDIT_ACE* pACE = NULL;
try
{
pACE = (SYSTEM_AUDIT_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
{
wAceSize = sizeof( ACCESS_ALLOWED_OBJECT_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
ACCESS_ALLOWED_OBJECT_ACE* pACE = NULL;
try
{
pACE = (ACCESS_ALLOWED_OBJECT_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
if(m_pguidObjType != NULL)
{
memcpy(&(pACE->ObjectType), m_pguidObjType, sizeof(GUID));
pACE->Flags |= ACE_OBJECT_TYPE_PRESENT;
}
if(m_pguidInhObjType != NULL)
{
memcpy(&(pACE->InheritedObjectType), m_pguidInhObjType, sizeof(GUID));
pACE->Flags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
/************************* this type has not been implemented yet on W2K *************************************
case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
{
wAceSize = sizeof( ACCESS_ALLOWED_COMPOUND_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
ACCESS_ALLOWED_COMPOUND_ACE* pACE = NULL;
try
{
pACE = (ACCESS_ALLOWED_COMPOUND_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
memcpy(&(pACE->ObjectType), m_pguidObjType, sizeof(GUID));
memcpy(&(pACE->InheritedObjectType), m_pguidInhObjType, sizeof(GUID));
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
*************************************************************************************************************/
case ACCESS_DENIED_OBJECT_ACE_TYPE:
{
wAceSize = sizeof( ACCESS_DENIED_OBJECT_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
ACCESS_DENIED_OBJECT_ACE* pACE = NULL;
try
{
pACE = (ACCESS_DENIED_OBJECT_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
if(m_pguidObjType != NULL)
{
memcpy(&(pACE->ObjectType), m_pguidObjType, sizeof(GUID));
pACE->Flags |= ACE_OBJECT_TYPE_PRESENT;
}
if(m_pguidInhObjType != NULL)
{
memcpy(&(pACE->InheritedObjectType), m_pguidInhObjType, sizeof(GUID));
pACE->Flags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
{
wAceSize = sizeof( SYSTEM_AUDIT_OBJECT_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
SYSTEM_AUDIT_OBJECT_ACE* pACE = NULL;
try
{
pACE = (SYSTEM_AUDIT_OBJECT_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
if(m_pguidObjType != NULL)
{
memcpy(&(pACE->ObjectType), m_pguidObjType, sizeof(GUID));
pACE->Flags |= ACE_OBJECT_TYPE_PRESENT;
}
if(m_pguidInhObjType != NULL)
{
memcpy(&(pACE->InheritedObjectType), m_pguidInhObjType, sizeof(GUID));
pACE->Flags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
/********************************* type not yet supported under w2k ********************************************
case SYSTEM_ALARM_ACE_TYPE:
{
wAceSize = sizeof( SYSTEM_ALARM_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
SYSTEM_ALARM_ACE* pACE = NULL;
try
{
pACE = (SYSTEM_ALARM_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
/********************************* type not yet supported under w2k ********************************************/
/********************************* type not yet supported under w2k ********************************************
case SYSTEM_ALARM_OBJECT_ACE_TYPE:
{
wAceSize = sizeof( SYSTEM_ALARM_OBJECT_ACE ) + dwSidLength - sizeof(DWORD);
// Allocate the appropriate Ace and fill out its values.
SYSTEM_ALARM_OBJECT_ACE* pACE = NULL;
try
{
pACE = (SYSTEM_ALARM_OBJECT_ACE*) malloc( wAceSize );
if ( NULL != pACE )
{
pACE->Mask = m_dwAccessMask;
CopySid( dwSidLength, (PSID) &pACE->SidStart, m_Sid.GetPSid() );
pACEHeader = (ACE_HEADER*) pACE;
if(m_pguidObjType != NULL)
{
memcpy(&(pACE->ObjectType), m_pguidObjType, sizeof(GUID));
pACE->Flags |= ACE_OBJECT_TYPE_PRESENT;
}
if(m_pguidInhObjType != NULL)
{
memcpy(&(pACE->InheritedObjectType), m_pguidInhObjType, sizeof(GUID));
pACE->Flags |= ACE_INHERITED_OBJECT_TYPE_PRESENT;
}
}
}
catch(...)
{
if(pACE != NULL)
{
free(pACE);
pACE = NULL;
}
throw;
}
}
break;
/********************************* type not yet supported under w2k ********************************************/
default:
{
// Something bad just happened
ASSERT_BREAK(0);
}
} // SWITCH
// Fill out the common values, then store the value for return.
if ( NULL != pACEHeader )
{
pACEHeader->AceType = m_bACEType;
pACEHeader->AceFlags = m_bACEFlags;
pACEHeader->AceSize = wAceSize;
*ppACEHeader = pACEHeader;
}
}
// Return whether or not a valid ACE is coming out
return ( NULL != *ppACEHeader );
}
void CAccessEntry::DumpAccessEntry(LPCWSTR wstrFilename)
{
CHString chstrTemp1;
Output(L"ACE contents follow...", wstrFilename);
// Dump the access mask...
chstrTemp1.Format(L"ACE access mask (hex): %x", m_dwAccessMask);
Output(chstrTemp1, wstrFilename);
// Dump the ace type...
chstrTemp1.Format(L"ACE type (hex): %x", m_bACEType);
Output(chstrTemp1, wstrFilename);
// Dump the ace flags...
chstrTemp1.Format(L"ACE flags (hex): %x", m_bACEFlags);
Output(chstrTemp1, wstrFilename);
// Dump the ace sid...
m_Sid.DumpSid(wstrFilename);
}