windows-server-2003/admin/services/sched/common/foldersecurity.cpp

//+----------------------------------------------------------------------------
//
//  Job Scheduler
//
//  Microsoft Windows
//  Copyright (C) Microsoft Corporation, 2002.
//
//  File:       FolderSecurity.cpp
//
//  Contents:   Class to read folder security and perform access checks against it
//
//  History:    5-April-02 HHance created
//
//-----------------------------------------------------------------------------

#include <Windows.h>
#include <FolderSecurity.h>

// disable cilly warning about bools (we'll put it back, later...)
#pragma warning( push )
#pragma warning( disable: 4800)

// returns  S_OK if the folder's DACL allows the requested access
//          E_ACCESSDENIED if not
//          E_NOTFOUND if file/folder cannot be found
//          other error on other error

// HANDLE clientToken                       // handle to client access token
// DWORD desiredAccess                      // requested access rights
//
// NOTE: Do not use the GENERIC_XXX rights, they must already have been mapped
//
//          Suggested rights:
//                              FILE_READ_DATA
//                              FILE_WRITE_DATA
//                              FILE_EXECUTE
//                              FILE_DELETE_CHILD
//
HRESULT FolderAccessCheck(const WCHAR* pFolderName, HANDLE clientToken, DWORD desiredAccess)
{
    if ((desiredAccess == 0) ||
        (pFolderName == NULL))
        return false;

    
    HRESULT hr = E_ACCESSDENIED;

    DWORD dSize = 0;

    // call once to see how big a buffer we need
    if (!GetFileSecurityW(pFolderName, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, NULL, 0, &dSize))
    {
        DWORD dwErr = GetLastError();
        if (dwErr != ERROR_INSUFFICIENT_BUFFER)
            return HRESULT_FROM_WIN32(dwErr);
    }

    PSECURITY_DESCRIPTOR pSD = NULL;

    if ((dSize > 0) && (pSD = new BYTE[dSize + 1]))
    {
        // get it for real (hopefully)
        if (GetFileSecurityW(pFolderName, DACL_SECURITY_INFORMATION  | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, pSD, dSize, &dSize))
        {
            // all the args access check could ever want
            GENERIC_MAPPING gm;          
            gm.GenericRead    = FILE_GENERIC_READ; 
            gm.GenericWrite   = FILE_GENERIC_WRITE; 
            gm.GenericExecute = FILE_GENERIC_EXECUTE; 
            gm.GenericAll     = FILE_ALL_ACCESS; 
           
            PRIVILEGE_SET ps;
            DWORD psLength = sizeof(PRIVILEGE_SET);

            // guilty until proven innocent
            BOOL accessStatus = FALSE;
            DWORD grantedAccess = 0;

            if (AccessCheck(pSD, clientToken, desiredAccess, &gm, &ps, &psLength, &grantedAccess, &accessStatus))
                if (accessStatus && ((grantedAccess & desiredAccess) == desiredAccess))
                    hr = S_OK;
        }
        else
            hr = HRESULT_FROM_WIN32(GetLastError());

        delete[] pSD;
    }

    return hr;
}

// helper function - uses current thread/process token
// to call AccessCheck
HRESULT FolderAccessCheckOnThreadToken(const WCHAR* pFolderName, DWORD desiredAccess)
{
   	HANDLE hToken = INVALID_HANDLE_VALUE;

    // Use the thread's own token if he's got one.
    HRESULT hr = E_ACCESSDENIED;

    if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
        hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
    else
    // that didn't work, let's see if we can get the process token
    {
        if (ImpersonateSelf(SecurityImpersonation))
        {
            if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
                hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
            RevertToSelf();
        }
    }
        
    if (hToken != INVALID_HANDLE_VALUE)
        CloseHandle(hToken);

    return hr;
}

// helper function - makes use of RPC Impersonation capabilities
// intended to be called from the task scheduler service process
// if bHandleImpersonation is true, this function calls RPCImpersonateClient and RPCRevertToSelf
HRESULT RPCFolderAccessCheck(const WCHAR* pFolderName, DWORD desiredAccess, bool bHandleImpersonation)
{
    HRESULT hr = E_ACCESSDENIED;

    bool bRet = true;

    if (bHandleImpersonation)
        bRet = (RPC_S_OK == RpcImpersonateClient(NULL));

    if (bRet)
    {        
       	HANDLE hToken = INVALID_HANDLE_VALUE;
    
        bRet = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
        
        if (bHandleImpersonation)
            RpcRevertToSelf();

        if (bRet)
            hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);

        if (hToken != INVALID_HANDLE_VALUE)
            CloseHandle(hToken);
    }

    return hr;
};

// helper function - makes use of COM impersonation capabilities
// ** Will Fail if COM hasn't been initialized **
// ** Or we can't imperonate the client        **
HRESULT CoFolderAccessCheck(const WCHAR* pFolderName, DWORD desiredAccess)
{
    bool bAlreadyImpersonated = false;
    IServerSecurity* iSecurity = NULL;
    HRESULT hr = E_ACCESSDENIED;
    
    if (SUCCEEDED(hr = CoGetCallContext(IID_IServerSecurity, (void**)&iSecurity)))
    {
        // We were impersonating when we got here?
        // if not - try to impersonate the client now.
        bool bWeImpersonating = false;
        if (bAlreadyImpersonated = iSecurity->IsImpersonating())
            bWeImpersonating = true;
        else
            bWeImpersonating = SUCCEEDED(iSecurity->ImpersonateClient());

        // if we've got a thread token, let the helper's helper help out
        if (bWeImpersonating)
        {                    
            HANDLE hToken = INVALID_HANDLE_VALUE;
            if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
            {
                if (!bAlreadyImpersonated)
                    iSecurity->RevertToSelf();
                hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
                CloseHandle(hToken);
            }
            else if (!bAlreadyImpersonated)
                iSecurity->RevertToSelf();
        }

        iSecurity->Release();
    }
    else if ((hr == RPC_E_CALL_COMPLETE) || (hr == CO_E_NOTINITIALIZED))
        hr = FolderAccessCheckOnThreadToken(pFolderName, desiredAccess);

    return hr;
}


#pragma warning(pop)