You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
328 lines
8.5 KiB
328 lines
8.5 KiB
/*++
|
|
|
|
Copyright (c) 1991-1992 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
secobj.c
|
|
|
|
Abstract:
|
|
|
|
This module provides support routines to simplify the creation of
|
|
security descriptors for user-mode objects.
|
|
|
|
Author:
|
|
|
|
Cliff Van Dyke (CliffV) 09-Feb-1994
|
|
|
|
Environment:
|
|
|
|
Contains NT specific code.
|
|
|
|
Revision History:
|
|
|
|
Cliff Van Dyke (CliffV) 09-Feb-1994
|
|
Split off from secobj.c so NtLmSsp can reference secobj.c
|
|
without loading the rpc libaries.
|
|
|
|
--*/
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
|
|
#include <windows.h> // DWORD.
|
|
#include <lmcons.h> // NET_API_STATUS.
|
|
|
|
#include <netlib.h>
|
|
#include <lmerr.h>
|
|
|
|
#include <netdebug.h>
|
|
#include <debuglib.h>
|
|
|
|
#include <rpc.h>
|
|
#include <rpcutil.h>
|
|
|
|
#include <secobj.h>
|
|
|
|
|
|
|
|
NET_API_STATUS
|
|
NetpAccessCheckAndAudit(
|
|
IN LPTSTR SubsystemName,
|
|
IN LPTSTR ObjectTypeName,
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function impersonates the caller so that it can perform access
|
|
validation using NtAccessCheckAndAuditAlarm; and reverts back to
|
|
itself before returning.
|
|
|
|
Arguments:
|
|
|
|
SubsystemName - Supplies a name string identifying the subsystem
|
|
calling this routine.
|
|
|
|
ObjectTypeName - Supplies the name of the type of the object being
|
|
accessed.
|
|
|
|
SecurityDescriptor - A pointer to the Security Descriptor against which
|
|
acccess is to be checked.
|
|
|
|
DesiredAccess - Supplies desired acccess mask. This mask must have been
|
|
previously mapped to contain no generic accesses.
|
|
|
|
GenericMapping - Supplies a pointer to the generic mapping associated
|
|
with this object type.
|
|
|
|
Return Value:
|
|
|
|
NET_API_STATUS - NERR_Success or reason for failure.
|
|
|
|
--*/
|
|
{
|
|
|
|
NTSTATUS NtStatus;
|
|
RPC_STATUS RpcStatus;
|
|
BOOLEAN fWasEnabled;
|
|
|
|
UNICODE_STRING Subsystem;
|
|
UNICODE_STRING ObjectType;
|
|
UNICODE_STRING ObjectName;
|
|
|
|
#ifndef UNICODE
|
|
OEM_STRING AnsiString;
|
|
#endif
|
|
|
|
ACCESS_MASK GrantedAccess;
|
|
BOOLEAN GenerateOnClose;
|
|
NTSTATUS AccessStatus;
|
|
|
|
|
|
#ifdef UNICODE
|
|
RtlInitUnicodeString(&Subsystem, SubsystemName);
|
|
RtlInitUnicodeString(&ObjectType, ObjectTypeName);
|
|
#else
|
|
NetpInitOemString( &AnsiString, SubsystemName );
|
|
NtStatus = RtlOemStringToUnicodeString(
|
|
&Subsystem,
|
|
&AnsiString,
|
|
TRUE
|
|
);
|
|
|
|
if ( !NT_SUCCESS( NtStatus )) {
|
|
NetpKdPrint(("[Netlib] Error calling RtlOemStringToUnicodeString %08lx\n",
|
|
NtStatus));
|
|
return NetpNtStatusToApiStatus( NtStatus );
|
|
}
|
|
|
|
NetpInitOemString( &AnsiString, ObjectTypeName );
|
|
|
|
NtStatus = RtlOemStringToUnicodeString(&ObjectType,
|
|
&AnsiString,
|
|
TRUE);
|
|
|
|
if ( !NT_SUCCESS( NtStatus )) {
|
|
NetpKdPrint(("[Netlib] Error calling RtlOemStringToUnicodeString %08lx\n",
|
|
NtStatus));
|
|
RtlFreeUnicodeString( &Subsystem );
|
|
return NetpNtStatusToApiStatus( NtStatus );
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// Make sure SE_AUDIT_PRIVILEGE is enabled for this process (rather
|
|
// than the thread) since the audit privilege is checked in the process
|
|
// token (and not the thread token). Leave it enabled since there's
|
|
// no harm in doing so once it's been enabled (since the process needs
|
|
// to have the privilege in the first place).
|
|
//
|
|
|
|
RtlAdjustPrivilege(SE_AUDIT_PRIVILEGE,
|
|
TRUE,
|
|
FALSE,
|
|
&fWasEnabled);
|
|
|
|
RtlInitUnicodeString(&ObjectName, NULL); // No object name
|
|
|
|
if ((RpcStatus = RpcImpersonateClient(NULL)) != RPC_S_OK) {
|
|
NetpKdPrint(("[Netlib] Failed to impersonate client %08lx\n",
|
|
RpcStatus));
|
|
return NetpRpcStatusToApiStatus(RpcStatus);
|
|
}
|
|
|
|
NtStatus = NtAccessCheckAndAuditAlarm(
|
|
&Subsystem,
|
|
NULL, // No handle for object
|
|
&ObjectType,
|
|
&ObjectName,
|
|
SecurityDescriptor,
|
|
DesiredAccess,
|
|
GenericMapping,
|
|
FALSE,
|
|
&GrantedAccess,
|
|
&AccessStatus,
|
|
&GenerateOnClose
|
|
);
|
|
|
|
#ifndef UNICODE
|
|
RtlFreeUnicodeString( &Subsystem );
|
|
RtlFreeUnicodeString( &ObjectType );
|
|
#endif
|
|
|
|
if ((RpcStatus = RpcRevertToSelf()) != RPC_S_OK) {
|
|
NetpKdPrint(("[Netlib] Fail to revert to self %08lx\n", RpcStatus));
|
|
NetpAssert(FALSE);
|
|
}
|
|
|
|
if (! NT_SUCCESS(NtStatus)) {
|
|
NetpKdPrint(("[Netlib] Error calling NtAccessCheckAndAuditAlarm %08lx\n",
|
|
NtStatus));
|
|
return ERROR_ACCESS_DENIED;
|
|
}
|
|
|
|
if (AccessStatus != STATUS_SUCCESS) {
|
|
IF_DEBUG(SECURITY) {
|
|
NetpKdPrint(("[Netlib] Access status is %08lx\n", AccessStatus));
|
|
}
|
|
return ERROR_ACCESS_DENIED;
|
|
}
|
|
|
|
return NERR_Success;
|
|
}
|
|
|
|
|
|
|
|
NET_API_STATUS
|
|
NetpAccessCheck(
|
|
IN PSECURITY_DESCRIPTOR SecurityDescriptor,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN PGENERIC_MAPPING GenericMapping
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This function impersonates the caller so that it can perform access
|
|
validation using NtAccessCheck; and reverts back to
|
|
itself before returning.
|
|
|
|
This routine differs from NetpAccessCheckAndAudit in that it doesn't require
|
|
the caller to have SE_AUDIT_PRIVILEGE nor does it generate audits.
|
|
That is typically fine since the passed in security descriptor typically doesn't
|
|
have a SACL requesting an audit.
|
|
|
|
Arguments:
|
|
|
|
SecurityDescriptor - A pointer to the Security Descriptor against which
|
|
acccess is to be checked.
|
|
|
|
DesiredAccess - Supplies desired acccess mask. This mask must have been
|
|
previously mapped to contain no generic accesses.
|
|
|
|
GenericMapping - Supplies a pointer to the generic mapping associated
|
|
with this object type.
|
|
|
|
Return Value:
|
|
|
|
NET_API_STATUS - NERR_Success or reason for failure.
|
|
|
|
--*/
|
|
{
|
|
NET_API_STATUS NetStatus;
|
|
NET_API_STATUS TempStatus;
|
|
|
|
HANDLE ClientToken = NULL;
|
|
|
|
DWORD GrantedAccess;
|
|
BOOL AccessStatus;
|
|
BYTE PrivilegeSet[500]; // Large buffer
|
|
DWORD PrivilegeSetSize;
|
|
|
|
|
|
//
|
|
// Impersonate the client.
|
|
//
|
|
|
|
NetStatus = RpcImpersonateClient(NULL);
|
|
|
|
if ( NetStatus != RPC_S_OK ) {
|
|
NetpKdPrint(("[Netlib] Failed to impersonate client %08lx\n",
|
|
NetStatus));
|
|
return NetpRpcStatusToApiStatus(NetStatus);
|
|
}
|
|
|
|
//
|
|
// Open the impersonated token.
|
|
//
|
|
|
|
if ( !OpenThreadToken( GetCurrentThread(),
|
|
TOKEN_QUERY,
|
|
TRUE, // Use NtLmSvc security context to open token
|
|
&ClientToken )) {
|
|
|
|
NetStatus = GetLastError();
|
|
NetpKdPrint(("[Netlib] Error calling GetCurrentThread %ld\n",
|
|
NetStatus));
|
|
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Check if the client has the required access.
|
|
//
|
|
|
|
PrivilegeSetSize = sizeof(PrivilegeSet);
|
|
|
|
if ( !AccessCheck( SecurityDescriptor,
|
|
ClientToken,
|
|
DesiredAccess,
|
|
GenericMapping,
|
|
(PPRIVILEGE_SET) PrivilegeSet,
|
|
&PrivilegeSetSize,
|
|
&GrantedAccess,
|
|
&AccessStatus ) ) {
|
|
|
|
NetStatus = GetLastError();
|
|
NetpKdPrint(("[Netlib] Error calling AccessCheck %ld\n",
|
|
NetStatus));
|
|
|
|
goto Cleanup;
|
|
|
|
}
|
|
|
|
if ( !AccessStatus ) {
|
|
NetStatus = GetLastError();
|
|
IF_DEBUG(SECURITY) {
|
|
NetpKdPrint(("[Netlib] Access status is %ld\n", NetStatus ));
|
|
}
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// Success
|
|
//
|
|
|
|
NetStatus = NERR_Success;
|
|
|
|
//
|
|
// Free locally used resources
|
|
//
|
|
Cleanup:
|
|
TempStatus = RpcRevertToSelf();
|
|
if ( TempStatus != RPC_S_OK ) {
|
|
NetpKdPrint(("[Netlib] Fail to revert to self %08lx\n", TempStatus));
|
|
NetpAssert(FALSE);
|
|
}
|
|
|
|
if ( ClientToken != NULL ) {
|
|
CloseHandle( ClientToken );
|
|
}
|
|
|
|
return NetStatus;
|
|
}
|