|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
AcChkSup.c
Abstract:
This module implements the RDBSS access checking routine
Author:
Gary Kimura [GaryKi] 12-Jun-1989
Revision History:
--*/
// ----------------------joejoe-----------found-------------#include "RxProcs.h"
#include "precomp.h"
#pragma hdrstop
//
// The Bug check file id for this module
//
#define BugCheckFileId (RDBSS_BUG_CHECK_ACCHKSUP)
//
// Our debug trace level
//
#define Dbg (DEBUG_TRACE_ACCHKSUP)
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, RxCheckFileAccess)
#endif
�BOOLEANRxCheckFileAccess ( PRX_CONTEXT RxContext, IN UCHAR DirentAttributes, IN ULONG DesiredAccess )
/*++
Routine Description:
This routine checks if a desired access is allowed to a file represented by the specified DirentAttriubutes.
Arguments:
DirentAttributes - Supplies the Dirent attributes to check access for
DesiredAccess - Supplies the desired access mask that we are checking for
Return Value:
BOOLEAN - TRUE if access is allowed and FALSE otherwise
--*/
{ BOOLEAN Result;
RxDbgTrace(+1, Dbg, ("RxCheckFileAccess\n", 0)); RxDbgTrace( 0, Dbg, ("DirentAttributes = %8lx\n", DirentAttributes)); RxDbgTrace( 0, Dbg, ("DesiredAccess = %8lx\n", DesiredAccess));
//
// This procedures is programmed like a string of filters each
// filter checks to see if some access is allowed, if it is not allowed
// the filter return FALSE to the user without further checks otherwise
// it moves on to the next filter. The filter check is to check for
// desired access flags that are not allowed for a particular dirent
//
Result = TRUE;
try {
//
// Check for Volume ID or Device Dirents, these are not allowed user
// access at all
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_VOLUME_ID) || FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_DEVICE)) {
RxDbgTrace(0, Dbg, ("Cannot access volume id or device\n", 0));
try_return( Result = FALSE ); }
//
// Check for a directory Dirent or non directory dirent
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_DIRECTORY)) {
//
// check the desired access for directory dirent
//
if (FlagOn(DesiredAccess, ~(DELETE | READ_CONTROL | WRITE_OWNER | WRITE_DAC | SYNCHRONIZE | ACCESS_SYSTEM_SECURITY | FILE_WRITE_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | FILE_LIST_DIRECTORY | FILE_TRAVERSE | FILE_DELETE_CHILD | FILE_APPEND_DATA))) {
RxDbgTrace(0, Dbg, ("Cannot open directory\n", 0));
try_return( Result = FALSE ); }
} else {
//
// check the desired access for a non-directory dirent, we
// blackball
// FILE_LIST_DIRECTORY, FILE_ADD_FILE, FILE_TRAVERSE,
// FILE_ADD_SUBDIRECTORY, and FILE_DELETE_CHILD
//
if (FlagOn(DesiredAccess, ~(DELETE | READ_CONTROL | WRITE_OWNER | WRITE_DAC | SYNCHRONIZE | ACCESS_SYSTEM_SECURITY | FILE_READ_DATA | FILE_WRITE_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | FILE_EXECUTE | FILE_APPEND_DATA))) {
RxDbgTrace(0, Dbg, ("Cannot open file\n", 0));
try_return( Result = FALSE ); } }
//
// Check for a read-only Dirent
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_READ_ONLY)) {
//
// Check the desired access for a read-only dirent, we blackball
// WRITE, FILE_APPEND_DATA, FILE_ADD_FILE,
// FILE_ADD_SUBDIRECTORY, and FILE_DELETE_CHILD
//
if (FlagOn(DesiredAccess, ~(DELETE | READ_CONTROL | WRITE_OWNER | WRITE_DAC | SYNCHRONIZE | ACCESS_SYSTEM_SECURITY | FILE_READ_DATA | FILE_READ_EA | FILE_WRITE_EA | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES | FILE_EXECUTE | FILE_LIST_DIRECTORY | FILE_TRAVERSE))) {
RxDbgTrace(0, Dbg, ("Cannot open readonly\n", 0));
try_return( Result = FALSE ); } }
try_exit: NOTHING; } finally {
DebugUnwind( RxCheckFileAccess );
RxDbgTrace(-1, Dbg, ("RxCheckFileAccess -> %08lx\n", Result)); }
UNREFERENCED_PARAMETER( RxContext );
return Result;}�
|
