archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/svcs/wam/object/ooptoken.cpp

436 lines
10 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1999 Microsoft Corporation
  5. Module Name :
  6. ooptoken.cpp
  8. Abstract:
  9. Implementation of the CWamOopTokenInfo object
  11. Author:
  12. Taylor Weiss ( TaylorW ) 15-Feb-1999
  14. Environment:
  15. User Mode - Win32
  17. Project:
  18. iis\svcs\wam\object
  20. --*/
  22. #include <isapip.hxx>
  23. #include "ooptoken.h"
  25. /************************ CWamOopTokenInfo ****************************/
  27. CWamOopTokenInfo * CWamOopTokenInfo::ms_pInstance = NULL;
  29. HRESULT
  30. CWamOopTokenInfo::Create( VOID )
  31. /*++
  32. Routine Description:
  34. Create and initialize ms_pInstance. Get the wam and system SIDs.
  36. The IWAM_* user sid is obtained from the process token. This
  37. only works if we are running OOP. The alternative is to put this
  38. in w3svc or infocomm and get the SID from the metabase. The downside
  39. to that is the account for the application package is exposed
  40. through the com+ UI, so it can be changed without a metabase update.
  42. Parameters
  44. Return Value
  46. HRESULT
  48. --*/
  49. {
  50. DBG_ASSERT( CWamOopTokenInfo::ms_pInstance == NULL );
  52. HRESULT hr = NOERROR;
  53. HANDLE hProcessToken = NULL;
  54. LPVOID pvUserBuffer = NULL;
  55. PSID pSidSys = NULL;
  56. CWamOopTokenInfo * pInstance = NULL;
  58. do
  59. {
  60. BOOL fNoError = FALSE;
  61. DWORD cbUserBuffer = 0;
  63. // Allocate instance
  64. pInstance = new CWamOopTokenInfo();
  66. DBG_ASSERT( pInstance != NULL );
  67. if( !pInstance )
  68. {
  69. DBG_ASSERT( pInstance );
  70. hr = E_OUTOFMEMORY;
  71. break;
  72. }
  74. //
  75. // Get a SID for the IWAM_* user.
  76. //
  77. fNoError = OpenProcessToken( GetCurrentProcess(),
  78. TOKEN_QUERY,
  79. &hProcessToken
  80. );
  81. if( !fNoError )
  82. {
  83. DBG_ASSERT( fNoError );
  84. hr = HRESULT_FROM_WIN32( GetLastError() );
  85. break;
  86. }
  88. // Get buffer size
  89. fNoError = GetTokenInformation( hProcessToken,
  90. TokenUser,
  91. NULL,
  92. 0,
  93. &cbUserBuffer
  94. );
  95. DBG_ASSERT( fNoError == FALSE );
  97. pvUserBuffer = LocalAlloc( LPTR, cbUserBuffer );
  98. DBG_ASSERT( pvUserBuffer != NULL );
  99. if( !pvUserBuffer )
  100. {
  101. DBG_ASSERT( pvUserBuffer );
  102. hr = E_OUTOFMEMORY;
  103. break;
  104. }
  106. // Get user info
  107. fNoError = GetTokenInformation( hProcessToken,
  108. TokenUser,
  109. pvUserBuffer,
  110. cbUserBuffer,
  111. &cbUserBuffer
  112. );
  113. if( !fNoError )
  114. {
  115. DBG_ASSERT( fNoError );
  116. hr = HRESULT_FROM_WIN32( GetLastError() );
  117. break;
  118. }
  120. hr = pInstance->SetIWAMUserSid( ((TOKEN_USER *)pvUserBuffer)->User.Sid );
  121. if( FAILED(hr) ) break;
  123. //
  124. // Create a SID for the local system
  125. //
  126. SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
  127. fNoError = AllocateAndInitializeSid( &siaNtAuthority,
  128. 1,
  129. SECURITY_LOCAL_SYSTEM_RID,
  130. 0, 0, 0, 0, 0, 0, 0,
  131. &pSidSys
  132. );
  133. if( !fNoError )
  134. {
  135. DBG_ASSERT( fNoError );
  136. hr = HRESULT_FROM_WIN32( GetLastError() );
  137. break;
  138. }
  140. hr = pInstance->SetSystemSid( pSidSys );
  141. if( FAILED(hr) ) break;
  143. CWamOopTokenInfo::ms_pInstance = pInstance;
  145. } while( FALSE );
  147. if( hProcessToken )
  148. {
  149. CloseHandle( hProcessToken );
  150. }
  151. if( pvUserBuffer )
  152. {
  153. LocalFree( pvUserBuffer );
  154. }
  155. if( pSidSys )
  156. {
  157. FreeSid( pSidSys );
  158. }
  159. if( CWamOopTokenInfo::ms_pInstance == NULL )
  160. {
  161. // We hit some break, need to dealloc local pointer
  162. delete pInstance;
  163. }
  165. DBG_ASSERT( CWamOopTokenInfo::ms_pInstance != NULL );
  166. DBG_ASSERT( SUCCEEDED(hr) );
  168. return hr;
  169. }
  171. HRESULT
  172. CWamOopTokenInfo::SetIWAMUserSid( PSID pSid )
  173. /*++
  174. Routine Description:
  176. Make a local copy of the SID. Called during instance create.
  178. Probably should avoid the extra duplication.
  180. Parameters
  182. pSid - The IWAM_* user sid.
  184. Return Value
  186. HRESULT
  188. --*/
  189. {
  190. DBG_ASSERT( pSid );
  191. DBG_ASSERT( m_pIWAMUserSid == NULL );
  192. DBG_ASSERT( m_cbIWAMUserSid == 0 );
  194. HRESULT hr = NOERROR;
  196. m_cbIWAMUserSid = GetLengthSid( pSid );
  198. m_pIWAMUserSid = LocalAlloc( LPTR, m_cbIWAMUserSid );
  200. if( m_pIWAMUserSid )
  201. {
  202. if( !CopySid( m_cbIWAMUserSid, m_pIWAMUserSid, pSid ) )
  203. {
  204. hr = HRESULT_FROM_WIN32( GetLastError() );
  205. }
  206. }
  207. else
  208. {
  209. hr = E_OUTOFMEMORY;
  210. m_cbIWAMUserSid = 0;
  211. }
  213. DBG_ASSERT( m_pIWAMUserSid );
  214. DBG_ASSERT( m_cbIWAMUserSid > 0 );
  215. DBG_ASSERT( SUCCEEDED(hr) );
  217. return hr;
  218. }
  220. HRESULT
  221. CWamOopTokenInfo::SetSystemSid( PSID pSid )
  222. /*++
  223. Routine Description:
  225. Make a local copy of the SID. Called during instance create.
  227. Probably should avoid the extra duplication.
  229. Parameters
  231. pSid - The system sid.
  233. Return Value
  235. HRESULT
  237. --*/
  238. {
  239. DBG_ASSERT( pSid );
  240. DBG_ASSERT( m_pSystemSid == NULL );
  241. DBG_ASSERT( m_cbSystemSid == 0 );
  243. HRESULT hr = NOERROR;
  245. m_cbSystemSid = GetLengthSid( pSid );
  247. m_pSystemSid = LocalAlloc( LPTR, m_cbSystemSid );
  249. if( m_pSystemSid )
  250. {
  251. if( !CopySid( m_cbSystemSid, m_pSystemSid, pSid ) )
  252. {
  253. hr = HRESULT_FROM_WIN32( GetLastError() );
  254. }
  255. }
  256. else
  257. {
  258. hr = E_OUTOFMEMORY;
  259. m_cbSystemSid = 0;
  260. }
  262. DBG_ASSERT( m_pSystemSid );
  263. DBG_ASSERT( m_cbSystemSid > 0 );
  264. DBG_ASSERT( SUCCEEDED(hr) );
  266. return hr;
  267. }
  270. HRESULT
  271. CWamOopTokenInfo::ModifyTokenForOop
  272. (
  273. HANDLE hThreadToken
  274. )
  275. /*++
  276. Routine Description
  278. Add the IWAM_* ace to the token.
  280. Prameters
  282. HANDLE hThreadToken - The token to modify.
  284. Return Value
  286. HRESULT
  288. --*/
  289. {
  290. DBG_ASSERT( m_pIWAMUserSid );
  291. DBG_ASSERT( m_pSystemSid );
  293. HRESULT hr = NOERROR;
  295. DWORD cbTokenUserBuffer = 0;
  296. LPVOID pvTokenUserBuffer = NULL;
  298. DWORD cbNewAcl = 0;
  299. PACL pNewAcl = NULL;
  301. do
  302. {
  303. BOOL bRet;
  305. //
  306. // Get the User SID from the token
  307. //
  309. // Get buffer size
  310. bRet = GetTokenInformation( hThreadToken,
  311. TokenUser,
  312. NULL,
  313. 0,
  314. &cbTokenUserBuffer
  315. );
  316. DBG_ASSERT( bRet == FALSE );
  318. pvTokenUserBuffer = LocalAlloc( LPTR, cbTokenUserBuffer );
  319. if( !pvTokenUserBuffer )
  320. {
  321. DBG_ASSERT( pvTokenUserBuffer );
  322. hr = E_OUTOFMEMORY;
  323. break;
  324. }
  326. // Get TokenUser
  327. bRet = GetTokenInformation( hThreadToken,
  328. TokenUser,
  329. pvTokenUserBuffer,
  330. cbTokenUserBuffer,
  331. &cbTokenUserBuffer
  332. );
  333. if( !bRet )
  334. {
  335. DBG_ASSERT( bRet );
  336. hr = HRESULT_FROM_WIN32( GetLastError() );
  337. break;
  338. }
  340. PSID pSidUser = ((TOKEN_USER *)pvTokenUserBuffer)->User.Sid;
  342. DBG_ASSERT( pSidUser );
  344. //
  345. // Allocate and init our new ACL
  346. //
  347. cbNewAcl = sizeof(ACL) +
  348. sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pSidUser) - sizeof(DWORD) +
  349. sizeof(ACCESS_ALLOWED_ACE) + m_cbSystemSid - sizeof(DWORD) +
  350. sizeof(ACCESS_ALLOWED_ACE) + m_cbIWAMUserSid - sizeof(DWORD);
  352. pNewAcl = (PACL)LocalAlloc( LPTR, cbNewAcl );
  353. if( !pNewAcl )
  354. {
  355. DBG_ASSERT( pNewAcl );
  356. hr = E_OUTOFMEMORY;
  357. break;
  358. }
  360. bRet = InitializeAcl( pNewAcl, cbNewAcl, ACL_REVISION );
  361. if( !bRet )
  362. {
  363. DBG_ASSERT( bRet );
  364. hr = HRESULT_FROM_WIN32( GetLastError() );
  365. break;
  366. }
  368. //
  369. // Add the aces
  370. //
  371. bRet = AddAccessAllowedAce( pNewAcl,
  372. ACL_REVISION,
  373. GENERIC_ALL | STANDARD_RIGHTS_ALL,
  374. pSidUser
  375. );
  376. if( !bRet )
  377. {
  378. DBG_ASSERT( bRet );
  379. hr = HRESULT_FROM_WIN32( GetLastError() );
  380. break;
  381. }
  383. bRet = AddAccessAllowedAce( pNewAcl,
  384. ACL_REVISION,
  385. GENERIC_ALL | STANDARD_RIGHTS_ALL,
  386. m_pSystemSid
  387. );
  388. if( !bRet )
  389. {
  390. DBG_ASSERT( bRet );
  391. hr = HRESULT_FROM_WIN32( GetLastError() );
  392. break;
  393. }
  395. bRet = AddAccessAllowedAce( pNewAcl,
  396. ACL_REVISION,
  397. GENERIC_ALL | STANDARD_RIGHTS_ALL,
  398. m_pIWAMUserSid
  399. );
  400. if( !bRet )
  401. {
  402. DBG_ASSERT( bRet );
  403. hr = HRESULT_FROM_WIN32( GetLastError() );
  404. break;
  405. }
  407. // Blast the new DACL into our token
  408. TOKEN_DEFAULT_DACL tddNew;
  409. tddNew.DefaultDacl = pNewAcl;
  411. bRet = SetTokenInformation( hThreadToken,
  412. TokenDefaultDacl,
  413. &tddNew,
  414. cbNewAcl
  415. );
  416. if( !bRet )
  417. {
  418. DBG_ASSERT( bRet );
  419. hr = HRESULT_FROM_WIN32( GetLastError() );
  420. break;
  421. }
  423. }while(FALSE);
  425. if( pvTokenUserBuffer )
  426. {
  427. LocalFree( pvTokenUserBuffer );
  428. }
  429. if( pNewAcl )
  430. {
  431. LocalFree( pNewAcl );
  432. }
  434. DBG_ASSERT( SUCCEEDED(hr) );
  435. return hr;
  436. }