archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
3.8 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/services/drizzle/newjob/csd.cpp

722 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. /************************************************************************
  3. Copyright (c) 2000 - 2000 Microsoft Corporation
  5. Module Name :
  7. csd.cpp
  9. Abstract :
  11. Main code file for SID and SECURITY_DESCRIPTOR abstraction.
  13. Author :
  15. Revision History :
  17. ***********************************************************************/
  19. #include "stdafx.h"
  20. #include <accctrl.h>
  21. #include <malloc.h>
  22. #include <aclapi.h>
  24. #if !defined(BITS_V12_ON_NT4)
  25. #include "csd.tmh"
  26. #endif
  28. //------------------------------------------------------------------------
  30. CNestedImpersonation::CNestedImpersonation(
  31. SidHandle sid
  32. )
  33. : m_Sid( sid ),
  34. m_ImpersonationToken( NULL ),
  35. m_fImpersonated( false ),
  36. m_fDeleteToken( true )
  37. {
  38. try
  39. {
  40. THROW_HRESULT( g_Manager->CloneUserToken( m_Sid, ANY_SESSION, &m_ImpersonationToken ));
  42. Impersonate();
  43. }
  44. catch( ComError Error )
  45. {
  46. Revert();
  48. if (m_ImpersonationToken && m_fDeleteToken)
  49. {
  50. CloseHandle( m_ImpersonationToken );
  51. }
  53. throw;
  54. }
  55. }
  57. CNestedImpersonation::CNestedImpersonation(
  58. HANDLE token
  59. )
  60. : m_ImpersonationToken( token ),
  61. m_fImpersonated( false ),
  62. m_fDeleteToken( false )
  63. {
  64. Impersonate();
  65. }
  67. CNestedImpersonation::CNestedImpersonation()
  68. : m_ImpersonationToken( NULL ),
  69. m_fImpersonated( false ),
  70. m_fDeleteToken( true )
  71. {
  72. //
  73. // Failure will cause the base object's destructor to restore the old thread token.
  74. //
  76. try
  77. {
  78. HRESULT hr = CoImpersonateClient();
  80. switch (hr)
  81. {
  82. case S_OK:
  83. {
  84. m_fImpersonated = true;
  85. m_ImpersonationToken = CopyThreadToken();
  87. #if defined(BITS_V12_ON_NT4)
  88. RTL_VERIFY( SUCCEEDED( CoRevertToSelf() ) );
  89. m_fImpersonated = false;
  90. RTL_VERIFY( SetThreadToken( NULL, m_ImpersonationToken ) );
  91. m_fImpersonated = true;
  92. #endif
  93. break;
  94. }
  96. case RPC_E_CALL_COMPLETE:
  97. {
  98. m_ImpersonationToken = CopyThreadToken();
  99. if (m_ImpersonationToken)
  100. {
  101. //
  102. // thread was already impersonating someone when it called the BITS routine.
  103. //
  104. m_fImpersonated = true;
  105. }
  106. else
  107. {
  108. //
  109. // Thread is not impersonating. Impersonate the process owner.
  110. //
  111. if (!ImpersonateSelf( SecurityImpersonation ))
  112. {
  113. throw ComError( HRESULT_FROM_WIN32( GetLastError() ));
  114. }
  116. m_fImpersonated = true;
  117. m_ImpersonationToken = CopyThreadToken();
  118. }
  119. break;
  120. }
  122. default:
  123. throw ComError( hr );
  124. }
  125. }
  126. catch( ComError err )
  127. {
  128. if (m_ImpersonationToken)
  129. {
  130. CloseHandle( m_ImpersonationToken );
  131. m_ImpersonationToken = NULL;
  132. }
  134. throw;
  135. }
  136. }
  138. void
  139. CNestedImpersonation::SwitchToLogonToken()
  140. {
  141. HANDLE token = m_ImpersonationToken;
  143. SidHandle sid = CopyTokenSid( m_ImpersonationToken );
  145. THROW_HRESULT( g_Manager->CloneUserToken( sid,
  146. GetSession(),
  147. &m_ImpersonationToken ));
  149. m_fImpersonated = false;
  151. if (m_fDeleteToken)
  152. {
  153. CloseHandle( token );
  154. }
  156. m_fDeleteToken = true;
  158. Impersonate();
  159. }
  161. DWORD
  162. CNestedImpersonation::GetSession()
  163. {
  165. #if defined(BITS_V12_ON_NT4)
  166. return 0;
  167. #else
  168. DWORD session;
  169. DWORD used;
  171. if (!GetTokenInformation( m_ImpersonationToken,
  172. TokenSessionId,
  173. &session,
  174. sizeof(DWORD),
  175. &used))
  176. {
  177. ThrowLastError();
  178. }
  180. return session;
  181. #endif
  182. }
  184. //------------------------------------------------------------------------
  186. GENERIC_MAPPING CJobSecurityDescriptor::s_AccessMapping =
  187. {
  188. STANDARD_RIGHTS_READ,
  189. STANDARD_RIGHTS_WRITE,
  190. STANDARD_RIGHTS_EXECUTE,
  191. STANDARD_RIGHTS_ALL
  192. };
  194. CJobSecurityDescriptor::CJobSecurityDescriptor(
  195. SidHandle OwnerSid
  196. )
  197. {
  198. PACL pACL = NULL;
  199. PSECURITY_DESCRIPTOR pSD = 0;
  201. try
  202. {
  203. EXPLICIT_ACCESS ea[2];
  204. size_t SizeNeeded;
  206. pSD = (PSECURITY_DESCRIPTOR) new char[SECURITY_DESCRIPTOR_MIN_LENGTH];
  208. if (!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
  209. {
  210. HRESULT HrError = HRESULT_FROM_WIN32( GetLastError() );
  211. LogError( "InitializeSecurityDescriptor Error %!winerr!", HrError );
  212. throw ComError( HrError );
  213. }
  215. if (!SetSecurityDescriptorOwner( pSD, OwnerSid.get(), TRUE))
  216. {
  217. HRESULT HrError = HRESULT_FROM_WIN32( GetLastError() );
  218. LogError( "SetSecurityDescriptorOwner Error %!winerr!", HrError );
  219. throw ComError( HrError );
  220. }
  222. if (!SetSecurityDescriptorGroup( pSD, OwnerSid.get(), TRUE))
  223. {
  224. HRESULT HrError = HRESULT_FROM_WIN32( GetLastError() );
  225. LogError( "SetSecurityDescriptorGroup Error %!winerr!", HrError );
  226. throw ComError( HrError );
  227. }
  229. // Initialize an EXPLICIT_ACCESS structure for an ACE.
  230. // The ACE will allow the Administrators group full access to the key.
  231. memset(ea, 0, sizeof(ea));
  233. ea[0].grfAccessPermissions = KEY_ALL_ACCESS;
  234. ea[0].grfAccessMode = SET_ACCESS;
  235. ea[0].grfInheritance= NO_INHERITANCE;
  236. ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  237. ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
  238. ea[0].Trustee.ptstrName = (LPTSTR) OwnerSid.get();
  240. // Initialize an EXPLICIT_ACCESS structure for an ACE.
  241. // The ACE will allow the Administrators group full access to the key.
  243. ea[1].grfAccessPermissions = KEY_ALL_ACCESS;
  244. ea[1].grfAccessMode = SET_ACCESS;
  245. ea[1].grfInheritance= NO_INHERITANCE;
  246. ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
  247. ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
  248. ea[1].Trustee.ptstrName = (LPTSTR) g_GlobalInfo->m_AdministratorsSid.get();
  250. // Create a new ACL that contains the new ACEs.
  252. DWORD s = SetEntriesInAcl(2, ea, NULL, &pACL);
  253. if (s != ERROR_SUCCESS)
  254. {
  255. HRESULT HrError = HRESULT_FROM_WIN32( s );
  256. LogError( "create SD : SetEntriesInAcl failed %!winerr!", HrError );
  257. throw ComError( HrError );
  258. }
  260. // Add the ACL to the security descriptor.
  262. if (!SetSecurityDescriptorDacl( pSD,
  263. TRUE, // fDaclPresent flag
  264. pACL,
  265. TRUE)) // a default DACL
  266. {
  267. HRESULT HrError = HRESULT_FROM_WIN32( GetLastError() );
  268. LogError( "SetSecurityDescriptorDacl Error %!winerr!", HrError );
  269. throw ComError( HrError );
  270. }
  272. //
  273. // Add the pointers our object.
  274. //
  275. m_sd = pSD;
  276. m_sdOwnerSid = OwnerSid;
  277. m_sdGroupSid = OwnerSid;
  278. m_Dacl = pACL;
  279. }
  280. catch( ComError exception )
  281. {
  282. if (pACL)
  283. LocalFree(pACL);
  285. if (pSD)
  286. delete[] ((char*)pSD);
  288. throw;
  289. }
  290. }
  292. CJobSecurityDescriptor::CJobSecurityDescriptor(
  293. PSECURITY_DESCRIPTOR sd,
  294. SidHandle sdOwnerSid,
  295. SidHandle sdGroupSid,
  296. PACL sdDacl
  297. )
  298. {
  299. m_sd = sd;
  300. m_sdOwnerSid = sdOwnerSid;
  301. m_sdGroupSid = sdGroupSid;
  302. m_Dacl = sdDacl;
  303. }
  306. CJobSecurityDescriptor::~CJobSecurityDescriptor()
  307. {
  308. if (m_Dacl)
  309. LocalFree(m_Dacl);
  311. delete m_sd;
  312. }
  315. HRESULT
  316. CJobSecurityDescriptor::_ModifyAcl(
  317. PSID sid,
  318. BOOL fGroupSid,
  319. DWORD access,
  320. BOOL fAdd
  321. )
  322. {
  323. HRESULT hr;
  324. DWORD dwRes;
  325. PACL pNewAcl = NULL;
  326. EXPLICIT_ACCESS ea;
  328. // Initialize an EXPLICIT_ACCESS structure for the new ACE.
  330. ZeroMemory(&ea, sizeof(EXPLICIT_ACCESS));
  331. ea.grfAccessPermissions = access;
  332. ea.grfAccessMode = (fAdd) ? SET_ACCESS : REVOKE_ACCESS;
  333. ea.grfInheritance = NO_INHERITANCE;
  334. ea.Trustee.TrusteeForm = TRUSTEE_IS_SID;
  335. ea.Trustee.TrusteeType = (fGroupSid) ? TRUSTEE_IS_GROUP : TRUSTEE_IS_USER;
  336. ea.Trustee.ptstrName = LPTSTR(sid);
  338. // Create a new ACL that merges the new ACE
  339. // into the existing DACL.
  341. dwRes = SetEntriesInAcl( 1, &ea, m_Dacl, &pNewAcl );
  342. if (ERROR_SUCCESS != dwRes)
  343. {
  344. hr = HRESULT_FROM_WIN32( dwRes );
  345. goto Cleanup;
  346. }
  348. // Attach the new ACL as the object's DACL.
  350. if (!SetSecurityDescriptorDacl( m_sd,
  351. TRUE, // fDaclPresent flag
  352. pNewAcl,
  353. FALSE )) // a default DACL
  354. {
  355. hr = HRESULT_FROM_WIN32( GetLastError() );
  356. LogError( "SetSecurityDescriptorDacl Error %!winerr!", hr );
  357. goto Cleanup;
  358. }
  360. LocalFree( m_Dacl );
  362. m_Dacl = pNewAcl;
  364. pNewAcl = NULL;
  366. hr = S_OK;
  368. Cleanup:
  370. if(pNewAcl)
  371. LocalFree((HLOCAL) pNewAcl);
  373. return hr;
  374. }
  376. HRESULT
  377. CJobSecurityDescriptor::CheckTokenAccess(
  378. HANDLE hToken,
  379. DWORD RequestedAccess,
  380. DWORD * pAllowedAccess,
  381. BOOL * pSuccess
  382. )
  383. {
  385. PRIVILEGE_SET * PrivilegeSet = 0;
  386. DWORD PrivilegeSetSize;
  387. //
  388. // Get space for the privilege set. I don't expect to use any...
  389. //
  390. PrivilegeSetSize = sizeof(PRIVILEGE_SET) + sizeof(LUID_AND_ATTRIBUTES);
  391. auto_ptr<char> Buffer;
  393. try
  394. {
  395. Buffer = auto_ptr<char>( new char[ PrivilegeSetSize ] );
  396. }
  397. catch( ComError Error )
  398. {
  399. return Error.Error();
  400. }
  402. PrivilegeSet = (PRIVILEGE_SET *) Buffer.get();
  404. //
  405. // See whether the security descriptor allows access.
  406. //
  407. if (!AccessCheck( m_sd,
  408. hToken,
  409. RequestedAccess,
  410. &s_AccessMapping,
  411. PrivilegeSet,
  412. &PrivilegeSetSize,
  413. pAllowedAccess,
  414. pSuccess
  415. ))
  416. {
  417. HRESULT HrError = HRESULT_FROM_WIN32( GetLastError() );
  418. LogError( "AccessCheck failed, error %!winerr!", HrError );
  419. return HrError;
  420. }
  422. return S_OK;
  424. }
  426. HRESULT
  427. CJobSecurityDescriptor::Serialize(
  428. HANDLE hFile
  429. )
  430. {
  431. try
  432. {
  433. ULONG SdSize;
  434. auto_ptr<char> pSD; // auto_ptr<void> apparently doesn't work
  436. //
  437. // Convert the security descriptor into self-relative format for storage.
  438. //
  439. SdSize = 0;
  440. MakeSelfRelativeSD( m_sd, NULL, &SdSize );
  441. if (SdSize == 0)
  442. {
  443. throw ComError( HRESULT_FROM_WIN32(GetLastError()) );
  444. }
  446. pSD = auto_ptr<char>( new char[ SdSize ] );
  448. if (!MakeSelfRelativeSD( m_sd, pSD.get(), &SdSize ))
  449. {
  450. throw ComError( HRESULT_FROM_WIN32(GetLastError()) );
  451. }
  453. SafeWriteFile( hFile, SdSize );
  454. SafeWriteFile( hFile, pSD.get(), SdSize );
  455. }
  456. catch( ComError err )
  457. {
  458. LogError("SD serialize failed with %!winerr!", err.Error() );
  460. throw;
  461. }
  463. return S_OK;
  464. }
  467. CJobSecurityDescriptor *
  468. CJobSecurityDescriptor::Unserialize(
  469. HANDLE hFile
  470. )
  471. {
  472. //
  473. // Allocations here must match the deletes in the destructor.
  474. //
  475. char * SdBuf = 0;
  476. char * DaclBuf = 0;
  477. CJobSecurityDescriptor * pObject = NULL;
  479. try
  480. {
  481. DWORD SdSize = 0;
  482. DWORD DaclSize = 0;
  483. DWORD SaclSize = 0;
  484. DWORD OwnerSize = 0;
  485. DWORD GroupSize = 0;
  487. PSECURITY_DESCRIPTOR sd;
  488. auto_ptr<char> pSD; // auto_ptr<void> apparently doesn't work
  490. PACL sdDacl;
  491. PACL sdSacl;
  494. SafeReadFile( hFile, &SdSize );
  496. pSD = auto_ptr<char>( new char[ SdSize ] );
  498. SafeReadFile( hFile, pSD.get(), SdSize );
  500. MakeAbsoluteSD( pSD.get(),
  501. NULL, &SdSize,
  502. NULL, &DaclSize,
  503. NULL, &SaclSize,
  504. NULL, &OwnerSize,
  505. NULL, &GroupSize
  506. );
  508. if (!SdSize || !DaclSize || !OwnerSize || !GroupSize)
  509. {
  510. throw ComError( HRESULT_FROM_WIN32(GetLastError()));
  511. }
  513. SdBuf = new char[ SdSize + SaclSize ];
  514. SidHandle OwnerSid = new char[ OwnerSize ];
  515. SidHandle GroupSid = new char[ GroupSize ];
  517. DaclBuf = (char *) LocalAlloc( LMEM_FIXED, DaclSize );
  519. sdDacl = (PACL) DaclBuf;
  520. sd = (PSECURITY_DESCRIPTOR) SdBuf;
  521. sdSacl = (PACL) (SdBuf+SdSize);
  523. if (!MakeAbsoluteSD( pSD.get(),
  524. sd, &SdSize,
  525. sdDacl, &DaclSize,
  526. sdSacl, &SaclSize,
  527. OwnerSid.get(), &OwnerSize,
  528. GroupSid.get(), &GroupSize
  529. ))
  530. {
  531. throw ComError( HRESULT_FROM_WIN32(GetLastError()));
  532. }
  534. pObject = new CJobSecurityDescriptor( sd,
  535. OwnerSid,
  536. GroupSid,
  537. sdDacl
  538. );
  539. }
  540. catch (ComError exception)
  541. {
  542. delete[] SdBuf;
  544. LocalFree( DaclBuf );
  545. delete pObject;
  547. throw;
  548. }
  550. return pObject;
  551. }
  553. //------------------------------------------------------------------------
  555. PSID
  556. CopyTokenSid(
  557. HANDLE Token
  558. )
  559. {
  560. TOKEN_USER * TokenData;
  561. DWORD SizeNeeded;
  563. // Get the size first.
  564. if (!GetTokenInformation(
  565. Token,
  566. TokenUser,
  567. 0,
  568. 0,
  569. &SizeNeeded
  570. ))
  571. {
  572. DWORD dwLastError = GetLastError();
  574. if (ERROR_INSUFFICIENT_BUFFER != dwLastError)
  575. {
  576. THROW_HRESULT( HRESULT_FROM_WIN32( GetLastError()));
  577. }
  578. }
  580. auto_ptr<char> Buffer( new char[ SizeNeeded ] );
  581. TokenData = (TOKEN_USER *) Buffer.get();
  583. if (!GetTokenInformation(
  584. Token,
  585. TokenUser,
  586. TokenData,
  587. SizeNeeded,
  588. &SizeNeeded
  589. ))
  590. {
  591. THROW_HRESULT( HRESULT_FROM_WIN32( GetLastError()));
  592. }
  594. PSID sid = DuplicateSid( TokenData->User.Sid );
  595. if (sid == NULL)
  596. {
  597. THROW_HRESULT( E_OUTOFMEMORY);
  598. }
  600. return sid;
  601. }
  604. HANDLE
  605. CopyThreadToken()
  606. /*
  608. Makes a copy of the current thread's impersonation token.
  609. Returns NULL if not impersonating.
  610. Throws an exception if an error occurs.
  612. */
  613. {
  614. HANDLE token = NULL;
  616. if (OpenThreadToken( GetCurrentThread(),
  617. MAXIMUM_ALLOWED,
  618. TRUE,
  619. &token))
  620. {
  621. return token;
  622. }
  623. else if (GetLastError() == ERROR_NO_TOKEN)
  624. {
  625. return NULL;
  626. }
  627. else
  628. {
  629. throw ComError( HRESULT_FROM_WIN32( GetLastError() ));
  630. }
  631. }
  633. SidHandle
  634. GetThreadClientSid()
  635. /*
  637. Returns the SID of the current thread's COM client.
  638. Throws an exception if an error occurs.
  640. */
  641. {
  642. CNestedImpersonation imp;
  644. return imp.CopySid();
  645. }
  649. HRESULT
  650. IsRemoteUser()
  651. {
  652. return CheckClientGroupMembership( g_GlobalInfo->m_NetworkUsersSid );
  653. }
  656. HRESULT
  657. CheckClientGroupMembership(
  658. SidHandle group
  659. )
  660. {
  661. try
  662. {
  663. BOOL fIsMember;
  665. CNestedImpersonation imp;
  667. if (!CheckTokenMembership( imp.QueryToken(),
  668. group.get(),
  669. &fIsMember))
  670. {
  671. return HRESULT_FROM_WIN32( GetLastError() );
  672. }
  674. if (fIsMember)
  675. {
  676. return S_OK;
  677. }
  679. return S_FALSE;
  680. }
  681. catch( ComError Error )
  682. {
  683. return Error.Error();
  684. }
  685. }
  687. HRESULT
  688. DenyRemoteAccess()
  689. {
  690. HRESULT hr = CheckClientGroupMembership( g_GlobalInfo->m_NetworkUsersSid );
  692. if (FAILED(hr))
  693. {
  694. return hr;
  695. }
  697. if (hr == S_OK)
  698. {
  699. return BG_E_REMOTE_NOT_SUPPORTED;
  700. }
  702. return S_OK;
  703. }
  705. HRESULT
  706. DenyNonAdminAccess()
  707. {
  708. HRESULT hr = CheckClientGroupMembership( g_GlobalInfo->m_AdministratorsSid );
  710. if (FAILED(hr))
  711. {
  712. return hr;
  713. }
  715. if (hr == S_FALSE)
  716. {
  717. return E_ACCESSDENIED;
  718. }
  720. return S_OK;
  721. }