archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
3.8 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/snapin/filemgmt/permpage.cpp

340 lines
8.3 KiB
Raw Normal View History

Add source files
4 years ago
  1. // PermPage.cpp : Implementation of data object classes
  3. #include "stdafx.h"
  4. #include "cookie.h"
  6. #include "macros.h"
  7. USE_HANDLE_MACROS("FILEMGMT(PermPage.cpp)")
  9. #include "DynamLnk.h" // DynamicDLL
  11. #include "PermPage.h"
  13. #ifdef _DEBUG
  14. #define new DEBUG_NEW
  15. #undef THIS_FILE
  16. static char THIS_FILE[] = __FILE__;
  17. #endif
  19. /*
  20. * Share General Permissions -- from shareacl.hxx
  21. #define FILE_PERM_GEN_NO_ACCESS (0)
  22. #define FILE_PERM_GEN_READ (GENERIC_READ |\
  23. GENERIC_EXECUTE)
  24. #define FILE_PERM_GEN_MODIFY (GENERIC_READ |\
  25. GENERIC_EXECUTE |\
  26. GENERIC_WRITE |\
  27. DELETE )
  28. #define FILE_PERM_GEN_ALL (GENERIC_ALL)
  29. */
  31. SI_ACCESS siShareAccesses[] =
  32. {
  33. { &GUID_NULL,
  34. FILE_ALL_ACCESS,
  35. MAKEINTRESOURCE(IDS_SHAREPERM_ALL),
  36. SI_ACCESS_GENERAL },
  37. { &GUID_NULL,
  38. FILE_GENERIC_READ | FILE_EXECUTE | FILE_GENERIC_WRITE | DELETE,
  39. MAKEINTRESOURCE(IDS_SHAREPERM_MODIFY),
  40. SI_ACCESS_GENERAL },
  41. { &GUID_NULL,
  42. FILE_GENERIC_READ | FILE_EXECUTE,
  43. MAKEINTRESOURCE(IDS_SHAREPERM_READ),
  44. SI_ACCESS_GENERAL }
  45. };
  47. #define iShareDefAccess 2 // index of value in array siShareAccesses
  48. #ifndef ARRAYSIZE
  49. #define ARRAYSIZE(x) (sizeof(x)/sizeof(x[0]))
  50. #endif
  52. STDMETHODIMP
  53. CSecurityInformation::GetAccessRights(
  54. const GUID * /*pguidObjectType*/,
  55. DWORD /*dwFlags*/,
  56. PSI_ACCESS *ppAccess,
  57. ULONG *pcAccesses,
  58. ULONG *piDefaultAccess
  59. )
  60. {
  61. ASSERT(ppAccess);
  62. ASSERT(pcAccesses);
  63. ASSERT(piDefaultAccess);
  65. *ppAccess = siShareAccesses;
  66. *pcAccesses = ARRAYSIZE(siShareAccesses);
  67. *piDefaultAccess = iShareDefAccess;
  69. return S_OK;
  70. }
  72. // This is consistent with the NETUI code
  73. GENERIC_MAPPING ShareMap =
  74. {
  75. FILE_GENERIC_READ,
  76. FILE_GENERIC_WRITE,
  77. FILE_GENERIC_EXECUTE,
  78. FILE_ALL_ACCESS
  79. };
  81. STDMETHODIMP
  82. CSecurityInformation::MapGeneric(
  83. const GUID * /*pguidObjectType*/,
  84. UCHAR * /*pAceFlags*/,
  85. ACCESS_MASK *pMask
  86. )
  87. {
  88. ASSERT(pMask);
  90. MapGenericMask(pMask, &ShareMap);
  92. return S_OK;
  93. }
  95. STDMETHODIMP
  96. CSecurityInformation::GetInheritTypes (
  97. PSI_INHERIT_TYPE * /*ppInheritTypes*/,
  98. ULONG * /*pcInheritTypes*/
  99. )
  100. {
  101. return E_NOTIMPL;
  102. }
  104. STDMETHODIMP
  105. CSecurityInformation::PropertySheetPageCallback(
  106. HWND /*hwnd*/,
  107. UINT /*uMsg*/,
  108. SI_PAGE_TYPE /*uPage*/
  109. )
  110. {
  111. return S_OK;
  112. }
  114. /*
  115. JeffreyS 1/24/97:
  116. If you don't set the SI_RESET flag in
  117. ISecurityInformation::GetObjectInformation, then fDefault should never be TRUE
  118. so you can ignore it. Returning E_NOTIMPL in this case is OK too.
  120. If you want the user to be able to reset the ACL to some default state
  121. (defined by you) then turn on SI_RESET and return your default ACL
  122. when fDefault is TRUE. This happens if/when the user pushes a button
  123. that is only visible when SI_RESET is on.
  124. */
  125. STDMETHODIMP CShareSecurityInformation::GetObjectInformation (
  126. PSI_OBJECT_INFO pObjectInfo )
  127. {
  128. ASSERT(pObjectInfo != NULL &&
  129. !IsBadWritePtr(pObjectInfo, sizeof(*pObjectInfo)));
  131. pObjectInfo->dwFlags = SI_EDIT_ALL | SI_NO_ACL_PROTECT | SI_PAGE_TITLE;
  132. pObjectInfo->hInstance = g_hInstanceSave;
  133. pObjectInfo->pszServerName = QueryMachineName();
  134. pObjectInfo->pszObjectName = QueryShareName();
  135. pObjectInfo->pszPageTitle = QueryPageTitle();
  137. return S_OK;
  138. }
  140. typedef enum _AcluiApiIndex
  141. {
  142. ACLUI_CREATE_PAGE = 0
  143. };
  145. // not subject to localization
  146. static LPCSTR g_apchFunctionNames[] = {
  147. "CreateSecurityPage",
  148. NULL
  149. };
  151. // not subject to localization
  152. DynamicDLL g_AcluiDLL( _T("ACLUI.DLL"), g_apchFunctionNames );
  154. /*
  155. HPROPSHEETPAGE ACLUIAPI CreateSecurityPage( LPSECURITYINFO psi );
  156. */
  157. typedef HPROPSHEETPAGE (*CREATEPAGE_PROC) (LPSECURITYINFO);
  159. HRESULT
  160. MyCreateShareSecurityPage(
  161. IN LPPROPERTYSHEETCALLBACK pCallBack,
  162. IN CShareSecurityInformation *pSecInfo,
  163. IN LPCTSTR pszMachineName,
  164. IN LPCTSTR pszShareName
  165. )
  166. {
  167. ASSERT( pCallBack );
  168. ASSERT( pSecInfo );
  170. HRESULT hr = S_OK;
  172. if ( !g_AcluiDLL.LoadFunctionPointers() )
  173. return hr; // ignore the load failure
  175. pSecInfo->SetMachineName( pszMachineName );
  176. pSecInfo->SetShareName( pszShareName );
  177. CString csPageTitle;
  178. csPageTitle.LoadString(IDS_SHARE_SECURITY);
  179. pSecInfo->SetPageTitle( csPageTitle );
  181. pSecInfo->AddRef();
  183. HPROPSHEETPAGE hPage = ((CREATEPAGE_PROC)g_AcluiDLL[ACLUI_CREATE_PAGE])(pSecInfo);
  184. if (hPage)
  185. pCallBack->AddPage(hPage);
  186. else
  187. hr = HRESULT_FROM_WIN32(GetLastError());
  189. pSecInfo->Release();
  191. return hr;
  192. }
  194. HRESULT
  195. CSecurityInformation::NewDefaultDescriptor(
  196. OUT PSECURITY_DESCRIPTOR *ppsd,
  197. IN SECURITY_INFORMATION /*RequestedInformation*/
  198. )
  199. {
  200. ASSERT(ppsd);
  202. *ppsd = NULL;
  204. PSID psidWorld = NULL, psidAdmins = NULL;
  205. PACL pAcl = NULL;
  206. SECURITY_DESCRIPTOR sd;
  207. DWORD dwErr = 0;
  209. do { // false loop
  211. // get World SID for "everyone"
  212. SID_IDENTIFIER_AUTHORITY IDAuthorityWorld = SECURITY_WORLD_SID_AUTHORITY;
  213. if ( !::AllocateAndInitializeSid(
  214. &IDAuthorityWorld,
  215. 1,
  216. SECURITY_WORLD_RID,
  217. 0,0,0,0,0,0,0,
  218. &psidWorld ) )
  219. {
  220. dwErr = GetLastError();
  221. break;
  222. }
  224. // get Admins SID
  225. SID_IDENTIFIER_AUTHORITY IDAuthorityNT = SECURITY_NT_AUTHORITY;
  226. if ( !::AllocateAndInitializeSid(
  227. &IDAuthorityNT,
  228. 2,
  229. SECURITY_BUILTIN_DOMAIN_RID,
  230. DOMAIN_ALIAS_RID_ADMINS,
  231. 0,0,0,0,0,0,
  232. &psidAdmins ) )
  233. {
  234. dwErr = GetLastError();
  235. break;
  236. }
  238. // build ACL, and add AccessAllowedAce to it
  239. DWORD cbAcl = sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) +
  240. ::GetLengthSid(psidWorld) - sizeof (DWORD);
  241. pAcl = reinterpret_cast<ACL *>(LocalAlloc(LPTR, cbAcl));
  242. if ( !pAcl ||
  243. !::InitializeAcl(pAcl, cbAcl, ACL_REVISION2) ||
  244. !::AddAccessAllowedAce(pAcl, ACL_REVISION2, GENERIC_ALL, psidWorld) )
  245. {
  246. dwErr = GetLastError();
  247. break;
  248. }
  250. // add ACL to the security descriptor, and set Owner and Group appropriately
  251. if ( !::InitializeSecurityDescriptor(&sd, SECURITY_DESCRIPTOR_REVISION) ||
  252. !::SetSecurityDescriptorDacl(&sd, TRUE, pAcl, FALSE) ||
  253. !::SetSecurityDescriptorOwner(&sd, psidAdmins, FALSE) ||
  254. !::SetSecurityDescriptorGroup(&sd, psidAdmins, FALSE) )
  255. {
  256. dwErr = GetLastError();
  257. break;
  258. }
  260. // convert security descriptor to self-relative format
  261. DWORD cbSD = 0;
  262. ::MakeSelfRelativeSD(&sd, NULL, &cbSD); // this call should fail and set cbSD to the correct size
  263. *ppsd = (PSECURITY_DESCRIPTOR)(LocalAlloc(LPTR, cbSD));
  264. if ( !(*ppsd) || !::MakeSelfRelativeSD(&sd, *ppsd, &cbSD) )
  265. {
  266. dwErr = GetLastError();
  267. break;
  268. }
  270. } while (FALSE); // false loop
  272. // clean up
  273. if (psidWorld)
  274. (void)::FreeSid(psidWorld);
  275. if (psidAdmins)
  276. (void)::FreeSid(psidAdmins);
  278. if (pAcl)
  279. LocalFree(pAcl);
  281. if (dwErr && *ppsd)
  282. {
  283. LocalFree(*ppsd);
  284. *ppsd = NULL;
  285. }
  287. return (dwErr ? HRESULT_FROM_WIN32(dwErr) : S_OK);
  288. }
  290. HRESULT
  291. CSecurityInformation::MakeSelfRelativeCopy(
  292. IN PSECURITY_DESCRIPTOR psdOriginal,
  293. OUT PSECURITY_DESCRIPTOR *ppsdNew
  294. )
  295. {
  296. ASSERT(psdOriginal);
  297. ASSERT(ppsdNew);
  299. *ppsdNew = NULL;
  301. DWORD dwErr = 0;
  302. PSECURITY_DESCRIPTOR psdSelfRelative = NULL;
  304. do { // false loop
  306. DWORD cbSD = ::GetSecurityDescriptorLength(psdOriginal);
  307. psdSelfRelative = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, cbSD);
  308. if ( !psdSelfRelative )
  309. {
  310. dwErr = ::GetLastError();
  311. break;
  312. }
  314. // we have to find out whether the original is already self-relative
  315. SECURITY_DESCRIPTOR_CONTROL sdc = 0;
  316. DWORD dwRevision = 0;
  317. if ( !::GetSecurityDescriptorControl(psdOriginal, &sdc, &dwRevision) )
  318. {
  319. dwErr = ::GetLastError();
  320. break;
  321. }
  323. if (sdc & SE_SELF_RELATIVE)
  324. {
  325. ::memcpy(psdSelfRelative, psdOriginal, cbSD);
  326. } else if ( !::MakeSelfRelativeSD(psdOriginal, psdSelfRelative, &cbSD) )
  327. {
  328. dwErr = ::GetLastError();
  329. break;
  330. }
  332. *ppsdNew = psdSelfRelative;
  334. } while (FALSE);
  336. if (dwErr && psdSelfRelative)
  337. LocalFree(psdSelfRelative);
  339. return (dwErr ? HRESULT_FROM_WIN32(dwErr) : S_OK);
  340. }