|
|
/*++
Copyright (c) 1991-1992 Microsoft Corporation
Module Name:
secobj.c
Abstract:
This module provides support routines to simplify the creation of security descriptors for user-mode objects.
Author:
Cliff Van Dyke (CliffV) 09-Feb-1994
Environment:
Contains NT specific code.
Revision History:
Cliff Van Dyke (CliffV) 09-Feb-1994 Split off from secobj.c so NtLmSsp can reference secobj.c without loading the rpc libaries.
--*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h> // DWORD.
#include <lmcons.h> // NET_API_STATUS.
#include <netlib.h>
#include <lmerr.h>
#include <netdebug.h>
#include <debuglib.h>
#include <rpc.h>
#include <rpcutil.h>
#include <secobj.h>
NET_API_STATUS NetpAccessCheckAndAudit( IN LPTSTR SubsystemName, IN LPTSTR ObjectTypeName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping ) /*++
Routine Description:
This function impersonates the caller so that it can perform access validation using NtAccessCheckAndAuditAlarm; and reverts back to itself before returning.
Arguments:
SubsystemName - Supplies a name string identifying the subsystem calling this routine.
ObjectTypeName - Supplies the name of the type of the object being accessed.
SecurityDescriptor - A pointer to the Security Descriptor against which acccess is to be checked.
DesiredAccess - Supplies desired acccess mask. This mask must have been previously mapped to contain no generic accesses.
GenericMapping - Supplies a pointer to the generic mapping associated with this object type.
Return Value:
NET_API_STATUS - NERR_Success or reason for failure.
--*/ {
NTSTATUS NtStatus; RPC_STATUS RpcStatus; BOOLEAN fWasEnabled;
UNICODE_STRING Subsystem; UNICODE_STRING ObjectType; UNICODE_STRING ObjectName;
#ifndef UNICODE
OEM_STRING AnsiString; #endif
ACCESS_MASK GrantedAccess; BOOLEAN GenerateOnClose; NTSTATUS AccessStatus;
#ifdef UNICODE
RtlInitUnicodeString(&Subsystem, SubsystemName); RtlInitUnicodeString(&ObjectType, ObjectTypeName); #else
NetpInitOemString( &AnsiString, SubsystemName ); NtStatus = RtlOemStringToUnicodeString( &Subsystem, &AnsiString, TRUE );
if ( !NT_SUCCESS( NtStatus )) { NetpKdPrint(("[Netlib] Error calling RtlOemStringToUnicodeString %08lx\n", NtStatus)); return NetpNtStatusToApiStatus( NtStatus ); }
NetpInitOemString( &AnsiString, ObjectTypeName );
NtStatus = RtlOemStringToUnicodeString(&ObjectType, &AnsiString, TRUE);
if ( !NT_SUCCESS( NtStatus )) { NetpKdPrint(("[Netlib] Error calling RtlOemStringToUnicodeString %08lx\n", NtStatus)); RtlFreeUnicodeString( &Subsystem ); return NetpNtStatusToApiStatus( NtStatus ); } #endif
//
// Make sure SE_AUDIT_PRIVILEGE is enabled for this process (rather
// than the thread) since the audit privilege is checked in the process
// token (and not the thread token). Leave it enabled since there's
// no harm in doing so once it's been enabled (since the process needs
// to have the privilege in the first place).
//
RtlAdjustPrivilege(SE_AUDIT_PRIVILEGE, TRUE, FALSE, &fWasEnabled);
RtlInitUnicodeString(&ObjectName, NULL); // No object name
if ((RpcStatus = RpcImpersonateClient(NULL)) != RPC_S_OK) { NetpKdPrint(("[Netlib] Failed to impersonate client %08lx\n", RpcStatus)); return NetpRpcStatusToApiStatus(RpcStatus); }
NtStatus = NtAccessCheckAndAuditAlarm( &Subsystem, NULL, // No handle for object
&ObjectType, &ObjectName, SecurityDescriptor, DesiredAccess, GenericMapping, FALSE, &GrantedAccess, &AccessStatus, &GenerateOnClose );
#ifndef UNICODE
RtlFreeUnicodeString( &Subsystem ); RtlFreeUnicodeString( &ObjectType ); #endif
if ((RpcStatus = RpcRevertToSelf()) != RPC_S_OK) { NetpKdPrint(("[Netlib] Fail to revert to self %08lx\n", RpcStatus)); NetpAssert(FALSE); }
if (! NT_SUCCESS(NtStatus)) { NetpKdPrint(("[Netlib] Error calling NtAccessCheckAndAuditAlarm %08lx\n", NtStatus)); return ERROR_ACCESS_DENIED; }
if (AccessStatus != STATUS_SUCCESS) { IF_DEBUG(SECURITY) { NetpKdPrint(("[Netlib] Access status is %08lx\n", AccessStatus)); } return ERROR_ACCESS_DENIED; }
return NERR_Success; }
NET_API_STATUS NetpAccessCheck( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping ) /*++
Routine Description:
This function impersonates the caller so that it can perform access validation using NtAccessCheck; and reverts back to itself before returning.
This routine differs from NetpAccessCheckAndAudit in that it doesn't require the caller to have SE_AUDIT_PRIVILEGE nor does it generate audits. That is typically fine since the passed in security descriptor typically doesn't have a SACL requesting an audit.
Arguments:
SecurityDescriptor - A pointer to the Security Descriptor against which acccess is to be checked.
DesiredAccess - Supplies desired acccess mask. This mask must have been previously mapped to contain no generic accesses.
GenericMapping - Supplies a pointer to the generic mapping associated with this object type.
Return Value:
NET_API_STATUS - NERR_Success or reason for failure.
--*/ { NET_API_STATUS NetStatus; NET_API_STATUS TempStatus;
HANDLE ClientToken = NULL;
DWORD GrantedAccess; BOOL AccessStatus; BYTE PrivilegeSet[500]; // Large buffer
DWORD PrivilegeSetSize;
//
// Impersonate the client.
//
NetStatus = RpcImpersonateClient(NULL);
if ( NetStatus != RPC_S_OK ) { NetpKdPrint(("[Netlib] Failed to impersonate client %08lx\n", NetStatus)); return NetpRpcStatusToApiStatus(NetStatus); }
//
// Open the impersonated token.
//
if ( !OpenThreadToken( GetCurrentThread(), TOKEN_QUERY, TRUE, // Use NtLmSvc security context to open token
&ClientToken )) {
NetStatus = GetLastError(); NetpKdPrint(("[Netlib] Error calling GetCurrentThread %ld\n", NetStatus));
goto Cleanup; }
//
// Check if the client has the required access.
//
PrivilegeSetSize = sizeof(PrivilegeSet);
if ( !AccessCheck( SecurityDescriptor, ClientToken, DesiredAccess, GenericMapping, (PPRIVILEGE_SET) &PrivilegeSet, &PrivilegeSetSize, &GrantedAccess, &AccessStatus ) ) {
NetStatus = GetLastError(); NetpKdPrint(("[Netlib] Error calling AccessCheck %ld\n", NetStatus));
goto Cleanup;
}
if ( !AccessStatus ) { NetStatus = GetLastError(); IF_DEBUG(SECURITY) { NetpKdPrint(("[Netlib] Access status is %ld\n", NetStatus )); } goto Cleanup; }
//
// Success
//
NetStatus = NERR_Success;
//
// Free locally used resources
//
Cleanup: TempStatus = RpcRevertToSelf(); if ( TempStatus != RPC_S_OK ) { NetpKdPrint(("[Netlib] Fail to revert to self %08lx\n", TempStatus)); NetpAssert(FALSE); }
if ( ClientToken != NULL ) { CloseHandle( ClientToken ); }
return NetStatus; }
|