Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

399 lines
7.8 KiB

  1. /*++
  2. Copyright (c) 2000 Microsoft Corporation
  3. Module Name:
  4. mailrm.h
  5. Abstract:
  6. The header file for the sample AuthZ resource manager for mailboxes
  7. Author:
  8. t-eugenz - August 2000
  9. Environment:
  10. User mode only.
  11. Revision History:
  12. Created - August 2000
  13. --*/
  14. #pragma once
  15. #include "pch.h"
  16. #include <string>
  17. #include <map>
  18. using namespace std;
  19. //
  20. // RM-specific access masks used in the ACEs inside the mail RM.
  21. // The lower 16 bits of the access mask are for user-specified rights
  22. // such as these
  23. //
  24. //
  25. // Access mask needed to read the contents of a mailbox
  26. //
  27. #define ACCESS_MAIL_READ 0x00000001
  28. //
  29. // Access mask needed to delete messages from a mailbox
  30. //
  31. #define ACCESS_MAIL_WRITE 0x00000002
  32. //
  33. // Access mask for Administrative access to a mailbox
  34. //
  35. #define ACCESS_MAIL_ADMIN 0x00000004
  36. //
  37. // The SIDs used in the RM, allocated elsewhere
  38. //
  39. extern PSID InsecureSid;
  40. extern PSID BobSid;
  41. extern PSID MarthaSid;
  42. extern PSID JoeSid;
  43. extern PSID JaneSid;
  44. extern PSID MailAdminsSid;
  45. extern PSID PrincipalSelfSid;
  46. //
  47. // Forward declarations
  48. //
  49. class Mailbox;
  50. class MailRM;
  51. //
  52. // Comparison for PSIDs which works with STL map and multimap
  53. // These are needed to impose a total ordering on the SIDs by value
  54. //
  55. struct CompareSidStruct
  56. {
  57. bool operator()(const PSID pSid1, const PSID pSid2) const;
  58. };
  59. struct CompareSidPairStruct
  60. {
  61. bool operator()(const pair<PSID, DWORD > pair1,
  62. const pair<PSID, DWORD > pair2) const;
  63. };
  64. //
  65. // Element of the multiple mailbox access request
  66. //
  67. typedef struct
  68. {
  69. //
  70. // Mailbox to access
  71. //
  72. PSID psMailbox;
  73. //
  74. // Access mask requested for mailbox
  75. //
  76. ACCESS_MASK amAccessRequested;
  77. } MAILRM_MULTI_REQUEST_ELEM, *PMAILRM_MULTI_REQUEST_ELEM;
  78. //
  79. // Used for multiple mailbox access request
  80. //
  81. typedef struct
  82. {
  83. //
  84. // SID of the user getting access
  85. //
  86. PSID psUser;
  87. //
  88. // IP address of the user
  89. //
  90. DWORD dwIp;
  91. //
  92. // Number of MAILRM_MULTI_REQUEST_ELEM's
  93. //
  94. DWORD dwNumElems;
  95. //
  96. // Pointer to the first element
  97. //
  98. PMAILRM_MULTI_REQUEST_ELEM pRequestElem;
  99. } MAILRM_MULTI_REQUEST, *PMAILRM_MULTI_REQUEST;
  100. //
  101. // Reply to a multiple mailbox access request is returned
  102. // as an array of these.
  103. //
  104. typedef struct
  105. {
  106. //
  107. // Pointer to mailbox, or NULL on failure
  108. //
  109. Mailbox * pMailbox;
  110. //
  111. // Granted access mask
  112. //
  113. ACCESS_MASK amAccessGranted;
  114. } MAILRM_MULTI_REPLY, *PMAILRM_MULTI_REPLY;
  115. class Mailbox
  116. /*++
  117. Class: Mailbox
  118. Description:
  119. This class is the mailbox container for a user's mail. It contains the
  120. SID of the mailbox owner, and also keeps track of whether any sensitive
  121. information is contained in the mailbox.
  122. Base Classes: none
  123. Friend Classes: none
  124. --*/
  125. {
  126. private:
  127. //
  128. // Whether the mailbox contains sensitive data
  129. //
  130. BOOL _bIsSensitive;
  131. //
  132. // Owner of the mailbox, for PRINCIPAL_SELF evaluation
  133. //
  134. PSID _pOwnerSid;
  135. //
  136. // All messages in the mailbox
  137. //
  138. wstring _MailboxData;
  139. //
  140. // Name of the mailbox/mail owner
  141. //
  142. wstring _MailboxOwner;
  143. public:
  144. Mailbox(IN PSID pOwnerSid,
  145. IN BOOL bIsSensitive,
  146. IN WCHAR *szOwner)
  147. {
  148. _bIsSensitive = bIsSensitive;
  149. _pOwnerSid = pOwnerSid;
  150. _MailboxOwner.append(szOwner);
  151. }
  152. //
  153. // Accessors
  154. //
  155. BOOL IsSensitive() const
  156. { return _bIsSensitive; }
  157. const PSID GetOwnerSid() const
  158. { return _pOwnerSid; }
  159. const WCHAR * GetOwnerName() const
  160. { return _MailboxOwner.c_str(); }
  161. const WCHAR * GetMail() const
  162. { return _MailboxData.c_str(); }
  163. public:
  164. //
  165. // Manipulate the stored mail
  166. //
  167. void SendMail(IN const WCHAR *szMessage,
  168. IN BOOL bIsSensitive )
  169. { _MailboxData.append(szMessage); _bIsSensitive |= bIsSensitive; }
  170. void Flush()
  171. { _MailboxData.erase(0, _MailboxData.length()); _bIsSensitive = FALSE; }
  172. };
  173. class MailRM
  174. /*++
  175. Class: MailRM
  176. Description:
  177. This class manages a set of mailboxes, granting access to the mailboxes
  178. based on a single internally stored security descriptor containing
  179. callback and regular ACEs. It also audits certain mailbox activity.
  180. Base Classes: none
  181. Friend Classes: none
  182. --*/
  183. {
  184. private:
  185. //
  186. // Security descriptor common to all mailboxes
  187. //
  188. SECURITY_DESCRIPTOR _sd;
  189. //
  190. // Mapping of SIDs to mailboxes
  191. //
  192. //map<const PSID, Mailbox *, CompareSidStruct> _mapSidMailbox;
  193. map<const PSID, Mailbox *> _mapSidMailbox;
  194. //
  195. // AuthZ contexts should only be created once for a given SID,IP pair
  196. // This stores the contexts once they are created
  197. //
  198. map<pair<PSID, DWORD >,
  199. AUTHZ_CLIENT_CONTEXT_HANDLE,
  200. CompareSidPairStruct> _mapSidContext;
  201. //
  202. // Handle to the resource manager to be initialized with the callbacks
  203. //
  204. AUTHZ_RESOURCE_MANAGER_HANDLE _hRM;
  205. public:
  206. //
  207. // Constructor, initializes resource manager
  208. //
  209. MailRM();
  210. //
  211. // Destructor, frees RM's memory
  212. //
  213. ~MailRM();
  214. public:
  215. //
  216. // Attempts to access the mailbox as psUser from the given IP address,
  217. // requesting amAccessRequested access mask. If access is granted and the
  218. // mailbox exists, the pointer to the mailbox is returned.
  219. //
  220. Mailbox * GetMailboxAccess(
  221. IN const PSID psMailbox,
  222. IN const PSID psUser,
  223. IN DWORD dwIncomingIp,
  224. IN ACCESS_MASK amAccessRequested
  225. );
  226. //
  227. // Attempt to access a set of mailboxes using a cached access check
  228. // pReply should be an allocated array with the same number of elements
  229. // as the request
  230. //
  231. BOOL GetMultipleMailboxAccess(
  232. IN const PMAILRM_MULTI_REQUEST pRequest,
  233. IN OUT PMAILRM_MULTI_REPLY pReply
  234. );
  235. //
  236. // Adds a mailbox to be controlled by the RM
  237. //
  238. void AddMailbox(Mailbox * pMailbox);
  239. private:
  240. //
  241. // Internal function to completely set up the security descriptor
  242. // Should only be called once per instance, by the contructor
  243. //
  244. void InitializeMailSecurityDescriptor();
  245. //
  246. // Resource manager callbacks
  247. // These must be static, since they are called as C functions.
  248. // Non-static member functions expect a this pointer as the first
  249. // argument on the stack, and therefore cannot be called as C
  250. // functions. These callbacks do not depend on any instance-specific
  251. // data, and therefore can and should be static.
  252. //
  253. static BOOL CALLBACK AccessCheck(
  254. IN AUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext,
  255. IN PACE_HEADER pAce,
  256. IN PVOID pArgs OPTIONAL,
  257. IN OUT PBOOL pbAceApplicable
  258. );
  259. static BOOL CALLBACK ComputeDynamicGroups(
  260. IN AUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext,
  261. IN PVOID Args,
  262. OUT PSID_AND_ATTRIBUTES *pSidAttrArray,
  263. OUT PDWORD pSidCount,
  264. OUT PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray,
  265. OUT PDWORD pRestrictedSidCount
  266. );
  267. static VOID CALLBACK FreeDynamicGroups (
  268. IN PSID_AND_ATTRIBUTES pSidAttrArray
  269. );
  270. };