Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

333 lines
7.9 KiB

  1. /*++
  2. Copyright (c) 1990-1998 Microsoft Corporation, All Rights Reserved
  3. Module Name:
  4. IMMSEC.C
  5. Abstract:
  6. security code called by IMEs
  7. Author:
  8. Takao Kitano [takaok] 01-May-1996
  9. Revision History:
  10. ++*/
  11. #include <windows.h>
  12. #include <stdio.h>
  13. #include "immsec.h"
  14. #define MEMALLOC(x) LocalAlloc(LMEM_FIXED, x)
  15. #define MEMFREE(x) LocalFree(x)
  16. //
  17. // internal functions
  18. //
  19. PSID MyCreateSid();
  20. POSVERSIONINFO GetVersionInfo();
  21. //
  22. // debug functions
  23. //
  24. #ifdef DEBUG
  25. #define ERROROUT(x) ErrorOut( x )
  26. #define WARNOUT(x) WarnOut( x )
  27. #else
  28. #define ERROROUT(x)
  29. #define WARNOUT(x)
  30. #endif
  31. #ifdef DEBUG
  32. VOID WarnOut( PTSTR pStr )
  33. {
  34. OutputDebugString( pStr );
  35. }
  36. VOID ErrorOut( PTSTR pStr )
  37. {
  38. DWORD dwError;
  39. DWORD dwResult;
  40. TCHAR buf1[512];
  41. TCHAR buf2[512];
  42. dwError = GetLastError();
  43. dwResult = FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM,
  44. NULL,
  45. dwError,
  46. MAKELANGID( LANG_ENGLISH, LANG_NEUTRAL ),
  47. buf1,
  48. 512,
  49. NULL );
  50. if ( dwResult > 0 ) {
  51. wsprintf( buf2, TEXT("%s:%s(0x%x)"), pStr, buf1, dwError);
  52. } else {
  53. wsprintf( buf2, TEXT("%s:(0x%x)"), pStr, dwError);
  54. }
  55. OutputDebugString( buf2 );
  56. }
  57. #endif
  58. //
  59. // CreateSecurityAttributes()
  60. //
  61. // The purpose of this function:
  62. //
  63. // Allocate and set the security attributes that is
  64. // appropriate for named objects created by an IME.
  65. // The security attributes will give GENERIC_ALL
  66. // access for everyone
  67. //
  68. //
  69. // Return value:
  70. //
  71. // If the function succeeds, the return value is a
  72. // pointer to SECURITY_ATTRIBUTES. If the function fails,
  73. // the return value is NULL. To get extended error
  74. // information, call GetLastError().
  75. //
  76. // Remarks:
  77. //
  78. // FreeSecurityAttributes() should be called to free up the
  79. // SECURITY_ATTRIBUTES allocated by this function.
  80. //
  81. PSECURITY_ATTRIBUTES CreateSecurityAttributes()
  82. {
  83. PSECURITY_ATTRIBUTES psa;
  84. PSECURITY_DESCRIPTOR psd;
  85. PACL pacl;
  86. DWORD cbacl;
  87. PSID psid;
  88. BOOL fResult;
  89. INT i,j;
  90. if (!IsNT())
  91. return NULL;
  92. //
  93. // create a sid for everyone access
  94. //
  95. psid = MyCreateSid();
  96. if ( psid == NULL ) {
  97. return NULL;
  98. }
  99. //
  100. // allocate and initialize an access control list (ACL) that will
  101. // contain the SID we've just created.
  102. //
  103. cbacl = sizeof(ACL) +
  104. (sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD)) +
  105. GetLengthSid(psid);
  106. pacl = MEMALLOC( cbacl );
  107. if ( pacl == NULL ) {
  108. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for ACL failed") );
  109. FreeSid ( psid );
  110. return NULL;
  111. }
  112. fResult = InitializeAcl( pacl, cbacl, ACL_REVISION );
  113. if ( ! fResult ) {
  114. ERROROUT( TEXT("CreateSecurityAttributes:InitializeAcl failed") );
  115. FreeSid ( psid );
  116. MEMFREE( pacl );
  117. return NULL;
  118. }
  119. //
  120. // adds an access-allowed ACE for interactive users to the ACL
  121. //
  122. fResult = AddAccessAllowedAce( pacl,
  123. ACL_REVISION,
  124. GENERIC_ALL,
  125. psid );
  126. if ( !fResult ) {
  127. ERROROUT( TEXT("CreateSecurityAttributes:AddAccessAllowedAce failed") );
  128. MEMFREE( pacl );
  129. FreeSid ( psid );
  130. return NULL;
  131. }
  132. //
  133. // Those SIDs have been copied into the ACL. We don't need'em any more.
  134. //
  135. FreeSid ( psid );
  136. //
  137. // Let's make sure that our ACL is valid.
  138. //
  139. if (!IsValidAcl(pacl)) {
  140. WARNOUT( TEXT("CreateSecurityAttributes:IsValidAcl returns FALSE!"));
  141. MEMFREE( pacl );
  142. return NULL;
  143. }
  144. //
  145. // allocate security attribute
  146. //
  147. psa = (PSECURITY_ATTRIBUTES)MEMALLOC( sizeof( SECURITY_ATTRIBUTES ) );
  148. if ( psa == NULL ) {
  149. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psa failed") );
  150. MEMFREE( pacl );
  151. return NULL;
  152. }
  153. //
  154. // allocate and initialize a new security descriptor
  155. //
  156. psd = MEMALLOC( SECURITY_DESCRIPTOR_MIN_LENGTH );
  157. if ( psd == NULL ) {
  158. ERROROUT( TEXT("CreateSecurityAttributes:LocalAlloc for psd failed") );
  159. MEMFREE( pacl );
  160. MEMFREE( psa );
  161. return NULL;
  162. }
  163. if ( ! InitializeSecurityDescriptor( psd, SECURITY_DESCRIPTOR_REVISION ) ) {
  164. ERROROUT( TEXT("CreateSecurityAttributes:InitializeSecurityDescriptor failed") );
  165. MEMFREE( pacl );
  166. MEMFREE( psa );
  167. MEMFREE( psd );
  168. return NULL;
  169. }
  170. fResult = SetSecurityDescriptorDacl( psd,
  171. TRUE,
  172. pacl,
  173. FALSE );
  174. // The discretionary ACL is referenced by, not copied
  175. // into, the security descriptor. We shouldn't free up ACL
  176. // after the SetSecurityDescriptorDacl call.
  177. if ( ! fResult ) {
  178. ERROROUT( TEXT("CreateSecurityAttributes:SetSecurityDescriptorDacl failed") );
  179. MEMFREE( pacl );
  180. MEMFREE( psa );
  181. MEMFREE( psd );
  182. return NULL;
  183. }
  184. if (!IsValidSecurityDescriptor(psd)) {
  185. WARNOUT( TEXT("CreateSecurityAttributes:IsValidSecurityDescriptor failed!") );
  186. MEMFREE( pacl );
  187. MEMFREE( psa );
  188. MEMFREE( psd );
  189. return NULL;
  190. }
  191. //
  192. // everything is done
  193. //
  194. psa->nLength = sizeof( SECURITY_ATTRIBUTES );
  195. psa->lpSecurityDescriptor = (PVOID)psd;
  196. psa->bInheritHandle = TRUE;
  197. return psa;
  198. }
  199. PSID MyCreateSid()
  200. {
  201. PSID psid;
  202. BOOL fResult;
  203. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_WORLD_SID_AUTHORITY;
  204. //
  205. // allocate and initialize an SID
  206. //
  207. fResult = AllocateAndInitializeSid( &SidAuthority,
  208. 1,
  209. SECURITY_WORLD_RID,
  210. 0,0,0,0,0,0,0,
  211. &psid );
  212. if ( ! fResult ) {
  213. ERROROUT( TEXT("MyCreateSid:AllocateAndInitializeSid failed") );
  214. return NULL;
  215. }
  216. if ( ! IsValidSid( psid ) ) {
  217. WARNOUT( TEXT("MyCreateSid:AllocateAndInitializeSid returns bogus sid"));
  218. FreeSid( psid );
  219. return NULL;
  220. }
  221. return psid;
  222. }
  223. //
  224. // FreeSecurityAttributes()
  225. //
  226. // The purpose of this function:
  227. //
  228. // Frees the memory objects allocated by previous
  229. // CreateSecurityAttributes() call.
  230. //
  231. VOID FreeSecurityAttributes( PSECURITY_ATTRIBUTES psa )
  232. {
  233. BOOL fResult;
  234. BOOL fDaclPresent;
  235. BOOL fDaclDefaulted;
  236. PACL pacl;
  237. if (psa == NULL)
  238. return;
  239. fResult = GetSecurityDescriptorDacl( psa->lpSecurityDescriptor,
  240. &fDaclPresent,
  241. &pacl,
  242. &fDaclDefaulted );
  243. if ( fResult ) {
  244. if ( pacl != NULL )
  245. MEMFREE( pacl );
  246. } else {
  247. ERROROUT( TEXT("FreeSecurityAttributes:GetSecurityDescriptorDacl failed") );
  248. }
  249. MEMFREE( psa->lpSecurityDescriptor );
  250. MEMFREE( psa );
  251. }
  252. //
  253. // IsNT()
  254. //
  255. // Return value:
  256. //
  257. // TRUE if the current system is Windows NT
  258. //
  259. // Remarks:
  260. //
  261. // The implementation of this function is not multi-thread safe.
  262. // You need to modify the function if you call the function in
  263. // multi-thread environment.
  264. //
  265. BOOL IsNT()
  266. {
  267. return GetVersionInfo()->dwPlatformId == VER_PLATFORM_WIN32_NT;
  268. }
  269. POSVERSIONINFO GetVersionInfo()
  270. {
  271. static BOOL fFirstCall = TRUE;
  272. static OSVERSIONINFO os;
  273. if ( fFirstCall ) {
  274. os.dwOSVersionInfoSize = sizeof(OSVERSIONINFO);
  275. if ( GetVersionEx( &os ) ) {
  276. fFirstCall = FALSE;
  277. }
  278. }
  279. return &os;
  280. }