archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/ntmarta/newsrc/geefa.cxx

430 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. ////////////////////////////////////////////////////////////////////////////////
  2. // //
  3. // Microsoft Windows //
  4. // Copyright (C) Microsoft Corporation, 1999. //
  5. // //
  6. // File: geefa.cxx //
  7. // //
  8. // Contents: New marta rewrite functions for GetExplicitEntriesFromAcl //
  9. // //
  10. // History: 4/99 KedarD Created //
  11. // //
  12. ////////////////////////////////////////////////////////////////////////////////
  14. #include <aclpch.hxx>
  15. #pragma hdrstop
  17. extern "C"
  18. {
  19. #include <stdio.h>
  20. #include <permit.h>
  21. #include <dsgetdc.h>
  22. #include <lmapibuf.h>
  23. #include <wmistr.h>
  24. #include <ntprov.hxx>
  25. #include <strings.h>
  26. #include <seopaque.h>
  27. #include <sertlp.h>
  28. #include <accctrl.h>
  29. #include <aclapi.h>
  30. #include <global.h>
  31. }
  33. #define MARTA_ALIGNED_SID_LENGTH(p) ((PtrAlignSize(RtlLengthSid((p)))))
  35. DWORD
  36. MartaGetAceToEntrySize(
  37. IN PACE_HEADER pAce,
  38. OUT PULONG pLen,
  39. OUT PULONG pCount
  40. );
  42. DWORD
  43. MartaFillExplicitEntries(
  44. IN PACL pacl,
  45. IN PUCHAR Buffer,
  46. IN ULONG AccessCnt
  47. );
  49. DWORD
  50. AccRewriteGetExplicitEntriesFromAcl(
  51. IN PACL pacl,
  52. OUT PULONG pcCountOfExplicitEntries,
  53. OUT PEXPLICIT_ACCESS_W * pListOfExplicitEntries
  54. );
  56. ////////////////////////////////////////////////////////////////////////////////
  57. // //
  58. // Function: AccRewriteGetExplicitEntriesFromAcl //
  59. // //
  60. // Description: Extract the explicit entries from an acl. //
  61. // //
  62. // Arguments: //
  63. // //
  64. // [IN pacl] Acl to be converted //
  65. // [OUT pcCountOfExplicitEntries] To return the number of entries found //
  66. // [OUT pListOfExplicitEntries] To return the list of entries found //
  67. // //
  68. // Returns: ERROR_SUCCESS if the Acl could be converted to expcilt entries //
  69. // Appropriate failure otherwise //
  70. // //
  71. ////////////////////////////////////////////////////////////////////////////////
  73. DWORD
  74. AccRewriteGetExplicitEntriesFromAcl(
  75. IN PACL pacl,
  76. OUT PULONG pcCountOfExplicitEntries,
  77. OUT PEXPLICIT_ACCESS_W * pListOfExplicitEntries)
  78. {
  79. DWORD dwErr = ERROR_SUCCESS;
  80. ULONG AccessCnt = 0;
  81. ULONG Size = 0;
  82. USHORT AceCnt = 0;
  83. ULONG Count = 0;
  84. ULONG j = 0;
  85. ULONG Len = 0;
  86. PUCHAR Buffer = NULL;
  87. PACE_HEADER pAce = NULL;
  89. if ((NULL == pcCountOfExplicitEntries) || (NULL == pListOfExplicitEntries))
  90. {
  91. return ERROR_INVALID_PARAMETER;
  92. }
  94. *pcCountOfExplicitEntries = 0;
  95. *pListOfExplicitEntries = NULL;
  97. if ((NULL == pacl) || (0 == pacl->AceCount))
  98. {
  99. return ERROR_SUCCESS;
  100. }
  102. if (!RtlValidAcl(pacl))
  103. {
  104. return ERROR_INVALID_PARAMETER;
  105. }
  107. AceCnt = pacl->AceCount;
  109. pAce = (PACE_HEADER) FirstAce(pacl);
  111. for (j = 0; j < AceCnt; j++, pAce = (PACE_HEADER) NextAce(pAce))
  112. {
  113. if (FLAG_ON(pAce->AceFlags, INHERITED_ACE))
  114. {
  115. continue;
  116. }
  118. dwErr = MartaGetAceToEntrySize(pAce, &Len, &Count);
  120. CONDITIONAL_EXIT(dwErr, End);
  122. AccessCnt += Count;
  123. Size += Count * (Len + sizeof(EXPLICIT_ACCESS_W));
  124. }
  126. if (0 == Size)
  127. {
  128. goto End;
  129. }
  131. Buffer = (PUCHAR) AccAlloc(Size);
  133. if (NULL == Buffer)
  134. {
  135. dwErr = ERROR_NOT_ENOUGH_MEMORY;
  136. goto End;
  137. }
  139. dwErr = MartaFillExplicitEntries(pacl, Buffer, AccessCnt);
  141. if (ERROR_SUCCESS != dwErr)
  142. {
  143. goto End;
  144. }
  146. *pcCountOfExplicitEntries = AccessCnt;
  147. *pListOfExplicitEntries = (PEXPLICIT_ACCESS_W) Buffer;
  149. End:
  150. if (ERROR_SUCCESS != dwErr)
  151. {
  152. if (NULL != Buffer)
  153. {
  154. AccFree(Buffer);
  155. }
  156. }
  157. return dwErr;
  159. }
  161. ////////////////////////////////////////////////////////////////////////////////
  162. // //
  163. // Function: MartaGetAceToEntrySize //
  164. // //
  165. // Description: Compute: //
  166. // Size needed to convert a given ace into explicit entry //
  167. // Number of explicit entries for this ace //
  168. // //
  169. // Arguments: //
  170. // //
  171. // [IN pAce] Ace to be converted to an explicit entry //
  172. // [OUT pLen] To return the length of the entry //
  173. // [OUT pCount] To return the number of explict entries for this ace //
  174. // //
  175. // Returns: ERROR_SUCCESS if the ace could be converted to an expcilt entry //
  176. // Appropriate failure otherwise //
  177. // //
  178. ////////////////////////////////////////////////////////////////////////////////
  180. DWORD
  181. MartaGetAceToEntrySize(
  182. IN PACE_HEADER pAce,
  183. OUT PULONG pLen,
  184. OUT PULONG pCount
  185. )
  186. {
  187. switch (pAce->AceType)
  188. {
  189. case ACCESS_ALLOWED_ACE_TYPE:
  190. case ACCESS_DENIED_ACE_TYPE:
  191. case SYSTEM_AUDIT_ACE_TYPE:
  192. case SYSTEM_ALARM_ACE_TYPE:
  193. *pLen = MARTA_ALIGNED_SID_LENGTH((PSID) &((PKNOWN_ACE) pAce)->SidStart);
  194. break;
  195. case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
  196. *pLen = MARTA_ALIGNED_SID_LENGTH(RtlCompoundAceServerSid(pAce));
  197. *pLen += sizeof(TRUSTEE_W) + MARTA_ALIGNED_SID_LENGTH(RtlCompoundAceClientSid(pAce));
  198. break;
  199. case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
  200. case ACCESS_DENIED_OBJECT_ACE_TYPE:
  201. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  202. case SYSTEM_ALARM_OBJECT_ACE_TYPE:
  203. *pLen = MARTA_ALIGNED_SID_LENGTH(RtlObjectAceSid(pAce)) + sizeof(OBJECTS_AND_SID);
  204. break;
  205. default:
  206. return ERROR_INVALID_PARAMETER;
  207. }
  209. switch (pAce->AceType)
  210. {
  211. case SYSTEM_AUDIT_ACE_TYPE:
  212. case SYSTEM_ALARM_ACE_TYPE:
  213. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  214. case SYSTEM_ALARM_OBJECT_ACE_TYPE:
  215. *pCount = 0;
  216. if (FLAG_ON(pAce->AceFlags, SUCCESSFUL_ACCESS_ACE_FLAG))
  217. {
  218. *pCount += 1;
  219. }
  220. if (FLAG_ON(pAce->AceFlags, FAILED_ACCESS_ACE_FLAG))
  221. {
  222. *pCount += 1;
  223. }
  225. if (0 == *pCount)
  226. {
  227. return ERROR_INVALID_PARAMETER;
  228. }
  229. break;
  230. default:
  231. *pCount = 1;
  232. break;
  233. }
  235. return ERROR_SUCCESS;
  236. }
  238. ////////////////////////////////////////////////////////////////////////////////
  239. // //
  240. // Function: MartaFillExplicitEntries //
  241. // //
  242. // Description: Convert an ace into explicit entry stucture(s) //
  243. // //
  244. // Arguments: //
  245. // //
  246. // [IN pacl] Acl to be converted //
  247. // [IN Buffer] Buffer to be filled with explicit entries //
  248. // [IN AccessCnt] Number of explicitentries created //
  249. // //
  250. // Returns: ERROR_SUCCESS if the acl could be converted to expcilt entries //
  251. // Appropriate failure otherwise //
  252. // //
  253. // Note: Since Audit aces might be converted into one/two entries we need a //
  254. // flag to maintain whethe the given ace was already seen in the last //
  255. // pass. //
  256. // //
  257. ////////////////////////////////////////////////////////////////////////////////
  259. DWORD
  260. MartaFillExplicitEntries(
  261. IN PACL pacl,
  262. IN PUCHAR Buffer,
  263. IN ULONG AccessCnt
  264. )
  265. {
  266. DWORD dwErr = ERROR_SUCCESS;
  267. ULONG AceCnt = pacl->AceCount;
  268. PUCHAR CurrentBuffer = Buffer + sizeof(EXPLICIT_ACCESS_W) * AccessCnt;
  269. ACCESS_MASK Mask = 0;
  270. ULONG j = 0;
  271. ULONG i = 0;
  272. ULONG Length = 0;
  273. PACE_HEADER pAce = NULL;
  274. PSID pSid = NULL;
  275. POBJECTS_AND_SID pObjSid = NULL;
  276. BOOL bFlag = FALSE;
  278. PEXPLICIT_ACCESS_W pExplicit = (PEXPLICIT_ACCESS_W) Buffer;
  280. pAce = (PACE_HEADER) FirstAce(pacl);
  282. for (i = j = 0; i < AceCnt; )
  283. {
  284. if (FLAG_ON(pAce->AceFlags, INHERITED_ACE))
  285. {
  286. i++;
  287. pAce = (PACE_HEADER) NextAce(pAce);
  289. continue;
  290. }
  292. switch (pAce->AceType)
  293. {
  294. case ACCESS_ALLOWED_ACE_TYPE:
  295. case ACCESS_DENIED_ACE_TYPE:
  296. case SYSTEM_AUDIT_ACE_TYPE:
  297. case SYSTEM_ALARM_ACE_TYPE:
  299. Mask = ((PKNOWN_ACE) pAce)->Mask;
  300. pSid = (PSID) &((PKNOWN_ACE) pAce)->SidStart;
  301. Length = MARTA_ALIGNED_SID_LENGTH(pSid);
  303. memcpy(CurrentBuffer, pSid, Length);
  305. BuildTrusteeWithSidW(
  306. &(pExplicit[j].Trustee),
  307. (PSID) CurrentBuffer
  308. );
  310. CurrentBuffer += Length;
  311. break;
  313. case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
  315. Mask = ((PKNOWN_COMPOUND_ACE) pAce)->Mask;
  316. pSid = (PSID) &((PKNOWN_ACE) pAce)->SidStart;
  317. Length = MARTA_ALIGNED_SID_LENGTH(pSid);
  319. memcpy(CurrentBuffer, pSid, Length);
  321. BuildTrusteeWithSidW(
  322. &(pExplicit[j].Trustee),
  323. (PSID) CurrentBuffer
  324. );
  326. CurrentBuffer += Length;
  327. pSid = (PSID) (((PUCHAR) &(((PKNOWN_ACE) pAce)->SidStart)) + Length);
  328. Length = MARTA_ALIGNED_SID_LENGTH(pSid);
  330. memcpy(CurrentBuffer, pSid, Length);
  332. pSid = (PSID) CurrentBuffer;
  333. CurrentBuffer += Length;
  335. BuildTrusteeWithSidW(
  336. (PTRUSTEE_W) CurrentBuffer,
  337. pSid
  338. );
  340. BuildImpersonateTrusteeW(
  341. &(pExplicit[j].Trustee),
  342. (PTRUSTEE_W) CurrentBuffer
  343. );
  345. CurrentBuffer += sizeof(TRUSTEE_W);
  346. break;
  348. case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
  349. case ACCESS_DENIED_OBJECT_ACE_TYPE:
  350. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  351. case SYSTEM_ALARM_OBJECT_ACE_TYPE:
  353. Mask = ((PKNOWN_OBJECT_ACE) pAce)->Mask;
  354. pSid = RtlObjectAceSid(pAce);
  355. Length = MARTA_ALIGNED_SID_LENGTH(pSid);
  357. memcpy((PUCHAR) CurrentBuffer, (PUCHAR) pSid, Length);
  359. pSid = (PSID) CurrentBuffer;
  360. CurrentBuffer += Length;
  361. pObjSid = (POBJECTS_AND_SID) CurrentBuffer;
  362. CurrentBuffer += sizeof(OBJECTS_AND_SID);
  364. BuildTrusteeWithObjectsAndSidW(
  365. &(pExplicit[j].Trustee),
  366. pObjSid,
  367. RtlObjectAceObjectType(pAce),
  368. RtlObjectAceInheritedObjectType(pAce),
  369. pSid
  370. );
  371. break;
  373. default:
  374. return ERROR_INVALID_PARAMETER;
  375. }
  377. switch (pAce->AceType)
  378. {
  379. case ACCESS_ALLOWED_ACE_TYPE:
  380. case ACCESS_ALLOWED_COMPOUND_ACE_TYPE:
  381. case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
  383. pExplicit[j].grfAccessMode = GRANT_ACCESS;
  384. break;
  386. case ACCESS_DENIED_ACE_TYPE:
  387. case ACCESS_DENIED_OBJECT_ACE_TYPE:
  389. pExplicit[j].grfAccessMode = DENY_ACCESS;
  390. break;
  392. case SYSTEM_AUDIT_ACE_TYPE:
  393. case SYSTEM_ALARM_ACE_TYPE:
  394. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  395. case SYSTEM_ALARM_OBJECT_ACE_TYPE:
  397. if ((FALSE == bFlag) && (FLAG_ON(pAce->AceFlags, SUCCESSFUL_ACCESS_ACE_FLAG)))
  398. {
  399. pExplicit[j].grfAccessMode = SET_AUDIT_SUCCESS;
  400. if (FLAG_ON(pAce->AceFlags, FAILED_ACCESS_ACE_FLAG))
  401. {
  402. bFlag = TRUE;
  403. }
  404. }
  405. else if (FLAG_ON(pAce->AceFlags, FAILED_ACCESS_ACE_FLAG))
  406. {
  407. pExplicit[j].grfAccessMode = SET_AUDIT_FAILURE;
  408. bFlag = FALSE;
  409. }
  411. break;
  413. default:
  414. return ERROR_INVALID_PARAMETER;
  415. }
  417. pExplicit[j].grfAccessPermissions = Mask;
  418. pExplicit[j].grfInheritance = pAce->AceFlags & VALID_INHERIT_FLAGS;
  420. if (FALSE == bFlag)
  421. {
  422. i++;
  423. pAce = (PACE_HEADER) NextAce(pAce);
  424. }
  426. j++;
  427. }
  429. return ERROR_SUCCESS;
  430. }