Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

518 lines
17 KiB

  1. /******************************************************************************
  2. Copyright (c) 2000 Microsoft Corporation
  3. Module Name:
  4. LowLevel.cpp
  5. Abstract:
  6. This file contains the implementation of the CPCHSecurityDescriptor class,
  7. which is used to represent a security descriptor.
  8. Revision History:
  9. Davide Massarenti (Dmassare) 03/24/2000
  10. created
  11. ******************************************************************************/
  12. #include "StdAfx.h"
  13. ////////////////////////////////////////////////////////////////////////////////
  14. HRESULT CPCHSecurityDescriptorDirect::ConvertACEFromCOM( /*[in ]*/ IPCHAccessControlEntry* objACE ,
  15. /*[out]*/ PACL& pACL )
  16. {
  17. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertACEFromCOM" );
  18. HRESULT hr;
  19. GUID guidObjectType;
  20. GUID guidInheritedObjectType;
  21. ////////////////////////////////////////
  22. long lAccessMask;
  23. long lAceFlags;
  24. long lAceType;
  25. long lFlags;
  26. CComBSTR bstrTrustee;
  27. CComBSTR bstrObjectType;
  28. CComBSTR bstrInheritedObjectType;
  29. PSID pPrincipalSid = NULL;
  30. __MPC_PARAMCHECK_BEGIN(hr)
  31. __MPC_PARAMCHECK_NOTNULL(objACE);
  32. __MPC_PARAMCHECK_END();
  33. //
  34. // Read data.
  35. //
  36. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_AccessMask ( &lAccessMask ));
  37. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_AceType ( &lAceFlags ));
  38. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_AceFlags ( &lAceType ));
  39. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_Flags ( &lFlags ));
  40. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_Trustee ( &bstrTrustee ));
  41. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_ObjectType ( &bstrObjectType ));
  42. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->get_InheritedObjectType( &bstrInheritedObjectType ));
  43. if(bstrObjectType.Length())
  44. {
  45. __MPC_EXIT_IF_METHOD_FAILS(hr, ::CLSIDFromString( bstrObjectType, &guidObjectType ));
  46. }
  47. if(bstrInheritedObjectType.Length())
  48. {
  49. __MPC_EXIT_IF_METHOD_FAILS(hr, ::CLSIDFromString( bstrInheritedObjectType, &guidInheritedObjectType ));
  50. }
  51. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertPrincipalToSID( SAFEBSTR(bstrTrustee), pPrincipalSid ));
  52. __MPC_EXIT_IF_METHOD_FAILS(hr, AddACEToACL( pACL,
  53. pPrincipalSid ,
  54. (DWORD)lAceType ,
  55. (DWORD)lAceFlags ,
  56. (DWORD)lAccessMask ,
  57. bstrObjectType ? &guidObjectType : NULL ,
  58. bstrInheritedObjectType ? &guidInheritedObjectType : NULL ));
  59. hr = S_OK;
  60. __HCP_FUNC_CLEANUP;
  61. ReleaseMemory( (void*&)pPrincipalSid );
  62. __HCP_FUNC_EXIT(hr);
  63. }
  64. HRESULT CPCHSecurityDescriptorDirect::ConvertACEToCOM( /*[in]*/ IPCHAccessControlEntry* objACE ,
  65. /*[in]*/ const LPVOID pACE )
  66. {
  67. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertACEToCOM" );
  68. HRESULT hr;
  69. PSID pSID = NULL;
  70. LPCWSTR szPrincipal = NULL;
  71. GUID* guidObjectType = NULL;
  72. GUID* guidInheritedObjectType = NULL;
  73. PACE_HEADER aceHeader = (PACE_HEADER)pACE;
  74. ////////////////////////////////////////
  75. long lAccessMask = 0;
  76. long lAceFlags = 0;
  77. long lAceType = 0;
  78. long lFlags = 0;
  79. CComBSTR bstrTrustee;
  80. CComBSTR bstrObjectType;
  81. CComBSTR bstrInheritedObjectType;
  82. __MPC_PARAMCHECK_BEGIN(hr)
  83. __MPC_PARAMCHECK_NOTNULL(objACE);
  84. __MPC_PARAMCHECK_NOTNULL(pACE);
  85. __MPC_PARAMCHECK_END();
  86. lAceType = aceHeader->AceType;
  87. lAceFlags = aceHeader->AceFlags;
  88. //
  89. // Extract data from the ACE.
  90. //
  91. switch(lAceType)
  92. {
  93. case ACCESS_ALLOWED_ACE_TYPE:
  94. {
  95. PACCESS_ALLOWED_ACE pRealACE = (PACCESS_ALLOWED_ACE)pACE;
  96. lAccessMask = pRealACE->Mask;
  97. pSID = (PSID)&pRealACE->SidStart;
  98. }
  99. break;
  100. case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
  101. {
  102. PACCESS_ALLOWED_OBJECT_ACE pRealACE = (PACCESS_ALLOWED_OBJECT_ACE)pACE;
  103. lAccessMask = pRealACE->Mask;
  104. lFlags = pRealACE->Flags;
  105. guidObjectType = &pRealACE->ObjectType;
  106. guidInheritedObjectType = &pRealACE->InheritedObjectType;
  107. pSID = (PSID)&pRealACE->SidStart;
  108. }
  109. break;
  110. case ACCESS_DENIED_ACE_TYPE:
  111. {
  112. PACCESS_DENIED_ACE pRealACE = (PACCESS_DENIED_ACE)pACE;
  113. lAccessMask = pRealACE->Mask;
  114. pSID = (PSID)&pRealACE->SidStart;
  115. }
  116. break;
  117. case ACCESS_DENIED_OBJECT_ACE_TYPE:
  118. {
  119. PACCESS_DENIED_OBJECT_ACE pRealACE = (PACCESS_DENIED_OBJECT_ACE)pACE;
  120. lAccessMask = pRealACE->Mask;
  121. lFlags = pRealACE->Flags;
  122. guidObjectType = &pRealACE->ObjectType;
  123. guidInheritedObjectType = &pRealACE->InheritedObjectType;
  124. pSID = (PSID)&pRealACE->SidStart;
  125. }
  126. break;
  127. case SYSTEM_AUDIT_ACE_TYPE:
  128. {
  129. PSYSTEM_AUDIT_ACE pRealACE = (PSYSTEM_AUDIT_ACE)pACE;
  130. lAccessMask = pRealACE->Mask;
  131. pSID = (PSID)&pRealACE->SidStart;
  132. }
  133. break;
  134. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  135. {
  136. PSYSTEM_AUDIT_OBJECT_ACE pRealACE = (PSYSTEM_AUDIT_OBJECT_ACE)pACE;
  137. lAccessMask = pRealACE->Mask;
  138. lFlags = pRealACE->Flags;
  139. guidObjectType = &pRealACE->ObjectType;
  140. guidInheritedObjectType = &pRealACE->InheritedObjectType;
  141. pSID = (PSID)&pRealACE->SidStart;
  142. }
  143. break;
  144. default:
  145. __MPC_SET_ERROR_AND_EXIT(hr, E_INVALIDARG);
  146. }
  147. //
  148. // Convert GUIDs and SIDs to strings.
  149. //
  150. if(pSID)
  151. {
  152. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertSIDToPrincipal( pSID, &szPrincipal ));
  153. bstrTrustee = szPrincipal;
  154. }
  155. if(guidObjectType)
  156. {
  157. LPOLESTR szGuid;
  158. __MPC_EXIT_IF_METHOD_FAILS(hr, ::StringFromCLSID( *guidObjectType, &szGuid ));
  159. bstrObjectType = szGuid;
  160. ::CoTaskMemFree( szGuid );
  161. }
  162. if(guidInheritedObjectType)
  163. {
  164. LPOLESTR szGuid;
  165. __MPC_EXIT_IF_METHOD_FAILS(hr, ::StringFromCLSID( *guidInheritedObjectType, &szGuid ));
  166. bstrInheritedObjectType = szGuid;
  167. ::CoTaskMemFree( szGuid );
  168. }
  169. //
  170. // Write data.
  171. //
  172. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_AccessMask ( lAccessMask ));
  173. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_AceType ( lAceFlags ));
  174. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_AceFlags ( lAceType ));
  175. __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_Flags ( lFlags ));
  176. if(bstrTrustee .Length()) __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_Trustee ( bstrTrustee ));
  177. if(bstrObjectType .Length()) __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_ObjectType ( bstrObjectType ));
  178. if(bstrInheritedObjectType.Length()) __MPC_EXIT_IF_METHOD_FAILS(hr, objACE->put_InheritedObjectType( bstrInheritedObjectType ));
  179. hr = S_OK;
  180. __HCP_FUNC_CLEANUP;
  181. ReleaseMemory( (void*&)szPrincipal );
  182. __HCP_FUNC_EXIT(hr);
  183. }
  184. ////////////////////////////////////////////////////////////////////////////////
  185. ////////////////////////////////////////////////////////////////////////////////
  186. HRESULT CPCHSecurityDescriptorDirect::ConvertACLFromCOM( /*[in ]*/ IPCHAccessControlList* objACL ,
  187. /*[out]*/ PACL& pACL )
  188. {
  189. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertACLFromCOM" );
  190. HRESULT hr;
  191. long lCount;
  192. long lPos;
  193. __MPC_PARAMCHECK_BEGIN(hr)
  194. __MPC_PARAMCHECK_NOTNULL(objACL);
  195. __MPC_PARAMCHECK_END();
  196. __MPC_EXIT_IF_METHOD_FAILS(hr, objACL->get_Count( &lCount ));
  197. for(lPos=1; lPos<=lCount; lPos++)
  198. {
  199. CComVariant vItem;
  200. __MPC_EXIT_IF_METHOD_FAILS(hr, objACL->get_Item( lPos, &vItem ));
  201. if(vItem.vt == VT_DISPATCH)
  202. {
  203. CComQIPtr<IPCHAccessControlEntry> objACE( vItem.pdispVal );
  204. if(objACE)
  205. {
  206. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACEFromCOM( objACE, pACL ));
  207. }
  208. }
  209. }
  210. hr = S_OK;
  211. __HCP_FUNC_CLEANUP;
  212. __HCP_FUNC_EXIT(hr);
  213. }
  214. HRESULT CPCHSecurityDescriptorDirect::ConvertACLToCOM( /*[in]*/ IPCHAccessControlList* objACL ,
  215. /*[in]*/ const PACL pACL )
  216. {
  217. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertACLToCOM" );
  218. HRESULT hr;
  219. ACL_SIZE_INFORMATION aclSizeInfo;
  220. if(pACL)
  221. {
  222. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::GetAclInformation( pACL, (LPVOID)&aclSizeInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation ));
  223. for(DWORD i = 0; i < aclSizeInfo.AceCount; i++)
  224. {
  225. CComPtr<CPCHAccessControlEntry> objACE;
  226. LPVOID pACE;
  227. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::GetAce( pACL, i, (LPVOID*)&pACE ));
  228. __MPC_EXIT_IF_METHOD_FAILS(hr, MPC::CreateInstance( &objACE ));
  229. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACEToCOM( objACE, pACE ));
  230. __MPC_EXIT_IF_METHOD_FAILS(hr, objACL->AddAce( objACE ));
  231. }
  232. }
  233. hr = S_OK;
  234. __HCP_FUNC_CLEANUP;
  235. __HCP_FUNC_EXIT(hr);
  236. }
  237. ////////////////////////////////////////////////////////////////////////////////
  238. ////////////////////////////////////////////////////////////////////////////////
  239. HRESULT CPCHSecurityDescriptorDirect::ConvertSDToCOM( IPCHSecurityDescriptor* pObj )
  240. {
  241. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertToCOM" );
  242. HRESULT hr;
  243. DWORD dwRevision;
  244. SECURITY_DESCRIPTOR_CONTROL sdc;
  245. LPCWSTR szOwner = NULL;
  246. LPCWSTR szGroup = NULL;
  247. ////////////////////////////////////////
  248. long lRevision;
  249. long lControl;
  250. CComBSTR bstrOwner;
  251. VARIANT_BOOL fOwnerDefaulted;
  252. CComBSTR bstrGroup;
  253. VARIANT_BOOL fGroupDefaulted;
  254. CComPtr<CPCHAccessControlList> DACL;
  255. VARIANT_BOOL fDaclDefaulted;
  256. CComPtr<CPCHAccessControlList> SACL;
  257. VARIANT_BOOL fSaclDefaulted;
  258. __MPC_PARAMCHECK_BEGIN(hr)
  259. __MPC_PARAMCHECK_NOTNULL(pObj);
  260. __MPC_PARAMCHECK_END();
  261. //
  262. // Convert data.
  263. //
  264. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::GetSecurityDescriptorControl( m_pSD, &sdc, &dwRevision ));
  265. lRevision = dwRevision;
  266. lControl = sdc;
  267. ////////////////////
  268. if(m_pOwner)
  269. {
  270. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertSIDToPrincipal( m_pOwner, &szOwner ));
  271. bstrOwner = szOwner;
  272. }
  273. fOwnerDefaulted = m_bOwnerDefaulted ? VARIANT_TRUE : VARIANT_FALSE;
  274. if(m_pGroup)
  275. {
  276. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertSIDToPrincipal( m_pGroup, &szGroup ));
  277. bstrGroup = szGroup;
  278. }
  279. fGroupDefaulted = m_bGroupDefaulted ? VARIANT_TRUE : VARIANT_FALSE;
  280. if(m_pDACL)
  281. {
  282. __MPC_EXIT_IF_METHOD_FAILS(hr, MPC::CreateInstance( &DACL ));
  283. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACLToCOM( DACL, m_pDACL ));
  284. }
  285. fDaclDefaulted = m_bDaclDefaulted ? VARIANT_TRUE : VARIANT_FALSE;
  286. if(m_pSACL)
  287. {
  288. __MPC_EXIT_IF_METHOD_FAILS(hr, MPC::CreateInstance( &SACL ));
  289. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACLToCOM( SACL, m_pSACL ));
  290. }
  291. fSaclDefaulted = m_bSaclDefaulted ? VARIANT_TRUE : VARIANT_FALSE;
  292. ////////////////////////////////////////////////////////////////////////////////
  293. //
  294. // Write data.
  295. //
  296. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_Revision ( lRevision ));
  297. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_Control ( lControl ));
  298. if(bstrOwner.Length()) __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_Owner ( bstrOwner ));
  299. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_OwnerDefaulted ( fOwnerDefaulted ));
  300. if(bstrGroup.Length()) __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_Group ( bstrGroup ));
  301. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_GroupDefaulted ( fGroupDefaulted ));
  302. if(DACL) __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_DiscretionaryAcl( DACL ));
  303. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_DaclDefaulted ( fDaclDefaulted ));
  304. if(SACL) __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_SystemAcl ( SACL ));
  305. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->put_SaclDefaulted ( fSaclDefaulted ));
  306. hr = S_OK;
  307. __HCP_FUNC_CLEANUP;
  308. ReleaseMemory( (void*&)szOwner );
  309. ReleaseMemory( (void*&)szGroup );
  310. __HCP_FUNC_EXIT(hr);
  311. }
  312. HRESULT CPCHSecurityDescriptorDirect::ConvertSDFromCOM( IPCHSecurityDescriptor* pObj )
  313. {
  314. __HCP_FUNC_ENTRY( "CPCHSecurityDescriptorDirect::ConvertSDFromCOM" );
  315. HRESULT hr;
  316. PSID pOwnerSid = NULL;
  317. PSID pGroupSid = NULL;
  318. ////////////////////////////////////////
  319. long lRevision;
  320. long lControl;
  321. CComBSTR bstrOwner;
  322. VARIANT_BOOL fOwnerDefaulted;
  323. CComBSTR bstrGroup;
  324. VARIANT_BOOL fGroupDefaulted;
  325. CComPtr<IPCHAccessControlList> DACL;
  326. VARIANT_BOOL fDaclDefaulted;
  327. CComPtr<IPCHAccessControlList> SACL;
  328. VARIANT_BOOL fSaclDefaulted;
  329. __MPC_PARAMCHECK_BEGIN(hr)
  330. __MPC_PARAMCHECK_NOTNULL(pObj);
  331. __MPC_PARAMCHECK_END();
  332. //
  333. // Read data.
  334. //
  335. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_Revision ( &lRevision ));
  336. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_Control ( &lControl ));
  337. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_Owner ( &bstrOwner ));
  338. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_OwnerDefaulted ( &fOwnerDefaulted ));
  339. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_Group ( &bstrGroup ));
  340. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_GroupDefaulted ( &fGroupDefaulted ));
  341. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_DiscretionaryAcl( &DACL ));
  342. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_DaclDefaulted ( &fDaclDefaulted ));
  343. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_SystemAcl ( &SACL ));
  344. __MPC_EXIT_IF_METHOD_FAILS(hr, pObj->get_SaclDefaulted ( &fSaclDefaulted ));
  345. //
  346. // Convert data.
  347. //
  348. if(bstrOwner.Length())
  349. {
  350. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertPrincipalToSID( bstrOwner, pOwnerSid ));
  351. }
  352. if(bstrGroup.Length())
  353. {
  354. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertPrincipalToSID( bstrGroup, pGroupSid ));
  355. }
  356. //
  357. // Write data to security descriptor.
  358. //
  359. CleanUp();
  360. __MPC_EXIT_IF_METHOD_FAILS(hr, AllocateMemory( (void*&)m_pSD, sizeof(SECURITY_DESCRIPTOR) ));
  361. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::InitializeSecurityDescriptor( m_pSD, (DWORD)lRevision ));
  362. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::SetSecurityDescriptorControl( m_pSD, s_sdcMask, s_sdcMask & lControl ));
  363. ////////////////////
  364. __MPC_EXIT_IF_METHOD_FAILS(hr, SetOwner( pOwnerSid, fOwnerDefaulted == VARIANT_TRUE ));
  365. __MPC_EXIT_IF_METHOD_FAILS(hr, SetGroup( pGroupSid, fGroupDefaulted == VARIANT_TRUE ));
  366. ////////////////////
  367. if(DACL)
  368. {
  369. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACLFromCOM( DACL, m_pDACL ));
  370. }
  371. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::SetSecurityDescriptorDacl( m_pSD, m_pDACL ? TRUE : FALSE, m_pDACL, fDaclDefaulted == VARIANT_TRUE ));
  372. if(SACL)
  373. {
  374. __MPC_EXIT_IF_METHOD_FAILS(hr, ConvertACLFromCOM( SACL, m_pSACL ));
  375. }
  376. __MPC_EXIT_IF_CALL_RETURNS_FALSE(hr, ::SetSecurityDescriptorSacl( m_pSD, m_pSACL ? TRUE : FALSE, m_pSACL, fSaclDefaulted == VARIANT_TRUE ));
  377. ////////////////////////////////////////////////////////////////////////////////
  378. hr = S_OK;
  379. __HCP_FUNC_CLEANUP;
  380. ReleaseMemory( (void*&)pOwnerSid );
  381. ReleaseMemory( (void*&)pGroupSid );
  382. __HCP_FUNC_EXIT(hr);
  383. }