archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/fs/npfs/secursup.c

422 lines
9.7 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1989 Microsoft Corporation
  5. Module Name:
  7. SecurSup.c
  9. Abstract:
  11. This module implements the Named Pipe Security support routines
  13. Author:
  15. Gary Kimura [GaryKi] 06-May-1991
  17. Revision History:
  19. --*/
  21. #include "NpProcs.h"
  23. //
  24. // The debug trace level
  25. //
  27. #define Dbg (DEBUG_TRACE_SECURSUP)
  29. #ifdef ALLOC_PRAGMA
  30. #pragma alloc_text(PAGE, NpCopyClientContext)
  31. #pragma alloc_text(PAGE, NpImpersonateClientContext)
  32. #pragma alloc_text(PAGE, NpInitializeSecurity)
  33. #pragma alloc_text(PAGE, NpGetClientSecurityContext)
  34. #pragma alloc_text(PAGE, NpUninitializeSecurity)
  35. #pragma alloc_text(PAGE, NpFreeClientSecurityContext)
  36. #endif
  39. NTSTATUS
  40. NpInitializeSecurity (
  41. IN PCCB Ccb,
  42. IN PSECURITY_QUALITY_OF_SERVICE SecurityQos,
  43. IN PETHREAD UserThread
  44. )
  46. /*++
  48. Routine Description:
  50. This routine initializes the security (impersonation) fields
  51. in the ccb. It is called when the client end gets opened.
  53. Arguments:
  55. Ccb - Supplies the ccb being initialized
  57. SecurityQos - Supplies the clients quality of service parameter
  59. UserThread - Supplise the client's user thread
  61. Return Value:
  63. NTSTATUS - Returns the result of the operation
  65. --*/
  67. {
  68. NTSTATUS Status;
  70. PAGED_CODE();
  72. DebugTrace(+1, Dbg, "NpInitializeSecurity, Ccb = %08lx\n", Ccb);
  74. //
  75. // Either copy the security qos parameter, if it is not null or
  76. // create a dummy qos
  77. //
  79. if (SecurityQos != NULL) {
  81. RtlCopyMemory( &Ccb->SecurityQos,
  82. SecurityQos,
  83. sizeof(SECURITY_QUALITY_OF_SERVICE) );
  85. } else {
  87. Ccb->SecurityQos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  88. Ccb->SecurityQos.ImpersonationLevel = SecurityImpersonation;
  89. Ccb->SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  90. Ccb->SecurityQos.EffectiveOnly = TRUE;
  91. }
  93. //
  94. // Because we might be asked to reinitialize the ccb we need
  95. // to first check if the security client context is not null and if so then
  96. // free its pool and zero out the context pointer so that if we raise out
  97. // this time then a second time through the code we won't try and free the
  98. // pool twice.
  99. //
  101. if (Ccb->SecurityClientContext != NULL) {
  103. SeDeleteClientSecurity( Ccb->SecurityClientContext );
  104. NpFreePool( Ccb->SecurityClientContext );
  105. Ccb->SecurityClientContext = NULL;
  106. }
  108. //
  109. // If the tracking mode is static then we need to capture the
  110. // client context now otherwise we set the client context field
  111. // to null
  112. //
  114. if (Ccb->SecurityQos.ContextTrackingMode == SECURITY_STATIC_TRACKING) {
  116. //
  117. // Allocate a client context record, and then initialize it
  118. //
  120. Ccb->SecurityClientContext = NpAllocatePagedPoolWithQuota ( sizeof(SECURITY_CLIENT_CONTEXT), 'sFpN' );
  121. if (Ccb->SecurityClientContext == NULL) {
  122. Status = STATUS_INSUFFICIENT_RESOURCES;
  123. } else {
  124. DebugTrace(0, Dbg, "Static tracking, ClientContext = %08lx\n", Ccb->SecurityClientContext);
  126. if (!NT_SUCCESS(Status = SeCreateClientSecurity( UserThread,
  127. &Ccb->SecurityQos,
  128. FALSE,
  129. Ccb->SecurityClientContext ))) {
  131. DebugTrace(0, Dbg, "Not successful at creating client security, %08lx\n", Status);
  133. NpFreePool( Ccb->SecurityClientContext );
  134. Ccb->SecurityClientContext = NULL;
  135. }
  136. }
  138. } else {
  140. DebugTrace(0, Dbg, "Dynamic tracking\n", 0);
  142. Ccb->SecurityClientContext = NULL;
  143. Status = STATUS_SUCCESS;
  144. }
  146. DebugTrace(-1, Dbg, "NpInitializeSecurity -> %08lx\n", Status);
  148. return Status;
  149. }
  152. VOID
  153. NpUninitializeSecurity (
  154. IN PCCB Ccb
  155. )
  157. /*++
  159. Routine Description:
  161. This routine deletes the client context referenced by the ccb
  163. Arguments:
  165. Ccb - Supplies the ccb being uninitialized
  167. Return Value:
  169. None
  171. --*/
  173. {
  174. PAGED_CODE();
  176. DebugTrace(+1, Dbg, "NpUninitializeSecurity, Ccb = %08lx\n", Ccb);
  178. //
  179. // We only have work to do if the client context field is not null
  180. // and then we need to delete the client context, and free the memory.
  181. //
  183. if (Ccb->SecurityClientContext != NULL) {
  185. DebugTrace(0, Dbg, "Delete client context, %08lx\n", Ccb->SecurityClientContext);
  187. SeDeleteClientSecurity( Ccb->SecurityClientContext );
  189. NpFreePool( Ccb->SecurityClientContext );
  190. Ccb->SecurityClientContext = NULL;
  191. }
  193. DebugTrace(-1, Dbg, "NpUninitializeSecurity -> VOID\n", 0);
  195. return;
  196. }
  198. VOID
  199. NpFreeClientSecurityContext (
  200. IN PSECURITY_CLIENT_CONTEXT SecurityContext
  201. )
  202. /*++
  204. Routine Description:
  206. This routine frees previously captured security context.
  208. Arguments:
  210. SecurityContext - Previously captured security context.
  212. Return Value:
  214. None.
  216. --*/
  217. {
  218. if (SecurityContext != NULL) {
  219. SeDeleteClientSecurity (SecurityContext);
  220. NpFreePool (SecurityContext );
  221. }
  222. }
  225. NTSTATUS
  226. NpGetClientSecurityContext (
  227. IN NAMED_PIPE_END NamedPipeEnd,
  228. IN PCCB Ccb,
  229. IN PETHREAD UserThread,
  230. OUT PSECURITY_CLIENT_CONTEXT *ppSecurityContext
  231. )
  233. /*++
  235. Routine Description:
  237. This routine captures a new client context and stores it in the indicated
  238. data entry, but only if the tracking mode is dynamic and only for the
  239. client end of the named pipe.
  241. Arguments:
  243. NamedPipeEnd - Indicates the client or server end of the named pipe.
  244. Only the client end does anything.
  246. Ccb - Supplies the ccb for this instance of the named pipe.
  248. DataEntry - Supplies the data entry to use to store the client context
  250. UserThread - Supplies the thread of the client
  252. Return Value:
  254. NTSTATUS - Returns our success code.
  256. --*/
  258. {
  259. NTSTATUS Status;
  260. PSECURITY_CLIENT_CONTEXT SecurityContext;
  262. PAGED_CODE();
  264. DebugTrace(+1, Dbg, "NpSetDataEntryClientContext, Ccb = %08lx\n", Ccb);
  266. //
  267. // Only do the work if this is the client end and tracking is dynamic
  268. //
  270. if ((NamedPipeEnd == FILE_PIPE_CLIENT_END) &&
  271. (Ccb->SecurityQos.ContextTrackingMode == SECURITY_DYNAMIC_TRACKING)) {
  273. //
  274. // Allocate a client context record, and then initialize it
  275. //
  277. SecurityContext = NpAllocatePagedPoolWithQuota (sizeof(SECURITY_CLIENT_CONTEXT), 'sFpN');
  278. if (SecurityContext == NULL) {
  279. return STATUS_INSUFFICIENT_RESOURCES;
  280. }
  282. DebugTrace(0, Dbg, "Client End, Dynamic Tracking, ClientContext = %08lx\n", DataEntry->SecurityClientContext);
  284. if (!NT_SUCCESS (Status = SeCreateClientSecurity (UserThread,
  285. &Ccb->SecurityQos,
  286. FALSE,
  287. SecurityContext))) {
  289. DebugTrace(0, Dbg, "Not successful at creating client security, %08lx\n", Status);
  291. NpFreePool (SecurityContext);
  292. SecurityContext = NULL;
  293. }
  295. } else {
  297. DebugTrace(0, Dbg, "Static Tracking or Not Client End\n", 0);
  299. SecurityContext = NULL;
  300. Status = STATUS_SUCCESS;
  301. }
  303. DebugTrace(-1, Dbg, "NpSetDataEntryClientContext -> %08lx\n", Status);
  305. *ppSecurityContext = SecurityContext;
  306. return Status;
  307. }
  310. VOID
  311. NpCopyClientContext (
  312. IN PCCB Ccb,
  313. IN PDATA_ENTRY DataEntry
  314. )
  316. /*++
  318. Routine Description:
  320. This routine copies the client context stored in the data entry into
  321. the ccb, but only for dynamic tracking.
  323. Arguments:
  325. Ccb - Supplies the ccb to update.
  327. DataEntry - Supplies the DataEntry to copy from.
  329. Return Value:
  331. --*/
  333. {
  334. PAGED_CODE();
  336. DebugTrace(+1, Dbg, "NpCopyClientContext, Ccb = %08lx\n", Ccb);
  338. //
  339. // Only do the copy if the data entries client context field is not null
  340. // which means that we are doing dynamic tracking. Note we will
  341. // not be called with a server write data entry that has a non null
  342. // client context.
  343. //
  345. if (DataEntry->SecurityClientContext != NULL) {
  347. DebugTrace(0, Dbg, "have something to copy %08lx\n", DataEntry->SecurityClientContext);
  349. //
  350. // First check if we need to delete and deallocate the client
  351. // context in the nonpaged ccb
  352. //
  354. if (Ccb->SecurityClientContext != NULL) {
  356. DebugTrace(0, Dbg, "Remove current client context %08lx\n", Ccb->SecurityClientContext);
  358. SeDeleteClientSecurity (Ccb->SecurityClientContext);
  360. NpFreePool (Ccb->SecurityClientContext);
  361. }
  363. //
  364. // Now copy over the reference to the client context, and zero
  365. // out the reference in the data entry.
  366. //
  368. Ccb->SecurityClientContext = DataEntry->SecurityClientContext;
  369. DataEntry->SecurityClientContext = NULL;
  370. }
  372. DebugTrace(-1, Dbg, "NpCopyClientContext -> VOID\n", 0 );
  374. return;
  375. }
  378. NTSTATUS
  379. NpImpersonateClientContext (
  380. IN PCCB Ccb
  381. )
  383. /*++
  385. Routine Description:
  387. This routine impersonates the current client context stored in the
  388. ccb
  390. Arguments:
  392. Ccb - Supplies the ccb for the named pipe
  394. Return Value:
  396. NTSTATUS - returns our status code.
  398. --*/
  400. {
  401. NTSTATUS Status;
  403. PAGED_CODE();
  405. DebugTrace(+1, Dbg, "NpImpersonateClientContext, Ccb = %08lx\n", Ccb);
  407. if (Ccb->SecurityClientContext == NULL) {
  409. DebugTrace(0, Dbg, "Cannot impersonate\n", 0);
  411. Status = STATUS_CANNOT_IMPERSONATE;
  413. } else {
  415. Status = SeImpersonateClientEx( Ccb->SecurityClientContext, NULL );
  417. }
  419. DebugTrace(-1, Dbg, "NpImpersonateClientContext -> %08lx\n", Status);
  421. return Status;
  422. }