archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/base/screg/sc/svchost/security.c

218 lines
5.7 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 2000.
  5. //
  6. // File: S E C U R I T Y . C
  7. //
  8. // Contents: Support for process-wide security settings such as calls
  9. // to CoInitializeSecurity.
  10. //
  11. // Notes:
  12. //
  13. // Author: shaunco 15 Jul 1998
  14. //
  15. //----------------------------------------------------------------------------
  17. #include "pch.h"
  18. #pragma hdrstop
  19. #include "security.h"
  22. #define SIZE_ALIGNED_FOR_TYPE(_size, _type) \
  23. (((_size) + sizeof(_type)-1) & ~(sizeof(_type)-1))
  26. DWORD
  27. DwInitializeNullDaclSdFromThreadToken (
  28. PSECURITY_DESCRIPTOR* ppSd
  29. )
  30. {
  31. PSECURITY_DESCRIPTOR pSd;
  32. PTOKEN_USER pUserInfo;
  33. PTOKEN_PRIMARY_GROUP pGroupInfo;
  34. HANDLE hToken;
  35. DWORD dwErr = NOERROR;
  36. DWORD dwUserSize;
  37. DWORD dwGroupSize;
  38. DWORD dwAlignSdSize;
  39. DWORD dwAlignUserSize;
  40. PVOID pvBuffer;
  42. // Here is the buffer we are building.
  43. //
  44. // |<- a ->|<--- b ---->|<--- c ---->|
  45. // +-------+------------+------------+
  46. // | p| p| |
  47. // | SD a| User info a| Group info |
  48. // | d| d| |
  49. // +-------+------------+------------+
  50. // ^ ^ ^
  51. // | | |
  52. // | | +--pGroupInfo
  53. // | |
  54. // | +--pUserInfo
  55. // |
  56. // +--pSd (this is returned via *ppSd)
  57. //
  58. // pad is so that pUserInfo and pGroupInfo are aligned properly.
  59. //
  60. // a = dwAlignSdSize
  61. // b = dwAlignUserSize
  62. // c = dwGroupSize
  63. //
  65. // Initialize output parameters.
  66. //
  67. *ppSd = NULL;
  69. // Open the thread token if we can. If we can't try for the process
  70. // token.
  71. //
  72. if (!OpenThreadToken (GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken))
  73. {
  74. if (!OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &hToken))
  75. {
  76. dwErr = GetLastError ();
  77. goto finish;
  78. }
  79. }
  81. // Get the size of the buffer required for the user information.
  82. //
  83. if (!GetTokenInformation (hToken, TokenUser, NULL, 0, &dwUserSize))
  84. {
  85. dwErr = GetLastError ();
  86. if (ERROR_INSUFFICIENT_BUFFER != dwErr)
  87. {
  88. goto finish;
  89. }
  90. }
  92. // Get the size of the buffer required for the group information.
  93. //
  94. if (!GetTokenInformation (hToken, TokenPrimaryGroup, NULL, 0, &dwGroupSize))
  95. {
  96. dwErr = GetLastError ();
  97. if (ERROR_INSUFFICIENT_BUFFER != dwErr)
  98. {
  99. goto finish;
  100. }
  101. }
  103. dwAlignSdSize = SIZE_ALIGNED_FOR_TYPE(SECURITY_DESCRIPTOR_MIN_LENGTH, PTOKEN_USER);
  104. dwAlignUserSize = SIZE_ALIGNED_FOR_TYPE(dwUserSize, PTOKEN_PRIMARY_GROUP);
  106. // Allocate a buffer big enough for both making sure the sub-buffer
  107. // for the group information is suitably aligned.
  108. //
  109. pvBuffer = MemAlloc (0,
  110. dwAlignSdSize + dwAlignUserSize + dwGroupSize);
  112. if (pvBuffer)
  113. {
  114. dwErr = NOERROR;
  116. // Setup the pointers into the buffer.
  117. //
  118. pSd = pvBuffer;
  119. pUserInfo = (PTOKEN_USER)((PBYTE)pvBuffer + dwAlignSdSize);
  120. pGroupInfo = (PTOKEN_PRIMARY_GROUP)((PBYTE)pUserInfo + dwAlignUserSize);
  122. if (!InitializeSecurityDescriptor(pSd, SECURITY_DESCRIPTOR_REVISION))
  123. {
  124. dwErr = GetLastError ();
  125. }
  127. if (!SetSecurityDescriptorDacl (pSd, TRUE, NULL, FALSE))
  128. {
  129. dwErr = GetLastError ();
  130. }
  132. if (!GetTokenInformation (hToken, TokenUser,
  133. pUserInfo, dwUserSize, &dwUserSize))
  134. {
  135. dwErr = GetLastError ();
  136. }
  138. if (!GetTokenInformation (hToken, TokenPrimaryGroup,
  139. pGroupInfo, dwGroupSize, &dwGroupSize))
  140. {
  141. dwErr = GetLastError ();
  142. }
  144. if (!SetSecurityDescriptorOwner (pSd, pUserInfo->User.Sid, FALSE))
  145. {
  146. dwErr = GetLastError ();
  147. }
  149. if (!SetSecurityDescriptorGroup (pSd, pGroupInfo->PrimaryGroup, FALSE))
  150. {
  151. dwErr = GetLastError ();
  152. }
  154. // All is well, so assign the output parameters.
  155. //
  156. if (!dwErr)
  157. {
  158. *ppSd = pSd;
  159. }
  161. // Free our allocated buffer on failure.
  162. //
  163. else
  164. {
  165. MemFree (pvBuffer);
  166. }
  167. }
  168. else
  169. {
  170. dwErr = ERROR_OUTOFMEMORY;
  171. }
  173. finish:
  174. return dwErr;
  175. }
  177. VOID
  178. InitializeSecurity (
  179. DWORD dwParam,
  180. DWORD dwAuthLevel,
  181. DWORD dwImpersonationLevel,
  182. DWORD dwAuthCapabilities
  183. )
  184. {
  185. HRESULT hr;
  186. PSECURITY_DESCRIPTOR pSd;
  188. ASSERT (0 != dwParam);
  190. if (!DwInitializeNullDaclSdFromThreadToken (&pSd))
  191. {
  192. hr = CoInitializeEx (NULL, COINIT_MULTITHREADED | COINIT_DISABLE_OLE1DDE);
  194. if (SUCCEEDED(hr))
  195. {
  196. SVCHOST_LOG1(SECURITY,
  197. "Calling CoInitializeSecurity...(dwAuthCapabilities=0x%08x)\n",
  198. dwAuthCapabilities);
  200. hr = CoInitializeSecurity (
  201. pSd, -1, NULL, NULL,
  202. dwAuthLevel,
  203. dwImpersonationLevel,
  204. NULL,
  205. dwAuthCapabilities,
  206. NULL);
  208. if (FAILED(hr))
  209. {
  210. SVCHOST_LOG1(ERROR,
  211. "CoInitializeSecurity returned hr=0x%08x\n",
  212. hr);
  213. }
  214. }
  216. MemFree (pSd);
  217. }
  218. }