archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/dsrole/server/secure.c

400 lines
9.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. secure.c
  9. Abstract:
  11. Security related routines
  13. Author:
  15. Colin Brace (ColinBr)
  17. Environment:
  19. User Mode
  21. Revision History:
  23. --*/
  24. #include <setpch.h>
  25. #include <dssetp.h>
  27. #include "secure.h"
  29. //
  30. // Data global to this module only
  31. //
  32. SECURITY_DESCRIPTOR DsRolepPromoteSD;
  33. SECURITY_DESCRIPTOR DsRolepDemoteSD;
  35. //
  36. // DsRole related access masks
  37. //
  38. #define DSROLE_ROLE_CHANGE_ACCESS 0x00000001
  40. #define DSROLE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \
  41. DSROLE_ROLE_CHANGE_ACCESS )
  43. GENERIC_MAPPING DsRolepInfoMapping =
  44. {
  45. STANDARD_RIGHTS_READ, // Generic read
  46. STANDARD_RIGHTS_WRITE, // Generic write
  47. STANDARD_RIGHTS_EXECUTE, // Generic execute
  48. DSROLE_ALL_ACCESS // Generic all
  49. };
  51. //
  52. // Function definitions
  53. //
  54. BOOLEAN
  55. DsRolepCreateInterfaceSDs(
  56. VOID
  57. )
  58. /*++
  60. Routine Description:
  62. This routine creates the in memory access control lists that
  63. are used to perform security checks on callers of the DsRoler
  64. API's.
  66. The model is as follows:
  68. Promote: the caller must have the builtin admin SID
  70. Demote: the caller must have the builtin admin SID
  73. Arguments:
  75. None.
  77. Returns:
  79. TRUE if successful; FALSE otherwise
  82. --*/
  83. {
  84. NTSTATUS Status;
  85. BOOLEAN fSuccess = TRUE;
  86. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  87. ULONG AclLength = 0;
  88. PSID BuiltinAdminsSid = NULL;
  89. PSID *AllowedSids [] =
  90. {
  91. &BuiltinAdminsSid
  92. };
  93. ULONG cAllowedSids = sizeof(AllowedSids) / sizeof(AllowedSids[0]);
  94. ULONG i;
  95. PACL DsRolepPromoteAcl = NULL;
  96. PACL DsRolepDemoteAcl = NULL;
  99. //
  100. // Build the builtin administrators sid
  101. //
  102. Status = RtlAllocateAndInitializeSid(
  103. &NtAuthority,
  104. 2,
  105. SECURITY_BUILTIN_DOMAIN_RID,
  106. DOMAIN_ALIAS_RID_ADMINS,
  107. 0, 0, 0, 0, 0, 0,
  108. &BuiltinAdminsSid
  109. );
  110. if ( !NT_SUCCESS( Status ) ) {
  111. fSuccess = FALSE;
  112. goto Cleanup;
  113. }
  115. //
  116. // Calculate how much space we'll need for the ACL
  117. //
  118. AclLength = sizeof( ACL );
  119. for ( i = 0; i < cAllowedSids; i++ ) {
  121. AclLength += (sizeof( ACCESS_ALLOWED_ACE )
  122. - sizeof(DWORD)
  123. + GetLengthSid((*AllowedSids[i])) );
  124. }
  126. DsRolepPromoteAcl = LocalAlloc( 0, AclLength );
  127. if ( !DsRolepPromoteAcl ) {
  128. fSuccess = FALSE;
  129. goto Cleanup;
  130. }
  132. if ( !InitializeAcl( DsRolepPromoteAcl, AclLength, ACL_REVISION ) ) {
  133. fSuccess = FALSE;
  134. goto Cleanup;
  135. }
  137. for ( i = 0; i < cAllowedSids; i++ ) {
  139. if ( !AddAccessAllowedAce( DsRolepPromoteAcl,
  140. ACL_REVISION,
  141. DSROLE_ALL_ACCESS,
  142. *(AllowedSids[i]) ) ) {
  143. fSuccess = FALSE;
  144. goto Cleanup;
  145. }
  147. }
  149. //
  150. // Now make the security descriptor
  151. //
  152. if ( !InitializeSecurityDescriptor( &DsRolepPromoteSD,
  153. SECURITY_DESCRIPTOR_REVISION ) ) {
  154. fSuccess = FALSE;
  155. goto Cleanup;
  156. }
  157. if ( !SetSecurityDescriptorOwner( &DsRolepPromoteSD,
  158. BuiltinAdminsSid,
  159. FALSE ) ) { // not defaulted
  160. fSuccess = FALSE;
  161. goto Cleanup;
  162. }
  163. if ( !SetSecurityDescriptorGroup( &DsRolepPromoteSD,
  164. BuiltinAdminsSid,
  165. FALSE ) ) { // not defaulted
  166. fSuccess = FALSE;
  167. goto Cleanup;
  168. }
  169. if ( !SetSecurityDescriptorDacl( &DsRolepPromoteSD,
  170. TRUE, // DACL is present
  171. DsRolepPromoteAcl,
  172. FALSE ) ) { // not defaulted
  173. fSuccess = FALSE;
  174. goto Cleanup;
  175. }
  178. //
  179. // Make the demote access check the same
  180. //
  181. DsRolepDemoteAcl = LocalAlloc( 0, AclLength );
  182. if ( !DsRolepDemoteAcl ) {
  183. fSuccess = FALSE;
  184. goto Cleanup;
  185. }
  186. RtlCopyMemory( DsRolepDemoteAcl, DsRolepPromoteAcl, AclLength );
  189. //
  190. // Now make the security descriptor
  191. //
  192. if ( !InitializeSecurityDescriptor( &DsRolepDemoteSD,
  193. SECURITY_DESCRIPTOR_REVISION ) ) {
  194. fSuccess = FALSE;
  195. goto Cleanup;
  196. }
  197. if ( !SetSecurityDescriptorOwner( &DsRolepDemoteSD,
  198. BuiltinAdminsSid,
  199. FALSE ) ) { // not defaulted
  200. fSuccess = FALSE;
  201. goto Cleanup;
  202. }
  203. if ( !SetSecurityDescriptorGroup( &DsRolepDemoteSD,
  204. BuiltinAdminsSid,
  205. FALSE ) ) { // not defaulted
  206. fSuccess = FALSE;
  207. goto Cleanup;
  208. }
  209. if ( !SetSecurityDescriptorDacl( &DsRolepDemoteSD,
  210. TRUE, // DACL is present
  211. DsRolepDemoteAcl,
  212. FALSE ) ) { // not defaulted
  213. fSuccess = FALSE;
  214. goto Cleanup;
  215. }
  217. Cleanup:
  219. if ( !fSuccess ) {
  221. for ( i = 0; i < cAllowedSids; i++ ) {
  222. if ( *(AllowedSids[i]) ) {
  223. RtlFreeHeap( RtlProcessHeap(), 0, *(AllowedSids[i]) );
  224. }
  225. }
  226. if ( DsRolepPromoteAcl ) {
  227. LocalFree( DsRolepPromoteAcl );
  228. }
  229. if ( DsRolepDemoteAcl ) {
  230. LocalFree( DsRolepDemoteAcl );
  231. }
  232. }
  234. return fSuccess;
  235. }
  238. DWORD
  239. DsRolepCheckClientAccess(
  240. PSECURITY_DESCRIPTOR pSD,
  241. DWORD DesiredAccess
  242. )
  243. /*++
  245. Routine Description:
  247. This routine grabs a copy of the client's token and then performs
  248. an access to make the client has the privlege found in pSD
  250. Arguments:
  252. pSD : a valid security descriptor
  254. DesiredAccess: the access mask the client is asking for
  256. Returns:
  258. ERROR_SUCCESS, ERROR_ACCESS_DENIED, or system error
  260. --*/
  261. {
  263. DWORD WinError = ERROR_SUCCESS;
  264. BOOL fStatus, fAccessAllowed = FALSE;
  265. HANDLE ClientToken = 0;
  266. DWORD AccessGranted = 0;
  267. BYTE Buffer[500];
  268. PRIVILEGE_SET *PrivilegeSet = (PRIVILEGE_SET*)Buffer;
  269. DWORD PrivilegeSetSize = sizeof(Buffer);
  271. WinError = DsRolepGetImpersonationToken( &ClientToken );
  273. if ( ERROR_SUCCESS == WinError ) {
  275. fStatus = AccessCheck( pSD,
  276. ClientToken,
  277. DesiredAccess,
  278. &DsRolepInfoMapping,
  279. PrivilegeSet,
  280. &PrivilegeSetSize,
  281. &AccessGranted,
  282. &fAccessAllowed );
  284. if ( !fStatus ) {
  286. WinError = GetLastError();
  288. } else {
  290. if ( !fAccessAllowed ) {
  292. WinError = ERROR_ACCESS_DENIED;
  294. }
  295. }
  296. }
  298. if ( ClientToken ) {
  300. NtClose( ClientToken );
  302. }
  304. return WinError;
  306. }
  309. DWORD
  310. DsRolepCheckPromoteAccess(
  311. VOID
  312. )
  313. {
  314. return DsRolepCheckClientAccess( &DsRolepPromoteSD,
  315. DSROLE_ROLE_CHANGE_ACCESS );
  316. }
  318. DWORD
  319. DsRolepCheckDemoteAccess(
  320. VOID
  321. )
  322. {
  323. return DsRolepCheckClientAccess( &DsRolepDemoteSD,
  324. DSROLE_ROLE_CHANGE_ACCESS );
  325. }
  328. DWORD
  329. DsRolepGetImpersonationToken(
  330. OUT HANDLE *ImpersonationToken
  331. )
  332. /*++
  334. Routine Description:
  336. This function will impersonate the invoker of this call and then duplicate their token
  338. Arguments:
  340. ImpersonationToken - Where the duplicated token is returned
  342. Returns:
  344. ERROR_SUCCESS - Success
  347. --*/
  348. {
  349. DWORD Win32Err = ERROR_SUCCESS;
  350. NTSTATUS Status;
  351. OBJECT_ATTRIBUTES ObjAttrs;
  352. SECURITY_QUALITY_OF_SERVICE SecurityQofS;
  353. HANDLE ClientToken;
  355. //
  356. // Impersonate the caller
  357. //
  358. Win32Err = RpcImpersonateClient( 0 );
  360. if ( Win32Err == ERROR_SUCCESS ) {
  362. Status = NtOpenThreadToken( NtCurrentThread(),
  363. TOKEN_QUERY | TOKEN_DUPLICATE,
  364. TRUE,
  365. &ClientToken );
  367. RpcRevertToSelf( );
  369. if ( NT_SUCCESS( Status ) ) {
  371. //
  372. // Duplicate the token
  373. //
  374. InitializeObjectAttributes( &ObjAttrs, NULL, 0L, NULL, NULL );
  375. SecurityQofS.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  376. SecurityQofS.ImpersonationLevel = SecurityImpersonation;
  377. SecurityQofS.ContextTrackingMode = FALSE; // Snapshot client context
  378. SecurityQofS.EffectiveOnly = FALSE;
  379. ObjAttrs.SecurityQualityOfService = &SecurityQofS;
  380. Status = NtDuplicateToken( ClientToken,
  381. TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_ADJUST_PRIVILEGES | TOKEN_DUPLICATE,
  382. &ObjAttrs,
  383. FALSE,
  384. TokenImpersonation,
  385. ImpersonationToken );
  388. NtClose( ClientToken );
  389. }
  391. if ( !NT_SUCCESS( Status ) ) {
  393. Win32Err = RtlNtStatusToDosError( Status );
  394. }
  396. }
  398. return( Win32Err );
  400. }