archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/sfm/afp/service/server/security.c

412 lines
10 KiB
Raw Normal View History

Add source files
4 years ago
  1. /********************************************************************/
  2. /** Copyright(c) 1989 Microsoft Corporation. **/
  3. /********************************************************************/
  5. //***
  6. //
  7. // Filename: security.c
  8. //
  9. // Description: This module contains code that will create and delete the
  10. // security object. It will also contain access checking calls.
  11. //
  12. // History:
  13. // June 21,1992. NarenG Created original version.
  14. //
  15. // NOTE: ??? The lpdwAccessStatus parameter for AccessCheckAndAuditAlarm
  16. // returns junk. ???
  17. //
  18. #include "afpsvcp.h"
  20. typedef struct _AFP_SECURITY_OBJECT {
  22. LPWSTR lpwsObjectName;
  23. LPWSTR lpwsObjectType;
  24. GENERIC_MAPPING GenericMapping;
  25. PSECURITY_DESCRIPTOR pSecurityDescriptor;
  27. } AFP_SECURITY_OBJECT, PAFP_SECURITY_OBJECT;
  29. static AFP_SECURITY_OBJECT AfpSecurityObject;
  31. #define AFPSVC_SECURITY_OBJECT TEXT("AfpSvcAdminApi");
  32. #define AFPSVC_SECURITY_OBJECT_TYPE TEXT("Security");
  36. //**
  37. //
  38. // Call: AfpSecObjCreate
  39. //
  40. // Returns: NO_ERROR - success
  41. // ERROR_NOT_ENOUGH_MEMORY
  42. // non-zero returns from security functions
  43. //
  44. // Description: This procedure will set up the security object that will
  45. // be used to check to see if an RPC client is an administrator
  46. // for the local machine.
  47. //
  48. DWORD
  49. AfpSecObjCreate(
  50. VOID
  51. )
  52. {
  53. PSID pAdminSid = NULL;
  54. PSID pLocalSystemSid = NULL;
  55. PSID pServerOpSid = NULL;
  56. PSID pPwrUserSid = NULL;
  57. PACL pDacl = NULL;
  58. HANDLE hProcessToken = NULL;
  59. PULONG pSubAuthority;
  60. SID_IDENTIFIER_AUTHORITY SidIdentifierNtAuth = SECURITY_NT_AUTHORITY;
  61. SECURITY_DESCRIPTOR SecurityDescriptor;
  62. DWORD dwRetCode;
  63. DWORD cbDaclSize;
  66. // Set up security object
  67. //
  68. AfpSecurityObject.lpwsObjectName = AFPSVC_SECURITY_OBJECT;
  69. AfpSecurityObject.lpwsObjectType = AFPSVC_SECURITY_OBJECT_TYPE;
  71. // Generic mapping structure for the security object
  72. // All generic access types are allowed API access.
  73. //
  74. AfpSecurityObject.GenericMapping.GenericRead = STANDARD_RIGHTS_READ |
  75. AFPSVC_ALL_ACCESS;
  77. AfpSecurityObject.GenericMapping.GenericWrite = STANDARD_RIGHTS_WRITE |
  78. AFPSVC_ALL_ACCESS;
  80. AfpSecurityObject.GenericMapping.GenericExecute =
  81. STANDARD_RIGHTS_EXECUTE |
  82. AFPSVC_ALL_ACCESS;
  84. AfpSecurityObject.GenericMapping.GenericAll = AFPSVC_ALL_ACCESS;
  86. // The do - while(FALSE) statement is used so that the break statement
  87. // maybe used insted of the goto statement, to execute a clean up and
  88. // and exit action.
  89. //
  90. do {
  92. dwRetCode = NO_ERROR;
  94. // Set up the SID for the admins that will be allowed to have
  95. // access. This SID will have 2 sub-authorities
  96. // SECURITY_BUILTIN_DOMAIN_RID and DOMAIN_ALIAS_ADMIN_RID.
  97. //
  98. pAdminSid = (PSID)LocalAlloc( LPTR, GetSidLengthRequired( 2 ) );
  100. if ( pAdminSid == NULL ) {
  101. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  102. break;
  103. }
  105. if ( !InitializeSid( pAdminSid, &SidIdentifierNtAuth, 2 ) )
  106. {
  107. dwRetCode = GetLastError();
  108. break;
  109. }
  111. // Set the sub-authorities
  112. //
  113. pSubAuthority = GetSidSubAuthority( pAdminSid, 0 );
  114. *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
  116. pSubAuthority = GetSidSubAuthority( pAdminSid, 1 );
  117. *pSubAuthority = DOMAIN_ALIAS_RID_ADMINS;
  119. // Create the server operators SID
  120. //
  121. pServerOpSid = (PSID)LocalAlloc( LPTR, GetSidLengthRequired( 2 ) );
  123. if ( pServerOpSid == NULL )
  124. {
  125. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  126. break;
  127. }
  129. if ( !InitializeSid( pServerOpSid, &SidIdentifierNtAuth, 2 ) )
  130. {
  131. dwRetCode = GetLastError();
  132. break;
  133. }
  135. // Set the sub-authorities
  136. //
  137. pSubAuthority = GetSidSubAuthority( pServerOpSid, 0 );
  138. *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
  140. pSubAuthority = GetSidSubAuthority( pServerOpSid, 1 );
  141. *pSubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
  143. //
  144. // Create the Power user operators SID
  145. //
  146. pPwrUserSid = (PSID)LocalAlloc( LPTR, GetSidLengthRequired( 2 ) );
  148. if ( pPwrUserSid == NULL )
  149. {
  150. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  151. break;
  152. }
  154. if ( !InitializeSid( pPwrUserSid, &SidIdentifierNtAuth, 2 ) )
  155. {
  156. dwRetCode = GetLastError();
  157. break;
  158. }
  160. // Set the sub-authorities
  161. //
  162. pSubAuthority = GetSidSubAuthority( pPwrUserSid, 0 );
  163. *pSubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
  165. pSubAuthority = GetSidSubAuthority( pPwrUserSid, 1 );
  166. *pSubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
  168. // Create the LocalSystemSid which will be the owner and the primary
  169. // group of the security object.
  170. //
  171. pLocalSystemSid = (PSID)LocalAlloc( LPTR, GetSidLengthRequired( 1 ) );
  173. if ( pLocalSystemSid == NULL )
  174. {
  175. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  176. break;
  177. }
  179. if ( !InitializeSid( pLocalSystemSid, &SidIdentifierNtAuth, 1 ) )
  180. {
  181. dwRetCode = GetLastError();
  182. break;
  183. }
  185. // Set the sub-authorities
  186. //
  187. pSubAuthority = GetSidSubAuthority( pLocalSystemSid, 0 );
  188. *pSubAuthority = SECURITY_LOCAL_SYSTEM_RID;
  190. // Set up the DACL that will allow admins with the above SID all access
  191. // It should be large enough to hold all ACEs.
  192. //
  193. cbDaclSize = sizeof(ACL) + ( sizeof(ACCESS_ALLOWED_ACE) * 2 ) +
  194. GetLengthSid(pAdminSid) + GetLengthSid(pServerOpSid) + GetLengthSid(pPwrUserSid);
  196. if ( (pDacl = (PACL)LocalAlloc( LPTR, cbDaclSize ) ) == NULL )
  197. {
  198. dwRetCode = ERROR_NOT_ENOUGH_MEMORY;
  199. break;
  200. }
  202. if ( !InitializeAcl( pDacl, cbDaclSize, ACL_REVISION2 ) )
  203. {
  204. dwRetCode = GetLastError();
  205. break;
  206. }
  208. // Add the ACE to the DACL
  209. //
  210. if ( !AddAccessAllowedAce( pDacl,
  211. ACL_REVISION2,
  212. AFPSVC_ALL_ACCESS, // What the admin can do
  213. pAdminSid ))
  214. {
  215. dwRetCode = GetLastError();
  216. break;
  217. }
  219. if ( !AddAccessAllowedAce( pDacl,
  220. ACL_REVISION2,
  221. AFPSVC_ALL_ACCESS, // What the admin can do
  222. pServerOpSid ))
  223. {
  224. dwRetCode = GetLastError();
  225. break;
  226. }
  228. if ( !AddAccessAllowedAce( pDacl,
  229. ACL_REVISION2,
  230. AFPSVC_ALL_ACCESS, // What the power user can do
  231. pPwrUserSid ))
  232. {
  233. dwRetCode = GetLastError();
  234. break;
  235. }
  237. // Create the security descriptor an put the DACL in it.
  238. //
  239. if ( !InitializeSecurityDescriptor( &SecurityDescriptor, 1 ))
  240. {
  241. dwRetCode = GetLastError();
  242. break;
  243. }
  245. if ( !SetSecurityDescriptorDacl( &SecurityDescriptor,
  246. TRUE,
  247. pDacl,
  248. FALSE ) )
  249. {
  250. dwRetCode = GetLastError();
  251. break;
  252. }
  255. // Set owner for the descriptor
  256. //
  257. if ( !SetSecurityDescriptorOwner( &SecurityDescriptor,
  258. pLocalSystemSid,
  259. FALSE ) )
  260. {
  261. dwRetCode = GetLastError();
  262. break;
  263. }
  266. // Set group for the descriptor
  267. //
  268. if ( !SetSecurityDescriptorGroup( &SecurityDescriptor,
  269. pLocalSystemSid,
  270. FALSE ) )
  271. {
  272. dwRetCode = GetLastError();
  273. break;
  274. }
  276. // Get token for the current process
  277. //
  278. if ( !OpenProcessToken( GetCurrentProcess(),
  279. TOKEN_QUERY,
  280. &hProcessToken ))
  281. {
  282. dwRetCode = GetLastError();
  283. break;
  284. }
  286. // Create a security object. This is really just a security descriptor
  287. // is self-relative form. This procedure will allocate memory for this
  288. // security descriptor and copy all in the information passed in. This
  289. // allows us to free all dynamic memory allocated.
  290. //
  291. if ( !CreatePrivateObjectSecurity(
  292. NULL,
  293. &SecurityDescriptor,
  294. &(AfpSecurityObject.pSecurityDescriptor),
  295. FALSE,
  296. hProcessToken,
  297. &(AfpSecurityObject.GenericMapping)
  298. ))
  299. dwRetCode = GetLastError();
  301. } while( FALSE );
  304. // Free up the dynamic memory
  305. //
  306. if ( pLocalSystemSid != NULL )
  307. LocalFree( pLocalSystemSid );
  309. if ( pAdminSid != NULL )
  310. LocalFree( pAdminSid );
  312. if ( pServerOpSid != NULL )
  313. LocalFree( pServerOpSid );
  315. if ( pPwrUserSid != NULL )
  316. LocalFree( pPwrUserSid );
  318. if ( pDacl != NULL )
  319. LocalFree( pDacl );
  321. if ( hProcessToken != NULL )
  322. CloseHandle( hProcessToken );
  324. return( dwRetCode );
  326. }
  328. //**
  329. //
  330. // Call: AfpSecObjDelete
  331. //
  332. // Returns: NO_ERROR - success
  333. // non-zero returns from security functions
  334. //
  335. // Description: Will destroy a valid security descriptor.
  336. //
  337. DWORD
  338. AfpSecObjDelete( VOID )
  339. {
  340. if ( !IsValidSecurityDescriptor( AfpSecurityObject.pSecurityDescriptor))
  341. return( NO_ERROR );
  343. if (!DestroyPrivateObjectSecurity( &AfpSecurityObject.pSecurityDescriptor))
  344. return( GetLastError() );
  346. return( NO_ERROR );
  347. }
  349. //**
  350. //
  351. // Call: AfpSecObjAccessCheck
  352. //
  353. // Returns: NO_ERROR - success
  354. // non-zero returns from security functions
  355. //
  356. // Description: This procedure will first impersonate the client, then
  357. // check to see if the client has the desired access to the
  358. // security object. If he/she does then the AccessStatus
  359. // variable will be set to NO_ERROE otherwise it will be
  360. // set to ERROR_ACCESS_DENIED. It will the revert to self and
  361. // return.
  362. //
  363. DWORD
  364. AfpSecObjAccessCheck( IN DWORD DesiredAccess,
  365. OUT LPDWORD lpdwAccessStatus
  366. )
  367. {
  368. DWORD dwRetCode;
  369. ACCESS_MASK GrantedAccess;
  370. BOOL fGenerateOnClose;
  372. // Impersonate the client
  373. //
  374. dwRetCode = RpcImpersonateClient( NULL );
  376. if ( dwRetCode != RPC_S_OK )
  377. return( I_RpcMapWin32Status( dwRetCode ));
  379. dwRetCode = AccessCheckAndAuditAlarm(
  380. AFP_SERVICE_NAME,
  381. NULL,
  382. AfpSecurityObject.lpwsObjectType,
  383. AfpSecurityObject.lpwsObjectName,
  384. AfpSecurityObject.pSecurityDescriptor,
  385. DesiredAccess,
  386. &(AfpSecurityObject.GenericMapping),
  387. FALSE,
  388. &GrantedAccess,
  389. (LPBOOL)lpdwAccessStatus,
  390. &fGenerateOnClose
  391. );
  393. RpcRevertToSelf();
  395. if ( !dwRetCode )
  396. return( GetLastError() );
  398. // Check if desired access == granted Access
  399. //
  400. if ( DesiredAccess != GrantedAccess )
  401. {
  402. AFP_PRINT(( "SFMSVC: AfpSecObjAccessCheck: granted = 0x%x, desired = 0x%x\n",
  403. GrantedAccess,DesiredAccess));
  404. *lpdwAccessStatus = ERROR_ACCESS_DENIED;
  405. }
  406. else
  407. {
  408. *lpdwAccessStatus = NO_ERROR;
  409. }
  411. return( NO_ERROR );
  412. }
  413.