archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/printscan/fax/admin/faxadmin/faxsecinfo.cpp

930 lines
30 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. faxsecinfo.h
  9. Abstract:
  11. This header is the ISecurityInformation implmentation used to instantiate a
  12. security page.
  14. Environment:
  16. WIN32 User Mode
  18. Author:
  20. Darwin Ouyang (t-darouy) 30-Sept-1997
  22. --*/
  25. // FaxSnapin.cpp : Implementation of CFaxSnapinAbout
  26. #include "stdafx.h"
  27. #include "faxadmin.h"
  29. #include "faxsecinfo.h"
  30. #include "faxstrt.h" // string table
  31. #include "faxcompd.h" // IComponentData
  33. #include "inode.h" // CInternalNode
  34. #include "iroot.h" // CInternalRoot
  36. #include <faxreg.h> // contains FAXSTAT_WINCLASS definition
  38. #pragma hdrstop
  40. GENERIC_MAPPING FaxGenericMapping[] =
  41. {
  42. {
  43. STANDARD_RIGHTS_READ,
  44. STANDARD_RIGHTS_WRITE,
  45. STANDARD_RIGHTS_EXECUTE,
  46. STANDARD_RIGHTS_REQUIRED
  47. }
  48. };
  50. SI_ACCESS siFaxAccesses[] =
  51. {
  52. // submit permission
  53. {
  54. &GUID_NULL,
  55. FAX_JOB_SUBMIT | STANDARD_RIGHTS_WRITE,
  56. MAKEINTRESOURCE(IDS_FAXSEC_JOB_SUB),
  57. SI_ACCESS_GENERAL
  58. },
  60. // query permission
  61. {
  62. &GUID_NULL,
  63. FAX_JOB_QUERY | STANDARD_RIGHTS_READ,
  64. MAKEINTRESOURCE(IDS_FAXSEC_JOB_QRY),
  65. SI_ACCESS_GENERAL
  66. },
  68. {
  69. &GUID_NULL,
  70. FAX_CONFIG_QUERY | STANDARD_RIGHTS_READ,
  71. MAKEINTRESOURCE(IDS_FAXSEC_CONFIG_QRY),
  72. SI_ACCESS_GENERAL
  73. },
  75. {
  76. &GUID_NULL,
  77. FAX_PORT_QUERY | STANDARD_RIGHTS_READ,
  78. MAKEINTRESOURCE(IDS_FAXSEC_PORT_QRY),
  79. SI_ACCESS_GENERAL
  80. },
  82. // manage permission
  84. {
  85. &GUID_NULL,
  86. FAX_JOB_MANAGE | STANDARD_RIGHTS_ALL,
  87. MAKEINTRESOURCE(IDS_FAXSEC_JOB_MNG),
  88. SI_ACCESS_GENERAL
  89. },
  91. {
  92. &GUID_NULL,
  93. FAX_CONFIG_SET | STANDARD_RIGHTS_ALL,
  94. MAKEINTRESOURCE(IDS_FAXSEC_CONFIG_SET),
  95. SI_ACCESS_GENERAL
  96. },
  98. {
  99. &GUID_NULL,
  100. FAX_PORT_SET | STANDARD_RIGHTS_ALL,
  101. MAKEINTRESOURCE(IDS_FAXSEC_PORT_SET),
  102. SI_ACCESS_GENERAL
  103. },
  105. // custom access (We don't expose this access, but it is the default access when adding new permissions)
  106. {
  107. &GUID_NULL,
  108. FAX_READ | FAX_WRITE,
  109. TEXT("foobar"),
  110. SI_ACCESS_GENERAL
  111. }
  113. };
  115. #define iFaxDefSecurity 7
  117. CFaxSecurityInformation::CFaxSecurityInformation()
  118. : m_pDescriptor( NULL ),
  119. m_pCompData( NULL ),
  120. m_pOwner( NULL ),
  121. m_dwDescID( 0 ),
  122. m_pAbsoluteDescriptor( NULL ),
  123. m_pDacl( NULL ),
  124. m_pSacl( NULL ),
  125. m_pDescOwner( NULL ),
  126. m_pPrimaryGroup( NULL )
  127. {
  128. DebugPrint(( TEXT("CFaxSecurityInfo Created") ));
  129. }
  131. CFaxSecurityInformation::~CFaxSecurityInformation()
  132. {
  133. DebugPrint(( TEXT("CFaxSecurityInfo Destroyed") ));
  135. if( m_pDescriptor != NULL ) {
  136. ::LocalFree( m_pDescriptor );
  137. m_pDescriptor = NULL;
  138. }
  140. }
  142. /////////////////////////////////////////////////////////////////////////////
  143. // CFaxSecurityInformation
  144. // *** ISecurityInformation methods ***
  146. HRESULT
  147. STDMETHODCALLTYPE
  148. CFaxSecurityInformation::GetObjectInformation(
  149. IN OUT PSI_OBJECT_INFO pObjectInfo
  150. )
  151. {
  152. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::GetObjectInformation") ));
  154. assert( pObjectInfo != NULL );
  156. if( pObjectInfo == NULL ) {
  157. return E_POINTER;
  158. }
  160. pObjectInfo->dwFlags = SI_NO_TREE_APPLY | SI_EDIT_ALL | SI_NO_ACL_PROTECT;
  161. pObjectInfo->hInstance = ::GlobalStringTable->GetInstance();
  162. pObjectInfo->pszServerName = m_pCompData->globalRoot->GetMachine();
  163. pObjectInfo->pszObjectName = ::GlobalStringTable->GetString( IDS_SECURITY_CAT_NODE_DESC );
  165. return S_OK;
  166. }
  168. HRESULT
  169. STDMETHODCALLTYPE
  170. CFaxSecurityInformation::GetSecurity(
  171. IN SECURITY_INFORMATION RequestedInformation,
  172. OUT PSECURITY_DESCRIPTOR *ppSecurityDescriptor,
  173. IN BOOL fDefault
  174. )
  175. {
  176. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::GetSecurity") ));
  178. SetSecurityDescriptor( m_dwDescID );
  180. if( fDefault == TRUE ) {
  181. return E_NOTIMPL;
  182. } else {
  183. if( RequestedInformation & DACL_SECURITY_INFORMATION ||
  184. RequestedInformation & OWNER_SECURITY_INFORMATION ||
  185. RequestedInformation & GROUP_SECURITY_INFORMATION ||
  186. RequestedInformation & SACL_SECURITY_INFORMATION
  187. )
  188. {
  189. if( IsValidSecurityDescriptor( m_pDescriptor ) ) {
  190. if( FAILED( MakeSelfRelativeCopy( m_pDescriptor, ppSecurityDescriptor ) ) ) {
  191. assert( FALSE );
  192. return E_UNEXPECTED;
  193. }
  194. // paranoia check
  195. if( !IsValidSecurityDescriptor( *ppSecurityDescriptor ) ) {
  196. assert( FALSE );
  197. return E_UNEXPECTED;
  198. }
  200. return S_OK;
  201. } else {
  202. assert( FALSE );
  203. return E_UNEXPECTED;
  204. }
  205. } else {
  206. return E_NOTIMPL;
  207. }
  208. }
  209. }
  211. HRESULT
  212. STDMETHODCALLTYPE
  213. CFaxSecurityInformation::SetSecurity(
  214. IN SECURITY_INFORMATION SecurityInformation,
  215. IN PSECURITY_DESCRIPTOR pSecurityDescriptor
  216. )
  217. {
  218. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::SetSecurity") ));
  220. FAX_SECURITY_DESCRIPTOR temp;
  221. BOOL bResult;
  222. BOOL bPresent;
  223. BOOL bDefaulted;
  225. PACL pDacl = NULL;
  226. PACL pOldDacl = NULL;
  227. DWORD dwDaclSize = 0;
  228. PACL pSacl = NULL;
  229. DWORD dwSaclSize = 0;
  230. PSID pSidOwner = NULL;
  231. DWORD dwOwnerSize = 0;
  232. PSID pPrimaryGroup = NULL;
  233. DWORD dwPrimaryGroupSize = 0;
  235. SetSecurityDescriptor( m_dwDescID );
  237. // paranoia check
  238. if( !IsValidSecurityDescriptor( pSecurityDescriptor ) ) {
  239. assert( FALSE );
  240. return E_UNEXPECTED;
  241. }
  242. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  243. assert( FALSE );
  244. return E_UNEXPECTED;
  245. }
  246. if( !IsValidSecurityDescriptor( m_pDescriptor ) ) {
  247. assert( FALSE );
  248. return E_UNEXPECTED;
  249. }
  251. if( SecurityInformation & DACL_SECURITY_INFORMATION ) {
  252. // if the descriptor we got has a DACL
  253. if( !GetSecurityDescriptorDacl(
  254. pSecurityDescriptor, // address of security descriptor
  255. &bPresent, // address of flag for presence of disc. ACL
  256. &pDacl, // address of pointer to ACL
  257. &bDefaulted // address of flag for default disc. ACL
  258. )
  259. ) {
  260. assert( FALSE );
  261. return E_UNEXPECTED;
  262. } else {
  263. if( bPresent ) {
  264. // delete the old DACL
  265. if( m_pDacl != NULL ) {
  266. ::LocalFree( (PVOID) m_pDacl );
  267. m_pDacl = NULL;
  268. }
  270. m_pDacl = pDacl;
  272. // set the new DACL
  273. if( !SetSecurityDescriptorDacl(
  274. m_pAbsoluteDescriptor,
  275. bPresent,
  276. pDacl,
  277. FALSE
  278. )
  279. ) {
  280. assert( FALSE );
  281. return E_UNEXPECTED;
  282. }
  283. }
  284. }
  285. }
  287. if( SecurityInformation & SACL_SECURITY_INFORMATION ) {
  288. // if the descriptor we got has a SACL
  289. if( !GetSecurityDescriptorSacl(
  290. pSecurityDescriptor, // address of security descriptor
  291. &bPresent, // address of flag for presence of disc. ACL
  292. &pDacl, // address of pointer to ACL
  293. &bDefaulted // address of flag for default disc. ACL
  294. )
  295. ) {
  296. assert( FALSE );
  297. return E_UNEXPECTED;
  298. } else {
  299. if( bPresent ) {
  300. // delete the old SACL
  301. if( m_pSacl != NULL ) {
  302. ::LocalFree( (PVOID) m_pSacl );
  303. m_pSacl = NULL;
  304. }
  306. m_pSacl = pSacl;
  308. // set the new SACL
  309. if( !SetSecurityDescriptorSacl(
  310. m_pAbsoluteDescriptor,
  311. bPresent,
  312. pSacl,
  313. FALSE
  314. )
  315. ) {
  316. assert( FALSE );
  317. return E_UNEXPECTED;
  318. }
  319. }
  320. }
  321. }
  323. if( SecurityInformation & OWNER_SECURITY_INFORMATION ) {
  324. // if the descriptor we got has a OWNER
  325. if( !GetSecurityDescriptorOwner(
  326. pSecurityDescriptor, // address of security descriptor
  327. &pSidOwner, // address of pointer to ACL
  328. &bDefaulted // address of flag for default disc. ACL
  329. )
  330. ) {
  331. assert( FALSE );
  332. return E_UNEXPECTED;
  333. } else {
  334. if( pSidOwner != NULL ) {
  335. // delete the old OWNER
  336. if( m_pDescOwner != NULL ) {
  337. ::LocalFree( (PVOID) m_pDescOwner );
  338. m_pDescOwner = NULL;
  339. }
  341. m_pDescOwner = pSidOwner;
  343. // set the new owner
  344. if( !SetSecurityDescriptorOwner(
  345. m_pAbsoluteDescriptor,
  346. pSidOwner,
  347. FALSE
  348. )
  349. ) {
  350. assert( FALSE );
  351. return E_UNEXPECTED;
  352. }
  353. }
  354. }
  355. }
  357. if( SecurityInformation & GROUP_SECURITY_INFORMATION ) {
  358. // if the descriptor we got has a GROUP
  359. if( !GetSecurityDescriptorGroup(
  360. pSecurityDescriptor, // address of security descriptor
  361. &pPrimaryGroup, // address of pointer to ACL
  362. &bDefaulted // address of flag for default disc. ACL
  363. )
  364. ) {
  365. assert( FALSE );
  366. return E_UNEXPECTED;
  367. } else {
  368. if( pPrimaryGroup != NULL ) {
  370. // delete the old group
  371. if( m_pPrimaryGroup != NULL ) {
  372. ::LocalFree( (PVOID) m_pPrimaryGroup );
  373. m_pPrimaryGroup = NULL;
  374. }
  375. m_pPrimaryGroup = pPrimaryGroup;
  377. // set the new group
  378. if( !SetSecurityDescriptorGroup(
  379. m_pAbsoluteDescriptor,
  380. pPrimaryGroup,
  381. FALSE
  382. )
  383. ) {
  384. assert( FALSE );
  385. return E_UNEXPECTED;
  386. }
  387. }
  388. }
  389. }
  391. // release the old relative desciptor
  392. if( m_pDescriptor != NULL ) {
  393. ::LocalFree( (PVOID)m_pDescriptor );
  394. m_pDescriptor = NULL;
  395. }
  397. // paranoia check
  398. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  399. assert( FALSE );
  400. return E_UNEXPECTED;
  401. }
  403. // copy the new absolute descriptor to a relative version
  404. if( FAILED( MakeSelfRelativeCopy( m_pAbsoluteDescriptor, &m_pDescriptor ) ) ) {
  405. assert( FALSE );
  406. return E_UNEXPECTED;
  407. }
  409. // paranoia check
  410. if( !IsValidSecurityDescriptor( m_pDescriptor ) ) {
  411. assert( FALSE );
  412. return E_UNEXPECTED;
  413. }
  414. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  415. assert( FALSE );
  416. return E_UNEXPECTED;
  417. }
  419. // save the new relative descriptor to the fax server
  420. temp.Id = m_dwDescID;
  421. temp.FriendlyName = NULL;
  422. temp.SecurityDescriptor = (unsigned char *)m_pDescriptor;
  423. try {
  424. bResult = FaxSetSecurityDescriptor( m_pCompData->m_FaxHandle, &temp );
  425. if( bResult == FALSE ) {
  426. ::GlobalStringTable->SystemErrorMsg( GetLastError() );
  427. assert( FALSE );
  428. }
  429. } catch( ... ) {
  430. bResult = FALSE;
  431. m_pCompData->NotifyRpcError( TRUE );
  432. assert( FALSE );
  433. ::GlobalStringTable->SystemErrorMsg( GetLastError() );
  434. }
  436. // paranoia check
  437. if( !IsValidSecurityDescriptor( m_pDescriptor ) ) {
  438. assert( FALSE );
  439. return E_UNEXPECTED;
  440. }
  442. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  443. assert( FALSE );
  444. return E_UNEXPECTED;
  445. }
  447. // See if faxstat is running
  448. HWND hWndFaxStat = FindWindow(FAXSTAT_WINCLASS, NULL);
  449. if (hWndFaxStat) {
  450. PostMessage(hWndFaxStat, WM_FAXSTAT_MMC, 0, 0);
  451. }
  453. return S_OK;
  454. }
  456. HRESULT
  457. STDMETHODCALLTYPE
  458. CFaxSecurityInformation::GetAccessRights(
  459. IN const GUID* pguidObjectType,
  460. IN DWORD dwFlags, // SI_EDIT_AUDITS, SI_EDIT_PROPERTIES
  461. OUT PSI_ACCESS *ppAccess,
  462. OUT ULONG *pcAccesses,
  463. OUT ULONG *piDefaultAccess
  464. )
  465. {
  466. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::GetAccessRights") ));
  467. *ppAccess = siFaxAccesses;
  468. *pcAccesses = 7;
  469. *piDefaultAccess = iFaxDefSecurity;
  471. return S_OK;
  472. }
  474. HRESULT
  475. STDMETHODCALLTYPE
  476. CFaxSecurityInformation::MapGeneric(
  477. IN const GUID *pguidObjectType,
  478. IN UCHAR *pAceFlags,
  479. IN OUT ACCESS_MASK *pMask
  480. )
  481. {
  482. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::MapGeneric") ));
  483. MapGenericMask( pMask, FaxGenericMapping );
  485. return S_OK;
  486. }
  488. // no need to impl these
  490. HRESULT
  491. STDMETHODCALLTYPE
  492. CFaxSecurityInformation::GetInheritTypes(
  493. OUT PSI_INHERIT_TYPE *ppInheritTypes,
  494. OUT ULONG *pcInheritTypes
  495. )
  496. {
  497. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::GetInheritTypes") ));
  498. return E_NOTIMPL;
  499. }
  501. HRESULT
  502. STDMETHODCALLTYPE
  503. CFaxSecurityInformation::PropertySheetPageCallback(
  504. IN HWND hwnd,
  505. IN UINT uMsg,
  506. IN SI_PAGE_TYPE uPage
  507. )
  508. {
  509. DebugPrint(( TEXT("Trace: CFaxSecurityInformation::PropertySheetPageCallback") ));
  511. if( uMsg == PSPCB_RELEASE ) {
  512. DestroyAbsoluteDescriptor();
  513. }
  515. return S_OK;
  516. }
  518. // Internal Methods
  520. HRESULT
  521. CFaxSecurityInformation::SetOwner(
  522. CInternalNode * toSet )
  523. {
  524. DebugPrint(( TEXT(" * Trace: CFaxSecurityInformation::SetOwner") ));
  526. assert( toSet != NULL );
  528. m_pOwner = toSet;
  529. m_pCompData = m_pOwner->m_pCompData;
  531. return S_OK;
  532. }
  534. HRESULT
  535. CFaxSecurityInformation::SetSecurityDescriptor(
  536. DWORD FaxDescriptorId
  537. )
  538. {
  539. DebugPrint(( TEXT(" * Trace: CFaxSecurityInformation::SetSecurityDescriptor") ));
  541. DWORD descLen = 0;
  542. HRESULT hr = S_OK;
  543. PFAX_SECURITY_DESCRIPTOR FaxDescriptor = NULL;
  544. BOOL bResult;
  546. try {
  547. bResult = FaxGetSecurityDescriptor( m_pOwner->m_pCompData->m_FaxHandle, FaxDescriptorId, &FaxDescriptor );
  548. } catch( ... ) {
  549. bResult = FALSE;
  550. assert( FALSE );
  551. }
  553. if( bResult ) {
  554. if( !IsValidSecurityDescriptor( FaxDescriptor->SecurityDescriptor ) ) {
  555. assert( FALSE );
  556. return E_UNEXPECTED;
  557. }
  559. m_dwDescID = FaxDescriptor->Id;
  561. hr = MakeSelfRelativeCopy( FaxDescriptor->SecurityDescriptor, &m_pDescriptor );
  562. if( FAILED( hr ) ) {
  563. assert( FALSE );
  564. return hr;
  565. }
  567. FaxFreeBuffer( FaxDescriptor );
  569. hr = MakeAbsoluteCopyFromRelative( m_pDescriptor, &m_pAbsoluteDescriptor );
  570. if( FAILED( hr ) ) {
  571. assert( FALSE );
  572. return hr;
  573. }
  575. // paranoia check
  576. if( !IsValidSecurityDescriptor( m_pDescriptor ) ) {
  577. assert( FALSE );
  578. return E_UNEXPECTED;
  579. }
  580. // paranoia check
  581. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  582. assert( FALSE );
  583. return E_UNEXPECTED;
  584. }
  586. } else {
  587. if (GetLastError() != ERROR_ACCESS_DENIED) {
  588. assert( FALSE );
  589. m_pOwner->m_pCompData->NotifyRpcError( TRUE );
  590. }
  591. ::GlobalStringTable->SystemErrorMsg( GetLastError() );
  592. hr = E_UNEXPECTED;
  593. }
  594. return hr;
  595. }
  598. // stolen from \private\admin\snapin\filemgmt\permpage.cpp and modified
  599. HRESULT CFaxSecurityInformation::MakeSelfRelativeCopy(
  600. PSECURITY_DESCRIPTOR psdOriginal,
  601. PSECURITY_DESCRIPTOR* ppsdNew
  602. )
  603. {
  604. DebugPrint(( TEXT(" * Trace: CFaxSecurityInformation::MakeSelfRelativeCopy") ));
  605. assert( NULL != psdOriginal );
  607. // we have to find out whether the original is already self-relative
  608. SECURITY_DESCRIPTOR_CONTROL sdc = 0;
  609. PSECURITY_DESCRIPTOR psdSelfRelativeCopy = NULL;
  610. DWORD dwRevision = 0;
  611. DWORD cb = 0;
  613. if( !IsValidSecurityDescriptor( psdOriginal ) ) {
  614. assert( FALSE );
  615. return E_INVALIDARG;
  616. }
  618. if( !::GetSecurityDescriptorControl( psdOriginal, &sdc, &dwRevision ) ) {
  619. assert( FALSE );
  620. DWORD err = ::GetLastError();
  621. return HRESULT_FROM_WIN32( err );
  622. }
  624. if( sdc & SE_SELF_RELATIVE ) {
  625. // the original is in self-relative format, just byte-copy it
  627. // get size
  628. cb = ::GetSecurityDescriptorLength( psdOriginal );
  630. // alloc the memory
  631. psdSelfRelativeCopy = (PSECURITY_DESCRIPTOR) ::LocalAlloc( LMEM_ZEROINIT, cb );
  632. if(NULL == psdSelfRelativeCopy) {
  633. assert( FALSE );
  634. return E_OUTOFMEMORY;
  635. }
  637. // make the copy
  638. ::memcpy( psdSelfRelativeCopy, psdOriginal, cb );
  639. } else {
  640. // the original is in absolute format, convert-copy it
  642. // get new size - it will fail and set cb to the correct buffer size
  643. ::MakeSelfRelativeSD( psdOriginal, NULL, &cb );
  645. // alloc the new amount of memory
  646. psdSelfRelativeCopy = (PSECURITY_DESCRIPTOR) ::LocalAlloc( LMEM_ZEROINIT, cb );
  647. if(NULL == psdSelfRelativeCopy) {
  648. assert( FALSE );
  649. return E_OUTOFMEMORY; // just in case the exception is ignored
  650. }
  652. if( !::MakeSelfRelativeSD( psdOriginal, psdSelfRelativeCopy, &cb ) ) {
  653. assert( FALSE );
  654. if( NULL == ::LocalFree( psdSelfRelativeCopy ) ) {
  655. DWORD err = ::GetLastError();
  656. return HRESULT_FROM_WIN32( err );
  657. }
  658. psdSelfRelativeCopy = NULL;
  659. }
  660. }
  662. *ppsdNew = psdSelfRelativeCopy;
  663. return S_OK;
  664. }
  666. HRESULT CFaxSecurityInformation::MakeAbsoluteCopyFromRelative(
  667. PSECURITY_DESCRIPTOR psdOriginal,
  668. PSECURITY_DESCRIPTOR* ppsdNew
  669. )
  670. {
  671. assert( NULL != psdOriginal );
  673. DebugPrint(( TEXT(" * Trace: CFaxSecurityInformation::MakeAbsoluteCopyFromRelative") ));
  675. // we have to find out whether the original is already self-relative
  676. SECURITY_DESCRIPTOR_CONTROL sdc = 0;
  677. PSECURITY_DESCRIPTOR psdAbsoluteCopy = NULL;
  678. DWORD dwRevision = 0;
  679. DWORD cb = 0;
  681. BOOL bDefaulted;
  683. DWORD dwDaclSize = 0;
  684. BOOL bDaclPresent = FALSE;
  685. DWORD dwSaclSize = 0;
  686. BOOL bSaclPresent = FALSE;
  688. DWORD dwOwnerSize = 0;
  689. DWORD dwPrimaryGroupSize = 0;
  691. HRESULT hr = S_OK;
  693. if( !IsValidSecurityDescriptor( psdOriginal ) ) {
  694. assert( FALSE );
  695. return E_INVALIDARG;
  696. }
  698. if( !::GetSecurityDescriptorControl( psdOriginal, &sdc, &dwRevision ) ) {
  699. assert( FALSE );
  700. DWORD err = ::GetLastError();
  701. hr = HRESULT_FROM_WIN32( err );
  702. goto cleanup;
  703. }
  705. if( sdc & SE_SELF_RELATIVE ) {
  706. // the original is in self-relative format, build an absolute copy
  708. // get the dacl
  709. if( !GetSecurityDescriptorDacl(
  710. psdOriginal, // address of security descriptor
  711. &bDaclPresent, // address of flag for presence of disc. ACL
  712. &m_pDacl, // address of pointer to ACL
  713. &bDefaulted // address of flag for default disc. ACL
  714. )
  715. ) {
  716. assert( FALSE );
  717. hr = E_INVALIDARG;
  718. goto cleanup;
  720. }
  722. // get the sacl
  723. if( !GetSecurityDescriptorSacl(
  724. psdOriginal, // address of security descriptor
  725. &bSaclPresent, // address of flag for presence of disc. ACL
  726. &m_pSacl, // address of pointer to ACL
  727. &bDefaulted // address of flag for default disc. ACL
  728. )
  729. ) {
  730. assert( FALSE );
  731. hr = E_INVALIDARG;
  732. goto cleanup;
  734. }
  736. // get the owner
  737. if( !GetSecurityDescriptorOwner(
  738. psdOriginal, // address of security descriptor
  739. &m_pDescOwner, // address of pointer to owner security
  740. // identifier (SID)
  741. &bDefaulted // address of flag for default
  742. )
  743. ) {
  744. assert( FALSE );
  745. hr = E_INVALIDARG;
  746. goto cleanup;
  747. }
  749. // get the group
  750. if( !GetSecurityDescriptorGroup(
  751. psdOriginal, // address of security descriptor
  752. &m_pPrimaryGroup, // address of pointer to owner security
  753. // identifier (SID)
  754. &bDefaulted // address of flag for default
  755. )
  756. ) {
  757. assert( FALSE );
  758. hr = E_INVALIDARG;
  759. goto cleanup;
  760. }
  762. // get required buffer size
  763. cb = 0;
  764. MakeAbsoluteSD(
  765. psdOriginal, // address of self-relative SD
  766. psdAbsoluteCopy, // address of absolute SD
  767. &cb, // address of size of absolute SD
  768. NULL, // address of discretionary ACL
  769. &dwDaclSize, // address of size of discretionary ACL
  770. NULL, // address of system ACL
  771. &dwSaclSize, // address of size of system ACL
  772. NULL, // address of owner SID
  773. &dwOwnerSize, // address of size of owner SID
  774. NULL, // address of primary-group SID
  775. &dwPrimaryGroupSize // address of size of group SID
  776. );
  778. // alloc the memory
  779. psdAbsoluteCopy = (PSECURITY_DESCRIPTOR) ::LocalAlloc( LMEM_ZEROINIT, cb );
  780. m_pDacl = (PACL) ::LocalAlloc( LMEM_ZEROINIT, dwDaclSize );
  781. m_pSacl = (PACL) ::LocalAlloc( LMEM_ZEROINIT, dwSaclSize );
  782. m_pDescOwner = (PSID) ::LocalAlloc( LMEM_ZEROINIT, dwOwnerSize );
  783. m_pPrimaryGroup = (PSID) ::LocalAlloc( LMEM_ZEROINIT, dwPrimaryGroupSize );
  785. if(NULL == psdAbsoluteCopy ||
  786. NULL == m_pDacl ||
  787. NULL == m_pSacl ||
  788. NULL == m_pDescOwner ||
  789. NULL == m_pPrimaryGroup
  790. ) {
  791. assert( FALSE );
  792. hr = E_OUTOFMEMORY;
  793. goto cleanup;
  794. }
  796. // make the copy
  797. if( !MakeAbsoluteSD(
  798. psdOriginal, // address of self-relative SD
  799. psdAbsoluteCopy, // address of absolute SD
  800. &cb, // address of size of absolute SD
  801. m_pDacl, // address of discretionary ACL
  802. &dwDaclSize, // address of size of discretionary ACL
  803. m_pSacl, // address of system ACL
  804. &dwSaclSize, // address of size of system ACL
  805. m_pDescOwner, // address of owner SID
  806. &dwOwnerSize, // address of size of owner SID
  807. m_pPrimaryGroup, // address of primary-group SID
  808. &dwPrimaryGroupSize // address of size of group SID
  809. )
  810. ) {
  811. assert( FALSE );
  812. hr = E_UNEXPECTED;
  813. goto cleanup;
  814. }
  815. } else {
  816. // the original is in absolute format, fail
  817. *ppsdNew = NULL;
  818. hr = E_INVALIDARG;
  819. goto cleanup;
  820. }
  822. *ppsdNew = psdAbsoluteCopy;
  824. // paranoia check
  825. if( !IsValidSecurityDescriptor( *ppsdNew ) ) {
  826. assert( FALSE );
  827. hr = E_UNEXPECTED;
  828. goto cleanup;
  829. }
  830. if( !IsValidSecurityDescriptor( psdOriginal ) ) {
  831. assert( FALSE );
  832. hr = E_UNEXPECTED;
  833. goto cleanup;
  834. }
  836. return hr;
  838. cleanup:
  839. if( m_pDacl != NULL && bDaclPresent == TRUE ) {
  840. ::LocalFree((PVOID) m_pDacl );
  841. m_pDacl = NULL;
  842. }
  843. if( m_pSacl != NULL && bSaclPresent == TRUE ) {
  844. ::LocalFree((PVOID) m_pSacl );
  845. m_pSacl = NULL;
  846. }
  847. if( m_pDescOwner != NULL ) {
  848. ::LocalFree((PVOID) m_pOwner );
  849. m_pDescOwner = NULL;
  850. }
  851. if( m_pPrimaryGroup != NULL ) {
  852. ::LocalFree((PVOID) m_pPrimaryGroup );
  853. m_pPrimaryGroup = NULL;
  854. }
  855. if( psdAbsoluteCopy != NULL ) {
  856. ::LocalFree((PVOID) psdAbsoluteCopy );
  857. psdAbsoluteCopy = NULL;
  858. }
  860. return hr;
  861. }
  863. // cleanup function only called by destructor.
  864. HRESULT CFaxSecurityInformation::DestroyAbsoluteDescriptor()
  865. {
  866. DebugPrint(( TEXT(" * Trace: CFaxSecurityInformation::DestroyAbsoluteDescriptor") ));
  868. SECURITY_DESCRIPTOR_CONTROL sdc = 0;
  870. DWORD dwRevision = 0;
  871. DWORD cb = 0;
  873. HRESULT hr = S_OK;
  875. if( m_pAbsoluteDescriptor == NULL ) {
  876. assert( FALSE );
  877. return E_POINTER;
  878. }
  880. if( !IsValidSecurityDescriptor( m_pAbsoluteDescriptor ) ) {
  881. // BUGBUG this assertion always fails for some reason unknown if
  882. // you hit apply then ok on the property sheet. something is wrong.
  883. //
  884. // for some reason, this bug does not manifest on Alpha?!
  885. //
  886. assert( FALSE );
  887. return E_INVALIDARG;
  888. }
  890. if( !::GetSecurityDescriptorControl( m_pAbsoluteDescriptor, &sdc, &dwRevision ) ) {
  891. assert( FALSE );
  892. DWORD err = ::GetLastError();
  893. hr = HRESULT_FROM_WIN32( err );
  894. goto cleanup;
  895. }
  897. if( !(sdc & SE_SELF_RELATIVE) ) {
  899. if( m_pDacl != NULL ) {
  900. ::LocalFree((PVOID) m_pDacl );
  901. m_pDacl = NULL;
  902. }
  903. if( m_pSacl != NULL ) {
  904. ::LocalFree((PVOID) m_pSacl );
  905. m_pSacl = NULL;
  906. }
  907. if( m_pDescOwner != NULL ) {
  908. ::LocalFree((PVOID) m_pDescOwner );
  909. m_pDescOwner = NULL;
  910. }
  911. if( m_pPrimaryGroup != NULL ) {
  912. ::LocalFree((PVOID) m_pPrimaryGroup );
  913. m_pPrimaryGroup = NULL;
  914. }
  915. if( m_pAbsoluteDescriptor != NULL ) {
  916. ::LocalFree((PVOID) m_pAbsoluteDescriptor );
  917. m_pAbsoluteDescriptor = NULL;
  918. }
  919. } else {
  920. // not in absolute!!
  921. assert( FALSE );
  922. return E_INVALIDARG;
  923. }
  925. return hr;
  927. cleanup:
  928. assert( FALSE );
  929. return hr;
  930. }