mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
356 lines
8.7 KiB
356 lines
8.7 KiB
//////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Microsoft WMIOLE DB Provider
|
|
// (C) Copyright 1999 Microsoft Corporation. All Rights Reserved.
|
|
//
|
|
//
|
|
// IObjAccessControl.cpp - IObjectAccessControl interface implementation
|
|
//
|
|
//////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include "headers.h"
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::GetObjectAccessRights
|
|
//
|
|
// Gets a list of all access rights
|
|
//
|
|
// Returns one of the following values:
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::GetObjectAccessRights( SEC_OBJECT *pObject,
|
|
ULONG *pcAccessEntries,
|
|
EXPLICIT_ACCESS_W **prgAccessEntries)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
CSetStructuredExceptionHandler seh;
|
|
|
|
TRY_BLOCK;
|
|
|
|
// Serialize the object
|
|
CAutoBlock cab(DATASOURCE->GetCriticalSection());
|
|
g_pCError->ClearErrorInfo();
|
|
|
|
if (!m_pObj->m_fDSOInitialized)
|
|
{
|
|
hr = E_UNEXPECTED;
|
|
}
|
|
else
|
|
if(( *pcAccessEntries != 0 && *prgAccessEntries == NULL) ||
|
|
!pcAccessEntries || !prgAccessEntries )
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(SUCCEEDED(hr = IfValidSecObject(pObject)))
|
|
{
|
|
CBSTR strTemp(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
if(!m_pObj->m_pWbemWrap->IsValidObject(strTemp))
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
}
|
|
|
|
if(SUCCEEDED(hr))
|
|
{
|
|
ULONG ulExplicitAccess = 0;
|
|
EXPLICIT_ACCESS_W *pAccessEntriesTemp = NULL;
|
|
|
|
CBSTR strTemp(pObject->prgObjects[0].ObjectID.uName.pwszName);
|
|
|
|
hr = m_pObj->m_pWbemWrap->GetObjectAccessRights(strTemp,
|
|
&ulExplicitAccess,
|
|
&pAccessEntriesTemp,
|
|
*pcAccessEntries,
|
|
*prgAccessEntries);
|
|
|
|
}
|
|
|
|
hr = hr == S_OK ? hr :g_pCError->PostHResult(hr,&IID_IObjectAccessControl);
|
|
|
|
CATCH_BLOCK_HRESULT(hr,L"IObjectAccessControl::GetObjectAccessRights");
|
|
return hr;
|
|
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::GetObjectOwner
|
|
//
|
|
// Get the owner of the object
|
|
//
|
|
// Returns one of the following values:
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::GetObjectOwner( SEC_OBJECT *pObject,TRUSTEE_W ** ppOwner)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
CSetStructuredExceptionHandler seh;
|
|
|
|
TRY_BLOCK;
|
|
|
|
// Serialize the object
|
|
CAutoBlock cab(DATASOURCE->GetCriticalSection());
|
|
g_pCError->ClearErrorInfo();
|
|
|
|
if (m_pObj->m_fDSOInitialized)
|
|
{
|
|
hr = E_UNEXPECTED;
|
|
}
|
|
else
|
|
if( *ppOwner == NULL)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(SUCCEEDED(hr = IfValidSecObject(pObject)))
|
|
{
|
|
{
|
|
CBSTR strTemp(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
if(!m_pObj->m_pWbemWrap->IsValidObject(strTemp))
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
}
|
|
}
|
|
|
|
if(SUCCEEDED(hr))
|
|
{
|
|
CBSTR strObj(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
hr = m_pObj->m_pWbemWrap->GetObjectOwner(strObj,ppOwner);
|
|
}
|
|
|
|
|
|
|
|
hr = hr == S_OK ? hr :g_pCError->PostHResult(hr,&IID_IObjectAccessControl);
|
|
|
|
CATCH_BLOCK_HRESULT(hr,L"IObjectAccessControl::GetObjectOwner");
|
|
return hr;
|
|
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::IsObjectAccessAllowed
|
|
//
|
|
// Checks if the a trustee has the given access on the object
|
|
//
|
|
// Returns one of the following values:
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::IsObjectAccessAllowed( SEC_OBJECT *pObject,
|
|
EXPLICIT_ACCESS_W *pAccessEntry,
|
|
BOOL *pfResult)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
CSetStructuredExceptionHandler seh;
|
|
|
|
TRY_BLOCK;
|
|
|
|
// Serialize the object
|
|
CAutoBlock cab(DATASOURCE->GetCriticalSection());
|
|
g_pCError->ClearErrorInfo();
|
|
|
|
if (m_pObj->m_fDSOInitialized)
|
|
{
|
|
hr = E_UNEXPECTED;
|
|
}
|
|
else
|
|
if(pAccessEntry == NULL || !pfResult)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(SUCCEEDED(hr = IfValidSecObject(pObject)))
|
|
{
|
|
CBSTR strTemp(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
if(!m_pObj->m_pWbemWrap->IsValidObject(strTemp))
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
}
|
|
|
|
if(SUCCEEDED(hr))
|
|
{
|
|
CBSTR strObj(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
hr = m_pObj->m_pWbemWrap->IsObjectAccessAllowed(strObj,pAccessEntry,pfResult);
|
|
}
|
|
|
|
|
|
hr = hr == S_OK ? hr :g_pCError->PostHResult(hr,&IID_IObjectAccessControl);
|
|
CATCH_BLOCK_HRESULT(hr,L"IObjectAccessControl::IsObjectAccessAllowed");
|
|
return hr;
|
|
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::SetObjectAccessRights
|
|
//
|
|
// Set the AccessRights for a particular object
|
|
//
|
|
// Returns one of the following values:
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::SetObjectAccessRights( SEC_OBJECT *pObject,
|
|
ULONG cAccessEntries,
|
|
EXPLICIT_ACCESS_W *prgAccessEntries)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
CSetStructuredExceptionHandler seh;
|
|
|
|
TRY_BLOCK;
|
|
|
|
// Serialize the object
|
|
CAutoBlock cab(DATASOURCE->GetCriticalSection());
|
|
g_pCError->ClearErrorInfo();
|
|
|
|
if (m_pObj->m_fDSOInitialized)
|
|
{
|
|
hr = E_UNEXPECTED;
|
|
}
|
|
else
|
|
if(( cAccessEntries != 0 && prgAccessEntries == NULL) ||
|
|
!pObject)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(SUCCEEDED(hr = IfValidSecObject(pObject)))
|
|
{
|
|
if(cAccessEntries != 0)
|
|
{
|
|
CBSTR strTemp(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
if(!m_pObj->m_pWbemWrap->IsValidObject(strTemp))
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
|
|
if(SUCCEEDED(hr))
|
|
{
|
|
ULONG ulExplicitAccess = 0;
|
|
EXPLICIT_ACCESS_W *pAccessEntriesTemp = NULL;
|
|
|
|
CBSTR strTemp(pObject->prgObjects[0].ObjectID.uName.pwszName);
|
|
hr = m_pObj->m_pWbemWrap->SetObjectAccessRights(strTemp,
|
|
cAccessEntries,
|
|
prgAccessEntries);
|
|
|
|
}
|
|
}
|
|
}
|
|
hr = hr == S_OK ? hr :g_pCError->PostHResult(hr,&IID_IObjectAccessControl);
|
|
|
|
CATCH_BLOCK_HRESULT(hr,L"IObjectAccessControl::SetObjectAccessRights");
|
|
return hr;
|
|
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::SetObjectOwner
|
|
//
|
|
// Set Owner for a particular object
|
|
//
|
|
// Returns one of the following values:
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::SetObjectOwner( SEC_OBJECT *pObject,TRUSTEE_W *pOwner)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
CSetStructuredExceptionHandler seh;
|
|
|
|
TRY_BLOCK;
|
|
|
|
// Serialize the object
|
|
CAutoBlock cab(DATASOURCE->GetCriticalSection());
|
|
g_pCError->ClearErrorInfo();
|
|
|
|
if (m_pObj->m_fDSOInitialized)
|
|
{
|
|
hr = E_UNEXPECTED;
|
|
}
|
|
else
|
|
if(!pOwner)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(SUCCEEDED(hr = IfValidSecObject(pObject)))
|
|
{
|
|
CBSTR strTemp(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
if(!m_pObj->m_pWbemWrap->IsValidObject(strTemp))
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
}
|
|
|
|
if(SUCCEEDED(hr))
|
|
{
|
|
CBSTR strObj(pObject->prgObjects->ObjectID.uName.pwszName);
|
|
hr = m_pObj->m_pWbemWrap->SetObjectOwner(strObj,pOwner);
|
|
}
|
|
|
|
|
|
hr = hr == S_OK ? hr :g_pCError->PostHResult(hr,&IID_IObjectAccessControl);
|
|
|
|
CATCH_BLOCK_HRESULT(hr,L"IObjectAccessControl::SetObjectOwner");
|
|
return hr;
|
|
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// CImpIObjectAccessControl::IfValidSecObject
|
|
//
|
|
// a function to validate SEC_OBJECT parameter
|
|
//
|
|
// Returns one of the following values:
|
|
// E_INVALIDARG
|
|
// SEC_E_INVALIDOBJECT
|
|
|
|
///////////////////////////////////////////////////////////////////////////////////////////////////////////
|
|
STDMETHODIMP CImpIObjectAccessControl::IfValidSecObject(SEC_OBJECT *pObject)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
|
|
if(!pObject)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if((pObject->cObjects != 0 && pObject->prgObjects == NULL) ||
|
|
pObject->cObjects > 1)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else
|
|
if(pObject->cObjects == 0 )
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
else
|
|
// WMIOLEDB allows setting/setting security for only one object
|
|
if(pObject->cObjects != 1)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
else if(pObject->prgObjects[0].guidObjectType != DBOBJECT_TABLE &&
|
|
pObject->prgObjects[0].guidObjectType != DBOBJECT_DATABASE &&
|
|
pObject->prgObjects[0].guidObjectType != DBOBJECT_WMIINSTANCE)
|
|
{
|
|
hr = SEC_E_INVALIDOBJECT;
|
|
}
|
|
else
|
|
if(pObject->prgObjects->ObjectID.eKind != DBKIND_NAME)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
}
|
|
|
|
|
|
return hr;
|
|
|
|
}
|
|
|
|
|