2013-08-28 08:32:27 +00:00
|
|
|
/*
|
|
|
|
* PROJECT: ReactOS Service Host
|
|
|
|
* LICENSE: BSD - See COPYING.ARM in the top level directory
|
|
|
|
* FILE: base/services/svchost/security.c
|
|
|
|
* PURPOSE: Initializes the COM Object Security Model and Parameters
|
|
|
|
* PROGRAMMERS: ReactOS Portable Systems Group
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* INCLUDES ******************************************************************/
|
|
|
|
|
|
|
|
extern "C"
|
|
|
|
{
|
|
|
|
#include "svchost.h"
|
2014-01-13 12:50:25 +00:00
|
|
|
|
|
|
|
#include <aclapi.h>
|
|
|
|
#include <objidl.h>
|
2013-08-28 08:32:27 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
/* GLOBALS *******************************************************************/
|
|
|
|
|
|
|
|
SID NtSid = { SID_REVISION, 1, { SECURITY_NT_AUTHORITY }, { SECURITY_LOCAL_SYSTEM_RID } };
|
|
|
|
|
|
|
|
/* FUNCTIONS *****************************************************************/
|
|
|
|
|
|
|
|
DWORD
|
|
|
|
WINAPI
|
|
|
|
DwInitializeSdFromThreadToken (
|
|
|
|
_Out_ PVOID *ppSecurityDescriptor,
|
|
|
|
_Out_ PACL *ppAcl
|
|
|
|
)
|
|
|
|
{
|
|
|
|
HANDLE hToken;
|
|
|
|
DWORD dwGroupLength, dwUserLength, dwError, dwAlignLength;
|
|
|
|
PTOKEN_PRIMARY_GROUP pTokenGroup;
|
|
|
|
PTOKEN_USER pTokenUser;
|
|
|
|
EXPLICIT_ACCESS_W pListOfExplicitEntries;
|
|
|
|
PACL pAcl = NULL;
|
|
|
|
PISECURITY_DESCRIPTOR pSd;
|
|
|
|
|
|
|
|
/* Assume failure */
|
|
|
|
*ppSecurityDescriptor = NULL;
|
|
|
|
*ppAcl = NULL;
|
|
|
|
|
|
|
|
/* Open the token of the current thread */
|
|
|
|
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, 0, &hToken) == FALSE)
|
|
|
|
{
|
|
|
|
/* The thread is not impersonating, use the process token */
|
|
|
|
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken) == FALSE)
|
|
|
|
{
|
|
|
|
/* No token could be queried, fail */
|
|
|
|
return GetLastError();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the size of the token's user */
|
|
|
|
if ((GetTokenInformation(hToken, TokenUser, NULL, 0, &dwUserLength) == FALSE) ||
|
|
|
|
(GetLastError() != ERROR_INSUFFICIENT_BUFFER))
|
|
|
|
{
|
|
|
|
return GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get the size of the token's primary group */
|
|
|
|
if ((GetTokenInformation(hToken, TokenPrimaryGroup, NULL, 0, &dwGroupLength) == FALSE) ||
|
|
|
|
(GetLastError() != ERROR_INSUFFICIENT_BUFFER))
|
|
|
|
{
|
|
|
|
return GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Allocate an SD large enough to hold the SIDs for the above */
|
|
|
|
dwAlignLength = ALIGN_UP(dwUserLength, ULONG);
|
|
|
|
pSd = (PISECURITY_DESCRIPTOR)MemAlloc(0,
|
|
|
|
dwAlignLength +
|
|
|
|
dwGroupLength +
|
|
|
|
sizeof(*pSd));
|
|
|
|
if (pSd == NULL) return ERROR_OUTOFMEMORY;
|
|
|
|
|
|
|
|
/* Assume success for now */
|
|
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
|
|
|
|
/* We'll put them right after the SD itself */
|
|
|
|
pTokenUser = (PTOKEN_USER)(pSd + 1);
|
|
|
|
pTokenGroup = (PTOKEN_PRIMARY_GROUP)((ULONG_PTR)pTokenUser + dwAlignLength);
|
|
|
|
|
|
|
|
/* Now initialize it */
|
|
|
|
if (InitializeSecurityDescriptor(pSd, SECURITY_DESCRIPTOR_REVISION) == FALSE)
|
|
|
|
{
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And do the actual query for the user */
|
|
|
|
if (GetTokenInformation(hToken,
|
|
|
|
TokenUser,
|
|
|
|
pTokenUser,
|
|
|
|
dwUserLength,
|
|
|
|
&dwUserLength) == FALSE)
|
|
|
|
{
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* And then the actual query for the primary group */
|
|
|
|
if (GetTokenInformation(hToken,
|
|
|
|
TokenPrimaryGroup,
|
|
|
|
pTokenGroup,
|
|
|
|
dwGroupLength,
|
|
|
|
&dwGroupLength) == FALSE)
|
|
|
|
{
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set the user as owner */
|
|
|
|
if (SetSecurityDescriptorOwner(pSd, pTokenUser->User.Sid, FALSE) == FALSE)
|
|
|
|
{
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Set the group as primary */
|
|
|
|
if (SetSecurityDescriptorGroup(pSd, pTokenGroup->PrimaryGroup, FALSE) == FALSE)
|
|
|
|
{
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Did everything so far work out? */
|
|
|
|
if (dwError == ERROR_SUCCESS)
|
|
|
|
{
|
|
|
|
/* Yes, create an ACL granting the SYSTEM account access */
|
|
|
|
pListOfExplicitEntries.grfAccessMode = SET_ACCESS;
|
|
|
|
pListOfExplicitEntries.Trustee.TrusteeType = TRUSTEE_IS_GROUP;
|
|
|
|
pListOfExplicitEntries.grfAccessPermissions = 1;
|
|
|
|
pListOfExplicitEntries.grfInheritance = 0;
|
|
|
|
pListOfExplicitEntries.Trustee.pMultipleTrustee = 0;
|
|
|
|
pListOfExplicitEntries.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
|
|
|
|
pListOfExplicitEntries.Trustee.TrusteeForm = TRUSTEE_IS_SID;
|
|
|
|
pListOfExplicitEntries.Trustee.ptstrName = (LPWSTR)&NtSid;
|
|
|
|
dwError = SetEntriesInAclW(1, &pListOfExplicitEntries, NULL, &pAcl);
|
|
|
|
if (dwError == ERROR_SUCCESS)
|
|
|
|
{
|
|
|
|
/* Make that ACL the DACL of the SD we just built */
|
|
|
|
if (SetSecurityDescriptorDacl(pSd, 1, pAcl, FALSE) == FALSE)
|
|
|
|
{
|
|
|
|
/* We failed, bail out */
|
|
|
|
LocalFree(pAcl);
|
|
|
|
dwError = GetLastError();
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Now we have the SD and the ACL all ready to go */
|
|
|
|
*ppSecurityDescriptor = pSd;
|
|
|
|
*ppAcl = pAcl;
|
|
|
|
return ERROR_SUCCESS;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Failure path, we'll free the SD since the caller can't use it */
|
|
|
|
MemFree(pSd);
|
|
|
|
return dwError;
|
|
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
|
|
WINAPI
|
|
|
|
InitializeSecurity (
|
|
|
|
_In_ DWORD dwParam,
|
|
|
|
_In_ DWORD dwAuthnLevel,
|
|
|
|
_In_ DWORD dwImpLevel,
|
|
|
|
_In_ DWORD dwCapabilities
|
|
|
|
)
|
|
|
|
{
|
|
|
|
HRESULT hr;
|
|
|
|
PACL pAcl;
|
|
|
|
PSECURITY_DESCRIPTOR pSecurityDescriptor;
|
|
|
|
IGlobalOptions *pGlobalOptions;
|
|
|
|
ASSERT(dwParam != 0);
|
|
|
|
|
|
|
|
/* Create a valid SD and ACL based on the current thread's token */
|
|
|
|
if (DwInitializeSdFromThreadToken(&pSecurityDescriptor, &pAcl) == ERROR_SUCCESS)
|
|
|
|
{
|
|
|
|
/* It worked -- initialize COM without DDE support */
|
|
|
|
hr = CoInitializeEx(NULL, COINIT_DISABLE_OLE1DDE);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
/* Don't keep going if we don't have an SD */
|
|
|
|
hr = E_FAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Did we make it? */
|
|
|
|
if (SUCCEEDED(hr))
|
|
|
|
{
|
|
|
|
/* Indeed, initialize COM security now */
|
|
|
|
DBG_TRACE("Calling CoInitializeSecurity (dwAuthCapabilities = 0x%08x)\n",
|
|
|
|
dwCapabilities);
|
|
|
|
hr = CoInitializeSecurity(pSecurityDescriptor,
|
|
|
|
-1,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
|
|
|
dwAuthnLevel,
|
|
|
|
dwImpLevel,
|
|
|
|
NULL,
|
|
|
|
dwCapabilities,
|
|
|
|
NULL);
|
|
|
|
if (FAILED(hr)) DBG_ERR("CoInitializeSecurity returned hr=0x%08x\n", hr);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Free the SD and ACL since we no longer need it */
|
|
|
|
MemFree(pSecurityDescriptor);
|
|
|
|
LocalFree(pAcl);
|
|
|
|
|
|
|
|
/* Did we initialize COM correctly? */
|
|
|
|
if (SUCCEEDED(hr))
|
|
|
|
{
|
|
|
|
/* Get the COM Global Options Interface */
|
|
|
|
hr = CoCreateInstance(CLSID_GlobalOptions,
|
|
|
|
NULL,
|
|
|
|
CLSCTX_INPROC_SERVER,
|
|
|
|
IID_IGlobalOptions,
|
|
|
|
(LPVOID*)&pGlobalOptions);
|
|
|
|
if (SUCCEEDED(hr))
|
|
|
|
{
|
|
|
|
/* Use it to disable COM exception handling */
|
|
|
|
hr = pGlobalOptions->Set(COMGLB_EXCEPTION_HANDLING,
|
|
|
|
COMGLB_EXCEPTION_DONOT_HANDLE);
|
|
|
|
pGlobalOptions->Release();
|
|
|
|
ASSERT(SUCCEEDED(hr));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Return whether all COM calls were successful or not */
|
|
|
|
return SUCCEEDED(hr);
|
|
|
|
}
|