mirror of
https://github.com/reactos/reactos.git
synced 2024-07-06 20:55:16 +00:00
partly implemented AuthzInitializeResourceManager and AuthzFreeResourceManager (no support for auditing so far)
svn path=/trunk/; revision=18308
This commit is contained in:
parent
4294896fbd
commit
b0418e9481
|
@ -142,19 +142,6 @@ AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle)
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
AUTHZAPI
|
||||
BOOL
|
||||
WINAPI
|
||||
AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
|
@ -269,24 +256,6 @@ AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags,
|
|||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
AUTHZAPI
|
||||
BOOL
|
||||
WINAPI
|
||||
AuthzInitializeResourceManager(IN DWORD flags,
|
||||
IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck,
|
||||
IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups,
|
||||
IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups,
|
||||
IN PCWSTR ResourceManagerName,
|
||||
IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
|
|
|
@ -11,6 +11,7 @@
|
|||
<library>kernel32</library>
|
||||
<library>advapi32</library>
|
||||
<file>authz.c</file>
|
||||
<file>resman.c</file>
|
||||
<file>authz.rc</file>
|
||||
<pch>precomp.h</pch>
|
||||
</module>
|
||||
|
|
|
@ -11,5 +11,22 @@ ULONG DbgPrint(PCH Format,...);
|
|||
#define UNIMPLEMENTED DbgPrint("AUTHZ.DLL: %s is UNIMPLEMENTED!\n", __FUNCTION__)
|
||||
#endif
|
||||
|
||||
#if DBG
|
||||
|
||||
#define RESMAN_TAG 0x89ABCDEF
|
||||
#define VALID_RESMAN_HANDLE(handle) ASSERT(((PAUTHZ_RESMAN)handle)->Tag == RESMAN_TAG)
|
||||
#ifndef ASSERT
|
||||
#define ASSERT(cond) if (!(cond)) { DbgPrint("%s:%i: ASSERTION %s failed!\n", __FILE__, __LINE__, #cond ); }
|
||||
#endif
|
||||
|
||||
#else
|
||||
|
||||
#define VALID_RESMAN_HANDLE(handle)
|
||||
#ifndef ASSERT
|
||||
#define ASSERT(cond)
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
||||
|
||||
/* EOF */
|
||||
|
|
271
reactos/lib/authz/resman.c
Normal file
271
reactos/lib/authz/resman.c
Normal file
|
@ -0,0 +1,271 @@
|
|||
/*
|
||||
* ReactOS Authorization Framework
|
||||
* Copyright (C) 2005 ReactOS Team
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Lesser General Public
|
||||
* License as published by the Free Software Foundation; either
|
||||
* version 2.1 of the License, or (at your option) any later version.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Lesser General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Lesser General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
||||
*/
|
||||
/* $Id: aclui.c 18173 2005-09-30 18:54:48Z weiden $
|
||||
*
|
||||
* PROJECT: ReactOS Authorization Framework
|
||||
* FILE: lib/authz/resman.c
|
||||
* PURPOSE: Authorization Framework
|
||||
* PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
|
||||
*
|
||||
* UPDATE HISTORY:
|
||||
* 10/07/2005 Created
|
||||
*/
|
||||
#include <precomp.h>
|
||||
|
||||
typedef struct _AUTHZ_RESMAN
|
||||
{
|
||||
#if DBG
|
||||
DWORD Tag;
|
||||
#endif
|
||||
|
||||
PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck;
|
||||
PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups;
|
||||
PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups;
|
||||
|
||||
DWORD flags;
|
||||
PSID UserSid;
|
||||
LUID AuthenticationId;
|
||||
|
||||
WCHAR ResourceManagerName[1];
|
||||
} AUTHZ_RESMAN, *PAUTHZ_RESMAN;
|
||||
|
||||
static BOOL
|
||||
AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan,
|
||||
IN HANDLE hToken)
|
||||
{
|
||||
TOKEN_USER User;
|
||||
TOKEN_STATISTICS Statistics;
|
||||
DWORD BufLen;
|
||||
PSID UserSid = NULL;
|
||||
BOOL Ret = FALSE;
|
||||
|
||||
/* query information about the user */
|
||||
BufLen = sizeof(User);
|
||||
Ret = GetTokenInformation(hToken,
|
||||
TokenUser,
|
||||
&User,
|
||||
BufLen,
|
||||
&BufLen);
|
||||
if (Ret)
|
||||
{
|
||||
BufLen = GetLengthSid(User.User.Sid);
|
||||
if (BufLen != 0)
|
||||
{
|
||||
UserSid = (PSID)LocalAlloc(LMEM_FIXED,
|
||||
BufLen);
|
||||
if (UserSid != NULL)
|
||||
{
|
||||
CopyMemory(UserSid,
|
||||
User.User.Sid,
|
||||
BufLen);
|
||||
}
|
||||
else
|
||||
Ret = FALSE;
|
||||
}
|
||||
else
|
||||
Ret = FALSE;
|
||||
}
|
||||
|
||||
if (Ret)
|
||||
{
|
||||
/* query general information */
|
||||
BufLen = sizeof(Statistics);
|
||||
Ret = GetTokenInformation(hToken,
|
||||
TokenUser,
|
||||
&Statistics,
|
||||
BufLen,
|
||||
&BufLen);
|
||||
}
|
||||
|
||||
if (Ret)
|
||||
{
|
||||
ResMan->UserSid = UserSid;
|
||||
ResMan->AuthenticationId = Statistics.AuthenticationId;
|
||||
Ret = TRUE;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (UserSid != NULL)
|
||||
{
|
||||
LocalFree((HLOCAL)UserSid);
|
||||
}
|
||||
}
|
||||
|
||||
return Ret;
|
||||
}
|
||||
|
||||
static BOOL
|
||||
AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
|
||||
{
|
||||
HANDLE hToken;
|
||||
BOOL Ret;
|
||||
|
||||
Ret = OpenThreadToken(GetCurrentThread(),
|
||||
TOKEN_QUERY,
|
||||
TRUE,
|
||||
&hToken);
|
||||
if (Ret)
|
||||
{
|
||||
Ret = AuthzpQueryToken(ResMan,
|
||||
hToken);
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
|
||||
return Ret;
|
||||
}
|
||||
|
||||
static BOOL
|
||||
AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
|
||||
{
|
||||
HANDLE hToken;
|
||||
BOOL Ret;
|
||||
|
||||
Ret = OpenProcessToken(GetCurrentProcess(),
|
||||
TOKEN_QUERY,
|
||||
&hToken);
|
||||
if (Ret)
|
||||
{
|
||||
Ret = AuthzpQueryToken(ResMan,
|
||||
hToken);
|
||||
CloseHandle(hToken);
|
||||
}
|
||||
|
||||
return Ret;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
AUTHZAPI
|
||||
BOOL
|
||||
WINAPI
|
||||
AuthzInitializeResourceManager(IN DWORD flags,
|
||||
IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL,
|
||||
IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL,
|
||||
IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL,
|
||||
IN PCWSTR ResourceManagerName OPTIONAL,
|
||||
IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
|
||||
{
|
||||
BOOL Ret = FALSE;
|
||||
|
||||
if (pAuthzResourceManager != NULL &&
|
||||
!(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)))
|
||||
{
|
||||
PAUTHZ_RESMAN ResMan;
|
||||
SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN);
|
||||
|
||||
if (ResourceManagerName != NULL)
|
||||
{
|
||||
RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR);
|
||||
}
|
||||
|
||||
ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED,
|
||||
RequiredSize);
|
||||
if (ResMan != NULL)
|
||||
{
|
||||
/* initialize the resource manager structure */
|
||||
#if DBG
|
||||
ResMan->Tag = RESMAN_TAG;
|
||||
#endif
|
||||
|
||||
ResMan->flags = flags;
|
||||
ResMan->UserSid = NULL;
|
||||
|
||||
if (ResourceManagerName != NULL)
|
||||
{
|
||||
wcscpy(ResMan->ResourceManagerName,
|
||||
ResourceManagerName);
|
||||
}
|
||||
else
|
||||
ResMan->ResourceManagerName[0] = UNICODE_NULL;
|
||||
|
||||
ResMan->pfnAccessCheck = pfnAccessCheck;
|
||||
ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups;
|
||||
ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups;
|
||||
|
||||
if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT))
|
||||
{
|
||||
/* FIXME - initialize auditing */
|
||||
DPRINT1("Auditing not implemented!\n");
|
||||
}
|
||||
|
||||
if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
|
||||
{
|
||||
Ret = AuthzpInitUnderImpersonation(ResMan);
|
||||
}
|
||||
else
|
||||
{
|
||||
Ret = AuthzpInitSelf(ResMan);
|
||||
}
|
||||
|
||||
if (Ret)
|
||||
{
|
||||
/* finally return the handle */
|
||||
*pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan;
|
||||
}
|
||||
else
|
||||
{
|
||||
DPRINT1("Querying the token failed!\n");
|
||||
LocalFree((HLOCAL)ResMan);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
SetLastError(ERROR_INVALID_PARAMETER);
|
||||
|
||||
return Ret;
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
AUTHZAPI
|
||||
BOOL
|
||||
WINAPI
|
||||
AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
|
||||
{
|
||||
BOOL Ret = FALSE;
|
||||
|
||||
if (AuthzResourceManager != NULL)
|
||||
{
|
||||
PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager;
|
||||
|
||||
VALID_RESMAN_HANDLE(AuthzResourceManager);
|
||||
|
||||
if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT))
|
||||
{
|
||||
/* FIXME - cleanup auditing */
|
||||
}
|
||||
|
||||
if (ResMan->UserSid != NULL)
|
||||
{
|
||||
LocalFree((HLOCAL)ResMan->UserSid);
|
||||
}
|
||||
|
||||
LocalFree((HLOCAL)AuthzResourceManager);
|
||||
Ret = TRUE;
|
||||
}
|
||||
else
|
||||
SetLastError(ERROR_INVALID_PARAMETER);
|
||||
|
||||
return Ret;
|
||||
}
|
||||
|
Loading…
Reference in a new issue