Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-29 02:25:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

implemented GetNamedSecurityA/W and SetNamedSecurityInfoA/W and forward them to the MARTA provider

Browse source 
svn path=/trunk/; revision=16762
This commit is contained in:
Thomas Bluemel 2005-07-26 22:21:02 +00:00
parent 13b2222c28
commit cbb15fff51
3 changed files with 363 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

568
reactos/lib/advapi32/sec/misc.c
View file

@ -28,8 +28,20 @@ typedef struct _NTMARTA
PVOID ConvertAclToAccess; PVOID ConvertAclToAccess;
PVOID GetAccessForTrustee; PVOID GetAccessForTrustee;
PVOID GetExplicitEntries; PVOID GetExplicitEntries;
PVOID RewriteGetNamedRights;
PVOID RewriteSetNamedRights; DWORD (STDCALL *RewriteGetNamedRights)(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor);
DWORD (STDCALL *RewriteSetNamedRights)(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD (STDCALL *RewriteGetHandleRights)(HANDLE handle, DWORD (STDCALL *RewriteGetHandleRights)(HANDLE handle,
SE_OBJECT_TYPE ObjectType, SE_OBJECT_TYPE ObjectType,
@ -109,9 +121,9 @@ LoadAndInitializeNtMarta(VOID)
FindNtMartaProc(ConvertAclToAccess); FindNtMartaProc(ConvertAclToAccess);
FindNtMartaProc(GetAccessForTrustee); FindNtMartaProc(GetAccessForTrustee);
FindNtMartaProc(GetExplicitEntries); FindNtMartaProc(GetExplicitEntries);
#endif
FindNtMartaProc(RewriteGetNamedRights); FindNtMartaProc(RewriteGetNamedRights);
FindNtMartaProc(RewriteSetNamedRights); FindNtMartaProc(RewriteSetNamedRights);
#endif
FindNtMartaProc(RewriteGetHandleRights); FindNtMartaProc(RewriteGetHandleRights);
FindNtMartaProc(RewriteSetHandleRights); FindNtMartaProc(RewriteSetHandleRights);
#if 0 #if 0
@ -1234,106 +1246,14 @@ LookupPrivilegeNameW (LPCWSTR lpSystemName,
} }
/********************************************************************** static DWORD
* GetNamedSecurityInfoW EXPORTED pGetSecurityInfoCheck(SECURITY_INFORMATION SecurityInfo,
*
* @unimplemented
*/
DWORD STDCALL
GetNamedSecurityInfoW(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID *ppsidOwner,
PSID *ppsidGroup,
PACL *ppDacl,
PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
DPRINT1("GetNamedSecurityInfoW: stub\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* GetNamedSecurityInfoA EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
GetNamedSecurityInfoA(LPSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID *ppsidOwner,
PSID *ppsidGroup,
PACL *ppDacl,
PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
DPRINT1("GetNamedSecurityInfoA: stub\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* SetNamedSecurityInfoW EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
SetNamedSecurityInfoW(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
DPRINT1("SetNamedSecurityInfoW: stub\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* SetNamedSecurityInfoA EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
SetNamedSecurityInfoA(LPSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
DPRINT1("SetNamedSecurityInfoA: stub\n");
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* GetSecurityInfo EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
GetSecurityInfo(HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner, PSID* ppsidOwner,
PSID* ppsidGroup, PSID* ppsidGroup,
PACL* ppDacl, PACL* ppDacl,
PACL* ppSacl, PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor) PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{ {
DWORD ErrorCode;
if (handle != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
if ((SecurityInfo & (OWNER_SECURITY_INFORMATION | if ((SecurityInfo & (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION |
@ -1342,7 +1262,7 @@ GetSecurityInfo(HANDLE handle,
{ {
/* if one of the SIDs or ACLs are present, the security descriptor /* if one of the SIDs or ACLs are present, the security descriptor
most not be NULL */ most not be NULL */
ErrorCode = ERROR_INVALID_PARAMETER; return ERROR_INVALID_PARAMETER;
} }
else else
{ {
@ -1368,6 +1288,349 @@ GetSecurityInfo(HANDLE handle,
*ppSacl = NULL; *ppSacl = NULL;
} }
if (SecurityInfo & (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION |
SACL_SECURITY_INFORMATION))
{
*ppSecurityDescriptor = NULL;
}
return ERROR_SUCCESS;
}
}
static DWORD
pSetSecurityInfoCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
/* initialize a security descriptor on the stack */
if (!InitializeSecurityDescriptor(pSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION))
{
return GetLastError();
}
if (SecurityInfo & OWNER_SECURITY_INFORMATION)
{
if (RtlValidSid(psidOwner))
{
if (!SetSecurityDescriptorOwner(pSecurityDescriptor,
psidOwner,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & GROUP_SECURITY_INFORMATION)
{
if (RtlValidSid(psidGroup))
{
if (!SetSecurityDescriptorGroup(pSecurityDescriptor,
psidGroup,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & DACL_SECURITY_INFORMATION)
{
if (pDacl != NULL)
{
if (SetSecurityDescriptorDacl(pSecurityDescriptor,
TRUE,
pDacl,
FALSE))
{
/* check if the DACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
{
goto ProtectDacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectDacl:
/* protect the DACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(pSecurityDescriptor,
SE_DACL_PROTECTED,
SE_DACL_PROTECTED))
{
return GetLastError();
}
}
}
if (SecurityInfo & SACL_SECURITY_INFORMATION)
{
if (pSacl != NULL)
{
if (SetSecurityDescriptorSacl(pSecurityDescriptor,
TRUE,
pSacl,
FALSE))
{
/* check if the SACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
{
goto ProtectSacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectSacl:
/* protect the SACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(pSecurityDescriptor,
SE_SACL_PROTECTED,
SE_SACL_PROTECTED))
{
return GetLastError();
}
}
}
return ERROR_SUCCESS;
}
/**********************************************************************
* GetNamedSecurityInfoW EXPORTED
*
* @implemented
*/
DWORD STDCALL
GetNamedSecurityInfoW(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID *ppsidOwner,
PSID *ppsidGroup,
PACL *ppDacl,
PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
DWORD ErrorCode;
if (pObjectName != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
if (ErrorCode == ERROR_SUCCESS)
{
/* call the MARTA provider */
ErrorCode = AccRewriteGetNamedRights(pObjectName,
ObjectType,
SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
}
}
}
else
ErrorCode = ERROR_INVALID_PARAMETER;
return ErrorCode;
}
/**********************************************************************
* GetNamedSecurityInfoA EXPORTED
*
* @implemented
*/
DWORD STDCALL
GetNamedSecurityInfoA(LPSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID *ppsidOwner,
PSID *ppsidGroup,
PACL *ppDacl,
PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{
UNICODE_STRING ObjectName;
NTSTATUS Status;
DWORD Ret;
Status = RtlCreateUnicodeStringFromAsciiz(&ObjectName,
pObjectName);
if (!NT_SUCCESS(Status))
{
return RtlNtStatusToDosError(Status);
}
Ret = GetNamedSecurityInfoW(ObjectName.Buffer,
ObjectType,
SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
RtlFreeUnicodeString(&ObjectName);
return Ret;
}
/**********************************************************************
* SetNamedSecurityInfoW EXPORTED
*
* @implemented
*/
DWORD STDCALL
SetNamedSecurityInfoW(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
DWORD ErrorCode;
if (pObjectName != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
SECURITY_DESCRIPTOR SecurityDescriptor;
ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
SecurityInfo,
psidOwner,
psidGroup,
pDacl,
pSacl);
if (ErrorCode == ERROR_SUCCESS)
{
/* call the MARTA provider */
ErrorCode = AccRewriteSetNamedRights(pObjectName,
ObjectType,
SecurityInfo,
&SecurityDescriptor);
}
}
}
else
ErrorCode = ERROR_INVALID_PARAMETER;
return ErrorCode;
}
/**********************************************************************
* SetNamedSecurityInfoA EXPORTED
*
* @implemented
*/
DWORD STDCALL
SetNamedSecurityInfoA(LPSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
UNICODE_STRING ObjectName;
NTSTATUS Status;
DWORD Ret;
Status = RtlCreateUnicodeStringFromAsciiz(&ObjectName,
pObjectName);
if (!NT_SUCCESS(Status))
{
return RtlNtStatusToDosError(Status);
}
Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
ObjectType,
SecurityInfo,
psidOwner,
psidGroup,
pDacl,
pSacl);
RtlFreeUnicodeString(&ObjectName);
return Ret;
}
/**********************************************************************
* GetSecurityInfo EXPORTED
*
* @implemented
*/
DWORD STDCALL
GetSecurityInfo(HANDLE handle,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{
DWORD ErrorCode;
if (handle != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
if (ErrorCode == ERROR_SUCCESS)
{
/* call the MARTA provider */
ErrorCode = AccRewriteGetHandleRights(handle, ErrorCode = AccRewriteGetHandleRights(handle,
ObjectType, ObjectType,
SecurityInfo, SecurityInfo,
@ -1389,7 +1652,7 @@ GetSecurityInfo(HANDLE handle,
/********************************************************************** /**********************************************************************
* SetSecurityInfo EXPORTED * SetSecurityInfo EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD DWORD
WINAPI WINAPI
@ -1410,118 +1673,23 @@ SetSecurityInfo(HANDLE handle,
{ {
SECURITY_DESCRIPTOR SecurityDescriptor; SECURITY_DESCRIPTOR SecurityDescriptor;
/* initialize a security descriptor on the stack */ ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
InitializeSecurityDescriptor(&SecurityDescriptor, SecurityInfo,
SECURITY_DESCRIPTOR_REVISION);
if (SecurityInfo & OWNER_SECURITY_INFORMATION)
{
if (RtlValidSid(psidOwner))
{
if (!SetSecurityDescriptorOwner(&SecurityDescriptor,
psidOwner, psidOwner,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & GROUP_SECURITY_INFORMATION)
{
if (RtlValidSid(psidGroup))
{
if (!SetSecurityDescriptorGroup(&SecurityDescriptor,
psidGroup, psidGroup,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & DACL_SECURITY_INFORMATION)
{
if (pDacl != NULL)
{
if (SetSecurityDescriptorDacl(&SecurityDescriptor,
TRUE,
pDacl, pDacl,
FALSE)) pSacl);
{
/* check if the DACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
{
goto ProtectDacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectDacl:
/* protect the DACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(&SecurityDescriptor,
SE_DACL_PROTECTED,
SE_DACL_PROTECTED))
{
return GetLastError();
}
}
}
if (SecurityInfo & SACL_SECURITY_INFORMATION) if (ErrorCode == ERROR_SUCCESS)
{ {
if (pSacl != NULL) /* call the MARTA provider */
{
if (SetSecurityDescriptorSacl(&SecurityDescriptor,
TRUE,
pSacl,
FALSE))
{
/* check if the SACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
{
goto ProtectSacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectSacl:
/* protect the SACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(&SecurityDescriptor,
SE_SACL_PROTECTED,
SE_SACL_PROTECTED))
{
return GetLastError();
}
}
}
ErrorCode = AccRewriteSetHandleRights(handle, ErrorCode = AccRewriteSetHandleRights(handle,
ObjectType, ObjectType,
SecurityInfo, SecurityInfo,
&SecurityDescriptor); &SecurityDescriptor);
} }
} }
}
else else
ErrorCode = ERROR_INVALID_HANDLE; ErrorCode = ERROR_INVALID_HANDLE;

36
reactos/lib/ntmarta/ntmarta.c
View file

@ -69,6 +69,42 @@ AccRewriteSetHandleRights(HANDLE handle,
} }
/**********************************************************************
* AccRewriteGetNamedRights EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
AccRewriteGetNamedRights(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{
UNIMPLEMENTED;
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* AccRewriteSetNamedRights EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
AccRewriteSetNamedRights(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
UNIMPLEMENTED;
return ERROR_CALL_NOT_IMPLEMENTED;
}
BOOL STDCALL BOOL STDCALL
DllMain(IN HINSTANCE hinstDLL, DllMain(IN HINSTANCE hinstDLL,
IN DWORD dwReason, IN DWORD dwReason,

4
reactos/lib/ntmarta/ntmarta.def
View file

@ -6,10 +6,10 @@ EXPORTS
;AccProvHandleGrantAccessRights; ;AccProvHandleGrantAccessRights;
;AccRewriteGetExplicitEntriesFromAcl ;AccRewriteGetExplicitEntriesFromAcl
AccRewriteGetHandleRights@32 AccRewriteGetHandleRights@32
;AccRewriteGetNamedRights AccRewriteGetNamedRights@32
;AccRewriteSetEntriesInAcl ;AccRewriteSetEntriesInAcl
AccRewriteSetHandleRights@16 AccRewriteSetHandleRights@16
;AccRewriteSetNamedRights AccRewriteSetNamedRights@16
;AccTreeResetNamedSecurityInfo ;AccTreeResetNamedSecurityInfo
;AccConvertAccessMaskToActrlAccess ;AccConvertAccessMaskToActrlAccess
;AccConvertAccessToSD ;AccConvertAccessToSD