Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-28 10:04:49 +00:00
Code Issues Projects Releases Packages Wiki Activity

implemented GetNamedSecurityA/W and SetNamedSecurityInfoA/W and forward them to the MARTA provider

Browse source 
svn path=/trunk/; revision=16762
This commit is contained in:
Thomas Bluemel 2005-07-26 22:21:02 +00:00
parent 13b2222c28
commit cbb15fff51
3 changed files with 363 additions and 159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

482
reactos/lib/advapi32/sec/misc.c
View file

@ -28,8 +28,20 @@ typedef struct _NTMARTA
PVOID ConvertAclToAccess; PVOID ConvertAclToAccess;
PVOID GetAccessForTrustee; PVOID GetAccessForTrustee;
PVOID GetExplicitEntries; PVOID GetExplicitEntries;
PVOID RewriteGetNamedRights;
PVOID RewriteSetNamedRights; DWORD (STDCALL *RewriteGetNamedRights)(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor);
DWORD (STDCALL *RewriteSetNamedRights)(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSECURITY_DESCRIPTOR pSecurityDescriptor);
DWORD (STDCALL *RewriteGetHandleRights)(HANDLE handle, DWORD (STDCALL *RewriteGetHandleRights)(HANDLE handle,
SE_OBJECT_TYPE ObjectType, SE_OBJECT_TYPE ObjectType,
@ -109,9 +121,9 @@ LoadAndInitializeNtMarta(VOID)
FindNtMartaProc(ConvertAclToAccess); FindNtMartaProc(ConvertAclToAccess);
FindNtMartaProc(GetAccessForTrustee); FindNtMartaProc(GetAccessForTrustee);
FindNtMartaProc(GetExplicitEntries); FindNtMartaProc(GetExplicitEntries);
#endif
FindNtMartaProc(RewriteGetNamedRights); FindNtMartaProc(RewriteGetNamedRights);
FindNtMartaProc(RewriteSetNamedRights); FindNtMartaProc(RewriteSetNamedRights);
#endif
FindNtMartaProc(RewriteGetHandleRights); FindNtMartaProc(RewriteGetHandleRights);
FindNtMartaProc(RewriteSetHandleRights); FindNtMartaProc(RewriteSetHandleRights);
#if 0 #if 0
@ -1234,10 +1246,186 @@ LookupPrivilegeNameW (LPCWSTR lpSystemName,
} }
static DWORD
pGetSecurityInfoCheck(SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{
if ((SecurityInfo & (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION |
SACL_SECURITY_INFORMATION)) &&
ppSecurityDescriptor == NULL)
{
/* if one of the SIDs or ACLs are present, the security descriptor
most not be NULL */
return ERROR_INVALID_PARAMETER;
}
else
{
/* reset the pointers unless they're ignored */
if ((SecurityInfo & OWNER_SECURITY_INFORMATION) &&
ppsidOwner != NULL)
{
ppsidOwner = NULL;
}
if ((SecurityInfo & GROUP_SECURITY_INFORMATION) &&
*ppsidGroup != NULL)
{
*ppsidGroup = NULL;
}
if ((SecurityInfo & DACL_SECURITY_INFORMATION) &&
ppDacl != NULL)
{
*ppDacl = NULL;
}
if ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
ppSacl != NULL)
{
*ppSacl = NULL;
}
if (SecurityInfo & (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION |
SACL_SECURITY_INFORMATION))
{
*ppSecurityDescriptor = NULL;
}
return ERROR_SUCCESS;
}
}
static DWORD
pSetSecurityInfoCheck(PSECURITY_DESCRIPTOR pSecurityDescriptor,
SECURITY_INFORMATION SecurityInfo,
PSID psidOwner,
PSID psidGroup,
PACL pDacl,
PACL pSacl)
{
/* initialize a security descriptor on the stack */
if (!InitializeSecurityDescriptor(pSecurityDescriptor,
SECURITY_DESCRIPTOR_REVISION))
{
return GetLastError();
}
if (SecurityInfo & OWNER_SECURITY_INFORMATION)
{
if (RtlValidSid(psidOwner))
{
if (!SetSecurityDescriptorOwner(pSecurityDescriptor,
psidOwner,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & GROUP_SECURITY_INFORMATION)
{
if (RtlValidSid(psidGroup))
{
if (!SetSecurityDescriptorGroup(pSecurityDescriptor,
psidGroup,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & DACL_SECURITY_INFORMATION)
{
if (pDacl != NULL)
{
if (SetSecurityDescriptorDacl(pSecurityDescriptor,
TRUE,
pDacl,
FALSE))
{
/* check if the DACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
{
goto ProtectDacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectDacl:
/* protect the DACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(pSecurityDescriptor,
SE_DACL_PROTECTED,
SE_DACL_PROTECTED))
{
return GetLastError();
}
}
}
if (SecurityInfo & SACL_SECURITY_INFORMATION)
{
if (pSacl != NULL)
{
if (SetSecurityDescriptorSacl(pSecurityDescriptor,
TRUE,
pSacl,
FALSE))
{
/* check if the SACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
{
goto ProtectSacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectSacl:
/* protect the SACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(pSecurityDescriptor,
SE_SACL_PROTECTED,
SE_SACL_PROTECTED))
{
return GetLastError();
}
}
}
return ERROR_SUCCESS;
}
/********************************************************************** /**********************************************************************
* GetNamedSecurityInfoW EXPORTED * GetNamedSecurityInfoW EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD STDCALL DWORD STDCALL
GetNamedSecurityInfoW(LPWSTR pObjectName, GetNamedSecurityInfoW(LPWSTR pObjectName,
@ -1249,15 +1437,45 @@ GetNamedSecurityInfoW(LPWSTR pObjectName,
PACL *ppSacl, PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor) PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{ {
DPRINT1("GetNamedSecurityInfoW: stub\n"); DWORD ErrorCode;
return ERROR_CALL_NOT_IMPLEMENTED;
if (pObjectName != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
if (ErrorCode == ERROR_SUCCESS)
{
/* call the MARTA provider */
ErrorCode = AccRewriteGetNamedRights(pObjectName,
ObjectType,
SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
}
}
}
else
ErrorCode = ERROR_INVALID_PARAMETER;
return ErrorCode;
} }
/********************************************************************** /**********************************************************************
* GetNamedSecurityInfoA EXPORTED * GetNamedSecurityInfoA EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD STDCALL DWORD STDCALL
GetNamedSecurityInfoA(LPSTR pObjectName, GetNamedSecurityInfoA(LPSTR pObjectName,
@ -1269,15 +1487,36 @@ GetNamedSecurityInfoA(LPSTR pObjectName,
PACL *ppSacl, PACL *ppSacl,
PSECURITY_DESCRIPTOR *ppSecurityDescriptor) PSECURITY_DESCRIPTOR *ppSecurityDescriptor)
{ {
DPRINT1("GetNamedSecurityInfoA: stub\n"); UNICODE_STRING ObjectName;
return ERROR_CALL_NOT_IMPLEMENTED; NTSTATUS Status;
DWORD Ret;
Status = RtlCreateUnicodeStringFromAsciiz(&ObjectName,
pObjectName);
if (!NT_SUCCESS(Status))
{
return RtlNtStatusToDosError(Status);
}
Ret = GetNamedSecurityInfoW(ObjectName.Buffer,
ObjectType,
SecurityInfo,
ppsidOwner,
ppsidGroup,
ppDacl,
ppSacl,
ppSecurityDescriptor);
RtlFreeUnicodeString(&ObjectName);
return Ret;
} }
/********************************************************************** /**********************************************************************
* SetNamedSecurityInfoW EXPORTED * SetNamedSecurityInfoW EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD STDCALL DWORD STDCALL
SetNamedSecurityInfoW(LPWSTR pObjectName, SetNamedSecurityInfoW(LPWSTR pObjectName,
@ -1288,15 +1527,43 @@ SetNamedSecurityInfoW(LPWSTR pObjectName,
PACL pDacl, PACL pDacl,
PACL pSacl) PACL pSacl)
{ {
DPRINT1("SetNamedSecurityInfoW: stub\n"); DWORD ErrorCode;
return ERROR_CALL_NOT_IMPLEMENTED;
if (pObjectName != NULL)
{
ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS)
{
SECURITY_DESCRIPTOR SecurityDescriptor;
ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
SecurityInfo,
psidOwner,
psidGroup,
pDacl,
pSacl);
if (ErrorCode == ERROR_SUCCESS)
{
/* call the MARTA provider */
ErrorCode = AccRewriteSetNamedRights(pObjectName,
ObjectType,
SecurityInfo,
&SecurityDescriptor);
}
}
}
else
ErrorCode = ERROR_INVALID_PARAMETER;
return ErrorCode;
} }
/********************************************************************** /**********************************************************************
* SetNamedSecurityInfoA EXPORTED * SetNamedSecurityInfoA EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD STDCALL DWORD STDCALL
SetNamedSecurityInfoA(LPSTR pObjectName, SetNamedSecurityInfoA(LPSTR pObjectName,
@ -1307,15 +1574,35 @@ SetNamedSecurityInfoA(LPSTR pObjectName,
PACL pDacl, PACL pDacl,
PACL pSacl) PACL pSacl)
{ {
DPRINT1("SetNamedSecurityInfoA: stub\n"); UNICODE_STRING ObjectName;
return ERROR_CALL_NOT_IMPLEMENTED; NTSTATUS Status;
DWORD Ret;
Status = RtlCreateUnicodeStringFromAsciiz(&ObjectName,
pObjectName);
if (!NT_SUCCESS(Status))
{
return RtlNtStatusToDosError(Status);
}
Ret = SetNamedSecurityInfoW(ObjectName.Buffer,
ObjectType,
SecurityInfo,
psidOwner,
psidGroup,
pDacl,
pSacl);
RtlFreeUnicodeString(&ObjectName);
return Ret;
} }
/********************************************************************** /**********************************************************************
* GetSecurityInfo EXPORTED * GetSecurityInfo EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD STDCALL DWORD STDCALL
GetSecurityInfo(HANDLE handle, GetSecurityInfo(HANDLE handle,
@ -1334,40 +1621,16 @@ GetSecurityInfo(HANDLE handle,
ErrorCode = CheckNtMartaPresent(); ErrorCode = CheckNtMartaPresent();
if (ErrorCode == ERROR_SUCCESS) if (ErrorCode == ERROR_SUCCESS)
{ {
if ((SecurityInfo & (OWNER_SECURITY_INFORMATION | ErrorCode = pGetSecurityInfoCheck(SecurityInfo,
GROUP_SECURITY_INFORMATION | ppsidOwner,
DACL_SECURITY_INFORMATION | ppsidGroup,
SACL_SECURITY_INFORMATION)) && ppDacl,
ppSecurityDescriptor == NULL) ppSacl,
ppSecurityDescriptor);
if (ErrorCode == ERROR_SUCCESS)
{ {
/* if one of the SIDs or ACLs are present, the security descriptor /* call the MARTA provider */
most not be NULL */
ErrorCode = ERROR_INVALID_PARAMETER;
}
else
{
/* reset the pointers unless they're ignored */
if ((SecurityInfo & OWNER_SECURITY_INFORMATION) &&
ppsidOwner != NULL)
{
ppsidOwner = NULL;
}
if ((SecurityInfo & GROUP_SECURITY_INFORMATION) &&
*ppsidGroup != NULL)
{
*ppsidGroup = NULL;
}
if ((SecurityInfo & DACL_SECURITY_INFORMATION) &&
ppDacl != NULL)
{
*ppDacl = NULL;
}
if ((SecurityInfo & SACL_SECURITY_INFORMATION) &&
ppSacl != NULL)
{
*ppSacl = NULL;
}
ErrorCode = AccRewriteGetHandleRights(handle, ErrorCode = AccRewriteGetHandleRights(handle,
ObjectType, ObjectType,
SecurityInfo, SecurityInfo,
@ -1389,7 +1652,7 @@ GetSecurityInfo(HANDLE handle,
/********************************************************************** /**********************************************************************
* SetSecurityInfo EXPORTED * SetSecurityInfo EXPORTED
* *
* @unimplemented * @implemented
*/ */
DWORD DWORD
WINAPI WINAPI
@ -1410,116 +1673,21 @@ SetSecurityInfo(HANDLE handle,
{ {
SECURITY_DESCRIPTOR SecurityDescriptor; SECURITY_DESCRIPTOR SecurityDescriptor;
/* initialize a security descriptor on the stack */ ErrorCode = pSetSecurityInfoCheck(&SecurityDescriptor,
InitializeSecurityDescriptor(&SecurityDescriptor, SecurityInfo,
SECURITY_DESCRIPTOR_REVISION); psidOwner,
psidGroup,
if (SecurityInfo & OWNER_SECURITY_INFORMATION) pDacl,
{ pSacl);
if (RtlValidSid(psidOwner))
{
if (!SetSecurityDescriptorOwner(&SecurityDescriptor,
psidOwner,
FALSE))
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
}
if (SecurityInfo & GROUP_SECURITY_INFORMATION) if (ErrorCode == ERROR_SUCCESS)
{ {
if (RtlValidSid(psidGroup)) /* call the MARTA provider */
{ ErrorCode = AccRewriteSetHandleRights(handle,
if (!SetSecurityDescriptorGroup(&SecurityDescriptor, ObjectType,
psidGroup, SecurityInfo,
FALSE)) &SecurityDescriptor);
{
return GetLastError();
}
}
else
{
return ERROR_INVALID_PARAMETER;
}
} }
if (SecurityInfo & DACL_SECURITY_INFORMATION)
{
if (pDacl != NULL)
{
if (SetSecurityDescriptorDacl(&SecurityDescriptor,
TRUE,
pDacl,
FALSE))
{
/* check if the DACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_DACL_SECURITY_INFORMATION)
{
goto ProtectDacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectDacl:
/* protect the DACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(&SecurityDescriptor,
SE_DACL_PROTECTED,
SE_DACL_PROTECTED))
{
return GetLastError();
}
}
}
if (SecurityInfo & SACL_SECURITY_INFORMATION)
{
if (pSacl != NULL)
{
if (SetSecurityDescriptorSacl(&SecurityDescriptor,
TRUE,
pSacl,
FALSE))
{
/* check if the SACL needs to be protected from being
modified by inheritable ACEs */
if (SecurityInfo & PROTECTED_SACL_SECURITY_INFORMATION)
{
goto ProtectSacl;
}
}
else
{
return GetLastError();
}
}
else
{
ProtectSacl:
/* protect the SACL from being modified by inheritable ACEs */
if (!SetSecurityDescriptorControl(&SecurityDescriptor,
SE_SACL_PROTECTED,
SE_SACL_PROTECTED))
{
return GetLastError();
}
}
}
ErrorCode = AccRewriteSetHandleRights(handle,
ObjectType,
SecurityInfo,
&SecurityDescriptor);
} }
} }
else else

36
reactos/lib/ntmarta/ntmarta.c
View file

@ -69,6 +69,42 @@ AccRewriteSetHandleRights(HANDLE handle,
} }
/**********************************************************************
* AccRewriteGetNamedRights EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
AccRewriteGetNamedRights(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSID* ppsidOwner,
PSID* ppsidGroup,
PACL* ppDacl,
PACL* ppSacl,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{
UNIMPLEMENTED;
return ERROR_CALL_NOT_IMPLEMENTED;
}
/**********************************************************************
* AccRewriteSetNamedRights EXPORTED
*
* @unimplemented
*/
DWORD STDCALL
AccRewriteSetNamedRights(LPWSTR pObjectName,
SE_OBJECT_TYPE ObjectType,
SECURITY_INFORMATION SecurityInfo,
PSECURITY_DESCRIPTOR pSecurityDescriptor)
{
UNIMPLEMENTED;
return ERROR_CALL_NOT_IMPLEMENTED;
}
BOOL STDCALL BOOL STDCALL
DllMain(IN HINSTANCE hinstDLL, DllMain(IN HINSTANCE hinstDLL,
IN DWORD dwReason, IN DWORD dwReason,

4
reactos/lib/ntmarta/ntmarta.def
View file

@ -6,10 +6,10 @@ EXPORTS
;AccProvHandleGrantAccessRights; ;AccProvHandleGrantAccessRights;
;AccRewriteGetExplicitEntriesFromAcl ;AccRewriteGetExplicitEntriesFromAcl
AccRewriteGetHandleRights@32 AccRewriteGetHandleRights@32
;AccRewriteGetNamedRights AccRewriteGetNamedRights@32
;AccRewriteSetEntriesInAcl ;AccRewriteSetEntriesInAcl
AccRewriteSetHandleRights@16 AccRewriteSetHandleRights@16
;AccRewriteSetNamedRights AccRewriteSetNamedRights@16
;AccTreeResetNamedSecurityInfo ;AccTreeResetNamedSecurityInfo
;AccConvertAccessMaskToActrlAccess ;AccConvertAccessMaskToActrlAccess
;AccConvertAccessToSD ;AccConvertAccessToSD