reactos/dll/win32/authz/resman.c

   1 /*
   2  * ReactOS Authorization Framework
   3  * Copyright (C) 2005 - 2006 ReactOS Team
   4  *
   5  * This library is free software; you can redistribute it and/or
   6  * modify it under the terms of the GNU Lesser General Public
   7  * License as published by the Free Software Foundation; either
   8  * version 2.1 of the License, or (at your option) any later version.
   9  *
  10  * This library is distributed in the hope that it will be useful,
  11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13  * Lesser General Public License for more details.
  14  *
  15  * You should have received a copy of the GNU Lesser General Public
  16  * License along with this library; if not, write to the Free Software
  17  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
  18  */
  19 /*
  20  * PROJECT:         ReactOS Authorization Framework
  21  * FILE:            lib/authz/resman.c
  22  * PURPOSE:         Authorization Framework
  23  * PROGRAMMER:      Thomas Weidenmueller <w3seek@reactos.com>
  24  *
  25  * UPDATE HISTORY:
  26  *      10/07/2005  Created
  27  */
  28 #include <precomp.h>
  29
  30
  31 static BOOL
  32 AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan,
  33                  IN HANDLE hToken)
  34 {
  35     TOKEN_USER User;
  36     TOKEN_STATISTICS Statistics;
  37     DWORD BufLen;
  38     PSID UserSid = NULL;
  39     BOOL Ret = FALSE;
  40
  41     /* query information about the user */
  42     BufLen = sizeof(User);
  43     Ret = GetTokenInformation(hToken,
  44                               TokenUser,
  45                               &User,
  46                               BufLen,
  47                               &BufLen);
  48     if (Ret)
  49     {
  50         BufLen = GetLengthSid(User.User.Sid);
  51         if (BufLen != 0)
  52         {
  53             UserSid = (PSID)LocalAlloc(LMEM_FIXED,
  54                                        BufLen);
  55             if (UserSid != NULL)
  56             {
  57                 CopyMemory(UserSid,
  58                            User.User.Sid,
  59                            BufLen);
  60             }
  61             else
  62                 Ret = FALSE;
  63         }
  64         else
  65             Ret = FALSE;
  66     }
  67
  68     if (Ret)
  69     {
  70         /* query general information */
  71         BufLen = sizeof(Statistics);
  72         Ret = GetTokenInformation(hToken,
  73                                   TokenUser,
  74                                   &Statistics,
  75                                   BufLen,
  76                                   &BufLen);
  77     }
  78
  79     if (Ret)
  80     {
  81         ResMan->UserSid = UserSid;
  82         ResMan->AuthenticationId = Statistics.AuthenticationId;
  83         Ret = TRUE;
  84     }
  85     else
  86     {
  87         if (UserSid != NULL)
  88         {
  89             LocalFree((HLOCAL)UserSid);
  90         }
  91     }
  92
  93     return Ret;
  94 }
  95
  96 static BOOL
  97 AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
  98 {
  99     HANDLE hToken;
 100     BOOL Ret;
 101
 102     Ret = OpenThreadToken(GetCurrentThread(),
 103                           TOKEN_QUERY,
 104                           TRUE,
 105                           &hToken);
 106     if (Ret)
 107     {
 108         Ret = AuthzpQueryToken(ResMan,
 109                                hToken);
 110         CloseHandle(hToken);
 111     }
 112
 113     return Ret;
 114 }
 115
 116 static BOOL
 117 AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
 118 {
 119     HANDLE hToken;
 120     BOOL Ret;
 121
 122     Ret = OpenProcessToken(GetCurrentProcess(),
 123                            TOKEN_QUERY,
 124                            &hToken);
 125     if (Ret)
 126     {
 127         Ret = AuthzpQueryToken(ResMan,
 128                                hToken);
 129         CloseHandle(hToken);
 130     }
 131
 132     return Ret;
 133 }
 134
 135
 136 /*
 137  * @unimplemented
 138  */
 139 AUTHZAPI
 140 BOOL
 141 WINAPI
 142 AuthzInitializeResourceManager(IN DWORD flags,
 143                                IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck  OPTIONAL,
 144                                IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups  OPTIONAL,
 145                                IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups  OPTIONAL,
 146                                IN PCWSTR ResourceManagerName  OPTIONAL,
 147                                IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
 148 {
 149     BOOL Ret = FALSE;
 150
 151     if (pAuthzResourceManager != NULL &&
 152         !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)))
 153     {
 154         PAUTHZ_RESMAN ResMan;
 155         SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN);
 156
 157         if (ResourceManagerName != NULL)
 158         {
 159             RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR);
 160         }
 161
 162         ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED,
 163                                            RequiredSize);
 164         if (ResMan != NULL)
 165         {
 166             /* initialize the resource manager structure */
 167 #if DBG
 168             ResMan->Tag = RESMAN_TAG;
 169 #endif
 170
 171             ResMan->flags = flags;
 172             ResMan->UserSid = NULL;
 173
 174             if (ResourceManagerName != NULL)
 175             {
 176                 wcscpy(ResMan->ResourceManagerName,
 177                        ResourceManagerName);
 178             }
 179             else
 180                 ResMan->ResourceManagerName[0] = UNICODE_NULL;
 181
 182             ResMan->pfnAccessCheck = pfnAccessCheck;
 183             ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups;
 184             ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups;
 185
 186             if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT))
 187             {
 188                 /* FIXME - initialize auditing */
 189                 DPRINT1("Auditing not implemented!\n");
 190             }
 191
 192             if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
 193             {
 194                 Ret = AuthzpInitUnderImpersonation(ResMan);
 195             }
 196             else
 197             {
 198                 Ret = AuthzpInitSelf(ResMan);
 199             }
 200
 201             if (Ret)
 202             {
 203                 /* finally return the handle */
 204                 *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan;
 205             }
 206             else
 207             {
 208                 DPRINT1("Querying the token failed!\n");
 209                 LocalFree((HLOCAL)ResMan);
 210             }
 211         }
 212     }
 213     else
 214         SetLastError(ERROR_INVALID_PARAMETER);
 215
 216     return Ret;
 217 }
 218
 219
 220 /*
 221  * @unimplemented
 222  */
 223 AUTHZAPI
 224 BOOL
 225 WINAPI
 226 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
 227 {
 228     BOOL Ret = FALSE;
 229
 230     if (AuthzResourceManager != NULL)
 231     {
 232         PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager;
 233
 234         VALIDATE_RESMAN_HANDLE(AuthzResourceManager);
 235
 236         if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT))
 237         {
 238             /* FIXME - cleanup auditing */
 239         }
 240
 241         if (ResMan->UserSid != NULL)
 242         {
 243             LocalFree((HLOCAL)ResMan->UserSid);
 244         }
 245
 246         LocalFree((HLOCAL)AuthzResourceManager);
 247         Ret = TRUE;
 248     }
 249     else
 250         SetLastError(ERROR_INVALID_PARAMETER);
 251
 252     return Ret;
 253 }
 254