2 * __SystemSecurity implementation
4 * Copyright 2014 Vincent Povirk for CodeWeavers
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2.1 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
21 #include "wbemprox_private.h"
25 static HRESULT
to_byte_array( void *data
, DWORD size
, VARIANT
*var
)
31 if (!(sa
= SafeArrayCreateVector( VT_UI1
, 0, size
))) return E_OUTOFMEMORY
;
33 hr
= SafeArrayAccessData( sa
, &sadata
);
37 memcpy( sadata
, data
, size
);
39 SafeArrayUnaccessData( sa
);
43 SafeArrayDestroy( sa
);
47 set_variant( VT_UI1
|VT_ARRAY
, 0, sa
, var
);
51 static HRESULT
get_sd( SECURITY_DESCRIPTOR
**sd
, DWORD
*size
)
53 BYTE sid_admin_buffer
[SECURITY_MAX_SID_SIZE
];
54 SID
*sid_admin
= (SID
*)sid_admin_buffer
;
55 BYTE sid_network_buffer
[SECURITY_MAX_SID_SIZE
];
56 SID
*sid_network
= (SID
*)sid_network_buffer
;
57 BYTE sid_local_buffer
[SECURITY_MAX_SID_SIZE
];
58 SID
*sid_local
= (SID
*)sid_local_buffer
;
59 BYTE sid_users_buffer
[SECURITY_MAX_SID_SIZE
];
60 SID
*sid_users
= (SID
*)sid_users_buffer
;
61 BYTE acl_buffer
[sizeof(ACL
) + 4 * (sizeof(ACCESS_ALLOWED_ACE
) - sizeof(DWORD
) + SECURITY_MAX_SID_SIZE
)];
62 ACL
*acl
= (ACL
*)acl_buffer
;
64 SECURITY_DESCRIPTOR absolute_sd
;
67 sid_size
= sizeof(sid_admin_buffer
);
68 CreateWellKnownSid( WinBuiltinAdministratorsSid
, NULL
, sid_admin
, &sid_size
);
70 sid_size
= sizeof(sid_network_buffer
);
71 CreateWellKnownSid( WinNetworkServiceSid
, NULL
, sid_network
, &sid_size
);
73 sid_size
= sizeof(sid_local_buffer
);
74 CreateWellKnownSid( WinLocalServiceSid
, NULL
, sid_local
, &sid_size
);
76 sid_size
= sizeof(sid_users_buffer
);
77 CreateWellKnownSid( WinAuthenticatedUserSid
, NULL
, sid_users
, &sid_size
);
79 InitializeAcl( acl
, sizeof(acl_buffer
), ACL_REVISION
);
81 AddAccessAllowedAceEx( acl
, ACL_REVISION
, CONTAINER_INHERIT_ACE
|INHERITED_ACE
,
82 ADS_RIGHT_DS_CREATE_CHILD
|ADS_RIGHT_DS_DELETE_CHILD
|ADS_RIGHT_ACTRL_DS_LIST
|ADS_RIGHT_DS_SELF
|
83 ADS_RIGHT_DS_READ_PROP
|ADS_RIGHT_DS_WRITE_PROP
|READ_CONTROL
|WRITE_DAC
,
86 AddAccessAllowedAceEx( acl
, ACL_REVISION
, CONTAINER_INHERIT_ACE
|INHERITED_ACE
,
87 ADS_RIGHT_DS_CREATE_CHILD
|ADS_RIGHT_DS_DELETE_CHILD
|ADS_RIGHT_DS_READ_PROP
,
90 AddAccessAllowedAceEx( acl
, ACL_REVISION
, CONTAINER_INHERIT_ACE
|INHERITED_ACE
,
91 ADS_RIGHT_DS_CREATE_CHILD
|ADS_RIGHT_DS_DELETE_CHILD
|ADS_RIGHT_DS_READ_PROP
,
94 AddAccessAllowedAceEx( acl
, ACL_REVISION
, CONTAINER_INHERIT_ACE
|INHERITED_ACE
,
95 ADS_RIGHT_DS_CREATE_CHILD
|ADS_RIGHT_DS_DELETE_CHILD
|ADS_RIGHT_DS_READ_PROP
,
98 InitializeSecurityDescriptor( &absolute_sd
, SECURITY_DESCRIPTOR_REVISION
);
100 SetSecurityDescriptorOwner( &absolute_sd
, sid_admin
, TRUE
);
101 SetSecurityDescriptorGroup( &absolute_sd
, sid_admin
, TRUE
);
102 SetSecurityDescriptorDacl( &absolute_sd
, TRUE
, acl
, TRUE
);
104 *size
= GetSecurityDescriptorLength( &absolute_sd
);
106 *sd
= HeapAlloc( GetProcessHeap(), 0, *size
);
112 if (!MakeSelfRelativeSD(&absolute_sd
, *sd
, size
)) {
113 HeapFree( GetProcessHeap(), 0, *sd
);
122 HRESULT
security_get_sd( IWbemClassObject
*obj
, IWbemClassObject
*in
, IWbemClassObject
**out
)
124 VARIANT var_sd
, retval
;
125 IWbemClassObject
*sig
, *out_params
= NULL
;
127 SECURITY_DESCRIPTOR
*sd
;
130 TRACE("%p, %p\n", in
, out
);
132 hr
= create_signature( class_systemsecurityW
, method_getsdW
, PARAM_OUT
, &sig
);
136 hr
= IWbemClassObject_SpawnInstance( sig
, 0, &out_params
);
138 IWbemClassObject_Release( sig
);
143 ret
= get_sd( &sd
, &sd_size
);
147 VariantInit( &var_sd
);
149 hr
= to_byte_array( sd
, sd_size
, &var_sd
);
152 hr
= IWbemClassObject_Put( out_params
, param_sdW
, 0, &var_sd
, CIM_UINT8
|CIM_FLAG_ARRAY
);
154 HeapFree( GetProcessHeap(), 0, sd
);
155 VariantClear( &var_sd
);
160 set_variant( VT_UI4
, ret
, NULL
, &retval
);
161 hr
= IWbemClassObject_Put( out_params
, param_returnvalueW
, 0, &retval
, CIM_UINT32
);
164 if (SUCCEEDED(hr
) && out
)
167 IWbemClassObject_AddRef( out_params
);
170 IWbemClassObject_Release( out_params
);
177 HRESULT
security_set_sd( IWbemClassObject
*obj
, IWbemClassObject
*in
, IWbemClassObject
**out
)
180 IWbemClassObject
*sig
, *out_params
= NULL
;
185 hr
= create_signature( class_systemsecurityW
, method_setsdW
, PARAM_OUT
, &sig
);
189 hr
= IWbemClassObject_SpawnInstance( sig
, 0, &out_params
);
191 IWbemClassObject_Release( sig
);
196 set_variant( VT_UI4
, S_OK
, NULL
, &retval
);
197 hr
= IWbemClassObject_Put( out_params
, param_returnvalueW
, 0, &retval
, CIM_UINT32
);
199 if (SUCCEEDED(hr
) && out
)
202 IWbemClassObject_AddRef( out_params
);
205 IWbemClassObject_Release( out_params
);