partial implementation of AuthzInitializeContextFromSid(), AuthzGetInformationFromCon...
[reactos.git] / reactos / lib / authz / resman.c
1 /*
2 * ReactOS Authorization Framework
3 * Copyright (C) 2005 - 2006 ReactOS Team
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
18 */
19 /* $Id: aclui.c 18173 2005-09-30 18:54:48Z weiden $
20 *
21 * PROJECT: ReactOS Authorization Framework
22 * FILE: lib/authz/resman.c
23 * PURPOSE: Authorization Framework
24 * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
25 *
26 * UPDATE HISTORY:
27 * 10/07/2005 Created
28 */
29 #include <precomp.h>
30
31
32 static BOOL
33 AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan,
34 IN HANDLE hToken)
35 {
36 TOKEN_USER User;
37 TOKEN_STATISTICS Statistics;
38 DWORD BufLen;
39 PSID UserSid = NULL;
40 BOOL Ret = FALSE;
41
42 /* query information about the user */
43 BufLen = sizeof(User);
44 Ret = GetTokenInformation(hToken,
45 TokenUser,
46 &User,
47 BufLen,
48 &BufLen);
49 if (Ret)
50 {
51 BufLen = GetLengthSid(User.User.Sid);
52 if (BufLen != 0)
53 {
54 UserSid = (PSID)LocalAlloc(LMEM_FIXED,
55 BufLen);
56 if (UserSid != NULL)
57 {
58 CopyMemory(UserSid,
59 User.User.Sid,
60 BufLen);
61 }
62 else
63 Ret = FALSE;
64 }
65 else
66 Ret = FALSE;
67 }
68
69 if (Ret)
70 {
71 /* query general information */
72 BufLen = sizeof(Statistics);
73 Ret = GetTokenInformation(hToken,
74 TokenUser,
75 &Statistics,
76 BufLen,
77 &BufLen);
78 }
79
80 if (Ret)
81 {
82 ResMan->UserSid = UserSid;
83 ResMan->AuthenticationId = Statistics.AuthenticationId;
84 Ret = TRUE;
85 }
86 else
87 {
88 if (UserSid != NULL)
89 {
90 LocalFree((HLOCAL)UserSid);
91 }
92 }
93
94 return Ret;
95 }
96
97 static BOOL
98 AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
99 {
100 HANDLE hToken;
101 BOOL Ret;
102
103 Ret = OpenThreadToken(GetCurrentThread(),
104 TOKEN_QUERY,
105 TRUE,
106 &hToken);
107 if (Ret)
108 {
109 Ret = AuthzpQueryToken(ResMan,
110 hToken);
111 CloseHandle(hToken);
112 }
113
114 return Ret;
115 }
116
117 static BOOL
118 AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
119 {
120 HANDLE hToken;
121 BOOL Ret;
122
123 Ret = OpenProcessToken(GetCurrentProcess(),
124 TOKEN_QUERY,
125 &hToken);
126 if (Ret)
127 {
128 Ret = AuthzpQueryToken(ResMan,
129 hToken);
130 CloseHandle(hToken);
131 }
132
133 return Ret;
134 }
135
136
137 /*
138 * @unimplemented
139 */
140 AUTHZAPI
141 BOOL
142 WINAPI
143 AuthzInitializeResourceManager(IN DWORD flags,
144 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL,
145 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL,
146 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL,
147 IN PCWSTR ResourceManagerName OPTIONAL,
148 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
149 {
150 BOOL Ret = FALSE;
151
152 if (pAuthzResourceManager != NULL &&
153 !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)))
154 {
155 PAUTHZ_RESMAN ResMan;
156 SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN);
157
158 if (ResourceManagerName != NULL)
159 {
160 RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR);
161 }
162
163 ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED,
164 RequiredSize);
165 if (ResMan != NULL)
166 {
167 /* initialize the resource manager structure */
168 #if DBG
169 ResMan->Tag = RESMAN_TAG;
170 #endif
171
172 ResMan->flags = flags;
173 ResMan->UserSid = NULL;
174
175 if (ResourceManagerName != NULL)
176 {
177 wcscpy(ResMan->ResourceManagerName,
178 ResourceManagerName);
179 }
180 else
181 ResMan->ResourceManagerName[0] = UNICODE_NULL;
182
183 ResMan->pfnAccessCheck = pfnAccessCheck;
184 ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups;
185 ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups;
186
187 if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT))
188 {
189 /* FIXME - initialize auditing */
190 DPRINT1("Auditing not implemented!\n");
191 }
192
193 if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
194 {
195 Ret = AuthzpInitUnderImpersonation(ResMan);
196 }
197 else
198 {
199 Ret = AuthzpInitSelf(ResMan);
200 }
201
202 if (Ret)
203 {
204 /* finally return the handle */
205 *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan;
206 }
207 else
208 {
209 DPRINT1("Querying the token failed!\n");
210 LocalFree((HLOCAL)ResMan);
211 }
212 }
213 }
214 else
215 SetLastError(ERROR_INVALID_PARAMETER);
216
217 return Ret;
218 }
219
220
221 /*
222 * @unimplemented
223 */
224 AUTHZAPI
225 BOOL
226 WINAPI
227 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
228 {
229 BOOL Ret = FALSE;
230
231 if (AuthzResourceManager != NULL)
232 {
233 PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager;
234
235 VALIDATE_RESMAN_HANDLE(AuthzResourceManager);
236
237 if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT))
238 {
239 /* FIXME - cleanup auditing */
240 }
241
242 if (ResMan->UserSid != NULL)
243 {
244 LocalFree((HLOCAL)ResMan->UserSid);
245 }
246
247 LocalFree((HLOCAL)AuthzResourceManager);
248 Ret = TRUE;
249 }
250 else
251 SetLastError(ERROR_INVALID_PARAMETER);
252
253 return Ret;
254 }
255