From 78a4d9117fc94e8971683f151a42485fb19653da Mon Sep 17 00:00:00 2001 From: Thomas Bluemel Date: Thu, 12 Jan 2006 00:23:47 +0000 Subject: [PATCH] partial implementation of AuthzInitializeContextFromSid(), AuthzGetInformationFromContext() and AuthzFreeContext() svn path=/trunk/; revision=20798 --- reactos/lib/authz/authz.c | 49 -------- reactos/lib/authz/authz.xml | 1 + reactos/lib/authz/clictx.c | 233 ++++++++++++++++++++++++++++++++++++ reactos/lib/authz/precomp.h | 42 ++++++- reactos/lib/authz/resman.c | 20 +--- 5 files changed, 276 insertions(+), 69 deletions(-) create mode 100644 reactos/lib/authz/clictx.c diff --git a/reactos/lib/authz/authz.c b/reactos/lib/authz/authz.c index 044b41b91b9..14ef506d47a 100644 --- a/reactos/lib/authz/authz.c +++ b/reactos/lib/authz/authz.c @@ -116,19 +116,6 @@ AuthzFreeAuditEvent(IN AUTHZ_AUDIT_EVENT_HANDLE pAuditEventInfo) } -/* - * @unimplemented - */ -AUTHZAPI -BOOL -WINAPI -AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext) -{ - UNIMPLEMENTED; - return FALSE; -} - - /* * @unimplemented */ @@ -142,23 +129,6 @@ AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle) } -/* - * @unimplemented - */ -AUTHZAPI -BOOL -WINAPI -AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, - IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, - IN DWORD BufferSize, - OUT PDWORD pSizeRequired, - OUT PVOID Buffer) -{ - UNIMPLEMENTED; - return FALSE; -} - - /* * @unimplemented */ @@ -177,25 +147,6 @@ AuthzInitializeContextFromAuthzContext(IN DWORD flags, } -/* - * @unimplemented - */ -AUTHZAPI -BOOL -WINAPI -AuthzInitializeContextFromSid(IN DWORD Flags, - IN PSID UserSid, - IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager, - IN PLARGE_INTEGER pExpirationTime, - IN LUID Identifier, - IN PVOID DynamicGroupArgs, - OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext) -{ - UNIMPLEMENTED; - return FALSE; -} - - /* * @unimplemented */ diff --git a/reactos/lib/authz/authz.xml b/reactos/lib/authz/authz.xml index 33f6739430e..4ce1b5a95d3 100644 --- a/reactos/lib/authz/authz.xml +++ b/reactos/lib/authz/authz.xml @@ -11,6 +11,7 @@ kernel32 advapi32 authz.c + clictx.c resman.c authz.rc precomp.h diff --git a/reactos/lib/authz/clictx.c b/reactos/lib/authz/clictx.c new file mode 100644 index 00000000000..78273718a9f --- /dev/null +++ b/reactos/lib/authz/clictx.c @@ -0,0 +1,233 @@ +/* + * ReactOS Authorization Framework + * Copyright (C) 2005 - 2006 ReactOS Team + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +/* $Id: aclui.c 18173 2005-09-30 18:54:48Z weiden $ + * + * PROJECT: ReactOS Authorization Framework + * FILE: lib/authz/clictx.c + * PURPOSE: Authorization Framework + * PROGRAMMER: Thomas Weidenmueller + * + * UPDATE HISTORY: + * 10/07/2005 Created + */ +#include + + +/* + * @unimplemented + */ +AUTHZAPI +BOOL +WINAPI +AuthzInitializeContextFromSid(IN DWORD Flags, + IN PSID UserSid, + IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager, + IN PLARGE_INTEGER pExpirationTime, + IN LUID Identifier, + IN PVOID DynamicGroupArgs, + OUT PAUTHZ_CLIENT_CONTEXT_HANDLE pAuthzClientContext) +{ + BOOL Ret = FALSE; + + if (AuthzResourceManager != NULL && pExpirationTime != NULL && pAuthzClientContext != NULL && + UserSid != NULL && IsValidSid(UserSid) && !(Flags & (AUTHZ_SKIP_TOKEN_GROUPS | AUTHZ_REQUIRE_S4U_LOGON))) + { + PAUTHZ_CLIENT_CONTEXT ClientCtx; + //PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager; + + VALIDATE_RESMAN_HANDLE(AuthzResourceManager); + + ClientCtx = (PAUTHZ_CLIENT_CONTEXT)LocalAlloc(LMEM_FIXED, + sizeof(AUTHZ_CLIENT_CONTEXT)); + if (ClientCtx != NULL) + { + DWORD SidLen; + + /* initialize the client context structure */ +#if DBG + ClientCtx->Tag = CLIENTCTX_TAG; +#endif + + /* simply copy the SID */ + SidLen = GetLengthSid(UserSid); + ClientCtx->UserSid = (PSID)LocalAlloc(LMEM_FIXED, + SidLen); + if (ClientCtx->UserSid == NULL) + { + LocalFree((HLOCAL)ClientCtx); + goto FailNoMemory; + } + CopySid(SidLen, + ClientCtx->UserSid, + UserSid); + + ClientCtx->AuthzResourceManager = AuthzResourceManager; + ClientCtx->Luid = Identifier; + ClientCtx->ExpirationTime.QuadPart = (pExpirationTime != NULL ? pExpirationTime->QuadPart : 0); + ClientCtx->ServerContext = NULL; /* FIXME */ + ClientCtx->DynamicGroupArgs = DynamicGroupArgs; + + /* return the client context handle */ + *pAuthzClientContext = (AUTHZ_CLIENT_CONTEXT_HANDLE)ClientCtx; + Ret = TRUE; + } + else + { +FailNoMemory: + SetLastError(ERROR_NOT_ENOUGH_MEMORY); + } + } + else + SetLastError(ERROR_INVALID_PARAMETER); + + return Ret; +} + + +/* + * @unimplemented + */ +AUTHZAPI +BOOL +WINAPI +AuthzGetInformationFromContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, + IN AUTHZ_CONTEXT_INFORMATION_CLASS InfoClass, + IN DWORD BufferSize, + OUT PDWORD pSizeRequired, + OUT PVOID Buffer) +{ + BOOL Ret = FALSE; + + if (hAuthzClientContext != NULL && pSizeRequired != NULL) + { + PAUTHZ_CLIENT_CONTEXT ClientCtx = (PAUTHZ_CLIENT_CONTEXT)hAuthzClientContext; + + VALIDATE_CLIENTCTX_HANDLE(hAuthzClientContext); + + switch (InfoClass) + { + case AuthzContextInfoUserSid: + { + DWORD SidLen = GetLengthSid(ClientCtx->UserSid); + *pSizeRequired = SidLen; + if (BufferSize < SidLen) + { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + } + else + { + Ret = CopySid(SidLen, + (PSID)Buffer, + ClientCtx->UserSid); + } + break; + } + + case AuthzContextInfoGroupsSids: + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + break; + + case AuthzContextInfoRestrictedSids: + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + break; + + case AuthzContextInfoPrivileges: + SetLastError(ERROR_CALL_NOT_IMPLEMENTED); + break; + + case AuthzContextInfoExpirationTime: + *pSizeRequired = sizeof(LARGE_INTEGER); + if (BufferSize < sizeof(LARGE_INTEGER) || Buffer == NULL) + { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + } + else + { + *((PLARGE_INTEGER)Buffer) = ClientCtx->ExpirationTime; + Ret = TRUE; + } + break; + + case AuthzContextInfoServerContext: + *pSizeRequired = sizeof(AUTHZ_CLIENT_CONTEXT_HANDLE); + if (BufferSize < sizeof(AUTHZ_CLIENT_CONTEXT_HANDLE) || Buffer == NULL) + { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + } + else + { + *((PAUTHZ_CLIENT_CONTEXT_HANDLE)Buffer) = ClientCtx->ServerContext; + Ret = TRUE; + } + break; + + case AuthzContextInfoIdentifier: + *pSizeRequired = sizeof(LUID); + if (BufferSize < sizeof(LUID) || Buffer == NULL) + { + SetLastError(ERROR_INSUFFICIENT_BUFFER); + } + else + { + *((PLUID)Buffer) = ClientCtx->Luid; + Ret = TRUE; + } + break; + + default: + SetLastError(ERROR_INVALID_PARAMETER); + break; + } + } + else + SetLastError(ERROR_INVALID_PARAMETER); + + return Ret; +} + + +/* + * @implemented + */ +AUTHZAPI +BOOL +WINAPI +AuthzFreeContext(IN AUTHZ_CLIENT_CONTEXT_HANDLE AuthzClientContext) +{ + BOOL Ret = FALSE; + + if (AuthzClientContext != NULL) + { + PAUTHZ_CLIENT_CONTEXT ClientCtx = (PAUTHZ_CLIENT_CONTEXT)AuthzClientContext; + + VALIDATE_CLIENTCTX_HANDLE(AuthzClientContext); + + if (ClientCtx->UserSid != NULL) + { + LocalFree((HLOCAL)ClientCtx->UserSid); + } + + LocalFree((HLOCAL)ClientCtx); + Ret = TRUE; + } + else + SetLastError(ERROR_INVALID_PARAMETER); + + return Ret; +} diff --git a/reactos/lib/authz/precomp.h b/reactos/lib/authz/precomp.h index cfb5c0ae98c..50e1d55cfb2 100644 --- a/reactos/lib/authz/precomp.h +++ b/reactos/lib/authz/precomp.h @@ -1,3 +1,6 @@ +#ifndef __AUTHZ_PRECOMP_H +#define __AUTHZ_PRECOMP_H + #define _AUTHZ_ #include #include @@ -14,19 +17,54 @@ ULONG DbgPrint(PCH Format,...); #if DBG #define RESMAN_TAG 0x89ABCDEF -#define VALID_RESMAN_HANDLE(handle) ASSERT(((PAUTHZ_RESMAN)handle)->Tag == RESMAN_TAG) +#define CLIENTCTX_TAG 0x789ABCDE +#define VALIDATE_RESMAN_HANDLE(handle) ASSERT(((PAUTHZ_RESMAN)handle)->Tag == RESMAN_TAG) +#define VALIDATE_CLIENTCTX_HANDLE(handle) ASSERT(((PAUTHZ_CLIENT_CONTEXT)handle)->Tag == CLIENTCTX_TAG) #ifndef ASSERT #define ASSERT(cond) if (!(cond)) { DbgPrint("%s:%i: ASSERTION %s failed!\n", __FILE__, __LINE__, #cond ); } #endif #else -#define VALID_RESMAN_HANDLE(handle) +#define VALIDATE_RESMAN_HANDLE(handle) +#define VALIDATE_CLIENTCTX_HANDLE(handle) #ifndef ASSERT #define ASSERT(cond) #endif #endif +typedef struct _AUTHZ_RESMAN +{ +#if DBG + DWORD Tag; +#endif + + PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck; + PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups; + PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups; + + DWORD flags; + PSID UserSid; + LUID AuthenticationId; + + WCHAR ResourceManagerName[1]; +} AUTHZ_RESMAN, *PAUTHZ_RESMAN; + +typedef struct _AUTHZ_CLIENT_CONTEXT +{ +#if DBG + DWORD Tag; +#endif + + PSID UserSid; + + AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager; + LUID Luid; + LARGE_INTEGER ExpirationTime; + AUTHZ_CLIENT_CONTEXT_HANDLE ServerContext; + PVOID DynamicGroupArgs; +} AUTHZ_CLIENT_CONTEXT, *PAUTHZ_CLIENT_CONTEXT; +#endif /* __AUTHZ_PRECOMP_H */ /* EOF */ diff --git a/reactos/lib/authz/resman.c b/reactos/lib/authz/resman.c index 19456d04a41..54e1e471d19 100644 --- a/reactos/lib/authz/resman.c +++ b/reactos/lib/authz/resman.c @@ -1,6 +1,6 @@ /* * ReactOS Authorization Framework - * Copyright (C) 2005 ReactOS Team + * Copyright (C) 2005 - 2006 ReactOS Team * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -28,22 +28,6 @@ */ #include -typedef struct _AUTHZ_RESMAN -{ -#if DBG - DWORD Tag; -#endif - - PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck; - PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups; - PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups; - - DWORD flags; - PSID UserSid; - LUID AuthenticationId; - - WCHAR ResourceManagerName[1]; -} AUTHZ_RESMAN, *PAUTHZ_RESMAN; static BOOL AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan, @@ -248,7 +232,7 @@ AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager) { PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager; - VALID_RESMAN_HANDLE(AuthzResourceManager); + VALIDATE_RESMAN_HANDLE(AuthzResourceManager); if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT)) { -- 2.17.1