From b0418e948177c5a9dc6248d7ad4fabd816fd0e50 Mon Sep 17 00:00:00 2001 From: Thomas Bluemel Date: Fri, 7 Oct 2005 02:28:42 +0000 Subject: [PATCH] partly implemented AuthzInitializeResourceManager and AuthzFreeResourceManager (no support for auditing so far) svn path=/trunk/; revision=18308 --- reactos/lib/authz/authz.c | 31 ----- reactos/lib/authz/authz.xml | 1 + reactos/lib/authz/precomp.h | 17 +++ reactos/lib/authz/resman.c | 271 ++++++++++++++++++++++++++++++++++++ 4 files changed, 289 insertions(+), 31 deletions(-) create mode 100644 reactos/lib/authz/resman.c diff --git a/reactos/lib/authz/authz.c b/reactos/lib/authz/authz.c index a9d78de100a..044b41b91b9 100644 --- a/reactos/lib/authz/authz.c +++ b/reactos/lib/authz/authz.c @@ -142,19 +142,6 @@ AuthzFreeHandle(IN AUTHZ_ACCESS_CHECK_RESULTS_HANDLE AuthzHandle) } -/* - * @unimplemented - */ -AUTHZAPI -BOOL -WINAPI -AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager) -{ - UNIMPLEMENTED; - return FALSE; -} - - /* * @unimplemented */ @@ -269,24 +256,6 @@ AuthzInitializeObjectAccessAuditEvent2(IN DWORD Flags, } -/* - * @unimplemented - */ -AUTHZAPI -BOOL -WINAPI -AuthzInitializeResourceManager(IN DWORD flags, - IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck, - IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups, - IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups, - IN PCWSTR ResourceManagerName, - IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager) -{ - UNIMPLEMENTED; - return FALSE; -} - - /* * @unimplemented */ diff --git a/reactos/lib/authz/authz.xml b/reactos/lib/authz/authz.xml index bf8261bb663..33f6739430e 100644 --- a/reactos/lib/authz/authz.xml +++ b/reactos/lib/authz/authz.xml @@ -11,6 +11,7 @@ kernel32 advapi32 authz.c + resman.c authz.rc precomp.h diff --git a/reactos/lib/authz/precomp.h b/reactos/lib/authz/precomp.h index c7f062c979f..cfb5c0ae98c 100644 --- a/reactos/lib/authz/precomp.h +++ b/reactos/lib/authz/precomp.h @@ -11,5 +11,22 @@ ULONG DbgPrint(PCH Format,...); #define UNIMPLEMENTED DbgPrint("AUTHZ.DLL: %s is UNIMPLEMENTED!\n", __FUNCTION__) #endif +#if DBG + +#define RESMAN_TAG 0x89ABCDEF +#define VALID_RESMAN_HANDLE(handle) ASSERT(((PAUTHZ_RESMAN)handle)->Tag == RESMAN_TAG) +#ifndef ASSERT +#define ASSERT(cond) if (!(cond)) { DbgPrint("%s:%i: ASSERTION %s failed!\n", __FILE__, __LINE__, #cond ); } +#endif + +#else + +#define VALID_RESMAN_HANDLE(handle) +#ifndef ASSERT +#define ASSERT(cond) +#endif + +#endif + /* EOF */ diff --git a/reactos/lib/authz/resman.c b/reactos/lib/authz/resman.c new file mode 100644 index 00000000000..19456d04a41 --- /dev/null +++ b/reactos/lib/authz/resman.c @@ -0,0 +1,271 @@ +/* + * ReactOS Authorization Framework + * Copyright (C) 2005 ReactOS Team + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + */ +/* $Id: aclui.c 18173 2005-09-30 18:54:48Z weiden $ + * + * PROJECT: ReactOS Authorization Framework + * FILE: lib/authz/resman.c + * PURPOSE: Authorization Framework + * PROGRAMMER: Thomas Weidenmueller + * + * UPDATE HISTORY: + * 10/07/2005 Created + */ +#include + +typedef struct _AUTHZ_RESMAN +{ +#if DBG + DWORD Tag; +#endif + + PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck; + PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups; + PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups; + + DWORD flags; + PSID UserSid; + LUID AuthenticationId; + + WCHAR ResourceManagerName[1]; +} AUTHZ_RESMAN, *PAUTHZ_RESMAN; + +static BOOL +AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan, + IN HANDLE hToken) +{ + TOKEN_USER User; + TOKEN_STATISTICS Statistics; + DWORD BufLen; + PSID UserSid = NULL; + BOOL Ret = FALSE; + + /* query information about the user */ + BufLen = sizeof(User); + Ret = GetTokenInformation(hToken, + TokenUser, + &User, + BufLen, + &BufLen); + if (Ret) + { + BufLen = GetLengthSid(User.User.Sid); + if (BufLen != 0) + { + UserSid = (PSID)LocalAlloc(LMEM_FIXED, + BufLen); + if (UserSid != NULL) + { + CopyMemory(UserSid, + User.User.Sid, + BufLen); + } + else + Ret = FALSE; + } + else + Ret = FALSE; + } + + if (Ret) + { + /* query general information */ + BufLen = sizeof(Statistics); + Ret = GetTokenInformation(hToken, + TokenUser, + &Statistics, + BufLen, + &BufLen); + } + + if (Ret) + { + ResMan->UserSid = UserSid; + ResMan->AuthenticationId = Statistics.AuthenticationId; + Ret = TRUE; + } + else + { + if (UserSid != NULL) + { + LocalFree((HLOCAL)UserSid); + } + } + + return Ret; +} + +static BOOL +AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan) +{ + HANDLE hToken; + BOOL Ret; + + Ret = OpenThreadToken(GetCurrentThread(), + TOKEN_QUERY, + TRUE, + &hToken); + if (Ret) + { + Ret = AuthzpQueryToken(ResMan, + hToken); + CloseHandle(hToken); + } + + return Ret; +} + +static BOOL +AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan) +{ + HANDLE hToken; + BOOL Ret; + + Ret = OpenProcessToken(GetCurrentProcess(), + TOKEN_QUERY, + &hToken); + if (Ret) + { + Ret = AuthzpQueryToken(ResMan, + hToken); + CloseHandle(hToken); + } + + return Ret; +} + + +/* + * @unimplemented + */ +AUTHZAPI +BOOL +WINAPI +AuthzInitializeResourceManager(IN DWORD flags, + IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL, + IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL, + IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL, + IN PCWSTR ResourceManagerName OPTIONAL, + IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager) +{ + BOOL Ret = FALSE; + + if (pAuthzResourceManager != NULL && + !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION))) + { + PAUTHZ_RESMAN ResMan; + SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN); + + if (ResourceManagerName != NULL) + { + RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR); + } + + ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED, + RequiredSize); + if (ResMan != NULL) + { + /* initialize the resource manager structure */ +#if DBG + ResMan->Tag = RESMAN_TAG; +#endif + + ResMan->flags = flags; + ResMan->UserSid = NULL; + + if (ResourceManagerName != NULL) + { + wcscpy(ResMan->ResourceManagerName, + ResourceManagerName); + } + else + ResMan->ResourceManagerName[0] = UNICODE_NULL; + + ResMan->pfnAccessCheck = pfnAccessCheck; + ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups; + ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups; + + if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT)) + { + /* FIXME - initialize auditing */ + DPRINT1("Auditing not implemented!\n"); + } + + if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION) + { + Ret = AuthzpInitUnderImpersonation(ResMan); + } + else + { + Ret = AuthzpInitSelf(ResMan); + } + + if (Ret) + { + /* finally return the handle */ + *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan; + } + else + { + DPRINT1("Querying the token failed!\n"); + LocalFree((HLOCAL)ResMan); + } + } + } + else + SetLastError(ERROR_INVALID_PARAMETER); + + return Ret; +} + + +/* + * @unimplemented + */ +AUTHZAPI +BOOL +WINAPI +AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager) +{ + BOOL Ret = FALSE; + + if (AuthzResourceManager != NULL) + { + PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager; + + VALID_RESMAN_HANDLE(AuthzResourceManager); + + if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT)) + { + /* FIXME - cleanup auditing */ + } + + if (ResMan->UserSid != NULL) + { + LocalFree((HLOCAL)ResMan->UserSid); + } + + LocalFree((HLOCAL)AuthzResourceManager); + Ret = TRUE; + } + else + SetLastError(ERROR_INVALID_PARAMETER); + + return Ret; +} + -- 2.17.1