ReactOS  0.4.15-dev-4853-g3a72a52
resman.c
Go to the documentation of this file.
1 /*
2  * ReactOS Authorization Framework
3  * Copyright (C) 2005 - 2006 ReactOS Team
4  *
5  * This library is free software; you can redistribute it and/or
6  * modify it under the terms of the GNU Lesser General Public
7  * License as published by the Free Software Foundation; either
8  * version 2.1 of the License, or (at your option) any later version.
9  *
10  * This library is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13  * Lesser General Public License for more details.
14  *
15  * You should have received a copy of the GNU Lesser General Public
16  * License along with this library; if not, write to the Free Software
17  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18  */
19 /*
20  * PROJECT: ReactOS Authorization Framework
21  * FILE: lib/authz/resman.c
22  * PURPOSE: Authorization Framework
23  * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
24  *
25  * UPDATE HISTORY:
26  * 10/07/2005 Created
27  */
28 
29 #include "precomp.h"
30 
31 #define NDEBUG
32 #include <debug.h>
33 
34 static BOOL
35 AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan,
36  IN HANDLE hToken)
37 {
38  TOKEN_USER User;
39  TOKEN_STATISTICS Statistics;
40  DWORD BufLen;
41  PSID UserSid = NULL;
42  BOOL Ret = FALSE;
43 
44  /* query information about the user */
45  BufLen = sizeof(User);
46  Ret = GetTokenInformation(hToken,
47  TokenUser,
48  &User,
49  BufLen,
50  &BufLen);
51  if (Ret)
52  {
53  BufLen = GetLengthSid(User.User.Sid);
54  if (BufLen != 0)
55  {
56  UserSid = (PSID)LocalAlloc(LMEM_FIXED,
57  BufLen);
58  if (UserSid != NULL)
59  {
60  CopyMemory(UserSid,
61  User.User.Sid,
62  BufLen);
63  }
64  else
65  Ret = FALSE;
66  }
67  else
68  Ret = FALSE;
69  }
70 
71  if (Ret)
72  {
73  /* query general information */
74  BufLen = sizeof(Statistics);
75  Ret = GetTokenInformation(hToken,
76  TokenUser,
77  &Statistics,
78  BufLen,
79  &BufLen);
80  }
81 
82  if (Ret)
83  {
84  ResMan->UserSid = UserSid;
85  ResMan->AuthenticationId = Statistics.AuthenticationId;
86  Ret = TRUE;
87  }
88  else
89  {
90  if (UserSid != NULL)
91  {
92  LocalFree((HLOCAL)UserSid);
93  }
94  }
95 
96  return Ret;
97 }
98 
99 static BOOL
100 AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
101 {
102  HANDLE hToken;
103  BOOL Ret;
104 
105  Ret = OpenThreadToken(GetCurrentThread(),
106  TOKEN_QUERY,
107  TRUE,
108  &hToken);
109  if (Ret)
110  {
111  Ret = AuthzpQueryToken(ResMan,
112  hToken);
113  CloseHandle(hToken);
114  }
115 
116  return Ret;
117 }
118 
119 static BOOL
120 AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
121 {
122  HANDLE hToken;
123  BOOL Ret;
124 
125  Ret = OpenProcessToken(GetCurrentProcess(),
126  TOKEN_QUERY,
127  &hToken);
128  if (Ret)
129  {
130  Ret = AuthzpQueryToken(ResMan,
131  hToken);
132  CloseHandle(hToken);
133  }
134 
135  return Ret;
136 }
137 
138 
139 /*
140  * @unimplemented
141  */
142 AUTHZAPI
143 BOOL
144 WINAPI
145 AuthzInitializeResourceManager(IN DWORD flags,
146  IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL,
147  IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL,
148  IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL,
149  IN PCWSTR ResourceManagerName OPTIONAL,
150  IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
151 {
152  BOOL Ret = FALSE;
153 
154  if (pAuthzResourceManager != NULL &&
155  !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)))
156  {
157  PAUTHZ_RESMAN ResMan;
158  SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN);
159 
160  if (ResourceManagerName != NULL)
161  {
162  RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR);
163  }
164 
165  ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED,
166  RequiredSize);
167  if (ResMan != NULL)
168  {
169  /* initialize the resource manager structure */
170 #if DBG
171  ResMan->Tag = RESMAN_TAG;
172 #endif
173 
174  ResMan->flags = flags;
175  ResMan->UserSid = NULL;
176 
177  if (ResourceManagerName != NULL)
178  {
179  wcscpy(ResMan->ResourceManagerName,
180  ResourceManagerName);
181  }
182  else
183  ResMan->ResourceManagerName[0] = UNICODE_NULL;
184 
185  ResMan->pfnAccessCheck = pfnAccessCheck;
186  ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups;
187  ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups;
188 
189  if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT))
190  {
191  /* FIXME - initialize auditing */
192  DPRINT1("Auditing not implemented!\n");
193  }
194 
195  if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
196  {
197  Ret = AuthzpInitUnderImpersonation(ResMan);
198  }
199  else
200  {
201  Ret = AuthzpInitSelf(ResMan);
202  }
203 
204  if (Ret)
205  {
206  /* finally return the handle */
207  *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan;
208  }
209  else
210  {
211  DPRINT1("Querying the token failed!\n");
212  LocalFree((HLOCAL)ResMan);
213  }
214  }
215  }
216  else
217  SetLastError(ERROR_INVALID_PARAMETER);
218 
219  return Ret;
220 }
221 
222 
223 /*
224  * @unimplemented
225  */
226 AUTHZAPI
227 BOOL
228 WINAPI
229 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
230 {
231  BOOL Ret = FALSE;
232 
233  if (AuthzResourceManager != NULL)
234  {
235  PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager;
236 
237  VALIDATE_RESMAN_HANDLE(AuthzResourceManager);
238 
239  if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT))
240  {
241  /* FIXME - cleanup auditing */
242  }
243 
244  if (ResMan->UserSid != NULL)
245  {
246  LocalFree((HLOCAL)ResMan->UserSid);
247  }
248 
249  LocalFree((HLOCAL)AuthzResourceManager);
250  Ret = TRUE;
251  }
252  else
253  SetLastError(ERROR_INVALID_PARAMETER);
254 
255  return Ret;
256 }
257 
_TOKEN_STATISTICS::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:1083
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
AuthzInitializeResourceManager
AUTHZAPI BOOL WINAPI AuthzInitializeResourceManager(IN DWORD flags, IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL, IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL, IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL, IN PCWSTR ResourceManagerName OPTIONAL, IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
Definition: resman.c:145
PCWSTR
const uint16_t * PCWSTR
Definition: typedefs.h:57
IN
#define IN
Definition: typedefs.h:39
CloseHandle
#define CloseHandle
Definition: compat.h:598
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_SID
Definition: ms-dtyp.idl:198
BufLen
#define BufLen
Definition: fatfs.h:167
AuthzFreeResourceManager
AUTHZAPI BOOL WINAPI AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
Definition: resman.c:229
TRUE
#define TRUE
Definition: types.h:120
_AUTHZ_RESMAN::pfnFreeDynamicGroups
PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups
Definition: precomp.h:39
_AUTHZ_RESMAN::flags
DWORD flags
Definition: precomp.h:41
AUTHZ_RESMAN
struct _AUTHZ_RESMAN AUTHZ_RESMAN
_TOKEN_STATISTICS
Definition: setypes.h:1081
_AUTHZ_RESMAN::UserSid
PSID UserSid
Definition: precomp.h:42
_AUTHZ_RESMAN
Definition: precomp.h:31
_AUTHZ_RESMAN::ResourceManagerName
WCHAR ResourceManagerName[1]
Definition: precomp.h:45
FALSE
#define FALSE
Definition: types.h:117
UNICODE_NULL
#define UNICODE_NULL
GetCurrentThread
HANDLE WINAPI GetCurrentThread(VOID)
Definition: proc.c:1148
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
AUTHZ_RESOURCE_MANAGER_HANDLE
HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE
Definition: authz.h:50
PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS
BOOL(CALLBACK * PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN PVOID Args, OUT PSID_AND_ATTRIBUTES *pSidAttrArray, OUT PDWORD pSidCount, OUT PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray, OUT PDWORD pRestrictedSidCount)
Definition: authz.h:113
AuthzpInitSelf
static BOOL AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
Definition: resman.c:120
_AUTHZ_RESMAN::pfnAccessCheck
PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck
Definition: precomp.h:37
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:365
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:924
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
GetLengthSid
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:921
PFN_AUTHZ_DYNAMIC_ACCESS_CHECK
BOOL(CALLBACK * PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN PACE_HEADER pAce, IN PVOID pArgs OPTIONAL, IN OUT PBOOL pbAceApplicable)
Definition: authz.h:108
VALIDATE_RESMAN_HANDLE
#define VALIDATE_RESMAN_HANDLE(handle)
Definition: precomp.h:26
WINAPI
#define WINAPI
Definition: msvc.h:6
CopyMemory
#define CopyMemory
Definition: winbase.h:1665
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
SetLastError
#define SetLastError(x)
Definition: compat.h:611
flags
GLbitfield flags
Definition: glext.h:7161
PSID
struct _SID * PSID
Definition: eventlog.c:35
PAUTHZ_RESMAN
struct _AUTHZ_RESMAN * PAUTHZ_RESMAN
AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION
#define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION
Definition: authz.h:43
_TOKEN_USER
Definition: setypes.h:1005
wcscpy
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:618
_AUTHZ_RESMAN::pfnComputeDynamicGroups
PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups
Definition: precomp.h:38
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
OpenThreadToken
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:338
AUTHZ_RM_FLAG_NO_AUDIT
#define AUTHZ_RM_FLAG_NO_AUDIT
Definition: authz.h:42
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
AuthzpInitUnderImpersonation
static BOOL AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
Definition: resman.c:100
NULL
#define NULL
Definition: types.h:112
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:296
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
DPRINT1
#define DPRINT1
Definition: precomp.h:8
OUT
#define OUT
Definition: typedefs.h:40
GetTokenInformation
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:413
_TOKEN_USER::User
SID_AND_ATTRIBUTES User
Definition: setypes.h:1006
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1373
RequiredSize
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ ULONG _Out_ PVOID _Out_ PULONG RequiredSize
Definition: wdfdevice.h:4431
AUTHZAPI
#define AUTHZAPI
Definition: authz.h:21
AuthzpQueryToken
static BOOL AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan, IN HANDLE hToken)
Definition: resman.c:35
PFN_AUTHZ_FREE_DYNAMIC_GROUPS
VOID(CALLBACK * PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray)
Definition: authz.h:120
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68