ReactOS 0.4.16-dev-1505-g12fa72a
resman.c
Go to the documentation of this file.
1/*
2 * ReactOS Authorization Framework
3 * Copyright (C) 2005 - 2006 ReactOS Team
4 *
5 * This library is free software; you can redistribute it and/or
6 * modify it under the terms of the GNU Lesser General Public
7 * License as published by the Free Software Foundation; either
8 * version 2.1 of the License, or (at your option) any later version.
9 *
10 * This library is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 * Lesser General Public License for more details.
14 *
15 * You should have received a copy of the GNU Lesser General Public
16 * License along with this library; if not, write to the Free Software
17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
18 */
19/*
20 * PROJECT: ReactOS Authorization Framework
21 * FILE: lib/authz/resman.c
22 * PURPOSE: Authorization Framework
23 * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com>
24 *
25 * UPDATE HISTORY:
26 * 10/07/2005 Created
27 */
28
29#include "precomp.h"
30
31#define NDEBUG
32#include <debug.h>
33
34static BOOL
35AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan,
36 IN HANDLE hToken)
37{
38 TOKEN_USER User;
39 TOKEN_STATISTICS Statistics;
40 DWORD BufLen;
41 PSID UserSid = NULL;
42 BOOL Ret = FALSE;
43
44 /* query information about the user */
45 BufLen = sizeof(User);
46 Ret = GetTokenInformation(hToken,
47 TokenUser,
48 &User,
49 BufLen,
50 &BufLen);
51 if (Ret)
52 {
53 BufLen = GetLengthSid(User.User.Sid);
54 if (BufLen != 0)
55 {
56 UserSid = (PSID)LocalAlloc(LMEM_FIXED,
57 BufLen);
58 if (UserSid != NULL)
59 {
60 CopyMemory(UserSid,
61 User.User.Sid,
62 BufLen);
63 }
64 else
65 Ret = FALSE;
66 }
67 else
68 Ret = FALSE;
69 }
70
71 if (Ret)
72 {
73 /* query general information */
74 BufLen = sizeof(Statistics);
75 Ret = GetTokenInformation(hToken,
76 TokenUser,
77 &Statistics,
78 BufLen,
79 &BufLen);
80 }
81
82 if (Ret)
83 {
84 ResMan->UserSid = UserSid;
85 ResMan->AuthenticationId = Statistics.AuthenticationId;
86 Ret = TRUE;
87 }
88 else
89 {
90 if (UserSid != NULL)
91 {
92 LocalFree((HLOCAL)UserSid);
93 }
94 }
95
96 return Ret;
97}
98
99static BOOL
100AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
101{
102 HANDLE hToken;
103 BOOL Ret;
104
105 Ret = OpenThreadToken(GetCurrentThread(),
106 TOKEN_QUERY,
107 TRUE,
108 &hToken);
109 if (Ret)
110 {
111 Ret = AuthzpQueryToken(ResMan,
112 hToken);
113 CloseHandle(hToken);
114 }
115
116 return Ret;
117}
118
119static BOOL
120AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
121{
122 HANDLE hToken;
123 BOOL Ret;
124
125 Ret = OpenProcessToken(GetCurrentProcess(),
126 TOKEN_QUERY,
127 &hToken);
128 if (Ret)
129 {
130 Ret = AuthzpQueryToken(ResMan,
131 hToken);
132 CloseHandle(hToken);
133 }
134
135 return Ret;
136}
137
138
139/*
140 * @unimplemented
141 */
142AUTHZAPI
143BOOL
144WINAPI
145AuthzInitializeResourceManager(IN DWORD flags,
146 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL,
147 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL,
148 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL,
149 IN PCWSTR ResourceManagerName OPTIONAL,
150 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
151{
152 BOOL Ret = FALSE;
153
154 if (pAuthzResourceManager != NULL &&
155 !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)))
156 {
157 PAUTHZ_RESMAN ResMan;
158 SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN);
159
160 if (ResourceManagerName != NULL)
161 {
162 RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR);
163 }
164
165 ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED,
166 RequiredSize);
167 if (ResMan != NULL)
168 {
169 /* initialize the resource manager structure */
170#if DBG
171 ResMan->Tag = RESMAN_TAG;
172#endif
173
174 ResMan->flags = flags;
175 ResMan->UserSid = NULL;
176
177 if (ResourceManagerName != NULL)
178 {
179 wcscpy(ResMan->ResourceManagerName,
180 ResourceManagerName);
181 }
182 else
183 ResMan->ResourceManagerName[0] = UNICODE_NULL;
184
185 ResMan->pfnAccessCheck = pfnAccessCheck;
186 ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups;
187 ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups;
188
189 if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT))
190 {
191 /* FIXME - initialize auditing */
192 DPRINT1("Auditing not implemented!\n");
193 }
194
195 if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION)
196 {
197 Ret = AuthzpInitUnderImpersonation(ResMan);
198 }
199 else
200 {
201 Ret = AuthzpInitSelf(ResMan);
202 }
203
204 if (Ret)
205 {
206 /* finally return the handle */
207 *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan;
208 }
209 else
210 {
211 DPRINT1("Querying the token failed!\n");
212 LocalFree((HLOCAL)ResMan);
213 }
214 }
215 }
216 else
217 SetLastError(ERROR_INVALID_PARAMETER);
218
219 return Ret;
220}
221
222
223/*
224 * @unimplemented
225 */
226AUTHZAPI
227BOOL
228WINAPI
229AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
230{
231 BOOL Ret = FALSE;
232
233 if (AuthzResourceManager != NULL)
234 {
235 PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager;
236
237 VALIDATE_RESMAN_HANDLE(AuthzResourceManager);
238
239 if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT))
240 {
241 /* FIXME - cleanup auditing */
242 }
243
244 if (ResMan->UserSid != NULL)
245 {
246 LocalFree((HLOCAL)ResMan->UserSid);
247 }
248
249 LocalFree((HLOCAL)AuthzResourceManager);
250 Ret = TRUE;
251 }
252 else
253 SetLastError(ERROR_INVALID_PARAMETER);
254
255 return Ret;
256}
257
PFN_AUTHZ_FREE_DYNAMIC_GROUPS
VOID(CALLBACK * PFN_AUTHZ_FREE_DYNAMIC_GROUPS)(IN PSID_AND_ATTRIBUTES pSidAttrArray)
Definition: authz.h:120
AUTHZ_RESOURCE_MANAGER_HANDLE
HANDLE AUTHZ_RESOURCE_MANAGER_HANDLE
Definition: authz.h:50
AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION
#define AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION
Definition: authz.h:43
AUTHZ_RM_FLAG_NO_AUDIT
#define AUTHZ_RM_FLAG_NO_AUDIT
Definition: authz.h:42
AUTHZAPI
#define AUTHZAPI
Definition: authz.h:21
PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS
BOOL(CALLBACK * PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN PVOID Args, OUT PSID_AND_ATTRIBUTES *pSidAttrArray, OUT PDWORD pSidCount, OUT PSID_AND_ATTRIBUTES *pRestrictedSidAttrArray, OUT PDWORD pRestrictedSidCount)
Definition: authz.h:113
PFN_AUTHZ_DYNAMIC_ACCESS_CHECK
BOOL(CALLBACK * PFN_AUTHZ_DYNAMIC_ACCESS_CHECK)(IN AUTHZ_CLIENT_CONTEXT_HANDLE hAuthzClientContext, IN PACE_HEADER pAce, IN PVOID pArgs OPTIONAL, IN OUT PBOOL pbAceApplicable)
Definition: authz.h:108
DPRINT1
#define DPRINT1
Definition: precomp.h:8
wcscpy
wcscpy
Definition: corecrt_wstring.h:120
NULL
#define NULL
Definition: types.h:112
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
GetTokenInformation
BOOL WINAPI GetTokenInformation(HANDLE TokenHandle, TOKEN_INFORMATION_CLASS TokenInformationClass, LPVOID TokenInformation, DWORD TokenInformationLength, PDWORD ReturnLength)
Definition: security.c:411
OpenProcessToken
BOOL WINAPI OpenProcessToken(HANDLE ProcessHandle, DWORD DesiredAccess, PHANDLE TokenHandle)
Definition: security.c:294
GetLengthSid
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:919
OpenThreadToken
BOOL WINAPI OpenThreadToken(HANDLE ThreadHandle, DWORD DesiredAccess, BOOL OpenAsSelf, HANDLE *TokenHandle)
Definition: security.c:336
VALIDATE_RESMAN_HANDLE
#define VALIDATE_RESMAN_HANDLE(handle)
Definition: precomp.h:26
PAUTHZ_RESMAN
struct _AUTHZ_RESMAN * PAUTHZ_RESMAN
AUTHZ_RESMAN
struct _AUTHZ_RESMAN AUTHZ_RESMAN
CloseHandle
#define CloseHandle
Definition: compat.h:739
ERROR_INVALID_PARAMETER
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
SetLastError
#define SetLastError(x)
Definition: compat.h:752
GetCurrentProcess
#define GetCurrentProcess()
Definition: compat.h:759
BufLen
#define BufLen
Definition: fatfs.h:167
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
flags
GLbitfield flags
Definition: glext.h:7161
LocalAlloc
HLOCAL NTAPI LocalAlloc(UINT uFlags, SIZE_T dwBytes)
Definition: heapmem.c:1390
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
PSID
struct _SID * PSID
Definition: eventlog.c:35
UNICODE_NULL
#define UNICODE_NULL
AuthzFreeResourceManager
AUTHZAPI BOOL WINAPI AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager)
Definition: resman.c:229
AuthzpInitSelf
static BOOL AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan)
Definition: resman.c:120
AuthzpQueryToken
static BOOL AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan, IN HANDLE hToken)
Definition: resman.c:35
AuthzInitializeResourceManager
AUTHZAPI BOOL WINAPI AuthzInitializeResourceManager(IN DWORD flags, IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL, IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL, IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL, IN PCWSTR ResourceManagerName OPTIONAL, IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager)
Definition: resman.c:145
AuthzpInitUnderImpersonation
static BOOL AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan)
Definition: resman.c:100
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68
_AUTHZ_RESMAN
Definition: precomp.h:32
_AUTHZ_RESMAN::ResourceManagerName
WCHAR ResourceManagerName[1]
Definition: precomp.h:45
_AUTHZ_RESMAN::flags
DWORD flags
Definition: precomp.h:41
_AUTHZ_RESMAN::pfnComputeDynamicGroups
PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups
Definition: precomp.h:38
_AUTHZ_RESMAN::pfnAccessCheck
PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck
Definition: precomp.h:37
_AUTHZ_RESMAN::UserSid
PSID UserSid
Definition: precomp.h:42
_AUTHZ_RESMAN::pfnFreeDynamicGroups
PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups
Definition: precomp.h:39
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:506
_SID
Definition: ms-dtyp.idl:198
_TOKEN_STATISTICS
Definition: setypes.h:1097
_TOKEN_STATISTICS::AuthenticationId
LUID AuthenticationId
Definition: setypes.h:1099
_TOKEN_USER
Definition: setypes.h:1021
_TOKEN_USER::User
SID_AND_ATTRIBUTES User
Definition: setypes.h:1022
PCWSTR
const uint16_t * PCWSTR
Definition: typedefs.h:57
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
IN
#define IN
Definition: typedefs.h:39
OUT
#define OUT
Definition: typedefs.h:40
RequiredSize
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ ULONG _Out_ PVOID _Out_ PULONG RequiredSize
Definition: wdfdevice.h:4439
GetCurrentThread
HANDLE WINAPI GetCurrentThread(void)
Definition: proc.c:1148
CopyMemory
#define CopyMemory
Definition: winbase.h:1751
LMEM_FIXED
#define LMEM_FIXED
Definition: winbase.h:401
WINAPI
#define WINAPI
Definition: msvc.h:6
TOKEN_QUERY
#define TOKEN_QUERY
Definition: setypes.h:940
TokenUser
@ TokenUser
Definition: setypes.h:978
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180