194 lines
6.4 KiB
C++
194 lines
6.4 KiB
C++
//+----------------------------------------------------------------------------
|
|
//
|
|
// Job Scheduler
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 2002.
|
|
//
|
|
// File: FolderSecurity.cpp
|
|
//
|
|
// Contents: Class to read folder security and perform access checks against it
|
|
//
|
|
// History: 5-April-02 HHance created
|
|
//
|
|
//-----------------------------------------------------------------------------
|
|
|
|
#include <Windows.h>
|
|
#include <FolderSecurity.h>
|
|
|
|
// disable cilly warning about bools (we'll put it back, later...)
|
|
#pragma warning( push )
|
|
#pragma warning( disable: 4800)
|
|
|
|
// returns S_OK if the folder's DACL allows the requested access
|
|
// E_ACCESSDENIED if not
|
|
// E_NOTFOUND if file/folder cannot be found
|
|
// other error on other error
|
|
|
|
// HANDLE clientToken // handle to client access token
|
|
// DWORD desiredAccess // requested access rights
|
|
//
|
|
// NOTE: Do not use the GENERIC_XXX rights, they must already have been mapped
|
|
//
|
|
// Suggested rights:
|
|
// FILE_READ_DATA
|
|
// FILE_WRITE_DATA
|
|
// FILE_EXECUTE
|
|
// FILE_DELETE_CHILD
|
|
//
|
|
HRESULT FolderAccessCheck(const WCHAR* pFolderName, HANDLE clientToken, DWORD desiredAccess)
|
|
{
|
|
if ((desiredAccess == 0) ||
|
|
(pFolderName == NULL))
|
|
return false;
|
|
|
|
|
|
HRESULT hr = E_ACCESSDENIED;
|
|
|
|
DWORD dSize = 0;
|
|
|
|
// call once to see how big a buffer we need
|
|
if (!GetFileSecurityW(pFolderName, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, NULL, 0, &dSize))
|
|
{
|
|
DWORD dwErr = GetLastError();
|
|
if (dwErr != ERROR_INSUFFICIENT_BUFFER)
|
|
return HRESULT_FROM_WIN32(dwErr);
|
|
}
|
|
|
|
PSECURITY_DESCRIPTOR pSD = NULL;
|
|
|
|
if ((dSize > 0) && (pSD = new BYTE[dSize + 1]))
|
|
{
|
|
// get it for real (hopefully)
|
|
if (GetFileSecurityW(pFolderName, DACL_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION, pSD, dSize, &dSize))
|
|
{
|
|
// all the args access check could ever want
|
|
GENERIC_MAPPING gm;
|
|
gm.GenericRead = FILE_GENERIC_READ;
|
|
gm.GenericWrite = FILE_GENERIC_WRITE;
|
|
gm.GenericExecute = FILE_GENERIC_EXECUTE;
|
|
gm.GenericAll = FILE_ALL_ACCESS;
|
|
|
|
PRIVILEGE_SET ps;
|
|
DWORD psLength = sizeof(PRIVILEGE_SET);
|
|
|
|
// guilty until proven innocent
|
|
BOOL accessStatus = FALSE;
|
|
DWORD grantedAccess = 0;
|
|
|
|
if (AccessCheck(pSD, clientToken, desiredAccess, &gm, &ps, &psLength, &grantedAccess, &accessStatus))
|
|
if (accessStatus && ((grantedAccess & desiredAccess) == desiredAccess))
|
|
hr = S_OK;
|
|
}
|
|
else
|
|
hr = HRESULT_FROM_WIN32(GetLastError());
|
|
|
|
delete[] pSD;
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
// helper function - uses current thread/process token
|
|
// to call AccessCheck
|
|
HRESULT FolderAccessCheckOnThreadToken(const WCHAR* pFolderName, DWORD desiredAccess)
|
|
{
|
|
HANDLE hToken = INVALID_HANDLE_VALUE;
|
|
|
|
// Use the thread's own token if he's got one.
|
|
HRESULT hr = E_ACCESSDENIED;
|
|
|
|
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
|
|
hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
|
|
else
|
|
// that didn't work, let's see if we can get the process token
|
|
{
|
|
if (ImpersonateSelf(SecurityImpersonation))
|
|
{
|
|
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
|
|
hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
|
|
RevertToSelf();
|
|
}
|
|
}
|
|
|
|
if (hToken != INVALID_HANDLE_VALUE)
|
|
CloseHandle(hToken);
|
|
|
|
return hr;
|
|
}
|
|
|
|
// helper function - makes use of RPC Impersonation capabilities
|
|
// intended to be called from the task scheduler service process
|
|
// if bHandleImpersonation is true, this function calls RPCImpersonateClient and RPCRevertToSelf
|
|
HRESULT RPCFolderAccessCheck(const WCHAR* pFolderName, DWORD desiredAccess, bool bHandleImpersonation)
|
|
{
|
|
HRESULT hr = E_ACCESSDENIED;
|
|
|
|
bool bRet = true;
|
|
|
|
if (bHandleImpersonation)
|
|
bRet = (RPC_S_OK == RpcImpersonateClient(NULL));
|
|
|
|
if (bRet)
|
|
{
|
|
HANDLE hToken = INVALID_HANDLE_VALUE;
|
|
|
|
bRet = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
|
|
|
|
if (bHandleImpersonation)
|
|
RpcRevertToSelf();
|
|
|
|
if (bRet)
|
|
hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
|
|
|
|
if (hToken != INVALID_HANDLE_VALUE)
|
|
CloseHandle(hToken);
|
|
}
|
|
|
|
return hr;
|
|
};
|
|
|
|
// helper function - makes use of COM impersonation capabilities
|
|
// ** Will Fail if COM hasn't been initialized **
|
|
// ** Or we can't imperonate the client **
|
|
HRESULT CoFolderAccessCheck(const WCHAR* pFolderName, DWORD desiredAccess)
|
|
{
|
|
bool bAlreadyImpersonated = false;
|
|
IServerSecurity* iSecurity = NULL;
|
|
HRESULT hr = E_ACCESSDENIED;
|
|
|
|
if (SUCCEEDED(hr = CoGetCallContext(IID_IServerSecurity, (void**)&iSecurity)))
|
|
{
|
|
// We were impersonating when we got here?
|
|
// if not - try to impersonate the client now.
|
|
bool bWeImpersonating = false;
|
|
if (bAlreadyImpersonated = iSecurity->IsImpersonating())
|
|
bWeImpersonating = true;
|
|
else
|
|
bWeImpersonating = SUCCEEDED(iSecurity->ImpersonateClient());
|
|
|
|
// if we've got a thread token, let the helper's helper help out
|
|
if (bWeImpersonating)
|
|
{
|
|
HANDLE hToken = INVALID_HANDLE_VALUE;
|
|
if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken))
|
|
{
|
|
if (!bAlreadyImpersonated)
|
|
iSecurity->RevertToSelf();
|
|
hr = FolderAccessCheck(pFolderName, hToken, desiredAccess);
|
|
CloseHandle(hToken);
|
|
}
|
|
else if (!bAlreadyImpersonated)
|
|
iSecurity->RevertToSelf();
|
|
}
|
|
|
|
iSecurity->Release();
|
|
}
|
|
else if ((hr == RPC_E_CALL_COMPLETE) || (hr == CO_E_NOTINITIALIZED))
|
|
hr = FolderAccessCheckOnThreadToken(pFolderName, desiredAccess);
|
|
|
|
return hr;
|
|
}
|
|
|
|
|
|
#pragma warning(pop) |