1 /* 2 * ReactOS Authorization Framework 3 * Copyright (C) 2005 - 2006 ReactOS Team 4 * 5 * This library is free software; you can redistribute it and/or 6 * modify it under the terms of the GNU Lesser General Public 7 * License as published by the Free Software Foundation; either 8 * version 2.1 of the License, or (at your option) any later version. 9 * 10 * This library is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 13 * Lesser General Public License for more details. 14 * 15 * You should have received a copy of the GNU Lesser General Public 16 * License along with this library; if not, write to the Free Software 17 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA 18 */ 19 /* 20 * PROJECT: ReactOS Authorization Framework 21 * FILE: lib/authz/resman.c 22 * PURPOSE: Authorization Framework 23 * PROGRAMMER: Thomas Weidenmueller <w3seek@reactos.com> 24 * 25 * UPDATE HISTORY: 26 * 10/07/2005 Created 27 */ 28 #include "precomp.h" 29 30 31 static BOOL 32 AuthzpQueryToken(IN OUT PAUTHZ_RESMAN ResMan, 33 IN HANDLE hToken) 34 { 35 TOKEN_USER User; 36 TOKEN_STATISTICS Statistics; 37 DWORD BufLen; 38 PSID UserSid = NULL; 39 BOOL Ret = FALSE; 40 41 /* query information about the user */ 42 BufLen = sizeof(User); 43 Ret = GetTokenInformation(hToken, 44 TokenUser, 45 &User, 46 BufLen, 47 &BufLen); 48 if (Ret) 49 { 50 BufLen = GetLengthSid(User.User.Sid); 51 if (BufLen != 0) 52 { 53 UserSid = (PSID)LocalAlloc(LMEM_FIXED, 54 BufLen); 55 if (UserSid != NULL) 56 { 57 CopyMemory(UserSid, 58 User.User.Sid, 59 BufLen); 60 } 61 else 62 Ret = FALSE; 63 } 64 else 65 Ret = FALSE; 66 } 67 68 if (Ret) 69 { 70 /* query general information */ 71 BufLen = sizeof(Statistics); 72 Ret = GetTokenInformation(hToken, 73 TokenUser, 74 &Statistics, 75 BufLen, 76 &BufLen); 77 } 78 79 if (Ret) 80 { 81 ResMan->UserSid = UserSid; 82 ResMan->AuthenticationId = Statistics.AuthenticationId; 83 Ret = TRUE; 84 } 85 else 86 { 87 if (UserSid != NULL) 88 { 89 LocalFree((HLOCAL)UserSid); 90 } 91 } 92 93 return Ret; 94 } 95 96 static BOOL 97 AuthzpInitUnderImpersonation(IN OUT PAUTHZ_RESMAN ResMan) 98 { 99 HANDLE hToken; 100 BOOL Ret; 101 102 Ret = OpenThreadToken(GetCurrentThread(), 103 TOKEN_QUERY, 104 TRUE, 105 &hToken); 106 if (Ret) 107 { 108 Ret = AuthzpQueryToken(ResMan, 109 hToken); 110 CloseHandle(hToken); 111 } 112 113 return Ret; 114 } 115 116 static BOOL 117 AuthzpInitSelf(IN OUT PAUTHZ_RESMAN ResMan) 118 { 119 HANDLE hToken; 120 BOOL Ret; 121 122 Ret = OpenProcessToken(GetCurrentProcess(), 123 TOKEN_QUERY, 124 &hToken); 125 if (Ret) 126 { 127 Ret = AuthzpQueryToken(ResMan, 128 hToken); 129 CloseHandle(hToken); 130 } 131 132 return Ret; 133 } 134 135 136 /* 137 * @unimplemented 138 */ 139 AUTHZAPI 140 BOOL 141 WINAPI 142 AuthzInitializeResourceManager(IN DWORD flags, 143 IN PFN_AUTHZ_DYNAMIC_ACCESS_CHECK pfnAccessCheck OPTIONAL, 144 IN PFN_AUTHZ_COMPUTE_DYNAMIC_GROUPS pfnComputeDynamicGroups OPTIONAL, 145 IN PFN_AUTHZ_FREE_DYNAMIC_GROUPS pfnFreeDynamicGroups OPTIONAL, 146 IN PCWSTR ResourceManagerName OPTIONAL, 147 IN PAUTHZ_RESOURCE_MANAGER_HANDLE pAuthzResourceManager) 148 { 149 BOOL Ret = FALSE; 150 151 if (pAuthzResourceManager != NULL && 152 !(flags & ~(AUTHZ_RM_FLAG_NO_AUDIT | AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION))) 153 { 154 PAUTHZ_RESMAN ResMan; 155 SIZE_T RequiredSize = sizeof(AUTHZ_RESMAN); 156 157 if (ResourceManagerName != NULL) 158 { 159 RequiredSize += wcslen(ResourceManagerName) * sizeof(WCHAR); 160 } 161 162 ResMan = (PAUTHZ_RESMAN)LocalAlloc(LMEM_FIXED, 163 RequiredSize); 164 if (ResMan != NULL) 165 { 166 /* initialize the resource manager structure */ 167 #if DBG 168 ResMan->Tag = RESMAN_TAG; 169 #endif 170 171 ResMan->flags = flags; 172 ResMan->UserSid = NULL; 173 174 if (ResourceManagerName != NULL) 175 { 176 wcscpy(ResMan->ResourceManagerName, 177 ResourceManagerName); 178 } 179 else 180 ResMan->ResourceManagerName[0] = UNICODE_NULL; 181 182 ResMan->pfnAccessCheck = pfnAccessCheck; 183 ResMan->pfnComputeDynamicGroups = pfnComputeDynamicGroups; 184 ResMan->pfnFreeDynamicGroups = pfnFreeDynamicGroups; 185 186 if (!(flags & AUTHZ_RM_FLAG_NO_AUDIT)) 187 { 188 /* FIXME - initialize auditing */ 189 DPRINT1("Auditing not implemented!\n"); 190 } 191 192 if (flags & AUTHZ_RM_FLAG_INITIALIZE_UNDER_IMPERSONATION) 193 { 194 Ret = AuthzpInitUnderImpersonation(ResMan); 195 } 196 else 197 { 198 Ret = AuthzpInitSelf(ResMan); 199 } 200 201 if (Ret) 202 { 203 /* finally return the handle */ 204 *pAuthzResourceManager = (AUTHZ_RESOURCE_MANAGER_HANDLE)ResMan; 205 } 206 else 207 { 208 DPRINT1("Querying the token failed!\n"); 209 LocalFree((HLOCAL)ResMan); 210 } 211 } 212 } 213 else 214 SetLastError(ERROR_INVALID_PARAMETER); 215 216 return Ret; 217 } 218 219 220 /* 221 * @unimplemented 222 */ 223 AUTHZAPI 224 BOOL 225 WINAPI 226 AuthzFreeResourceManager(IN AUTHZ_RESOURCE_MANAGER_HANDLE AuthzResourceManager) 227 { 228 BOOL Ret = FALSE; 229 230 if (AuthzResourceManager != NULL) 231 { 232 PAUTHZ_RESMAN ResMan = (PAUTHZ_RESMAN)AuthzResourceManager; 233 234 VALIDATE_RESMAN_HANDLE(AuthzResourceManager); 235 236 if (!(ResMan->flags & AUTHZ_RM_FLAG_NO_AUDIT)) 237 { 238 /* FIXME - cleanup auditing */ 239 } 240 241 if (ResMan->UserSid != NULL) 242 { 243 LocalFree((HLOCAL)ResMan->UserSid); 244 } 245 246 LocalFree((HLOCAL)AuthzResourceManager); 247 Ret = TRUE; 248 } 249 else 250 SetLastError(ERROR_INVALID_PARAMETER); 251 252 return Ret; 253 } 254 255