// Shares.C -- Functions for manipulating NetDDE shares #define WINVER 0x0310 #define NOAUTOUPDATE 1 #include #include #include "clipsrv.h" #include "..\common\common.h" BOOL GetTokenHandle( PHANDLE pTokenHandle ) { if( !OpenThreadToken( GetCurrentThread(), TOKEN_READ, FALSE, pTokenHandle ) ) { if( GetLastError() == ERROR_NO_TOKEN ) { if( !OpenProcessToken( GetCurrentProcess(), TOKEN_READ, pTokenHandle ) ) { return FALSE; } } else { return FALSE; } } return TRUE; } // Purpose: Generate a self-relative SD whose ACL contains only an // entry for LocalSystem/GENERIC_ALL access. This SD will be used // in calls to CreateFile() for clipbook page files. // // Parameters: None // // Returns: Pointer to the security descriptor. This pointer may be freed. // Returns NULL on failure. // ////////////////////////////////////////////////////////////////////////// PSECURITY_DESCRIPTOR MakeLocalOnlySD( void) { PSECURITY_DESCRIPTOR pSD; PSECURITY_DESCRIPTOR pSDSelfRel = NULL; SID_IDENTIFIER_AUTHORITY authNT = SECURITY_NT_AUTHORITY; PSID sidLocal; PACL Acl; DWORD dwAclSize; if (AllocateAndInitializeSid(&authNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &sidLocal)) { if (InitializeSecurityDescriptor(&pSD, SECURITY_DESCRIPTOR_REVISION)) { // Allocate space for DACL with "System Full Control" access dwAclSize = sizeof(ACL)+ GetLengthSid(sidLocal) + sizeof(ACCESS_ALLOWED_ACE) + 42; // 42==fudge factor if (Acl = (PACL)GlobalAlloc(GPTR, dwAclSize)) { if (InitializeAcl(Acl, dwAclSize, ACL_REVISION)) { // LocalSystem gets all access, nobody else gets any. if (AddAccessAllowedAce(Acl, ACL_REVISION, GENERIC_ALL, sidLocal)) { if (SetSecurityDescriptorDacl(pSD, TRUE, Acl, TRUE)) { DWORD dwSelfRelLen; dwSelfRelLen = GetSecurityDescriptorLength(pSD); pSDSelfRel = GlobalAlloc(GPTR, dwSelfRelLen); if (MakeSelfRelativeSD(pSD, pSDSelfRel, &dwSelfRelLen)) { } else { GlobalFree((HANDLE)pSDSelfRel); pSDSelfRel = NULL; } } } } GlobalFree((HANDLE)Acl); } } FreeSid(sidLocal); } return(pSDSelfRel); } // Purpose: Create a security descriptor containing only a single // DACL entry-- one to allow the user whose context we are running // in GENERIC_ALL access. // // Parameters: None. // // Returns: A pointer to the security descriptor described above, // or NULL on failure. PSECURITY_DESCRIPTOR CurrentUserOnlySD( void) { SECURITY_DESCRIPTOR aSD; PSECURITY_DESCRIPTOR pSD = NULL; BOOL OK; PACL TmpAcl; PACCESS_ALLOWED_ACE TmpAce; DWORD lSD; LONG DaclLength; DWORD lTokenInfo; HANDLE hClientToken; TOKEN_USER *pUserTokenInfo; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; if (InitializeSecurityDescriptor(&aSD, SECURITY_DESCRIPTOR_REVISION) && !GetTokenHandle(&hClientToken)) { // See if the token info fits in 50 bytes. If it does, fine. // If not, realloc to proper size and get the token info. pUserTokenInfo = (TOKEN_USER *)LocalAlloc( LMEM_FIXED, 50 ); if (!GetTokenInformation( hClientToken, TokenUser, (LPVOID) pUserTokenInfo, 50, &lTokenInfo ) ) { LocalFree( pUserTokenInfo ); pUserTokenInfo = (TOKEN_USER *)LocalAlloc( LMEM_FIXED, lTokenInfo ); if (!GetTokenInformation( hClientToken, TokenUser, (LPVOID) pUserTokenInfo, lTokenInfo, &lTokenInfo ) ) { LocalFree( pUserTokenInfo ); pUserTokenInfo = NULL; } } if (pUserTokenInfo) { // Figure out how big a Dacl we'll need for just me to be on it. DaclLength = (DWORD)sizeof(ACL) + GetLengthSid( pUserTokenInfo->User.Sid ) + (DWORD)sizeof( ACCESS_ALLOWED_ACE ); if (TmpAcl = (PACL)LocalAlloc(LMEM_FIXED, DaclLength )) { if (InitializeAcl( TmpAcl, DaclLength, ACL_REVISION )) { if (AddAccessAllowedAce( TmpAcl, ACL_REVISION, GENERIC_ALL, pUserTokenInfo->User.Sid )) { if (GetAce( TmpAcl, 0, (LPVOID *)&TmpAce )) { TmpAce->Header.AceFlags = 0; OK = SetSecurityDescriptorDacl(&aSD, TRUE, TmpAcl, FALSE); lSD = GetSecurityDescriptorLength( &aSD); if (pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LMEM_FIXED, lSD)) { MakeSelfRelativeSD( &aSD, pSD, &lSD); if( IsValidSecurityDescriptor( pSD ) ) { LocalFree(pSD); pSD = NULL; } else { PERROR(TEXT("Failed creating self-relative SD (%d)."), GetLastError()); } } else { PERROR(TEXT("LocalAlloc for pSD fail\r\n")); } } else { PERROR("GetAce error %d", GetLastError()); } } else { PERROR(TEXT("AddAccessAllowedAce fail\r\n")); } } else { PERROR(TEXT("InitializeAcl fail\r\n")); } LocalFree((HANDLE)TmpAcl); } else { PERROR(TEXT("LocalAllof for Acl fail\r\n")); } LocalFree((HANDLE)pUserTokenInfo); } else { PERROR(TEXT("Couldn't get usertokeninfo\r\n")); } CloseHandle(hClientToken); } else { PERROR(TEXT("Couldn't get token handle or InitSD bad \r\n")); } return pSD; }