Return to DCOMRegister.cpp CVS log | Up to [Pegasus] / pegasus / src / WMIMapper / WbemConsumer |
File: [Pegasus] / pegasus / src / WMIMapper / WbemConsumer / DCOMRegister.cpp
(download)
Revision: 1.1, Wed Jan 28 15:35:51 2009 UTC (15 years, 4 months ago) by a.rachapudi Branch: MAIN CVS Tags: preBug9676, postBug9676, TASK_PEP317_1JUNE_2013, TASK-TASK_PEP362_RestfulService_branch-root, TASK-TASK_PEP362_RestfulService_branch-merged_out_from_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_to_trunk, TASK-TASK_PEP362_RestfulService_branch-merged_in_from_branch, TASK-TASK_PEP362_RestfulService_branch-branch, TASK-PEP362_RestfulService-root, TASK-PEP362_RestfulService-merged_out_to_branch, TASK-PEP362_RestfulService-merged_out_from_trunk, TASK-PEP362_RestfulService-merged_in_to_trunk, TASK-PEP362_RestfulService-merged_in_from_branch, TASK-PEP362_RestfulService-branch, TASK-PEP348_SCMO-root, TASK-PEP348_SCMO-merged_out_to_branch, TASK-PEP348_SCMO-merged_out_from_trunk, TASK-PEP348_SCMO-merged_in_to_trunk, TASK-PEP348_SCMO-merged_in_from_branch, TASK-PEP348_SCMO-branch, TASK-PEP317_pullop-root, TASK-PEP317_pullop-merged_out_to_branch, TASK-PEP317_pullop-merged_out_from_trunk, TASK-PEP317_pullop-merged_in_to_trunk, TASK-PEP317_pullop-merged_in_from_branch, TASK-PEP317_pullop-branch, RELEASE_2_14_1, RELEASE_2_14_0-RC2, RELEASE_2_14_0-RC1, RELEASE_2_14_0, RELEASE_2_14-root, RELEASE_2_14-branch, RELEASE_2_13_0-RC2, RELEASE_2_13_0-RC1, RELEASE_2_13_0-FC, RELEASE_2_13_0, RELEASE_2_13-root, RELEASE_2_13-branch, RELEASE_2_12_1-RC1, RELEASE_2_12_1, RELEASE_2_12_0-RC1, RELEASE_2_12_0-FC, RELEASE_2_12_0, RELEASE_2_12-root, RELEASE_2_12-branch, RELEASE_2_11_2-RC1, RELEASE_2_11_2, RELEASE_2_11_1-RC1, RELEASE_2_11_1, RELEASE_2_11_0-RC1, RELEASE_2_11_0-FC, RELEASE_2_11_0, RELEASE_2_11-root, RELEASE_2_11-branch, RELEASE_2_10_1-RC1, RELEASE_2_10_1, RELEASE_2_10_0-RC2, RELEASE_2_10_0-RC1, RELEASE_2_10_0, RELEASE_2_10-root, RELEASE_2_10-branch, PREAUG25UPDATE, POSTAUG25UPDATE, HEAD, CIMRS_WORK_20130824, BeforeUpdateToHeadOct82011 BUG#: 8183 TITLE: WMIMapper Indication Support DESCRIPTION: Changes done for WMIMapper Indication Support |
//%LICENSE//////////////////////////////////////////////////////////////// // // Licensed to The Open Group (TOG) under one or more contributor license // agreements. Refer to the OpenPegasusNOTICE.txt file distributed with // this work for additional information regarding copyright ownership. // Each contributor licenses this file to you under the OpenPegasus Open // Source License; you may not use this file except in compliance with the // License. // // Permission is hereby granted, free of charge, to any person obtaining a // copy of this software and associated documentation files (the "Software"), // to deal in the Software without restriction, including without limitation // the rights to use, copy, modify, merge, publish, distribute, sublicense, // and/or sell copies of the Software, and to permit persons to whom the // Software is furnished to do so, subject to the following conditions: // // The above copyright notice and this permission notice shall be included // in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // ////////////////////////////////////////////////////////////////////////// #include "stdafx.h" #include "DCOMRegister.h" DWORD adjustDCOMPermissions() { SID_IDENTIFIER_AUTHORITY AdministratorsAuthority = SECURITY_NT_AUTHORITY; SID_IDENTIFIER_AUTHORITY AnonymousAuthority = SECURITY_NT_AUTHORITY; SID_IDENTIFIER_AUTHORITY EveryoneAuthority = SECURITY_WORLD_SID_AUTHORITY; PSID sidAdministrators = NULL; PSID sidAnonymous = NULL; PSID sidEveryone = NULL; DWORD dwRet = ERROR_SUCCESS; //get administrators SID if (!AllocateAndInitializeSid( &AdministratorsAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &sidAdministrators )) { return GetLastError(); } //get anonymous SID if (!AllocateAndInitializeSid( &AnonymousAuthority, 1, SECURITY_ANONYMOUS_LOGON_RID, 0, 0, 0, 0, 0, 0, 0, &sidAnonymous)) { FreeSid(sidAdministrators); return GetLastError(); } //get everyone SID if (!AllocateAndInitializeSid( &EveryoneAuthority, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &sidEveryone)) { FreeSid(sidAdministrators); FreeSid(sidAnonymous); return GetLastError(); } //adjust DCOM Limits permissions if (dwRet = setDCOMAccessLimits( sidAnonymous, CNS_COM_RIGHTS_EXECUTE | CNS_COM_RIGHTS_ACCESS_LOCAL | CNS_COM_RIGHTS_ACCESS_REMOTE)) { return dwRet; } if (dwRet = setDCOMLaunchLimits( sidAnonymous, CNS_COM_RIGHTS_EXECUTE | CNS_COM_RIGHTS_LAUNCH_LOCAL | CNS_COM_RIGHTS_ACTIVATE_LOCAL | CNS_COM_RIGHTS_ACTIVATE_REMOTE)) { return dwRet; } if (dwRet = setDCOMAccessLimits( sidEveryone, CNS_COM_RIGHTS_EXECUTE | CNS_COM_RIGHTS_ACCESS_LOCAL | CNS_COM_RIGHTS_ACCESS_REMOTE)) { return dwRet; } if (dwRet = setDCOMLaunchLimits( sidEveryone, CNS_COM_RIGHTS_EXECUTE | CNS_COM_RIGHTS_LAUNCH_LOCAL | CNS_COM_RIGHTS_ACTIVATE_LOCAL | CNS_COM_RIGHTS_ACTIVATE_REMOTE)) { return dwRet; } //adjust WBEMConsumer DCOM component permissions if (dwRet = setDCOMAppAccess( sidAnonymous, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } if (dwRet = setDCOMAppLaunch( sidAnonymous, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } if (dwRet = setDCOMAppAccess( sidEveryone, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } if (dwRet = setDCOMAppLaunch( sidEveryone, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } if (dwRet = setDCOMAppAccess( sidAdministrators, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } if (dwRet = setDCOMAppLaunch( sidAdministrators, COM_RIGHTS_EXECUTE, WBEMCONSUMER_APPID)) { return dwRet; } //free allocated SIDs FreeSid(sidAdministrators); FreeSid(sidAnonymous); FreeSid(sidEveryone); return ERROR_SUCCESS; } DWORD setDCOMAppAccess( PSID sid, DWORD dwPermissionMask, LPTSTR AppID) { TCHAR keyName [256]; wsprintf (keyName, TEXT("APPID\\%s"), AppID); return setDCOMPermission ( HKEY_CLASSES_ROOT, keyName, sid, TEXT("AccessPermission"), dwPermissionMask, FALSE); } DWORD setDCOMAppLaunch( PSID sid, DWORD dwPermissionMask, LPTSTR AppID) { TCHAR keyName [256]; wsprintf (keyName, TEXT("APPID\\%s"), AppID); return setDCOMPermission( HKEY_CLASSES_ROOT, keyName, sid, TEXT("LaunchPermission"), dwPermissionMask, FALSE); } DWORD setDCOMAccessLimits ( PSID sid, DWORD dwPermissionMask) { TCHAR keyName [256]; wsprintf (keyName, TEXT("SOFTWARE\\Microsoft\\Ole")); return setDCOMPermission( HKEY_LOCAL_MACHINE, keyName, sid, TEXT("MachineAccessRestriction"), dwPermissionMask); } DWORD setDCOMLaunchLimits ( PSID sid, DWORD dwPermissionMask) { TCHAR keyName [256]; wsprintf (keyName, TEXT("SOFTWARE\\Microsoft\\Ole")); return setDCOMPermission( HKEY_LOCAL_MACHINE, keyName, sid, TEXT("MachineLaunchRestriction"), dwPermissionMask); } DWORD setDCOMPermission( HKEY RootKey, LPTSTR KeyName, PSID sid, LPTSTR ValueName, DWORD dwPermissionMask, BOOL bLimits) { DWORD returnValue; SECURITY_DESCRIPTOR *sd = NULL; SECURITY_DESCRIPTOR *sdSelfRelative = NULL; SECURITY_DESCRIPTOR *sdAbsolute = NULL; DWORD secDescSize; BOOL present; BOOL defaultDACL; PACL dacl; BOOL newSD = FALSE; returnValue = GetNamedValueSD (RootKey, KeyName, ValueName, &sd, &newSD); // // Get security descriptor from registry or create a new one // if (returnValue != ERROR_SUCCESS) { return returnValue; } if (!GetSecurityDescriptorDacl (sd, &present, &dacl, &defaultDACL)) { return GetLastError(); } if ((newSD) && (!bLimits)) { AddAccessAllowedACEToACL( &dacl, COM_RIGHTS_EXECUTE, TEXT("SYSTEM")); AddAccessAllowedACEToACL( &dacl, COM_RIGHTS_EXECUTE, TEXT("INTERACTIVE")); } //get account according to the SID TCHAR userName[256]; TCHAR acctName[256]; TCHAR domainName[256]; DWORD dwAcctName = 256; DWORD dwDomainName = 256; SID_NAME_USE eUse = SidTypeUnknown; if (LookupAccountSid( NULL, sid, acctName, (LPDWORD)&dwAcctName, domainName, &dwDomainName, &eUse)) { sprintf(userName, "%s\\%s", domainName, acctName); } else { return GetLastError(); } returnValue = AddAccessAllowedACEToACL ( &dacl, dwPermissionMask, userName); if (returnValue != ERROR_SUCCESS) { free (sd); return returnValue; } // // Make the security descriptor absolute if it isn't new // if (!newSD) { MakeSDAbsolute ( (PSECURITY_DESCRIPTOR) sd, (PSECURITY_DESCRIPTOR *) &sdAbsolute); } else { sdAbsolute = sd; } // // Set the discretionary ACL on the security descriptor // if (!SetSecurityDescriptorDacl (sdAbsolute, TRUE, dacl, FALSE)) return GetLastError(); // // Make the security descriptor self-relative so that we can // store it in the registry // secDescSize = 0; MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize); sdSelfRelative = (SECURITY_DESCRIPTOR *) malloc (secDescSize); if (!MakeSelfRelativeSD (sdAbsolute, sdSelfRelative, &secDescSize)) { return GetLastError(); } // // Store the security descriptor in the registry // SetNamedValueSD (RootKey, KeyName, ValueName, sdSelfRelative); free (sd); free (sdSelfRelative); if (sd != sdAbsolute) { free (sdAbsolute); } return ERROR_SUCCESS; } DWORD CreateNewSD ( SECURITY_DESCRIPTOR **SD) { PACL dacl; DWORD sidLength; PSID sid; PSID groupSID; PSID ownerSID; DWORD returnValue; *SD = NULL; returnValue = GetCurrentUserSID (&sid); if (returnValue != ERROR_SUCCESS) { return returnValue; } sidLength = GetLengthSid (sid); *SD = (SECURITY_DESCRIPTOR *) malloc ( (sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength) + (2 * sidLength) + sizeof (SECURITY_DESCRIPTOR)); groupSID = (SID *) (*SD + 1); ownerSID = (SID *) (((BYTE *) groupSID) + sidLength); dacl = (ACL *) (((BYTE *) ownerSID) + sidLength); if (!InitializeSecurityDescriptor (*SD, SECURITY_DESCRIPTOR_REVISION)) { free (*SD); free (sid); return GetLastError(); } if (!InitializeAcl (dacl, sizeof (ACL)+sizeof (ACCESS_ALLOWED_ACE)+sidLength, ACL_REVISION2)) { free (*SD); free (sid); return GetLastError(); } if (!AddAccessAllowedAce (dacl, ACL_REVISION2, COM_RIGHTS_EXECUTE, sid)) { free (*SD); free (sid); return GetLastError(); } if (!SetSecurityDescriptorDacl (*SD, TRUE, dacl, FALSE)) { free (*SD); free (sid); return GetLastError(); } memcpy (groupSID, sid, sidLength); if (!SetSecurityDescriptorGroup (*SD, groupSID, FALSE)) { free (*SD); free (sid); return GetLastError(); } memcpy (ownerSID, sid, sidLength); if (!SetSecurityDescriptorOwner (*SD, ownerSID, FALSE)) { free (*SD); free (sid); return GetLastError(); } return ERROR_SUCCESS; } DWORD MakeSDAbsolute ( PSECURITY_DESCRIPTOR OldSD, PSECURITY_DESCRIPTOR *NewSD) { PSECURITY_DESCRIPTOR sd = NULL; DWORD descriptorSize; DWORD daclSize; DWORD saclSize; DWORD ownerSIDSize; DWORD groupSIDSize; PACL dacl; PACL sacl; PSID ownerSID; PSID groupSID; BOOL present; BOOL systemDefault; // // Get SACL // if (!GetSecurityDescriptorSacl (OldSD, &present, &sacl, &systemDefault)) { return GetLastError(); } if (sacl && present) { saclSize = sacl->AclSize; } else { saclSize = 0; } // // Get DACL // if (!GetSecurityDescriptorDacl (OldSD, &present, &dacl, &systemDefault)) { return GetLastError(); } if (dacl && present) { daclSize = dacl->AclSize; } else { daclSize = 0; } // // Get Owner // if (!GetSecurityDescriptorOwner (OldSD, &ownerSID, &systemDefault)) { return GetLastError(); } ownerSIDSize = GetLengthSid (ownerSID); // // Get Group // if (!GetSecurityDescriptorGroup (OldSD, &groupSID, &systemDefault)) { return GetLastError(); } groupSIDSize = GetLengthSid (groupSID); // // Do the conversion // descriptorSize = 0; MakeAbsoluteSD( OldSD, sd, &descriptorSize, dacl, &daclSize, sacl, &saclSize, ownerSID, &ownerSIDSize, groupSID, &groupSIDSize); sd = (PSECURITY_DESCRIPTOR) new BYTE [SECURITY_DESCRIPTOR_MIN_LENGTH]; if (!InitializeSecurityDescriptor (sd, SECURITY_DESCRIPTOR_REVISION)) { return GetLastError(); } if (!MakeAbsoluteSD( OldSD, sd, &descriptorSize, dacl, &daclSize, sacl, &saclSize, ownerSID, &ownerSIDSize, groupSID, &groupSIDSize)) { return GetLastError(); } *NewSD = sd; return ERROR_SUCCESS; } DWORD SetNamedValueSD ( HKEY RootKey, LPTSTR KeyName, LPTSTR ValueName, SECURITY_DESCRIPTOR *SD) { DWORD returnValue; DWORD disposition; HKEY registryKey; // // Create new key or open existing key // returnValue = RegCreateKeyEx( RootKey, KeyName, 0, TEXT(""), 0, KEY_ALL_ACCESS, NULL, ®istryKey, &disposition); if (returnValue != ERROR_SUCCESS) { return returnValue; } // // Write the security descriptor // returnValue = RegSetValueEx( registryKey, ValueName, 0, REG_BINARY, (LPBYTE) SD, GetSecurityDescriptorLength (SD)); if (returnValue != ERROR_SUCCESS) { return returnValue; } RegCloseKey (registryKey); return ERROR_SUCCESS; } DWORD GetNamedValueSD ( HKEY RootKey, LPTSTR KeyName, LPTSTR ValueName, SECURITY_DESCRIPTOR **SD, BOOL *NewSD) { DWORD returnValue; HKEY registryKey; DWORD valueType; DWORD valueSize; *NewSD = FALSE; // // Get the security descriptor from the named value. If it doesn't // exist, create a fresh one. // returnValue = RegOpenKeyEx( RootKey, KeyName, 0, KEY_ALL_ACCESS, ®istryKey); if (returnValue != ERROR_SUCCESS) { if (returnValue == ERROR_FILE_NOT_FOUND) { *SD = NULL; returnValue = CreateNewSD (SD); if (returnValue != ERROR_SUCCESS) { return returnValue; } *NewSD = TRUE; return ERROR_SUCCESS; } else { return returnValue; } } returnValue = RegQueryValueEx( registryKey, ValueName, NULL, &valueType, NULL, &valueSize); if (returnValue && returnValue != ERROR_INSUFFICIENT_BUFFER) { *SD = NULL; returnValue = CreateNewSD (SD); if (returnValue != ERROR_SUCCESS) { return returnValue; } *NewSD = TRUE; } else { *SD = (SECURITY_DESCRIPTOR *) malloc (valueSize); returnValue = RegQueryValueEx( registryKey, ValueName, NULL, &valueType, (LPBYTE) *SD, &valueSize); if (returnValue) { free (*SD); *SD = NULL; returnValue = CreateNewSD (SD); if (returnValue != ERROR_SUCCESS) { return returnValue; } *NewSD = TRUE; } } RegCloseKey (registryKey); return ERROR_SUCCESS; } DWORD GetCurrentUserSID ( PSID *Sid) { TOKEN_USER *tokenUser = NULL; HANDLE tokenHandle; DWORD tokenSize; DWORD sidLength; if (OpenProcessToken (GetCurrentProcess(), TOKEN_QUERY, &tokenHandle)) { GetTokenInformation (tokenHandle, TokenUser, tokenUser, 0, &tokenSize); tokenUser = (TOKEN_USER *) malloc (tokenSize); if (GetTokenInformation(tokenHandle, TokenUser, tokenUser, tokenSize, &tokenSize)) { sidLength = GetLengthSid (tokenUser->User.Sid); *Sid = (PSID) malloc (sidLength); memcpy (*Sid, tokenUser->User.Sid, sidLength); CloseHandle (tokenHandle); } else { free (tokenUser); return GetLastError(); } } else { free (tokenUser); return GetLastError(); } free (tokenUser); return ERROR_SUCCESS; } DWORD GetPrincipalSID ( LPTSTR Principal, PSID *Sid) { DWORD sidSize; TCHAR refDomain [256]; DWORD refDomainSize; DWORD returnValue; SID_NAME_USE snu; sidSize = 0; refDomainSize = 255; LookupAccountName( NULL, Principal, *Sid, &sidSize, refDomain, &refDomainSize, &snu); returnValue = GetLastError(); if (returnValue != ERROR_INSUFFICIENT_BUFFER) { return returnValue; } *Sid = (PSID) malloc (sidSize); refDomainSize = 255; if (!LookupAccountName ( NULL, Principal, *Sid, &sidSize, refDomain, &refDomainSize, &snu)) { return GetLastError(); } return ERROR_SUCCESS; } DWORD CopyACL( PACL OldACL, PACL NewACL) { ACL_SIZE_INFORMATION aclSizeInfo; LPVOID ace; ACE_HEADER *aceHeader; ULONG i; GetAclInformation( OldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (aclSizeInfo), AclSizeInformation); // // Copy all of the ACEs to the new ACL // for (i = 0; i < aclSizeInfo.AceCount; i++) { // // Get the ACE and header info // if (!GetAce (OldACL, i, &ace)) { return GetLastError(); } aceHeader = (ACE_HEADER *) ace; // // Add the ACE to the new list // if (!AddAce( NewACL, ACL_REVISION, 0xffffffff, ace, aceHeader->AceSize)) { return GetLastError(); } } return ERROR_SUCCESS; } DWORD AddAccessAllowedACEToACL( PACL *Acl, DWORD PermissionMask, LPTSTR Principal) { ACL_SIZE_INFORMATION aclSizeInfo; int aclSize; DWORD returnValue; PSID principalSID; PACL oldACL; PACL newACL; oldACL = *Acl; returnValue = GetPrincipalSID (Principal, &principalSID); if (returnValue != ERROR_SUCCESS) { return returnValue; } GetAclInformation( oldACL, (LPVOID) &aclSizeInfo, (DWORD) sizeof (ACL_SIZE_INFORMATION), AclSizeInformation); aclSize = aclSizeInfo.AclBytesInUse + sizeof (ACL) + sizeof (ACCESS_ALLOWED_ACE) + GetLengthSid (principalSID) - sizeof (DWORD); newACL = (PACL) new BYTE [aclSize]; if (!InitializeAcl (newACL, aclSize, ACL_REVISION)) { free (principalSID); return GetLastError(); } returnValue = CopyACL (oldACL, newACL); if (returnValue != ERROR_SUCCESS) { free (principalSID); return returnValue; } if (!AddAccessAllowedAce( newACL, ACL_REVISION2, PermissionMask, principalSID)) { free (principalSID); return GetLastError(); } *Acl = newACL; free (principalSID); return ERROR_SUCCESS; }
No CVS admin address has been configured |
Powered by ViewCVS 0.9.2 |