Beispiel #1
0
DWORD
LWICheckSecurity(
    handle_t        hBindingHandle,
    ACCESS_MASK dwAccessMask
    )
{
    DWORD dwError = ERROR_SUCCESS;
    volatile unsigned32 rpcError;
    PACCESS_TOKEN        pUserToken = NULL;

    TRY
    {
        rpc_binding_inq_access_token_caller(
            hBindingHandle,
            &pUserToken,
            (unsigned32*)&rpcError);
    }
    CATCH_ALL
    ENDTRY;

    BAIL_ON_DCE_ERROR(dwError, rpcError);

    dwError = EVTCheckAllowed(
            pUserToken, 
            dwAccessMask);
    BAIL_ON_EVT_ERROR(dwError);

error:
    if (pUserToken)
    {
        RtlReleaseAccessToken(&pUserToken);
    }
    return dwError;
}
Beispiel #2
0
static
DWORD
LwmEvtSrvGetConnection(
    IN LWMsgCall* pCall,
    OUT PLWMSG_LW_EVENTLOG_CONNECTION* ppConn
)
{
    DWORD dwError = 0;
    LWMsgSession* pSession = NULL;
    PLWMSG_LW_EVENTLOG_CONNECTION pConn = NULL;
    NTSTATUS status = 0;
    PLW_MAP_SECURITY_CONTEXT pContext = NULL;

    if (pCall == NULL)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_EVT_ERROR(dwError);
    }

    pSession = lwmsg_call_get_session(pCall);
    if (pSession == NULL)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_EVT_ERROR(dwError);
    }

    pConn = (PLWMSG_LW_EVENTLOG_CONNECTION)lwmsg_session_get_data(pSession);
    if (pConn == NULL)
    {
        dwError = ERROR_INVALID_PARAMETER;
        BAIL_ON_EVT_ERROR(dwError);
    }

    if (!pConn->pUserToken)
    {
        status = LwMapSecurityCreateContext(&pContext);
        BAIL_ON_EVT_ERROR(status);

        status = LwMapSecurityCreateAccessTokenFromUidGid(
                     pContext,
                     &pConn->pUserToken,
                     pConn->Uid,
                     pConn->Gid);
        BAIL_ON_EVT_ERROR(status);

        dwError = EVTCheckAllowed(
                      pConn->pUserToken,
                      EVENTLOG_READ_RECORD,
                      &pConn->ReadAllowed);
        BAIL_ON_EVT_ERROR(dwError);

        dwError = EVTCheckAllowed(
                      pConn->pUserToken,
                      EVENTLOG_WRITE_RECORD,
                      &pConn->WriteAllowed);
        BAIL_ON_EVT_ERROR(dwError);

        dwError = EVTCheckAllowed(
                      pConn->pUserToken,
                      EVENTLOG_DELETE_RECORD,
                      &pConn->DeleteAllowed);
        BAIL_ON_EVT_ERROR(dwError);

        if (!pConn->ReadAllowed &&
                !pConn->WriteAllowed &&
                !pConn->DeleteAllowed)
        {
            dwError = ERROR_ACCESS_DENIED;
            BAIL_ON_EVT_ERROR(dwError);
        }
    }

    *ppConn = pConn;

cleanup:
    if (pContext)
    {
        LwMapSecurityFreeContext(&pContext);
    }
    if (dwError == 0 && status)
    {
        dwError = LwNtStatusToWin32Error(status);
    }
    return dwError;

error:
    *ppConn = NULL;
    goto cleanup;
}