bool CheckKeyFileWriteAccess (connection_t *c) { TCHAR keyfile[MAX_PATH]; int format = 0; if (!GetKeyFilename (c, keyfile, _countof(keyfile), &format, true)) return FALSE; else return CheckFileAccess (keyfile, GENERIC_WRITE); }
HRESULT AssemblySpec::GetAssemblyFromFusion(AppDomain* pAppDomain, IAssemblyName* pFusionAssemblyName, CodeBaseInfo* pCodeBase, IAssembly** ppFusionAssembly, PEFile** ppFile, CQuickWSTR* pFusionLog, OBJECTREF* pExtraEvidence, OBJECTREF* pThrowable) { _ASSERTE(ppFile); HRESULT hr = S_OK; IAssembly *pFusionAssembly = NULL; COMPLUS_TRY { DWORD dwSize = MAX_PATH; CQuickWSTR bufferPath; WCHAR *pPath = NULL; AssemblySink* pSink; DWORD eLocation; CQuickWSTR bufferCodebase; LPWSTR pwsCodeBase = NULL; DWORD dwCodeBase = 0; IAssemblyName *pNameDef = NULL; IApplicationContext *pFusionContext = pAppDomain->GetFusionContext(); pSink = pAppDomain->GetAssemblySink(); if(!pSink) { hr = E_OUTOFMEMORY; COMPLUS_LEAVE; } pSink->pFusionLog=pFusionLog; hr = FusionBind::GetAssemblyFromFusion(pFusionContext, pSink, pFusionAssemblyName, pCodeBase, &pFusionAssembly); pSink->pFusionLog=NULL; if(SUCCEEDED(hr)) { _ASSERTE(pFusionAssembly); // Get the path to the module containing the manifest dwSize = bufferPath.MaxSize(); pPath = bufferPath.Ptr(); hr = pFusionAssembly->GetManifestModulePath(pPath, &dwSize); if(hr == HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER)) { pPath = bufferPath.Alloc(dwSize); if (pPath == NULL) { hr = E_OUTOFMEMORY; COMPLUS_LEAVE; } hr = pFusionAssembly->GetManifestModulePath(pPath, &dwSize); } if(SUCCEEDED(hr)) { hr = pFusionAssembly->GetAssemblyNameDef(&pNameDef); if (SUCCEEDED(hr)) { dwCodeBase = bufferCodebase.MaxSize(); pwsCodeBase = bufferCodebase.Ptr(); hr = pNameDef->GetProperty(ASM_NAME_CODEBASE_URL, pwsCodeBase, &dwCodeBase); if(hr == HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER)) { pwsCodeBase = bufferCodebase.Alloc(dwCodeBase); if (pwsCodeBase == NULL) { hr = E_OUTOFMEMORY; COMPLUS_LEAVE; } hr = pNameDef->GetProperty(ASM_NAME_CODEBASE_URL, pwsCodeBase, &dwCodeBase); } pNameDef->Release(); } } } pSink->Release(); if(hr == S_OK && dwSize) { // See if we need to perform a strong name verification. hr = pFusionAssembly->GetAssemblyLocation(&eLocation); if (SUCCEEDED(hr)) { switch ((eLocation & ASMLOC_LOCATION_MASK)) { case ASMLOC_GAC: case ASMLOC_DOWNLOAD_CACHE: case ASMLOC_UNKNOWN: // Assemblies from the GAC or download cache have // already been verified by Fusion. Location Unknown // indicates a load from the dev path, which we'll // assume isn't a interesting case for verification. hr = S_OK; break; case ASMLOC_RUN_FROM_SOURCE: // For now, just verify these every time, we need to // cache the fact that at least one verification has // been performed (if strong name policy permits if (SUCCEEDED(hr)&&(eLocation&ASMLOC_CODEBASE_HINT)) { hr=CheckFileAccess(pPath,FILE_READ_DATA); if (FAILED(hr)) break; } // caching of verification results). if (StrongNameSignatureVerification(pPath, SN_INFLAG_INSTALL|SN_INFLAG_ALL_ACCESS|SN_INFLAG_RUNTIME, NULL)) hr = S_OK; else { hr = StrongNameErrorInfo(); if (hr == CORSEC_E_MISSING_STRONGNAME) hr = S_OK; else hr = CORSEC_E_INVALID_STRONGNAME; } break; default: _ASSERTE(FALSE); } if (SUCCEEDED(hr)) { hr = SystemDomain::LoadFile(pPath, NULL, mdFileNil, FALSE, pFusionAssembly, pwsCodeBase, pExtraEvidence, ppFile, FALSE); if (SUCCEEDED(hr)) { if(ppFusionAssembly) { pFusionAssembly->AddRef(); *ppFusionAssembly = pFusionAssembly; } if((eLocation & ASMLOC_LOCATION_MASK) == ASMLOC_GAC) // Assemblies in the GAC have also had any internal module // hashes verified at install time. (*ppFile)->SetHashesVerified(); } } } else if (hr == E_NOTIMPL) { // process exe _ASSERTE(pAppDomain == SystemDomain::System()->DefaultDomain()); hr = PEFile::Clone(SystemDomain::System()->DefaultDomain()->m_pRootFile, ppFile); if(SUCCEEDED(hr) && ppFusionAssembly) { pFusionAssembly->AddRef(); *ppFusionAssembly = pFusionAssembly; } } } } COMPLUS_CATCH { BEGIN_ENSURE_COOPERATIVE_GC(); if (pThrowable) { *pThrowable = GETTHROWABLE(); hr = SecurityHelper::MapToHR(*pThrowable); } else hr = SecurityHelper::MapToHR(GETTHROWABLE()); END_ENSURE_COOPERATIVE_GC(); } COMPLUS_END_CATCH if (pFusionAssembly) pFusionAssembly->Release(); return hr; }
Bool16 QTSSAuthorize(QTSS_StandardRTSP_Params* inParams, char* pathBuff) { QTSS_Error theErr = QTSS_NoErr; Bool16 result = false; const int kBuffLen = 256; char passwordBuff[kBuffLen] = {}; char nameBuff[kBuffLen] = {}; StrPtrLen nameStr(nameBuff, kBuffLen -1); StrPtrLen passwordStr(passwordBuff, kBuffLen -1); Bool16 noUserName = false; Bool16 noPassword = false; Bool16 isSpecialGuest = false; do { theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserName,0, (void *) nameStr.Ptr, &nameStr.Len); //qtss_printf("GetValue qtssRTSPReqUserName err =%"_S32BITARG_" \n",theErr); if ( (theErr != QTSS_NoErr) || (nameStr.Len == 0) || (nameStr.Ptr == NULL) || (*nameStr.Ptr == '\0')) { //qtss_printf ("no user name\n"); noUserName = true; } //qtss_printf("RTSPRequest dictionary name =%s len = %"_S32BITARG_"\n",nameStr.Ptr, nameStr.Len); theErr = QTSS_GetValue (inParams->inRTSPRequest,qtssRTSPReqUserPassword,0, (void *) passwordStr.Ptr, &passwordStr.Len); //qtss_printf("GetValue qtssRTSPReqUserName err =%"_S32BITARG_" \n",theErr); if ( (theErr != QTSS_NoErr) || (passwordStr.Len == 0) || (passwordStr.Ptr == NULL) || (*passwordStr.Ptr == '\0')) { //qtss_printf ("no Password\n"); noPassword = true; } //qtss_printf("RTSPRequest dictionary password =%s len = %"_S32BITARG_" \n",passwordStr.Ptr, passwordStr.Len); if (noUserName && noPassword) isSpecialGuest = true; if (isSpecialGuest) // no name and no password means guest { //qtss_printf ("User is guest check for access\n"); result = CheckWorldDirAccess(pathBuff); if (true == result) result = CheckWorldFileAccess(pathBuff); break; // no further processing on guest } if (0 == strcasecmp(nameStr.Ptr, sRootUserPtr) ) { //qtss_printf("user is root no root access to file =%s\n",pathBuff); // must log result = false; // don't allow break; } struct passwd *passwdStructPtr = getpwnam(nameStr.Ptr); if (NULL == passwdStructPtr) { //qtss_printf("failed to find name =%s\n",passwordStr.Ptr); break; } char *theCryptedPassword = crypt(passwordStr.Ptr, passwdStructPtr->pw_passwd); if ( 0 != strcmp(passwdStructPtr->pw_passwd, theCryptedPassword ) ) { //qtss_printf("failed to match name to password =%s\n",passwordStr.Ptr); break; } result = CheckDirAccess(passwdStructPtr, &nameStr, pathBuff); if (!result) break; result = CheckFileAccess(passwdStructPtr, &nameStr, pathBuff); if (!result) break; //qtss_printf("QTSSAuthorize: user %s is authorized for %s\n",nameStr.Ptr,pathBuff); } while (false); if (!result) { //qtss_printf("QTSSAuthorize: user %s is un authorized for %s\n",nameStr.Ptr,pathBuff); } return result; }