DWORD
VmAfdSetSecurityDescriptorForHandle (
PVECS_SRV_STORE_HANDLE pStore,
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorTmp = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorToClean = NULL;
BOOL bIsHoldingLock = FALSE;
if (!pStore ||
!pSecurityDescriptor
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdCopySecurityDescriptor (
pSecurityDescriptor,
&pSecurityDescriptorTmp
);
BAIL_ON_VMAFD_ERROR (dwError);
VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
dwError = VecsDbSetSecurityDescriptor (
gVecsGlobalStoreMap[pStore->dwStoreHandle].pStore->dwStoreId,
pSecurityDescriptorTmp
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityDescriptorToClean =
gVecsGlobalStoreMap[pStore->dwStoreHandle].pSecurityDescriptor;
VmAfdCleanSecurityDescriptor (pSecurityDescriptorTmp);
gVecsGlobalStoreMap[pStore->dwStoreHandle].pSecurityDescriptor =
pSecurityDescriptorTmp;
cleanup:
if (pSecurityDescriptorToClean)
{
VmAfdFreeSecurityDescriptor(pSecurityDescriptorToClean);
}
VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
return dwError;
error:
if (pSecurityDescriptorTmp)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptorTmp);
}
goto cleanup;
}
VOID
VmAfdTearDownStoreHashMap (
VOID
)
{
DWORD dwIndex = 0;
BOOLEAN bIsHoldingLock = FALSE;
VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
for (; dwIndex < VECS_STOREHASH_MAP_SIZE; dwIndex++)
{
VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwIndex];
VMAFD_SAFE_FREE_MEMORY (storeMapEntry.pStore);
if (storeMapEntry.pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (storeMapEntry.pSecurityDescriptor);
}
if (storeMapEntry.pStoreContextList)
{
VmAfdFreeContextList(storeMapEntry.pStoreContextList);
}
gVecsGlobalStoreMap[dwIndex].status = STORE_MAP_ENTRY_STATUS_EMPTY;
}
VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
}
DWORD
VmAfdGetSecurityDescriptorFromHandle (
PVECS_SRV_STORE_HANDLE pStore,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
BOOL bIsHoldingLock = FALSE;
VECS_SRV_STORE_MAP storeMapEntry = {0};
if (!pStore ||
!ppSecurityDescriptor
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
VMAFD_LOCK_MUTEX_SHARED (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
storeMapEntry = gVecsGlobalStoreMap[pStore->dwStoreHandle];
if (storeMapEntry.status != STORE_MAP_ENTRY_STATUS_OPEN)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdCopySecurityDescriptor (
storeMapEntry.pSecurityDescriptor,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityDescriptor = pSecurityDescriptor;
cleanup:
VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
return dwError;
error:
if (ppSecurityDescriptor)
{
*ppSecurityDescriptor = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
goto cleanup;
}
DWORD
VmAfdCopySecurityDescriptor (
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorSrc,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptorDest
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
if (!pSecurityDescriptorSrc ||
!ppSecurityDescriptorDest
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_SECURITY_DESCRIPTOR),
(PVOID *)&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext(
pSecurityDescriptorSrc->pOwnerSecurityContext,
&pSecurityDescriptor->pOwnerSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopyAcl(
pSecurityDescriptorSrc->pAcl,
&pSecurityDescriptor->pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityDescriptor->dwRevision = pSecurityDescriptorSrc->dwRevision;
pSecurityDescriptor->changeStatus = pSecurityDescriptorSrc->changeStatus;
*ppSecurityDescriptorDest = pSecurityDescriptor;
cleanup:
return dwError;
error:
if (ppSecurityDescriptorDest)
{
*ppSecurityDescriptorDest = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor(pSecurityDescriptor);
}
goto cleanup;
}
DWORD
VmAfdCheckOwnerShipWithHandle (
PVECS_SRV_STORE_HANDLE pStore,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
if (!pStore ||
!pConnectionContext ||
!pConnectionContext->pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!(VmAfdIsRootSecurityContext (pConnectionContext)))
{
if (!(VmAfdEqualsSecurityContext(
pConnectionContext->pSecurityContext,
pSecurityDescriptor->pOwnerSecurityContext
)
))
{
dwError = ERROR_ACCESS_DENIED;
BAIL_ON_VMAFD_ERROR (dwError);
}
}
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdCheckOwnerShip (
PVECS_SERV_STORE pStore,
PVM_AFD_SECURITY_CONTEXT pSecurityContext
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
if (!pStore ||
!pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdGetSecurityDescriptor (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!(VmAfdEqualsSecurityContext(
pSecurityContext,
pSecurityDescriptor->pOwnerSecurityContext
)
))
{
dwError = ERROR_ACCESS_DENIED;
BAIL_ON_VMAFD_ERROR (dwError);
}
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdGetSecurityDescriptor (
PVECS_SERV_STORE pStore,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
if (!pStore ||
!ppSecurityDescriptor
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VecsDbGetSecurityDescriptor (
pStore->dwStoreId,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityDescriptor = pSecurityDescriptor;
cleanup:
return dwError;
error:
if (ppSecurityDescriptor)
{
*ppSecurityDescriptor = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
goto cleanup;
}
VOID
VmAfdDeleteStoreEntry (
PVECS_SRV_STORE_HANDLE pStoreHandle
)
{
DWORD dwStoreMapIndex = 0;
if (pStoreHandle)
{
BOOLEAN bIsHoldingLock = FALSE;
dwStoreMapIndex = pStoreHandle->dwStoreHandle;
VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
VMAFD_SAFE_FREE_MEMORY (
gVecsGlobalStoreMap[dwStoreMapIndex].pStore
);
VmAfdFreeSecurityDescriptor (
gVecsGlobalStoreMap[dwStoreMapIndex].pSecurityDescriptor
);
gVecsGlobalStoreMap[dwStoreMapIndex].pSecurityDescriptor = NULL;
VmAfdFreeContextList (
gVecsGlobalStoreMap[dwStoreMapIndex].pStoreContextList
);
gVecsGlobalStoreMap[dwStoreMapIndex].pStoreContextList = NULL;
gVecsGlobalStoreMap[dwStoreMapIndex].status = STORE_MAP_ENTRY_STATUS_EMPTY;
VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock);
}
VMAFD_SAFE_FREE_MEMORY (pStoreHandle);
}
DWORD
VmAfdInitializeSecurityDescriptor (
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwRevision,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVMAFD_ACL pAcl = NULL;
if (!pSecurityContext ||
!ppSecurityDescriptor
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_SECURITY_DESCRIPTOR),
(PVOID *)&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACL),
(PVOID *)&pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&pSecurityDescriptor->pOwnerSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityDescriptor->dwRevision = dwRevision;
pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAcl->dwAceCount = 0;
pSecurityDescriptor->pAcl = pAcl;
*ppSecurityDescriptor = pSecurityDescriptor;
cleanup:
return dwError;
error:
if (ppSecurityDescriptor)
{
*ppSecurityDescriptor = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (pAcl)
{
VmAfdFreeAcl (pAcl);
}
goto cleanup;
}
DWORD
VmAfdAccessCheckWithHandle (
PVECS_SRV_STORE_HANDLE pStore,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext,
DWORD dwDesiredAccess
)
{
DWORD dwError = 0;
DWORD dwLogError = 0;
PVECS_SERV_STORE pStoreInfo = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PWSTR pszAccountName = NULL;
if (!pStore ||
!pConnectionContext ||
!pConnectionContext->pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if ((dwDesiredAccess | VECS_MAXIMUM_ALLOWED_MASK) !=
VECS_MAXIMUM_ALLOWED_MASK
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
/*
* We don't care about dwLogError errors because they are
* used solely for logging purpose. Even if some call fails,
* the function should not fail
*/
dwLogError = VmAfdAllocateNameFromContext (
pConnectionContext->pSecurityContext,
&pszAccountName
);
dwLogError = VmAfdGetStoreFromHandle (
pStore,
pConnectionContext->pSecurityContext,
&pStoreInfo
);
if (
!IsNullOrEmptyString(pszAccountName) &&
pStoreInfo
)
{
PSTR paszAccountName = NULL;
dwLogError = VmAfdAllocateStringAFromW(
pszAccountName,
&paszAccountName
);
if (paszAccountName)
{
switch (dwDesiredAccess)
{
case READ_STORE:
VmAfdLog (VMAFD_DEBUG_DEBUG,
"User %s requested READ operation on Store with ID: %d",
paszAccountName,
pStoreInfo->dwStoreId
);
break;
case WRITE_STORE:
VmAfdLog (VMAFD_DEBUG_DEBUG,
"User %s requested WRITE operation on Store with ID:%d",
paszAccountName,
pStoreInfo->dwStoreId
);
break;
default:
break;
}
}
else
{
VmAfdLog(VMAFD_DEBUG_ANY, "%s log failed. error(%u)", __FUNCTION__, dwLogError);
}
VMAFD_SAFE_FREE_MEMORY (paszAccountName);
}
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!(VmAfdIsRootSecurityContext (pConnectionContext)))
{
if (!(VmAfdEqualsSecurityContext(
pConnectionContext->pSecurityContext,
pSecurityDescriptor->pOwnerSecurityContext
)
))
{
dwError = VmAfdCheckAcl (
pSecurityDescriptor,
pConnectionContext->pSecurityContext,
dwDesiredAccess
);
BAIL_ON_VMAFD_ERROR (dwError);
}
}
cleanup:
VMAFD_SAFE_FREE_MEMORY (pszAccountName);
VMAFD_SAFE_FREE_MEMORY (pStoreInfo);
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
return dwError;
error:
goto cleanup;
}
DWORD
VecsSrvGetPermissions (
PVECS_SRV_STORE_HANDLE pStore,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext,
PWSTR *ppszOwnerName,
PDWORD pdwUserCount,
PVECS_STORE_PERMISSION_W *ppPermissions
)
{
DWORD dwError = 0;
PWSTR pszOwnerName = NULL;
DWORD dwUserCount = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_STORE_PERMISSION_W pPermissions = NULL;
if (!pStore ||
!ppszOwnerName ||
!pdwUserCount ||
!ppPermissions
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdCheckOwnerShipWithHandle(
pStore,
pConnectionContext
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateNameFromContext (
pSecurityDescriptor->pOwnerSecurityContext,
&pszOwnerName
);
BAIL_ON_VMAFD_ERROR (dwError);
if (
pSecurityDescriptor->pAcl &&
pSecurityDescriptor->pAcl->dwAceCount
)
{
DWORD dwIndex = 0;
PVMAFD_ACE_LIST pAceListCursor = NULL;
dwUserCount = pSecurityDescriptor->pAcl->dwAceCount;
dwError = VmAfdAllocateMemory(
dwUserCount * sizeof (VECS_STORE_PERMISSION_W),
(PVOID *)&pPermissions
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceListCursor = pSecurityDescriptor->pAcl->pAceList;
for (; pAceListCursor && dwIndex < dwUserCount; dwIndex++)
{
PVECS_STORE_PERMISSION_W pCursor = &pPermissions[dwIndex];
dwError = VmAfdAllocateNameFromContext(
pAceListCursor->Ace.pSecurityContext,
&pCursor->pszUserName
);
BAIL_ON_VMAFD_ERROR (dwError);
pCursor->dwAccessMask = pAceListCursor->Ace.accessMask;
pAceListCursor = pAceListCursor->pNext;
}
}
*ppszOwnerName = pszOwnerName;
*pdwUserCount = dwUserCount;
*ppPermissions = pPermissions;
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor(pSecurityDescriptor);
}
return dwError;
error:
if (ppszOwnerName)
{
*ppszOwnerName = NULL;
}
if (pdwUserCount)
{
*pdwUserCount = 0;
}
if (ppPermissions)
{
*ppPermissions = NULL;
}
VMAFD_SAFE_FREE_MEMORY (pszOwnerName);
if (pPermissions)
{
VmAfdFreeStorePermissionArray(
pPermissions,
dwUserCount
);
}
goto cleanup;
}
DWORD
VecsSrvChangeOwner (
PVECS_SRV_STORE_HANDLE pStore,
PCWSTR pszUserName,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_SERV_STORE pStoreInstance = NULL;
BOOL bIsHoldingLock = FALSE;
dwError = VmAfdCheckOwnerShipWithHandle (
pStore,
pConnectionContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_lock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = TRUE;
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdGetStoreFromHandle (
pStore,
pConnectionContext->pSecurityContext,
&pStoreInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdModifyOwner (
pStoreInstance,
pszUserName,
pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdSetSecurityDescriptorForHandle (
pStore,
pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_unlock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = FALSE;
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (bIsHoldingLock)
{
pthread_mutex_unlock(&gVmafdGlobals.mutexStoreState);
}
VMAFD_SAFE_FREE_MEMORY (pStoreInstance);
return dwError;
error:
goto cleanup;
}
DWORD
VecsSrvRevokePermission (
PVECS_SRV_STORE_HANDLE pStore,
PCWSTR pszUserName,
UINT32 accessMask,
VMAFD_ACE_TYPE aceType,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_SERV_STORE pStoreInstance = NULL;
BOOL bIsHoldingLock = FALSE;
PWSTR pwszAccountName = NULL;
DWORD dwLogError = 0;
dwError = VmAfdCheckOwnerShipWithHandle (
pStore,
pConnectionContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_lock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = TRUE;
dwError = VmAfdGetSecurityDescriptorFromHandle (
pStore,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdGetStoreFromHandle (
pStore,
pConnectionContext->pSecurityContext,
&pStoreInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdModifyPermissions (
pStoreInstance,
pszUserName,
accessMask,
aceType,
pSecurityDescriptor,
VMW_IPC_MODIFY_PERMISSIONS_REVOKE
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdSetSecurityDescriptorForHandle (
pStore,
pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_unlock (&gVmafdGlobals.mutexStoreState);
bIsHoldingLock = FALSE;
dwLogError = VmAfdAllocateNameFromContext (
pConnectionContext->pSecurityContext,
&pwszAccountName
);
if (!IsNullOrEmptyString(pwszAccountName))
{
PSTR pszAccountName = NULL;
PSTR paszUserName = NULL;
dwLogError = VmAfdAllocateStringAFromW(
pwszAccountName,
&pszAccountName
);
dwLogError = VmAfdAllocateStringAFromW (
pszUserName,
&paszUserName
);
if (pszAccountName)
{
VmAfdLog (VMAFD_DEBUG_ANY,
"User %s changed permission of Store with ID: %d \n "
"Permission %s %s was revoked from user %s",
pszAccountName,
pStoreInstance->dwStoreId,
accessMask & READ_STORE ? "read" : "",
accessMask & WRITE_STORE ? "write": "",
!IsNullOrEmptyString(paszUserName)? paszUserName: ""
);
}
VMAFD_SAFE_FREE_MEMORY (pszAccountName);
VMAFD_SAFE_FREE_MEMORY (paszUserName);
}
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (bIsHoldingLock)
{
pthread_mutex_unlock(&gVmafdGlobals.mutexStoreState);
}
VMAFD_SAFE_FREE_MEMORY (pStoreInstance);
VMAFD_SAFE_FREE_MEMORY (pwszAccountName);
return dwError;
error:
goto cleanup;
}
DWORD
VecsSrvCreateCertStoreWithAuth (
PCWSTR pszStoreName,
PCWSTR pszPassword,
PVM_AFD_CONNECTION_CONTEXT pConnectionContext,
PVECS_SRV_STORE_HANDLE *ppStore
)
{
DWORD dwError = 0;
DWORD dwDeleteError = 0;
PVECS_SRV_STORE_HANDLE pStore = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_SERV_STORE pStoreInstance = NULL;
BOOL bIsHoldingLock = FALSE;
pthread_mutex_lock (&gVmafdGlobals.mutexCreateStore);
bIsHoldingLock = TRUE;
dwError = VecsSrvCreateCertStore (
pszStoreName,
pszPassword,
&pStoreInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdInitializeSecurityDescriptor(
pConnectionContext->pSecurityContext,
1,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VecsDbSetSecurityDescriptor (
pStoreInstance->dwStoreId,
pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdGetStoreHandle (
(PWSTR)pszStoreName,
(PWSTR)pszPassword,
pConnectionContext->pSecurityContext,
&pStore
);
BAIL_ON_VMAFD_ERROR (dwError);
pthread_mutex_unlock (&gVmafdGlobals.mutexCreateStore);
bIsHoldingLock = FALSE;
*ppStore = pStore;
cleanup:
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (bIsHoldingLock)
{
pthread_mutex_unlock(&gVmafdGlobals.mutexCreateStore);
}
VMAFD_SAFE_FREE_MEMORY (pStoreInstance);
return dwError;
error:
if (dwError != ERROR_ALREADY_EXISTS)
{
dwDeleteError = VecsSrvDeleteCertStore(pszStoreName);
}
if (ppStore)
{
*ppStore = NULL;
}
if (pStore)
{
VmAfdReleaseStoreHandle (pStore);
}
goto cleanup;
}
static
DWORD
VmAfdInitializeStoreEntry (
DWORD dwStoreId,
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwHashedIndx
)
{
DWORD dwError = 0;
PVECS_SERV_STORE pStore = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_STORE_CONTEXT_LIST pStoreContextList = NULL;
VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx];
if (!dwStoreId ||
!pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VECS_SERV_STORE),
(PVOID *)&pStore
);
BAIL_ON_VMAFD_ERROR (dwError);
pStore->refCount = 1;
pStore->dwStoreId = dwStoreId;
dwError = VecsDbGetSecurityDescriptor (
dwStoreId,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VECS_STORE_CONTEXT_LIST),
(PVOID *)&pStoreContextList
);
BAIL_ON_VMAFD_ERROR (dwError);
pStoreContextList->dwClientInstances = 1;
dwError = VmAfdCopySecurityContext(
pSecurityContext,
&pStoreContextList->pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
storeMapEntry.pStore = pStore;
storeMapEntry.pSecurityDescriptor = pSecurityDescriptor;
storeMapEntry.pStoreContextList = pStoreContextList;
dwError = VmAfdGenRandom (
&(storeMapEntry.dwStoreSessionID)
);
BAIL_ON_VMAFD_ERROR (dwError);
gVecsGlobalStoreMap[dwHashedIndx] = storeMapEntry;
cleanup:
return dwError;
error:
if (pStore)
{
VecsSrvReleaseCertStore (pStore);
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (pStoreContextList)
{
VmAfdFreeContextList (pStoreContextList);
}
goto cleanup;
}
DWORD
VecsDbGetSecurityDescriptor (
DWORD dwStoreID,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor
)
{
DWORD dwError = 0;
PVECS_DB_CONTEXT pDbContext = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
DWORD dwContextSize = 0;
PBYTE pSecurityContextBlob = 0;
DWORD dwIsAclPresent = 0;
DWORD dwActualAceCount = 0;
sqlite3_stmt* pDbQuery = NULL;
if (!ppSecurityDescriptor)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VECS_ERROR (dwError);
}
dwError = VecsDbCreateContext(&pDbContext);
BAIL_ON_VECS_ERROR (dwError);
if (!pDbContext->pQueryGetSecurityDescriptor)
{
CHAR szQuery[] = "SELECT * FROM SDTable"
" WHERE StoreID = :storeid";
dwError = sqlite3_prepare_v2 (
pDbContext->pDb,
szQuery,
-1,
&pDbContext->pQueryGetSecurityDescriptor,
NULL
);
BAIL_ON_VECS_ERROR (dwError);
}
pDbQuery = pDbContext->pQueryGetSecurityDescriptor;
dwError = VecsBindDword (
pDbQuery,
":storeid",
dwStoreID
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VecsDbStepSql(pDbQuery);
if (dwError == SQLITE_ROW)
{
dwError = VmAfdAllocateMemory(
sizeof (VMAFD_SECURITY_DESCRIPTOR),
(PVOID *)&pSecurityDescriptor
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VecsDBGetColumnInt(
pDbQuery,
"Revision",
&(pSecurityDescriptor->dwRevision)
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VecsDBGetColumnBlob (
pDbQuery,
"ContextBlob",
&pSecurityContextBlob,
&dwContextSize
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VmAfdDecodeSecurityContext (
pSecurityContextBlob,
dwContextSize,
&(pSecurityDescriptor->pOwnerSecurityContext)
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VecsDBGetColumnInt (
pDbQuery,
"IsAclPresent",
&dwIsAclPresent
);
BAIL_ON_VECS_ERROR (dwError);
if (dwIsAclPresent)
{
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACL),
(PVOID *)&(pSecurityDescriptor->pAcl)
);
BAIL_ON_VECS_ERROR (dwError);
dwError = VecsDbGetAces(
pDbContext,
dwStoreID,
&pSecurityDescriptor->pAcl->pAceList,
&dwActualAceCount
);
BAIL_ON_VECS_ERROR (dwError);
pSecurityDescriptor->pAcl->dwAceCount = dwActualAceCount;
}
}
if (pSecurityDescriptor == NULL)
{
dwError = ERROR_OBJECT_NOT_FOUND;
BAIL_ON_VECS_ERROR (dwError);
}
*ppSecurityDescriptor = pSecurityDescriptor;
cleanup:
if (pDbQuery)
{
sqlite3_reset (pDbQuery);
}
if (pDbContext)
{
VecsDbReleaseContext (pDbContext);
}
VMAFD_SAFE_FREE_MEMORY (pSecurityContextBlob);
return dwError;
error:
if (ppSecurityDescriptor)
{
*ppSecurityDescriptor = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
goto cleanup;
}
