DWORD VmAfdSetSecurityDescriptorForHandle ( PVECS_SRV_STORE_HANDLE pStore, PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorTmp = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorToClean = NULL; BOOL bIsHoldingLock = FALSE; if (!pStore || !pSecurityDescriptor ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdCopySecurityDescriptor ( pSecurityDescriptor, &pSecurityDescriptorTmp ); BAIL_ON_VMAFD_ERROR (dwError); VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); dwError = VecsDbSetSecurityDescriptor ( gVecsGlobalStoreMap[pStore->dwStoreHandle].pStore->dwStoreId, pSecurityDescriptorTmp ); BAIL_ON_VMAFD_ERROR (dwError); pSecurityDescriptorToClean = gVecsGlobalStoreMap[pStore->dwStoreHandle].pSecurityDescriptor; VmAfdCleanSecurityDescriptor (pSecurityDescriptorTmp); gVecsGlobalStoreMap[pStore->dwStoreHandle].pSecurityDescriptor = pSecurityDescriptorTmp; cleanup: if (pSecurityDescriptorToClean) { VmAfdFreeSecurityDescriptor(pSecurityDescriptorToClean); } VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); return dwError; error: if (pSecurityDescriptorTmp) { VmAfdFreeSecurityDescriptor (pSecurityDescriptorTmp); } goto cleanup; }
VOID VmAfdTearDownStoreHashMap ( VOID ) { DWORD dwIndex = 0; BOOLEAN bIsHoldingLock = FALSE; VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); for (; dwIndex < VECS_STOREHASH_MAP_SIZE; dwIndex++) { VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwIndex]; VMAFD_SAFE_FREE_MEMORY (storeMapEntry.pStore); if (storeMapEntry.pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (storeMapEntry.pSecurityDescriptor); } if (storeMapEntry.pStoreContextList) { VmAfdFreeContextList(storeMapEntry.pStoreContextList); } gVecsGlobalStoreMap[dwIndex].status = STORE_MAP_ENTRY_STATUS_EMPTY; } VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); }
DWORD VmAfdGetSecurityDescriptorFromHandle ( PVECS_SRV_STORE_HANDLE pStore, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; BOOL bIsHoldingLock = FALSE; VECS_SRV_STORE_MAP storeMapEntry = {0}; if (!pStore || !ppSecurityDescriptor ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } VMAFD_LOCK_MUTEX_SHARED (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); storeMapEntry = gVecsGlobalStoreMap[pStore->dwStoreHandle]; if (storeMapEntry.status != STORE_MAP_ENTRY_STATUS_OPEN) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdCopySecurityDescriptor ( storeMapEntry.pSecurityDescriptor, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); *ppSecurityDescriptor = pSecurityDescriptor; cleanup: VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); return dwError; error: if (ppSecurityDescriptor) { *ppSecurityDescriptor = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } goto cleanup; }
DWORD VmAfdCopySecurityDescriptor ( PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorSrc, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptorDest ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; if (!pSecurityDescriptorSrc || !ppSecurityDescriptorDest ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VMAFD_SECURITY_DESCRIPTOR), (PVOID *)&pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext( pSecurityDescriptorSrc->pOwnerSecurityContext, &pSecurityDescriptor->pOwnerSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopyAcl( pSecurityDescriptorSrc->pAcl, &pSecurityDescriptor->pAcl ); BAIL_ON_VMAFD_ERROR (dwError); pSecurityDescriptor->dwRevision = pSecurityDescriptorSrc->dwRevision; pSecurityDescriptor->changeStatus = pSecurityDescriptorSrc->changeStatus; *ppSecurityDescriptorDest = pSecurityDescriptor; cleanup: return dwError; error: if (ppSecurityDescriptorDest) { *ppSecurityDescriptorDest = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor(pSecurityDescriptor); } goto cleanup; }
DWORD VmAfdCheckOwnerShipWithHandle ( PVECS_SRV_STORE_HANDLE pStore, PVM_AFD_CONNECTION_CONTEXT pConnectionContext ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; if (!pStore || !pConnectionContext || !pConnectionContext->pSecurityContext ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdGetSecurityDescriptorFromHandle ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); if (!(VmAfdIsRootSecurityContext (pConnectionContext))) { if (!(VmAfdEqualsSecurityContext( pConnectionContext->pSecurityContext, pSecurityDescriptor->pOwnerSecurityContext ) )) { dwError = ERROR_ACCESS_DENIED; BAIL_ON_VMAFD_ERROR (dwError); } } cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } return dwError; error: goto cleanup; }
DWORD VmAfdCheckOwnerShip ( PVECS_SERV_STORE pStore, PVM_AFD_SECURITY_CONTEXT pSecurityContext ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; if (!pStore || !pSecurityContext ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdGetSecurityDescriptor ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); if (!(VmAfdEqualsSecurityContext( pSecurityContext, pSecurityDescriptor->pOwnerSecurityContext ) )) { dwError = ERROR_ACCESS_DENIED; BAIL_ON_VMAFD_ERROR (dwError); } cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } return dwError; error: goto cleanup; }
DWORD VmAfdGetSecurityDescriptor ( PVECS_SERV_STORE pStore, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; if (!pStore || !ppSecurityDescriptor ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VecsDbGetSecurityDescriptor ( pStore->dwStoreId, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); *ppSecurityDescriptor = pSecurityDescriptor; cleanup: return dwError; error: if (ppSecurityDescriptor) { *ppSecurityDescriptor = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } goto cleanup; }
VOID VmAfdDeleteStoreEntry ( PVECS_SRV_STORE_HANDLE pStoreHandle ) { DWORD dwStoreMapIndex = 0; if (pStoreHandle) { BOOLEAN bIsHoldingLock = FALSE; dwStoreMapIndex = pStoreHandle->dwStoreHandle; VMAFD_LOCK_MUTEX_EXCLUSIVE (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); VMAFD_SAFE_FREE_MEMORY ( gVecsGlobalStoreMap[dwStoreMapIndex].pStore ); VmAfdFreeSecurityDescriptor ( gVecsGlobalStoreMap[dwStoreMapIndex].pSecurityDescriptor ); gVecsGlobalStoreMap[dwStoreMapIndex].pSecurityDescriptor = NULL; VmAfdFreeContextList ( gVecsGlobalStoreMap[dwStoreMapIndex].pStoreContextList ); gVecsGlobalStoreMap[dwStoreMapIndex].pStoreContextList = NULL; gVecsGlobalStoreMap[dwStoreMapIndex].status = STORE_MAP_ENTRY_STATUS_EMPTY; VMAFD_LOCK_MUTEX_UNLOCK (&gVmafdGlobals.rwlockStoreMap, bIsHoldingLock); } VMAFD_SAFE_FREE_MEMORY (pStoreHandle); }
DWORD VmAfdInitializeSecurityDescriptor ( PVM_AFD_SECURITY_CONTEXT pSecurityContext, DWORD dwRevision, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVMAFD_ACL pAcl = NULL; if (!pSecurityContext || !ppSecurityDescriptor ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VMAFD_SECURITY_DESCRIPTOR), (PVOID *)&pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VMAFD_ACL), (PVOID *)&pAcl ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext ( pSecurityContext, &pSecurityDescriptor->pOwnerSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); pSecurityDescriptor->dwRevision = dwRevision; pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_NEW; pAcl->dwAceCount = 0; pSecurityDescriptor->pAcl = pAcl; *ppSecurityDescriptor = pSecurityDescriptor; cleanup: return dwError; error: if (ppSecurityDescriptor) { *ppSecurityDescriptor = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (pAcl) { VmAfdFreeAcl (pAcl); } goto cleanup; }
DWORD VmAfdAccessCheckWithHandle ( PVECS_SRV_STORE_HANDLE pStore, PVM_AFD_CONNECTION_CONTEXT pConnectionContext, DWORD dwDesiredAccess ) { DWORD dwError = 0; DWORD dwLogError = 0; PVECS_SERV_STORE pStoreInfo = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PWSTR pszAccountName = NULL; if (!pStore || !pConnectionContext || !pConnectionContext->pSecurityContext ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } if ((dwDesiredAccess | VECS_MAXIMUM_ALLOWED_MASK) != VECS_MAXIMUM_ALLOWED_MASK ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } /* * We don't care about dwLogError errors because they are * used solely for logging purpose. Even if some call fails, * the function should not fail */ dwLogError = VmAfdAllocateNameFromContext ( pConnectionContext->pSecurityContext, &pszAccountName ); dwLogError = VmAfdGetStoreFromHandle ( pStore, pConnectionContext->pSecurityContext, &pStoreInfo ); if ( !IsNullOrEmptyString(pszAccountName) && pStoreInfo ) { PSTR paszAccountName = NULL; dwLogError = VmAfdAllocateStringAFromW( pszAccountName, &paszAccountName ); if (paszAccountName) { switch (dwDesiredAccess) { case READ_STORE: VmAfdLog (VMAFD_DEBUG_DEBUG, "User %s requested READ operation on Store with ID: %d", paszAccountName, pStoreInfo->dwStoreId ); break; case WRITE_STORE: VmAfdLog (VMAFD_DEBUG_DEBUG, "User %s requested WRITE operation on Store with ID:%d", paszAccountName, pStoreInfo->dwStoreId ); break; default: break; } } else { VmAfdLog(VMAFD_DEBUG_ANY, "%s log failed. error(%u)", __FUNCTION__, dwLogError); } VMAFD_SAFE_FREE_MEMORY (paszAccountName); } dwError = VmAfdGetSecurityDescriptorFromHandle ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); if (!(VmAfdIsRootSecurityContext (pConnectionContext))) { if (!(VmAfdEqualsSecurityContext( pConnectionContext->pSecurityContext, pSecurityDescriptor->pOwnerSecurityContext ) )) { dwError = VmAfdCheckAcl ( pSecurityDescriptor, pConnectionContext->pSecurityContext, dwDesiredAccess ); BAIL_ON_VMAFD_ERROR (dwError); } } cleanup: VMAFD_SAFE_FREE_MEMORY (pszAccountName); VMAFD_SAFE_FREE_MEMORY (pStoreInfo); if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } return dwError; error: goto cleanup; }
DWORD VecsSrvGetPermissions ( PVECS_SRV_STORE_HANDLE pStore, PVM_AFD_CONNECTION_CONTEXT pConnectionContext, PWSTR *ppszOwnerName, PDWORD pdwUserCount, PVECS_STORE_PERMISSION_W *ppPermissions ) { DWORD dwError = 0; PWSTR pszOwnerName = NULL; DWORD dwUserCount = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_STORE_PERMISSION_W pPermissions = NULL; if (!pStore || !ppszOwnerName || !pdwUserCount || !ppPermissions ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdCheckOwnerShipWithHandle( pStore, pConnectionContext ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdGetSecurityDescriptorFromHandle ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateNameFromContext ( pSecurityDescriptor->pOwnerSecurityContext, &pszOwnerName ); BAIL_ON_VMAFD_ERROR (dwError); if ( pSecurityDescriptor->pAcl && pSecurityDescriptor->pAcl->dwAceCount ) { DWORD dwIndex = 0; PVMAFD_ACE_LIST pAceListCursor = NULL; dwUserCount = pSecurityDescriptor->pAcl->dwAceCount; dwError = VmAfdAllocateMemory( dwUserCount * sizeof (VECS_STORE_PERMISSION_W), (PVOID *)&pPermissions ); BAIL_ON_VMAFD_ERROR (dwError); pAceListCursor = pSecurityDescriptor->pAcl->pAceList; for (; pAceListCursor && dwIndex < dwUserCount; dwIndex++) { PVECS_STORE_PERMISSION_W pCursor = &pPermissions[dwIndex]; dwError = VmAfdAllocateNameFromContext( pAceListCursor->Ace.pSecurityContext, &pCursor->pszUserName ); BAIL_ON_VMAFD_ERROR (dwError); pCursor->dwAccessMask = pAceListCursor->Ace.accessMask; pAceListCursor = pAceListCursor->pNext; } } *ppszOwnerName = pszOwnerName; *pdwUserCount = dwUserCount; *ppPermissions = pPermissions; cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor(pSecurityDescriptor); } return dwError; error: if (ppszOwnerName) { *ppszOwnerName = NULL; } if (pdwUserCount) { *pdwUserCount = 0; } if (ppPermissions) { *ppPermissions = NULL; } VMAFD_SAFE_FREE_MEMORY (pszOwnerName); if (pPermissions) { VmAfdFreeStorePermissionArray( pPermissions, dwUserCount ); } goto cleanup; }
DWORD VecsSrvChangeOwner ( PVECS_SRV_STORE_HANDLE pStore, PCWSTR pszUserName, PVM_AFD_CONNECTION_CONTEXT pConnectionContext ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_SERV_STORE pStoreInstance = NULL; BOOL bIsHoldingLock = FALSE; dwError = VmAfdCheckOwnerShipWithHandle ( pStore, pConnectionContext ); BAIL_ON_VMAFD_ERROR (dwError); pthread_mutex_lock (&gVmafdGlobals.mutexStoreState); bIsHoldingLock = TRUE; dwError = VmAfdGetSecurityDescriptorFromHandle ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdGetStoreFromHandle ( pStore, pConnectionContext->pSecurityContext, &pStoreInstance ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdModifyOwner ( pStoreInstance, pszUserName, pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdSetSecurityDescriptorForHandle ( pStore, pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); pthread_mutex_unlock (&gVmafdGlobals.mutexStoreState); bIsHoldingLock = FALSE; cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (bIsHoldingLock) { pthread_mutex_unlock(&gVmafdGlobals.mutexStoreState); } VMAFD_SAFE_FREE_MEMORY (pStoreInstance); return dwError; error: goto cleanup; }
DWORD VecsSrvRevokePermission ( PVECS_SRV_STORE_HANDLE pStore, PCWSTR pszUserName, UINT32 accessMask, VMAFD_ACE_TYPE aceType, PVM_AFD_CONNECTION_CONTEXT pConnectionContext ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_SERV_STORE pStoreInstance = NULL; BOOL bIsHoldingLock = FALSE; PWSTR pwszAccountName = NULL; DWORD dwLogError = 0; dwError = VmAfdCheckOwnerShipWithHandle ( pStore, pConnectionContext ); BAIL_ON_VMAFD_ERROR (dwError); pthread_mutex_lock (&gVmafdGlobals.mutexStoreState); bIsHoldingLock = TRUE; dwError = VmAfdGetSecurityDescriptorFromHandle ( pStore, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdGetStoreFromHandle ( pStore, pConnectionContext->pSecurityContext, &pStoreInstance ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdModifyPermissions ( pStoreInstance, pszUserName, accessMask, aceType, pSecurityDescriptor, VMW_IPC_MODIFY_PERMISSIONS_REVOKE ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdSetSecurityDescriptorForHandle ( pStore, pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); pthread_mutex_unlock (&gVmafdGlobals.mutexStoreState); bIsHoldingLock = FALSE; dwLogError = VmAfdAllocateNameFromContext ( pConnectionContext->pSecurityContext, &pwszAccountName ); if (!IsNullOrEmptyString(pwszAccountName)) { PSTR pszAccountName = NULL; PSTR paszUserName = NULL; dwLogError = VmAfdAllocateStringAFromW( pwszAccountName, &pszAccountName ); dwLogError = VmAfdAllocateStringAFromW ( pszUserName, &paszUserName ); if (pszAccountName) { VmAfdLog (VMAFD_DEBUG_ANY, "User %s changed permission of Store with ID: %d \n " "Permission %s %s was revoked from user %s", pszAccountName, pStoreInstance->dwStoreId, accessMask & READ_STORE ? "read" : "", accessMask & WRITE_STORE ? "write": "", !IsNullOrEmptyString(paszUserName)? paszUserName: "" ); } VMAFD_SAFE_FREE_MEMORY (pszAccountName); VMAFD_SAFE_FREE_MEMORY (paszUserName); } cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (bIsHoldingLock) { pthread_mutex_unlock(&gVmafdGlobals.mutexStoreState); } VMAFD_SAFE_FREE_MEMORY (pStoreInstance); VMAFD_SAFE_FREE_MEMORY (pwszAccountName); return dwError; error: goto cleanup; }
DWORD VecsSrvCreateCertStoreWithAuth ( PCWSTR pszStoreName, PCWSTR pszPassword, PVM_AFD_CONNECTION_CONTEXT pConnectionContext, PVECS_SRV_STORE_HANDLE *ppStore ) { DWORD dwError = 0; DWORD dwDeleteError = 0; PVECS_SRV_STORE_HANDLE pStore = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_SERV_STORE pStoreInstance = NULL; BOOL bIsHoldingLock = FALSE; pthread_mutex_lock (&gVmafdGlobals.mutexCreateStore); bIsHoldingLock = TRUE; dwError = VecsSrvCreateCertStore ( pszStoreName, pszPassword, &pStoreInstance ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdInitializeSecurityDescriptor( pConnectionContext->pSecurityContext, 1, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VecsDbSetSecurityDescriptor ( pStoreInstance->dwStoreId, pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdGetStoreHandle ( (PWSTR)pszStoreName, (PWSTR)pszPassword, pConnectionContext->pSecurityContext, &pStore ); BAIL_ON_VMAFD_ERROR (dwError); pthread_mutex_unlock (&gVmafdGlobals.mutexCreateStore); bIsHoldingLock = FALSE; *ppStore = pStore; cleanup: if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (bIsHoldingLock) { pthread_mutex_unlock(&gVmafdGlobals.mutexCreateStore); } VMAFD_SAFE_FREE_MEMORY (pStoreInstance); return dwError; error: if (dwError != ERROR_ALREADY_EXISTS) { dwDeleteError = VecsSrvDeleteCertStore(pszStoreName); } if (ppStore) { *ppStore = NULL; } if (pStore) { VmAfdReleaseStoreHandle (pStore); } goto cleanup; }
static DWORD VmAfdInitializeStoreEntry ( DWORD dwStoreId, PVM_AFD_SECURITY_CONTEXT pSecurityContext, DWORD dwHashedIndx ) { DWORD dwError = 0; PVECS_SERV_STORE pStore = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_STORE_CONTEXT_LIST pStoreContextList = NULL; VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx]; if (!dwStoreId || !pSecurityContext ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VECS_SERV_STORE), (PVOID *)&pStore ); BAIL_ON_VMAFD_ERROR (dwError); pStore->refCount = 1; pStore->dwStoreId = dwStoreId; dwError = VecsDbGetSecurityDescriptor ( dwStoreId, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VECS_STORE_CONTEXT_LIST), (PVOID *)&pStoreContextList ); BAIL_ON_VMAFD_ERROR (dwError); pStoreContextList->dwClientInstances = 1; dwError = VmAfdCopySecurityContext( pSecurityContext, &pStoreContextList->pSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); storeMapEntry.pStore = pStore; storeMapEntry.pSecurityDescriptor = pSecurityDescriptor; storeMapEntry.pStoreContextList = pStoreContextList; dwError = VmAfdGenRandom ( &(storeMapEntry.dwStoreSessionID) ); BAIL_ON_VMAFD_ERROR (dwError); gVecsGlobalStoreMap[dwHashedIndx] = storeMapEntry; cleanup: return dwError; error: if (pStore) { VecsSrvReleaseCertStore (pStore); } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (pStoreContextList) { VmAfdFreeContextList (pStoreContextList); } goto cleanup; }
DWORD VecsDbGetSecurityDescriptor ( DWORD dwStoreID, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor ) { DWORD dwError = 0; PVECS_DB_CONTEXT pDbContext = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; DWORD dwContextSize = 0; PBYTE pSecurityContextBlob = 0; DWORD dwIsAclPresent = 0; DWORD dwActualAceCount = 0; sqlite3_stmt* pDbQuery = NULL; if (!ppSecurityDescriptor) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VECS_ERROR (dwError); } dwError = VecsDbCreateContext(&pDbContext); BAIL_ON_VECS_ERROR (dwError); if (!pDbContext->pQueryGetSecurityDescriptor) { CHAR szQuery[] = "SELECT * FROM SDTable" " WHERE StoreID = :storeid"; dwError = sqlite3_prepare_v2 ( pDbContext->pDb, szQuery, -1, &pDbContext->pQueryGetSecurityDescriptor, NULL ); BAIL_ON_VECS_ERROR (dwError); } pDbQuery = pDbContext->pQueryGetSecurityDescriptor; dwError = VecsBindDword ( pDbQuery, ":storeid", dwStoreID ); BAIL_ON_VECS_ERROR (dwError); dwError = VecsDbStepSql(pDbQuery); if (dwError == SQLITE_ROW) { dwError = VmAfdAllocateMemory( sizeof (VMAFD_SECURITY_DESCRIPTOR), (PVOID *)&pSecurityDescriptor ); BAIL_ON_VECS_ERROR (dwError); dwError = VecsDBGetColumnInt( pDbQuery, "Revision", &(pSecurityDescriptor->dwRevision) ); BAIL_ON_VECS_ERROR (dwError); dwError = VecsDBGetColumnBlob ( pDbQuery, "ContextBlob", &pSecurityContextBlob, &dwContextSize ); BAIL_ON_VECS_ERROR (dwError); dwError = VmAfdDecodeSecurityContext ( pSecurityContextBlob, dwContextSize, &(pSecurityDescriptor->pOwnerSecurityContext) ); BAIL_ON_VECS_ERROR (dwError); dwError = VecsDBGetColumnInt ( pDbQuery, "IsAclPresent", &dwIsAclPresent ); BAIL_ON_VECS_ERROR (dwError); if (dwIsAclPresent) { dwError = VmAfdAllocateMemory ( sizeof (VMAFD_ACL), (PVOID *)&(pSecurityDescriptor->pAcl) ); BAIL_ON_VECS_ERROR (dwError); dwError = VecsDbGetAces( pDbContext, dwStoreID, &pSecurityDescriptor->pAcl->pAceList, &dwActualAceCount ); BAIL_ON_VECS_ERROR (dwError); pSecurityDescriptor->pAcl->dwAceCount = dwActualAceCount; } } if (pSecurityDescriptor == NULL) { dwError = ERROR_OBJECT_NOT_FOUND; BAIL_ON_VECS_ERROR (dwError); } *ppSecurityDescriptor = pSecurityDescriptor; cleanup: if (pDbQuery) { sqlite3_reset (pDbQuery); } if (pDbContext) { VecsDbReleaseContext (pDbContext); } VMAFD_SAFE_FREE_MEMORY (pSecurityContextBlob); return dwError; error: if (ppSecurityDescriptor) { *ppSecurityDescriptor = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } goto cleanup; }