DWORD
_RpcEnumPrinters(DWORD Flags, WINSPOOL_HANDLE Name, DWORD Level, BYTE* pPrinterEnum, DWORD cbBuf, DWORD* pcbNeeded, DWORD* pcReturned)
{
DWORD dwErrorCode;
PBYTE pPrinterEnumAligned;
dwErrorCode = RpcImpersonateClient(NULL);
if (dwErrorCode != ERROR_SUCCESS)
{
ERR("RpcImpersonateClient failed with error %lu!\n", dwErrorCode);
return dwErrorCode;
}
pPrinterEnumAligned = AlignRpcPtr(pPrinterEnum, &cbBuf);
if (EnumPrintersW(Flags, Name, Level, pPrinterEnumAligned, cbBuf, pcbNeeded, pcReturned))
{
// Replace absolute pointer addresses in the output by relative offsets.
ASSERT(Level <= 9);
MarshallDownStructuresArray(pPrinterEnumAligned, *pcReturned, pPrinterInfoMarshalling[Level]->pInfo, pPrinterInfoMarshalling[Level]->cbStructureSize, TRUE);
}
else
{
dwErrorCode = GetLastError();
}
RpcRevertToSelf();
UndoAlignRpcPtr(pPrinterEnum, pPrinterEnumAligned, cbBuf, pcbNeeded);
return dwErrorCode;
}
void CWE273_Improper_Check_for_Dropped_Privileges__w32_RpcImpersonateClient_05_bad()
{
if(staticTrue)
{
RpcImpersonateClient(0);
/* FLAW: Do not check if RpcImpersonateClient() fails */
/* We'll leave out most of the implementation since it has nothing to do with the CWE
* and since the checkers are looking for certain function calls anyway */
}
}
/* good2() reverses the bodies in the if statement */
static void good2()
{
if(STATIC_CONST_FIVE==5)
{
/* FIX: check for the correct return value */
if (RpcImpersonateClient(0) != RPC_S_OK)
{
exit(1);
}
/* We'll leave out most of the implementation since it has nothing to do with the CWE
* and since the checkers are looking for certain function calls anyway */
}
}
/* good2() reverses the bodies in the if statement */
static void good2()
{
if(staticTrue)
{
/* FIX: Check the return value of RpcImpersonateClient() for RPC_S_OK */
if (RpcImpersonateClient(0) != RPC_S_OK)
{
exit(1);
}
/* We'll leave out most of the implementation since it has nothing to do with the CWE
* and since the checkers are looking for certain function calls anyway */
}
}
void CWE253_Incorrect_Check_of_Function_Return_Value__w32_RpcImpersonateClient_06_bad()
{
if(STATIC_CONST_FIVE==5)
{
/* FLAW: RpcImpersonateClient() could fail and would not return RPC_S_OK, but we
* are failing if the return value is RPC_S_OK */
if (RpcImpersonateClient(0) == RPC_S_OK)
{
exit(1);
}
/* We'll leave out most of the implementation since it has nothing to do with the CWE
* and since the checkers are looking for certain function calls anyway */
}
}
/* good1() uses if(STATIC_CONST_FIVE!=5) instead of if(STATIC_CONST_FIVE==5) */
static void good1()
{
if(STATIC_CONST_FIVE!=5)
{
/* INCIDENTAL: CWE 561 Dead Code, the code below will never run */
printLine("Benign, fixed string");
}
else
{
/* FIX: check for the correct return value */
if (RpcImpersonateClient(0) != RPC_S_OK)
{
exit(1);
}
/* We'll leave out most of the implementation since it has nothing to do with the CWE
* and since the checkers are looking for certain function calls anyway */
}
}
DWORD
_RpcEndPagePrinter(WINSPOOL_PRINTER_HANDLE hPrinter)
{
DWORD dwErrorCode;
dwErrorCode = RpcImpersonateClient(NULL);
if (dwErrorCode != ERROR_SUCCESS)
{
ERR("RpcImpersonateClient failed with error %lu!\n", dwErrorCode);
return dwErrorCode;
}
if (!EndPagePrinter(hPrinter))
dwErrorCode = GetLastError();
RpcRevertToSelf();
return dwErrorCode;
}
DWORD
_RpcWritePrinter(WINSPOOL_PRINTER_HANDLE hPrinter, BYTE* pBuf, DWORD cbBuf, DWORD* pcWritten)
{
DWORD dwErrorCode;
dwErrorCode = RpcImpersonateClient(NULL);
if (dwErrorCode != ERROR_SUCCESS)
{
ERR("RpcImpersonateClient failed with error %lu!\n", dwErrorCode);
return dwErrorCode;
}
if (!WritePrinter(hPrinter, pBuf, cbBuf, pcWritten))
dwErrorCode = GetLastError();
RpcRevertToSelf();
return dwErrorCode;
}
DWORD
_RpcStartDocPrinter(WINSPOOL_PRINTER_HANDLE hPrinter, WINSPOOL_DOC_INFO_CONTAINER* pDocInfoContainer, DWORD* pJobId)
{
DWORD dwErrorCode;
dwErrorCode = RpcImpersonateClient(NULL);
if (dwErrorCode != ERROR_SUCCESS)
{
ERR("RpcImpersonateClient failed with error %lu!\n", dwErrorCode);
return dwErrorCode;
}
*pJobId = StartDocPrinterW(hPrinter, pDocInfoContainer->Level, (PBYTE)pDocInfoContainer->DocInfo.pDocInfo1);
dwErrorCode = GetLastError();
RpcRevertToSelf();
return dwErrorCode;
}
DWORD
_RpcOpenPrinter(WINSPOOL_HANDLE pPrinterName, WINSPOOL_PRINTER_HANDLE* phPrinter, WCHAR* pDatatype, WINSPOOL_DEVMODE_CONTAINER* pDevModeContainer, DWORD AccessRequired)
{
DWORD dwErrorCode;
PRINTER_DEFAULTSW Default;
dwErrorCode = RpcImpersonateClient(NULL);
if (dwErrorCode != ERROR_SUCCESS)
{
ERR("RpcImpersonateClient failed with error %lu!\n", dwErrorCode);
return dwErrorCode;
}
Default.DesiredAccess = AccessRequired;
Default.pDatatype = pDatatype;
Default.pDevMode = (PDEVMODEW)pDevModeContainer->pDevMode;
if (!OpenPrinterW(pPrinterName, phPrinter, &Default))
dwErrorCode = GetLastError();
RpcRevertToSelf();
return dwErrorCode;
}
void
s_authinfo_test(unsigned int protseq, int secure)
{
RPC_BINDING_HANDLE binding;
RPC_STATUS status;
ULONG level, authnsvc;
RPC_AUTHZ_HANDLE privs;
unsigned char *principal;
binding = I_RpcGetCurrentCallHandle();
ok(binding != NULL, "I_RpcGetCurrentCallHandle returned NULL\n");
level = authnsvc = 0xdeadbeef;
privs = (RPC_AUTHZ_HANDLE)0xdeadbeef;
principal = (unsigned char *)0xdeadbeef;
if (secure || protseq == RPC_PROTSEQ_LRPC)
{
status = RpcBindingInqAuthClientA(binding, &privs, &principal, &level, &authnsvc, NULL);
if (status == RPC_S_CANNOT_SUPPORT)
{
win_skip("RpcBindingInqAuthClientA not supported\n");
return;
}
ok(status == RPC_S_OK, "expected RPC_S_OK got %u\n", status);
ok(privs != (RPC_AUTHZ_HANDLE)0xdeadbeef, "privs unchanged\n");
ok(principal != (unsigned char *)0xdeadbeef, "principal unchanged\n");
if (protseq != RPC_PROTSEQ_LRPC)
{
todo_wine
ok(principal != NULL, "NULL principal\n");
}
if (protseq == RPC_PROTSEQ_LRPC && principal && pGetUserNameExA)
{
int len;
char *spn;
len = WideCharToMultiByte(CP_ACP, 0, (const WCHAR *)privs, -1, NULL, 0, NULL, NULL);
spn = HeapAlloc( GetProcessHeap(), 0, len );
WideCharToMultiByte(CP_ACP, 0, (const WCHAR *)privs, -1, spn, len, NULL, NULL);
ok(!strcmp(domain_and_user, spn), "expected %s got %s\n", domain_and_user, spn);
HeapFree( GetProcessHeap(), 0, spn );
}
ok(level == RPC_C_AUTHN_LEVEL_PKT_PRIVACY, "level unchanged\n");
ok(authnsvc == RPC_C_AUTHN_WINNT, "authnsvc unchanged\n");
status = RpcImpersonateClient(NULL);
ok(status == RPC_S_OK, "expected RPC_S_OK got %u\n", status);
status = RpcRevertToSelf();
ok(status == RPC_S_OK, "expected RPC_S_OK got %u\n", status);
}
else
{
status = RpcBindingInqAuthClientA(binding, &privs, &principal, &level, &authnsvc, NULL);
ok(status == RPC_S_BINDING_HAS_NO_AUTH, "expected RPC_S_BINDING_HAS_NO_AUTH got %u\n", status);
ok(privs == (RPC_AUTHZ_HANDLE)0xdeadbeef, "got %p\n", privs);
ok(principal == (unsigned char *)0xdeadbeef, "got %s\n", principal);
ok(level == 0xdeadbeef, "got %u\n", level);
ok(authnsvc == 0xdeadbeef, "got %u\n", authnsvc);
}
}
BOOL
VmDirIsRpcOperationAllowed(
handle_t pBinding,
PSECURITY_DESCRIPTOR_ABSOLUTE pSD,
ULONG ulAccessDesired
)
{
#if defined(HAVE_DCERPC_WIN32)
VMDIR_LOG_VERBOSE(LDAP_DEBUG_ACL, "RPC Access GRANTED!");
return TRUE;
#else
ULONG ulError = ERROR_SUCCESS;
PACCESS_TOKEN hToken = NULL;
ACCESS_MASK accessGranted = 0;
BOOLEAN bAccessGranted = FALSE;
GENERIC_MAPPING genericMapping = {0};
#if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32)
BOOLEAN bImpersonated = FALSE;
#endif
#if !defined(_WIN32) || defined(HAVE_DCERPC_WIN32)
rpc_binding_inq_access_token_caller(pBinding, &hToken, &ulError);
BAIL_ON_VMDIR_ERROR(ulError);
#else
ulError = RpcImpersonateClient( pBinding );
BAIL_ON_VMDIR_ERROR(ulError);
bImpersonated = TRUE;
if ( OpenThreadToken(
GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &hToken) == 0 )
{
ulError = GetLastError();
BAIL_ON_VMDIR_ERROR(ulError);
}
#endif
ulError = LogAccessInfo(hToken, pSD, ulAccessDesired);
BAIL_ON_VMDIR_ERROR(ulError);
// Initialize generic mapping structure to map all.
memset(&genericMapping, 0xff, sizeof(GENERIC_MAPPING));
genericMapping.GenericRead = GENERIC_READ;
genericMapping.GenericWrite = GENERIC_WRITE;
genericMapping.GenericExecute = 0;
genericMapping.GenericAll = GENERIC_READ | GENERIC_WRITE;
VmDirMapGenericMask(&ulAccessDesired, &genericMapping);
bAccessGranted = VmDirAccessCheck(
pSD,
hToken,
ulAccessDesired,
0,
&genericMapping,
&accessGranted,
&ulError);
BAIL_ON_VMDIR_ERROR(ulError);
cleanup:
#if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32)
if( bImpersonated != FALSE )
{
DWORD rpcError = RpcRevertToSelfEx(pBinding);
if( rpcError != RPC_S_OK )
{
// real bad, need to exit the process ....
VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL,
"RpcRevertToSelfEx failed with %d. Exiting process.",
rpcError );
ExitProcess(rpcError);
}
}
#endif
if (hToken)
{
VmDirReleaseAccessToken(&hToken);
}
if (bAccessGranted)
{
VMDIR_LOG_VERBOSE(LDAP_DEBUG_ACL, "RPC Access GRANTED!");
}
else
{
VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "RPC Access DENIED!");
}
return bAccessGranted;
error:
bAccessGranted = FALSE;
goto cleanup;
#endif
}
