DWORD VmAfdCopySecurityDescriptor ( PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorSrc, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptorDest ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; if (!pSecurityDescriptorSrc || !ppSecurityDescriptorDest ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VMAFD_SECURITY_DESCRIPTOR), (PVOID *)&pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext( pSecurityDescriptorSrc->pOwnerSecurityContext, &pSecurityDescriptor->pOwnerSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopyAcl( pSecurityDescriptorSrc->pAcl, &pSecurityDescriptor->pAcl ); BAIL_ON_VMAFD_ERROR (dwError); pSecurityDescriptor->dwRevision = pSecurityDescriptorSrc->dwRevision; pSecurityDescriptor->changeStatus = pSecurityDescriptorSrc->changeStatus; *ppSecurityDescriptorDest = pSecurityDescriptor; cleanup: return dwError; error: if (ppSecurityDescriptorDest) { *ppSecurityDescriptorDest = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor(pSecurityDescriptor); } goto cleanup; }
static DWORD VmAfdCopyAceList( PVMAFD_ACE_LIST pAceListSrc, PVMAFD_ACE_LIST *ppAceListDest ) { DWORD dwError = 0; PVMAFD_ACE_LIST pAceListCursor = NULL; PVMAFD_ACE_LIST pAceListStart = NULL; PVMAFD_ACE_LIST pAceListDstCursor = NULL; PVMAFD_ACE_LIST pAceListDstPrev = NULL; if ( !ppAceListDest ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } pAceListCursor = pAceListSrc; while (pAceListCursor) { dwError = VmAfdAllocateMemory( sizeof (VMAFD_ACE_LIST), (PVOID *) &pAceListDstCursor ); BAIL_ON_VMAFD_ERROR (dwError); if (!pAceListStart) { pAceListStart = pAceListDstCursor; } if (pAceListDstPrev) { pAceListDstPrev->pNext = pAceListDstCursor; } pAceListDstCursor->Ace.type = pAceListCursor->Ace.type; pAceListDstCursor->Ace.changeStatus = pAceListCursor->Ace.changeStatus; pAceListDstCursor->Ace.accessMask = pAceListCursor->Ace.accessMask; dwError = VmAfdCopySecurityContext( pAceListCursor->Ace.pSecurityContext, &(pAceListDstCursor->Ace.pSecurityContext ) ); BAIL_ON_VMAFD_ERROR (dwError); pAceListDstPrev = pAceListDstCursor; pAceListCursor = pAceListCursor->pNext; } *ppAceListDest = pAceListStart; cleanup: return dwError; error: if (ppAceListDest) { *ppAceListDest = NULL; } if (pAceListStart) { VmAfdFreeAceList(pAceListStart); } goto cleanup; }
DWORD VmAfdModifyPermissions ( PVECS_SERV_STORE pStore, PCWSTR pszServiceName, DWORD accessMask, VMAFD_ACE_TYPE aceType, PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor, VMW_IPC_MODIFY_PERMISSIONS modifyType ) { DWORD dwError = 0; PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL; PVMAFD_ACL pAcl = NULL; PVMAFD_ACE_LIST pAceList = NULL; PVMAFD_ACE_LIST pAceListCursor = NULL; PVMAFD_ACE_LIST pAceListNew = NULL; WCHAR wszEveryone[] = GROUP_EVERYONE_W; if (IsNullOrEmptyString (pszServiceName) || !pSecurityDescriptor || !modifyType || !pStore || !accessMask ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } if (VmAfdStringIsEqualW( pszServiceName, wszEveryone, FALSE ) ) { dwError = VmAfdCreateWellKnownContext ( VM_AFD_CONTEXT_TYPE_EVERYONE, &pSecurityContext ); } else { dwError = VmAfdAllocateContextFromName ( pszServiceName, &pSecurityContext ); } BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCheckOwnerShip ( pStore, pSecurityContext ); if (dwError == 0) { goto cleanup; } dwError = 0; if ( !pSecurityDescriptor->pAcl && modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE ) { dwError = VmAfdAllocateMemory( sizeof (VMAFD_ACL), (PVOID *) &pAcl ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VMAFD_ACE_LIST), (PVOID *) pAceList ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext( pSecurityContext, &(pAceList->Ace.pSecurityContext ) ); BAIL_ON_VMAFD_ERROR (dwError); pAceList->Ace.accessMask = accessMask; pAceList->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW; pAceList->Ace.type = aceType; pAcl->pAceList = pAceList; pAcl->dwAceCount ++; pSecurityDescriptor->pAcl = pAcl; } else if (pSecurityDescriptor->pAcl) { pAceListCursor = pSecurityDescriptor->pAcl->pAceList; while (pAceListCursor) { if ( VmAfdEqualsSecurityContext( pSecurityContext, pAceListCursor->Ace.pSecurityContext ) && pAceListCursor->Ace.type == aceType ) { break; } pAceListCursor = pAceListCursor->pNext; } if ( !pAceListCursor && modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE ) { dwError = VmAfdAllocateMemory ( sizeof (VMAFD_ACE_LIST), (PVOID *) &pAceListNew ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext ( pSecurityContext, &(pAceListNew->Ace.pSecurityContext) ); BAIL_ON_VMAFD_ERROR (dwError); pAceListNew->pNext = pSecurityDescriptor->pAcl->pAceList; pAceListNew->Ace.accessMask = accessMask; pAceListNew->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW; pAceListNew->Ace.type = aceType; pSecurityDescriptor->pAcl->pAceList = pAceListNew; pSecurityDescriptor->pAcl->dwAceCount ++; } else if (pAceListCursor) { switch (modifyType) { case VMW_IPC_MODIFY_PERMISSIONS_SET: pAceListCursor->Ace.accessMask = accessMask; break; case VMW_IPC_MODIFY_PERMISSIONS_ADD: pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask | accessMask; break; case VMW_IPC_MODIFY_PERMISSIONS_REVOKE: pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask & ~accessMask; break; default: dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } pAceListCursor->Ace.changeStatus = VMAFD_UPDATE_STATUS_MODIFIED; } } if (pSecurityDescriptor->changeStatus == VMAFD_UPDATE_STATUS_UNCHANGED) { pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_MODIFIED; } cleanup: if (pSecurityContext) { VmAfdFreeSecurityContext (pSecurityContext); } return dwError; error: if (pAcl) { VmAfdFreeAcl (pAcl); } if (pAceList) { VmAfdFreeAceList (pAceList); } if (pAceListNew) { VmAfdFreeAceList (pAceListNew); } goto cleanup; }
DWORD VmAfdInitializeSecurityDescriptor ( PVM_AFD_SECURITY_CONTEXT pSecurityContext, DWORD dwRevision, PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor ) { DWORD dwError = 0; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVMAFD_ACL pAcl = NULL; if (!pSecurityContext || !ppSecurityDescriptor ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VMAFD_SECURITY_DESCRIPTOR), (PVOID *)&pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VMAFD_ACL), (PVOID *)&pAcl ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdCopySecurityContext ( pSecurityContext, &pSecurityDescriptor->pOwnerSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); pSecurityDescriptor->dwRevision = dwRevision; pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_NEW; pAcl->dwAceCount = 0; pSecurityDescriptor->pAcl = pAcl; *ppSecurityDescriptor = pSecurityDescriptor; cleanup: return dwError; error: if (ppSecurityDescriptor) { *ppSecurityDescriptor = NULL; } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (pAcl) { VmAfdFreeAcl (pAcl); } goto cleanup; }
static DWORD VmAfdCreateNewClientInstance ( PVM_AFD_SECURITY_CONTEXT pSecurityContext, DWORD dwHashedIndx, PDWORD pdwClientInstance ) { DWORD dwError = 0; PVECS_STORE_CONTEXT_LIST pContextListCursor = NULL; PVECS_STORE_CONTEXT_LIST pContextListEntryNew = NULL; PVM_AFD_SECURITY_CONTEXT pSecurityContextTmp = NULL; DWORD dwClientInstance = 0; VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx]; if (!pSecurityContext || !pdwClientInstance ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } pContextListCursor = storeMapEntry.pStoreContextList; while (pContextListCursor) { if (VmAfdEqualsSecurityContext( pContextListCursor->pSecurityContext, pSecurityContext ) ) { dwError = VmAfdGetOpenClientInstance( pContextListCursor, &dwClientInstance ); BAIL_ON_VMAFD_ERROR (dwError); pContextListCursor->dwClientInstances = pContextListCursor->dwClientInstances | dwClientInstance; break; } pContextListCursor = pContextListCursor->pNext; } if (pContextListCursor == NULL) { dwError = VmAfdCopySecurityContext ( pSecurityContext, &pSecurityContextTmp ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VECS_STORE_CONTEXT_LIST), (PVOID *)&pContextListEntryNew ); BAIL_ON_VMAFD_ERROR (dwError); pContextListEntryNew->pSecurityContext = pSecurityContextTmp; pContextListEntryNew->dwClientInstances = 1; pContextListEntryNew->pNext = storeMapEntry.pStoreContextList; if (storeMapEntry.pStoreContextList) { storeMapEntry.pStoreContextList->pPrev = pContextListEntryNew; } gVecsGlobalStoreMap[dwHashedIndx].pStoreContextList = pContextListEntryNew; dwClientInstance = 1; } *pdwClientInstance = dwClientInstance; cleanup: return dwError; error: if (pdwClientInstance) { *pdwClientInstance = 0; } if (pContextListEntryNew) { VmAfdFreeContextListEntry( pContextListEntryNew ); } if (pSecurityContextTmp) { VmAfdFreeSecurityContext( pSecurityContextTmp ); } goto cleanup; }
static DWORD VmAfdInitializeStoreEntry ( DWORD dwStoreId, PVM_AFD_SECURITY_CONTEXT pSecurityContext, DWORD dwHashedIndx ) { DWORD dwError = 0; PVECS_SERV_STORE pStore = NULL; PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL; PVECS_STORE_CONTEXT_LIST pStoreContextList = NULL; VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx]; if (!dwStoreId || !pSecurityContext ) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_VMAFD_ERROR (dwError); } dwError = VmAfdAllocateMemory ( sizeof (VECS_SERV_STORE), (PVOID *)&pStore ); BAIL_ON_VMAFD_ERROR (dwError); pStore->refCount = 1; pStore->dwStoreId = dwStoreId; dwError = VecsDbGetSecurityDescriptor ( dwStoreId, &pSecurityDescriptor ); BAIL_ON_VMAFD_ERROR (dwError); dwError = VmAfdAllocateMemory ( sizeof (VECS_STORE_CONTEXT_LIST), (PVOID *)&pStoreContextList ); BAIL_ON_VMAFD_ERROR (dwError); pStoreContextList->dwClientInstances = 1; dwError = VmAfdCopySecurityContext( pSecurityContext, &pStoreContextList->pSecurityContext ); BAIL_ON_VMAFD_ERROR (dwError); storeMapEntry.pStore = pStore; storeMapEntry.pSecurityDescriptor = pSecurityDescriptor; storeMapEntry.pStoreContextList = pStoreContextList; dwError = VmAfdGenRandom ( &(storeMapEntry.dwStoreSessionID) ); BAIL_ON_VMAFD_ERROR (dwError); gVecsGlobalStoreMap[dwHashedIndx] = storeMapEntry; cleanup: return dwError; error: if (pStore) { VecsSrvReleaseCertStore (pStore); } if (pSecurityDescriptor) { VmAfdFreeSecurityDescriptor (pSecurityDescriptor); } if (pStoreContextList) { VmAfdFreeContextList (pStoreContextList); } goto cleanup; }