void VmDirFreeAccessInfo( PVDIR_ACCESS_INFO pAccessInfo ) { if (!pAccessInfo) return; if (pAccessInfo->pAccessToken) { VmDirReleaseAccessToken(&pAccessInfo->pAccessToken); } pAccessInfo->accessRoleBitmap = 0; VMDIR_SAFE_FREE_MEMORY(pAccessInfo->pszNormBindedDn); VMDIR_SAFE_FREE_MEMORY(pAccessInfo->pszBindedDn); VMDIR_SAFE_FREE_MEMORY(pAccessInfo->pszBindedObjectSid); }
BOOL VmDirIsRpcOperationAllowed( handle_t pBinding, PSECURITY_DESCRIPTOR_ABSOLUTE pSD, ULONG ulAccessDesired ) { #if defined(HAVE_DCERPC_WIN32) VMDIR_LOG_VERBOSE(LDAP_DEBUG_ACL, "RPC Access GRANTED!"); return TRUE; #else ULONG ulError = ERROR_SUCCESS; PACCESS_TOKEN hToken = NULL; ACCESS_MASK accessGranted = 0; BOOLEAN bAccessGranted = FALSE; GENERIC_MAPPING genericMapping = {0}; #if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32) BOOLEAN bImpersonated = FALSE; #endif #if !defined(_WIN32) || defined(HAVE_DCERPC_WIN32) rpc_binding_inq_access_token_caller(pBinding, &hToken, &ulError); BAIL_ON_VMDIR_ERROR(ulError); #else ulError = RpcImpersonateClient( pBinding ); BAIL_ON_VMDIR_ERROR(ulError); bImpersonated = TRUE; if ( OpenThreadToken( GetCurrentThread(), TOKEN_ALL_ACCESS, TRUE, &hToken) == 0 ) { ulError = GetLastError(); BAIL_ON_VMDIR_ERROR(ulError); } #endif ulError = LogAccessInfo(hToken, pSD, ulAccessDesired); BAIL_ON_VMDIR_ERROR(ulError); // Initialize generic mapping structure to map all. memset(&genericMapping, 0xff, sizeof(GENERIC_MAPPING)); genericMapping.GenericRead = GENERIC_READ; genericMapping.GenericWrite = GENERIC_WRITE; genericMapping.GenericExecute = 0; genericMapping.GenericAll = GENERIC_READ | GENERIC_WRITE; VmDirMapGenericMask(&ulAccessDesired, &genericMapping); bAccessGranted = VmDirAccessCheck( pSD, hToken, ulAccessDesired, 0, &genericMapping, &accessGranted, &ulError); BAIL_ON_VMDIR_ERROR(ulError); cleanup: #if defined(_WIN32) && !defined(HAVE_DCERPC_WIN32) if( bImpersonated != FALSE ) { DWORD rpcError = RpcRevertToSelfEx(pBinding); if( rpcError != RPC_S_OK ) { // real bad, need to exit the process .... VMDIR_LOG_ERROR( VMDIR_LOG_MASK_ALL, "RpcRevertToSelfEx failed with %d. Exiting process.", rpcError ); ExitProcess(rpcError); } } #endif if (hToken) { VmDirReleaseAccessToken(&hToken); } if (bAccessGranted) { VMDIR_LOG_VERBOSE(LDAP_DEBUG_ACL, "RPC Access GRANTED!"); } else { VMDIR_LOG_ERROR(VMDIR_LOG_MASK_ALL, "RPC Access DENIED!"); } return bAccessGranted; error: bAccessGranted = FALSE; goto cleanup; #endif }