DWORD
VmAfdCopySecurityDescriptor (
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptorSrc,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptorDest
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
if (!pSecurityDescriptorSrc ||
!ppSecurityDescriptorDest
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_SECURITY_DESCRIPTOR),
(PVOID *)&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext(
pSecurityDescriptorSrc->pOwnerSecurityContext,
&pSecurityDescriptor->pOwnerSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopyAcl(
pSecurityDescriptorSrc->pAcl,
&pSecurityDescriptor->pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityDescriptor->dwRevision = pSecurityDescriptorSrc->dwRevision;
pSecurityDescriptor->changeStatus = pSecurityDescriptorSrc->changeStatus;
*ppSecurityDescriptorDest = pSecurityDescriptor;
cleanup:
return dwError;
error:
if (ppSecurityDescriptorDest)
{
*ppSecurityDescriptorDest = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor(pSecurityDescriptor);
}
goto cleanup;
}
static
DWORD
VmAfdCopyAceList(
PVMAFD_ACE_LIST pAceListSrc,
PVMAFD_ACE_LIST *ppAceListDest
)
{
DWORD dwError = 0;
PVMAFD_ACE_LIST pAceListCursor = NULL;
PVMAFD_ACE_LIST pAceListStart = NULL;
PVMAFD_ACE_LIST pAceListDstCursor = NULL;
PVMAFD_ACE_LIST pAceListDstPrev = NULL;
if (
!ppAceListDest
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
pAceListCursor = pAceListSrc;
while (pAceListCursor)
{
dwError = VmAfdAllocateMemory(
sizeof (VMAFD_ACE_LIST),
(PVOID *) &pAceListDstCursor
);
BAIL_ON_VMAFD_ERROR (dwError);
if (!pAceListStart)
{
pAceListStart = pAceListDstCursor;
}
if (pAceListDstPrev)
{
pAceListDstPrev->pNext = pAceListDstCursor;
}
pAceListDstCursor->Ace.type = pAceListCursor->Ace.type;
pAceListDstCursor->Ace.changeStatus =
pAceListCursor->Ace.changeStatus;
pAceListDstCursor->Ace.accessMask =
pAceListCursor->Ace.accessMask;
dwError = VmAfdCopySecurityContext(
pAceListCursor->Ace.pSecurityContext,
&(pAceListDstCursor->Ace.pSecurityContext
)
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceListDstPrev = pAceListDstCursor;
pAceListCursor = pAceListCursor->pNext;
}
*ppAceListDest = pAceListStart;
cleanup:
return dwError;
error:
if (ppAceListDest)
{
*ppAceListDest = NULL;
}
if (pAceListStart)
{
VmAfdFreeAceList(pAceListStart);
}
goto cleanup;
}
DWORD
VmAfdModifyPermissions (
PVECS_SERV_STORE pStore,
PCWSTR pszServiceName,
DWORD accessMask,
VMAFD_ACE_TYPE aceType,
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor,
VMW_IPC_MODIFY_PERMISSIONS modifyType
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
PVMAFD_ACL pAcl = NULL;
PVMAFD_ACE_LIST pAceList = NULL;
PVMAFD_ACE_LIST pAceListCursor = NULL;
PVMAFD_ACE_LIST pAceListNew = NULL;
WCHAR wszEveryone[] = GROUP_EVERYONE_W;
if (IsNullOrEmptyString (pszServiceName) ||
!pSecurityDescriptor ||
!modifyType ||
!pStore ||
!accessMask
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (VmAfdStringIsEqualW(
pszServiceName,
wszEveryone,
FALSE
)
)
{
dwError = VmAfdCreateWellKnownContext (
VM_AFD_CONTEXT_TYPE_EVERYONE,
&pSecurityContext
);
}
else
{
dwError = VmAfdAllocateContextFromName (
pszServiceName,
&pSecurityContext
);
}
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCheckOwnerShip (
pStore,
pSecurityContext
);
if (dwError == 0)
{
goto cleanup;
}
dwError = 0;
if (
!pSecurityDescriptor->pAcl &&
modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE
)
{
dwError = VmAfdAllocateMemory(
sizeof (VMAFD_ACL),
(PVOID *) &pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACE_LIST),
(PVOID *) pAceList
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext(
pSecurityContext,
&(pAceList->Ace.pSecurityContext
)
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceList->Ace.accessMask = accessMask;
pAceList->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAceList->Ace.type = aceType;
pAcl->pAceList = pAceList;
pAcl->dwAceCount ++;
pSecurityDescriptor->pAcl = pAcl;
}
else if (pSecurityDescriptor->pAcl)
{
pAceListCursor = pSecurityDescriptor->pAcl->pAceList;
while (pAceListCursor)
{
if (
VmAfdEqualsSecurityContext(
pSecurityContext,
pAceListCursor->Ace.pSecurityContext
)
&&
pAceListCursor->Ace.type == aceType
)
{
break;
}
pAceListCursor = pAceListCursor->pNext;
}
if (
!pAceListCursor &&
modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE
)
{
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACE_LIST),
(PVOID *) &pAceListNew
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&(pAceListNew->Ace.pSecurityContext)
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceListNew->pNext = pSecurityDescriptor->pAcl->pAceList;
pAceListNew->Ace.accessMask = accessMask;
pAceListNew->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAceListNew->Ace.type = aceType;
pSecurityDescriptor->pAcl->pAceList = pAceListNew;
pSecurityDescriptor->pAcl->dwAceCount ++;
}
else if (pAceListCursor)
{
switch (modifyType)
{
case VMW_IPC_MODIFY_PERMISSIONS_SET:
pAceListCursor->Ace.accessMask = accessMask;
break;
case VMW_IPC_MODIFY_PERMISSIONS_ADD:
pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask |
accessMask;
break;
case VMW_IPC_MODIFY_PERMISSIONS_REVOKE:
pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask &
~accessMask;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
pAceListCursor->Ace.changeStatus = VMAFD_UPDATE_STATUS_MODIFIED;
}
}
if (pSecurityDescriptor->changeStatus == VMAFD_UPDATE_STATUS_UNCHANGED)
{
pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_MODIFIED;
}
cleanup:
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
return dwError;
error:
if (pAcl)
{
VmAfdFreeAcl (pAcl);
}
if (pAceList)
{
VmAfdFreeAceList (pAceList);
}
if (pAceListNew)
{
VmAfdFreeAceList (pAceListNew);
}
goto cleanup;
}
DWORD
VmAfdInitializeSecurityDescriptor (
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwRevision,
PVMAFD_SECURITY_DESCRIPTOR *ppSecurityDescriptor
)
{
DWORD dwError = 0;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVMAFD_ACL pAcl = NULL;
if (!pSecurityContext ||
!ppSecurityDescriptor
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_SECURITY_DESCRIPTOR),
(PVOID *)&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACL),
(PVOID *)&pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&pSecurityDescriptor->pOwnerSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityDescriptor->dwRevision = dwRevision;
pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAcl->dwAceCount = 0;
pSecurityDescriptor->pAcl = pAcl;
*ppSecurityDescriptor = pSecurityDescriptor;
cleanup:
return dwError;
error:
if (ppSecurityDescriptor)
{
*ppSecurityDescriptor = NULL;
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (pAcl)
{
VmAfdFreeAcl (pAcl);
}
goto cleanup;
}
static
DWORD
VmAfdCreateNewClientInstance (
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwHashedIndx,
PDWORD pdwClientInstance
)
{
DWORD dwError = 0;
PVECS_STORE_CONTEXT_LIST pContextListCursor = NULL;
PVECS_STORE_CONTEXT_LIST pContextListEntryNew = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContextTmp = NULL;
DWORD dwClientInstance = 0;
VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx];
if (!pSecurityContext ||
!pdwClientInstance
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
pContextListCursor = storeMapEntry.pStoreContextList;
while (pContextListCursor)
{
if (VmAfdEqualsSecurityContext(
pContextListCursor->pSecurityContext,
pSecurityContext
)
)
{
dwError = VmAfdGetOpenClientInstance(
pContextListCursor,
&dwClientInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
pContextListCursor->dwClientInstances =
pContextListCursor->dwClientInstances |
dwClientInstance;
break;
}
pContextListCursor = pContextListCursor->pNext;
}
if (pContextListCursor == NULL)
{
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&pSecurityContextTmp
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VECS_STORE_CONTEXT_LIST),
(PVOID *)&pContextListEntryNew
);
BAIL_ON_VMAFD_ERROR (dwError);
pContextListEntryNew->pSecurityContext = pSecurityContextTmp;
pContextListEntryNew->dwClientInstances = 1;
pContextListEntryNew->pNext = storeMapEntry.pStoreContextList;
if (storeMapEntry.pStoreContextList)
{
storeMapEntry.pStoreContextList->pPrev =
pContextListEntryNew;
}
gVecsGlobalStoreMap[dwHashedIndx].pStoreContextList = pContextListEntryNew;
dwClientInstance = 1;
}
*pdwClientInstance = dwClientInstance;
cleanup:
return dwError;
error:
if (pdwClientInstance)
{
*pdwClientInstance = 0;
}
if (pContextListEntryNew)
{
VmAfdFreeContextListEntry(
pContextListEntryNew
);
}
if (pSecurityContextTmp)
{
VmAfdFreeSecurityContext(
pSecurityContextTmp
);
}
goto cleanup;
}
static
DWORD
VmAfdInitializeStoreEntry (
DWORD dwStoreId,
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwHashedIndx
)
{
DWORD dwError = 0;
PVECS_SERV_STORE pStore = NULL;
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor = NULL;
PVECS_STORE_CONTEXT_LIST pStoreContextList = NULL;
VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx];
if (!dwStoreId ||
!pSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VECS_SERV_STORE),
(PVOID *)&pStore
);
BAIL_ON_VMAFD_ERROR (dwError);
pStore->refCount = 1;
pStore->dwStoreId = dwStoreId;
dwError = VecsDbGetSecurityDescriptor (
dwStoreId,
&pSecurityDescriptor
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VECS_STORE_CONTEXT_LIST),
(PVOID *)&pStoreContextList
);
BAIL_ON_VMAFD_ERROR (dwError);
pStoreContextList->dwClientInstances = 1;
dwError = VmAfdCopySecurityContext(
pSecurityContext,
&pStoreContextList->pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
storeMapEntry.pStore = pStore;
storeMapEntry.pSecurityDescriptor = pSecurityDescriptor;
storeMapEntry.pStoreContextList = pStoreContextList;
dwError = VmAfdGenRandom (
&(storeMapEntry.dwStoreSessionID)
);
BAIL_ON_VMAFD_ERROR (dwError);
gVecsGlobalStoreMap[dwHashedIndx] = storeMapEntry;
cleanup:
return dwError;
error:
if (pStore)
{
VecsSrvReleaseCertStore (pStore);
}
if (pSecurityDescriptor)
{
VmAfdFreeSecurityDescriptor (pSecurityDescriptor);
}
if (pStoreContextList)
{
VmAfdFreeContextList (pStoreContextList);
}
goto cleanup;
}
