DWORD
VmAfdInitializeSecurityContext(
PVM_AFD_CONNECTION pConnection,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0 ;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (ppSecurityContext == NULL){
dwError = ERROR_INVALID_PARAMETER ;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = gIPCVtable.pfnInitializeSecurityContext(
pConnection,
&pSecurityContext);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext != NULL){
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdModifyOwner(
PVECS_SERV_STORE pStore,
PCWSTR pszUserName,
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContextToClean = NULL;
if (IsNullOrEmptyString (pszUserName) ||
!pSecurityDescriptor ||
!pStore
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateContextFromName (
pszUserName,
&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContextToClean = pSecurityContext;
dwError = VmAfdCheckOwnerShip (
pStore,
pSecurityContext
);
if (dwError == 0)
{
goto cleanup;
}
dwError = 0;
pSecurityContextToClean = pSecurityDescriptor->pOwnerSecurityContext;
pSecurityDescriptor->pOwnerSecurityContext = pSecurityContext;
cleanup:
if (pSecurityContextToClean)
{
VmAfdFreeSecurityContext (pSecurityContextToClean);
}
return dwError;
error:
goto cleanup;
}
DWORD
VmAfdCreateWellKnownContextImpl (
VM_AFD_CONTEXT_TYPE contextType,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (!ppSecurityContext)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
switch (contextType)
{
case VM_AFD_CONTEXT_TYPE_ROOT:
pSecurityContext->uid = 0;
break;
case VM_AFD_CONTEXT_TYPE_EVERYONE:
pSecurityContext->uid = EVERYONE_UID;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
break;
}
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
VOID
VmAfdFreeConnectionContext(
PVM_AFD_CONNECTION_CONTEXT pConnectionContext
)
{
if (pConnectionContext != NULL)
{
VmAfdFreeSecurityContext(pConnectionContext->pSecurityContext);
}
VMAFD_SAFE_FREE_MEMORY (pConnectionContext);
}
DWORD
VmAfdCreateAnonymousConnectionContextImpl(
PVM_AFD_CONNECTION_CONTEXT *ppConnectionContext
)
{
DWORD dwError = 0;
PVM_AFD_CONNECTION_CONTEXT pConnectionContext = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (ppConnectionContext == NULL)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof(VM_AFD_CONNECTION_CONTEXT),
(PVOID *) &pConnectionContext
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory(
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = 0;
pConnectionContext->pConnection = NULL;
pConnectionContext->pSecurityContext = pSecurityContext;
pConnectionContext->bAnonymousContext = TRUE;
*ppConnectionContext = pConnectionContext;
cleanup:
return dwError;
error:
if (ppConnectionContext != NULL){
*ppConnectionContext = NULL;
}
if (pSecurityContext){
VmAfdFreeSecurityContext(pSecurityContext);
}
if (pConnectionContext){
VmAfdFreeMemory(pConnectionContext);
}
goto cleanup;
}
DWORD
VmAfdAllocateContextFromNameImpl (
PCWSTR pszAccountName,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
struct passwd *pd = NULL;
PSTR psazAccountName = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
dwError = VmAfdAllocateStringAFromW (
pszAccountName,
&psazAccountName
);
BAIL_ON_VMAFD_ERROR (dwError);
pd = getpwnam (psazAccountName);
if (pd == NULL)
{
dwError = ERROR_NONE_MAPPED;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = pd->pw_uid;
*ppSecurityContext = pSecurityContext;
cleanup:
VMAFD_SAFE_FREE_MEMORY (psazAccountName);
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext(pSecurityContext);
}
goto cleanup;
}
VOID
VmAfdFreeAce (
PVMAFD_ACE pAce
)
{
if (pAce)
{
if (pAce->pSecurityContext)
{
VmAfdFreeSecurityContext(
pAce->pSecurityContext
);
}
VMAFD_SAFE_FREE_MEMORY (pAce);
}
}
static
VOID
VmAfdFreeContextListEntry (
PVECS_STORE_CONTEXT_LIST pContextListEntry
)
{
if (pContextListEntry)
{
if (pContextListEntry->pSecurityContext)
{
VmAfdFreeSecurityContext(
pContextListEntry->pSecurityContext
);
}
VMAFD_SAFE_FREE_MEMORY (pContextListEntry);
}
}
DWORD
VmAfdCopySecurityContextImpl (
PVM_AFD_SECURITY_CONTEXT pSecurityContextSrc,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContextDst
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (!pSecurityContextSrc ||
!ppSecurityContextDst
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *) &pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = pSecurityContextSrc->uid;
*ppSecurityContextDst = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContextDst)
{
*ppSecurityContextDst = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdDecodeSecurityContextImpl (
PBYTE pByteSecurityContext,
DWORD dwBuffSize,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (dwBuffSize < sizeof (VM_AFD_SECURITY_CONTEXT))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory (
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = ((PVM_AFD_SECURITY_CONTEXT)
pByteSecurityContext)->uid;
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdCopySecurityContext (
PVM_AFD_SECURITY_CONTEXT pSecurityContextSrc,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContextDst
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (!pSecurityContextSrc ||
!ppSecurityContextDst
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = gIPCVtable.pfnCopySecurityContext(
pSecurityContextSrc,
&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContextDst = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContextDst)
{
*ppSecurityContextDst = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdDecodeSecurityContext (
PBYTE pByteSecurityContext,
DWORD dwBufSize,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (!pByteSecurityContext ||
!ppSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = gIPCVtable.pfnDecodeSecurityContext (
pByteSecurityContext,
dwBufSize,
&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
VOID
VmAfdFreeSecurityDescriptor (
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor
)
{
if (pSecurityDescriptor)
{
if (pSecurityDescriptor->pOwnerSecurityContext)
{
VmAfdFreeSecurityContext (
pSecurityDescriptor->pOwnerSecurityContext
);
}
if (pSecurityDescriptor->pAcl)
{
VmAfdFreeAcl (pSecurityDescriptor->pAcl);
}
VMAFD_SAFE_FREE_MEMORY (pSecurityDescriptor);
}
}
VOID
VmAfdFreeAceList (
PVMAFD_ACE_LIST pAceList
)
{
PVMAFD_ACE_LIST pAceListCurr = pAceList;
PVMAFD_ACE_LIST pAceListNext = NULL;
while (pAceListCurr)
{
pAceListNext = pAceListCurr->pNext;
if (pAceListCurr->Ace.pSecurityContext)
{
VmAfdFreeSecurityContext (pAceListCurr->Ace.pSecurityContext);
}
VMAFD_SAFE_FREE_MEMORY (pAceListCurr);
pAceListCurr = pAceListNext;
}
}
DWORD
VmAfdCreateWellKnownContext (
VM_AFD_CONTEXT_TYPE contextType,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (!ppSecurityContext)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = gIPCVtable.pfnCreateWellKnownContext (
contextType,
&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdAllocateContextFromName (
PCWSTR pszAccountName,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if (IsNullOrEmptyString(pszAccountName) ||
!ppSecurityContext
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = gIPCVtable.pfnAllocateContextFromName (
pszAccountName,
&pSecurityContext
);
BAIL_ON_VMAFD_ERROR (dwError);
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext)
{
*ppSecurityContext = NULL;
}
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
goto cleanup;
}
DWORD
VmAfdInitializeSecurityContextImpl(
PVM_AFD_CONNECTION pConnection,
PVM_AFD_SECURITY_CONTEXT *ppSecurityContext
)
{
DWORD dwError = 0;
struct ucred credentials = {0};
int credLength = sizeof (struct ucred);
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
if ((getsockopt (
pConnection->fd,
SOL_SOCKET,
SO_PEERCRED,
&credentials,
&credLength)) < 0){
dwError = LwErrnoToWin32Error (errno);
BAIL_ON_VMAFD_ERROR (dwError);
}
dwError = VmAfdAllocateMemory(
sizeof (VM_AFD_SECURITY_CONTEXT),
(PVOID *)&pSecurityContext);
BAIL_ON_VMAFD_ERROR (dwError);
pSecurityContext->uid = credentials.uid;
*ppSecurityContext = pSecurityContext;
cleanup:
return dwError;
error:
if (ppSecurityContext != NULL){
*ppSecurityContext = NULL;
}
if (pSecurityContext){
VmAfdFreeSecurityContext(pSecurityContext);
}
goto cleanup;
}
static
DWORD
VmAfdCreateNewClientInstance (
PVM_AFD_SECURITY_CONTEXT pSecurityContext,
DWORD dwHashedIndx,
PDWORD pdwClientInstance
)
{
DWORD dwError = 0;
PVECS_STORE_CONTEXT_LIST pContextListCursor = NULL;
PVECS_STORE_CONTEXT_LIST pContextListEntryNew = NULL;
PVM_AFD_SECURITY_CONTEXT pSecurityContextTmp = NULL;
DWORD dwClientInstance = 0;
VECS_SRV_STORE_MAP storeMapEntry = gVecsGlobalStoreMap[dwHashedIndx];
if (!pSecurityContext ||
!pdwClientInstance
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
pContextListCursor = storeMapEntry.pStoreContextList;
while (pContextListCursor)
{
if (VmAfdEqualsSecurityContext(
pContextListCursor->pSecurityContext,
pSecurityContext
)
)
{
dwError = VmAfdGetOpenClientInstance(
pContextListCursor,
&dwClientInstance
);
BAIL_ON_VMAFD_ERROR (dwError);
pContextListCursor->dwClientInstances =
pContextListCursor->dwClientInstances |
dwClientInstance;
break;
}
pContextListCursor = pContextListCursor->pNext;
}
if (pContextListCursor == NULL)
{
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&pSecurityContextTmp
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VECS_STORE_CONTEXT_LIST),
(PVOID *)&pContextListEntryNew
);
BAIL_ON_VMAFD_ERROR (dwError);
pContextListEntryNew->pSecurityContext = pSecurityContextTmp;
pContextListEntryNew->dwClientInstances = 1;
pContextListEntryNew->pNext = storeMapEntry.pStoreContextList;
if (storeMapEntry.pStoreContextList)
{
storeMapEntry.pStoreContextList->pPrev =
pContextListEntryNew;
}
gVecsGlobalStoreMap[dwHashedIndx].pStoreContextList = pContextListEntryNew;
dwClientInstance = 1;
}
*pdwClientInstance = dwClientInstance;
cleanup:
return dwError;
error:
if (pdwClientInstance)
{
*pdwClientInstance = 0;
}
if (pContextListEntryNew)
{
VmAfdFreeContextListEntry(
pContextListEntryNew
);
}
if (pSecurityContextTmp)
{
VmAfdFreeSecurityContext(
pSecurityContextTmp
);
}
goto cleanup;
}
DWORD
VmAfdModifyPermissions (
PVECS_SERV_STORE pStore,
PCWSTR pszServiceName,
DWORD accessMask,
VMAFD_ACE_TYPE aceType,
PVMAFD_SECURITY_DESCRIPTOR pSecurityDescriptor,
VMW_IPC_MODIFY_PERMISSIONS modifyType
)
{
DWORD dwError = 0;
PVM_AFD_SECURITY_CONTEXT pSecurityContext = NULL;
PVMAFD_ACL pAcl = NULL;
PVMAFD_ACE_LIST pAceList = NULL;
PVMAFD_ACE_LIST pAceListCursor = NULL;
PVMAFD_ACE_LIST pAceListNew = NULL;
WCHAR wszEveryone[] = GROUP_EVERYONE_W;
if (IsNullOrEmptyString (pszServiceName) ||
!pSecurityDescriptor ||
!modifyType ||
!pStore ||
!accessMask
)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
if (VmAfdStringIsEqualW(
pszServiceName,
wszEveryone,
FALSE
)
)
{
dwError = VmAfdCreateWellKnownContext (
VM_AFD_CONTEXT_TYPE_EVERYONE,
&pSecurityContext
);
}
else
{
dwError = VmAfdAllocateContextFromName (
pszServiceName,
&pSecurityContext
);
}
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCheckOwnerShip (
pStore,
pSecurityContext
);
if (dwError == 0)
{
goto cleanup;
}
dwError = 0;
if (
!pSecurityDescriptor->pAcl &&
modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE
)
{
dwError = VmAfdAllocateMemory(
sizeof (VMAFD_ACL),
(PVOID *) &pAcl
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACE_LIST),
(PVOID *) pAceList
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext(
pSecurityContext,
&(pAceList->Ace.pSecurityContext
)
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceList->Ace.accessMask = accessMask;
pAceList->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAceList->Ace.type = aceType;
pAcl->pAceList = pAceList;
pAcl->dwAceCount ++;
pSecurityDescriptor->pAcl = pAcl;
}
else if (pSecurityDescriptor->pAcl)
{
pAceListCursor = pSecurityDescriptor->pAcl->pAceList;
while (pAceListCursor)
{
if (
VmAfdEqualsSecurityContext(
pSecurityContext,
pAceListCursor->Ace.pSecurityContext
)
&&
pAceListCursor->Ace.type == aceType
)
{
break;
}
pAceListCursor = pAceListCursor->pNext;
}
if (
!pAceListCursor &&
modifyType != VMW_IPC_MODIFY_PERMISSIONS_REVOKE
)
{
dwError = VmAfdAllocateMemory (
sizeof (VMAFD_ACE_LIST),
(PVOID *) &pAceListNew
);
BAIL_ON_VMAFD_ERROR (dwError);
dwError = VmAfdCopySecurityContext (
pSecurityContext,
&(pAceListNew->Ace.pSecurityContext)
);
BAIL_ON_VMAFD_ERROR (dwError);
pAceListNew->pNext = pSecurityDescriptor->pAcl->pAceList;
pAceListNew->Ace.accessMask = accessMask;
pAceListNew->Ace.changeStatus = VMAFD_UPDATE_STATUS_NEW;
pAceListNew->Ace.type = aceType;
pSecurityDescriptor->pAcl->pAceList = pAceListNew;
pSecurityDescriptor->pAcl->dwAceCount ++;
}
else if (pAceListCursor)
{
switch (modifyType)
{
case VMW_IPC_MODIFY_PERMISSIONS_SET:
pAceListCursor->Ace.accessMask = accessMask;
break;
case VMW_IPC_MODIFY_PERMISSIONS_ADD:
pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask |
accessMask;
break;
case VMW_IPC_MODIFY_PERMISSIONS_REVOKE:
pAceListCursor->Ace.accessMask = pAceListCursor->Ace.accessMask &
~accessMask;
break;
default:
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAFD_ERROR (dwError);
}
pAceListCursor->Ace.changeStatus = VMAFD_UPDATE_STATUS_MODIFIED;
}
}
if (pSecurityDescriptor->changeStatus == VMAFD_UPDATE_STATUS_UNCHANGED)
{
pSecurityDescriptor->changeStatus = VMAFD_UPDATE_STATUS_MODIFIED;
}
cleanup:
if (pSecurityContext)
{
VmAfdFreeSecurityContext (pSecurityContext);
}
return dwError;
error:
if (pAcl)
{
VmAfdFreeAcl (pAcl);
}
if (pAceList)
{
VmAfdFreeAceList (pAceList);
}
if (pAceListNew)
{
VmAfdFreeAceList (pAceListNew);
}
goto cleanup;
}
