--- trunk/reactos/lib/aclui/aclui.c 2005-11-03 02:36:09 UTC (rev 18971)
+++ trunk/reactos/lib/aclui/aclui.c 2005-11-03 11:28:56 UTC (rev 18972)
@@ -30,6 +30,45 @@
HINSTANCE hDllInstance;
+static PSID
+AceHeaderToSID(IN PACE_HEADER AceHeader)
+{
+ PSID Sid = NULL;
+ switch (AceHeader->AceType)
+ {
+ case ACCESS_ALLOWED_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_ALLOWED_ACE)AceHeader)->SidStart;
+ break;
+#if 0
+ case ACCESS_ALLOWED_CALLBACK_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_ALLOWED_CALLBACK_ACE)AceHeader)->SidStart;
+ break;
+ case ACCESS_ALLOWED_CALLBACK_OBJECT_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_ALLOWED_CALLBACK_OBJECT_ACE)AceHeader)->SidStart;
+ break;
+#endif
+ case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_ALLOWED_OBJECT_ACE)AceHeader)->SidStart;
+ break;
+ case ACCESS_DENIED_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_DENIED_ACE)AceHeader)->SidStart;
+ break;
+#if 0
+ case ACCESS_DENIED_CALLBACK_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_DENIED_CALLBACK_ACE)AceHeader)->SidStart;
+ break;
+ case ACCESS_DENIED_CALLBACK_OBJECT_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_DENIED_CALLBACK_OBJECT_ACE)AceHeader)->SidStart;
+ break;
+#endif
+ case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
+ Sid = (PSID)&((PACCESS_DENIED_OBJECT_ACE)AceHeader)->SidStart;
+ break;
+ }
+
+ return Sid;
+}
+
static VOID
DestroySecurityPage(IN PSECURITY_PAGE sp)
{
@@ -49,10 +88,22 @@
FreePrincipalsList(IN PPRINCIPAL_LISTITEM *PrincipalsListHead)
{
PPRINCIPAL_LISTITEM CurItem, NextItem;
+ PACE_ENTRY AceEntry, NextAceEntry;
CurItem = *PrincipalsListHead;
while (CurItem != NULL)
{
+ /* Free all ACEs */
+ AceEntry = CurItem->ACEs;
+ while (AceEntry != NULL)
+ {
+ NextAceEntry = AceEntry->Next;
+ HeapFree(GetProcessHeap(),
+ 0,
+ AceEntry);
+ AceEntry = NextAceEntry;
+ }
+
/* free the SID string if present */
if (CurItem->DisplayString != NULL)
{
@@ -70,9 +121,40 @@
*PrincipalsListHead = NULL;
}
+static PACE_ENTRY
+AddAceToPrincipal(IN PPRINCIPAL_LISTITEM Principal,
+ IN PACE_HEADER AceHeader)
+{
+ PACE_ENTRY AceEntry, *AceLink;
+
+ AceEntry = HeapAlloc(GetProcessHeap(),
+ 0,
+ sizeof(ACE_ENTRY) + AceHeader->AceSize);
+ if (AceEntry != NULL)
+ {
+ AceEntry->Next = NULL;
+
+ /* copy the ACE */
+ CopyMemory(AceEntry + 1,
+ AceHeader,
+ AceHeader->AceSize);
+
+ /* append it to the list */
+ AceLink = &Principal->ACEs;
+ while (*AceLink != NULL)
+ {
+ AceLink = &(*AceLink)->Next;
+ }
+ *AceLink = AceEntry;
+ }
+
+ return AceEntry;
+}
+
static PPRINCIPAL_LISTITEM
-FindSidInPrincipalsList(IN PPRINCIPAL_LISTITEM PrincipalsListHead,
- IN PSID Sid)
+FindSidInPrincipalsListAddAce(IN PPRINCIPAL_LISTITEM PrincipalsListHead,
+ IN PSID Sid,
+ IN PACE_HEADER AceHeader)
{
PPRINCIPAL_LISTITEM CurItem;
@@ -83,7 +165,14 @@
if (EqualSid((PSID)(CurItem + 1),
Sid))
{
- return CurItem;
+ if (AddAceToPrincipal(CurItem,
+ AceHeader) != NULL)
+ {
+ return CurItem;
+ }
+
+ /* unable to add the ACE to the principal */
+ break;
}
}
@@ -92,15 +181,21 @@
static BOOL
AddPrincipalToList(IN PSECURITY_PAGE sp,
- IN PSID Sid)
+ IN PSID Sid,
+ IN PACE_HEADER AceHeader)
{
- if (!FindSidInPrincipalsList(sp->PrincipalsListHead,
- Sid))
+ PPRINCIPAL_LISTITEM PrincipalListItem = NULL;
+ PACE_ENTRY AceEntry = NULL;
+ BOOL Ret = FALSE;
+
+ if (!FindSidInPrincipalsListAddAce(sp->PrincipalsListHead,
+ Sid,
+ AceHeader))
{
DWORD SidLength, AccountNameSize, DomainNameSize;
SID_NAME_USE SidNameUse;
DWORD LookupResult;
- PPRINCIPAL_LISTITEM AceListItem, *NextAcePtr;
+ PPRINCIPAL_LISTITEM PrincipalListItem, *PrincipalLink;
AccountNameSize = 0;
DomainNameSize = 0;
@@ -118,69 +213,82 @@
if (LookupResult != ERROR_NONE_MAPPED &&
LookupResult != ERROR_INSUFFICIENT_BUFFER)
{
- return FALSE;
+ goto Cleanup;
}
}
- NextAcePtr = &sp->PrincipalsListHead;
- for (AceListItem = sp->PrincipalsListHead;
- AceListItem != NULL;
- AceListItem = AceListItem->Next)
+ PrincipalLink = &sp->PrincipalsListHead;
+ while (*PrincipalLink != NULL)
{
- NextAcePtr = &AceListItem->Next;
+ PrincipalLink = &(*PrincipalLink)->Next;
}
SidLength = GetLengthSid(Sid);
- /* allocate the ace */
- AceListItem = HeapAlloc(GetProcessHeap(),
- 0,
- sizeof(PRINCIPAL_LISTITEM) + SidLength +
- ((AccountNameSize + DomainNameSize) * sizeof(WCHAR)));
- if (AceListItem != NULL)
+ /* allocate the principal */
+ PrincipalListItem = HeapAlloc(GetProcessHeap(),
+ 0,
+ sizeof(PRINCIPAL_LISTITEM) + SidLength +
+ ((AccountNameSize + DomainNameSize) * sizeof(WCHAR)));
+ if (PrincipalListItem != NULL)
{
- AceListItem->AccountName = (LPWSTR)((ULONG_PTR)(AceListItem + 1) + SidLength);
- AceListItem->DomainName = AceListItem->AccountName + AccountNameSize;
+ PrincipalListItem->AccountName = (LPWSTR)((ULONG_PTR)(PrincipalListItem + 1) + SidLength);
+ PrincipalListItem->DomainName = PrincipalListItem->AccountName + AccountNameSize;
CopySid(SidLength,
- (PSID)(AceListItem + 1),
+ (PSID)(PrincipalListItem + 1),
Sid);
LookupResult = ERROR_SUCCESS;
if (!LookupAccountSid(sp->ServerName,
Sid,
- AceListItem->AccountName,
+ PrincipalListItem->AccountName,
&AccountNameSize,
- AceListItem->DomainName,
+ PrincipalListItem->DomainName,
&DomainNameSize,
&SidNameUse))
{
LookupResult = GetLastError();
if (LookupResult != ERROR_NONE_MAPPED)
{
- HeapFree(GetProcessHeap(),
- 0,
- AceListItem);
- return FALSE;
+ goto Cleanup;
}
}
if (AccountNameSize == 0)
{
- AceListItem->AccountName = NULL;
+ PrincipalListItem->AccountName = NULL;
}
if (DomainNameSize == 0)
{
- AceListItem->DomainName = NULL;
+ PrincipalListItem->DomainName = NULL;
}
- AceListItem->Next = NULL;
+ /* allocate some memory for the ACE and copy it */
+ AceEntry = HeapAlloc(GetProcessHeap(),
+ 0,
+ sizeof(ACE_ENTRY) + AceHeader->AceSize);
+ if (AceEntry == NULL)
+ {
+ goto Cleanup;
+ }
+ AceEntry->Next = NULL;
+ CopyMemory(AceEntry + 1,
+ AceHeader,
+ AceHeader->AceSize);
+
+ /* add the ACE to the list */
+ PrincipalListItem->ACEs = AceEntry;
+
+ PrincipalListItem->Next = NULL;
+ Ret = TRUE;
+
if (LookupResult == ERROR_NONE_MAPPED)
{
if (!ConvertSidToStringSid(Sid,
- &AceListItem->DisplayString))
+ &PrincipalListItem->DisplayString))
{
- AceListItem->DisplayString = NULL;
+ PrincipalListItem->DisplayString = NULL;
}
}
else
@@ -188,7 +296,7 @@
LSA_HANDLE LsaHandle;
NTSTATUS Status;
- AceListItem->DisplayString = NULL;
+ PrincipalListItem->DisplayString = NULL;
/* read the domain of the SID */
if (OpenLSAPolicyHandle(sp->ServerName,
@@ -220,7 +328,7 @@
DomainName = NULL;
}
- AceListItem->SidNameUse = Names->Use;
+ PrincipalListItem->SidNameUse = Names->Use;
switch (Names->Use)
{
@@ -236,7 +344,7 @@
DomainName = &PolicyAccountDomainInfo->DomainName;
/* make the user believe this is a group */
- AceListItem->SidNameUse = SidTypeGroup;
+ PrincipalListItem->SidNameUse = SidTypeGroup;
}
}
/* fall through */
@@ -247,19 +355,19 @@
{
SIZE_T Size = (AccountNameSize + DomainName->Length +
Names->Name.Length + 6) * sizeof(WCHAR);
- AceListItem->DisplayString = (LPWSTR)LocalAlloc(LMEM_FIXED,
+ PrincipalListItem->DisplayString = (LPWSTR)LocalAlloc(LMEM_FIXED,
Size);
- if (AceListItem->DisplayString != NULL)
+ if (PrincipalListItem->DisplayString != NULL)
{
WCHAR *s;
/* NOTE: LSA_UNICODE_STRINGs are not always NULL-terminated! */
- wcscpy(AceListItem->DisplayString,
- AceListItem->AccountName);
- wcscat(AceListItem->DisplayString,
+ wcscpy(PrincipalListItem->DisplayString,
+ PrincipalListItem->AccountName);
+ wcscat(PrincipalListItem->DisplayString,
L" (");
- s = AceListItem->DisplayString + wcslen(AceListItem->DisplayString);
+ s = PrincipalListItem->DisplayString + wcslen(PrincipalListItem->DisplayString);
CopyMemory(s,
DomainName->Buffer,
DomainName->Length);
@@ -272,12 +380,17 @@
*(s++) = L')';
*s = L'\0';
}
+ else
+ {
+ Ret = FALSE;
+ break;
+ }
/* mark the ace as a user unless it's a
BUILTIN account */
if (PolicyAccountDomainInfo == NULL)
{
- AceListItem->SidNameUse = SidTypeUser;
+ PrincipalListItem->SidNameUse = SidTypeUser;
}
}
break;
@@ -286,7 +399,7 @@
case SidTypeWellKnownGroup:
{
/* make the user believe this is a group */
- AceListItem->SidNameUse = SidTypeGroup;
+ PrincipalListItem->SidNameUse = SidTypeGroup;
break;
}
@@ -309,12 +422,38 @@
}
}
- /* append item to the cached ACL */
- *NextAcePtr = AceListItem;
+ if (Ret)
+ {
+ /* append item to the principals list */
+ *PrincipalLink = PrincipalListItem;
+ }
}
}
- return TRUE;
+ if (!Ret)
+ {
+Cleanup:
+ if (PrincipalListItem != NULL)
+ {
+ if (PrincipalListItem->DisplayString != NULL)
+ {
+ LocalFree((HLOCAL)PrincipalListItem->DisplayString);
+ }
+
+ HeapFree(GetProcessHeap(),
+ 0,
+ PrincipalListItem);
+ }
+
+ if (AceEntry != NULL)
+ {
+ HeapFree(GetProcessHeap(),
+ 0,
+ AceEntry);
+ }
+ }
+
+ return Ret;
}
static VOID
@@ -342,21 +481,24 @@
DaclPresent && Dacl != NULL)
{
PSID Sid;
- PVOID Ace;
+ PACE_HEADER AceHeader;
ULONG AceIndex;
for (AceIndex = 0;
AceIndex < Dacl->AceCount;
AceIndex++)
{
- GetAce(Dacl,
- AceIndex,
- &Ace);
+ if (GetAce(Dacl,
+ AceIndex,
+ (LPVOID*)&AceHeader) &&
+ AceHeader != NULL)
+ {
+ Sid = AceHeaderToSID(AceHeader);
- Sid = (PSID)&((PACCESS_ALLOWED_ACE)Ace)->SidStart;
-
- AddPrincipalToList(sp,
- Sid);
+ AddPrincipalToList(sp,
+ Sid,
+ AceHeader);
+ }
}
}
LocalFree((HLOCAL)SecurityDescriptor);
@@ -534,18 +676,21 @@
HRESULT hRet;
PSI_ACCESS AccessList;
ULONG nAccessList, DefaultAccessIndex;
-
+ WCHAR szSpecialPermissions[255];
+ BOOLEAN SpecialPermissionsPresent = FALSE;
+ ACCESS_MASK SpecialPermissionsMask = 0;
+
/* clear the permissions list */
-
+
SendMessage(sp->hAceCheckList,
CLM_CLEAR,
0,
0);
-
+
/* query the access rights from the server */
hRet = sp->psi->lpVtbl->GetAccessRights(sp->psi,
GuidObjectType,
- dwFlags,
+ dwFlags, /* FIXME */
&AccessList,
&nAccessList,
&DefaultAccessIndex);
@@ -554,13 +699,13 @@
LPCWSTR NameStr;
PSI_ACCESS CurAccess, LastAccess;
WCHAR NameBuffer[MAX_PATH];
-
+
/* save the default access rights to be used when adding ACEs later */
if (DefaultAccess != NULL)
{
*DefaultAccess = AccessList[DefaultAccessIndex];
}
-
+
LastAccess = AccessList + nAccessList;
for (CurAccess = &AccessList[0];
CurAccess != LastAccess;
@@ -590,11 +735,38 @@
SendMessage(sp->hAceCheckList,
CLM_ADDITEM,
- CIS_NONE,
+ (WPARAM)CurAccess->mask,
(LPARAM)NameStr);
}
+ else if (CurAccess->dwFlags & SI_ACCESS_SPECIFIC)
+ {
+ SpecialPermissionsPresent = TRUE;
+ SpecialPermissionsMask |= CurAccess->mask;
+ }
}
}
+
+ /* add the special permissions check item in case the specific access rights
+ aren't displayed */
+ if (SpecialPermissionsPresent &&
+ LoadString(hDllInstance,
+ IDS_SPECIAL_PERMISSIONS,
+ szSpecialPermissions,
+ sizeof(szSpecialPermissions) / sizeof(szSpecialPermissions[0])))
+ {
+ /* add the special permissions check item */
+ sp->SpecialPermCheckIndex = (INT)SendMessage(sp->hAceCheckList,
+ CLM_ADDITEM,
+ (WPARAM)SpecialPermissionsMask,
+ (LPARAM)szSpecialPermissions);
+ if (sp->SpecialPermCheckIndex != -1)
+ {
+ SendMessage(sp->hAceCheckList,
+ CLM_SETITEMSTATE,
+ (WPARAM)sp->SpecialPermCheckIndex,
+ CIS_ALLOWDISABLED | CIS_DENYDISABLED | CIS_NONE);
+ }
+ }
}
static VOID
@@ -839,17 +1011,63 @@
hWndDeny);
}
+static PACE_HEADER
+BuildDefaultPrincipalAce(IN PSECURITY_PAGE sp,
+ IN PSID pSid)
+{
+ PACCESS_ALLOWED_ACE Ace;
+ DWORD SidLen;
+ WORD AceSize;
+
+ SidLen = GetLengthSid(pSid);
+ AceSize = sizeof(ACCESS_ALLOWED_ACE) + (WORD)SidLen - sizeof(DWORD);
+ Ace = HeapAlloc(GetProcessHeap(),
+ 0,
+ AceSize);
+ if (Ace != NULL)
+ {
+ Ace->Header.AceType = ACCESS_ALLOWED_ACE_TYPE;
+ Ace->Header.AceFlags = 0; /* FIXME */
+ Ace->Header.AceSize = AceSize;
+ Ace->Mask = sp->DefaultAccess.mask;
+
+ if (CopySid(SidLen,
+ (PSID)&Ace->SidStart,
+ pSid))
+ {
+ return &Ace->Header;
+ }
+
+ HeapFree(GetProcessHeap(),
+ 0,
+ Ace);
+ }
+
+ return NULL;
+}
+
static BOOL
AddSelectedPrincipal(IN IDsObjectPicker *pDsObjectPicker,
IN HWND hwndParent OPTIONAL,
IN PSID pSid,
IN PVOID Context OPTIONAL)
{
+ PACE_HEADER AceHeader;
PSECURITY_PAGE sp = (PSECURITY_PAGE)Context;
- AddPrincipalToList(sp,
- pSid);
+ AceHeader = BuildDefaultPrincipalAce(sp,
+ pSid);
+ if (AceHeader != NULL)
+ {
+ AddPrincipalToList(sp,
+ pSid,
+ AceHeader);
+ HeapFree(GetProcessHeap(),
+ 0,
+ AceHeader);
+ }
+
return TRUE;
}
@@ -1041,23 +1259,9 @@
/* hide controls in case the flags aren't present */
if (sp->ObjectInfo.dwFlags & SI_ADVANCED)
{
- WCHAR szSpecialPermissions[255];
-
/* editing the permissions is least the user can do when
the advanced button is showed */
sp->ObjectInfo.dwFlags |= SI_EDIT_PERMS;
-
- if (LoadString(hDllInstance,
- IDS_SPECIAL_PERMISSIONS,
- szSpecialPermissions,
- sizeof(szSpecialPermissions) / sizeof(szSpecialPermissions[0])))
- {
- /* add the special permissions check item */
- sp->SpecialPermCheckIndex = (INT)SendMessage(sp->hAceCheckList,
- CLM_ADDITEM,
- CIS_ALLOWDISABLED | CIS_DENYDISABLED | CIS_NONE,
- (LPARAM)szSpecialPermissions);
- }
}
else
{
@@ -1254,7 +1458,8 @@
return Ret;
}
-BOOL STDCALL
+BOOL
+WINAPI
DllMain(IN HINSTANCE hinstDLL,
IN DWORD dwReason,
IN LPVOID lpvReserved)