1 files changed, 239 insertions, 0 deletions
diff --git a/private/ole32/com/dcomrem/security.hxx b/private/ole32/com/dcomrem/security.hxx
new file mode 100644
index 000000000..96b48f760
--- /dev/null
+++ b/private/ole32/com/dcomrem/security.hxx
@@ -0,0 +1,239 @@
+//+-------------------------------------------------------------------
+//
+//  File:       security.hxx
+//
+//  Contents:   Classes for channel security
+//
+//  Classes:    CClientSecurity, CServerSecurity
+//
+//  History:    11 Oct 95       AlexMit Created
+//
+//--------------------------------------------------------------------
+#ifndef _SECURITY_HXX_
+#define _SECURITY_HXX_
+
+#include <chancont.hxx>
+
+//+----------------------------------------------------------------
+// Typedefs.
+typedef enum
+{
+    SS_PROCESS_LOCAL = 0x1,     // Client and server are in same process
+    SS_CALL_DONE     = 0x2,     // Call is complete, fail new calls to impersonate
+    SS_IMPERSONATING = 0x4      // Server has called impersonate
+} EServerSecurity;
+
+//+----------------------------------------------------------------
+//
+//  Class:      CClientSecurity, public
+//
+//  Purpose:    Provides security for proxies
+//
+//-----------------------------------------------------------------
+
+class CStdIdentity;
+
+class CClientSecurity : public IClientSecurity
+{
+  public:
+    CClientSecurity( CStdIdentity *pId ) { _pStdId = pId; }
+    ~CClientSecurity() {}
+
+    STDMETHOD (QueryBlanket)
+    (
+        IUnknown                *pProxy,
+        DWORD                   *pAuthnSvc,
+        DWORD                   *pAuthzSvc,
+        OLECHAR                **pServerPrincName,
+        DWORD                   *pAuthnLevel,
+        DWORD                   *pImpLevel,
+        void                   **pAuthInfo,
+        DWORD                   *pCapabilities
+    );
+
+    STDMETHOD (SetBlanket)
+    (
+        IUnknown                 *pProxy,
+        DWORD                     AuthnSvc,
+        DWORD                     AuthzSvc,
+        OLECHAR                  *ServerPrincName,
+        DWORD                     AuthnLevel,
+        DWORD                     ImpLevel,
+        void                     *pAuthInfo,
+        DWORD                     Capabilities
+    );
+
+    STDMETHOD (CopyProxy)
+    (
+        IUnknown    *pProxy,
+        IUnknown   **ppCopy
+    );
+
+  private:
+    CStdIdentity *_pStdId;
+};
+
+//+----------------------------------------------------------------
+//
+//  Class:      CServerSecurity, public
+//
+//  Purpose:    Provides security for stubs
+//
+//-----------------------------------------------------------------
+
+class CRpcChannelBuffer;
+
+class CServerSecurity : public IServerSecurity
+{
+  public:
+    CServerSecurity( CChannelCallInfo * );
+    CServerSecurity();
+    ~CServerSecurity() {}
+
+    STDMETHOD (QueryInterface)   ( REFIID riid, LPVOID FAR* ppvObj);
+    STDMETHOD_(ULONG,AddRef)     ( void );
+    STDMETHOD_(ULONG,Release)    ( void );
+    STDMETHOD (QueryBlanket)
+    (
+        DWORD    *pAuthnSvc,
+        DWORD    *pAuthzSvc,
+        OLECHAR **pServerPrincName,
+        DWORD    *pAuthnLevel,
+        DWORD    *pImpLevel,
+        void    **pPrivs,
+        DWORD    *pCapabilities
+    );
+    STDMETHOD       (ImpersonateClient)( void );
+    STDMETHOD       (RevertToSelf)     ( void );
+    STDMETHOD_(BOOL,IsImpersonating)  (void);
+
+    void    EndCall();
+
+  private:
+    DWORD              _iRefCount;
+    DWORD              _iFlags;     // See EServerSecurity
+    handle_t          *_pHandle;    // RPC server handle of call
+    CRpcChannelBuffer *_pChannel;   // Channel of call
+};
+
+//+----------------------------------------------------------------
+// Prototypes.
+RPC_STATUS CheckAccessControl  ( RPC_IF_HANDLE pIid, void *pContext );
+RPC_STATUS CheckAcl            ( RPC_IF_HANDLE pIid, void *pContext );
+HRESULT    DefaultAuthnServices();
+HRESULT    InitializeSecurity  ();
+BOOL       IsCallerLocalSystem ();
+HRESULT    SetAuthnService     ( handle_t, OXID_INFO *, OXIDEntry * );
+void       UninitializeSecurity();
+
+struct IAccessControl;
+
+extern IAccessControl                   *gAccessControl;
+extern DWORD                             gAuthnLevel;
+extern DWORD                             gCapabilities;
+extern USHORT                           *gClientSvcList;
+extern DWORD                             gClientSvcListLen;
+extern BOOL                              gDisableDCOM;
+extern BOOL                              gGotSecurityData;
+extern DWORD                             gImpLevel;
+extern SECURITYBINDING                  *gLegacySecurity;
+extern DUALSTRINGARRAY                  *gpsaSecurity;
+extern SECURITY_DESCRIPTOR              *gSecDesc;
+extern USHORT                           *gServerSvcList;
+extern DWORD                             gServerSvcListLen;
+extern BOOL                              gSetAuth;
+
+
+//+-------------------------------------------------------------------
+//
+//  Function:   GetCallAuthnLevel, public
+//
+//  Synopsis:   Get the authentication level of the current call from TLS.
+//              If no calls are in progress and the level has not been
+//              set on this thread, use the process default instead.
+//
+//--------------------------------------------------------------------
+inline DWORD GetCallAuthnLevel()
+{
+    COleTls tls;
+    DWORD   lAuthnLevel = tls->dwAuthnLevel;
+    if (lAuthnLevel == RPC_C_AUTHN_LEVEL_DEFAULT)
+    {
+        lAuthnLevel = tls->dwAuthnLevel = gAuthnLevel;
+    }
+    return lAuthnLevel;
+}
+
+//+-------------------------------------------------------------------
+//
+//  Function:   ResumeImpersonate
+//
+//  Synopsis:   Query the context object for IServerSecurity.  If the
+//              resume flag is set, call ImpersonateClient.
+//
+//--------------------------------------------------------------------
+inline void ResumeImpersonate( IUnknown *pContext, BOOL fResume )
+{
+    IServerSecurity *pServer;
+    HRESULT          result;
+
+    if (pContext != NULL && fResume)
+    {
+        result = pContext->QueryInterface( IID_IServerSecurity,
+                                           (void **) &pServer );
+        if (SUCCEEDED(result))
+        {
+            pServer->ImpersonateClient();
+            pServer->Release();
+        }
+    }
+}
+
+//+-------------------------------------------------------------------
+//
+//  Function:   SuspendImpersonate
+//
+//  Synopsis:   Query the context for IServerSecurity.  If found,
+//              check to see if the call is impersonated.  If it is,
+//              set pResume TRUE and call RevertToSelf.
+//
+//--------------------------------------------------------------------
+inline void SuspendImpersonate( IUnknown *pContext, BOOL *pResume )
+{
+    IServerSecurity *pServer;
+    HRESULT          result;
+
+    *pResume = FALSE;
+    if (pContext != NULL)
+    {
+        result = pContext->QueryInterface( IID_IServerSecurity,
+                                           (void **) &pServer );
+        if (SUCCEEDED(result))
+        {
+            *pResume = pServer->IsImpersonating();
+            if (*pResume)
+                pServer->RevertToSelf();
+            pServer->Release();
+        }
+    }
+}
+
+//+-------------------------------------------------------------------
+//
+//  Function:   GetAclFn()
+//
+//  Synopsis:   If automatic security is turned on and the level is
+//              not none, return the function to do ACL checking.
+//              Otherwise return NULL.
+//
+//--------------------------------------------------------------------
+inline RPC_IF_CALLBACK_FN *GetAclFn()
+{
+    if (gSecDesc != NULL)
+        return CheckAcl;
+    else if (gAccessControl != NULL)
+        return CheckAccessControl;
+    else
+        return NULL;
+}
+#endif