diff options
Diffstat (limited to 'private/ole32/com/dcomrem/security.hxx')
-rw-r--r-- | private/ole32/com/dcomrem/security.hxx | 239 |
1 files changed, 239 insertions, 0 deletions
diff --git a/private/ole32/com/dcomrem/security.hxx b/private/ole32/com/dcomrem/security.hxx new file mode 100644 index 000000000..96b48f760 --- /dev/null +++ b/private/ole32/com/dcomrem/security.hxx @@ -0,0 +1,239 @@ +//+------------------------------------------------------------------- +// +// File: security.hxx +// +// Contents: Classes for channel security +// +// Classes: CClientSecurity, CServerSecurity +// +// History: 11 Oct 95 AlexMit Created +// +//-------------------------------------------------------------------- +#ifndef _SECURITY_HXX_ +#define _SECURITY_HXX_ + +#include <chancont.hxx> + +//+---------------------------------------------------------------- +// Typedefs. +typedef enum +{ + SS_PROCESS_LOCAL = 0x1, // Client and server are in same process + SS_CALL_DONE = 0x2, // Call is complete, fail new calls to impersonate + SS_IMPERSONATING = 0x4 // Server has called impersonate +} EServerSecurity; + +//+---------------------------------------------------------------- +// +// Class: CClientSecurity, public +// +// Purpose: Provides security for proxies +// +//----------------------------------------------------------------- + +class CStdIdentity; + +class CClientSecurity : public IClientSecurity +{ + public: + CClientSecurity( CStdIdentity *pId ) { _pStdId = pId; } + ~CClientSecurity() {} + + STDMETHOD (QueryBlanket) + ( + IUnknown *pProxy, + DWORD *pAuthnSvc, + DWORD *pAuthzSvc, + OLECHAR **pServerPrincName, + DWORD *pAuthnLevel, + DWORD *pImpLevel, + void **pAuthInfo, + DWORD *pCapabilities + ); + + STDMETHOD (SetBlanket) + ( + IUnknown *pProxy, + DWORD AuthnSvc, + DWORD AuthzSvc, + OLECHAR *ServerPrincName, + DWORD AuthnLevel, + DWORD ImpLevel, + void *pAuthInfo, + DWORD Capabilities + ); + + STDMETHOD (CopyProxy) + ( + IUnknown *pProxy, + IUnknown **ppCopy + ); + + private: + CStdIdentity *_pStdId; +}; + +//+---------------------------------------------------------------- +// +// Class: CServerSecurity, public +// +// Purpose: Provides security for stubs +// +//----------------------------------------------------------------- + +class CRpcChannelBuffer; + +class CServerSecurity : public IServerSecurity +{ + public: + CServerSecurity( CChannelCallInfo * ); + CServerSecurity(); + ~CServerSecurity() {} + + STDMETHOD (QueryInterface) ( REFIID riid, LPVOID FAR* ppvObj); + STDMETHOD_(ULONG,AddRef) ( void ); + STDMETHOD_(ULONG,Release) ( void ); + STDMETHOD (QueryBlanket) + ( + DWORD *pAuthnSvc, + DWORD *pAuthzSvc, + OLECHAR **pServerPrincName, + DWORD *pAuthnLevel, + DWORD *pImpLevel, + void **pPrivs, + DWORD *pCapabilities + ); + STDMETHOD (ImpersonateClient)( void ); + STDMETHOD (RevertToSelf) ( void ); + STDMETHOD_(BOOL,IsImpersonating) (void); + + void EndCall(); + + private: + DWORD _iRefCount; + DWORD _iFlags; // See EServerSecurity + handle_t *_pHandle; // RPC server handle of call + CRpcChannelBuffer *_pChannel; // Channel of call +}; + +//+---------------------------------------------------------------- +// Prototypes. +RPC_STATUS CheckAccessControl ( RPC_IF_HANDLE pIid, void *pContext ); +RPC_STATUS CheckAcl ( RPC_IF_HANDLE pIid, void *pContext ); +HRESULT DefaultAuthnServices(); +HRESULT InitializeSecurity (); +BOOL IsCallerLocalSystem (); +HRESULT SetAuthnService ( handle_t, OXID_INFO *, OXIDEntry * ); +void UninitializeSecurity(); + +struct IAccessControl; + +extern IAccessControl *gAccessControl; +extern DWORD gAuthnLevel; +extern DWORD gCapabilities; +extern USHORT *gClientSvcList; +extern DWORD gClientSvcListLen; +extern BOOL gDisableDCOM; +extern BOOL gGotSecurityData; +extern DWORD gImpLevel; +extern SECURITYBINDING *gLegacySecurity; +extern DUALSTRINGARRAY *gpsaSecurity; +extern SECURITY_DESCRIPTOR *gSecDesc; +extern USHORT *gServerSvcList; +extern DWORD gServerSvcListLen; +extern BOOL gSetAuth; + + +//+------------------------------------------------------------------- +// +// Function: GetCallAuthnLevel, public +// +// Synopsis: Get the authentication level of the current call from TLS. +// If no calls are in progress and the level has not been +// set on this thread, use the process default instead. +// +//-------------------------------------------------------------------- +inline DWORD GetCallAuthnLevel() +{ + COleTls tls; + DWORD lAuthnLevel = tls->dwAuthnLevel; + if (lAuthnLevel == RPC_C_AUTHN_LEVEL_DEFAULT) + { + lAuthnLevel = tls->dwAuthnLevel = gAuthnLevel; + } + return lAuthnLevel; +} + +//+------------------------------------------------------------------- +// +// Function: ResumeImpersonate +// +// Synopsis: Query the context object for IServerSecurity. If the +// resume flag is set, call ImpersonateClient. +// +//-------------------------------------------------------------------- +inline void ResumeImpersonate( IUnknown *pContext, BOOL fResume ) +{ + IServerSecurity *pServer; + HRESULT result; + + if (pContext != NULL && fResume) + { + result = pContext->QueryInterface( IID_IServerSecurity, + (void **) &pServer ); + if (SUCCEEDED(result)) + { + pServer->ImpersonateClient(); + pServer->Release(); + } + } +} + +//+------------------------------------------------------------------- +// +// Function: SuspendImpersonate +// +// Synopsis: Query the context for IServerSecurity. If found, +// check to see if the call is impersonated. If it is, +// set pResume TRUE and call RevertToSelf. +// +//-------------------------------------------------------------------- +inline void SuspendImpersonate( IUnknown *pContext, BOOL *pResume ) +{ + IServerSecurity *pServer; + HRESULT result; + + *pResume = FALSE; + if (pContext != NULL) + { + result = pContext->QueryInterface( IID_IServerSecurity, + (void **) &pServer ); + if (SUCCEEDED(result)) + { + *pResume = pServer->IsImpersonating(); + if (*pResume) + pServer->RevertToSelf(); + pServer->Release(); + } + } +} + +//+------------------------------------------------------------------- +// +// Function: GetAclFn() +// +// Synopsis: If automatic security is turned on and the level is +// not none, return the function to do ACL checking. +// Otherwise return NULL. +// +//-------------------------------------------------------------------- +inline RPC_IF_CALLBACK_FN *GetAclFn() +{ + if (gSecDesc != NULL) + return CheckAcl; + else if (gAccessControl != NULL) + return CheckAccessControl; + else + return NULL; +} +#endif |