The "rfb_win32" library merged with VNC 4.1.1 code.

git-svn-id: svn://svn.code.sf.net/p/tigervnc/code/branches/merge-with-vnc-4.1.1@523 3789f03b-4d11-0410-bbf8-ca57d06f2519

1 files changed, 42 insertions, 117 deletions

diff --git a/rfb_win32/Security.h b/rfb_win32/Security.h
index d92e314f..1e2e9068 100644
--- a/rfb_win32/Security.h
+++ b/rfb_win32/Security.h
@@ -1,5 +1,5 @@
-/* Copyright (C) 2002-2004 RealVNC Ltd.  All Rights Reserved.
- *    
+/* Copyright (C) 2002-2005 RealVNC Ltd.  All Rights Reserved.
+ * 
  * This is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  * the Free Software Foundation; either version 2 of the License, or
@@ -25,16 +25,10 @@
 #define __RFB_WIN32_SECURITY_H__
 
 #include <rdr/types.h>
-#include <rdr/Exception.h>
-#include <rfb_win32/Win32Util.h>
+#include <rfb_win32/LocalMem.h>
 #include <rfb_win32/TCharArray.h>
-
-#include <lmcons.h>
-#include <Accctrl.h>
 #include <aclapi.h>
 
-#include <list>
-
 namespace rfb {
 
   namespace win32 {
@@ -42,14 +36,7 @@ namespace rfb {
     struct Trustee : public TRUSTEE {
       Trustee(const TCHAR* name,
               TRUSTEE_FORM form=TRUSTEE_IS_NAME,
-              TRUSTEE_TYPE type=TRUSTEE_IS_UNKNOWN)
-      {
-        pMultipleTrustee = 0;
-        MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
-        TrusteeForm = form;
-        TrusteeType = type;
-        ptstrName = (TCHAR*)name;
-      }
+              TRUSTEE_TYPE type=TRUSTEE_IS_UNKNOWN);
     };
 
     struct ExplicitAccess : public EXPLICIT_ACCESS {
@@ -57,86 +44,56 @@ namespace rfb {
                      TRUSTEE_FORM type,
                      DWORD perms,
                      ACCESS_MODE mode,
-                     DWORD inherit=0)
-      {
-        Trustee = rfb::win32::Trustee(name, type);
-        grfAccessPermissions = perms;
-        grfAccessMode = mode;
-        grfInheritance = inherit;
-      }
+                     DWORD inherit=0);
     };
 
     // Helper class for building access control lists
     struct AccessEntries {
-      AccessEntries() : entries(0), entry_count(0) {}
-      ~AccessEntries() {delete [] entries;}
-      void allocMinEntries(int count) {
-        if (count > entry_count) {
-          EXPLICIT_ACCESS* new_entries = new EXPLICIT_ACCESS[entry_count+1];
-          if (entries) {
-            memcpy(new_entries, entries, sizeof(EXPLICIT_ACCESS) * entry_count);
-            delete entries;
-          }
-          entries = new_entries;
-        }
-      }
+      AccessEntries();
+      ~AccessEntries();
+      void allocMinEntries(int count);
       void addEntry(const TCHAR* trusteeName,
                     DWORD permissions,
-                    ACCESS_MODE mode)
-      {
-        allocMinEntries(entry_count+1);
-        ZeroMemory(&entries[entry_count], sizeof(EXPLICIT_ACCESS));
-        entries[entry_count] = ExplicitAccess(trusteeName, TRUSTEE_IS_NAME, permissions, mode);
-        entry_count++;
-      }
-      void addEntry(const PSID sid, DWORD permissions, ACCESS_MODE mode) {
-        allocMinEntries(entry_count+1);
-        ZeroMemory(&entries[entry_count], sizeof(EXPLICIT_ACCESS));
-        entries[entry_count] = ExplicitAccess((TCHAR*)sid, TRUSTEE_IS_SID, permissions, mode);
-        entry_count++;
-      }
+                    ACCESS_MODE mode);
+      void addEntry(const PSID sid,
+                    DWORD permissions,
+                    ACCESS_MODE mode);
 
       EXPLICIT_ACCESS* entries;
       int entry_count;
     };
 
     // Helper class for handling SIDs
-    struct Sid {
-      Sid() : sid(0) {}
-      Sid(PSID sid_) : sid(sid_) {}
-      ~Sid() {
-        if (sid) FreeSid(sid);
-      }
-      operator PSID() const {return sid;}
-      PSID operator=(const PSID sid_) {
-        if (sid) FreeSid(sid);
-        sid = sid_;
-      }
-
-      static PSID Administrators() {
-        PSID sid = 0;
-        SID_IDENTIFIER_AUTHORITY ntAuth = SECURITY_NT_AUTHORITY;
-        if (!AllocateAndInitializeSid(&ntAuth, 2,
-          SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
-          0, 0, 0, 0, 0, 0,
-          &sid)) 
-          throw rdr::SystemException("Sid::Administrators", GetLastError());
-        return sid;
-      }
-      static PSID SYSTEM() {
-        PSID sid = 0;
-        SID_IDENTIFIER_AUTHORITY ntAuth = SECURITY_NT_AUTHORITY;
-        if (!AllocateAndInitializeSid(&ntAuth, 1,
-          SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0,
-          &sid))
-          throw rdr::SystemException("Sid::SYSTEM", GetLastError());
-        return sid;
-      }
-
-    protected:
-      PSID sid;
+    struct Sid : rdr::U8Array {
+      Sid() {}
+      operator PSID() const {return (PSID)buf;}
+      PSID takePSID() {PSID r = (PSID)buf; buf = 0; return r;}
+
+      static PSID copySID(const PSID sid);
+
+      void setSID(const PSID sid);
+
+      void getUserNameAndDomain(TCHAR** name, TCHAR** domain);
+
+      struct Administrators;
+      struct SYSTEM;
+      struct FromToken;
+
+    private:
+      Sid(const Sid&);
+      Sid& operator=(const Sid&);
     };
       
+    struct Sid::Administrators : public Sid {
+      Administrators();
+    };
+    struct Sid::SYSTEM : public Sid {
+      SYSTEM();
+    };
+    struct Sid::FromToken : public Sid {
+      FromToken(HANDLE h);
+    };
+
     // Helper class for handling & freeing ACLs
     struct AccessControlList : public LocalMem {
       AccessControlList(int size) : LocalMem(size) {}
@@ -145,22 +102,7 @@ namespace rfb {
     };
 
     // Create a new ACL based on supplied entries and, if supplied, existing ACL 
-    static PACL CreateACL(const AccessEntries& ae, PACL existing_acl=0) {
-      typedef DWORD (WINAPI *_SetEntriesInAcl_proto) (ULONG, PEXPLICIT_ACCESS, PACL, PACL*);
-#ifdef UNICODE
-      const char* fnName = "SetEntriesInAclW";
-#else
-      const char* fnName = "SetEntriesInAclA";
-#endif
-      DynamicFn<_SetEntriesInAcl_proto> _SetEntriesInAcl(_T("advapi32.dll"), fnName);
-      if (!_SetEntriesInAcl.isValid())
-        throw rdr::SystemException("CreateACL failed; no SetEntriesInAcl", ERROR_CALL_NOT_IMPLEMENTED);
-      PACL new_dacl;
-      DWORD result;
-      if ((result = (*_SetEntriesInAcl)(ae.entry_count, ae.entries, existing_acl, &new_dacl)) != ERROR_SUCCESS)
-        throw rdr::SystemException("SetEntriesInAcl", result);
-      return new_dacl;
-    }
+    PACL CreateACL(const AccessEntries& ae, PACL existing_acl=0);
 
     // Helper class for memory-management of self-relative SecurityDescriptors
     struct SecurityDescriptorPtr : LocalMem {
@@ -172,24 +114,7 @@ namespace rfb {
     // Create a new self-relative Security Descriptor, owned by SYSTEM/Administrators,
     //   with the supplied DACL and no SACL.  The returned value can be assigned
     //   to a SecurityDescriptorPtr to be managed.
-    static PSECURITY_DESCRIPTOR CreateSdWithDacl(const PACL dacl) {
-      SECURITY_DESCRIPTOR absSD;
-      if (!InitializeSecurityDescriptor(&absSD, SECURITY_DESCRIPTOR_REVISION))
-        throw rdr::SystemException("InitializeSecurityDescriptor", GetLastError());
-      Sid owner(Sid::SYSTEM());
-      if (!SetSecurityDescriptorOwner(&absSD, owner, FALSE))
-        throw rdr::SystemException("SetSecurityDescriptorOwner", GetLastError());
-      Sid group(Sid::Administrators());
-      if (!SetSecurityDescriptorGroup(&absSD, group, FALSE))
-        throw rdr::SystemException("SetSecurityDescriptorGroupp", GetLastError());
-      if (!SetSecurityDescriptorDacl(&absSD, TRUE, dacl, FALSE))
-        throw rdr::SystemException("SetSecurityDescriptorDacl", GetLastError());
-      DWORD sdSize = GetSecurityDescriptorLength(&absSD);
-      SecurityDescriptorPtr sd(sdSize);
-      if (!MakeSelfRelativeSD(&absSD, sd, &sdSize))
-        throw rdr::SystemException("MakeSelfRelativeSD", GetLastError());
-      return sd.takeSD();
-    }
+    PSECURITY_DESCRIPTOR CreateSdWithDacl(const PACL dacl);
 
   }