1 files changed, 316 insertions, 0 deletions
diff --git a/src/ext/Util/ca/scasmbexec.cpp b/src/ext/Util/ca/scasmbexec.cpp
new file mode 100644
index 00000000..ced3aa78
--- /dev/null
+++ b/src/ext/Util/ca/scasmbexec.cpp
@@ -0,0 +1,316 @@
+// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
+#include "precomp.h"
+/********************************************************************
+ AllocateAcl - allocate an acl and populate it with this user and 
+                 permission information user could be user or domain\user
+********************************************************************/
+HRESULT AllocateAcl(SCA_SMBP* pssp, PACL* ppACL)
+{
+    HRESULT hr = S_OK;
+    EXPLICIT_ACCESSW* pEA = NULL;
+    DWORD cEA = 0;
+    DWORD dwCounter = 0;
+    PSID psid = NULL;
+    LPCWSTR wzUser = NULL;
+    DWORD nPermissions = 0;
+    DWORD nErrorReturn = 0;
+    ACCESS_MODE accessMode = NOT_USED_ACCESS; 
+    
+    cEA = pssp->dwUserPermissionCount + 1;
+    if (cEA >= MAXSIZE_T / sizeof(EXPLICIT_ACCESSW))
+    {
+        ExitOnFailure(hr = E_OUTOFMEMORY, "Too many user permissions to allocate: %u", cEA);
+    }
+    pEA = static_cast<EXPLICIT_ACCESSW*>(MemAlloc(cEA * sizeof(EXPLICIT_ACCESSW), TRUE));
+    ExitOnNull(pEA, hr, E_OUTOFMEMORY, "failed to allocate memory for explicit access structure");
+    // figure out how big the psid is
+    for (dwCounter = 0; dwCounter < pssp->dwUserPermissionCount; ++dwCounter)
+    {
+        wzUser = pssp->pUserPerms[dwCounter].wzUser;
+        nPermissions = pssp->pUserPerms[dwCounter].nPermissions;
+        accessMode = pssp->pUserPerms[dwCounter].accessMode;
+        //
+        // create the appropriate SID
+        //
+        // figure out the right user to put into the access block
+        if (0 == lstrcmpW(wzUser, L"Everyone"))
+        {
+            hr = AclGetWellKnownSid(WinWorldSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"Administrators"))
+        {
+            hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"LocalSystem"))
+        {
+            hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"LocalService"))
+        {
+            hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"NetworkService"))
+        {
+            hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"AuthenticatedUser"))
+        {
+            hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
+        }
+        else if (0 == lstrcmpW(wzUser, L"Guests"))
+        {
+            hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
+        }
+        else if(0 == lstrcmpW(wzUser, L"CREATOR OWNER"))
+        {
+            hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
+        }
+        else
+        {
+            hr = AclGetAccountSid(NULL, wzUser, &psid);
+        }
+        ExitOnFailure(hr, "failed to get sid for account: %ls", wzUser);
+        // we now have a valid pSid, fill in the EXPLICIT_ACCESS
+        /* Permissions options:   (see sca.sdh for defined sdl options)
+        #define GENERIC_READ      (0x80000000L)    2147483648
+        #define GENERIC_WRITE     (0x40000000L)    1073741824
+        #define GENERIC_EXECUTE   (0x20000000L)    536870912
+        #define GENERIC_ALL       (0x10000000L)    268435456
+        */
+        pEA[dwCounter].grfAccessPermissions = nPermissions;
+        pEA[dwCounter].grfAccessMode = accessMode;
+        pEA[dwCounter].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
+#pragma prefast(push)
+#pragma prefast(disable:25029)
+        ::BuildTrusteeWithSidW(&(pEA[dwCounter].Trustee), psid);
+#pragma prefast(pop)
+    }
+    // create a new ACL that contains the ACE
+    *ppACL = NULL;
+#pragma prefast(push)
+#pragma prefast(disable:25029)
+    nErrorReturn = ::SetEntriesInAclW(dwCounter, pEA, NULL, ppACL);
+#pragma prefast(pop)
+    ExitOnFailure(hr = HRESULT_FROM_WIN32(nErrorReturn), "failed to allocate ACL");
+LExit:
+    if (psid)
+    {
+        AclFreeSid(psid);
+    }
+    ReleaseMem(pEA);
+    return hr;
+}
+/********************************************************************
+ FillShareInfo - fill the NetShareAdd data structure
+********************************************************************/
+void FillShareInfo(SHARE_INFO_502* psi, SCA_SMBP* pssp, PSECURITY_DESCRIPTOR pSD)
+{
+    psi->shi502_netname      = pssp->wzKey;
+    psi->shi502_type         = STYPE_DISKTREE;
+    psi->shi502_remark       = pssp->wzDescription;
+    psi->shi502_permissions  = 0;  // not used
+    psi->shi502_max_uses     = 0xFFFFFFFF;
+    psi->shi502_current_uses = 0;
+    psi->shi502_path         = pssp->wzDirectory;
+    psi->shi502_passwd       = NULL;         // not file share perms
+    psi->shi502_reserved     = 0;
+    psi->shi502_security_descriptor = pSD;
+}
+/*  NET_API_STATUS return codes
+NERR_Success         =    0
+NERR_DuplicateShare  = 2118
+NERR_BufTooSmall     = 2123
+NERR_NetNameNotFound = 2310
+NERR_RedirectedPath  = 2117
+NERR_UnknownDevDir   = 2116
+*/
+/********************************************************************
+ DoesShareExists -  Does a share of this name exist on this computer?
+********************************************************************/
+HRESULT DoesShareExist(__in LPWSTR wzShareName)
+{
+    HRESULT hr = S_OK;
+    NET_API_STATUS s;
+    SHARE_INFO_502* psi = NULL;
+    s = ::NetShareGetInfo(NULL, wzShareName, 502, (BYTE**) &psi);
+    switch (s)
+    {
+        case NERR_Success:
+            hr = S_OK;
+            break;
+        case NERR_NetNameNotFound:
+            hr = E_FILENOTFOUND;
+            break;
+        default:
+            WcaLogError(s, "NetShareGetInfo returned an unexpected value.", NULL);
+            hr = HRESULT_FROM_WIN32(s);
+            break;
+    }
+                
+    ::NetApiBufferFree(psi);
+    return hr;
+}
+/********************************************************************
+ CreateShare - create the file share on this computer
+********************************************************************/
+HRESULT CreateShare(SCA_SMBP* pssp)
+{
+    if (!pssp  || !(pssp->wzKey))
+        return E_INVALIDARG;
+    HRESULT hr = S_OK;
+    PACL pACL = NULL;
+    SHARE_INFO_502 si;
+    NET_API_STATUS s;
+    DWORD dwParamErr = 0;
+    BOOL fShareExists = SUCCEEDED(DoesShareExist(pssp->wzKey));
+    PSECURITY_DESCRIPTOR pSD = static_cast<PSECURITY_DESCRIPTOR>(MemAlloc(SECURITY_DESCRIPTOR_MIN_LENGTH, TRUE));
+    ExitOnNull(pSD, hr, E_OUTOFMEMORY, "Failed to allocate memory for security descriptor");
+#pragma prefast(push)
+#pragma prefast(disable:25029)
+    if (!::InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
+#pragma prefast(pop)
+    {
+        ExitOnLastError(hr, "failed to initialize security descriptor");
+    }
+    hr = AllocateAcl(pssp, &pACL);
+    ExitOnFailure(hr, "Failed to allocate ACL for fileshare");
+    if (NULL == pACL)
+    {
+        WcaLog(LOGMSG_VERBOSE, "Ignoring NULL DACL.");
+    }
+#pragma prefast(push)
+#pragma prefast(disable:25028) // We only call this when pACL isn't NULL, so this call is safe according to the docs
+    // add the ACL to the security descriptor. 
+    else if (!::SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE))
+    {
+        ExitOnLastError(hr, "Failed to set security descriptor");
+    }
+#pragma prefast(pop)
+    // all that is left is to create the share
+    FillShareInfo(&si, pssp, pSD);
+    // Fail if the directory doesn't exist
+    if (!DirExists(pssp->wzDirectory, NULL))
+        ExitOnFailure(hr = HRESULT_FROM_WIN32(ERROR_OBJECT_NOT_FOUND), "Can't create a file share on directory that doesn't exist: %ls.", pssp->wzDirectory);
+    WcaLog(LOGMSG_VERBOSE, "Creating file share on directory \'%ls\' named \'%ls\'.", pssp->wzDirectory, pssp->wzKey);
+    if (!fShareExists)
+    {
+        s = ::NetShareAdd(NULL, 502, (BYTE*) &si, &dwParamErr);
+        WcaLog(LOGMSG_VERBOSE, "Adding a new file share.");
+    }
+    else
+    {
+        // The share exists.   Write our new permissions over the top.
+        s = ::NetShareSetInfo(NULL, pssp->wzKey, 502, (BYTE*) &si, &dwParamErr);
+        WcaLog(LOGMSG_VERBOSE, "Setting permissions on existing share.");
+    }
+    if (NERR_Success != s)
+    {
+        hr = E_FAIL;
+        if (!fShareExists && NERR_DuplicateShare == s)
+            WcaLog(LOGMSG_VERBOSE, "Duplicate error when existence check failed.");
+        // error codes listed above.
+        ExitOnFailure(hr, "Failed to create/modify file share: Err: %d", s);
+    }
+LExit:
+    if (pACL)
+    {
+        ::LocalFree(pACL);
+    }
+    ReleaseMem(pSD);
+    return hr;
+}
+/********************************************************************
+ ScaEnsureSmbExists
+********************************************************************/
+HRESULT ScaEnsureSmbExists(SCA_SMBP* pssp)
+{
+    HRESULT hr = S_OK;
+    // create the share
+    hr = CreateShare(pssp);
+    return hr;
+}
+//
+//     Delete File Shares - real work
+//
+/********************************************************************
+ ScaDropSmb - delete this file share from this computer
+********************************************************************/
+HRESULT ScaDropSmb(SCA_SMBP* pssp)
+{
+    HRESULT hr = S_OK;
+    NET_API_STATUS s;
+    hr = DoesShareExist(pssp->wzKey);
+    if (E_FILENOTFOUND == hr)
+    {
+        WcaLog(LOGMSG_VERBOSE, "Share doesn't exist, share removal skipped. (%ls)", pssp->wzKey);
+        ExitFunction1(hr = S_OK);
+    }
+    ExitOnFailure(hr, "Unable to detect share. (%ls)", pssp->wzKey);
+    s = ::NetShareDel(NULL, pssp->wzKey, 0);
+    if (NERR_Success != s)
+    {
+        hr = E_FAIL;
+        ExitOnFailure(hr, "Failed to remove file share: Err: %d", s);
+    }
+LExit:
+    return hr;
+}

diff --git a/src/ext/Util/ca/scasmbexec.cpp b/src/ext/Util/ca/scasmbexec.cpp new file mode 100644 index 00000000..ced3aa78 --- /dev/null +++ b/src/ext/Util/ca/scasmbexec.cpp
@@ -0,0 +1,316 @@
	1	// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
	2
	3	#include "precomp.h"
	4
	5
	6	/********************************************************************
	7	AllocateAcl - allocate an acl and populate it with this user and
	8	permission information user could be user or domain\user
	9
	10	********************************************************************/
	11	HRESULT AllocateAcl(SCA_SMBP* pssp, PACL* ppACL)
	12	{
	13	HRESULT hr = S_OK;
	14	EXPLICIT_ACCESSW* pEA = NULL;
	15	DWORD cEA = 0;
	16	DWORD dwCounter = 0;
	17
	18	PSID psid = NULL;
	19	LPCWSTR wzUser = NULL;
	20	DWORD nPermissions = 0;
	21	DWORD nErrorReturn = 0;
	22	ACCESS_MODE accessMode = NOT_USED_ACCESS;
	23
	24	cEA = pssp->dwUserPermissionCount + 1;
	25	if (cEA >= MAXSIZE_T / sizeof(EXPLICIT_ACCESSW))
	26	{
	27	ExitOnFailure(hr = E_OUTOFMEMORY, "Too many user permissions to allocate: %u", cEA);
	28	}
	29
	30	pEA = static_cast<EXPLICIT_ACCESSW>(MemAlloc(cEA sizeof(EXPLICIT_ACCESSW), TRUE));
	31	ExitOnNull(pEA, hr, E_OUTOFMEMORY, "failed to allocate memory for explicit access structure");
	32
	33	// figure out how big the psid is
	34	for (dwCounter = 0; dwCounter < pssp->dwUserPermissionCount; ++dwCounter)
	35	{
	36	wzUser = pssp->pUserPerms[dwCounter].wzUser;
	37	nPermissions = pssp->pUserPerms[dwCounter].nPermissions;
	38	accessMode = pssp->pUserPerms[dwCounter].accessMode;
	39	//
	40	// create the appropriate SID
	41	//
	42
	43	// figure out the right user to put into the access block
	44	if (0 == lstrcmpW(wzUser, L"Everyone"))
	45	{
	46	hr = AclGetWellKnownSid(WinWorldSid, &psid);
	47	}
	48	else if (0 == lstrcmpW(wzUser, L"Administrators"))
	49	{
	50	hr = AclGetWellKnownSid(WinBuiltinAdministratorsSid, &psid);
	51	}
	52	else if (0 == lstrcmpW(wzUser, L"LocalSystem"))
	53	{
	54	hr = AclGetWellKnownSid(WinLocalSystemSid, &psid);
	55	}
	56	else if (0 == lstrcmpW(wzUser, L"LocalService"))
	57	{
	58	hr = AclGetWellKnownSid(WinLocalServiceSid, &psid);
	59	}
	60	else if (0 == lstrcmpW(wzUser, L"NetworkService"))
	61	{
	62	hr = AclGetWellKnownSid(WinNetworkServiceSid, &psid);
	63	}
	64	else if (0 == lstrcmpW(wzUser, L"AuthenticatedUser"))
	65	{
	66	hr = AclGetWellKnownSid(WinAuthenticatedUserSid, &psid);
	67	}
	68	else if (0 == lstrcmpW(wzUser, L"Guests"))
	69	{
	70	hr = AclGetWellKnownSid(WinBuiltinGuestsSid, &psid);
	71	}
	72	else if(0 == lstrcmpW(wzUser, L"CREATOR OWNER"))
	73	{
	74	hr = AclGetWellKnownSid(WinCreatorOwnerSid, &psid);
	75	}
	76	else
	77	{
	78	hr = AclGetAccountSid(NULL, wzUser, &psid);
	79	}
	80	ExitOnFailure(hr, "failed to get sid for account: %ls", wzUser);
	81
	82	// we now have a valid pSid, fill in the EXPLICIT_ACCESS
	83
	84	/* Permissions options: (see sca.sdh for defined sdl options)
	85	#define GENERIC_READ (0x80000000L) 2147483648
	86	#define GENERIC_WRITE (0x40000000L) 1073741824
	87	#define GENERIC_EXECUTE (0x20000000L) 536870912
	88	#define GENERIC_ALL (0x10000000L) 268435456
	89	*/
	90	pEA[dwCounter].grfAccessPermissions = nPermissions;
	91	pEA[dwCounter].grfAccessMode = accessMode;
	92	pEA[dwCounter].grfInheritance = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
	93	#pragma prefast(push)
	94	#pragma prefast(disable:25029)
	95	::BuildTrusteeWithSidW(&(pEA[dwCounter].Trustee), psid);
	96	#pragma prefast(pop)
	97	}
	98
	99	// create a new ACL that contains the ACE
	100	*ppACL = NULL;
	101	#pragma prefast(push)
	102	#pragma prefast(disable:25029)
	103	nErrorReturn = ::SetEntriesInAclW(dwCounter, pEA, NULL, ppACL);
	104	#pragma prefast(pop)
	105	ExitOnFailure(hr = HRESULT_FROM_WIN32(nErrorReturn), "failed to allocate ACL");
	106
	107	LExit:
	108	if (psid)
	109	{
	110	AclFreeSid(psid);
	111	}
	112
	113	ReleaseMem(pEA);
	114
	115	return hr;
	116	}
	117
	118
	119
	120	/********************************************************************
	121	FillShareInfo - fill the NetShareAdd data structure
	122
	123	********************************************************************/
	124	void FillShareInfo(SHARE_INFO_502* psi, SCA_SMBP* pssp, PSECURITY_DESCRIPTOR pSD)
	125	{
	126	psi->shi502_netname = pssp->wzKey;
	127	psi->shi502_type = STYPE_DISKTREE;
	128	psi->shi502_remark = pssp->wzDescription;
	129	psi->shi502_permissions = 0; // not used
	130	psi->shi502_max_uses = 0xFFFFFFFF;
	131	psi->shi502_current_uses = 0;
	132	psi->shi502_path = pssp->wzDirectory;
	133	psi->shi502_passwd = NULL; // not file share perms
	134	psi->shi502_reserved = 0;
	135	psi->shi502_security_descriptor = pSD;
	136	}
	137
	138
	139
	140	/* NET_API_STATUS return codes
	141	NERR_Success = 0
	142	NERR_DuplicateShare = 2118
	143	NERR_BufTooSmall = 2123
	144	NERR_NetNameNotFound = 2310
	145	NERR_RedirectedPath = 2117
	146	NERR_UnknownDevDir = 2116
	147	*/
	148
	149	/********************************************************************
	150	DoesShareExists - Does a share of this name exist on this computer?
	151
	152	********************************************************************/
	153	HRESULT DoesShareExist(__in LPWSTR wzShareName)
	154	{
	155	HRESULT hr = S_OK;
	156	NET_API_STATUS s;
	157	SHARE_INFO_502* psi = NULL;
	158	s = ::NetShareGetInfo(NULL, wzShareName, 502, (BYTE**) &psi);
	159
	160	switch (s)
	161	{
	162	case NERR_Success:
	163	hr = S_OK;
	164	break;
	165	case NERR_NetNameNotFound:
	166	hr = E_FILENOTFOUND;
	167	break;
	168	default:
	169	WcaLogError(s, "NetShareGetInfo returned an unexpected value.", NULL);
	170	hr = HRESULT_FROM_WIN32(s);
	171	break;
	172	}
	173
	174	::NetApiBufferFree(psi);
	175
	176	return hr;
	177	}
	178
	179
	180
	181	/********************************************************************
	182	CreateShare - create the file share on this computer
	183
	184	********************************************************************/
	185	HRESULT CreateShare(SCA_SMBP* pssp)
	186	{
	187	if (!pssp \|\| !(pssp->wzKey))
	188	return E_INVALIDARG;
	189
	190	HRESULT hr = S_OK;
	191	PACL pACL = NULL;
	192	SHARE_INFO_502 si;
	193	NET_API_STATUS s;
	194	DWORD dwParamErr = 0;
	195
	196	BOOL fShareExists = SUCCEEDED(DoesShareExist(pssp->wzKey));
	197
	198	PSECURITY_DESCRIPTOR pSD = static_cast<PSECURITY_DESCRIPTOR>(MemAlloc(SECURITY_DESCRIPTOR_MIN_LENGTH, TRUE));
	199	ExitOnNull(pSD, hr, E_OUTOFMEMORY, "Failed to allocate memory for security descriptor");
	200
	201	#pragma prefast(push)
	202	#pragma prefast(disable:25029)
	203	if (!::InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
	204	#pragma prefast(pop)
	205	{
	206	ExitOnLastError(hr, "failed to initialize security descriptor");
	207	}
	208
	209	hr = AllocateAcl(pssp, &pACL);
	210	ExitOnFailure(hr, "Failed to allocate ACL for fileshare");
	211
	212	if (NULL == pACL)
	213	{
	214	WcaLog(LOGMSG_VERBOSE, "Ignoring NULL DACL.");
	215	}
	216	#pragma prefast(push)
	217	#pragma prefast(disable:25028) // We only call this when pACL isn't NULL, so this call is safe according to the docs
	218	// add the ACL to the security descriptor.
	219	else if (!::SetSecurityDescriptorDacl(pSD, TRUE, pACL, FALSE))
	220	{
	221	ExitOnLastError(hr, "Failed to set security descriptor");
	222	}
	223	#pragma prefast(pop)
	224
	225	// all that is left is to create the share
	226	FillShareInfo(&si, pssp, pSD);
	227
	228	// Fail if the directory doesn't exist
	229	if (!DirExists(pssp->wzDirectory, NULL))
	230	ExitOnFailure(hr = HRESULT_FROM_WIN32(ERROR_OBJECT_NOT_FOUND), "Can't create a file share on directory that doesn't exist: %ls.", pssp->wzDirectory);
	231
	232	WcaLog(LOGMSG_VERBOSE, "Creating file share on directory \'%ls\' named \'%ls\'.", pssp->wzDirectory, pssp->wzKey);
	233
	234	if (!fShareExists)
	235	{
	236	s = ::NetShareAdd(NULL, 502, (BYTE*) &si, &dwParamErr);
	237	WcaLog(LOGMSG_VERBOSE, "Adding a new file share.");
	238	}
	239	else
	240	{
	241	// The share exists. Write our new permissions over the top.
	242	s = ::NetShareSetInfo(NULL, pssp->wzKey, 502, (BYTE*) &si, &dwParamErr);
	243	WcaLog(LOGMSG_VERBOSE, "Setting permissions on existing share.");
	244	}
	245
	246	if (NERR_Success != s)
	247	{
	248	hr = E_FAIL;
	249	if (!fShareExists && NERR_DuplicateShare == s)
	250	WcaLog(LOGMSG_VERBOSE, "Duplicate error when existence check failed.");
	251
	252	// error codes listed above.
	253	ExitOnFailure(hr, "Failed to create/modify file share: Err: %d", s);
	254	}
	255
	256	LExit:
	257	if (pACL)
	258	{
	259	::LocalFree(pACL);
	260	}
	261
	262	ReleaseMem(pSD);
	263
	264	return hr;
	265	}
	266
	267
	268	/********************************************************************
	269	ScaEnsureSmbExists
	270
	271	********************************************************************/
	272	HRESULT ScaEnsureSmbExists(SCA_SMBP* pssp)
	273	{
	274	HRESULT hr = S_OK;
	275
	276	// create the share
	277	hr = CreateShare(pssp);
	278
	279	return hr;
	280	}
	281
	282
	283	//
	284	// Delete File Shares - real work
	285	//
	286
	287	/********************************************************************
	288	ScaDropSmb - delete this file share from this computer
	289
	290	********************************************************************/
	291	HRESULT ScaDropSmb(SCA_SMBP* pssp)
	292	{
	293	HRESULT hr = S_OK;
	294	NET_API_STATUS s;
	295
	296	hr = DoesShareExist(pssp->wzKey);
	297
	298	if (E_FILENOTFOUND == hr)
	299	{
	300	WcaLog(LOGMSG_VERBOSE, "Share doesn't exist, share removal skipped. (%ls)", pssp->wzKey);
	301	ExitFunction1(hr = S_OK);
	302
	303	}
	304
	305	ExitOnFailure(hr, "Unable to detect share. (%ls)", pssp->wzKey);
	306
	307	s = ::NetShareDel(NULL, pssp->wzKey, 0);
	308	if (NERR_Success != s)
	309	{
	310	hr = E_FAIL;
	311	ExitOnFailure(hr, "Failed to remove file share: Err: %d", s);
	312	}
	313
	314	LExit:
	315	return hr;
	316	}