windows-nt/Source/XPSP1/NT/base/fs/rdr2/rdbss/obsolete/acchksup.c

206 lines
6 KiB
C
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
AcChkSup.c
Abstract:
This module implements the RDBSS access checking routine
Author:
Gary Kimura [GaryKi] 12-Jun-1989
Revision History:
--*/
// ----------------------joejoe-----------found-------------#include "RxProcs.h"
#include "precomp.h"
#pragma hdrstop
//
// The Bug check file id for this module
//
#define BugCheckFileId (RDBSS_BUG_CHECK_ACCHKSUP)
//
// Our debug trace level
//
#define Dbg (DEBUG_TRACE_ACCHKSUP)
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, RxCheckFileAccess)
#endif
BOOLEAN
RxCheckFileAccess (
PRX_CONTEXT RxContext,
IN UCHAR DirentAttributes,
IN ULONG DesiredAccess
)
/*++
Routine Description:
This routine checks if a desired access is allowed to a file represented
by the specified DirentAttriubutes.
Arguments:
DirentAttributes - Supplies the Dirent attributes to check access for
DesiredAccess - Supplies the desired access mask that we are checking for
Return Value:
BOOLEAN - TRUE if access is allowed and FALSE otherwise
--*/
{
BOOLEAN Result;
RxDbgTrace(+1, Dbg, ("RxCheckFileAccess\n", 0));
RxDbgTrace( 0, Dbg, ("DirentAttributes = %8lx\n", DirentAttributes));
RxDbgTrace( 0, Dbg, ("DesiredAccess = %8lx\n", DesiredAccess));
//
// This procedures is programmed like a string of filters each
// filter checks to see if some access is allowed, if it is not allowed
// the filter return FALSE to the user without further checks otherwise
// it moves on to the next filter. The filter check is to check for
// desired access flags that are not allowed for a particular dirent
//
Result = TRUE;
try {
//
// Check for Volume ID or Device Dirents, these are not allowed user
// access at all
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_VOLUME_ID) ||
FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_DEVICE)) {
RxDbgTrace(0, Dbg, ("Cannot access volume id or device\n", 0));
try_return( Result = FALSE );
}
//
// Check for a directory Dirent or non directory dirent
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_DIRECTORY)) {
//
// check the desired access for directory dirent
//
if (FlagOn(DesiredAccess, ~(DELETE |
READ_CONTROL |
WRITE_OWNER |
WRITE_DAC |
SYNCHRONIZE |
ACCESS_SYSTEM_SECURITY |
FILE_WRITE_DATA |
FILE_READ_EA |
FILE_WRITE_EA |
FILE_READ_ATTRIBUTES |
FILE_WRITE_ATTRIBUTES |
FILE_LIST_DIRECTORY |
FILE_TRAVERSE |
FILE_DELETE_CHILD |
FILE_APPEND_DATA))) {
RxDbgTrace(0, Dbg, ("Cannot open directory\n", 0));
try_return( Result = FALSE );
}
} else {
//
// check the desired access for a non-directory dirent, we
// blackball
// FILE_LIST_DIRECTORY, FILE_ADD_FILE, FILE_TRAVERSE,
// FILE_ADD_SUBDIRECTORY, and FILE_DELETE_CHILD
//
if (FlagOn(DesiredAccess, ~(DELETE |
READ_CONTROL |
WRITE_OWNER |
WRITE_DAC |
SYNCHRONIZE |
ACCESS_SYSTEM_SECURITY |
FILE_READ_DATA |
FILE_WRITE_DATA |
FILE_READ_EA |
FILE_WRITE_EA |
FILE_READ_ATTRIBUTES |
FILE_WRITE_ATTRIBUTES |
FILE_EXECUTE |
FILE_APPEND_DATA))) {
RxDbgTrace(0, Dbg, ("Cannot open file\n", 0));
try_return( Result = FALSE );
}
}
//
// Check for a read-only Dirent
//
if (FlagOn(DirentAttributes, RDBSS_DIRENT_ATTR_READ_ONLY)) {
//
// Check the desired access for a read-only dirent, we blackball
// WRITE, FILE_APPEND_DATA, FILE_ADD_FILE,
// FILE_ADD_SUBDIRECTORY, and FILE_DELETE_CHILD
//
if (FlagOn(DesiredAccess, ~(DELETE |
READ_CONTROL |
WRITE_OWNER |
WRITE_DAC |
SYNCHRONIZE |
ACCESS_SYSTEM_SECURITY |
FILE_READ_DATA |
FILE_READ_EA |
FILE_WRITE_EA |
FILE_READ_ATTRIBUTES |
FILE_WRITE_ATTRIBUTES |
FILE_EXECUTE |
FILE_LIST_DIRECTORY |
FILE_TRAVERSE))) {
RxDbgTrace(0, Dbg, ("Cannot open readonly\n", 0));
try_return( Result = FALSE );
}
}
try_exit: NOTHING;
} finally {
DebugUnwind( RxCheckFileAccess );
RxDbgTrace(-1, Dbg, ("RxCheckFileAccess -> %08lx\n", Result));
}
UNREFERENCED_PARAMETER( RxContext );
return Result;
}