sfx2/source/doc/sfxacldetect.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19
  20
  21 #include "sfxacldetect.hxx"
  22
  23 #if EXTRA_ACL_CHECK
  24
  25 #ifdef WNT
  26
  27 // necessary to include system headers without warnings
  28 #ifdef _MSC_VER
  29 #pragma warning(disable:4668 4917)
  30 #endif
  31
  32 #include <windows.h>
  33 #include <lmaccess.h>
  34 #include <sal/types.h>
  35
  36 sal_Bool IsReadonlyAccordingACL( const sal_Unicode* pFilePath )
  37 {
  38     sal_Bool bResult = sal_False;
  39
  40     sal_uInt32 nFDSize = 0;
  41     GetFileSecurityW( reinterpret_cast< LPCWSTR >(pFilePath), DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|OWNER_SECURITY_INFORMATION, NULL, 0, &nFDSize );
  42     if ( nFDSize )
  43     {
  44         PSECURITY_DESCRIPTOR pFileDescr = reinterpret_cast< PSECURITY_DESCRIPTOR >( malloc( nFDSize ) );
  45         if ( GetFileSecurityW( reinterpret_cast< LPCWSTR >(pFilePath), DACL_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|OWNER_SECURITY_INFORMATION, pFileDescr, nFDSize, &nFDSize ) )
  46         {
  47             HANDLE hToken = NULL;
  48             if ( OpenThreadToken( GetCurrentThread(), TOKEN_DUPLICATE|TOKEN_QUERY, TRUE, &hToken )
  49               || OpenProcessToken( GetCurrentProcess(), TOKEN_DUPLICATE|TOKEN_QUERY, &hToken) )
  50             {
  51                 HANDLE hImpersonationToken = NULL;
  52                 if ( DuplicateToken( hToken, SecurityImpersonation, &hImpersonationToken) )
  53                 {
  54                     sal_uInt32 nDesiredAccess = ACCESS_WRITE;
  55                     GENERIC_MAPPING aGenericMapping = { ACCESS_READ, ACCESS_WRITE, 0, ACCESS_READ | ACCESS_WRITE };
  56                     MapGenericMask( &nDesiredAccess, &aGenericMapping );
  57
  58                     PRIVILEGE_SET aPrivilegeSet;
  59                     sal_uInt32 nPrivilegeSetSize = sizeof( PRIVILEGE_SET );
  60
  61                     sal_uInt32 nGrantedAccess;
  62                     BOOL bAccessible = TRUE;
  63                     if ( AccessCheck( pFileDescr,
  64                                       hImpersonationToken,
  65                                       nDesiredAccess,
  66                                       &aGenericMapping,
  67                                       &aPrivilegeSet,
  68                                       &nPrivilegeSetSize,
  69                                       &nGrantedAccess,
  70                                       &bAccessible ) )
  71                     {
  72                         bResult = !bAccessible;
  73                     }
  74
  75                     CloseHandle( hImpersonationToken );
  76                 }
  77
  78                 CloseHandle( hToken );
  79             }
  80         }
  81
  82         free( pFileDescr );
  83     }
  84
  85     return bResult;
  86 }
  87
  88 #else // this is UNX
  89
  90
  91 #include <sal/types.h>
  92
  93 sal_Bool IsReadonlyAccordingACL( const sal_Unicode* )
  94 {
  95     // to be implemented
  96     return sal_False;
  97 }
  98
  99 #endif
 100
 101 #endif
 102
 103 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */