archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/admt/common/commonlib/txtsid.cpp

502 lines
15 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: TextualSid.cpp
  4. Comments: Converts a SID to and from its canonical textual representation.
  6. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  7. Proprietary and confidential to Mission Critical Software, Inc.
  9. REVISION LOG ENTRY
  10. Revision By: Christy Boles
  11. Revised on 02/15/99 11:33:52
  13. ---------------------------------------------------------------------------
  14. */
  16. #ifdef USE_STDAFX
  17. #include "stdafx.h"
  18. #else
  19. #include <windows.h>
  20. #include <malloc.h>
  21. #include <stdio.h>
  22. #endif
  23. #include "Mcs.h"
  24. #include "TxtSid.h"
  26. #ifndef SECURITY_MAX_SID_SIZE
  27. #define SECURITY_MAX_SID_SIZE (sizeof(SID) - sizeof(DWORD) + (SID_MAX_SUB_AUTHORITIES * sizeof(DWORD)))
  28. #endif
  30. BOOL
  31. GetTextualSid(
  32. PSID pSid, // in - binary Sid
  33. LPTSTR TextualSid, // i/o- buffer for Textual representation of Sid
  34. LPDWORD lpdwBufferLen // in - required/provided TextualSid buffersize
  35. )
  36. {
  37. PSID_IDENTIFIER_AUTHORITY psia;
  38. DWORD dwSubAuthorities;
  39. DWORD dwSidRev=SID_REVISION;
  40. DWORD dwCounter;
  41. DWORD dwSidSize;
  43. // Validate the binary SID.
  44. if(!IsValidSid(pSid))
  45. {
  46. SetLastError(ERROR_INVALID_SID);
  47. return FALSE;
  48. }
  49. // Get the identifier authority value from the SID.
  50. psia = GetSidIdentifierAuthority(pSid);
  51. // Get the number of subauthorities in the SID.
  52. dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
  53. // Compute the buffer length.
  54. // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
  55. dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
  57. // Check input buffer length.
  58. // If too small, indicate the proper size and set last error.
  59. if (*lpdwBufferLen < dwSidSize)
  60. {
  61. *lpdwBufferLen = dwSidSize;
  62. SetLastError(ERROR_INSUFFICIENT_BUFFER);
  63. return FALSE;
  64. }
  65. // Add 'S' prefix and revision number to the string.
  66. dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
  67. // Add SID identifier authority to the string.
  68. if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
  69. {
  70. dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
  71. TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
  72. (USHORT)psia->Value[0],
  73. (USHORT)psia->Value[1],
  74. (USHORT)psia->Value[2],
  75. (USHORT)psia->Value[3],
  76. (USHORT)psia->Value[4],
  77. (USHORT)psia->Value[5]);
  78. }
  79. else
  80. {
  81. dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
  82. TEXT("%lu"),
  83. (ULONG)(psia->Value[5] ) +
  84. (ULONG)(psia->Value[4] << 8) +
  85. (ULONG)(psia->Value[3] << 16) +
  86. (ULONG)(psia->Value[2] << 24) );
  87. }
  88. // Add SID subauthorities to the string. //
  89. for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
  90. {
  91. dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
  92. *GetSidSubAuthority(pSid, dwCounter) );
  93. }
  94. return TRUE;
  95. }
  97. PSID // ret- binary representation of SID, or NULL caller must free using FreeSid()
  98. SidFromString(
  99. WCHAR const * strSid // in - string representation of SID
  100. )
  101. {
  102. BOOL bSuccess = TRUE;
  103. PSID pSid = NULL;
  104. DWORD dwSidRev;
  105. // WCHAR * strPtr = NULL;
  106. WCHAR sidIA[100];
  107. WCHAR sidSubs[100];
  108. int ia0,ia1,ia2,ia3,ia4,ia5;
  109. SID_IDENTIFIER_AUTHORITY sia;
  111. do
  112. {
  113. if ( strSid[0] != L'S' || strSid[1] != L'-' )
  114. {
  115. bSuccess = FALSE;
  116. break;
  117. }
  118. // Read SID revision level
  119. sidSubs[0] = 0;
  120. int result = swscanf(strSid,L"S-%d-%[^-]-%ls",&dwSidRev,sidIA,sidSubs);
  121. if ( result == 3 )
  122. {
  123. // evaluate the IA
  124. if ( sidIA[1] == L'x' )
  125. {
  126. // full format
  127. result = swscanf(sidIA,L"0x%02hx%02hx%02hx%02hx%02hx%02hx",&ia0,&ia1,&ia2,&ia3,&ia4,&ia5);
  128. if ( result == 6 )
  129. {
  130. sia.Value[0] = (BYTE) ia0;
  131. sia.Value[1] = (BYTE) ia1;
  132. sia.Value[2] = (BYTE) ia2;
  133. sia.Value[3] = (BYTE) ia3;
  134. sia.Value[4] = (BYTE) ia4;
  135. sia.Value[5] = (BYTE) ia5;
  137. }
  138. else
  139. {
  140. bSuccess = FALSE;
  141. break;
  142. }
  143. }
  144. else
  145. {
  146. DWORD bignumber;
  148. result = swscanf(sidIA,L"%lu",&bignumber);
  149. sia.Value[0] = 0;
  150. sia.Value[1] = 0;
  151. sia.Value[2] = BYTE( (bignumber & 0xff000000) >> 24);
  152. sia.Value[3] = BYTE( (bignumber & 0x00ff0000) >> 16);
  153. sia.Value[4] = BYTE( (bignumber & 0x0000ff00) >> 8);
  154. sia.Value[5] = BYTE(bignumber & 0x000000ff);
  155. }
  157. // read the subauthorities
  158. DWORD subs[10];
  160. memset(subs,0,(sizeof subs));
  162. result = swscanf(sidSubs,L"%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",&subs[0],&subs[1],&subs[2],&subs[3],&subs[4],
  163. &subs[5],&subs[6],&subs[7]);
  165. if ( result )
  166. {
  167. if ( !AllocateAndInitializeSid(&sia,(BYTE)result,subs[0],subs[1],subs[2],subs[3],subs[4],subs[5],subs[6],subs[7],&pSid) )
  168. {
  169. pSid = NULL;
  170. bSuccess = FALSE;
  171. }
  172. }
  173. }
  174. } while ( false);
  176. //see if IsValidSid also thinks this is valid
  177. if (pSid)
  178. {
  179. //if not valid, free it and return NULL
  180. if (!IsValidSid(pSid))
  181. {
  182. FreeSid(pSid);
  183. pSid = NULL;
  184. }
  185. }
  187. return pSid;
  188. }
  190. /*****************************************************************************************************/
  191. /* DomainizeSid:
  192. Takes a domain sid, and verifies that its last subauthority value is -1. If the RID is not
  193. -1, DomainizeSid adds a -1 to the end.
  194. /*****************************************************************************************************/
  195. PSID // ret -the sid with RID = -1
  196. DomainizeSid(
  197. PSID psid, // in -sid to check and possibly fix
  198. BOOL freeOldSid // in -whether to free the old sid
  199. )
  200. {
  201. MCSASSERT(psid);
  203. UCHAR len = (* GetSidSubAuthorityCount(psid));
  204. PDWORD sub = GetSidSubAuthority(psid,len-1);
  206. if ( *sub != -1 )
  207. {
  208. DWORD sdsize = GetSidLengthRequired(len+1); // sid doesn't already have -1 as rid
  209. PSID newsid = (SID *)malloc(sdsize); // copy the sid, and add -1 to the end
  211. if (newsid)
  212. {
  213. if ( ! InitializeSid(newsid,GetSidIdentifierAuthority(psid),len+1) ) // make a bigger sid w/same IA
  214. {
  215. MCSASSERT(false);
  216. }
  217. for ( DWORD i = 0 ; i < len ; i++ )
  218. {
  219. sub = GetSidSubAuthority(newsid,i); // copy subauthorities
  220. (*sub) = (*GetSidSubAuthority(psid,i));
  221. }
  222. sub = GetSidSubAuthority(newsid,len);
  223. *sub = -1; // set rid =-1
  224. if ( freeOldSid )
  225. {
  226. FreeSid(psid);
  227. }
  228. psid = newsid;
  229. len++;
  230. }
  231. else
  232. {
  233. return NULL;
  234. }
  235. }
  236. return psid;
  237. }
  239. /*********************************************************************
  240. * *
  241. * Written by: Paul Thompson *
  242. * Date: 4 OCT 2000 *
  243. * *
  244. * This function is responsible for taking the given source and *
  245. * target account SIDs and breaking them up and returning the src *
  246. * domain sid, src account rid, tgt domain sid, and tgt account rid. *
  247. * The caller must call "FreeSid" on the src and tgt domain sid *
  248. * pointers. *
  249. * *
  250. *********************************************************************/
  252. //BEGIN SplitAccountSids
  253. BOOL // ret - Success ? TRUE | FALSE
  254. SplitAccountSids(
  255. PSID srcSid, // in - src account sid
  256. WCHAR *srcDomainSid, // out - src domain sid textual
  257. DWORD *srcRid, // out - src account rid
  258. PSID tgtSid, // in - tgt account sid
  259. WCHAR *tgtDomainSid, // out - tgt domain sid textual
  260. DWORD *tgtRid // out - tgt account rid
  261. )
  262. {
  263. /* local variables */
  264. DWORD sidLen;
  265. UCHAR Count;
  266. PDWORD psubAuth;
  267. BOOL bSuccess = TRUE;
  268. DWORD lenTxt = MAX_PATH;
  270. /* function body */
  271. if ((!IsValidSid(srcSid)) && (!IsValidSid(tgtSid)))
  272. return FALSE;
  274. //split up the src account sid
  275. sidLen = GetLengthSid(srcSid);
  276. PSID srcDomSid = new BYTE[sidLen+1];
  277. if (!srcDomSid)
  278. return FALSE;
  280. if (!CopySid(sidLen+1, srcDomSid, srcSid))
  281. {
  282. delete [] srcDomSid;
  283. return FALSE;
  284. }
  286. //get the RID out of the SID and get the domain SID
  287. Count = (* GetSidSubAuthorityCount(srcDomSid));
  288. psubAuth = GetSidSubAuthority(srcDomSid, Count-1);
  289. if (psubAuth)
  290. {
  291. *srcRid = *psubAuth;
  292. *psubAuth = -1;
  293. }
  295. //convert domain sid to text format
  296. if (srcDomSid)
  297. {
  298. if (!GetTextualSid(srcDomSid,srcDomainSid,&lenTxt)) {
  299. delete [] srcDomSid;
  300. return FALSE;
  301. }
  303. delete [] srcDomSid;
  304. }
  306. //split up the tgt account sid
  307. sidLen = GetLengthSid(tgtSid);
  308. PSID tgtDomSid = new BYTE[sidLen+1];
  309. if (!tgtDomSid)
  310. return FALSE;
  312. if (!CopySid(sidLen+1, tgtDomSid, tgtSid))
  313. {
  314. delete [] tgtDomSid;
  315. return FALSE;
  316. }
  318. //get the RID out of the SID and get the domain SID
  319. Count = (* GetSidSubAuthorityCount(tgtDomSid));
  320. psubAuth = GetSidSubAuthority(tgtDomSid, Count-1);
  321. if (psubAuth)
  322. {
  323. *tgtRid = *psubAuth;
  324. *psubAuth = -1;
  325. }
  327. //convert domain sid to text format
  328. lenTxt = MAX_PATH;
  329. if (tgtDomSid)
  330. {
  331. if (!GetTextualSid(tgtDomSid,tgtDomainSid,&lenTxt)) {
  332. delete [] tgtDomSid;
  333. return FALSE;
  334. }
  336. delete [] tgtDomSid;
  337. }
  339. return bSuccess;
  340. }
  341. //END SplitAccountSids
  344. PSID // ret- binary representation of SID, or NULL caller must free using free()
  345. MallocedSidFromString(
  346. WCHAR const * strSid // in - string representation of SID
  347. )
  348. {
  349. /* local constants */
  350. const BYTE NUM_OF_SUBAUTHS = 8;
  352. /* local variables */
  353. BOOL bSuccess = TRUE;
  354. PSID pSid = (SID *)malloc(SECURITY_MAX_SID_SIZE); // create a new sid
  355. DWORD dwSidRev;
  356. WCHAR sidIA[100];
  357. WCHAR sidSubs[100];
  358. int ia0,ia1,ia2,ia3,ia4,ia5;
  359. SID_IDENTIFIER_AUTHORITY sia;
  361. /* function body */
  362. if (!pSid)
  363. return pSid;
  365. do
  366. {
  367. if ( strSid[0] != L'S' || strSid[1] != L'-' )
  368. {
  369. bSuccess = FALSE;
  370. break;
  371. }
  373. // Read SID revision level
  374. sidSubs[0] = 0;
  375. int result = swscanf(strSid,L"S-%d-%[^-]-%ls",&dwSidRev,sidIA,sidSubs);
  376. if ( result == 3 )
  377. {
  378. // evaluate the IA
  379. if ( sidIA[1] == L'x' )
  380. {
  381. // full format
  382. result = swscanf(sidIA,L"0x%02hx%02hx%02hx%02hx%02hx%02hx",&ia0,&ia1,&ia2,&ia3,&ia4,&ia5);
  383. if ( result == 6 )
  384. {
  385. sia.Value[0] = (BYTE) ia0;
  386. sia.Value[1] = (BYTE) ia1;
  387. sia.Value[2] = (BYTE) ia2;
  388. sia.Value[3] = (BYTE) ia3;
  389. sia.Value[4] = (BYTE) ia4;
  390. sia.Value[5] = (BYTE) ia5;
  391. }
  392. else
  393. {
  394. bSuccess = FALSE;
  395. break;
  396. }
  397. }
  398. else
  399. {
  400. DWORD bignumber;
  402. result = swscanf(sidIA,L"%lu",&bignumber);
  403. sia.Value[0] = 0;
  404. sia.Value[1] = 0;
  405. sia.Value[2] = BYTE( (bignumber & 0xff000000) >> 24);
  406. sia.Value[3] = BYTE( (bignumber & 0x00ff0000) >> 16);
  407. sia.Value[4] = BYTE( (bignumber & 0x0000ff00) >> 8);
  408. sia.Value[5] = BYTE(bignumber & 0x000000ff);
  409. }
  411. // read the subauthorities
  412. DWORD subs[10];
  414. memset(subs,0,(sizeof subs));
  416. result = swscanf(sidSubs,L"%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",&subs[0],&subs[1],&subs[2],&subs[3],&subs[4],
  417. &subs[5],&subs[6],&subs[7]);
  419. if ( result )
  420. {
  421. //initialize the new SID (result ids the number of sub authorities)
  422. if (!InitializeSid(pSid, &sia, (BYTE)result))
  423. {
  424. bSuccess = FALSE;
  425. break;
  426. }
  428. //add the sub authorities
  429. PDWORD sub;
  430. for (int ndx = 0; ndx < result; ndx++)
  431. {
  432. sub = GetSidSubAuthority(pSid, ndx);
  433. *sub = subs[ndx];
  434. }
  435. }
  436. }
  437. else
  438. {
  439. bSuccess = FALSE;
  440. break;
  441. }
  442. } while (FALSE);
  444. //if we failed above, free the sid
  445. if (!bSuccess)
  446. {
  447. free(pSid);
  448. pSid = NULL;
  449. }
  451. //see if IsValidSid also thinks this is valid
  452. if (pSid)
  453. {
  454. //if not valid, free it and return NULL
  455. if (!IsValidSid(pSid))
  456. {
  457. free(pSid);
  458. pSid = NULL;
  459. }
  460. }
  462. return pSid;
  463. }
  466. //---------------------------------------------------------------------------
  467. // SafeCopySid Function
  468. //
  469. // Synopsis
  470. // Creates a copy of the given SID if the given SID is valid.
  471. //
  472. // Arguments
  473. // IN pSidOld - the SID which is to be copied
  474. //
  475. // Return
  476. // A new SID which is a copy of the given SID. Must be freed using FreeSid().
  477. //---------------------------------------------------------------------------
  479. PSID __stdcall SafeCopySid(PSID pSidOld)
  480. {
  481. PSID pSidNew = NULL;
  483. if (pSidOld)
  484. {
  485. if (IsValidSid(pSidOld))
  486. {
  487. SID_IDENTIFIER_AUTHORITY sia = SECURITY_NULL_SID_AUTHORITY;
  488. PUCHAR pucCount = GetSidSubAuthorityCount(pSidOld);
  490. if (AllocateAndInitializeSid(&sia, *pucCount, 0, 0, 0, 0, 0, 0, 0, 0, &pSidNew))
  491. {
  492. if (!CopySid(GetLengthSid(pSidNew), pSidNew, pSidOld))
  493. {
  494. FreeSid(pSidNew);
  495. pSidNew = NULL;
  496. }
  497. }
  498. }
  499. }
  501. return pSidNew;
  502. }