archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/gina/snapins/gpedit/sid.cpp

566 lines
15 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //*************************************************************
  2. //
  3. // SID management functions.
  4. //
  5. // THESE FUNCTIONS ARE WINDOWS NT SPECIFIC!!!!!
  6. //
  7. // Microsoft Confidential
  8. // Copyright (c) Microsoft Corporation 1995
  9. // All rights reserved
  10. //
  11. //*************************************************************
  13. #include "main.h"
  15. /***************************************************************************\
  16. * GetSidString
  17. *
  18. * Allocates and returns a string representing the sid of the current user
  19. * The returned pointer should be freed using DeleteSidString().
  20. *
  21. * Returns a pointer to the string or NULL on failure.
  22. *
  23. * History:
  24. * 26-Aug-92 Davidc Created
  25. *
  26. \***************************************************************************/
  27. LPTSTR GetSidString(HANDLE UserToken)
  28. {
  29. NTSTATUS NtStatus;
  30. PSID UserSid;
  31. UNICODE_STRING UnicodeString;
  32. LPTSTR lpEnd;
  33. #ifndef UNICODE
  34. STRING String;
  35. #endif
  37. //
  38. // Get the user sid
  39. //
  41. UserSid = GetUserSid(UserToken);
  42. if (UserSid == NULL) {
  43. DebugMsg((DM_WARNING, TEXT("GetSidString: GetUserSid returned NULL")));
  44. return NULL;
  45. }
  47. //
  48. // Convert user SID to a string.
  49. //
  51. NtStatus = RtlConvertSidToUnicodeString(
  52. &UnicodeString,
  53. UserSid,
  54. (BOOLEAN)TRUE // Allocate
  55. );
  56. //
  57. // We're finished with the user sid
  58. //
  60. DeleteUserSid(UserSid);
  62. //
  63. // See if the conversion to a string worked
  64. //
  66. if (!NT_SUCCESS(NtStatus)) {
  67. DebugMsg((DM_WARNING, TEXT("GetSidString: RtlConvertSidToUnicodeString failed, status = 0x%x"),
  68. NtStatus));
  69. return NULL;
  70. }
  72. #ifdef UNICODE
  75. return(UnicodeString.Buffer);
  77. #else
  79. //
  80. // Convert the string to ansi
  81. //
  83. NtStatus = RtlUnicodeStringToAnsiString(&String, &UnicodeString, TRUE);
  84. RtlFreeUnicodeString(&UnicodeString);
  85. if (!NT_SUCCESS(NtStatus)) {
  86. DebugMsg((DM_WARNING, TEXT("GetSidString: RtlUnicodeStringToAnsiString failed, status = 0x%x"),
  87. status));
  88. return NULL;
  89. }
  92. return(String.Buffer);
  94. #endif
  96. }
  99. /***************************************************************************\
  100. * DeleteSidString
  101. *
  102. * Frees up a sid string previously returned by GetSidString()
  103. *
  104. * Returns nothing.
  105. *
  106. * History:
  107. * 26-Aug-92 Davidc Created
  108. *
  109. \***************************************************************************/
  110. VOID DeleteSidString(LPTSTR SidString)
  111. {
  113. #ifdef UNICODE
  114. UNICODE_STRING String;
  116. RtlInitUnicodeString(&String, SidString);
  118. RtlFreeUnicodeString(&String);
  119. #else
  120. ANSI_STRING String;
  122. RtlInitAnsiString(&String, SidString);
  124. RtlFreeAnsiString(&String);
  125. #endif
  127. }
  131. /***************************************************************************\
  132. * GetUserSid
  133. *
  134. * Allocs space for the user sid, fills it in and returns a pointer. Caller
  135. * The sid should be freed by calling DeleteUserSid.
  136. *
  137. * Note the sid returned is the user's real sid, not the per-logon sid.
  138. *
  139. * Returns pointer to sid or NULL on failure.
  140. *
  141. * History:
  142. * 26-Aug-92 Davidc Created.
  143. \***************************************************************************/
  144. PSID GetUserSid (HANDLE UserToken)
  145. {
  146. PTOKEN_USER pUser, pTemp;
  147. PSID pSid;
  148. DWORD BytesRequired = 200;
  149. NTSTATUS status;
  152. //
  153. // Allocate space for the user info
  154. //
  156. pUser = (PTOKEN_USER)LocalAlloc(LMEM_FIXED, BytesRequired);
  159. if (pUser == NULL) {
  160. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  161. BytesRequired));
  162. return NULL;
  163. }
  166. //
  167. // Read in the UserInfo
  168. //
  170. status = NtQueryInformationToken(
  171. UserToken, // Handle
  172. TokenUser, // TokenInformationClass
  173. pUser, // TokenInformation
  174. BytesRequired, // TokenInformationLength
  175. &BytesRequired // ReturnLength
  176. );
  178. if (status == STATUS_BUFFER_TOO_SMALL) {
  180. //
  181. // Allocate a bigger buffer and try again.
  182. //
  184. pTemp = (PTOKEN_USER)LocalReAlloc(pUser, BytesRequired, LMEM_MOVEABLE);
  185. if (pTemp == NULL) {
  186. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  187. BytesRequired));
  188. LocalFree (pUser);
  189. return NULL;
  190. }
  192. pUser = pTemp;
  194. status = NtQueryInformationToken(
  195. UserToken, // Handle
  196. TokenUser, // TokenInformationClass
  197. pUser, // TokenInformation
  198. BytesRequired, // TokenInformationLength
  199. &BytesRequired // ReturnLength
  200. );
  202. }
  204. if (!NT_SUCCESS(status)) {
  205. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to query user info from user token, status = 0x%x"),
  206. status));
  207. LocalFree(pUser);
  208. return NULL;
  209. }
  212. BytesRequired = RtlLengthSid(pUser->User.Sid);
  213. pSid = LocalAlloc(LMEM_FIXED, BytesRequired);
  214. if (pSid == NULL) {
  215. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  216. BytesRequired));
  217. LocalFree(pUser);
  218. return NULL;
  219. }
  222. status = RtlCopySid(BytesRequired, pSid, pUser->User.Sid);
  224. LocalFree(pUser);
  226. if (!NT_SUCCESS(status)) {
  227. DebugMsg((DM_WARNING, TEXT("GetUserSid: RtlCopySid Failed. status = %d"),
  228. status));
  229. LocalFree(pSid);
  230. pSid = NULL;
  231. }
  234. return pSid;
  235. }
  238. /***************************************************************************\
  239. * DeleteUserSid
  240. *
  241. * Deletes a user sid previously returned by GetUserSid()
  242. *
  243. * Returns nothing.
  244. *
  245. * History:
  246. * 26-Aug-92 Davidc Created
  247. *
  248. \***************************************************************************/
  249. VOID DeleteUserSid(PSID Sid)
  250. {
  251. LocalFree(Sid);
  252. }
  255. //+--------------------------------------------------------------------------
  256. //
  257. // Function: AllocateAndInitSidFromString
  258. //
  259. // Synopsis: given the string representation of a SID, this function
  260. // allocate and initializes a SID which the string represents
  261. // For more information on the string representation of SIDs
  262. // refer to ntseapi.h & ntrtl.h
  263. //
  264. // Arguments: [in] lpszSidStr : the string representation of the SID
  265. // [out] pSID : the actual SID structure created from the string
  266. //
  267. // Returns: STATUS_SUCCESS : if the sid structure was successfully created
  268. // or an error code based on errors that might occur
  269. //
  270. // History: 10/6/1998 RahulTh created
  271. //
  272. //---------------------------------------------------------------------------
  273. NTSTATUS AllocateAndInitSidFromString (const WCHAR* lpszSidStr, PSID* ppSid)
  274. {
  275. WCHAR * pSidStr = 0;
  276. WCHAR* pString = 0;
  277. NTSTATUS Status;
  278. WCHAR* pEnd = 0;
  279. int count;
  280. BYTE SubAuthCount;
  281. DWORD SubAuths[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  282. ULONG n;
  283. ULONG ulNoChars;
  284. SID_IDENTIFIER_AUTHORITY Auth;
  286. ulNoChars = lstrlen (lpszSidStr) + 1;
  287. pSidStr = (WCHAR *)LocalAlloc(LPTR, ulNoChars*sizeof(WCHAR));;
  288. if (!pSidStr)
  289. {
  290. Status = STATUS_NO_MEMORY;
  291. goto AllocAndInitSidFromStr_End;
  292. }
  294. HRESULT hr;
  296. hr = StringCchCopy (pSidStr, ulNoChars, lpszSidStr);
  297. ASSERT(SUCCEEDED(hr));
  299. pString = pSidStr;
  300. *ppSid = NULL;
  302. count = 0;
  303. do
  304. {
  305. pString = wcschr (pString, '-');
  306. if (NULL == pString)
  307. break;
  308. count++;
  309. pString++;
  310. } while (1);
  312. SubAuthCount = (BYTE)(count - 2);
  313. if (0 > SubAuthCount || 8 < SubAuthCount)
  314. {
  315. Status = ERROR_INVALID_SID;
  316. goto AllocAndInitSidFromStr_End;
  317. }
  319. pString = wcschr (pSidStr, L'-');
  320. pString++;
  321. pString = wcschr (pString, L'-'); //ignore the revision #
  322. pString++;
  323. pEnd = wcschr (pString, L'-'); //go to the beginning of subauths.
  324. if (NULL != pEnd) *pEnd = L'\0';
  326. Status = LoadSidAuthFromString (pString, &Auth);
  328. if (STATUS_SUCCESS != Status)
  329. goto AllocAndInitSidFromStr_End;
  331. for (count = 0; count < SubAuthCount; count++)
  332. {
  333. pString = pEnd + 1;
  334. pEnd = wcschr (pString, L'-');
  335. if (pEnd)
  336. *pEnd = L'\0';
  337. Status = GetIntFromUnicodeString (pString, 10, &n);
  338. if (STATUS_SUCCESS != Status)
  339. goto AllocAndInitSidFromStr_End;
  340. SubAuths[count] = n;
  341. }
  343. Status = RtlAllocateAndInitializeSid (&Auth, SubAuthCount,
  344. SubAuths[0], SubAuths[1], SubAuths[2],
  345. SubAuths[3], SubAuths[4], SubAuths[5],
  346. SubAuths[6], SubAuths[7], ppSid);
  348. AllocAndInitSidFromStr_End:
  349. if (pSidStr)
  350. LocalFree( pSidStr );
  351. return Status;
  352. }
  354. //+--------------------------------------------------------------------------
  355. //
  356. // Function: LoadSidAuthFromString
  357. //
  358. // Synopsis: given a string representing the SID authority (as it is
  359. // normally represented in string format, fill the SID_AUTH..
  360. // structure. For more details on the format of the string
  361. // representation of the sid authority, refer to ntseapi.h and
  362. // ntrtl.h
  363. //
  364. // Arguments: [in] pString : pointer to the unicode string
  365. // [out] pSidAuth : pointer to the SID_IDENTIFIER_AUTH.. that is
  366. // desired
  367. //
  368. // Returns: STATUS_SUCCESS if it succeeds
  369. // or an error code
  370. //
  371. // History: 9/29/1998 RahulTh created
  372. //
  373. //---------------------------------------------------------------------------
  374. NTSTATUS LoadSidAuthFromString (const WCHAR* pString,
  375. PSID_IDENTIFIER_AUTHORITY pSidAuth)
  376. {
  377. size_t len;
  378. int i;
  379. NTSTATUS Status;
  380. const ULONG LowByteMask = 0xFF;
  381. ULONG n;
  383. len = lstrlenW (pString);
  385. if (len > 2 && 'x' == pString[1])
  386. {
  387. //this is in hex.
  388. //so we must have exactly 14 characters
  389. //(2 each for each of the 6 bytes) + 2 for the leading 0x
  390. if (14 != len)
  391. {
  392. Status = ERROR_INVALID_SID;
  393. goto LoadAuthEnd;
  394. }
  396. for (i=0; i < 6; i++)
  397. {
  398. pString += 2; //we need to skip the leading 0x
  399. pSidAuth->Value[i] = (UCHAR)(((pString[0] - L'0') << 4) +
  400. (pString[1] - L'0'));
  401. }
  402. }
  403. else
  404. {
  405. //this is in decimal
  406. Status = GetIntFromUnicodeString (pString, 10, &n);
  407. if (Status != STATUS_SUCCESS)
  408. goto LoadAuthEnd;
  410. pSidAuth->Value[0] = pSidAuth->Value[1] = 0;
  411. for (i = 5; i >=2; i--, n>>=8)
  412. pSidAuth->Value[i] = (UCHAR)(n & LowByteMask);
  413. }
  415. Status = STATUS_SUCCESS;
  417. LoadAuthEnd:
  418. return Status;
  419. }
  421. //+--------------------------------------------------------------------------
  422. //
  423. // Function: GetIntfromUnicodeString
  424. //
  425. // Synopsis: converts a unicode string into an integer
  426. //
  427. // Arguments: [in] szNum : the number represented as a unicode string
  428. // [in] Base : the base in which the resultant int is desired
  429. // [out] pValue : pointer to the integer representation of the
  430. // number
  431. //
  432. // Returns: STATUS_SUCCESS if successful.
  433. // or some other error code
  434. //
  435. // History: 9/29/1998 RahulTh created
  436. //
  437. //---------------------------------------------------------------------------
  438. NTSTATUS GetIntFromUnicodeString (const WCHAR* szNum, ULONG Base, PULONG pValue)
  439. {
  440. WCHAR * pwszNumStr = 0;
  441. UNICODE_STRING StringW;
  442. size_t len;
  443. NTSTATUS Status;
  445. len = lstrlen (szNum);
  446. pwszNumStr = (WCHAR *)LocalAlloc( LPTR, (len + 1) * sizeof(WCHAR));
  448. if (!pwszNumStr)
  449. {
  450. Status = STATUS_NO_MEMORY;
  451. goto GetNumEnd;
  452. }
  454. HRESULT hr;
  456. hr = StringCchCopy (pwszNumStr, len+1, szNum);
  457. ASSERT(SUCCEEDED(hr));
  459. StringW.Length = len * sizeof(WCHAR);
  460. StringW.MaximumLength = StringW.Length + sizeof (WCHAR);
  461. StringW.Buffer = pwszNumStr;
  463. Status = RtlUnicodeStringToInteger (&StringW, Base, pValue);
  465. GetNumEnd:
  466. if (pwszNumStr)
  467. LocalFree( pwszNumStr );
  468. return Status;
  469. }
  472. //*************************************************************
  473. //
  474. // GetDomainSidFromRid()
  475. //
  476. // Purpose: Given one domain sid, constructs another domain sid
  477. // by replacing the tail by the passed in Rid
  478. //
  479. // Parameters: pSid - Given Domain Sid
  480. // dwRid - Domain Rid
  481. // ppNewSid - Pointer to the New Sid
  482. //
  483. // Return: ERROR_SUCCESS on Success
  484. // FALSE if an error occurs
  485. //
  486. // Comments:
  487. // Sid returned must be freed using FreeSid.
  488. //
  489. // History: Date Author Comment
  490. // 6/6/95 ericflo Created
  491. //
  492. //*************************************************************
  494. NTSTATUS GetDomainSidFromDomainRid(PSID pSid, DWORD dwRid, PSID *ppNewSid)
  495. {
  497. PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority;
  498. // pointer to identifier authority
  499. BYTE nSubAuthorityCount, i; // count of subauthorities
  500. DWORD dwSubAuthority[8]={0,0,0,0,0,0,0,0}; // subauthority
  501. PUCHAR pSubAuthCount;
  502. DWORD *pdwSubAuth;
  503. NTSTATUS Status=ERROR_SUCCESS;
  505. DmAssert(IsValidSid(pSid));
  507. //
  508. // Will fail only if passed in sid is invalid and in the case
  509. // the returned value is undefined.
  510. //
  512. pIdentifierAuthority = RtlIdentifierAuthoritySid(pSid);
  514. //
  515. // get the count of subauthorities
  516. //
  518. pSubAuthCount = RtlSubAuthorityCountSid (pSid);
  520. if (!pSubAuthCount) {
  521. Status = ERROR_INVALID_SID;
  522. goto Exit;
  523. }
  525. nSubAuthorityCount = *pSubAuthCount;
  527. //
  528. // get each of the subauthorities
  529. //
  531. for (i = 0; i < (nSubAuthorityCount-1); i++) {
  532. pdwSubAuth = RtlSubAuthoritySid(pSid, i);
  534. if (!pdwSubAuth) {
  535. Status = ERROR_INVALID_SID;
  536. goto Exit;
  537. }
  539. dwSubAuthority[i] = *pdwSubAuth;
  540. }
  542. dwSubAuthority[i] = dwRid;
  544. //
  545. // Allocate a sid with these..
  546. //
  548. Status = RtlAllocateAndInitializeSid(
  549. pIdentifierAuthority,
  550. nSubAuthorityCount,
  551. dwSubAuthority[0],
  552. dwSubAuthority[1],
  553. dwSubAuthority[2],
  554. dwSubAuthority[3],
  555. dwSubAuthority[4],
  556. dwSubAuthority[5],
  557. dwSubAuthority[6],
  558. dwSubAuthority[7],
  559. ppNewSid
  560. );
  562. Exit:
  564. // Sid, All Done
  565. return Status;
  566. }