archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/net/rras/ras/autodial/rasauto/imperson.c

1169 lines
28 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright(c) 1995 Microsoft Corporation
  5. MODULE NAME
  6. impersn.c
  8. ABSTRACT
  9. Impersonation routines for the automatic connection service.
  11. AUTHOR
  12. Anthony Discolo (adiscolo) 04-Aug-1995
  14. REVISION HISTORY
  16. --*/
  18. #define UNICODE
  19. #define _UNICODE
  21. #include <nt.h>
  22. #include <ntrtl.h>
  23. #include <nturtl.h>
  25. #include <stdlib.h>
  26. #include <windows.h>
  27. #include <stdio.h>
  28. #include <npapi.h>
  29. #include <acd.h>
  30. #include <debug.h>
  32. #include "reg.h"
  33. #include "misc.h"
  34. #include "process.h"
  35. #include "imperson.h"
  36. #include "mprlog.h"
  37. #include "rtutils.h"
  38. #include "rasman.h"
  40. extern HANDLE g_hLogEvent;
  42. extern DWORD g_dwCritSecFlags;
  44. DWORD
  45. LoadGroupMemberships();
  47. //
  48. // The static information we
  49. // need to impersonate the currently
  50. // logged-in user.
  51. //
  52. IMPERSONATION_INFO ImpersonationInfoG;
  54. //
  55. // TRUE if ImpersonationInfoG has been initialized
  56. //
  58. BOOLEAN ImpersonationInfoInitializedG = FALSE;
  60. //
  61. // Security attributes and descriptor
  62. // necessary for creating shareable handles.
  63. //
  64. SECURITY_ATTRIBUTES SecurityAttributeG;
  65. SECURITY_DESCRIPTOR SecurityDescriptorG;
  67. HKEY hkeyCUG = NULL;
  69. #ifdef notdef
  71. BOOLEAN
  72. InteractiveSession()
  74. /*++
  76. DESCRIPTION
  77. Determine whether the active process is owned by the
  78. currently logged-in user.
  80. ARGUMENTS
  81. None.
  83. RETURNS
  84. TRUE if it is, FALSE if it isn't.
  86. --*/
  88. {
  89. HANDLE hToken;
  90. BOOLEAN bStatus;
  91. ULONG ulInfoLength;
  92. PTOKEN_GROUPS pTokenGroupList;
  93. PTOKEN_USER pTokenUser;
  94. ULONG ulGroupIndex;
  95. BOOLEAN bFoundInteractive = FALSE;
  96. PSID InteractiveSid;
  97. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  98. static BOOLEAN fIsInteractiveSession = 0xffff;
  100. #if 0
  101. //
  102. // Return the previous value of this function
  103. // if we're called multiple times?! Doesn't
  104. // GetCurrentProcess() return different values?
  105. //
  106. if (fIsInteractiveSession != 0xffff) {
  107. return fIsInteractiveSession;
  108. }
  109. #endif
  111. bStatus = AllocateAndInitializeSid(
  112. &NtAuthority,
  113. 1,
  114. SECURITY_INTERACTIVE_RID,
  115. 0, 0, 0, 0, 0, 0, 0,
  116. &InteractiveSid);
  117. if (!bStatus) {
  118. RASAUTO_TRACE("InteractiveSession: AllocateAndInitializeSid failed");
  119. return (fIsInteractiveSession = FALSE);
  120. }
  121. if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
  122. RASAUTO_TRACE("InteractiveSession: OpenProcessToken failed");
  123. FreeSid(InteractiveSid);
  124. return (fIsInteractiveSession = FALSE);
  125. }
  126. //
  127. // Get a list of groups in the token.
  128. //
  129. GetTokenInformation(
  130. hToken,
  131. TokenGroups,
  132. NULL,
  133. 0,
  134. &ulInfoLength);
  135. pTokenGroupList = (PTOKEN_GROUPS)LocalAlloc(LPTR, ulInfoLength);
  136. if (pTokenGroupList == NULL) {
  137. RASAUTO_TRACE("InteractiveSession: LocalAlloc failed");
  138. FreeSid(InteractiveSid);
  139. return (fIsInteractiveSession = FALSE);
  140. }
  141. bStatus = GetTokenInformation(
  142. hToken,
  143. TokenGroups,
  144. pTokenGroupList,
  145. ulInfoLength,
  146. &ulInfoLength);
  147. if (!bStatus) {
  148. RASAUTO_TRACE("InteractiveSession: GetTokenInformation failed");
  149. FreeSid(InteractiveSid);
  150. LocalFree(pTokenGroupList);
  151. return (fIsInteractiveSession = FALSE);
  152. }
  153. //
  154. // Search group list for admin alias. If we
  155. // find a match, it most certainly is an
  156. // interactive process.
  157. //
  158. bFoundInteractive = FALSE;
  159. for (ulGroupIndex=0; ulGroupIndex < pTokenGroupList->GroupCount;
  160. ulGroupIndex++)
  161. {
  162. if (EqualSid(
  163. pTokenGroupList->Groups[ulGroupIndex].Sid,
  164. InteractiveSid))
  165. {
  166. bFoundInteractive = TRUE;
  167. break;
  168. }
  169. }
  171. if (!bFoundInteractive) {
  172. //
  173. // If we haven't found a match,
  174. // query and check the user ID.
  175. //
  176. GetTokenInformation(
  177. hToken,
  178. TokenUser,
  179. NULL,
  180. 0,
  181. &ulInfoLength);
  182. pTokenUser = LocalAlloc(LPTR, ulInfoLength);
  183. if (pTokenUser == NULL) {
  184. RASAUTO_TRACE("InteractiveSession: LocalAlloc failed");
  185. FreeSid(InteractiveSid);
  186. LocalFree(pTokenGroupList);
  187. return (fIsInteractiveSession = FALSE);
  188. }
  189. bStatus = GetTokenInformation(
  190. hToken,
  191. TokenUser,
  192. pTokenUser,
  193. ulInfoLength,
  194. &ulInfoLength);
  195. if (!bStatus) {
  196. RASAUTO_TRACE("InteractiveSession: GetTokenInformation failed");
  197. FreeSid(InteractiveSid);
  198. LocalFree(pTokenGroupList);
  199. LocalFree(pTokenUser);
  200. return (fIsInteractiveSession = FALSE);
  201. }
  202. if (EqualSid(pTokenUser->User.Sid, InteractiveSid))
  203. fIsInteractiveSession = TRUE;
  204. LocalFree(pTokenUser);
  205. }
  206. FreeSid(InteractiveSid);
  207. LocalFree(pTokenGroupList);
  209. return (fIsInteractiveSession = bFoundInteractive);
  210. }
  211. #endif
  215. BOOLEAN
  216. SetProcessImpersonationToken(
  217. HANDLE hProcess
  218. )
  219. {
  220. NTSTATUS status;
  221. HANDLE hThread,
  222. hToken = NULL;
  225. //
  226. // Open the impersonation token for the
  227. // process we want to impersonate.
  228. //
  229. if (ImpersonationInfoG.hTokenImpersonation == NULL)
  230. {
  231. if (!OpenProcessToken(
  232. hProcess,
  233. TOKEN_ALL_ACCESS,
  234. &hToken))
  235. {
  236. RASAUTO_TRACE1(
  237. "SetProcessImpersonationToken: OpenProcessToken failed (dwErr=%d)",
  238. GetLastError());
  240. return FALSE;
  241. }
  243. //
  244. // Duplicate the impersonation token.
  245. //
  246. if(!DuplicateToken(
  247. hToken,
  248. TokenImpersonation,
  249. &ImpersonationInfoG.hTokenImpersonation))
  250. {
  251. RASAUTO_TRACE1(
  252. "SetProcessImpersonationToken: NtSetInformationThread failed (error=%d)",
  253. GetLastError());
  255. return FALSE;
  256. }
  257. }
  259. //
  260. // Set the impersonation token on the current
  261. // thread. We are now running in the same
  262. // security context as the supplied process.
  263. //
  264. hThread = NtCurrentThread();
  265. status = NtSetInformationThread(
  266. hThread,
  267. ThreadImpersonationToken,
  268. (PVOID)&ImpersonationInfoG.hTokenImpersonation,
  269. sizeof (ImpersonationInfoG.hTokenImpersonation));
  271. if (status != STATUS_SUCCESS)
  272. {
  273. RASAUTO_TRACE1(
  274. "SetProcessImpersonationToken: NtSetInformationThread failed (error=%d)",
  275. GetLastError());
  276. }
  278. if(NULL != hToken)
  279. {
  280. CloseHandle(hToken);
  281. }
  283. return (status == STATUS_SUCCESS);
  284. } // SetProcessImpersonationToken
  288. VOID
  289. ClearImpersonationToken()
  290. {
  291. //
  292. // Clear the impersonation token on the current
  293. // thread. We are now running in LocalSystem
  294. // security context.
  295. //
  296. if (!SetThreadToken(NULL, NULL)) {
  297. DWORD retcode = GetLastError();
  299. RASAUTO_TRACE1(
  300. "ClearImpersonationToken: SetThreadToken failed (error=%d)",
  301. retcode);
  303. //
  304. // Event log that thread failed to revert.
  305. //
  306. RouterLogWarning(
  307. g_hLogEvent,
  308. ROUTERLOG_CANNOT_REVERT_IMPERSONATION,
  309. 0, NULL, retcode) ;
  310. }
  311. } // ClearImpersonationToken
  315. BOOLEAN
  316. SetPrivilege(
  317. HANDLE hToken,
  318. LPCTSTR Privilege,
  319. BOOLEAN fEnable
  320. )
  321. {
  322. TOKEN_PRIVILEGES tp;
  323. LUID luid;
  324. TOKEN_PRIVILEGES tpPrevious;
  325. DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
  327. if (!LookupPrivilegeValue(NULL, Privilege, &luid))
  328. return FALSE;
  330. //
  331. // First pass. Get current privilege setting.
  332. //
  333. tp.PrivilegeCount = 1;
  334. tp.Privileges[0].Luid = luid;
  335. tp.Privileges[0].Attributes = 0;
  337. AdjustTokenPrivileges(
  338. hToken,
  339. FALSE,
  340. &tp,
  341. sizeof(TOKEN_PRIVILEGES),
  342. &tpPrevious,
  343. &cbPrevious);
  345. if (GetLastError() != ERROR_SUCCESS)
  346. return FALSE;
  348. //
  349. // Second pass. Set privilege based on previous setting
  350. //
  351. tpPrevious.PrivilegeCount = 1;
  352. tpPrevious.Privileges[0].Luid = luid;
  354. if (fEnable)
  355. tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
  356. else {
  357. tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
  358. tpPrevious.Privileges[0].Attributes);
  359. }
  361. AdjustTokenPrivileges(
  362. hToken,
  363. FALSE,
  364. &tpPrevious,
  365. cbPrevious,
  366. NULL,
  367. NULL);
  369. if (GetLastError() != ERROR_SUCCESS)
  370. return FALSE;
  372. return TRUE;
  373. } // SetPrivilege
  377. BOOLEAN
  378. GetCurrentlyLoggedOnUser(
  379. HANDLE *phProcess
  380. )
  381. {
  382. BOOLEAN fSuccess = FALSE;
  383. HKEY hkey;
  384. DWORD dwErr, dwType;
  385. DWORD dwDisp;
  386. WCHAR *pszShell = NULL, **pszShellArray = NULL;
  387. PSYSTEM_PROCESS_INFORMATION pSystemInfo, pProcessInfo;
  388. PWCHAR psz, pszStart;
  389. DWORD i, dwSize, dwcCommands;
  390. NTSTATUS status;
  391. HANDLE hProcess = NULL;
  392. DWORD dwPid = 0;
  394. //
  395. // Get the shell process name. We will look for this
  396. // to find out who the currently logged-on user is.
  397. // Create a unicode string that describes this name.
  398. //
  399. if (RegCreateKeyEx(
  400. HKEY_LOCAL_MACHINE,
  401. SHELL_REGKEY,
  402. 0,
  403. NULL,
  404. REG_OPTION_NON_VOLATILE,
  405. KEY_ALL_ACCESS,
  406. NULL,
  407. &hkey,
  408. &dwDisp) == ERROR_SUCCESS)
  409. {
  410. dwSize = 0;
  411. if (RegQueryValueEx(
  412. hkey,
  413. SHELL_REGVAL,
  414. NULL,
  415. &dwType,
  416. NULL,
  417. &dwSize) == ERROR_SUCCESS)
  418. {
  419. pszShell = (PWCHAR)LocalAlloc(LPTR, dwSize + sizeof (WCHAR));
  420. if (pszShell == NULL) {
  421. RegCloseKey(hkey);
  422. return FALSE;
  423. }
  424. dwErr = RegQueryValueEx(
  425. hkey,
  426. SHELL_REGVAL,
  427. NULL,
  428. &dwType,
  429. (LPBYTE)pszShell,
  430. &dwSize);
  431. RegCloseKey(hkey);
  432. if (dwErr != ERROR_SUCCESS || dwType != REG_SZ) {
  433. LocalFree(pszShell);
  434. pszShell = NULL;
  435. }
  436. }
  437. }
  438. //
  439. // If no shell was found, use DEFAULT_SHELL.
  440. //
  441. if (pszShell == NULL) {
  442. pszShell = (PWCHAR)LocalAlloc(
  443. LPTR,
  444. (lstrlen(DEFAULT_SHELL) + 1) * sizeof (WCHAR));
  445. if (pszShell == NULL)
  446. return FALSE;
  447. lstrcpy(pszShell, DEFAULT_SHELL);
  448. }
  449. RASAUTO_TRACE1("ImpersonateCurrentlyLoggedInUser: pszShell is %S", pszShell);
  450. //
  451. // This string can be a comma separated list,
  452. // so we need to parse it into a list of commands.
  453. //
  454. dwcCommands = 1;
  455. for (psz = pszShell; *psz != L'\0'; psz++) {
  456. if (*psz == L',')
  457. dwcCommands++;
  458. }
  459. //
  460. // Allocate the list of string pointers.
  461. //
  462. pszShellArray = LocalAlloc(LPTR, sizeof (PWCHAR) * dwcCommands);
  463. if (pszShellArray == NULL) {
  464. LocalFree(pszShell);
  465. return FALSE;
  466. }
  467. //
  468. // Ignore any arguments from the command line.
  469. //
  470. dwcCommands = 0;
  471. psz = pszShell;
  472. pszStart = NULL;
  473. for (;;) {
  474. if (*psz == L'\0') {
  475. if (pszStart != NULL)
  476. pszShellArray[dwcCommands++] = pszStart;
  477. break;
  478. }
  479. else if (*psz == L',') {
  480. if (pszStart != NULL)
  481. pszShellArray[dwcCommands++] = pszStart;
  482. *psz = L'\0';
  483. pszStart = NULL;
  484. }
  485. else if (*psz == L' ') {
  486. if (pszStart != NULL)
  487. *psz = L'\0';
  488. }
  489. else {
  490. if (pszStart == NULL)
  491. pszStart = psz;
  492. }
  493. psz++;
  494. }
  495. for (i = 0; i < dwcCommands; i++) {
  496. RASAUTO_TRACE2(
  497. "ImpersonateCurrentlyLoggedInUser: pszShellArray[%d] is %S",
  498. i,
  499. pszShellArray[i]);
  500. }
  501. //
  502. // Get the process list.
  503. //
  504. pSystemInfo = GetSystemProcessInfo();
  506. if(NULL == pSystemInfo)
  507. {
  508. LocalFree(pszShell);
  509. LocalFree(pszShellArray);
  510. return FALSE;
  511. }
  513. while(TRUE)
  514. {
  515. //
  516. // See if any of the processes are running.
  517. //
  518. pProcessInfo =
  519. FindProcessByNameList(
  520. pSystemInfo,
  521. pszShellArray,
  522. dwcCommands,
  523. dwPid,
  524. ImpersonationInfoG.fSessionInitialized,
  525. ImpersonationInfoG.dwCurSessionId);
  526. //
  527. // Open the process token if we've found a match.
  528. //
  529. if (pProcessInfo != NULL)
  530. {
  531. HANDLE hToken;
  533. //
  534. // Open the process.
  535. //
  536. hProcess = OpenProcess(
  537. PROCESS_ALL_ACCESS,
  538. FALSE,
  539. PtrToUlong(pProcessInfo->UniqueProcessId));
  540. if (hProcess == NULL)
  541. {
  542. RASAUTO_TRACE2(
  543. "ImpersonateCurrentlyLoggedInUser: OpenProcess(%d) failed (dwErr=%d)",
  544. PtrToUlong(pProcessInfo->UniqueProcessId),
  545. GetLastError());
  547. dwPid = PtrToUlong(pProcessInfo->UniqueProcessId);
  548. }
  549. else
  550. {
  552. fSuccess = TRUE;
  553. break;
  554. }
  555. }
  556. else
  557. {
  558. break;
  559. }
  560. }
  562. #ifdef notdef
  563. done:
  564. #endif
  565. //
  566. // Free resources.
  567. //
  568. FreeSystemProcessInfo(pSystemInfo);
  569. if (pszShell != NULL)
  570. LocalFree(pszShell);
  571. if (pszShellArray != NULL)
  572. LocalFree(pszShellArray);
  573. //
  574. // Return process handle.
  575. //
  576. *phProcess = hProcess;
  578. return fSuccess;
  579. } // GetCurrentlyLoggedOnUser
  581. DWORD
  582. SetCurrentLoginSession(
  583. IN DWORD dwSessionId)
  584. {
  585. RASAUTO_TRACE1("SetCurrentLoginSession %d", dwSessionId);
  587. EnterCriticalSection(&ImpersonationInfoG.csLock);
  589. ImpersonationInfoG.dwCurSessionId = dwSessionId;
  590. ImpersonationInfoG.fSessionInitialized = TRUE;
  592. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  594. return NO_ERROR;
  595. }
  597. HANDLE
  598. RefreshImpersonation(
  599. HANDLE hProcess
  600. )
  601. {
  602. NTSTATUS status;
  604. EnterCriticalSection(&ImpersonationInfoG.csLock);
  605. //
  606. // If the process still exists,
  607. // we can return.
  608. //
  609. if (ImpersonationInfoG.hProcess != NULL &&
  610. hProcess == ImpersonationInfoG.hProcess)
  611. {
  612. RASAUTO_TRACE1("RefreshImpersonation: hProcess=0x%x no change", hProcess);
  613. goto done;
  614. }
  615. //
  616. // Otherwise recalcuate the current information.
  617. // We have to clear the previous impersonation token,
  618. // if any.
  619. //
  620. if (hProcess != NULL)
  621. ClearImpersonationToken();
  622. if (ImpersonationInfoG.hProcess == NULL) {
  623. RASAUTO_TRACE("RefreshImpersonation: recalcuating token");
  624. if (!GetCurrentlyLoggedOnUser(&ImpersonationInfoG.hProcess)) {
  625. RASAUTO_TRACE("RefreshImpersonation: GetCurrentlyLoggedOnUser failed");
  626. goto done;
  627. }
  628. RASAUTO_TRACE("RefreshImpersonation: new user logged in");
  629. }
  630. //
  631. // Impersonate the currently logged-in user.
  632. //
  633. if (!SetProcessImpersonationToken(ImpersonationInfoG.hProcess))
  634. {
  635. RASAUTO_TRACE(
  636. "RefreshImpersonation: SetProcessImpersonationToken failed");
  637. goto done;
  638. }
  639. #ifdef notdef // imperson
  640. //
  641. // Reset HKEY_CURRENT_USER to get the
  642. // correct value with the new impersonation
  643. // token.
  644. //
  645. RegCloseKey(HKEY_CURRENT_USER);
  646. #endif
  647. RASAUTO_TRACE1(
  648. "RefreshImpersonation: new hProcess=0x%x",
  649. ImpersonationInfoG.hProcess);
  650. TraceCurrentUser();
  652. //
  653. // Open the currently logged on users hive and store it in a global
  654. //
  655. if(NULL != hkeyCUG)
  656. {
  657. NtClose(hkeyCUG);
  658. hkeyCUG = NULL;
  659. }
  661. if(STATUS_SUCCESS != RtlOpenCurrentUser(KEY_ALL_ACCESS, &hkeyCUG))
  662. {
  663. RASAUTO_TRACE("Failed to open HKCU for the current user");
  664. }
  666. done:
  667. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  669. return ImpersonationInfoG.hProcess;
  670. } // RefreshImpersonation
  674. VOID
  675. RevertImpersonation()
  677. /*++
  679. DESCRIPTION
  680. Close all open handles associated with the
  681. logged-in user who has just logged out.
  683. ARGUMENTS
  684. None.
  686. RETURN VALUE
  687. None.
  689. --*/
  691. {
  692. EnterCriticalSection(&ImpersonationInfoG.csLock);
  694. if(ImpersonationInfoG.hToken != NULL)
  695. {
  696. CloseHandle(ImpersonationInfoG.hToken);
  697. ImpersonationInfoG.hToken = NULL;
  698. }
  700. if(ImpersonationInfoG.hTokenImpersonation != NULL)
  701. {
  702. CloseHandle(ImpersonationInfoG.hTokenImpersonation);
  703. ImpersonationInfoG.hTokenImpersonation = NULL;
  704. }
  706. if(ImpersonationInfoG.hProcess != NULL)
  707. {
  708. CloseHandle(ImpersonationInfoG.hProcess);
  709. ImpersonationInfoG.hProcess = NULL;
  710. }
  712. ImpersonationInfoG.fGroupsLoaded = FALSE;
  714. if(NULL != hkeyCUG)
  715. {
  716. NtClose(hkeyCUG);
  717. hkeyCUG = NULL;
  718. }
  720. //
  721. // Clear the thread's impersonation
  722. // token, or it won't be able to open
  723. // another user's process the next
  724. // time around.
  725. //
  726. ClearImpersonationToken();
  727. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  728. } // RevertImpersonation
  732. DWORD
  733. InitSecurityDescriptor(
  734. IN PSECURITY_DESCRIPTOR pSecurityDescriptor
  735. )
  737. /*++
  739. DESCRIPTION
  740. Initialize a security descriptor allowing administrator
  741. access for the sharing of handles between rasman.dll.
  743. This code courtesy of Gurdeep. You need to ask him
  744. exactly what it does.
  746. ARGUMENTS
  747. pSecurityDescriptor: a pointer to the security descriptor
  748. to be initialized.
  750. RETURN VALUE
  751. Win32 error code.
  753. --*/
  755. {
  756. DWORD dwErr = 0;
  757. DWORD cbDaclSize;
  758. PULONG pSubAuthority;
  759. PSID pObjSid = NULL;
  760. PACL pDacl = NULL;
  761. SID_IDENTIFIER_AUTHORITY sidIdentifierWorldAuth =
  762. SECURITY_WORLD_SID_AUTHORITY;
  764. DWORD dwAcls;
  766. //
  767. // Set up the SID for the adminstrators that
  768. // will be allowed access. This SID will have
  769. // 1 sub-authorities: SECURITY_BUILTIN_DOMAIN_RID.
  770. //
  771. pObjSid = (PSID)LocalAlloc(LPTR, GetSidLengthRequired(1));
  772. if (pObjSid == NULL) {
  773. RASAUTO_TRACE("InitSecurityDescriptor: LocalAlloc failed");
  774. return GetLastError();
  775. }
  776. if (!InitializeSid(pObjSid, &sidIdentifierWorldAuth, 1)) {
  777. dwErr = GetLastError();
  778. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeSid failed (dwErr=0x%x)", dwErr);
  779. goto done;
  780. }
  781. //
  782. // Set the sub-authorities.
  783. //
  784. pSubAuthority = GetSidSubAuthority(pObjSid, 0);
  785. *pSubAuthority = SECURITY_WORLD_RID;
  786. //
  787. // Set up the DACL that will allow
  788. // all processes with the above SID all
  789. // access. It should be large enough to
  790. // hold all ACEs.
  791. //
  792. cbDaclSize = sizeof(ACCESS_ALLOWED_ACE) +
  793. GetLengthSid(pObjSid) +
  794. sizeof (ACL);
  795. pDacl = (PACL)LocalAlloc(LPTR, cbDaclSize);
  796. if (pDacl == NULL ) {
  797. RASAUTO_TRACE("InitSecurityDescriptor: LocalAlloc failed");
  798. dwErr = GetLastError();
  799. goto done;
  800. }
  801. if (!InitializeAcl(pDacl, cbDaclSize, ACL_REVISION2)) {
  802. dwErr = GetLastError();
  803. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeAcl failed (dwErr=0x%x)", dwErr);
  804. goto done;
  805. }
  807. dwAcls = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
  809. dwAcls &= ~(WRITE_DAC | WRITE_OWNER);
  811. //
  812. // Add the ACE to the DACL
  813. //
  814. if (!AddAccessAllowedAce(
  815. pDacl,
  816. ACL_REVISION2,
  817. dwAcls,
  818. pObjSid))
  819. {
  820. dwErr = GetLastError();
  821. RASAUTO_TRACE1("InitSecurityDescriptor: AddAccessAllowedAce failed (dwErr=0x%x)", dwErr);
  822. goto done;
  823. }
  824. //
  825. // Create the security descriptor an put
  826. // the DACL in it.
  827. //
  828. if (!InitializeSecurityDescriptor(pSecurityDescriptor, 1)) {
  829. dwErr = GetLastError();
  830. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeSecurityDescriptor failed (dwErr=0x%x)", dwErr);
  831. goto done;
  832. }
  833. if (!SetSecurityDescriptorDacl(
  834. pSecurityDescriptor,
  835. TRUE,
  836. pDacl,
  837. FALSE))
  838. {
  839. dwErr = GetLastError();
  840. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorDacl failed (dwErr=0x%x)", dwErr);
  841. goto done;
  842. }
  843. //
  844. // Set owner for the descriptor.
  845. //
  846. if (!SetSecurityDescriptorOwner(pSecurityDescriptor, NULL, FALSE)) {
  847. dwErr = GetLastError();
  848. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorOwner failed (dwErr=0x%x)", dwErr);
  849. goto done;
  850. }
  851. //
  852. // Set group for the descriptor.
  853. //
  854. if (!SetSecurityDescriptorGroup(pSecurityDescriptor, NULL, FALSE)) {
  855. dwErr = GetLastError();
  856. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorGroup failed (dwErr=0x%x)", dwErr);
  857. goto done;
  858. }
  860. done:
  861. //
  862. // Cleanup if necessary.
  863. //
  864. if (dwErr) {
  865. if (pObjSid != NULL)
  866. LocalFree(pObjSid);
  867. if (pDacl != NULL)
  868. LocalFree(pDacl);
  869. }
  870. return dwErr;
  871. }
  875. DWORD
  876. InitSecurityAttribute()
  878. /*++
  880. DESCRIPTION
  881. Initializes the global security attribute used in
  882. creating shareable handles.
  884. This code courtesy of Gurdeep. You need to ask him
  885. exactly what it does.
  887. ARGUMENTS
  888. None.
  890. RETURN VALUE
  891. Win32 error code.
  893. --*/
  895. {
  896. DWORD dwErr;
  898. //
  899. // Initialize the security descriptor.
  900. //
  901. dwErr = InitSecurityDescriptor(&SecurityDescriptorG);
  902. if (dwErr)
  903. return dwErr;
  904. //
  905. // Initialize the security attributes.
  906. //
  907. SecurityAttributeG.nLength = sizeof(SECURITY_ATTRIBUTES);
  908. SecurityAttributeG.lpSecurityDescriptor = &SecurityDescriptorG;
  909. SecurityAttributeG.bInheritHandle = TRUE;
  911. return 0;
  912. }
  916. VOID
  917. TraceCurrentUser(VOID)
  918. {
  919. //WCHAR szUserName[512];
  920. //DWORD dwSize = sizeof (szUserName) - 1;
  922. //GetUserName(szUserName, &dwSize);
  923. RASAUTO_TRACE1(
  924. "TraceCurrentUser: impersonating Current User %d",
  925. ImpersonationInfoG.dwCurSessionId);
  926. } // TraceCurrentUser
  928. DWORD
  929. DwGetHkcu()
  930. {
  931. DWORD dwErr = ERROR_SUCCESS;
  933. if(NULL == hkeyCUG)
  934. {
  935. dwErr = RtlOpenCurrentUser(
  936. KEY_ALL_ACCESS,
  937. &hkeyCUG);
  939. if(ERROR_SUCCESS != dwErr)
  940. {
  941. RASAUTO_TRACE1("DwGetHhcu: failed to open current user. 0x%x",
  942. dwErr);
  944. goto done;
  945. }
  946. }
  948. done:
  949. return dwErr;
  950. }
  953. DWORD
  954. InitializeImpersonation()
  956. /*++
  958. DESCRIPTION
  959. Initializes the global structures used for impersonation
  961. ARGUMENTS
  962. None
  964. RETURN VALUE
  965. Win32 error code.
  967. --*/
  969. {
  970. DWORD dwError = ERROR_SUCCESS;
  972. if (!ImpersonationInfoInitializedG)
  973. {
  974. ZeroMemory(&ImpersonationInfoG, sizeof(ImpersonationInfoG));
  975. RasInitializeCriticalSection(&ImpersonationInfoG.csLock, &dwError);
  977. if(dwError != ERROR_SUCCESS)
  978. {
  979. return dwError;
  980. }
  982. g_dwCritSecFlags |= RASAUTO_CRITSEC_IMPERSON;
  984. ImpersonationInfoInitializedG = TRUE;
  985. }
  987. return dwError;
  988. }
  991. VOID
  992. CleanupImpersonation()
  994. /*++
  996. DESCRIPTION
  997. Cleans up the global structures used for impersonation
  999. ARGUMENTS
  1000. None
  1002. RETURN VALUE
  1003. None
  1005. --*/
  1007. {
  1008. if (ImpersonationInfoInitializedG)
  1009. {
  1010. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1012. if (NULL != ImpersonationInfoG.pGuestSid)
  1013. {
  1014. FreeSid(ImpersonationInfoG.pGuestSid);
  1015. ImpersonationInfoG.pGuestSid = NULL;
  1016. }
  1018. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1019. DeleteCriticalSection(&ImpersonationInfoG.csLock);
  1020. g_dwCritSecFlags &= ~(RASAUTO_CRITSEC_IMPERSON);
  1021. ImpersonationInfoInitializedG = FALSE;
  1022. }
  1023. }
  1026. BOOLEAN
  1027. ImpersonatingGuest()
  1029. /*++
  1031. DESCRIPTION
  1032. Returns whether or not the user that is currently being impersonating
  1033. is a member of the local guests group
  1035. ARGUMENTS
  1036. None
  1038. RETURN VALUE
  1039. BOOLEAN -- TRUE if currently impersonating a guests, FALSE otherwise
  1041. --*/
  1043. {
  1044. BOOLEAN fIsGuest = FALSE;
  1046. ASSERT(ImpersonationInfoInitializedG);
  1048. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1050. if (ERROR_SUCCESS == LoadGroupMemberships())
  1051. {
  1052. fIsGuest = ImpersonationInfoG.fGuest;
  1053. }
  1055. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1057. return fIsGuest;
  1058. }
  1061. DWORD
  1062. LoadGroupMemberships()
  1064. /*++
  1066. DESCRIPTION
  1067. Caches the group membership information for the impersonated user.
  1069. ARGUMENTS
  1070. None
  1072. RETURN VALUE
  1073. Win32 error code.
  1075. --*/
  1077. {
  1078. DWORD dwError = ERROR_SUCCESS;
  1079. SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_NT_AUTHORITY;
  1080. BOOL fIsGuest;
  1082. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1084. do
  1085. {
  1086. if (ImpersonationInfoG.fGroupsLoaded)
  1087. {
  1088. //
  1089. // Information already loaded
  1090. //
  1092. break;
  1093. }
  1095. if (NULL == ImpersonationInfoG.hTokenImpersonation)
  1096. {
  1097. //
  1098. // There isn't an impersonated user.
  1099. //
  1101. dwError = ERROR_CAN_NOT_COMPLETE;
  1102. break;
  1103. }
  1105. if (NULL == ImpersonationInfoG.pGuestSid)
  1106. {
  1107. //
  1108. // Allocate the SID for the local guests group;
  1109. //
  1111. if (!AllocateAndInitializeSid(
  1112. &IdentifierAuthority,
  1113. 2,
  1114. SECURITY_BUILTIN_DOMAIN_RID,
  1115. DOMAIN_ALIAS_RID_GUESTS,
  1116. 0,
  1117. 0,
  1118. 0,
  1119. 0,
  1120. 0,
  1121. 0,
  1122. &ImpersonationInfoG.pGuestSid
  1123. ))
  1124. {
  1125. dwError = GetLastError();
  1126. break;
  1127. }
  1128. }
  1130. if (!CheckTokenMembership(
  1131. ImpersonationInfoG.hTokenImpersonation,
  1132. ImpersonationInfoG.pGuestSid,
  1133. &fIsGuest
  1134. ))
  1135. {
  1136. dwError = GetLastError();
  1137. break;
  1138. }
  1140. ImpersonationInfoG.fGuest = !!fIsGuest;
  1142. } while (FALSE);
  1144. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1146. return dwError;
  1147. }
  1149. VOID
  1150. LockImpersonation()
  1151. {
  1152. ASSERT(ImpersonationInfoInitializedG);
  1154. if(ImpersonationInfoInitializedG)
  1155. {
  1156. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1157. }
  1158. }
  1160. VOID
  1161. UnlockImpersonation()
  1162. {
  1163. ASSERT(ImpersonationInfoInitializedG);
  1165. if(ImpersonationInfoInitializedG)
  1166. {
  1167. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1168. }
  1169. }