archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/shell/lib/generic/tokeninformation.cpp

500 lines
16 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // --------------------------------------------------------------------------
  2. // Module Name: TokenInformation.h
  3. //
  4. // Copyright (c) 1999-2000, Microsoft Corporation
  5. //
  6. // Class to get information about either the current thread/process token or
  7. // a specified token.
  8. //
  9. // History: 1999-10-05 vtan created
  10. // 2000-02-01 vtan moved from Neptune to Whistler
  11. // --------------------------------------------------------------------------
  13. #include "StandardHeader.h"
  14. #include "TokenInformation.h"
  16. // --------------------------------------------------------------------------
  17. // CTokenInformation::CTokenInformation
  18. //
  19. // Arguments: hToken = Optional user token to get information on.
  20. //
  21. // Returns: <none>
  22. //
  23. // Purpose: Duplicates the given token if provided. Otherwise the thread
  24. // token is opened or the process token if that doesn't exist.
  25. //
  26. // History: 1999-10-05 vtan created
  27. // --------------------------------------------------------------------------
  29. CTokenInformation::CTokenInformation (HANDLE hToken) :
  30. _hToken(hToken),
  31. _hTokenToRelease(NULL),
  32. _pvGroupBuffer(NULL),
  33. _pvPrivilegeBuffer(NULL),
  34. _pvUserBuffer(NULL),
  35. _pszUserLogonName(NULL),
  36. _pszUserDisplayName(NULL)
  38. {
  39. if (hToken == NULL)
  40. {
  41. if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &_hToken) == FALSE)
  42. {
  43. TBOOL(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &_hToken));
  44. }
  45. if (_hToken != NULL)
  46. {
  47. _hTokenToRelease = _hToken;
  48. }
  49. }
  50. }
  52. // --------------------------------------------------------------------------
  53. // CTokenInformation::~CTokenInformation
  54. //
  55. // Arguments: <none>
  56. //
  57. // Returns: <none>
  58. //
  59. // Purpose: Releases resources used by the object.
  60. //
  61. // History: 1999-10-05 vtan created
  62. // --------------------------------------------------------------------------
  64. CTokenInformation::~CTokenInformation (void)
  66. {
  67. ReleaseMemory(_pszUserLogonName);
  68. ReleaseMemory(_pszUserDisplayName);
  69. ReleaseMemory(_pvUserBuffer);
  70. ReleaseMemory(_pvPrivilegeBuffer);
  71. ReleaseMemory(_pvGroupBuffer);
  72. ReleaseHandle(_hTokenToRelease);
  73. }
  75. // --------------------------------------------------------------------------
  76. // CTokenInformation::GetLogonSID
  77. //
  78. // Arguments: <none>
  79. //
  80. // Returns: PSID
  81. //
  82. // Purpose: Gets token information for the token groups. Walks the groups
  83. // looking for the SID with SE_GROUP_LOGON_ID and returns a
  84. // pointer to this SID. This memory is available for the scope
  85. // of the object.
  86. //
  87. // History: 1999-10-05 vtan created
  88. // --------------------------------------------------------------------------
  90. PSID CTokenInformation::GetLogonSID (void)
  92. {
  93. PSID pSID;
  95. pSID = NULL;
  96. if ((_hToken != NULL) && (_pvGroupBuffer == NULL))
  97. {
  98. GetTokenGroups();
  99. }
  100. if (_pvGroupBuffer != NULL)
  101. {
  102. ULONG ulIndex, ulLimit;
  103. TOKEN_GROUPS *pTG;
  105. pTG = reinterpret_cast<TOKEN_GROUPS*>(_pvGroupBuffer);
  106. ulLimit = pTG->GroupCount;
  107. for (ulIndex = 0; (pSID == NULL) && (ulIndex < ulLimit); ++ulIndex)
  108. {
  109. if ((pTG->Groups[ulIndex].Attributes & SE_GROUP_LOGON_ID) != 0)
  110. {
  111. pSID = pTG->Groups[ulIndex].Sid;
  112. }
  113. }
  114. }
  115. return(pSID);
  116. }
  118. // --------------------------------------------------------------------------
  119. // CTokenInformation::GetUserSID
  120. //
  121. // Arguments: <none>
  122. //
  123. // Returns: PSID
  124. //
  125. // Purpose: Gets token information for the token user. This returns the
  126. // SID for the user of the token. This memory is available for
  127. // the scope of the object.
  128. //
  129. // History: 1999-10-05 vtan created
  130. // --------------------------------------------------------------------------
  132. PSID CTokenInformation::GetUserSID (void)
  134. {
  135. PSID pSID;
  137. if ((_pvUserBuffer == NULL) && (_hToken != NULL))
  138. {
  139. DWORD dwReturnLength;
  141. dwReturnLength = 0;
  142. (BOOL)GetTokenInformation(_hToken, TokenUser, NULL, 0, &dwReturnLength);
  143. _pvUserBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  144. if ((_pvUserBuffer != NULL) &&
  145. (GetTokenInformation(_hToken, TokenUser, _pvUserBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  146. {
  147. ReleaseMemory(_pvUserBuffer);
  148. _pvUserBuffer = NULL;
  149. }
  150. }
  151. if (_pvUserBuffer != NULL)
  152. {
  153. pSID = reinterpret_cast<TOKEN_USER*>(_pvUserBuffer)->User.Sid;
  154. }
  155. else
  156. {
  157. pSID = NULL;
  158. }
  159. return(pSID);
  160. }
  162. // --------------------------------------------------------------------------
  163. // CTokenInformation::IsUserTheSystem
  164. //
  165. // Arguments: <none>
  166. //
  167. // Returns: bool
  168. //
  169. // Purpose: Gets token information for the token user. This returns
  170. // whether the user is the local system.
  171. //
  172. // History: 1999-12-13 vtan created
  173. // --------------------------------------------------------------------------
  175. bool CTokenInformation::IsUserTheSystem (void)
  177. {
  178. static const LUID sLUIDSystem = SYSTEM_LUID;
  180. ULONG ulReturnLength;
  181. TOKEN_STATISTICS tokenStatistics;
  183. return((GetTokenInformation(_hToken, TokenStatistics, &tokenStatistics, sizeof(tokenStatistics), &ulReturnLength) != FALSE) &&
  184. RtlEqualLuid(&tokenStatistics.AuthenticationId, &sLUIDSystem));
  185. }
  187. // --------------------------------------------------------------------------
  188. // CTokenInformation::IsUserAnAdministrator
  189. //
  190. // Arguments: <none>
  191. //
  192. // Returns: bool
  193. //
  194. // Purpose: Gets token information for the token user. This returns
  195. // whether the user is a member of the local administrator group.
  196. //
  197. // History: 92-05-06 davidc created
  198. // 1999-11-06 vtan stolen
  199. // --------------------------------------------------------------------------
  201. bool CTokenInformation::IsUserAnAdministrator (void)
  203. {
  204. bool fIsAnAdministrator;
  205. PSID pAdministratorSID;
  206. static SID_IDENTIFIER_AUTHORITY sSystemSidAuthority = SECURITY_NT_AUTHORITY;
  208. fIsAnAdministrator = false;
  210. if (NT_SUCCESS(RtlAllocateAndInitializeSid(&sSystemSidAuthority,
  211. 2,
  212. SECURITY_BUILTIN_DOMAIN_RID,
  213. DOMAIN_ALIAS_RID_ADMINS,
  214. 0, 0, 0, 0, 0, 0,
  215. &pAdministratorSID)))
  216. {
  217. BOOL fAdmin = FALSE;
  219. if (CheckTokenMembership(_hToken, pAdministratorSID, &fAdmin))
  220. {
  221. fIsAnAdministrator = !!fAdmin;
  222. }
  223. (void*)RtlFreeSid(pAdministratorSID);
  224. }
  225. return(fIsAnAdministrator);
  226. }
  228. // --------------------------------------------------------------------------
  229. // CTokenInformation::UserHasPrivilege
  230. //
  231. // Arguments: <none>
  232. //
  233. // Returns: bool
  234. //
  235. // Purpose: Gets token information for the token user. This returns
  236. // whether the user is a member of the local administrator group.
  237. //
  238. // History: 2000-04-26 vtan created
  239. // --------------------------------------------------------------------------
  241. bool CTokenInformation::UserHasPrivilege (DWORD dwPrivilege)
  243. {
  244. bool fUserHasPrivilege;
  246. fUserHasPrivilege = false;
  247. if ((_hToken != NULL) && (_pvPrivilegeBuffer == NULL))
  248. {
  249. GetTokenPrivileges();
  250. }
  251. if (_pvPrivilegeBuffer != NULL)
  252. {
  253. ULONG ulIndex, ulLimit;
  254. TOKEN_PRIVILEGES *pTP;
  255. LUID luidPrivilege;
  257. luidPrivilege.LowPart = dwPrivilege;
  258. luidPrivilege.HighPart = 0;
  259. pTP = reinterpret_cast<TOKEN_PRIVILEGES*>(_pvPrivilegeBuffer);
  260. ulLimit = pTP->PrivilegeCount;
  261. for (ulIndex = 0; !fUserHasPrivilege && (ulIndex < ulLimit); ++ulIndex)
  262. {
  263. fUserHasPrivilege = (RtlEqualLuid(&pTP->Privileges[ulIndex].Luid, &luidPrivilege) != FALSE);
  264. }
  265. }
  266. return(fUserHasPrivilege);
  267. }
  269. // --------------------------------------------------------------------------
  270. // CTokenInformation::GetUserName
  271. //
  272. // Arguments: <none>
  273. //
  274. // Returns: WCHAR
  275. //
  276. // Purpose: Looks up the account name of the implicit token..
  277. //
  278. // History: 2000-08-31 vtan created
  279. // --------------------------------------------------------------------------
  281. const WCHAR* CTokenInformation::GetUserName (void)
  283. {
  284. if (_pszUserLogonName == NULL)
  285. {
  286. DWORD dwUserNameSize, dwReferencedDomainSize;
  287. SID_NAME_USE eUse;
  288. WCHAR *pszReferencedDomain;
  290. dwUserNameSize = dwReferencedDomainSize = 0;
  291. (BOOL)LookupAccountSid(NULL,
  292. GetUserSID(),
  293. NULL,
  294. &dwUserNameSize,
  295. NULL,
  296. &dwReferencedDomainSize,
  297. &eUse);
  298. pszReferencedDomain = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, dwReferencedDomainSize * sizeof(WCHAR)));
  299. if (pszReferencedDomain != NULL)
  300. {
  301. _pszUserLogonName = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, dwUserNameSize * sizeof(WCHAR)));
  302. if (_pszUserLogonName != NULL)
  303. {
  304. if (LookupAccountSid(NULL,
  305. GetUserSID(),
  306. _pszUserLogonName,
  307. &dwUserNameSize,
  308. pszReferencedDomain,
  309. &dwReferencedDomainSize,
  310. &eUse) == FALSE)
  311. {
  312. ReleaseMemory(_pszUserLogonName);
  313. }
  314. }
  315. (HLOCAL)LocalFree(pszReferencedDomain);
  316. }
  317. }
  318. return(_pszUserLogonName);
  319. }
  321. // --------------------------------------------------------------------------
  322. // CTokenInformation::GetUserDisplayName
  323. //
  324. // Arguments: <none>
  325. //
  326. // Returns: WCHAR
  327. //
  328. // Purpose: Returns the display name of the implicit token.
  329. //
  330. // History: 2000-08-31 vtan created
  331. // --------------------------------------------------------------------------
  333. const WCHAR* CTokenInformation::GetUserDisplayName (void)
  335. {
  336. if (_pszUserDisplayName == NULL)
  337. {
  338. const WCHAR *pszUserName;
  340. pszUserName = GetUserName();
  341. if (pszUserName != NULL)
  342. {
  343. USER_INFO_2 *pUserInfo;
  345. if (NERR_Success == NetUserGetInfo(NULL, pszUserName, 2, reinterpret_cast<LPBYTE*>(&pUserInfo)))
  346. {
  347. const WCHAR *pszUserDisplayName;
  349. if (pUserInfo->usri2_full_name[0] != L'\0')
  350. {
  351. pszUserDisplayName = pUserInfo->usri2_full_name;
  352. }
  353. else
  354. {
  355. pszUserDisplayName = pszUserName;
  356. }
  357. _pszUserDisplayName = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, (lstrlen(pszUserDisplayName) + sizeof('\0')) * sizeof(WCHAR)));
  358. if (_pszUserDisplayName != NULL)
  359. {
  360. lstrcpy(_pszUserDisplayName, pszUserDisplayName);
  361. }
  362. TW32(NetApiBufferFree(pUserInfo));
  363. }
  364. }
  365. }
  366. return(_pszUserDisplayName);
  367. }
  369. // --------------------------------------------------------------------------
  370. // CTokenInformation::LogonUser
  371. //
  372. // Arguments: See the platform SDK under LogonUser.
  373. //
  374. // Returns: DWORD
  375. //
  376. // Purpose: Calls advapi32!LogonUserW with supplied credentials using
  377. // interactive logon type. Returns the error code as a DWORD
  378. // rather than the standard Win32 API method which allows the
  379. // filtering of certain error codes.
  380. //
  381. // History: 2001-03-28 vtan created
  382. // --------------------------------------------------------------------------
  384. DWORD CTokenInformation::LogonUser (const WCHAR *pszUsername, const WCHAR *pszDomain, const WCHAR *pszPassword, HANDLE *phToken)
  386. {
  387. DWORD dwErrorCode;
  389. if (::LogonUserW(const_cast<WCHAR*>(pszUsername),
  390. const_cast<WCHAR*>(pszDomain),
  391. const_cast<WCHAR*>(pszPassword),
  392. LOGON32_LOGON_INTERACTIVE,
  393. LOGON32_PROVIDER_DEFAULT,
  394. phToken) != FALSE)
  395. {
  396. dwErrorCode = ERROR_SUCCESS;
  397. }
  398. else
  399. {
  400. *phToken = NULL;
  401. dwErrorCode = GetLastError();
  403. // Ignore ERROR_PASSWORD_MUST_CHANGE and ERROR_PASSWORD_EXPIRED.
  405. if ((dwErrorCode == ERROR_PASSWORD_MUST_CHANGE) || (dwErrorCode == ERROR_PASSWORD_EXPIRED))
  406. {
  407. dwErrorCode = ERROR_SUCCESS;
  408. }
  409. }
  410. return(dwErrorCode);
  411. }
  413. // --------------------------------------------------------------------------
  414. // CTokenInformation::IsSameUser
  415. //
  416. // Arguments: hToken1 = Token of one user.
  417. // hToken2 = Token of other user.
  418. //
  419. // Returns: bool
  420. //
  421. // Purpose: Compares the user SID of the tokens for a match.
  422. //
  423. // History: 2001-03-28 vtan created
  424. // --------------------------------------------------------------------------
  426. bool CTokenInformation::IsSameUser (HANDLE hToken1, HANDLE hToken2)
  428. {
  429. PSID pSID1;
  430. PSID pSID2;
  431. CTokenInformation tokenInformation1(hToken1);
  432. CTokenInformation tokenInformation2(hToken2);
  434. pSID1 = tokenInformation1.GetUserSID();
  435. pSID2 = tokenInformation2.GetUserSID();
  436. return((pSID1 != NULL) &&
  437. (pSID2 != NULL) &&
  438. (EqualSid(pSID1, pSID2) != FALSE));
  439. }
  441. // --------------------------------------------------------------------------
  442. // CTokenInformation::GetTokenGroups
  443. //
  444. // Arguments: <none>
  445. //
  446. // Returns: <none>
  447. //
  448. // Purpose: Gets token information for the token user. This function
  449. // allocates the memory for the token groups. This memory is
  450. // available for the scope of the object.
  451. //
  452. // History: 1999-11-06 vtan created
  453. // --------------------------------------------------------------------------
  455. void CTokenInformation::GetTokenGroups (void)
  457. {
  458. DWORD dwReturnLength;
  460. dwReturnLength = 0;
  461. (BOOL)GetTokenInformation(_hToken, TokenGroups, NULL, 0, &dwReturnLength);
  462. _pvGroupBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  463. if ((_pvGroupBuffer != NULL) &&
  464. (GetTokenInformation(_hToken, TokenGroups, _pvGroupBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  465. {
  466. ReleaseMemory(_pvGroupBuffer);
  467. _pvGroupBuffer = NULL;
  468. }
  469. }
  471. // --------------------------------------------------------------------------
  472. // CTokenInformation::GetTokenPrivileges
  473. //
  474. // Arguments: <none>
  475. //
  476. // Returns: <none>
  477. //
  478. // Purpose: Gets token privileges for the token user. This function
  479. // allocates the memory for the token privileges. This memory is
  480. // available for the scope of the object.
  481. //
  482. // History: 2000-04-26 vtan created
  483. // --------------------------------------------------------------------------
  485. void CTokenInformation::GetTokenPrivileges (void)
  487. {
  488. DWORD dwReturnLength;
  490. dwReturnLength = 0;
  491. (BOOL)GetTokenInformation(_hToken, TokenPrivileges, NULL, 0, &dwReturnLength);
  492. _pvPrivilegeBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  493. if ((_pvPrivilegeBuffer != NULL) &&
  494. (GetTokenInformation(_hToken, TokenPrivileges, _pvPrivilegeBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  495. {
  496. ReleaseMemory(_pvPrivilegeBuffer);
  497. _pvPrivilegeBuffer = NULL;
  498. }
  499. }