archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/base/fs/utils/openfiles/processowner.cpp

288 lines
8.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /******************************************************************************
  3. Copyright (C) Microsoft Corporation
  5. Module Name:
  6. ProcessOwner.CPP
  8. Abstract:
  9. This module deals with Query functionality of OpenFiles.exe
  10. NT command line utility.
  12. Author:
  14. Akhil Gokhale (akhil.gokhale@wipro.com) 25-APRIL-2001
  16. Revision History:
  18. Akhil Gokhale (akhil.gokhale@wipro.com) 25-APRIL-2001 : Created It.
  20. *****************************************************************************/
  21. #include "pch.h"
  22. #include "OpenFiles.h"
  25. #define SAFE_CLOSE_HANDLE(hHandle) \
  26. if( NULL != hHandle) \
  27. {\
  28. CloseHandle(hHandle);\
  29. hHandle = NULL;\
  30. }\
  31. 1
  32. #define SAFE_FREE_GLOBAL_ALLOC(block) \
  33. if( NULL != block)\
  34. {\
  35. delete block;\
  36. block = NULL;\
  37. }\
  38. 1
  39. #define SAFE_FREE_ARRAY(arr) \
  40. if( NULL != arr)\
  41. {\
  42. delete [] arr;\
  43. arr = NULL;\
  44. }\
  45. 1
  47. BOOL
  48. GetProcessOwner(
  49. OUT LPTSTR pszUserName,
  50. IN DWORD hProcessID
  51. )
  52. /*++
  53. Routine Description:
  54. This function returns the owener (username) of the file.
  55. If a user is Owner of a process, then the file opened by this process will
  56. be owned by this user.
  57. Arguments:
  58. [out] pszUserName : User Name.
  59. [in] hProcessID : Process Handle.
  61. Return Value:
  62. TRUE : If function returns successfully.
  63. FALSE : Otherwise.
  64. --*/
  65. {
  67. DWORD dwRtnCode = 0;
  68. PSID pSidOwner;
  69. BOOL bRtnBool = TRUE;
  70. LPTSTR pszDomainName = NULL,pszAcctName = NULL;
  71. DWORD dwAcctName = 1, dwDomainName = 1;
  72. SID_NAME_USE snuUse = SidTypeUnknown;
  73. PSECURITY_DESCRIPTOR pSD=0;
  74. HANDLE hHandle = GetCurrentProcess();
  75. HANDLE hDynHandle = NULL;
  76. HANDLE hDynToken = NULL;
  77. LUID luidValue;
  78. BOOL bResult = FALSE;
  79. HANDLE hToken = NULL;
  80. TOKEN_PRIVILEGES tkp;
  82. // access token associated with the process
  83. bResult = OpenProcessToken( GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|
  84. TOKEN_QUERY,&hToken);
  85. if( FALSE == bResult)
  87. {
  88. return FALSE;
  89. }
  91. bResult = LookupPrivilegeValue(NULL,SE_SECURITY_NAME,&luidValue );
  92. if( FALSE == bResult)
  93. {
  94. SAFE_CLOSE_HANDLE(hToken);
  95. return FALSE;
  96. }
  98. // Prepare the token privilege structure
  99. tkp.PrivilegeCount = 0;
  100. tkp.Privileges[0].Luid = luidValue;
  101. tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED|
  102. SE_PRIVILEGE_USED_FOR_ACCESS;
  104. // Now enable the debug privileges in token
  106. bResult = AdjustTokenPrivileges(hToken, FALSE, &tkp,
  107. sizeof(TOKEN_PRIVILEGES),
  108. (PTOKEN_PRIVILEGES) NULL,
  109. (PDWORD)NULL);
  110. if( FALSE == bResult)
  111. {
  112. SAFE_CLOSE_HANDLE(hToken);
  113. return FALSE;
  114. }
  116. // Here you can give any valid process ids..
  117. hDynHandle = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,hProcessID);
  119. if(NULL == hDynHandle)
  120. {
  122. return FALSE;
  124. }
  125. bResult = OpenProcessToken(hDynHandle,TOKEN_QUERY,&hDynToken);
  127. if( FALSE == bResult)
  128. {
  130. SAFE_CLOSE_HANDLE(hDynHandle);
  131. return FALSE;
  132. }
  134. TOKEN_USER * pUser = NULL;
  135. DWORD cb = 0;
  137. // determine size of the buffer needed to receive all information
  138. if (!GetTokenInformation(hToken, TokenUser, NULL, 0, &cb))
  139. {
  140. if ( ERROR_INSUFFICIENT_BUFFER != GetLastError())
  141. {
  142. SAFE_CLOSE_HANDLE(hToken);
  143. SAFE_CLOSE_HANDLE(hDynHandle);
  144. SAFE_CLOSE_HANDLE(hDynToken);
  146. return FALSE;
  147. }
  148. }
  150. try
  151. {
  152. // '_alloca' can throw exception.
  153. pUser = (TOKEN_USER *)_alloca(cb);
  154. if( NULL == pUser)
  155. {
  156. SAFE_CLOSE_HANDLE(hToken);
  157. SAFE_CLOSE_HANDLE(hDynHandle);
  158. SAFE_CLOSE_HANDLE(hDynToken);
  159. return FALSE;
  160. }
  161. }
  162. catch(...)
  163. {
  164. SAFE_CLOSE_HANDLE(hToken);
  165. SAFE_CLOSE_HANDLE(hDynHandle);
  166. SAFE_CLOSE_HANDLE(hDynToken);
  167. return FALSE;
  168. }
  170. if (!GetTokenInformation(hDynToken, TokenUser, pUser, cb, &cb))
  171. {
  172. SAFE_CLOSE_HANDLE(hToken);
  173. SAFE_CLOSE_HANDLE(hDynHandle);
  174. SAFE_CLOSE_HANDLE(hDynToken);
  175. return FALSE;
  176. }
  179. PSID pSid = pUser->User.Sid;
  181. // Allocate memory for the SID structure.
  182. pSidOwner = new SID;
  184. // Allocate memory for the security descriptor structure.
  185. pSD = new SECURITY_DESCRIPTOR;
  186. if( NULL == pSidOwner || NULL == pSD)
  187. {
  188. SAFE_CLOSE_HANDLE(hToken);
  189. SAFE_CLOSE_HANDLE(hDynHandle);
  190. SAFE_CLOSE_HANDLE(hDynToken);
  191. SAFE_FREE_GLOBAL_ALLOC(pSD);
  192. SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
  193. return FALSE;
  194. }
  196. // First call to LookupAccountSid to get the buffer sizes.
  197. bRtnBool = LookupAccountSid(
  198. NULL, // local computer
  199. pUser->User.Sid,
  200. NULL, // AcctName
  201. (LPDWORD)&dwAcctName,
  202. NULL, // DomainName
  203. (LPDWORD)&dwDomainName,
  204. &snuUse);
  206. pszAcctName = new TCHAR[dwAcctName+1];
  207. pszDomainName = new TCHAR[dwDomainName+1];
  209. if( NULL == pszAcctName|| NULL == pszDomainName)
  210. {
  211. SAFE_CLOSE_HANDLE(hToken);
  212. SAFE_CLOSE_HANDLE(hDynHandle);
  213. SAFE_CLOSE_HANDLE(hDynToken);
  214. SAFE_FREE_ARRAY(pszAcctName);
  215. SAFE_FREE_ARRAY(pszDomainName);
  216. return FALSE;
  217. }
  219. // Second call to LookupAccountSid to get the account name.
  220. bRtnBool = LookupAccountSid(
  221. NULL, // name of local or remote computer
  222. pUser->User.Sid, // security identifier
  223. pszAcctName, // account name buffer
  224. (LPDWORD)&dwAcctName, // size of account name buffer
  225. pszDomainName, // domain name
  226. (LPDWORD)&dwDomainName, // size of domain name buffer
  227. &snuUse); // SID type
  229. SAFE_CLOSE_HANDLE(hDynHandle);
  230. SAFE_CLOSE_HANDLE(hDynToken);
  232. SAFE_FREE_GLOBAL_ALLOC(pSD);
  233. SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
  235. // Check GetLastError for LookupAccountSid error condition.
  236. if ( FALSE == bRtnBool)
  237. {
  238. SAFE_CLOSE_HANDLE(hToken);
  239. SAFE_CLOSE_HANDLE(hDynHandle);
  240. SAFE_CLOSE_HANDLE(hDynToken);
  241. SAFE_FREE_ARRAY(pszAcctName);
  242. SAFE_FREE_ARRAY(pszDomainName);
  243. return FALSE;
  245. } else
  246. {
  247. // Check if user is "NT AUTHORITY".
  248. if(CSTR_EQUAL == CompareString(MAKELCID( MAKELANGID(LANG_ENGLISH,
  249. SUBLANG_ENGLISH_US),
  250. SORT_DEFAULT),
  251. NORM_IGNORECASE,
  252. pszDomainName,
  253. StringLength(pszDomainName,0),
  254. NTAUTHORITY_USER ,
  255. StringLength(NTAUTHORITY_USER, 0)
  256. ))
  257. {
  258. SAFE_CLOSE_HANDLE(hToken);
  259. SAFE_CLOSE_HANDLE(hDynHandle);
  260. SAFE_CLOSE_HANDLE(hDynToken);
  262. SAFE_FREE_ARRAY(pszAcctName);
  263. SAFE_FREE_ARRAY(pszDomainName);
  264. return FALSE;
  265. }
  266. else
  267. {
  268. StringCopy(pszUserName,pszAcctName,MIN_MEMORY_REQUIRED);
  269. SAFE_CLOSE_HANDLE(hToken);
  270. SAFE_CLOSE_HANDLE(hDynHandle);
  271. SAFE_CLOSE_HANDLE(hDynToken);
  273. SAFE_FREE_ARRAY(pszAcctName);
  274. SAFE_FREE_ARRAY(pszDomainName);
  275. return TRUE;
  276. }
  277. }
  279. // Release memory.
  280. SAFE_FREE_ARRAY(pszAcctName);
  281. SAFE_FREE_ARRAY(pszDomainName);
  282. SAFE_CLOSE_HANDLE(hDynHandle);
  283. SAFE_CLOSE_HANDLE(hDynToken);
  284. SAFE_CLOSE_HANDLE(hToken);
  286. SAFE_FREE_GLOBAL_ALLOC(pSD);
  287. SAFE_FREE_GLOBAL_ALLOC(pSidOwner);
  288. return FALSE;
  289. }