// Contents: Implementation of the sid/name lookup cache
// History: 2-Feb-97 MacM Created
#include <aclpch.hxx>
#pragma hdrstop
// Global name/sid cache
// Local function prototypes
PACTRL_NAME_CACHE AccctrlpLookupNameInCache(PWSTR pwszName);
PACTRL_NAME_CACHE AccctrlpLookupSidInCache(PSID pSid);
DWORD AccctrlpNewNameSidNode(PWSTR pwszName, PSID pSid, SID_NAME_USE SidNameUse, PACTRL_NAME_CACHE *ppNewNode);
VOID AccctrlpInsertNameNode(PACTRL_NAME_CACHE *ppRootNode, PACTRL_NAME_CACHE pNewNode);
VOID AccctrlpInsertSidNode(PACTRL_NAME_CACHE *ppRootNode, PACTRL_NAME_CACHE pNewNode);
DWORD AccctrlpConvertUserToCacheName(PWSTR pwszServer, PWSTR pwszName, PWSTR *ppwszCacheName);
VOID AccctrlpFreeUserCacheName(PWSTR pwszName, PWSTR pwszCacheName);
static RTL_RESOURCE gSidCacheLock; BOOL bSidCacheLockInitialized = FALSE;
// Function: ActrlHashName
// Synopsis: Determines the hash index for the given name
// Arguments: pwszName -- Name to hash
// Returns: Hash index of the string
INT ActrlHashName(PWSTR pwszName) { //
// We'll hash off of just the user name, not the domain name or
// any other name format
PWSTR pwszUser = wcschr(pwszName, L'\\'); if(pwszUser == NULL) { pwszUser = pwszName; } else { pwszUser++; }
INT Hash = 0; if(pwszUser != NULL) { while(*pwszUser != L'\0') { Hash = (Hash * 16 + ( *pwszUser++)) % ACTRL_NAME_TABLE_SIZE; } }
acDebugOut((DEB_TRACE_LOOKUP,"Hashing %ws to %lu\n", pwszName, Hash));
return(Hash); }
// Function: ActrlHashSid
// Synopsis: Determines the hash index for the given sid
// Arguments: pSid -- Sid to hash
// Returns: Hash index of the Sid
INT ActrlHashSid(PSID pSid) { DWORD dwTotal = 0;
// Just deal with the sub authorities
for(INT i = 0; i < (INT)(((PISID)pSid)->SubAuthorityCount); i++) { dwTotal += ((PISID)pSid)->SubAuthority[i]; }
#if DBG
memset(&SidString, 0, sizeof(UNICODE_STRING));
if(pSid != NULL) { NTSTATUS Status = RtlConvertSidToUnicodeString(&SidString, pSid, TRUE); if(!NT_SUCCESS(Status)) { acDebugOut((DEB_ERROR, "Can't convert sid to string: 0x%lx\n", Status)); } else { acDebugOut((DEB_TRACE_LOOKUP,"Hashing %wZ (Total %lu) to %lu\n", &SidString, dwTotal, dwTotal % ACTRL_NAME_TABLE_SIZE)); } }
return(dwTotal % ACTRL_NAME_TABLE_SIZE); }
// Function: AccctrlInitializeSidNameCache
// Synopsis: Initialize the name/sid lookup cache
// Arguments: VOID
// Returns: ERROR_SUCCESS -- Success
DWORD AccctrlInitializeSidNameCache(VOID) { DWORD dwErr;
if (TRUE == bSidCacheLockInitialized) { //
// Just a precautionary measure to make sure that we do not initialize
// multiple times.
memset(grgNameCache, 0, sizeof(PACTRL_NAME_CACHE) * ACTRL_NAME_TABLE_SIZE); memset(grgSidCache, 0, sizeof(PACTRL_NAME_CACHE) * ACTRL_NAME_TABLE_SIZE);
__try { RtlInitializeResource(&gSidCacheLock); dwErr = ERROR_SUCCESS; bSidCacheLockInitialized = TRUE; } __except (EXCEPTION_EXECUTE_HANDLER) { dwErr = RtlNtStatusToDosError(GetExceptionCode()); }
return dwErr; }
// Function: AccctrlFreeSidNameCache
// Synopsis: Frees any memory allocated for the name/sid cache
// Arguments: VOID
// Returns: VOID
VOID AccctrlFreeSidNameCache(VOID) { INT i; PACTRL_NAME_CACHE pNode, pNext;
if (FALSE == bSidCacheLockInitialized) { return; }
for(i = 0; i < ACTRL_NAME_TABLE_SIZE; i++) { //
// Nodes are only inserted into the name cache, so that is the only
// place we delete them from
pNode = grgNameCache[i]; while(pNode != NULL) { pNext = pNode->pNextName; AccFree(pNode->pwszName); AccFree(pNode->pSid); AccFree(pNode); pNode = pNext; } }
bSidCacheLockInitialized = FALSE;
// Function: AccctrlpLookupNameInCache
// Synopsis: Determines if the given name exists in the cache or not
// Arguments: [pwszName] -- Name to be looked up
// Returns: Matching node if found, NULL if not
PACTRL_NAME_CACHE AccctrlpLookupNameInCache(PWSTR pwszName) { PACTRL_NAME_CACHE pNode = NULL;
pNode = grgNameCache[ActrlHashName(pwszName)];
while(pNode != NULL) { if(_wcsicmp(pwszName, pNode->pwszName) == 0) { break; } pNode = pNode->pNextName; }
return(pNode); }
// Function: AccctrlpLookupSidInCache
// Synopsis: Determines if the given sid exists in the cache or not
// Arguments: [pSid] -- Sid to be looked up
// Returns: Matching node if found, NULL if not
PACTRL_NAME_CACHE AccctrlpLookupSidInCache(PSID pSid) { PACTRL_NAME_CACHE pNode = grgSidCache[ActrlHashSid(pSid)];
while(pNode != NULL) { if(RtlEqualSid(pSid, pNode->pSid) == TRUE) { break; } pNode = pNode->pNextSid; }
return(pNode); }
// Function: AccctrlpNewNameSidNode
// Synopsis: Allocates a new node and inserts them into the caches
// Arguments: [pwszName] -- Name to insert
// [pSid] -- Sid to insert
// [SidNameUse] -- Name use
// [pNewNode] -- Newly added node
// Returns: ERROR_SUCCESS -- Success
// ERROR_NOT_ENOUGH_MEMORY A memory allocation failed
DWORD AccctrlpNewNameSidNode(PWSTR pwszName, PSID pSid, SID_NAME_USE SidNameUse, PACTRL_NAME_CACHE *ppNewNode) { DWORD dwErr = ERROR_SUCCESS;
PACTRL_NAME_CACHE pNewNode = (PACTRL_NAME_CACHE)AccAlloc( sizeof(ACTRL_NAME_CACHE)); if(pNewNode == NULL) { dwErr = ERROR_NOT_ENOUGH_MEMORY; } else { pNewNode->pwszName = pwszName; pNewNode->pSid = pSid; pNewNode->SidUse = SidNameUse; pNewNode->pNextName= NULL; pNewNode->pNextSid = NULL;
AccctrlpInsertNameNode(&(grgNameCache[ActrlHashName(pwszName)]), pNewNode);
AccctrlpInsertSidNode(&(grgSidCache[ActrlHashSid(pSid)]), pNewNode);
*ppNewNode = pNewNode;
} return(dwErr); }
// Function: AccctrlpInsertNameNode
// Synopsis: Inserts the specified new node into the caches
// Arguments: [ppRootNode] -- Root node in the name cache
// [pNewNode] -- Node to insert
// Returns: VOID
if(*ppRootNode == NULL) { *ppRootNode = pNewNode; } else { acDebugOut((DEB_TRACE_LOOKUP, "Collision inserting %ws with:\n", pNewNode->pwszName));
pNext = *ppRootNode; acDebugOut((DEB_TRACE_LOOKUP, "\t%ws\n", pNext->pwszName)); while(pNext->pNextName != NULL) { #if DBG
if(_wcsicmp(pNewNode->pwszName, pNext->pwszName) == 0) { acDebugOut((DEB_ERROR, "Name %ws already in list: 0x%lx\n", pNewNode->pwszName, *ppRootNode)); // ASSERT(FALSE);
} #endif
pNext = pNext->pNextName; acDebugOut((DEB_TRACE_LOOKUP, "\t%ws\n", pNext->pwszName)); } pNext->pNextName = pNewNode; } }
// Function: AccctrlpInsertSidNode
// Synopsis: Inserts the specified new node into the caches
// Arguments: [ppRootNode] -- Root node in the name cache
// [pNewNode] -- Node to insert
// Returns: VOID
if(*ppRootNode == NULL) { *ppRootNode = pNewNode; } else { acDebugOut((DEB_TRACE_LOOKUP, "Collision inserting %ws with:\n", pNewNode->pwszName));
pNext = *ppRootNode; acDebugOut((DEB_TRACE_LOOKUP, "\t%ws\n", pNext->pwszName)); while(pNext->pNextSid != NULL) { #if DBG
if(RtlEqualSid(pNewNode->pSid, pNext->pSid) == TRUE) { acDebugOut((DEB_ERROR, "Sid for %ws already in list: 0x%lx\n", pNewNode->pwszName, *ppRootNode)); // ASSERT(FALSE);
} #endif
pNext = pNext->pNextSid;
acDebugOut((DEB_TRACE_LOOKUP, "\t%ws\n", pNext->pwszName)); } pNext->pNextSid = pNewNode; } }
// Function: AccctrlLookupName
// Synopsis: Looks up the name for the specified SID
// Arguments: [pwszServer] -- Name of the server to remote the call to
// [pSid] -- Sid to lookup
// [fAllocateReturn]- If true, the name returned is allocated
// into a new buffer. Otherwise, a
// reference is returned.
// [ppwszName] -- Where the name is returned.
// [pSidNameUse] -- Type of the name that's returned.
// Returns: VOID
DWORD AccctrlLookupName(IN PWSTR pwszServer, IN PSID pSid, IN BOOL fAllocateReturn, OUT PWSTR *ppwszName, OUT PSID_NAME_USE pSidNameUse) { DWORD dwErr = ERROR_SUCCESS;
if(pSid == NULL) { return(ERROR_NONE_MAPPED); }
RtlAcquireResourceShared(&gSidCacheLock, TRUE);
#if DBG
memset(&SidString, 0, sizeof(UNICODE_STRING));
if(pSid != NULL) { NTSTATUS Status = RtlConvertSidToUnicodeString(&SidString, pSid, TRUE); if(!NT_SUCCESS(Status)) { acDebugOut((DEB_ERROR, "Can't convert sid to string: 0x%lx\n", Status)); } } #endif
// First, see if the sid alreadt exists in our cache
PACTRL_NAME_CACHE pNode = AccctrlpLookupSidInCache(pSid); if(pNode == NULL) { #if DBG
acDebugOut((DEB_TRACE_LOOKUP, "Sid %wZ not found in cache\n", &SidString)); #endif
// Grab a write lock
// We'll have to look it up...
PWSTR pwszName, pwszDomain; dwErr = AccLookupAccountName(pwszServer, pSid, &pwszName, &pwszDomain, pSidNameUse); if(dwErr == ERROR_SUCCESS) { PSID pNewSid = NULL; ACC_ALLOC_AND_COPY_SID(pSid, pNewSid, dwErr); if(dwErr == ERROR_SUCCESS) { dwErr = AccctrlpNewNameSidNode(pwszName, pNewSid, *pSidNameUse, &pNode); }
if(dwErr != ERROR_SUCCESS) { AccFree(pwszName); AccFree(pNewSid); } AccFree(pwszDomain); } } #if DBG
else { acDebugOut((DEB_TRACE_LOOKUP, "Sid %wZ found in cache\n", &SidString)); } #endif
// Finally, return the information
if(dwErr == ERROR_SUCCESS) { if(fAllocateReturn == TRUE) { ACC_ALLOC_AND_COPY_STRINGW(pNode->pwszName, *ppwszName, dwErr); } else { *ppwszName = pNode->pwszName; }
*pSidNameUse = pNode->SidUse; }
return(dwErr); }
// Function: AccctrlLookupSid
// Synopsis: Looks up the SID for the specified name
// Arguments: [pwszServer] -- Name of the server to remote the call to
// [pwszName] -- Name to lookup
// [fAllocateReturn]- If true, the name returned is allocated
// into a new buffer. Otherwise, a
// reference is returned.
// [ppwszName] -- Where the name is returned.
// [pSidNameUse] -- Type of the sid that's returned.
// Returns: VOID
DWORD AccctrlLookupSid(IN PWSTR pwszServer, IN PWSTR pwszName, IN BOOL fAllocateReturn, OUT PSID *ppSid, OUT PSID_NAME_USE pSidNameUse) { DWORD dwErr = ERROR_SUCCESS; PWSTR pwszLookupName = pwszName;
RtlAcquireResourceShared(&gSidCacheLock, TRUE);
// If we get a local name, convert it into machine/domain relative, so we can
// look it up properly.
dwErr = AccctrlpConvertUserToCacheName(pwszServer, pwszName, &pwszLookupName);
// Just return if the conversion failed.
if (pwszLookupName == NULL) { if (dwErr == ERROR_SUCCESS) { dwErr = ERROR_ACCESS_DENIED; } }
if(dwErr == ERROR_SUCCESS) { //
// First, see if the sid already exists in our cache
PACTRL_NAME_CACHE pNode = AccctrlpLookupNameInCache(pwszLookupName); if(pNode == NULL) { //
// Grab a write lock
acDebugOut((DEB_TRACE_LOOKUP,"Name %ws not found in cache\n", pwszLookupName)); //
// We'll have to look it up...
TRUSTEE_W Trustee; memset(&Trustee, 0, sizeof(TRUSTEE_W)); Trustee.TrusteeForm = TRUSTEE_IS_NAME; Trustee.ptstrName = pwszLookupName;
dwErr = AccLookupAccountSid(pwszServer, &Trustee, ppSid, pSidNameUse); if(dwErr == ERROR_SUCCESS) { PWSTR pwszNewName = NULL; ACC_ALLOC_AND_COPY_STRINGW(pwszLookupName, pwszNewName, dwErr); if(dwErr == ERROR_SUCCESS) { dwErr = AccctrlpNewNameSidNode(pwszNewName, *ppSid, *pSidNameUse, &pNode); }
if(dwErr != ERROR_SUCCESS) { AccFree(pwszNewName); AccFree(*ppSid); } } } #if DBG
else { acDebugOut((DEB_TRACE_LOOKUP,"Name %ws found in cache\n", pwszLookupName)); } #endif
// Finally, return the information
if(dwErr == ERROR_SUCCESS) { if(fAllocateReturn == TRUE) { ACC_ALLOC_AND_COPY_SID(pNode->pSid, *ppSid, dwErr); } else { *ppSid = pNode->pSid; }
*pSidNameUse = pNode->SidUse; }
AccctrlpFreeUserCacheName(pwszName, pwszLookupName); }
return(dwErr); }
// Function: AccctrlpConvertUserToCacheName
// Synopsis: Converts an input name that could be domain relative into a
// standard format for caching/returning
// Arguments: [pwszServer] -- Server to lookup the name on
// [pwszName] -- Original name format
// [ppwszCacheName]-- Name in the proper format
// Returns: ERROR_SUCCESS -- Success
// ERROR_NOT_ENOUGH_MEMORY A memory allocation failed
DWORD AccctrlpConvertUserToCacheName(PWSTR pwszServer, PWSTR pwszName, PWSTR *ppwszCacheName) { DWORD dwErr = ERROR_SUCCESS;
// This is temporary until the name conversion APIs come into being
PSID pSid; SID_NAME_USE SNE; TRUSTEE_W Trustee; memset(&Trustee, 0, sizeof(TRUSTEE_W)); Trustee.TrusteeForm = TRUSTEE_IS_NAME; Trustee.ptstrName = pwszName;
dwErr = AccLookupAccountSid(pwszServer, &Trustee, &pSid, &SNE); if(dwErr == ERROR_SUCCESS) { PWSTR pwszDomain; dwErr = AccLookupAccountName(pwszServer, pSid, ppwszCacheName, &pwszDomain, &SNE); if(dwErr == ERROR_SUCCESS) { AccFree(pwszDomain); }
AccFree(pSid); }
return(dwErr); }
// Function: AccctrlpFreeUserCacheName
// Synopsis: Frees any memory potentially allocated by
// AccctrlpConvertUserToCacheName
// Arguments: [pwszName] -- Original name format
// [pwszCacheName] -- Name returned by
// AccctrlpConvertUserToCacheName
// Returns: VOID
VOID AccctrlpFreeUserCacheName(PWSTR pwszName, PWSTR pwszCacheName) { if(pwszName != pwszCacheName) { AccFree(pwszCacheName); } }