archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/sdktools/secedit/app/lsa.c

415 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /****************************************************************************
  3. PROGRAM: LSA.C
  5. PURPOSE: Utility routines that access the LSA.
  7. ****************************************************************************/
  9. #include "SECEDIT.h"
  10. #include <string.h>
  13. // Module global that holds handle to LSA once it has been opened.
  14. static LSA_HANDLE LsaHandle = NULL;
  16. LSA_HANDLE OpenLsa(VOID);
  17. VOID CloseLsa(LSA_HANDLE);
  20. /****************************************************************************
  22. FUNCTION: LsaInit
  24. PURPOSE: Does any initialization required for this module
  26. RETURNS: TRUE on success, FALSE on failure
  28. ****************************************************************************/
  29. BOOL LsaInit(VOID)
  30. {
  32. #ifdef LSA_AVAILABLE
  33. LsaHandle = OpenLsa();
  35. return (LsaHandle != NULL);
  36. #endif
  38. return (TRUE);
  39. }
  42. /****************************************************************************
  44. FUNCTION: LsaTerminate
  46. PURPOSE: Does any cleanup required for this module
  48. RETURNS: TRUE on success, FALSE on failure
  50. ****************************************************************************/
  51. BOOL LsaTerminate(VOID)
  52. {
  54. #ifdef LSA_AVAILABLE
  55. if (LsaHandle != NULL) {
  56. CloseLsa(LsaHandle);
  57. }
  58. #endif
  60. LsaHandle = NULL;
  62. return(TRUE);
  63. }
  66. #ifdef LSA_AVAILABLE
  67. /****************************************************************************
  69. FUNCTION: OpenLsa
  71. PURPOSE: Opens the Lsa
  72. Returns handle to Lsa or NULL on failure
  74. ****************************************************************************/
  75. LSA_HANDLE OpenLsa(VOID)
  76. {
  77. NTSTATUS Status;
  78. OBJECT_ATTRIBUTES ObjectAttributes;
  79. LSA_HANDLE ConnectHandle = NULL;
  80. SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
  82. //
  83. // Set up the Security Quality Of Service
  84. //
  86. SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  87. SecurityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  88. SecurityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  89. SecurityQualityOfService.EffectiveOnly = FALSE;
  91. //
  92. // Set up the object attributes prior to opening the LSA.
  93. //
  95. InitializeObjectAttributes(&ObjectAttributes,
  96. NULL,
  97. 0L,
  98. (HANDLE)NULL,
  99. NULL);
  101. //
  102. // The InitializeObjectAttributes macro presently stores NULL for
  103. // the SecurityQualityOfService field, so we must manually copy that
  104. // structure for now.
  105. //
  107. ObjectAttributes.SecurityQualityOfService = &SecurityQualityOfService;
  109. //
  110. // Open a handle to the LSA. Specifying NULL for the Server means that the
  111. // server is the same as the client.
  112. //
  114. Status = LsaOpenPolicy(NULL,
  115. &ObjectAttributes,
  116. POLICY_LOOKUP_NAMES,
  117. &ConnectHandle
  118. );
  120. if (!NT_SUCCESS(Status)) {
  121. DbgPrint("LSM - Lsa Open failed 0x%lx\n", Status);
  122. return NULL;
  123. }
  125. return(ConnectHandle);
  126. }
  129. /****************************************************************************
  131. FUNCTION: CloseLsa
  133. PURPOSE: Closes the Lsa
  135. ****************************************************************************/
  136. VOID CloseLsa(
  137. LSA_HANDLE LsaHandle)
  138. {
  139. NTSTATUS Status;
  141. Status = LsaClose(LsaHandle);
  143. if (!NT_SUCCESS(Status)) {
  144. DbgPrint("LSM - Lsa Close failed 0x%lx\n", Status);
  145. }
  147. return;
  148. }
  149. #endif
  152. #ifdef LSA_AVAILABLE
  153. /****************************************************************************
  155. FUNCTION: SID2Name
  157. PURPOSE: Converts a SID into a readable string.
  159. RETURNS : TRUE on success otherwise FALSE.
  161. ****************************************************************************/
  162. BOOL SID2Name(
  163. PSID Sid,
  164. LPSTR String,
  165. UINT MaxStringBytes)
  166. {
  167. NTSTATUS Status;
  168. ANSI_STRING AnsiName;
  169. PLSA_REFERENCED_DOMAIN_LIST DomainList;
  170. PLSA_TRANSLATED_NAME NameList;
  172. if (LsaHandle == NULL) {
  173. DbgPrint("SECEDIT : Lsa not open yet\n");
  174. return(FALSE);
  175. }
  179. Status = LsaLookupSids(LsaHandle, 1, &Sid, &DomainList, &NameList);
  181. if (NT_SUCCESS(Status)) {
  183. // Convert to ansi string
  184. RtlUnicodeStringToAnsiString(&AnsiName, &NameList->Name, TRUE);
  186. // Free up the returned data
  187. LsaFreeMemory((PVOID)DomainList);
  188. LsaFreeMemory((PVOID)NameList);
  190. // Copy the ansi string into our local variable
  191. strncpy(String, AnsiName.Buffer, MaxStringBytes);
  193. // Free up the ansi string
  194. RtlFreeAnsiString(&AnsiName);
  196. return(TRUE);
  197. }
  199. return(FALSE);
  200. }
  202. #else
  204. #include "..\..\..\inc\seopaque.h"
  206. /****************************************************************************
  208. FUNCTION: SID2Name
  210. PURPOSE: Converts a SID into a readable string.
  212. RETURNS : TRUE on success otherwise FALSE.
  214. ****************************************************************************/
  215. BOOL SID2Name(
  216. PSID Sid,
  217. LPSTR String,
  218. UINT MaxStringBytes)
  219. {
  220. UCHAR Buffer[128];
  221. UCHAR i;
  222. ULONG Tmp;
  223. PISID iSid = (PISID)Sid; // pointer to opaque structure
  225. PSID NextSid = (PSID)Alloc(RtlLengthRequiredSid(1));
  228. NTSTATUS Status;
  229. ANSI_STRING AnsiName;
  231. if (NextSid == NULL) {
  232. DbgPrint("SECEDIT: SID2Name failed to allocate space for SID\n");
  233. return(FALSE);
  234. }
  236. {
  237. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_WORLD_SID_AUTHORITY;
  238. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  239. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_WORLD_RID;
  240. if (RtlEqualSid(Sid, NextSid)) {
  241. strcpy(String, "World");
  242. Free((PVOID)NextSid);
  243. return(TRUE);
  244. }
  245. }
  247. {
  248. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_LOCAL_SID_AUTHORITY;
  249. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  250. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_LOCAL_RID;
  251. if (RtlEqualSid(Sid, NextSid)) {
  252. strcpy(String, "Local");
  253. Free((PVOID)NextSid);
  254. return(TRUE);
  255. }
  256. }
  258. {
  259. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_CREATOR_SID_AUTHORITY;
  260. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  261. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_CREATOR_OWNER_RID;
  262. if (RtlEqualSid(Sid, NextSid)) {
  263. strcpy(String, "Creator");
  264. Free((PVOID)NextSid);
  265. return(TRUE);
  266. }
  267. }
  269. {
  270. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  271. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  272. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_DIALUP_RID;
  273. if (RtlEqualSid(Sid, NextSid)) {
  274. strcpy(String, "Dialup");
  275. Free((PVOID)NextSid);
  276. return(TRUE);
  277. }
  278. }
  280. {
  281. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  282. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  283. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_NETWORK_RID;
  284. if (RtlEqualSid(Sid, NextSid)) {
  285. strcpy(String, "Network");
  286. Free((PVOID)NextSid);
  287. return(TRUE);
  288. }
  289. }
  291. {
  292. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  293. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  294. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_BATCH_RID;
  295. if (RtlEqualSid(Sid, NextSid)) {
  296. strcpy(String, "Batch");
  297. Free((PVOID)NextSid);
  298. return(TRUE);
  299. }
  300. }
  302. {
  303. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  304. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  305. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_INTERACTIVE_RID;
  306. if (RtlEqualSid(Sid, NextSid)) {
  307. strcpy(String, "Interactive");
  308. Free((PVOID)NextSid);
  309. return(TRUE);
  310. }
  311. }
  314. {
  315. SID_IDENTIFIER_AUTHORITY SidAuthority = SECURITY_NT_AUTHORITY;
  316. RtlInitializeSid(NextSid, &SidAuthority, 1 );
  317. *(RtlSubAuthoritySid(NextSid, 0)) = SECURITY_LOCAL_SYSTEM_RID;
  318. if (RtlEqualSid(Sid, NextSid)) {
  319. strcpy(String, "Local System");
  320. Free((PVOID)NextSid);
  321. return(TRUE);
  322. }
  323. }
  327. Free((PVOID)NextSid);
  330. wsprintf(Buffer, "S-%u-", (USHORT)iSid->Revision );
  331. lstrcpy(String, Buffer);
  333. if ( (iSid->IdentifierAuthority.Value[0] != 0) ||
  334. (iSid->IdentifierAuthority.Value[1] != 0) ){
  335. wsprintf(Buffer, "0x%02hx%02hx%02hx%02hx%02hx%02hx",
  336. (USHORT)iSid->IdentifierAuthority.Value[0],
  337. (USHORT)iSid->IdentifierAuthority.Value[1],
  338. (USHORT)iSid->IdentifierAuthority.Value[2],
  339. (USHORT)iSid->IdentifierAuthority.Value[3],
  340. (USHORT)iSid->IdentifierAuthority.Value[4],
  341. (USHORT)iSid->IdentifierAuthority.Value[5] );
  342. lstrcat(String, Buffer);
  343. } else {
  344. Tmp = (ULONG)iSid->IdentifierAuthority.Value[5] +
  345. (ULONG)(iSid->IdentifierAuthority.Value[4] << 8) +
  346. (ULONG)(iSid->IdentifierAuthority.Value[3] << 16) +
  347. (ULONG)(iSid->IdentifierAuthority.Value[2] << 24);
  348. wsprintf(Buffer, "%lu", Tmp);
  349. lstrcat(String, Buffer);
  350. }
  353. for (i=0;i<iSid->SubAuthorityCount ;i++ ) {
  354. wsprintf(Buffer, "-%lu", iSid->SubAuthority[i]);
  355. lstrcat(String, Buffer);
  356. }
  358. return(TRUE);
  359. }
  360. #endif
  363. /****************************************************************************
  365. FUNCTION: PRIV2Name
  367. PURPOSE: Converts a PRIVILEGE into a readable string.
  369. RETURNS : TRUE on success otherwise FALSE.
  371. ****************************************************************************/
  372. BOOL PRIV2Name(
  373. LUID Privilege,
  374. LPSTR lpstr,
  375. UINT MaxStringBytes)
  376. {
  377. NTSTATUS Status;
  378. STRING String;
  379. PUNICODE_STRING UString;
  381. LSA_HANDLE PolicyHandle;
  382. OBJECT_ATTRIBUTES ObjectAttributes;
  386. InitializeObjectAttributes( &ObjectAttributes, NULL, 0, 0, NULL);
  387. Status = LsaOpenPolicy( NULL, &ObjectAttributes, POLICY_LOOKUP_NAMES, &PolicyHandle);
  388. Status = LsaLookupPrivilegeName(PolicyHandle, &Privilege, &UString);
  390. if (!NT_SUCCESS(Status)) {
  391. DbgPrint("SECEDIT: LsaLookupPrivilegeName failed, status = 0x%lx\n", Status);
  392. strcpy(lpstr, "<Unknown>");
  393. } else {
  395. //
  396. // Convert it to ANSI - because that's what the rest of the app is.
  397. //
  399. if (UString->Length > (USHORT)MaxStringBytes) {
  400. DbgPrint("SECEDIT: Truncating returned privilege name: *%Z*\n", UString);
  401. UString->Length = (USHORT)MaxStringBytes;
  402. DbgPrint(" To: *%Z*\n", UString);
  403. }
  405. String.Length = 0;
  406. String.MaximumLength = (USHORT)MaxStringBytes;
  407. String.Buffer = lpstr;
  408. Status = RtlUnicodeStringToAnsiString( &String, UString, FALSE );
  409. ASSERT(NT_SUCCESS(Status));
  410. LsaFreeMemory( UString );
  412. }
  414. return(TRUE);
  415. }