archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/lib/generic/impersonation.cpp

253 lines
8.7 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // --------------------------------------------------------------------------
  2. // Module Name: Impersonation.cpp
  3. //
  4. // Copyright (c) 1999-2000, Microsoft Corporation
  5. //
  6. // Classes that handle state preservation, changing and restoration.
  7. //
  8. // History: 1999-08-18 vtan created
  9. // 1999-11-16 vtan separate file
  10. // 2000-02-01 vtan moved from Neptune to Whistler
  11. // --------------------------------------------------------------------------
  13. #include "StandardHeader.h"
  14. #include "Impersonation.h"
  16. #include "Access.h"
  17. #include "SingleThreadedExecution.h"
  18. #include "TokenInformation.h"
  20. // --------------------------------------------------------------------------
  21. // CImpersonation::s_pMutex
  22. // CImpersonation::s_iReferenceCount
  23. //
  24. // Purpose: Static member variables that control access to the global
  25. // reference count which controls calling
  26. // kernel32!OpenProfileUserMapping which is a global entity in
  27. // kernel32.dll.
  28. // --------------------------------------------------------------------------
  30. CMutex* CImpersonation::s_pMutex = NULL;
  31. int CImpersonation::s_iReferenceCount = -1;
  33. // --------------------------------------------------------------------------
  34. // CImpersonation::CImpersonation
  35. //
  36. // Arguments: hToken = User token to impersonate.
  37. //
  38. // Returns: <none>
  39. //
  40. // Purpose: Causes the current thread to impersonate the given user for
  41. // scope of the object. See advapi32!ImpersonateLoggedOnUser for
  42. // more information on the token requirements. If the thread is
  43. // already impersonating a debug warning is issued and the
  44. // request is ignored.
  45. //
  46. // History: 1999-08-23 vtan created
  47. // --------------------------------------------------------------------------
  49. CImpersonation::CImpersonation (HANDLE hToken) :
  50. _status(STATUS_UNSUCCESSFUL),
  51. _fAlreadyImpersonating(false)
  53. {
  54. HANDLE hImpersonationToken;
  56. ASSERTMSG(s_iReferenceCount >= 0, "Negative reference count in CImpersonation::CImpersonation");
  57. _fAlreadyImpersonating = (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &hImpersonationToken) != FALSE);
  58. if (_fAlreadyImpersonating)
  59. {
  60. TBOOL(CloseHandle(hImpersonationToken));
  61. WARNINGMSG("Thread is already impersonating a user in CImpersonation::CImpersonation");
  62. }
  63. else
  64. {
  65. _status = ImpersonateUser(GetCurrentThread(), hToken);
  67. {
  68. CSingleThreadedMutexExecution execution(*s_pMutex);
  70. // Acquire the s_pMutex mutex before using the reference count.
  71. // Control the reference count so that we only call
  72. // kernel32!OpenProfileUserMapping for a single impersonation
  73. // session. Calling kernel32!CloseProfileUserMapping will
  74. // destroy kernel32.dll's global HKEY to the current user.
  76. if (s_iReferenceCount++ == 0)
  77. {
  78. TBOOL(OpenProfileUserMapping());
  79. }
  80. }
  81. }
  82. }
  84. // --------------------------------------------------------------------------
  85. // CImpersonation::~CImpersonation
  86. //
  87. // Arguments: <none>
  88. //
  89. // Returns: <none>
  90. //
  91. // Purpose: Reverts to the self token for the thread on the object going
  92. // out of scope.
  93. //
  94. // History: 1999-08-23 vtan created
  95. // --------------------------------------------------------------------------
  97. CImpersonation::~CImpersonation (void)
  99. {
  100. if (!_fAlreadyImpersonating)
  101. {
  102. {
  103. CSingleThreadedMutexExecution execution(*s_pMutex);
  105. // When the reference count hits zero - close the mapping.
  107. if (--s_iReferenceCount == 0)
  108. {
  109. TBOOL(CloseProfileUserMapping());
  110. }
  111. }
  112. TBOOL(RevertToSelf());
  113. }
  114. }
  116. // --------------------------------------------------------------------------
  117. // CImpersonation::IsImpersonating
  118. //
  119. // Arguments: <none>
  120. //
  121. // Returns: bool
  122. //
  123. // Purpose: Returns whether the constructor successfully completed
  124. // impersonating the user.
  125. //
  126. // History: 2001-01-18 vtan created
  127. // --------------------------------------------------------------------------
  129. bool CImpersonation::IsImpersonating (void) const
  131. {
  132. return(NT_SUCCESS(_status));
  133. }
  135. // --------------------------------------------------------------------------
  136. // CImpersonation::ImpersonateUser
  137. //
  138. // Arguments: hThread = HANDLE to the thread that will impersonate.
  139. // hToken = Token of user to impersonate.
  140. //
  141. // Returns: NTSTATUS
  142. //
  143. // Purpose: Duplicate the given token as an impersonation token. ACL the
  144. // new token and set it into the thread token.
  145. //
  146. // History: 1999-11-09 vtan created
  147. // --------------------------------------------------------------------------
  149. NTSTATUS CImpersonation::ImpersonateUser (HANDLE hThread, HANDLE hToken)
  151. {
  152. NTSTATUS status;
  153. HANDLE hImpersonationToken;
  154. OBJECT_ATTRIBUTES objectAttributes;
  155. SECURITY_QUALITY_OF_SERVICE securityQualityOfService;
  157. InitializeObjectAttributes(&objectAttributes,
  158. NULL,
  159. OBJ_INHERIT,
  160. NULL,
  161. NULL);
  162. securityQualityOfService.Length = sizeof(securityQualityOfService);
  163. securityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  164. securityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  165. securityQualityOfService.EffectiveOnly = FALSE;
  166. objectAttributes.SecurityQualityOfService = &securityQualityOfService;
  167. status = NtDuplicateToken(hToken,
  168. TOKEN_IMPERSONATE | TOKEN_QUERY | READ_CONTROL | WRITE_DAC,
  169. &objectAttributes,
  170. FALSE,
  171. TokenImpersonation,
  172. &hImpersonationToken);
  173. if (NT_SUCCESS(status))
  174. {
  175. PSID pLogonSID;
  176. CTokenInformation tokenInformation(hImpersonationToken);
  178. pLogonSID = tokenInformation.GetLogonSID();
  179. if (pLogonSID != NULL)
  180. {
  181. CSecuredObject tokenSecurity(hImpersonationToken, SE_KERNEL_OBJECT);
  183. TSTATUS(tokenSecurity.Allow(pLogonSID,
  184. TOKEN_ADJUST_PRIVILEGES | TOKEN_ADJUST_GROUPS | TOKEN_ADJUST_DEFAULT | TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE | READ_CONTROL,
  185. 0));
  186. }
  187. status = NtSetInformationThread(hThread,
  188. ThreadImpersonationToken,
  189. &hImpersonationToken,
  190. sizeof(hImpersonationToken));
  191. TSTATUS(NtClose(hImpersonationToken));
  192. }
  193. return(status);
  194. }
  196. // --------------------------------------------------------------------------
  197. // CImpersonation::StaticInitialize
  198. //
  199. // Arguments: <none>
  200. //
  201. // Returns: NTSTATUS
  202. //
  203. // Purpose: Initializes the mutex object and the reference count. The
  204. // reference count is initialized to -1 by the compiler to help
  205. // detect cases where this function is not called!
  206. //
  207. // History: 1999-10-13 vtan created
  208. // 2000-12-06 vtan ignore create mutex failure
  209. // --------------------------------------------------------------------------
  211. NTSTATUS CImpersonation::StaticInitialize (void)
  213. {
  214. s_pMutex = new CMutex;
  215. if (s_pMutex != NULL)
  216. {
  217. (NTSTATUS)s_pMutex->Initialize(TEXT("Global\\winlogon: Logon UserProfileMapping Mutex"));
  218. }
  219. s_iReferenceCount = 0;
  220. return(STATUS_SUCCESS);
  221. }
  223. // --------------------------------------------------------------------------
  224. // CImpersonation::StaticTerminate
  225. //
  226. // Arguments: <none>
  227. //
  228. // Returns: NTSTATUS
  229. //
  230. // Purpose: Releases the mutex object.
  231. //
  232. // History: 1999-10-13 vtan created
  233. // --------------------------------------------------------------------------
  235. NTSTATUS CImpersonation::StaticTerminate (void)
  237. {
  238. NTSTATUS status;
  240. ASSERTMSG(s_iReferenceCount == 0, "Non zero reference count in CImpersonation::StaticTerminate");
  241. if (s_pMutex != NULL)
  242. {
  243. status = s_pMutex->Terminate();
  244. delete s_pMutex;
  245. s_pMutex = NULL;
  246. }
  247. else
  248. {
  249. status = STATUS_SUCCESS;
  250. }
  251. return(status);
  252. }