archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/inc/tokencache.hxx

442 lines
9.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #ifndef _TOKENCACHE_HXX_
  2. #define _TOKENCACHE_HXX_
  4. #include <wincrypt.h>
  5. #include <winsock2.h>
  6. #include <ws2tcpip.h>
  7. #include "usercache.hxx"
  8. #include "stringa.hxx"
  10. //
  11. // Special logon types to indicate local system and passport
  12. //
  14. #define IIS_LOGON_METHOD_LOCAL_SYSTEM (-2)
  15. #define IIS_LOGON_METHOD_PASSPORT (-3)
  17. #define DEFAULT_MD5_HASH_SIZE 16
  19. class TOKEN_CACHE_KEY : public CACHE_KEY
  20. {
  21. public:
  23. TOKEN_CACHE_KEY()
  24. : m_strHashKey( m_achHashKey, sizeof( m_achHashKey ) )
  25. {
  26. }
  28. BOOL
  29. QueryIsEqual(
  30. const CACHE_KEY * pCompareKey
  31. ) const
  32. {
  33. TOKEN_CACHE_KEY * pTokenKey = (TOKEN_CACHE_KEY*) pCompareKey;
  35. DBG_ASSERT( pTokenKey != NULL );
  37. //
  38. // If lengths are not equal, this is easy
  39. //
  41. if ( m_strHashKey.QueryCB() != pTokenKey->m_strHashKey.QueryCB() )
  42. {
  43. return FALSE;
  44. }
  46. //
  47. // Do memcmp
  48. //
  50. return memcmp( m_strHashKey.QueryStr(),
  51. pTokenKey->m_strHashKey.QueryStr(),
  52. m_strHashKey.QueryCB() ) == 0;
  53. }
  55. DWORD
  56. QueryKeyHash(
  57. VOID
  58. ) const
  59. {
  60. return HashString( m_strHashKey.QueryStr() );
  61. }
  63. HRESULT
  64. SetKey(
  65. TOKEN_CACHE_KEY * pCacheKey
  66. )
  67. {
  68. return m_strHashKey.Copy( pCacheKey->m_strHashKey.QueryStr() );
  69. }
  71. HRESULT
  72. CreateCacheKey(
  73. WCHAR * pszUserName,
  74. WCHAR * pszDomainName,
  75. DWORD dwLogonMethod
  76. );
  78. private:
  80. WCHAR m_achHashKey[ 64 ];
  82. STRU m_strHashKey;
  83. };
  85. //
  86. // The check period for how long a token can be in the cache.
  87. // Tokens can be in the cache for up to two times this value
  88. // (in seconds)
  89. //
  91. #define DEFAULT_CACHED_TOKEN_TTL ( 15 * 60 )
  93. #define SID_DEFAULT_SIZE 64
  95. #define TOKEN_CACHE_ENTRY_SIGNATURE 'TC3W'
  96. #define TOKEN_CACHE_ENTRY_FREE_SIGNATURE 'fC3W'
  98. class TOKEN_CACHE_ENTRY : public CACHE_ENTRY
  99. {
  100. public:
  101. TOKEN_CACHE_ENTRY( OBJECT_CACHE * pObjectCache )
  102. : CACHE_ENTRY( pObjectCache ),
  103. m_strMD5Password( m_achMD5Password, sizeof( m_achMD5Password ) ),
  104. m_lOOPToken( 0 ),
  105. m_lDisBackupPriToken( 0 ),
  106. m_hImpersonationToken( NULL ),
  107. m_hPrimaryToken( NULL ),
  108. m_pSid( NULL )
  109. {
  110. m_liPwdExpiry.HighPart = 0x7fffffff;
  111. m_liPwdExpiry.LowPart = 0xffffffff;
  113. m_dwSignature = TOKEN_CACHE_ENTRY_SIGNATURE;
  114. }
  116. virtual ~TOKEN_CACHE_ENTRY()
  117. {
  118. DBG_ASSERT( CheckSignature() );
  119. m_dwSignature = TOKEN_CACHE_ENTRY_FREE_SIGNATURE;
  121. if ( m_hImpersonationToken != NULL )
  122. {
  123. CloseHandle( m_hImpersonationToken );
  124. m_hImpersonationToken = NULL;
  125. }
  127. if ( m_hPrimaryToken != NULL )
  128. {
  129. CloseHandle( m_hPrimaryToken );
  130. m_hPrimaryToken = NULL;
  131. }
  132. }
  134. CACHE_KEY *
  135. QueryCacheKey(
  136. VOID
  137. ) const
  138. {
  139. return (CACHE_KEY*) &m_cacheKey;
  140. }
  142. HRESULT
  143. SetCacheKey(
  144. TOKEN_CACHE_KEY * pCacheKey
  145. )
  146. {
  147. return m_cacheKey.SetKey( pCacheKey );
  148. }
  150. BOOL
  151. CheckSignature(
  152. VOID
  153. ) const
  154. {
  155. return m_dwSignature == TOKEN_CACHE_ENTRY_SIGNATURE;
  156. }
  158. VOID *
  159. operator new(
  160. #if DBG
  161. size_t size
  162. #else
  163. size_t
  164. #endif
  165. )
  166. {
  167. DBG_ASSERT( size == sizeof( TOKEN_CACHE_ENTRY ) );
  168. DBG_ASSERT( sm_pachTokenCacheEntry != NULL );
  169. return sm_pachTokenCacheEntry->Alloc();
  170. }
  172. VOID
  173. operator delete(
  174. VOID * pTokenCacheEntry
  175. )
  176. {
  177. DBG_ASSERT( pTokenCacheEntry != NULL );
  178. DBG_ASSERT( sm_pachTokenCacheEntry != NULL );
  180. DBG_REQUIRE( sm_pachTokenCacheEntry->Free( pTokenCacheEntry ) );
  181. }
  183. HANDLE
  184. QueryImpersonationToken(
  185. VOID
  186. );
  188. HANDLE
  189. QueryPrimaryToken(
  190. VOID
  191. );
  194. PSID
  195. QuerySid(
  196. VOID
  197. );
  199. LARGE_INTEGER *
  200. QueryExpiry(
  201. VOID
  202. )
  203. {
  204. return &m_liPwdExpiry;
  205. }
  207. LONG
  208. QueryOOPToken(
  209. VOID
  210. )
  211. {
  212. if( m_lOOPToken )
  213. {
  214. return m_lOOPToken;
  215. }
  217. return InterlockedExchange( &m_lOOPToken, 1 );
  218. }
  220. LONG
  221. QueryDisBackupPriToken(
  222. VOID
  223. )
  224. {
  225. if( m_lDisBackupPriToken )
  226. {
  227. return m_lDisBackupPriToken;
  228. }
  230. return InterlockedExchange( &m_lDisBackupPriToken, 1 );
  231. }
  233. HRESULT
  234. GenMD5Password(
  235. IN WCHAR * pszPassword,
  236. OUT STRA * pstrMD5Password
  237. );
  239. HRESULT
  240. EqualMD5Password(
  241. IN WCHAR * pszPassword,
  242. OUT BOOL * fEqual
  243. );
  245. HRESULT
  246. Create(
  247. IN HANDLE hToken,
  248. IN WCHAR * pszPassword,
  249. IN LARGE_INTEGER * pliPwdExpiry,
  250. IN BOOL fImpersonation
  251. );
  253. static
  254. HRESULT
  255. Initialize(
  256. VOID
  257. );
  259. static
  260. VOID
  261. Terminate(
  262. VOID
  263. );
  265. private:
  267. TOKEN_CACHE_ENTRY(const TOKEN_CACHE_ENTRY &);
  268. void operator=(const TOKEN_CACHE_ENTRY &);
  270. DWORD m_dwSignature;
  272. //
  273. // Cache key
  274. //
  276. TOKEN_CACHE_KEY m_cacheKey;
  278. //
  279. // Hashed password. The hashed binary data will be converted to
  280. // ASCII hex representation, so the size would be twice as big
  281. // as the original one
  282. //
  284. CHAR m_achMD5Password[ 2 * DEFAULT_MD5_HASH_SIZE + 1 ];
  286. STRA m_strMD5Password;
  288. //
  289. // The actual tokens
  290. //
  292. HANDLE m_hImpersonationToken;
  293. HANDLE m_hPrimaryToken;
  295. //
  296. // Have we modified the token for OOP isapi
  297. //
  299. LONG m_lOOPToken;
  301. //
  302. // Have we disabled the backup privilege for the token
  303. //
  305. LONG m_lDisBackupPriToken;
  307. //
  308. // Time to expire for the token
  309. //
  311. LARGE_INTEGER m_liPwdExpiry;
  313. //
  314. // Keep the sid for file cache purposes
  315. //
  317. PSID m_pSid;
  318. BYTE m_abSid[ SID_DEFAULT_SIZE ];
  320. //
  321. // Allocation cache for TOKEN_CACHE_ENTRY's
  322. //
  324. static ALLOC_CACHE_HANDLER * sm_pachTokenCacheEntry;
  326. //
  327. // Handle of a cryptographic service provider
  328. //
  330. static HCRYPTPROV sm_hCryptProv;
  331. };
  333. class TOKEN_CACHE : public OBJECT_CACHE
  334. {
  335. public:
  337. TOKEN_CACHE()
  338. : m_dwLastPriorityUPNLogon ( 0 ),
  339. m_hKey ( NULL ),
  340. m_hEvent ( NULL ),
  341. m_hWaitObject ( NULL ),
  342. m_fInitializedThreadPool ( FALSE )
  343. {}
  345. ~TOKEN_CACHE()
  346. {}
  348. HRESULT
  349. GetCachedToken(
  350. IN LPWSTR pszUserName,
  351. IN LPWSTR pszDomain,
  352. IN LPWSTR pszPassword,
  353. IN DWORD dwLogonMethod,
  354. IN BOOL fUseSubAuth,
  355. IN BOOL fPossibleUPNLogon,
  356. IN PSOCKADDR pSockAddr,
  357. OUT TOKEN_CACHE_ENTRY ** ppCachedToken,
  358. OUT DWORD * pdwLogonError
  359. );
  361. WCHAR *
  362. QueryName(
  363. VOID
  364. ) const
  365. {
  366. return L"TOKEN_CACHE";
  367. }
  369. HKEY
  370. QueryRegKey(
  371. VOID
  372. ) const
  373. {
  374. return m_hKey;
  375. }
  377. HANDLE
  378. QueryEventHandle(
  379. VOID
  380. ) const
  381. {
  382. return m_hEvent;
  383. }
  385. HRESULT
  386. Initialize(
  387. VOID
  388. );
  390. VOID
  391. Terminate(
  392. VOID
  393. );
  395. static
  396. VOID
  397. WINAPI
  398. FlushTokenCacheWaitCallback(
  399. PVOID pParam,
  400. BOOL fWaitFired
  401. );
  403. private:
  405. TOKEN_CACHE(const TOKEN_CACHE &);
  406. void operator=(const TOKEN_CACHE &);
  408. DWORD m_dwLastPriorityUPNLogon;
  410. //
  411. // Handle to the "UserTokenTTL" registry key
  412. //
  414. HKEY m_hKey;
  416. //
  417. // Handle to the event waiting for the notification
  418. //
  420. HANDLE m_hEvent;
  422. //
  423. // Wait handle
  424. //
  426. HANDLE m_hWaitObject;
  428. //
  429. // Has the threadpool been successfully initialized
  430. //
  432. BOOL m_fInitializedThreadPool;
  434. };
  436. HRESULT
  437. ToHex(
  438. IN BUFFER & buffSrc,
  439. OUT STRA & strDst
  440. );
  442. #endif