archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/printscan/wia/setup/clsinst/security.cpp

568 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. security.cpp
  9. Abstract:
  11. Environment:
  13. WIN32 User Mode
  15. Author:
  17. Vlad Sadovsky (vlads) 19-Apr-1998
  20. --*/
  22. //
  23. // Precompiled header
  24. //
  25. #include "precomp.h"
  26. #pragma hdrstop
  28. #include <nt.h>
  29. #include <ntrtl.h>
  30. #include <nturtl.h>
  32. #include "sti_ci.h"
  34. #include <sti.h>
  35. #include <stiregi.h>
  36. #include <stilib.h>
  37. #include <stiapi.h>
  38. #include <stisvc.h>
  40. #include <eventlog.h>
  42. #include <ntsecapi.h>
  43. #include <lm.h>
  47. NTSTATUS
  48. OpenPolicy(
  49. LPTSTR ServerName, // machine to open policy on (Unicode)
  50. DWORD DesiredAccess, // desired access to policy
  51. PLSA_HANDLE PolicyHandle // resultant policy handle
  52. );
  54. BOOL
  55. GetAccountSid(
  56. LPTSTR SystemName, // where to lookup account
  57. LPTSTR AccountName, // account of interest
  58. PSID *Sid // resultant buffer containing SID
  59. );
  61. NTSTATUS
  62. SetPrivilegeOnAccount(
  63. LSA_HANDLE PolicyHandle, // open policy handle
  64. PSID AccountSid, // SID to grant privilege to
  65. LPTSTR PrivilegeName, // privilege to grant (Unicode)
  66. BOOL bEnable // enable or disable
  67. );
  69. void
  70. InitLsaString(
  71. PLSA_UNICODE_STRING LsaString, // destination
  72. LPTSTR String // source (Unicode)
  73. );
  75. #define RTN_OK 0
  76. #define RTN_USAGE 1
  77. #define RTN_ERROR 13
  79. //
  80. // If you have the ddk, include ntstatus.h.
  81. //
  82. #ifndef STATUS_SUCCESS
  83. #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
  84. #endif
  87. BOOL
  88. GetDefaultDomainName(
  89. LPTSTR DomainName
  90. )
  91. {
  92. OBJECT_ATTRIBUTES ObjectAttributes;
  93. NTSTATUS NtStatus;
  94. DWORD err = 0;
  95. LSA_HANDLE LsaPolicyHandle = NULL;
  96. PPOLICY_ACCOUNT_DOMAIN_INFO DomainInfo = NULL;
  99. //
  100. // Open a handle to the local machine's LSA policy object.
  101. //
  103. InitializeObjectAttributes( &ObjectAttributes, // object attributes
  104. NULL, // name
  105. 0L, // attributes
  106. NULL, // root directory
  107. NULL ); // security descriptor
  109. NtStatus = LsaOpenPolicy( NULL, // system name
  110. &ObjectAttributes, // object attributes
  111. POLICY_EXECUTE, // access mask
  112. &LsaPolicyHandle ); // policy handle
  114. if( !NT_SUCCESS( NtStatus ) )
  115. {
  116. return FALSE;
  117. }
  119. //
  120. // Query the domain information from the policy object.
  121. //
  122. NtStatus = LsaQueryInformationPolicy( LsaPolicyHandle,
  123. PolicyAccountDomainInformation,
  124. (PVOID *) &DomainInfo );
  126. if (!NT_SUCCESS(NtStatus))
  127. {
  128. LsaClose(LsaPolicyHandle);
  129. return FALSE;
  130. }
  133. (void) LsaClose(LsaPolicyHandle);
  135. //
  136. // Copy the domain name into our cache, and
  137. //
  139. CopyMemory( DomainName,
  140. DomainInfo->DomainName.Buffer,
  141. DomainInfo->DomainName.Length );
  143. //
  144. // Null terminate it appropriately
  145. //
  147. DomainName[DomainInfo->DomainName.Length / sizeof(WCHAR)] = L'\0';
  149. //
  150. // Clean up
  151. //
  152. LsaFreeMemory( (PVOID)DomainInfo );
  154. return TRUE;
  155. }
  158. LPTSTR
  159. GetMachineName(
  160. LPWSTR AccountName
  161. )
  162. {
  163. LSA_HANDLE PolicyHandle = NULL;
  165. WCHAR DomainName[128];
  166. WCHAR LocalComputerName[128];
  168. LPTSTR MachineName = NULL;
  169. LPTSTR p;
  170. LPTSTR DCName = NULL;
  171. NET_API_STATUS NetStatus;
  172. UNICODE_STRING NameStrings;
  173. PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains = NULL;
  174. PLSA_TRANSLATED_SID LsaSids = NULL;
  175. PUSER_MODALS_INFO_1 Modals = NULL;
  176. DWORD Size;
  177. NTSTATUS Status;
  179. //
  180. // Get the domain name
  181. //
  183. p = wcschr( wszAccountName, L'\\' );
  184. if (p) {
  185. *p = 0;
  186. wcscpy( DomainName, wszAccountName );
  187. *p = L'\\';
  188. } else {
  189. wcscpy( DomainName, wszAccountName );
  190. }
  192. //
  193. // Open the policy on the target machine.
  194. //
  195. Status = OpenPolicy(
  196. NULL,
  197. POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
  198. &PolicyHandle
  199. );
  200. if (Status != STATUS_SUCCESS) {
  201. goto exit;
  202. }
  204. //
  205. // lookup the domain name for the account
  206. //
  208. InitLsaString( &NameStrings, AccountName );
  210. Status = LsaLookupNames(
  211. PolicyHandle,
  212. 1,
  213. &NameStrings,
  214. &ReferencedDomains,
  215. &LsaSids
  216. );
  217. if (Status != STATUS_SUCCESS) {
  218. goto exit;
  219. }
  221. //
  222. // get the local computer name
  223. //
  225. Size = sizeof(LocalComputerName);
  226. if (!GetComputerNameW( LocalComputerName, &Size )) {
  227. goto exit;
  228. }
  230. //
  231. // see if we are tring to set a local account
  232. //
  234. if (wcscmp( LocalComputerName, ReferencedDomains->Domains->Name.Buffer ) != 0) {
  236. //
  237. // see what part of the domain we are attempting to set
  238. //
  240. NetStatus = NetUserModalsGet( NULL, 1, (LPBYTE*) &Modals );
  241. if (NetStatus != NERR_Success) {
  242. goto exit;
  243. }
  245. if (Modals->usrmod1_role != UAS_ROLE_PRIMARY) {
  247. //
  248. // we know we are remote, so get the real dc name
  249. //
  251. NetStatus = NetGetDCName( NULL, DomainName, (LPBYTE*) &DCName );
  252. if (NetStatus != NERR_Success) {
  253. goto exit;
  254. }
  256. MachineName = StringDup( DCName );
  258. }
  259. }
  262. exit:
  263. if (Modals) {
  264. NetApiBufferFree( Modals );
  265. }
  266. if (DCName) {
  267. NetApiBufferFree( DCName );
  268. }
  269. if (ReferencedDomains) {
  270. LsaFreeMemory( ReferencedDomains );
  271. }
  272. if (LsaSids) {
  273. LsaFreeMemory( LsaSids );
  274. }
  275. if (PolicyHandle) {
  276. LsaClose( PolicyHandle );
  277. }
  279. return MachineName;
  280. }
  284. DWORD
  285. SetServiceSecurity(
  286. LPTSTR AccountName
  287. )
  288. {
  289. LSA_HANDLE PolicyHandle;
  290. PSID pSid;
  291. NTSTATUS Status;
  292. int iRetVal=RTN_ERROR;
  293. LPWSTR MachineName;
  295. WCHAR NewAccountName[512];
  296. WCHAR wszAccountName[256];
  298. *wszAccountName = L'\0';
  300. #ifdef UNICODE
  301. wcscpy(wszAccountName,AccountName);
  302. #else
  303. // MultiByteToWideChar(CP_ACP,
  304. // 0,
  305. // AccountName, -1,
  306. // wszAccountName, sizeof(wszAccountName));
  307. #endif
  310. if (AccountName[0] == L'.') {
  311. if (GetDefaultDomainName( NewAccountName )) {
  312. wcscat( NewAccountName, &AccountName[1] );
  313. AccountName = NewAccountName;
  314. }
  315. }
  317. //
  318. // try to get the correct machine name
  319. //
  320. MachineName = GetMachineName( wszAccountName );
  322. //
  323. // Open the policy on the target machine.
  324. //
  325. Status = OpenPolicy(
  326. MachineName,
  327. POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
  328. &PolicyHandle
  329. );
  330. if (Status != STATUS_SUCCESS) {
  331. return RTN_ERROR;
  332. }
  334. //
  335. // Obtain the SID of the user/group.
  336. // Note that we could target a specific machine, but we don't.
  337. // Specifying NULL for target machine searches for the SID in the
  338. // following order: well-known, Built-in and local, primary domain,
  339. // trusted domains.
  340. //
  341. if(GetAccountSid(
  342. MachineName, // target machine
  343. AccountName,// account to obtain SID
  344. &pSid // buffer to allocate to contain resultant SID
  345. )) {
  346. //
  347. // We only grant the privilege if we succeeded in obtaining the
  348. // SID. We can actually add SIDs which cannot be looked up, but
  349. // looking up the SID is a good sanity check which is suitable for
  350. // most cases.
  352. //
  353. // Grant the SeServiceLogonRight to users represented by pSid.
  354. //
  355. if((Status=SetPrivilegeOnAccount(
  356. PolicyHandle, // policy handle
  357. pSid, // SID to grant privilege
  358. L"SeServiceLogonRight", // Unicode privilege
  359. TRUE // enable the privilege
  360. )) == STATUS_SUCCESS) {
  361. iRetVal=RTN_OK;
  362. }
  363. }
  365. //
  366. // Close the policy handle.
  367. //
  368. LsaClose(PolicyHandle);
  370. //
  371. // Free memory allocated for SID.
  372. //
  373. if(pSid != NULL) MemFree(pSid);
  375. return iRetVal;
  376. }
  379. void
  380. InitLsaString(
  381. PLSA_UNICODE_STRING LsaString,
  382. LPTSTR String
  383. )
  384. {
  385. DWORD StringLength;
  387. if (String == NULL) {
  388. LsaString->Buffer = NULL;
  389. LsaString->Length = 0;
  390. LsaString->MaximumLength = 0;
  391. return;
  392. }
  394. StringLength = wcslen(String);
  395. LsaString->Buffer = String;
  396. LsaString->Length = (USHORT) StringLength * sizeof(WCHAR);
  397. LsaString->MaximumLength=(USHORT)(StringLength+1) * sizeof(WCHAR);
  398. }
  400. NTSTATUS
  401. OpenPolicy(
  402. LPTSTR ServerName,
  403. DWORD DesiredAccess,
  404. PLSA_HANDLE PolicyHandle
  405. )
  406. {
  407. LSA_OBJECT_ATTRIBUTES ObjectAttributes;
  408. LSA_UNICODE_STRING ServerString;
  409. PLSA_UNICODE_STRING Server = NULL;
  411. //
  412. // Always initialize the object attributes to all zeroes.
  413. //
  414. ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
  416. if (ServerName != NULL) {
  417. //
  418. // Make a LSA_UNICODE_STRING out of the LPTSTR passed in
  419. //
  420. InitLsaString(&ServerString, ServerName);
  421. Server = &ServerString;
  422. }
  424. //
  425. // Attempt to open the policy.
  426. //
  427. return LsaOpenPolicy(
  428. Server,
  429. &ObjectAttributes,
  430. DesiredAccess,
  431. PolicyHandle
  432. );
  433. }
  435. /*++
  436. This function attempts to obtain a SID representing the supplied
  437. account on the supplied system.
  439. If the function succeeds, the return value is TRUE. A buffer is
  440. allocated which contains the SID representing the supplied account.
  441. This buffer should be freed when it is no longer needed by calling
  442. HeapFree(GetProcessHeap(), 0, buffer)
  444. If the function fails, the return value is FALSE. Call GetLastError()
  445. to obtain extended error information.
  446. --*/
  448. BOOL
  449. GetAccountSid(
  450. LPTSTR SystemName,
  451. LPTSTR AccountName,
  452. PSID *Sid
  453. )
  454. {
  455. LPTSTR ReferencedDomain=NULL;
  456. DWORD cbSid=128; // initial allocation attempt
  457. DWORD cbReferencedDomain=32; // initial allocation size
  458. SID_NAME_USE peUse;
  459. BOOL bSuccess=FALSE; // assume this function will fail
  461. __try {
  463. //
  464. // initial memory allocations
  465. //
  466. if((*Sid=LocalAlloc(cbSid)) == NULL) {
  467. __leave;
  468. }
  470. if((ReferencedDomain=LocalAlloc(cbReferencedDomain)) == NULL) {
  471. __leave;
  472. }
  474. //
  475. // Obtain the SID of the specified account on the specified system.
  476. //
  477. while(!LookupAccountName(
  478. SystemName, // machine to lookup account on
  479. AccountName, // account to lookup
  480. *Sid, // SID of interest
  481. &cbSid, // size of SID
  482. ReferencedDomain, // domain account was found on
  483. &cbReferencedDomain,
  484. &peUse
  485. )) {
  486. if (GetLastError() == ERROR_INSUFFICIENT_BUFFER) {
  487. //
  488. // reallocate memory
  489. //
  490. if((*Sid=HeapReAlloc(
  491. GetProcessHeap(),
  492. 0,
  493. *Sid,
  494. cbSid
  495. )) == NULL) __leave;
  497. if((ReferencedDomain=HeapReAlloc(
  498. GetProcessHeap(),
  499. 0,
  500. ReferencedDomain,
  501. cbReferencedDomain
  502. )) == NULL) __leave;
  503. }
  504. else __leave;
  505. }
  507. //
  508. // Indicate success.
  509. //
  510. bSuccess=TRUE;
  512. } // finally
  513. __finally {
  515. //
  516. // Cleanup and indicate failure, if appropriate.
  517. //
  519. LocalFree(ReferencedDomain);
  521. if(!bSuccess) {
  522. if(*Sid != NULL) {
  523. LocalFree(*Sid);
  524. *Sid = NULL;
  525. }
  526. }
  528. } // finally
  530. return bSuccess;
  531. }
  533. NTSTATUS
  534. SetPrivilegeOnAccount(
  535. LSA_HANDLE PolicyHandle, // open policy handle
  536. PSID AccountSid, // SID to grant privilege to
  537. LPTSTR PrivilegeName, // privilege to grant (Unicode)
  538. BOOL bEnable // enable or disable
  539. )
  540. {
  541. LSA_UNICODE_STRING PrivilegeString;
  543. //
  544. // Create a LSA_UNICODE_STRING for the privilege name.
  545. //
  546. InitLsaString(&PrivilegeString, PrivilegeName);
  548. //
  549. // grant or revoke the privilege, accordingly
  550. //
  551. if(bEnable) {
  552. return LsaAddAccountRights(
  553. PolicyHandle, // open policy handle
  554. AccountSid, // target SID
  555. &PrivilegeString, // privileges
  556. 1 // privilege count
  557. );
  558. }
  559. else {
  560. return LsaRemoveAccountRights(
  561. PolicyHandle, // open policy handle
  562. AccountSid, // target SID
  563. FALSE, // do not disable all rights
  564. &PrivilegeString, // privileges
  565. 1 // privilege count
  566. );
  567. }
  568. }