archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/base/fs/remotefs/dfs/lib/security/gensecurity.c

343 lines
7.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //
  2. // Copyright (C) 2000, Microsoft Corporation
  3. //
  4. // File: gensecurity.c
  5. //
  6. // Contents:
  7. //
  8. // History:
  9. //
  10. //-----------------------------------------------------------------------------
  12. #include <nt.h>
  13. #include <ntrtl.h>
  14. #include <nturtl.h>
  15. #include <windows.h>
  16. #include <stdio.h>
  17. #include <stdlib.h>
  18. #include <stddef.h>
  19. #include "rpc.h"
  20. #include "rpcdce.h"
  21. #include <ole2.h>
  22. #include <activeds.h>
  23. #include <WinLdap.h>
  24. #include <NtLdap.h>
  25. #include <ntdsapi.h>
  26. #include "dfsheader.h"
  27. #include "dfsmisc.h"
  29. PVOID
  30. DfsAllocateSecurityData(ULONG Size )
  31. {
  32. PVOID pBuff = NULL;
  34. pBuff = (PVOID) malloc (Size);
  36. return pBuff;
  37. }
  40. VOID
  41. DfsDeallocateSecurityData(PVOID pPointer )
  42. {
  43. if(pPointer)
  44. {
  45. free (pPointer);
  46. }
  47. }
  50. DFSSTATUS
  51. AccessImpersonateCheckRpcClientEx(PSECURITY_DESCRIPTOR DfsAdminSecurityDesc,
  52. GENERIC_MAPPING * DfsAdminGenericMapping,
  53. DWORD DesiredAccess)
  54. {
  55. BOOL accessGranted = FALSE;
  56. DWORD grantedAccess = 0;
  57. HANDLE clientToken = NULL;
  58. DWORD privilegeSetSize = 0;
  59. DFSSTATUS dwErr = 0;
  60. DFSSTATUS RevertStatus = 0;
  61. BYTE privilegeSet[500]; // Large buffer
  63. if (RpcImpersonateClient(NULL) != ERROR_SUCCESS)
  64. {
  65. return ERROR_ACCESS_DENIED;
  66. }
  68. privilegeSetSize = sizeof(privilegeSet);
  70. if (OpenThreadToken(GetCurrentThread(), TOKEN_IMPERSONATE | TOKEN_QUERY,
  71. TRUE, &clientToken))
  72. {
  73. if (AccessCheck(
  74. DfsAdminSecurityDesc,
  75. clientToken,
  76. DesiredAccess,
  77. DfsAdminGenericMapping,
  78. (PPRIVILEGE_SET) privilegeSet,
  79. &privilegeSetSize,
  80. &grantedAccess,
  81. &accessGranted) != TRUE)
  82. {
  83. accessGranted = FALSE; // paranoia
  84. //
  85. // No need to call GetLastError since we intend to return
  86. // ACCESS_DENIED regardless.
  87. //
  89. dwErr = GetLastError();
  92. }
  95. }
  97. RevertStatus = RpcRevertToSelf();
  99. if (clientToken != NULL)
  100. {
  101. CloseHandle( clientToken );
  102. }
  104. if( !accessGranted )
  105. {
  106. dwErr = ERROR_ACCESS_DENIED;
  107. }
  109. return dwErr;
  110. }
  113. VOID DumpSID(
  114. CHAR *pad,
  115. PSID sid_to_dump,
  116. ULONG Flag
  117. )
  118. {
  119. NTSTATUS ntstatus;
  120. UNICODE_STRING us;
  122. Flag;
  124. if (sid_to_dump)
  125. {
  126. WCHAR rgchName[256];
  127. DWORD cbName = sizeof(rgchName);
  128. WCHAR rgchDomain[256];
  129. DWORD cbDomain = sizeof(rgchDomain);
  130. SID_NAME_USE snu;
  132. ntstatus = RtlConvertSidToUnicodeString(&us, sid_to_dump, TRUE);
  134. if (NT_SUCCESS(ntstatus))
  135. {
  136. printf("%s%wZ", pad, &us);
  137. RtlFreeUnicodeString(&us);
  138. }
  139. else
  140. {
  141. printf("0x%08lx: Can't Convert SID to UnicodeString\n", ntstatus);
  142. }
  144. if (LookupAccountSid(NULL, sid_to_dump, rgchName, &cbName, rgchDomain, &cbDomain, &snu))
  145. {
  146. printf(" %ws\\%ws:", rgchDomain, rgchName);
  147. switch (snu)
  148. {
  149. case SidTypeUser:
  150. printf("User");
  151. break;
  152. case SidTypeGroup:
  153. printf("Group");
  154. break;
  155. case SidTypeDomain:
  156. printf("Domain");
  157. break;
  158. case SidTypeAlias:
  159. printf("Alias");
  160. break;
  161. case SidTypeWellKnownGroup:
  162. printf("Well Known Group");
  163. break;
  164. case SidTypeDeletedAccount:
  165. printf("Deleted Account");
  166. break;
  167. case SidTypeInvalid:
  168. printf("Invalid");
  169. break;
  170. case SidTypeUnknown:
  171. printf("Unknown");
  172. break;
  173. case SidTypeComputer:
  174. printf("Computer");
  175. break;
  176. default:
  177. printf("Unknown use: %d\n", snu);
  179. }
  180. }
  181. printf("\n");
  182. }
  183. else
  184. {
  185. printf("%s is NULL\n", pad);
  186. }
  187. }
  190. /*
  191. - DumpToken
  192. -
  193. * Purpose:
  194. * to dump a token
  195. *
  196. * Parameters:
  197. *
  198. * pad IN the string the prepend
  199. * htoken IN the token to dump
  200. */
  201. BOOL
  202. DumpToken(
  203. IN char *pad,
  204. IN HANDLE htoken)
  205. {
  206. BOOL fRet;
  207. DWORD dwError;
  208. DWORD dwLenNeeded;
  209. BYTE rgb[128];
  210. PTOKEN_USER ptu = (PTOKEN_USER) rgb;
  211. PTOKEN_USER ptuToFree = NULL;
  212. TOKEN_PRIMARY_GROUP *ptpg = (TOKEN_PRIMARY_GROUP*) rgb;
  213. TOKEN_PRIMARY_GROUP *ptpgToFree = NULL;
  214. TOKEN_GROUPS *ptg = (TOKEN_GROUPS*) rgb;
  215. TOKEN_GROUPS *ptgToFree = NULL;
  217. // dump token user
  218. fRet = GetTokenInformation(htoken, TokenUser, (void*) ptu, sizeof(rgb), &dwLenNeeded);
  219. if (!fRet)
  220. {
  221. dwError = GetLastError();
  222. if (dwError == ERROR_INSUFFICIENT_BUFFER)
  223. {
  224. ptuToFree = (PTOKEN_USER) malloc(dwLenNeeded);
  225. if (!ptuToFree)
  226. {
  227. printf("OOM\n");
  228. goto Error;
  229. }
  230. ptu = ptuToFree;
  231. fRet = GetTokenInformation(htoken, TokenUser, (void*) ptu, dwLenNeeded, &dwLenNeeded);
  232. if (!fRet)
  233. {
  234. dwError = GetLastError();
  235. }
  236. }
  237. }
  239. if (fRet)
  240. {
  241. printf("%s Token user is:\n", pad);
  242. DumpSID("", ptu->User.Sid, 0);
  243. }
  244. else
  245. {
  246. printf("%s 0x%08lx: Failed to get TokenUser\n", pad, dwError);
  247. }
  249. // dump token primary group
  250. fRet = GetTokenInformation(htoken, TokenPrimaryGroup, (void*) ptpg, sizeof(rgb), &dwLenNeeded);
  251. if (!fRet)
  252. {
  253. dwError = GetLastError();
  254. if (dwError == ERROR_INSUFFICIENT_BUFFER)
  255. {
  256. ptpgToFree = (TOKEN_PRIMARY_GROUP*) malloc(dwLenNeeded);
  257. if (!ptpgToFree)
  258. {
  259. printf("OOM\n");
  260. goto Error;
  261. }
  262. ptpg = ptpgToFree;
  263. fRet = GetTokenInformation(htoken, TokenPrimaryGroup, (void*) ptpg, dwLenNeeded, &dwLenNeeded);
  264. if (!fRet)
  265. {
  266. dwError = GetLastError();
  267. }
  268. }
  269. }
  271. if (fRet)
  272. {
  273. printf("%s Token's primary group is: \n", pad);
  274. DumpSID("", ptpg->PrimaryGroup, 0);
  275. }
  276. else
  277. {
  278. printf("%s 0x%08lx: Failed to get TokenPrimaryGroup\n", pad, dwError);
  279. }
  281. // dump token groups
  282. // TODO: add code to dump group attributes (in Text format)
  283. fRet = GetTokenInformation(htoken, TokenGroups, (void*) ptg, sizeof(rgb), &dwLenNeeded);
  284. if (!fRet)
  285. {
  286. dwError = GetLastError();
  287. if (dwError == ERROR_INSUFFICIENT_BUFFER)
  288. {
  289. ptgToFree = (TOKEN_GROUPS*) malloc(dwLenNeeded);
  290. if (!ptgToFree)
  291. {
  292. printf("OOM\n");
  293. goto Error;
  294. }
  295. ptg = ptgToFree;
  296. fRet = GetTokenInformation(htoken, TokenGroups, (void*) ptg, dwLenNeeded, &dwLenNeeded);
  297. if (!fRet)
  298. {
  299. dwError = GetLastError();
  300. }
  301. }
  302. }
  304. if (fRet)
  305. {
  306. UINT i;
  308. printf("%s token's groups are:\n", pad);
  309. for (i = 0; i < ptg->GroupCount; i++)
  310. {
  311. DumpSID("", ptg->Groups[i].Sid, 0);
  312. }
  313. }
  314. else
  315. {
  316. printf("%s 0x%08lx: Failed to get TokenGroups\n", pad, dwError);
  317. }
  319. // TODO: add code to dump other stuff later
  322. Cleanup:
  323. if (ptuToFree)
  324. {
  325. free(ptuToFree);
  326. }
  327. if (ptpgToFree)
  328. {
  329. free(ptpgToFree);
  330. }
  331. if (ptgToFree)
  332. {
  333. free(ptgToFree);
  334. }
  335. return fRet;
  337. Error:
  338. fRet = FALSE;
  339. goto Cleanup;
  340. }