archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/gina/refgp/sid.c

450 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //*************************************************************
  2. //
  3. // SID management functions.
  4. //
  5. // THESE FUNCTIONS ARE WINDOWS NT SPECIFIC!!!!!
  6. //
  7. // Microsoft Confidential
  8. // Copyright (c) Microsoft Corporation 1995
  9. // All rights reserved
  10. //
  11. //*************************************************************
  13. #include "refgp.h"
  15. /***************************************************************************\
  16. * GetSidString
  17. *
  18. * Allocates and returns a string representing the sid of the current user
  19. * The returned pointer should be freed using DeleteSidString().
  20. *
  21. * Returns a pointer to the string or NULL on failure.
  22. *
  23. * History:
  24. * 26-Aug-92 Davidc Created
  25. *
  26. \***************************************************************************/
  27. LPTSTR GetSidString(HANDLE UserToken)
  28. {
  29. NTSTATUS NtStatus;
  30. PSID UserSid;
  31. UNICODE_STRING UnicodeString;
  32. LPTSTR lpEnd;
  33. #ifndef UNICODE
  34. STRING String;
  35. #endif
  37. //
  38. // Get the user sid
  39. //
  41. UserSid = GetUserSid(UserToken);
  42. if (UserSid == NULL) {
  43. return NULL;
  44. }
  46. //
  47. // Convert user SID to a string.
  48. //
  50. NtStatus = RtlConvertSidToUnicodeString(
  51. &UnicodeString,
  52. UserSid,
  53. (BOOLEAN)TRUE // Allocate
  54. );
  55. //
  56. // We're finished with the user sid
  57. //
  59. DeleteUserSid(UserSid);
  61. //
  62. // See if the conversion to a string worked
  63. //
  65. if (!NT_SUCCESS(NtStatus)) {
  66. return NULL;
  67. }
  69. #ifdef UNICODE
  72. return(UnicodeString.Buffer);
  74. #else
  76. //
  77. // Convert the string to ansi
  78. //
  80. NtStatus = RtlUnicodeStringToAnsiString(&String, &UnicodeString, TRUE);
  81. RtlFreeUnicodeString(&UnicodeString);
  82. if (!NT_SUCCESS(NtStatus)) {
  83. return NULL;
  84. }
  87. return(String.Buffer);
  89. #endif
  91. }
  94. /***************************************************************************\
  95. * DeleteSidString
  96. *
  97. * Frees up a sid string previously returned by GetSidString()
  98. *
  99. * Returns nothing.
  100. *
  101. * History:
  102. * 26-Aug-92 Davidc Created
  103. *
  104. \***************************************************************************/
  105. VOID DeleteSidString(LPTSTR SidString)
  106. {
  108. #ifdef UNICODE
  109. UNICODE_STRING String;
  111. RtlInitUnicodeString(&String, SidString);
  113. RtlFreeUnicodeString(&String);
  114. #else
  115. ANSI_STRING String;
  117. RtlInitAnsiString(&String, SidString);
  119. RtlFreeAnsiString(&String);
  120. #endif
  122. }
  126. /***************************************************************************\
  127. * GetUserSid
  128. *
  129. * Allocs space for the user sid, fills it in and returns a pointer. Caller
  130. * The sid should be freed by calling DeleteUserSid.
  131. *
  132. * Note the sid returned is the user's real sid, not the per-logon sid.
  133. *
  134. * Returns pointer to sid or NULL on failure.
  135. *
  136. * History:
  137. * 26-Aug-92 Davidc Created.
  138. \***************************************************************************/
  139. PSID GetUserSid (HANDLE UserToken)
  140. {
  141. PTOKEN_USER pUser, pTemp;
  142. PSID pSid;
  143. DWORD BytesRequired = 200;
  144. NTSTATUS status;
  147. //
  148. // Allocate space for the user info
  149. //
  151. pUser = (PTOKEN_USER)LocalAlloc(LMEM_FIXED, BytesRequired);
  154. if (pUser == NULL) {
  155. return NULL;
  156. }
  159. //
  160. // Read in the UserInfo
  161. //
  163. status = NtQueryInformationToken(
  164. UserToken, // Handle
  165. TokenUser, // TokenInformationClass
  166. pUser, // TokenInformation
  167. BytesRequired, // TokenInformationLength
  168. &BytesRequired // ReturnLength
  169. );
  171. if (status == STATUS_BUFFER_TOO_SMALL) {
  173. //
  174. // Allocate a bigger buffer and try again.
  175. //
  177. pTemp = LocalReAlloc(pUser, BytesRequired, LMEM_MOVEABLE);
  178. if (pTemp == NULL) {
  179. LocalFree (pUser);
  180. return NULL;
  181. }
  183. pUser = pTemp;
  185. status = NtQueryInformationToken(
  186. UserToken, // Handle
  187. TokenUser, // TokenInformationClass
  188. pUser, // TokenInformation
  189. BytesRequired, // TokenInformationLength
  190. &BytesRequired // ReturnLength
  191. );
  193. }
  195. if (!NT_SUCCESS(status)) {
  196. LocalFree(pUser);
  197. return NULL;
  198. }
  201. BytesRequired = RtlLengthSid(pUser->User.Sid);
  202. pSid = LocalAlloc(LMEM_FIXED, BytesRequired);
  203. if (pSid == NULL) {
  204. LocalFree(pUser);
  205. return NULL;
  206. }
  209. status = RtlCopySid(BytesRequired, pSid, pUser->User.Sid);
  211. LocalFree(pUser);
  213. if (!NT_SUCCESS(status)) {
  214. LocalFree(pSid);
  215. pSid = NULL;
  216. }
  219. return pSid;
  220. }
  223. /***************************************************************************\
  224. * DeleteUserSid
  225. *
  226. * Deletes a user sid previously returned by GetUserSid()
  227. *
  228. * Returns nothing.
  229. *
  230. * History:
  231. * 26-Aug-92 Davidc Created
  232. *
  233. \***************************************************************************/
  234. VOID DeleteUserSid(PSID Sid)
  235. {
  236. LocalFree(Sid);
  237. }
  239. //+--------------------------------------------------------------------------
  240. //
  241. // Function: AllocateAndInitSidFromString
  242. //
  243. // Synopsis: given the string representation of a SID, this function
  244. // allocate and initializes a SID which the string represents
  245. // For more information on the string representation of SIDs
  246. // refer to ntseapi.h & ntrtl.h
  247. //
  248. // Arguments: [in] lpszSidStr : the string representation of the SID
  249. // [out] pSID : the actual SID structure created from the string
  250. //
  251. // Returns: STATUS_SUCCESS : if the sid structure was successfully created
  252. // or an error code based on errors that might occur
  253. //
  254. // History: 10/6/1998 RahulTh created
  255. //
  256. //---------------------------------------------------------------------------
  257. NTSTATUS AllocateAndInitSidFromString (const WCHAR* lpszSidStr, PSID* ppSid)
  258. {
  259. WCHAR * pSidStr = 0;
  260. WCHAR* pString = 0;
  261. NTSTATUS Status;
  262. WCHAR* pEnd = 0;
  263. int count;
  264. BYTE SubAuthCount;
  265. DWORD SubAuths[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  266. ULONG n;
  267. HRESULT hr;
  268. SID_IDENTIFIER_AUTHORITY Auth;
  270. ULONG ulNoChars = lstrlen (lpszSidStr) + 1;
  271. pSidStr = LocalAlloc(LPTR, ulNoChars*sizeof(WCHAR));;
  272. if (!pSidStr)
  273. {
  274. Status = STATUS_NO_MEMORY;
  275. goto AllocAndInitSidFromStr_End;
  276. }
  278. hr = StringCchCopy (pSidStr, ulNoChars, lpszSidStr);
  279. ASSERT(SUCCEEDED(hr));
  281. pString = pSidStr;
  282. *ppSid = NULL;
  284. count = 0;
  285. do
  286. {
  287. pString = wcschr (pString, '-');
  288. if (NULL == pString)
  289. break;
  290. count++;
  291. pString++;
  292. } while (1);
  294. SubAuthCount = (BYTE)(count - 2);
  295. if (0 > SubAuthCount || 8 < SubAuthCount)
  296. {
  297. Status = ERROR_INVALID_SID;
  298. goto AllocAndInitSidFromStr_End;
  299. }
  301. pString = wcschr (pSidStr, L'-');
  302. pString++;
  303. pString = wcschr (pString, L'-'); //ignore the revision #
  304. pString++;
  305. pEnd = wcschr (pString, L'-'); //go to the beginning of subauths.
  306. if (NULL != pEnd) *pEnd = L'\0';
  308. Status = LoadSidAuthFromString (pString, &Auth);
  310. if (STATUS_SUCCESS != Status)
  311. goto AllocAndInitSidFromStr_End;
  313. for (count = 0; count < SubAuthCount; count++)
  314. {
  315. pString = pEnd + 1;
  316. pEnd = wcschr (pString, L'-');
  317. if (pEnd)
  318. *pEnd = L'\0';
  319. Status = GetIntFromUnicodeString (pString, 10, &n);
  320. if (STATUS_SUCCESS != Status)
  321. goto AllocAndInitSidFromStr_End;
  322. SubAuths[count] = n;
  323. }
  325. Status = RtlAllocateAndInitializeSid (&Auth, SubAuthCount,
  326. SubAuths[0], SubAuths[1], SubAuths[2],
  327. SubAuths[3], SubAuths[4], SubAuths[5],
  328. SubAuths[6], SubAuths[7], ppSid);
  330. AllocAndInitSidFromStr_End:
  331. if (pSidStr)
  332. LocalFree( pSidStr );
  333. return Status;
  334. }
  336. //+--------------------------------------------------------------------------
  337. //
  338. // Function: LoadSidAuthFromString
  339. //
  340. // Synopsis: given a string representing the SID authority (as it is
  341. // normally represented in string format, fill the SID_AUTH..
  342. // structure. For more details on the format of the string
  343. // representation of the sid authority, refer to ntseapi.h and
  344. // ntrtl.h
  345. //
  346. // Arguments: [in] pString : pointer to the unicode string
  347. // [out] pSidAuth : pointer to the SID_IDENTIFIER_AUTH.. that is
  348. // desired
  349. //
  350. // Returns: STATUS_SUCCESS if it succeeds
  351. // or an error code
  352. //
  353. // History: 9/29/1998 RahulTh created
  354. //
  355. //---------------------------------------------------------------------------
  356. NTSTATUS LoadSidAuthFromString (const WCHAR* pString,
  357. PSID_IDENTIFIER_AUTHORITY pSidAuth)
  358. {
  359. size_t len;
  360. int i;
  361. NTSTATUS Status;
  362. const ULONG LowByteMask = 0xFF;
  363. ULONG n;
  365. len = lstrlenW (pString);
  367. if (len > 2 && 'x' == pString[1])
  368. {
  369. //this is in hex.
  370. //so we must have exactly 14 characters
  371. //(2 each for each of the 6 bytes) + 2 for the leading 0x
  372. if (14 != len)
  373. {
  374. Status = ERROR_INVALID_SID;
  375. goto LoadAuthEnd;
  376. }
  378. for (i=0; i < 6; i++)
  379. {
  380. pString += 2; //we need to skip the leading 0x
  381. pSidAuth->Value[i] = (UCHAR)(((pString[0] - L'0') << 4) +
  382. (pString[1] - L'0'));
  383. }
  384. }
  385. else
  386. {
  387. //this is in decimal
  388. Status = GetIntFromUnicodeString (pString, 10, &n);
  389. if (Status != STATUS_SUCCESS)
  390. goto LoadAuthEnd;
  392. pSidAuth->Value[0] = pSidAuth->Value[1] = 0;
  393. for (i = 5; i >=2; i--, n>>=8)
  394. pSidAuth->Value[i] = (UCHAR)(n & LowByteMask);
  395. }
  397. Status = STATUS_SUCCESS;
  399. LoadAuthEnd:
  400. return Status;
  401. }
  403. //+--------------------------------------------------------------------------
  404. //
  405. // Function: GetIntfromUnicodeString
  406. //
  407. // Synopsis: converts a unicode string into an integer
  408. //
  409. // Arguments: [in] szNum : the number represented as a unicode string
  410. // [in] Base : the base in which the resultant int is desired
  411. // [out] pValue : pointer to the integer representation of the
  412. // number
  413. //
  414. // Returns: STATUS_SUCCESS if successful.
  415. // or some other error code
  416. //
  417. // History: 9/29/1998 RahulTh created
  418. //
  419. //---------------------------------------------------------------------------
  420. NTSTATUS GetIntFromUnicodeString (const WCHAR* szNum, ULONG Base, PULONG pValue)
  421. {
  422. WCHAR * pwszNumStr = 0;
  423. UNICODE_STRING StringW;
  424. size_t len;
  425. NTSTATUS Status;
  426. HRESULT hr;
  428. len = lstrlen (szNum);
  429. pwszNumStr = LocalAlloc( LPTR, (len + 1) * sizeof(WCHAR));
  431. if (!pwszNumStr)
  432. {
  433. Status = STATUS_NO_MEMORY;
  434. goto GetNumEnd;
  435. }
  437. hr = StringCchCopy (pwszNumStr, len+1, szNum);
  438. ASSERT(SUCCEEDED(hr));
  440. StringW.Length = len * sizeof(WCHAR);
  441. StringW.MaximumLength = StringW.Length + sizeof (WCHAR);
  442. StringW.Buffer = pwszNumStr;
  444. Status = RtlUnicodeStringToInteger (&StringW, Base, pValue);
  446. GetNumEnd:
  447. if (pwszNumStr)
  448. LocalFree( pwszNumStr );
  449. return Status;
  450. }