archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/gina/userenv/samples/rcmd/server/lsautil.c

337 lines
8.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /****************************** Module Header ******************************\
  2. * Module Name: lsautil.c
  3. *
  4. * Copyright (c) 1994, Microsoft Corporation
  5. *
  6. * Remote shell server main module
  7. *
  8. * History:
  9. * 05-19-94 DaveTh Created.
  10. \***************************************************************************/
  12. #include <nt.h>
  13. #include <ntrtl.h>
  14. #include <ntlsa.h>
  15. #include <windef.h>
  16. #include <nturtl.h>
  17. #include <winbase.h>
  19. #include "rcmdsrv.h"
  21. #define INITIAL_SIZE_REQUIRED 600
  23. DWORD
  24. CheckUserSystemAccess(
  25. HANDLE TokenHandle,
  26. ULONG DesiredSystemAccess,
  27. PBOOLEAN UserHasAccess
  28. )
  30. /*++
  32. Routine Description:
  34. This function determines whether or not the user whose token is passed
  35. has the interactive accesses desired on this machine.
  37. Arguments:
  39. TokenHandle - Handle of user's token.
  41. DesiredSystemAccess - Specifies desired access type(s).
  43. UserHasAccess - pointer to boolean returned - TRUE means that user
  44. has interactive access.
  46. Return Value:
  48. ERROR_SUCCESS in absence of errors. UserHasAccess is TRUE if all
  49. requested access types are permitted, otherwise FALSE. WIN32 errors
  50. are returned in error cases.
  52. --*/
  53. {
  56. DWORD Result;
  57. LPVOID LpTokenUserInformation = NULL;
  58. LPVOID LpTokenGroupInformation = NULL;
  59. DWORD SizeRequired, SizeProvided;
  60. LSA_HANDLE PolicyHandle = NULL;
  61. LSA_HANDLE AccountHandle = NULL;
  62. NTSTATUS NtStatus;
  63. OBJECT_ATTRIBUTES ObjectAttributes;
  64. POBJECT_ATTRIBUTES LpObjectAttributes;
  65. ULONG GrantedSystemAccess, SidSystemAccess;
  66. DWORD i;
  69. //
  70. // Access LSA policy database
  71. //
  73. LpObjectAttributes = &ObjectAttributes;
  75. InitializeObjectAttributes(
  76. LpObjectAttributes,
  77. NULL,
  78. 0,
  79. NULL,
  80. NULL);
  82. if (!NT_SUCCESS(NtStatus = LsaOpenPolicy(
  83. NULL, // Local system
  84. LpObjectAttributes,
  85. GENERIC_READ,
  86. &PolicyHandle))) {
  88. RcDbgPrint("Error opening policy database, error = %x\n", NtStatus);
  89. Result = RtlNtStatusToDosError(NtStatus);
  90. goto Failure;
  91. }
  93. //
  94. // Check groups, user - For each SID, open the account (if it exists).
  95. // If it doesn't exist, no failure, but no access (FALSE). If it
  96. // does exist, accumulate granted accesses in and compare to
  97. // requested mask. If all the bits of the mask have been set at any
  98. // point, UserHasAccess is set TRUE. Otherise, it is left FALSE.
  99. //
  101. *UserHasAccess = FALSE;
  102. GrantedSystemAccess = 0;
  104. //
  105. // Get list of SIDs of groups of which user is a member
  106. //
  108. if ((LpTokenGroupInformation = Alloc(INITIAL_SIZE_REQUIRED)) == NULL) {
  109. Result = GetLastError();
  110. goto Failure;
  111. }
  113. if (!GetTokenInformation (
  114. TokenHandle,
  115. TokenGroups,
  116. LpTokenGroupInformation,
  117. INITIAL_SIZE_REQUIRED,
  118. &SizeRequired)) {
  120. Result = GetLastError();
  121. if ( (Result == ERROR_MORE_DATA) || (Result == ERROR_INSUFFICIENT_BUFFER) ) {
  123. Free(LpTokenGroupInformation);
  125. if ((LpTokenGroupInformation = Alloc(SizeRequired)) == NULL) {
  126. Result = GetLastError();
  127. goto Failure;
  128. }
  130. SizeProvided = SizeRequired;
  132. if (!GetTokenInformation (
  133. TokenHandle,
  134. TokenGroups,
  135. LpTokenGroupInformation,
  136. SizeProvided,
  137. &SizeRequired)) {
  139. Result=GetLastError();
  140. RcDbgPrint("Error accessing group SIDs, error = %d\n", Result);
  141. goto Failure;
  142. }
  144. } else {
  145. RcDbgPrint("Error accessing group SIDs, error = %d\n", Result);
  146. goto Failure;
  148. }
  150. }
  152. //
  153. // Check for each group that user is a member of since groups
  154. // are most likely source of permitted access. Permitted access types
  155. // are cumulative.
  156. //
  159. for (i=0; i< ((PTOKEN_GROUPS)LpTokenGroupInformation)->GroupCount; i++) {
  161. if (NT_SUCCESS(NtStatus = LsaOpenAccount(
  162. PolicyHandle,
  163. ((PTOKEN_GROUPS)LpTokenGroupInformation)->Groups[i].Sid,
  164. GENERIC_READ,
  165. &AccountHandle))) {
  167. //
  168. // found account - accumulate and check accesses
  169. //
  171. if (!NT_SUCCESS(NtStatus = LsaGetSystemAccessAccount (
  172. AccountHandle,
  173. &SidSystemAccess))) {
  175. RcDbgPrint("Error getting group account access, error = %x\n", NtStatus);
  176. Result = RtlNtStatusToDosError(NtStatus);
  177. goto Failure;
  179. } else {
  181. //
  182. // Got system access - don't need account handle anymore
  183. //
  185. if (NT_SUCCESS(NtStatus = LsaClose(AccountHandle))) {
  187. AccountHandle = NULL;
  189. } else {
  191. RcDbgPrint("Error closing account handle, error = %x\n", NtStatus);
  192. Result = RtlNtStatusToDosError(NtStatus);
  193. goto Failure;
  194. }
  197. GrantedSystemAccess |= SidSystemAccess;;
  199. if ((GrantedSystemAccess & DesiredSystemAccess) == DesiredSystemAccess) {
  200. *UserHasAccess = TRUE;
  201. goto Success;
  202. }
  203. }
  205. } else if (NtStatus != STATUS_OBJECT_NAME_NOT_FOUND) {
  206. RcDbgPrint("Error opening group account, error = %x\n", NtStatus);
  207. Result = RtlNtStatusToDosError(NtStatus);
  208. goto Failure;
  209. }
  211. }
  213. //
  214. // Get user SID
  215. //
  217. if ((LpTokenUserInformation = Alloc(INITIAL_SIZE_REQUIRED)) == NULL) {
  218. Result = GetLastError();
  219. goto Failure;
  220. }
  222. if (!GetTokenInformation (
  223. TokenHandle,
  224. TokenUser,
  225. LpTokenUserInformation,
  226. INITIAL_SIZE_REQUIRED,
  227. &SizeRequired)) {
  229. Result = GetLastError();
  230. if (Result == ERROR_MORE_DATA) { // Not enough - alloc and redo
  232. Free(LpTokenUserInformation);
  234. if ((LpTokenUserInformation = Alloc(SizeRequired)) == NULL) {
  235. Result = GetLastError();
  236. goto Failure;
  237. }
  239. SizeProvided = SizeRequired;
  241. if (!GetTokenInformation (
  242. TokenHandle,
  243. TokenUser,
  244. LpTokenUserInformation,
  245. SizeProvided,
  246. &SizeRequired)) {
  248. RcDbgPrint("Error accessing user SID, error = %d\n", Result);
  249. Result=GetLastError();
  250. goto Failure;
  251. }
  253. } else {
  254. RcDbgPrint("Error accessing user SID, error = %d\n", Result);
  255. goto Failure;
  257. }
  258. }
  260. //
  261. // Now, check user account. If present, check access and return
  262. // if requested access is allowed. If not allowed, go on to check groups.
  263. // If account doesn't exist, go on to check groups.
  264. //
  266. if (NT_SUCCESS(NtStatus = LsaOpenAccount(
  267. PolicyHandle,
  268. ((PTOKEN_USER)LpTokenUserInformation)->User.Sid,
  269. GENERIC_READ,
  270. &AccountHandle))) {
  272. //
  273. // found account - check accesses
  274. //
  276. if (!NT_SUCCESS(NtStatus = LsaGetSystemAccessAccount (
  277. AccountHandle,
  278. &GrantedSystemAccess))) {
  280. RcDbgPrint("Error getting group account access, error = %x\n", NtStatus);
  281. Result = RtlNtStatusToDosError(NtStatus);
  282. goto Failure;
  284. } else {
  286. GrantedSystemAccess |= SidSystemAccess;;
  288. if ((GrantedSystemAccess & DesiredSystemAccess) == DesiredSystemAccess) {
  289. *UserHasAccess = TRUE;
  290. goto Success;
  291. }
  292. }
  294. } else if (NtStatus != STATUS_OBJECT_NAME_NOT_FOUND) {
  295. RcDbgPrint("Error opening user account, error = %x\n", NtStatus);
  296. Result = RtlNtStatusToDosError(NtStatus);
  297. goto Failure;
  298. }
  300. //
  301. // Success - Jump here if access granted, fall through here on no error
  302. //
  304. Success:
  306. Result = ERROR_SUCCESS;
  309. //
  310. // General failure and success exit - frees memory, closes handles
  311. //
  313. Failure:
  315. if (LpTokenGroupInformation != NULL) {
  316. Free(LpTokenGroupInformation);
  317. }
  319. if (LpTokenUserInformation != NULL) {
  320. Free(LpTokenGroupInformation);
  321. }
  323. if ((PolicyHandle != NULL) &&
  324. (!NT_SUCCESS(NtStatus = LsaClose(PolicyHandle)))) {
  325. RcDbgPrint("Error closing policy handle at exit, error = %x\n", NtStatus);
  326. Result = RtlNtStatusToDosError(NtStatus);
  327. }
  329. if ((AccountHandle != NULL) &&
  330. (!NT_SUCCESS(NtStatus = LsaClose(AccountHandle)))) {
  331. RcDbgPrint("Error closing account handle at exit, error = %x\n", NtStatus);
  332. Result = RtlNtStatusToDosError(NtStatus);
  333. }
  335. return(Result);
  337. }