archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/admin/adsi/adsiis/sec2var.cxx

644 lines
14 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1997.
  5. //
  6. // File: sec2var.cxx
  7. //
  8. // Contents:
  9. //
  10. // Functions:
  11. //
  12. // History: 25-Apr-97 KrishnaG Created.
  13. //
  14. //----------------------------------------------------------------------------
  15. #include "iis.hxx"
  16. #pragma hdrstop
  19. HRESULT
  20. ConvertSidToString(
  21. PSID pSid,
  22. LPWSTR String
  23. );
  26. HRESULT
  27. ConvertSecDescriptorToVariant(
  28. PSECURITY_DESCRIPTOR pSecurityDescriptor,
  29. VARIANT * pVarSec
  30. )
  31. {
  32. IADsSecurityDescriptor * pSecDes = NULL;
  33. IDispatch * pDispatch = NULL;
  34. LPWSTR pszGroup = NULL;
  35. LPWSTR pszOwner = NULL;
  37. BOOL fOwnerDefaulted = 0;
  38. BOOL fGroupDefaulted = 0;
  39. BOOL fDaclDefaulted = 0;
  40. BOOL fSaclDefaulted = 0;
  42. BOOL fSaclPresent = 0;
  43. BOOL fDaclPresent = 0;
  45. LPBYTE pOwnerSidAddress = NULL;
  46. LPBYTE pGroupSidAddress = NULL;
  47. LPBYTE pDACLAddress = NULL;
  48. LPBYTE pSACLAddress = NULL;
  50. DWORD dwRet = 0;
  52. VARIANT varDACL;
  53. VARIANT varSACL;
  55. HRESULT hr = S_OK;
  57. DWORD dwRevision = 0;
  58. WORD wControl = 0;
  60. VariantInit(pVarSec);
  61. memset(&varSACL, 0, sizeof(VARIANT));
  62. memset(&varDACL, 0, sizeof(VARIANT));
  64. if (!pSecurityDescriptor) {
  65. RRETURN(E_FAIL);
  66. }
  69. dwRet = GetSecurityDescriptorControl(
  70. pSecurityDescriptor,
  71. &wControl,
  72. &dwRevision
  73. );
  74. if (!dwRet){
  75. hr = HRESULT_FROM_WIN32(GetLastError());
  76. BAIL_ON_FAILURE(hr);
  77. }
  79. dwRet = GetSecurityDescriptorOwner(
  80. pSecurityDescriptor,
  81. (PSID *)&pOwnerSidAddress,
  82. &fOwnerDefaulted
  83. );
  84. if (!dwRet){
  85. hr = HRESULT_FROM_WIN32(GetLastError());
  86. BAIL_ON_FAILURE(hr);
  87. }
  89. hr = ConvertSidToFriendlyName(
  90. pOwnerSidAddress,
  91. &pszOwner
  92. );
  93. BAIL_ON_FAILURE(hr);
  96. dwRet = GetSecurityDescriptorGroup(
  97. pSecurityDescriptor,
  98. (PSID *)&pGroupSidAddress,
  99. &fGroupDefaulted
  100. );
  102. if (!dwRet){
  103. hr = HRESULT_FROM_WIN32(GetLastError());
  104. BAIL_ON_FAILURE(hr);
  105. }
  107. hr = ConvertSidToFriendlyName(
  108. pGroupSidAddress,
  109. &pszGroup
  110. );
  111. BAIL_ON_FAILURE(hr);
  114. dwRet = GetSecurityDescriptorDacl(
  115. pSecurityDescriptor,
  116. &fDaclPresent,
  117. (PACL*)&pDACLAddress,
  118. &fDaclDefaulted
  119. );
  121. if (pDACLAddress) {
  122. hr = ConvertACLToVariant(
  123. (PACL)pDACLAddress,
  124. &varDACL
  125. );
  126. BAIL_ON_FAILURE(hr);
  127. }
  129. dwRet = GetSecurityDescriptorSacl(
  130. pSecurityDescriptor,
  131. &fSaclPresent,
  132. (PACL *)&pSACLAddress,
  133. &fSaclDefaulted
  134. );
  136. if (!dwRet){
  137. hr = HRESULT_FROM_WIN32(GetLastError());
  138. BAIL_ON_FAILURE(hr);
  139. }
  141. if (pSACLAddress) {
  142. hr = ConvertACLToVariant(
  143. (PACL)pSACLAddress,
  144. &varSACL
  145. );
  146. BAIL_ON_FAILURE(hr);
  147. }
  149. hr = CoCreateInstance(
  150. CLSID_SecurityDescriptor,
  151. NULL,
  152. CLSCTX_INPROC_SERVER,
  153. IID_IADsSecurityDescriptor,
  154. (void **)&pSecDes
  155. );
  156. BAIL_ON_FAILURE(hr);
  158. hr = pSecDes->put_Owner(pszOwner);
  160. hr = pSecDes->put_Group(pszGroup);
  162. hr = pSecDes->put_Revision(dwRevision);
  164. hr = pSecDes->put_Control((DWORD)wControl);
  166. hr = pSecDes->put_DiscretionaryAcl(V_DISPATCH(&varDACL));
  168. hr = pSecDes->put_SystemAcl(V_DISPATCH(&varSACL));
  170. hr = pSecDes->QueryInterface(IID_IDispatch, (void**)&pDispatch);
  171. BAIL_ON_FAILURE(hr);
  174. V_VT(pVarSec) = VT_DISPATCH;
  175. V_DISPATCH(pVarSec) = pDispatch;
  177. error:
  179. VariantClear(&varSACL);
  180. VariantClear(&varDACL);
  182. if (pszOwner) {
  183. FreeADsStr(pszOwner);
  184. }
  186. if (pszGroup) {
  187. FreeADsStr(pszGroup);
  188. }
  190. if (pSecDes) {
  191. pSecDes->Release();
  192. }
  194. RRETURN(hr);
  195. }
  198. HRESULT
  199. ConvertSidToFriendlyName(
  200. PSID pSid,
  201. LPWSTR * ppszAccountName
  202. )
  203. {
  204. HRESULT hr = S_OK;
  205. SID_NAME_USE eUse;
  206. WCHAR szAccountName[MAX_PATH];
  207. WCHAR szDomainName[MAX_PATH];
  208. DWORD dwLen = 0;
  209. DWORD dwRet = 0;
  211. LPWSTR pszAccountName = NULL;
  213. DWORD dwAcctLen = 0;
  214. DWORD dwDomainLen = 0;
  216. dwAcctLen = sizeof(szAccountName);
  217. dwDomainLen = sizeof(szDomainName);
  219. dwRet = LookupAccountSid(
  220. NULL,
  221. pSid,
  222. szAccountName,
  223. &dwAcctLen,
  224. szDomainName,
  225. &dwDomainLen,
  226. (PSID_NAME_USE)&eUse
  227. );
  228. if (!dwRet) {
  229. hr = HRESULT_FROM_WIN32(GetLastError());
  230. }else {
  232. dwLen = wcslen(szAccountName) + wcslen(szDomainName) + 1 + 1;
  234. pszAccountName = (LPWSTR)AllocADsMem(dwLen * sizeof(WCHAR));
  235. if (!pszAccountName) {
  236. hr = E_OUTOFMEMORY;
  237. BAIL_ON_FAILURE(hr);
  238. }
  240. if (szDomainName[0] && szAccountName[0]) {
  241. wsprintf(pszAccountName,L"%s\\%s",szDomainName, szAccountName);
  242. }else if (szAccountName[0]) {
  243. wsprintf(pszAccountName,L"%s", szAccountName);
  244. }
  245. }
  247. if (FAILED(hr)) {
  249. hr = ConvertSidToString(
  250. pSid,
  251. szAccountName
  252. );
  253. BAIL_ON_FAILURE(hr);
  255. pszAccountName = AllocADsStr(szAccountName);
  256. if (!pszAccountName) {
  257. hr = E_OUTOFMEMORY;
  258. BAIL_ON_FAILURE(hr);
  259. }
  260. }
  262. *ppszAccountName = pszAccountName;
  264. error:
  266. RRETURN(hr);
  267. }
  270. HRESULT
  271. ConvertACLToVariant(
  272. PACL pACL,
  273. PVARIANT pvarACL
  274. )
  275. {
  276. IADsAccessControlList * pAccessControlList = NULL;
  277. IDispatch * pDispatch = NULL;
  279. VARIANT varAce;
  280. DWORD dwAclSize = 0;
  281. DWORD dwAclRevision = 0;
  282. DWORD dwAceCount = 0;
  284. ACL_SIZE_INFORMATION AclSize;
  285. ACL_REVISION_INFORMATION AclRevision;
  286. DWORD dwStatus = 0;
  288. DWORD i = 0;
  289. DWORD dwNewAceCount = 0;
  291. HRESULT hr = S_OK;
  292. LPBYTE pAceAddress = NULL;
  295. memset(&AclSize, 0, sizeof(ACL_SIZE_INFORMATION));
  296. memset(&AclRevision, 0, sizeof(ACL_REVISION_INFORMATION));
  299. dwStatus = GetAclInformation(
  300. pACL,
  301. &AclSize,
  302. sizeof(ACL_SIZE_INFORMATION),
  303. AclSizeInformation
  304. );
  307. dwStatus = GetAclInformation(
  308. pACL,
  309. &AclRevision,
  310. sizeof(ACL_REVISION_INFORMATION),
  311. AclRevisionInformation
  312. );
  314. dwAceCount = AclSize.AceCount;
  315. dwAclRevision = AclRevision.AclRevision;
  317. VariantInit(pvarACL);
  319. hr = CoCreateInstance(
  320. CLSID_AccessControlList,
  321. NULL,
  322. CLSCTX_INPROC_SERVER,
  323. IID_IADsAccessControlList,
  324. (void **)&pAccessControlList
  325. );
  326. BAIL_ON_FAILURE(hr);
  328. for (i = 0; i < dwAceCount; i++) {
  330. dwStatus = GetAce(pACL, i, (void **)&pAceAddress);
  332. hr = ConvertAceToVariant(
  333. pAceAddress,
  334. (PVARIANT)&varAce
  335. );
  337. hr = pAccessControlList->AddAce(V_DISPATCH(&varAce));
  338. if (SUCCEEDED(hr)) {
  339. dwNewAceCount++;
  340. }
  342. VariantClear(&varAce);
  343. }
  345. pAccessControlList->put_AclRevision(dwAclRevision);
  347. pAccessControlList->put_AceCount(dwNewAceCount);
  350. hr = pAccessControlList->QueryInterface(
  351. IID_IDispatch,
  352. (void **)&pDispatch
  353. );
  354. V_VT(pvarACL) = VT_DISPATCH;
  355. V_DISPATCH(pvarACL) = pDispatch;
  357. error:
  359. if (pAccessControlList) {
  361. pAccessControlList->Release();
  362. }
  364. RRETURN(hr);
  365. }
  368. /* INTRINSA suppress=null_pointers, uninitialized */
  369. HRESULT
  370. ConvertAceToVariant(
  371. PBYTE pAce,
  372. PVARIANT pvarAce
  373. )
  374. {
  375. IADsAccessControlEntry * pAccessControlEntry = NULL;
  376. IDispatch * pDispatch = NULL;
  378. DWORD dwAceType = 0;
  379. DWORD dwAceFlags = 0;
  380. DWORD dwAccessMask = 0;
  381. LPWSTR pszAccountName = NULL;
  382. PACE_HEADER pAceHeader = NULL;
  383. LPBYTE pSidAddress = NULL;
  384. LPBYTE pOffset = NULL;
  385. DWORD dwFlags = 0;
  387. GUID ObjectGUID;
  388. GUID InheritedObjectGUID;
  389. WCHAR szObjectGUID[MAX_PATH];
  390. WCHAR szInheritedObjectGUID[MAX_PATH];
  392. HRESULT hr = S_OK;
  394. szObjectGUID[0] = L'\0';
  395. szInheritedObjectGUID[0] = L'\0';
  398. VariantInit(pvarAce);
  400. hr = CoCreateInstance(
  401. CLSID_AccessControlEntry,
  402. NULL,
  403. CLSCTX_INPROC_SERVER,
  404. IID_IADsAccessControlEntry,
  405. (void **)&pAccessControlEntry
  406. );
  407. BAIL_ON_FAILURE(hr);
  409. pAceHeader = (ACE_HEADER *)pAce;
  412. dwAceType = pAceHeader->AceType;
  413. dwAceFlags = pAceHeader->AceFlags;
  414. dwAccessMask = *(PACCESS_MASK)((LPBYTE)pAceHeader + sizeof(ACE_HEADER));
  416. switch (dwAceType) {
  418. case ACCESS_ALLOWED_ACE_TYPE:
  419. case ACCESS_DENIED_ACE_TYPE:
  420. case SYSTEM_AUDIT_ACE_TYPE:
  421. case SYSTEM_ALARM_ACE_TYPE:
  422. pSidAddress = (LPBYTE)pAceHeader + sizeof(ACE_HEADER) + sizeof(ACCESS_MASK);
  423. break;
  425. case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
  426. case ACCESS_DENIED_OBJECT_ACE_TYPE:
  427. case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
  428. case SYSTEM_ALARM_OBJECT_ACE_TYPE:
  429. pOffset = (LPBYTE)((LPBYTE)pAceHeader + sizeof(ACE_HEADER) + sizeof(ACCESS_MASK));
  430. dwFlags = (DWORD)(*(PDWORD)pOffset);
  432. //
  433. // Now advance by the size of the flags
  434. //
  435. pOffset += sizeof(ULONG);
  437. if (dwFlags & ACE_OBJECT_TYPE_PRESENT) {
  439. memcpy(&ObjectGUID, pOffset, sizeof(GUID));
  441. StringFromGUID2(ObjectGUID, szObjectGUID, MAX_PATH);
  443. pOffset += sizeof (GUID);
  445. }
  447. if (dwFlags & ACE_INHERITED_OBJECT_TYPE_PRESENT) {
  448. memcpy(&InheritedObjectGUID, pOffset, sizeof(GUID));
  450. StringFromGUID2(InheritedObjectGUID, szInheritedObjectGUID, MAX_PATH);
  452. pOffset += sizeof (GUID);
  454. }
  456. pSidAddress = pOffset;
  457. break;
  459. default:
  460. break;
  462. }
  465. hr = ConvertSidToFriendlyName(
  466. pSidAddress,
  467. &pszAccountName
  468. );
  470. if (FAILED(hr)){
  471. pszAccountName = AllocADsStr(L"Unknown Trustee");
  472. }
  474. //
  475. // Now set all the information in the Access Control Entry
  476. //
  478. hr = pAccessControlEntry->put_AccessMask(dwAccessMask);
  479. hr = pAccessControlEntry->put_AceFlags(dwAceFlags);
  480. hr = pAccessControlEntry->put_AceType(dwAceType);
  482. //
  483. // Extended ACE information
  484. //
  485. hr = pAccessControlEntry->put_Flags(dwFlags);
  487. if (dwFlags & ACE_OBJECT_TYPE_PRESENT) {
  489. //
  490. // Add in the Object Type GUID
  491. //
  492. hr = pAccessControlEntry->put_ObjectType(szObjectGUID);
  494. }
  496. if (dwFlags & ACE_INHERITED_OBJECT_TYPE_PRESENT) {
  498. //
  499. // Add in the Inherited Object Type GUID
  500. //
  502. hr = pAccessControlEntry->put_InheritedObjectType(szInheritedObjectGUID);
  504. }
  506. hr = pAccessControlEntry->put_Trustee(pszAccountName);
  508. hr = pAccessControlEntry->QueryInterface(
  509. IID_IDispatch,
  510. (void **)&pDispatch
  511. );
  512. BAIL_ON_FAILURE(hr);
  514. V_DISPATCH(pvarAce) = pDispatch;
  515. V_VT(pvarAce) = VT_DISPATCH;
  517. cleanup:
  519. if (pszAccountName) {
  521. FreeADsStr(pszAccountName);
  522. }
  524. if (pAccessControlEntry) {
  526. pAccessControlEntry->Release();
  527. }
  529. RRETURN(hr);
  532. error:
  534. if (pDispatch) {
  536. pDispatch->Release();
  538. }
  540. goto cleanup;
  541. }
  544. HRESULT
  545. ConvertSidToString(
  546. PSID pSid,
  547. LPWSTR String
  548. )
  550. /*++
  552. Routine Description:
  555. This function generates a printable unicode string representation
  556. of a SID.
  558. The resulting string will take one of two forms. If the
  559. IdentifierAuthority value is not greater than 2^32, then
  560. the SID will be in the form:
  563. S-1-281736-12-72-9-110
  564. ^ ^^ ^^ ^ ^^^
  565. | | | | |
  566. +-----+--+-+--+---- Decimal
  570. Otherwise it will take the form:
  573. S-1-0x173495281736-12-72-9-110
  574. ^^^^^^^^^^^^^^ ^^ ^^ ^ ^^^
  575. Hexidecimal | | | |
  576. +--+-+--+---- Decimal
  579. Arguments:
  581. pSid - opaque pointer that supplies the SID that is to be
  582. converted to Unicode.
  584. Return Value:
  586. If the Sid is successfully converted to a Unicode string, a
  587. pointer to the Unicode string is returned, else NULL is
  588. returned.
  590. --*/
  592. {
  593. WCHAR Buffer[256];
  594. UCHAR i;
  595. ULONG Tmp;
  596. HRESULT hr = S_OK;
  598. SID_IDENTIFIER_AUTHORITY *pSidIdentifierAuthority;
  599. PUCHAR pSidSubAuthorityCount;
  602. if (!IsValidSid( pSid )) {
  603. *String= L'\0';
  604. hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID);
  605. RRETURN(hr);
  606. }
  608. wsprintf(Buffer, L"S-%u-", (USHORT)(((PISID)pSid)->Revision ));
  609. wcscpy(String, Buffer);
  611. pSidIdentifierAuthority = GetSidIdentifierAuthority(pSid);
  613. if ( (pSidIdentifierAuthority->Value[0] != 0) ||
  614. (pSidIdentifierAuthority->Value[1] != 0) ){
  615. wsprintf(Buffer, L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
  616. (USHORT)pSidIdentifierAuthority->Value[0],
  617. (USHORT)pSidIdentifierAuthority->Value[1],
  618. (USHORT)pSidIdentifierAuthority->Value[2],
  619. (USHORT)pSidIdentifierAuthority->Value[3],
  620. (USHORT)pSidIdentifierAuthority->Value[4],
  621. (USHORT)pSidIdentifierAuthority->Value[5] );
  622. wcscat(String, Buffer);
  624. } else {
  626. Tmp = (ULONG)pSidIdentifierAuthority->Value[5] +
  627. (ULONG)(pSidIdentifierAuthority->Value[4] << 8) +
  628. (ULONG)(pSidIdentifierAuthority->Value[3] << 16) +
  629. (ULONG)(pSidIdentifierAuthority->Value[2] << 24);
  630. wsprintf(Buffer, L"%lu", Tmp);
  631. wcscat(String, Buffer);
  632. }
  634. pSidSubAuthorityCount = GetSidSubAuthorityCount(pSid);
  636. for (i=0;i< *(pSidSubAuthorityCount);i++ ) {
  637. wsprintf(Buffer, L"-%lu", *(GetSidSubAuthority(pSid, i)));
  638. wcscat(String, Buffer);
  639. }
  641. RRETURN(S_OK);
  643. }