archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/lsa/uclient/ctlklsa.c

579 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. ctlklsa.c
  9. Abstract:
  11. Local Security Authority Subsystem - Short CT for Lsa LookupAccountName/Sid
  13. This is a small test that simply calls the LsaLookupName/Sid API once.
  15. Usage:
  17. ctlklsa \\ServerName [-p] -a AccountName ... AccountName
  19. -p - pause before name and sid lookup operation
  20. -a - start of list of account names
  23. Building Instructions:
  25. nmake UMTEST=ctlklsa UMTYPE=console
  27. Author:
  30. Environment:
  32. Revision History:
  34. --*/
  36. #include "lsaclip.h"
  39. VOID
  40. DumpSID(
  41. IN PSID s
  42. );
  44. VOID
  45. CtPause(
  46. );
  48. #define LSA_WIN_STANDARD_BUFFER_SIZE 0x000000200L
  50. VOID __cdecl
  51. main(argc, argv)
  52. int argc;
  53. char **argv;
  54. {
  55. NTSTATUS
  56. Status = STATUS_SUCCESS,
  57. SidStatus;
  59. ULONG
  60. Index,
  61. ArgCount = (ULONG) argc,
  62. DomainIndex,
  63. NameIndex,
  64. NameCount,
  65. DomainSidLength;
  67. ANSI_STRING
  68. NamesAnsi[ LSA_WIN_STANDARD_BUFFER_SIZE],
  69. SystemNameAnsi;
  71. UNICODE_STRING
  72. Names[ LSA_WIN_STANDARD_BUFFER_SIZE],
  73. SystemName;
  75. PUNICODE_STRING
  76. DomainName;
  78. PSID
  79. Sid = NULL,
  80. *Sids = NULL;
  82. SECURITY_QUALITY_OF_SERVICE
  83. SecurityQualityOfService;
  85. OBJECT_ATTRIBUTES
  86. ObjectAttributes;
  88. LSA_HANDLE
  89. PolicyHandle;
  91. PLSA_REFERENCED_DOMAIN_LIST
  92. ReferencedDomains = NULL,
  93. ReferencedSidsDomains = NULL;
  95. PLSA_TRANSLATED_SID
  96. TranslatedSids = NULL;
  98. PLSA_TRANSLATED_NAME
  99. TranslatedNames = NULL;
  101. UCHAR
  102. SubAuthorityCount;
  104. BOOLEAN
  105. Pause = FALSE,
  106. DoLookupSids = TRUE;
  108. if (argc < 4) {
  110. printf("usage: ctlkacct <ServerName> [-p] -a <AccountName> [<AccountName> ...]\n\n");
  111. printf(" -p - pause before name and sid lookup operations\n");
  112. printf(" -a - start of list of account names\n\n");
  113. printf("example:\n");
  114. printf(" ctlklsa \\\\jimk -p -a interactive \"domain guests\" administrators\n\n");
  115. return;
  116. }
  118. NameIndex = 0;
  120. //
  121. // Capture argument 1, the Server Name
  122. //
  124. RtlInitString( &SystemNameAnsi, (PUCHAR) argv[1] );
  126. Status = RtlAnsiStringToUnicodeString(
  127. &SystemName,
  128. &SystemNameAnsi,
  129. TRUE
  130. );
  132. if (!NT_SUCCESS(Status)) {
  134. goto MainError;
  135. }
  137. for (Index = 2; Index < ArgCount; Index++) {
  139. if (strncmp(argv[Index], "-p", 2) == 0) {
  141. //
  142. // The caller wants a pause before each lookup call.
  143. //
  145. Pause = TRUE;
  146. } else if (strncmp(argv[Index], "-a", 2) == 0) {
  148. Index++;
  150. while (Index < ArgCount) {
  152. if (strncmp(argv[Index], "-", 1) == 0) {
  154. Index--;
  155. break;
  156. }
  158. //
  159. // Capture the Account Name as a Unicode String.
  160. //
  162. RtlInitString( &NamesAnsi[ NameIndex ], argv[Index] );
  164. Status = RtlAnsiStringToUnicodeString(
  165. &Names[ NameIndex ],
  166. &NamesAnsi[ NameIndex ],
  167. TRUE
  168. );
  170. if (!NT_SUCCESS(Status)) {
  172. break;
  173. }
  175. NameIndex++;
  176. Index++;
  177. }
  179. if (Index == ArgCount) {
  181. break;
  182. }
  183. }
  184. }
  186. if (!NT_SUCCESS(Status)) {
  188. goto MainError;
  189. }
  191. NameCount = NameIndex;
  193. SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  194. SecurityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  195. SecurityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  196. SecurityQualityOfService.EffectiveOnly = FALSE;
  198. //
  199. // Set up the object attributes prior to opening the LSA.
  200. //
  202. InitializeObjectAttributes(
  203. &ObjectAttributes,
  204. NULL,
  205. 0L,
  206. NULL,
  207. NULL
  208. );
  210. //
  211. // The InitializeObjectAttributes macro presently stores NULL for
  212. // the SecurityQualityOfService field, so we must manually copy that
  213. // structure for now.
  214. //
  216. ObjectAttributes.SecurityQualityOfService = &SecurityQualityOfService;
  218. //
  219. // Open the LSA Policy Database for the target system. This is the
  220. // starting point for the Name Lookup operation.
  221. //
  223. Status = LsaOpenPolicy(
  224. &SystemName,
  225. &ObjectAttributes,
  226. POLICY_LOOKUP_NAMES,
  227. &PolicyHandle
  228. );
  230. if (!NT_SUCCESS(Status)) {
  232. goto MainError;
  233. }
  235. if (Pause) {
  237. printf( "\n\n..... Pausing before name lookup \n ");
  238. CtPause( );
  239. }
  242. //
  243. // Attempt to translate the Names to Sids.
  244. //
  246. Status = LsaLookupNames(
  247. PolicyHandle,
  248. NameCount,
  249. Names,
  250. &ReferencedDomains,
  251. &TranslatedSids
  252. );
  254. if (!NT_SUCCESS(Status)) {
  256. goto MainError;
  257. }
  259. //
  260. // Build the Sids from the output.
  261. //
  263. Sids = (PSID *) LocalAlloc( 0, NameCount * sizeof (PSID) );
  266. if (Sids == NULL) {
  268. Status = STATUS_INSUFFICIENT_RESOURCES;
  269. goto MainError;
  270. }
  273. for (NameIndex = 0; NameIndex < NameCount; NameIndex++) {
  275. if (TranslatedSids[NameIndex].Use == SidTypeUnknown) {
  277. Sids[NameIndex] = NULL;
  278. DoLookupSids = FALSE;
  280. } else {
  281. DomainIndex = TranslatedSids[NameIndex].DomainIndex;
  283. DomainSidLength = RtlLengthSid(
  284. ReferencedDomains->Domains[DomainIndex].Sid
  285. );
  289. Sid = (PSID) LocalAlloc( (UINT) 0, (UINT) (DomainSidLength + sizeof(ULONG)) );
  291. if (Sid == NULL) {
  292. printf(" ** ERROR - couldn't allocate heap !!\n");
  293. return;
  294. }
  296. RtlMoveMemory(
  297. Sid,
  298. ReferencedDomains->Domains[DomainIndex].Sid,
  299. DomainSidLength
  300. );
  302. if (TranslatedSids[NameIndex].Use != SidTypeDomain) {
  304. (*RtlSubAuthorityCountSid( Sid ))++;
  305. SubAuthorityCount = *RtlSubAuthorityCountSid( Sid );
  306. *RtlSubAuthoritySid(Sid,SubAuthorityCount - (UCHAR) 1) =
  307. TranslatedSids[NameIndex].RelativeId;
  308. }
  310. Sids[NameIndex] = Sid;
  311. }
  312. }
  315. //
  316. // Pause before SID lookup...
  317. //
  319. if (!DoLookupSids) {
  320. printf("\n\n Unknown Name causing sid lookup to be skipped\n");
  321. } else {
  322. if (Pause) {
  324. printf( "\n\n..... Pausing before SID lookup \n ");
  325. CtPause();
  326. }
  328. //
  329. // Now translate the Sids back to Names
  330. //
  332. SidStatus = LsaLookupSids(
  333. PolicyHandle,
  334. NameCount,
  335. (PSID *) Sids,
  336. &ReferencedSidsDomains,
  337. &TranslatedNames
  338. );
  339. }
  341. /*
  342. * Print information returned by LookupAccountName
  343. */
  346. printf(
  347. "*********************************************\n"
  348. "Information returned by LookupAccountName\n"
  349. "*********************************************\n\n"
  350. );
  352. for (NameIndex = 0; NameIndex < NameCount; NameIndex++) {
  355. printf(" Name looked up: *%wZ*\n", &Names[NameIndex]);
  357. printf(" Use = ");
  359. switch (TranslatedSids[NameIndex].Use) {
  361. case SidTypeUser:
  363. printf("SidTypeUser\n");
  364. break;
  366. case SidTypeGroup:
  368. printf("SidTypeGroup\n");
  369. break;
  371. case SidTypeDomain:
  373. printf("SidTypeDomain\n");
  374. break;
  376. case SidTypeAlias:
  378. printf("SidTypeAlias\n");
  379. break;
  381. case SidTypeWellKnownGroup:
  383. printf("SidTypeWellKnownGroup\n");
  384. break;
  386. case SidTypeDeletedAccount:
  388. printf("SidTypeDeletedAccount\n");
  389. break;
  391. case SidTypeInvalid:
  393. printf("SidTypeInvalid\n");
  394. break;
  396. case SidTypeUnknown:
  398. printf("SidTypeUnknown\n\n");
  399. break;
  401. default:
  403. printf("Hmmm - something unusual came back !!!! \n\n");
  404. break;
  406. }
  408. if (TranslatedSids[NameIndex].Use != SidTypeUnknown) {
  410. printf(" Sid = " );
  411. DumpSID((PSID) Sids[NameIndex]);
  413. DomainIndex = TranslatedSids[NameIndex].DomainIndex;
  414. DomainName = &ReferencedDomains->Domains[ DomainIndex ].Name;
  416. printf(" Referenced Domain Name = *%wZ*\n\n", DomainName );
  417. }
  418. }
  421. if (DoLookupSids) {
  422. printf(
  423. "*********************************************\n"
  424. "Information returned by LookupAccountSid\n"
  425. "*********************************************\n\n"
  426. );
  428. if (!NT_SUCCESS(SidStatus)) {
  429. printf(" Sid lookup failed. Status 0x%lx\n"
  430. " Dumping sids that were being looked up...\n",
  431. SidStatus);
  432. }
  434. for (NameIndex = 0; NameIndex < NameCount; NameIndex++) {
  437. printf(" Sid = " );
  438. DumpSID((PSID) Sids[NameIndex]);
  440. if (NT_SUCCESS(SidStatus)) {
  442. printf(" Sid Use = ");
  444. switch (TranslatedNames[NameIndex].Use) {
  446. case SidTypeUser:
  448. printf("SidTypeUser\n");
  449. break;
  451. case SidTypeGroup:
  453. printf("SidTypeGroup\n");
  454. break;
  456. case SidTypeDomain:
  458. printf("SidTypeDomain\n");
  459. break;
  461. case SidTypeAlias:
  463. printf("SidTypeAlias\n");
  464. break;
  466. case SidTypeWellKnownGroup:
  468. printf("SidTypeWellKnownGroup\n");
  469. break;
  471. case SidTypeDeletedAccount:
  473. printf("SidTypeDeletedAccount\n");
  474. break;
  476. case SidTypeInvalid:
  478. printf("SidTypeInvalid\n");
  479. break;
  481. case SidTypeUnknown:
  483. printf("SidTypeUnknown\n");
  484. break;
  486. default:
  488. printf("Hmmm - unexpected value !!!\n");
  489. break;
  490. }
  492. DomainIndex = TranslatedNames[NameIndex].DomainIndex;
  493. DomainName = &ReferencedSidsDomains->Domains[ DomainIndex ].Name;
  494. if (TranslatedNames[NameIndex].Use == SidTypeDomain) {
  495. printf(
  496. " Domain Name = *%wZ*\n\n",
  497. DomainName
  498. );
  499. } else {
  500. printf(
  501. " Account Name = *%wZ*\n"
  502. " Referenced Domain Name = *%wZ*\n\n",
  503. &TranslatedNames[NameIndex].Name,
  504. DomainName
  505. );
  506. }
  507. }
  508. }
  509. }
  512. MainFinish:
  514. return;
  516. MainError:
  518. printf("Error: status = 0x%lx\n", Status);
  520. goto MainFinish;
  521. }
  524. VOID
  525. DumpSID(
  526. IN PSID s
  527. )
  529. {
  530. SID_IDENTIFIER_AUTHORITY
  531. *a;
  533. ULONG
  534. id = 0,
  535. i;
  537. BOOLEAN
  538. PrintValue = FALSE;
  540. try {
  543. a = GetSidIdentifierAuthority(s);
  545. printf("s-1-");
  547. for (i=0; i<5; i++) {
  548. if ((a->Value[i] != 0) || PrintValue) {
  549. printf("%02x", a->Value[i]);
  550. PrintValue = TRUE;
  551. }
  552. }
  553. printf("%02x", a->Value[5]);
  556. for (i = 0; i < (ULONG) *GetSidSubAuthorityCount(s); i++) {
  558. printf("-0x%lx", *GetSidSubAuthority(s, i));
  559. }
  562. } except (EXCEPTION_EXECUTE_HANDLER) {
  564. printf("<invalid pointer (0x%lx)>\n", s);
  565. }
  566. printf("\n");
  567. }
  569. VOID
  570. CtPause(
  571. )
  572. {
  573. CHAR
  574. IgnoreInput[300];
  576. printf("Press <ENTER> to continue . . .");
  577. gets( &IgnoreInput[0] );
  578. return;
  579. }