archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/sidcache.cxx

954 lines
21 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1997
  6. //
  7. // File: sidcache.cxx
  8. //
  9. // Contents: routines to cache username->sid translations to speed up
  10. // logon performance
  11. //
  12. //
  13. // History: 27-May-1998 MikeSw Created
  14. //
  15. //------------------------------------------------------------------------
  17. #include <kerb.hxx>
  18. #include <kerbp.h>
  21. #define KERB_LOGON_SID_CACHE_KEY L"SidCache"
  22. #define KERB_LOGON_SID_CACHE_ENTRIES L"CacheEntries"
  23. #define KERB_LOGON_SID_CACHE_ENTRY_NAME L"Entry%d"
  24. #define KERB_MACHINE_SID_CACHE_NAME L"MachineSid"
  25. #define KERB_LOGON_SID_CACHE_MAX_ENTRIES 1000
  26. #define KERB_LOGON_SID_CACHE_DEFAULT_ENTRIES 10
  27. #define KERB_LOGON_SID_CACHE_ENTRY_NAME_SIZE (sizeof(L"Entry") * 4*sizeof(WCHAR))
  28. #define KERB_LOGON_SID_CACHE_VERSION 0
  31. KERBEROS_LIST KerbSidCache;
  32. HKEY KerbSidCacheKey;
  33. ULONG KerbSidCacheMaxEntries = KERB_LOGON_SID_CACHE_DEFAULT_ENTRIES;
  34. ULONG KerbSidCacheEntries;
  38. #define VALIDATE_POINTER(Ptr,Size,Base,Bound,NewBase,Type) \
  39. if (((PUCHAR)(Ptr) < (PUCHAR)(Base)) || (((PUCHAR)(Ptr) + (Size)) > (PUCHAR)(Bound))) \
  40. { \
  41. Status = STATUS_INVALID_PARAMETER; \
  42. goto Cleanup; \
  43. } \
  44. else \
  45. { \
  46. (Ptr) = (Type) ((PUCHAR) (Ptr) - (ULONG_PTR) Base + (ULONG_PTR) NewBase); \
  47. } \
  51. //+-------------------------------------------------------------------------
  52. //
  53. // Function: KerbVerifyUnpackAndLinkSidCacheEntry
  54. //
  55. // Synopsis: Unmarshalls the entry & verifies that the pointers all
  56. // match up within the buffer. If this is the case, it
  57. // inserts the entry into the list & zeroes out the pointer
  58. // so the caller won't free it.
  59. //
  60. // Effects:
  61. //
  62. // Arguments:
  63. //
  64. // Requires:
  65. //
  66. // Returns:
  67. //
  68. // Notes:
  69. //
  70. //
  71. //--------------------------------------------------------------------------
  74. NTSTATUS
  75. KerbVerifyUnpackAndLinkSidCacheEntry(
  76. IN PKERB_SID_CACHE_ENTRY * SidCacheEntry,
  77. IN ULONG CacheEntrySize
  78. )
  79. {
  80. NTSTATUS Status = STATUS_SUCCESS;
  81. PKERB_SID_CACHE_ENTRY CacheEntry = *SidCacheEntry;
  82. PUCHAR Bound;
  84. //
  85. // First check the base structure size
  86. //
  88. if (CacheEntrySize < sizeof(KERB_SID_CACHE_ENTRY))
  89. {
  90. Status = STATUS_INVALID_PARAMETER;
  91. goto Cleanup;
  92. }
  94. //
  95. // Now check the version
  96. //
  98. if (CacheEntry->Version != KERB_LOGON_SID_CACHE_VERSION)
  99. {
  100. Status = STATUS_INVALID_PARAMETER;
  101. goto Cleanup;
  102. }
  104. if (CacheEntry->Size != CacheEntrySize)
  105. {
  106. Status = STATUS_INVALID_PARAMETER;
  107. goto Cleanup;
  108. }
  109. //
  110. // Now check all the pointers
  111. //
  113. Bound = (PUCHAR) CacheEntry->Base + CacheEntrySize;
  115. VALIDATE_POINTER(
  116. CacheEntry->Sid,
  117. RtlLengthRequiredSid(5), // space for 5 sub authorities
  118. CacheEntry->Base,
  119. Bound,
  120. CacheEntry,
  121. PSID
  122. );
  124. VALIDATE_POINTER(
  125. CacheEntry->LogonUserName.Buffer,
  126. CacheEntry->LogonUserName.MaximumLength,
  127. CacheEntry->Base,
  128. Bound,
  129. CacheEntry,
  130. PWSTR
  131. );
  133. VALIDATE_POINTER(
  134. CacheEntry->LogonDomainName.Buffer,
  135. CacheEntry->LogonDomainName.MaximumLength,
  136. CacheEntry->Base,
  137. Bound,
  138. CacheEntry,
  139. PWSTR
  140. );
  142. VALIDATE_POINTER(
  143. CacheEntry->LogonRealm.Buffer,
  144. CacheEntry->LogonRealm.MaximumLength,
  145. CacheEntry->Base,
  146. Bound,
  147. CacheEntry,
  148. PWSTR
  149. );
  151. KerbInitializeListEntry(
  152. &CacheEntry->Next
  153. );
  155. //
  156. // This inserts at the head, not the tail
  157. //
  159. KerbInsertListEntryTail(
  160. &CacheEntry->Next,
  161. &KerbSidCache
  162. );
  164. *SidCacheEntry = NULL;
  166. Cleanup:
  168. return(Status);
  170. }
  173. //+-------------------------------------------------------------------------
  174. //
  175. // Function: KerbInitializeLogonSidCache
  176. //
  177. // Synopsis: Initializes the list of cached logon sids
  178. //
  179. // Effects: Reads data from the registry
  180. //
  181. // Arguments:
  182. //
  183. // Requires:
  184. //
  185. // Returns:
  186. //
  187. // Notes:
  188. //
  189. //
  190. //--------------------------------------------------------------------------
  192. NTSTATUS
  193. KerbInitializeLogonSidCache(
  194. VOID
  195. )
  196. {
  197. NTSTATUS Status = STATUS_SUCCESS;
  198. DWORD RegErr = ERROR_SUCCESS;
  199. DWORD Disposition = 0;
  200. PKERB_SID_CACHE_ENTRY NextEntry = NULL;
  201. ULONG NextEntrySize = 0;
  202. ULONG ValueType;
  203. ULONG Index;
  204. HKEY KerbParamKey = NULL;
  205. WCHAR EntryName[KERB_LOGON_SID_CACHE_ENTRY_NAME_SIZE];
  207. //
  208. // Initialize the list
  209. //
  211. Status = KerbInitializeList(&KerbSidCache);
  213. if (!NT_SUCCESS(Status))
  214. {
  215. goto Cleanup;
  216. }
  218. //
  219. // Create the sid cache key
  220. //
  222. RegErr = RegCreateKeyEx(
  223. HKEY_LOCAL_MACHINE,
  224. KERB_PARAMETER_PATH,
  225. 0,
  226. NULL,
  227. 0,
  228. KEY_ALL_ACCESS,
  229. 0,
  230. &KerbParamKey,
  231. &Disposition
  232. );
  233. if (RegErr != ERROR_SUCCESS)
  234. {
  235. DebugLog((DEB_ERROR,"Failed to create %ws key: %d\n",KERB_PARAMETER_PATH, RegErr));
  236. Status = STATUS_UNSUCCESSFUL;
  237. goto Cleanup;
  238. }
  240. RegErr = RegCreateKeyEx(
  241. KerbParamKey,
  242. KERB_LOGON_SID_CACHE_KEY,
  243. 0, // reserved
  244. NULL, // no class
  245. 0, // no options
  246. KEY_ALL_ACCESS,
  247. NULL, // no security attributes
  248. &KerbSidCacheKey,
  249. &Disposition
  250. );
  251. if (RegErr != ERROR_SUCCESS)
  252. {
  253. DebugLog((DEB_ERROR,"Failed to create key %ws: %d\n",KERB_LOGON_SID_CACHE_KEY, RegErr));
  254. Status = STATUS_UNSUCCESSFUL;
  255. goto Cleanup;
  256. }
  258. //
  259. // Read out the size of the cache
  260. //
  262. NextEntrySize = sizeof(ULONG);
  264. RegErr = RegQueryValueEx(
  265. KerbSidCacheKey,
  266. KERB_LOGON_SID_CACHE_ENTRIES,
  267. NULL, // reserved,
  268. &ValueType,
  269. (PUCHAR) &KerbSidCacheMaxEntries,
  270. &NextEntrySize
  271. );
  272. if (RegErr == ERROR_SUCCESS)
  273. {
  274. //
  275. // Make sure the value is within the range & is of the correc type
  276. //
  278. if ( (ValueType != REG_DWORD) ||
  279. (KerbSidCacheMaxEntries > KERB_LOGON_SID_CACHE_MAX_ENTRIES) ||
  280. (KerbSidCacheMaxEntries == 0) )
  282. {
  283. KerbSidCacheMaxEntries = KERB_LOGON_SID_CACHE_DEFAULT_ENTRIES;
  284. }
  285. }
  287. //
  288. // Now read in all the entries. Loop through up to the max number of
  289. // entries, reading the entry, and inserting at the tail of the list.
  290. //
  292. for (Index = 0; Index < KerbSidCacheMaxEntries ; Index++ )
  293. {
  294. swprintf(EntryName,KERB_LOGON_SID_CACHE_ENTRY_NAME, Index);
  296. //
  297. // Query the size of the entry
  298. //
  300. NextEntrySize = NULL;
  301. RegErr = RegQueryValueEx(
  302. KerbSidCacheKey,
  303. EntryName,
  304. NULL,
  305. &ValueType,
  306. (PUCHAR) NextEntry,
  307. &NextEntrySize
  308. );
  309. if ((RegErr == ERROR_SUCCESS) && (ValueType == REG_BINARY))
  310. {
  311. //
  312. // Allocate space for the entry and re-query to get the real
  313. // value.
  314. //
  316. NextEntry = (PKERB_SID_CACHE_ENTRY) KerbAllocate(NextEntrySize);
  317. if (NextEntry == NULL)
  318. {
  319. Status = STATUS_INSUFFICIENT_RESOURCES;
  320. goto Cleanup;
  321. }
  323. RegErr = RegQueryValueEx(
  324. KerbSidCacheKey,
  325. EntryName,
  326. NULL,
  327. &ValueType,
  328. (PUCHAR) NextEntry,
  329. &NextEntrySize
  330. );
  331. if (RegErr != ERROR_SUCCESS)
  332. {
  333. DebugLog((DEB_ERROR,"Failed to query for sid cache value: %d\n",
  334. RegErr ));
  335. Status = STATUS_UNSUCCESSFUL;
  336. goto Cleanup;
  337. }
  339. //
  340. // Call a helper routine to unpack,verify, and insert
  342. Status = KerbVerifyUnpackAndLinkSidCacheEntry(
  343. &NextEntry,
  344. NextEntrySize
  345. );
  346. //
  347. // If the entry was invalid, remove it now
  348. //
  349. if (!NT_SUCCESS(Status))
  350. {
  351. (VOID) RegDeleteValue(
  352. KerbSidCacheKey,
  353. EntryName
  354. );
  355. Status = STATUS_SUCCESS;
  356. }
  358. if (NextEntry != NULL)
  359. {
  360. KerbFree(NextEntry);
  361. NextEntry = NULL;
  362. }
  363. NextEntrySize = 0;
  367. }
  368. }
  370. Cleanup:
  371. if (KerbParamKey != NULL)
  372. {
  373. RegCloseKey(KerbParamKey);
  374. }
  375. if (NextEntry != NULL)
  376. {
  377. KerbFree(NextEntry);
  378. }
  379. if (!NT_SUCCESS(Status))
  380. {
  381. if (KerbSidCacheKey != NULL)
  382. {
  383. RegCloseKey(KerbSidCacheKey);
  384. KerbSidCacheKey = NULL;
  385. }
  386. }
  387. return(Status);
  388. }
  391. //+-------------------------------------------------------------------------
  392. //
  393. // Function: KerbScavengeSidCache
  394. //
  395. // Synopsis: removes any stale entries from the sid cache to make it fit
  396. // within bounds
  397. //
  398. // Effects:
  399. //
  400. // Arguments:
  401. //
  402. // Requires:
  403. //
  404. // Returns:
  405. //
  406. // Notes:
  407. //
  408. //
  409. //--------------------------------------------------------------------------
  412. VOID
  413. KerbScavengeSidCache(
  414. VOID
  415. )
  416. {
  417. PKERB_SID_CACHE_ENTRY CacheEntry;
  418. while (KerbSidCacheEntries > KerbSidCacheMaxEntries)
  419. {
  420. //
  421. // Pickup the last entry and remove it
  422. //
  424. CacheEntry = CONTAINING_RECORD(KerbSidCache.List.Blink, KERB_SID_CACHE_ENTRY, Next.Next);
  426. KerbReferenceListEntry(
  427. &KerbSidCache,
  428. &CacheEntry->Next,
  429. TRUE
  430. );
  431. KerbDereferenceSidCacheEntry(
  432. CacheEntry
  433. );
  434. KerbSidCacheEntries--;
  436. }
  438. }
  440. //+-------------------------------------------------------------------------
  441. //
  442. // Function: KerbWriteSidCache
  443. //
  444. // Synopsis: Writes the sid cache back to the registry
  445. //
  446. // Effects:
  447. //
  448. // Arguments:
  449. //
  450. // Requires:
  451. //
  452. // Returns:
  453. //
  454. // Notes:
  455. //
  456. //
  457. //--------------------------------------------------------------------------
  461. NTSTATUS
  462. KerbWriteSidCache(
  463. VOID
  464. )
  465. {
  466. ULONG Index = 0;
  467. WCHAR EntryName[KERB_LOGON_SID_CACHE_ENTRY_NAME_SIZE];
  468. PLIST_ENTRY ListEntry;
  469. PKERB_SID_CACHE_ENTRY CacheEntry;
  471. for (ListEntry = KerbSidCache.List.Flink ;
  472. ListEntry != &KerbSidCache.List ;
  473. ListEntry = ListEntry->Flink )
  474. {
  475. CacheEntry = CONTAINING_RECORD(ListEntry, KERB_SID_CACHE_ENTRY, Next.Next);
  476. swprintf(EntryName,KERB_LOGON_SID_CACHE_ENTRY_NAME, Index++);
  478. (VOID) RegSetValueEx(
  479. KerbSidCacheKey,
  480. EntryName,
  481. 0, // reserved
  482. REG_BINARY,
  483. (PUCHAR) CacheEntry,
  484. CacheEntry->Size
  485. );
  486. }
  488. return(STATUS_SUCCESS);
  490. }
  492. //+-------------------------------------------------------------------------
  493. //
  494. // Function: KerbPromoteSidCacheEntry
  495. //
  496. // Synopsis: Moves a cache entry to the front of the list
  497. //
  498. // Effects:
  499. //
  500. // Arguments:
  501. //
  502. // Requires:
  503. //
  504. // Returns:
  505. //
  506. // Notes:
  507. //
  508. //
  509. //--------------------------------------------------------------------------
  512. VOID
  513. KerbPromoteSidCacheEntry(
  514. IN PKERB_SID_CACHE_ENTRY CacheEntry
  515. )
  516. {
  517. KerbLockList(&KerbSidCache);
  518. RemoveEntryList(&CacheEntry->Next.Next);
  519. InsertHeadList(&KerbSidCache.List, &CacheEntry->Next.Next);
  520. KerbUnlockList(&KerbSidCache);
  521. }
  524. //+-------------------------------------------------------------------------
  525. //
  526. // Function: KerbLocateLogonSidCacheEntry
  527. //
  528. // Synopsis: Locates a logon sid cache entry by user name and domain name
  529. //
  530. // Effects:
  531. //
  532. // Arguments:
  533. //
  534. // Requires:
  535. //
  536. // Returns: returns a referenced cache entry, if available
  537. //
  538. // Notes:
  539. //
  540. //
  541. //--------------------------------------------------------------------------
  544. PKERB_SID_CACHE_ENTRY
  545. KerbLocateLogonSidCacheEntry(
  546. IN PUNICODE_STRING LogonUserName,
  547. IN PUNICODE_STRING LogonDomainName
  548. )
  549. {
  550. PKERB_SID_CACHE_ENTRY CacheEntry = NULL;
  551. PLIST_ENTRY ListEntry;
  553. if (!KerbGlobalUseSidCache)
  554. {
  555. return(NULL);
  556. }
  557. KerbLockList(&KerbSidCache);
  559. for (ListEntry = KerbSidCache.List.Flink ;
  560. ListEntry != &KerbSidCache.List ;
  561. ListEntry = ListEntry->Flink )
  562. {
  563. CacheEntry = CONTAINING_RECORD(ListEntry, KERB_SID_CACHE_ENTRY, Next.Next);
  565. if (RtlEqualUnicodeString(
  566. &CacheEntry->LogonUserName,
  567. LogonUserName,
  568. TRUE
  569. ) &&
  570. RtlEqualUnicodeString(
  571. &CacheEntry->LogonDomainName,
  572. LogonDomainName,
  573. TRUE
  574. ) )
  575. {
  576. //
  577. // We found it
  578. //
  580. KerbReferenceListEntry(
  581. &KerbSidCache,
  582. &CacheEntry->Next,
  583. FALSE // don't remove
  584. );
  586. break;
  587. }
  588. CacheEntry = NULL;
  589. }
  592. KerbUnlockList(&KerbSidCache);
  593. return(CacheEntry);
  594. }
  598. //+-------------------------------------------------------------------------
  599. //
  600. // Function: KerbDereferenceSidCacheEntry
  601. //
  602. // Synopsis: Dereferences the entry, possibly freeing it
  603. //
  604. // Effects:
  605. //
  606. // Arguments:
  607. //
  608. // Requires:
  609. //
  610. // Returns:
  611. //
  612. // Notes:
  613. //
  614. //
  615. //--------------------------------------------------------------------------
  618. VOID
  619. KerbDereferenceSidCacheEntry(
  620. IN PKERB_SID_CACHE_ENTRY CacheEntry
  621. )
  622. {
  623. KerbLockList(&KerbSidCache);
  624. if (KerbDereferenceListEntry(
  625. &CacheEntry->Next,
  626. &KerbSidCache
  627. ))
  628. {
  629. KerbFree(CacheEntry);
  630. }
  631. KerbUnlockList(&KerbSidCache);
  632. }
  634. //+-------------------------------------------------------------------------
  635. //
  636. // Function: KerbCacheLogonSid
  637. //
  638. // Synopsis: Caches a username/domainname & Sid combination for logon
  639. //
  640. // Effects: caches the user name/domainname/sid in the registry
  641. //
  642. // Arguments: LogonUserName - user name supplied to LogonUser
  643. // LogonDomainName - domain name supplied to LogonUser
  644. // LogonRealm - Realm actually containing the account
  645. // UserSid - Sid of user who just logged on
  646. //
  647. // Requires:
  648. //
  649. // Returns: none - this is just a cache
  650. //
  651. // Notes:
  652. //
  653. //
  654. //--------------------------------------------------------------------------
  656. VOID
  657. KerbCacheLogonSid(
  658. IN PUNICODE_STRING LogonUserName,
  659. IN PUNICODE_STRING LogonDomainName,
  660. IN PUNICODE_STRING LogonRealm,
  661. IN PSID UserSid
  662. )
  663. {
  664. NTSTATUS Status = STATUS_SUCCESS;
  665. PKERB_SID_CACHE_ENTRY CacheEntry;
  666. ULONG CacheEntrySize = 0;
  667. PUCHAR Where;
  669. if (!KerbGlobalUseSidCache)
  670. {
  671. return;
  672. }
  674. CacheEntry = KerbLocateLogonSidCacheEntry(
  675. LogonUserName,
  676. LogonDomainName
  677. );
  679. //
  680. // If we found the entry & it is the same as this one, move it up in
  681. // the list
  682. //
  685. if (CacheEntry != NULL)
  686. {
  687. if (RtlEqualUnicodeString(
  688. &CacheEntry->LogonRealm,
  689. LogonRealm,
  690. TRUE
  691. ) &&
  692. RtlEqualSid(
  693. CacheEntry->Sid,
  694. UserSid
  695. ) )
  697. {
  698. KerbPromoteSidCacheEntry(
  699. CacheEntry
  700. );
  701. goto Cleanup;
  702. }
  703. else
  704. {
  705. //
  706. // Remove it from the list
  707. //
  709. KerbLockList(&KerbSidCache);
  710. KerbReferenceListEntry(
  711. &KerbSidCache,
  712. &CacheEntry->Next,
  713. TRUE // remove
  714. );
  716. KerbDereferenceSidCacheEntry(
  717. CacheEntry
  718. );
  719. KerbDereferenceSidCacheEntry(
  720. CacheEntry
  721. );
  722. KerbUnlockList(&KerbSidCache);
  723. CacheEntry = NULL;
  724. }
  725. }
  727. //
  728. // Now build a new entry
  729. //
  731. CacheEntrySize = sizeof(KERB_SID_CACHE_ENTRY) +
  732. RtlLengthSid(UserSid) +
  733. LogonUserName->Length + sizeof(WCHAR) +
  734. LogonDomainName->Length + sizeof(WCHAR) +
  735. LogonRealm->Length + sizeof(WCHAR);
  737. CacheEntry = (PKERB_SID_CACHE_ENTRY) KerbAllocate(CacheEntrySize);
  738. if (CacheEntry == NULL)
  739. {
  740. Status = STATUS_INSUFFICIENT_RESOURCES;
  741. goto Cleanup;
  742. }
  744. //
  745. // Fill in all the fixed fields.
  746. //
  748. KerbInitializeListEntry(
  749. &CacheEntry->Next
  750. );
  751. CacheEntry->Base = (ULONG_PTR) CacheEntry;
  752. CacheEntry->Version = KERB_LOGON_SID_CACHE_VERSION;
  753. CacheEntry->Size = CacheEntrySize;
  754. Where = (PUCHAR) (CacheEntry + 1);
  756. //
  757. // Copy in the sid
  758. //
  759. CacheEntry->Sid = (PSID) Where;
  760. Where += RtlLengthSid( UserSid );
  762. RtlCopyMemory(
  763. CacheEntry->Sid,
  764. UserSid,
  765. Where - (PUCHAR) CacheEntry->Sid
  766. );
  768. //
  769. // Put the various strings
  770. //
  772. KerbPutString(
  773. LogonUserName,
  774. &CacheEntry->LogonUserName,
  775. 0, // no offset
  776. &Where
  777. );
  779. KerbPutString(
  780. LogonDomainName,
  781. &CacheEntry->LogonDomainName,
  782. 0, // no offset
  783. &Where
  784. );
  786. KerbPutString(
  787. LogonRealm,
  788. &CacheEntry->LogonRealm,
  789. 0, // no offset
  790. &Where
  791. );
  793. //
  794. // Insert it into the list
  795. //
  797. KerbLockList( &KerbSidCache );
  798. KerbInsertListEntry(
  799. &CacheEntry->Next,
  800. &KerbSidCache
  801. );
  802. //
  803. // Dereference it because we aren't returning the cache entry
  804. //
  806. KerbDereferenceListEntry(
  807. &CacheEntry->Next,
  808. &KerbSidCache
  809. );
  811. KerbSidCacheEntries++;
  813. //
  814. // Remove any extra entries
  815. //
  817. KerbScavengeSidCache();
  819. KerbUnlockList ( &KerbSidCache );
  821. Cleanup:
  822. if (NT_SUCCESS(Status))
  823. {
  824. KerbWriteSidCache();
  825. }
  827. }
  831. //+-------------------------------------------------------------------------
  832. //
  833. // Function: KerbWriteMachineSid
  834. //
  835. // Synopsis: Writes the machine account sid to the registry
  836. //
  837. // Effects:
  838. //
  839. // Arguments: MachineSid - If present, is stored. If not present,
  840. // is deleted from registry
  841. //
  842. // Requires:
  843. //
  844. // Returns:
  845. //
  846. // Notes:
  847. //
  848. //
  849. //--------------------------------------------------------------------------
  851. VOID
  852. KerbWriteMachineSid(
  853. IN OPTIONAL PSID MachineSid
  854. )
  855. {
  856. if (ARGUMENT_PRESENT(MachineSid))
  857. {
  858. (VOID) RegSetValueEx(
  859. KerbSidCacheKey,
  860. KERB_MACHINE_SID_CACHE_NAME,
  861. 0, // reserved
  862. REG_BINARY,
  863. (PUCHAR) MachineSid,
  864. RtlLengthSid(MachineSid)
  865. );
  866. }
  867. else
  868. {
  869. (VOID) RegDeleteValue(
  870. KerbSidCacheKey,
  871. KERB_MACHINE_SID_CACHE_NAME
  872. );
  873. }
  874. }
  877. //+-------------------------------------------------------------------------
  878. //
  879. // Function: Reads the machine sid from the registry
  880. //
  881. // Synopsis:
  882. //
  883. // Effects:
  884. //
  885. // Arguments:
  886. //
  887. // Requires:
  888. //
  889. // Returns:
  890. //
  891. // Notes:
  892. //
  893. //
  894. //--------------------------------------------------------------------------
  897. NTSTATUS
  898. KerbGetMachineSid(
  899. OUT PSID * MachineSid
  900. )
  901. {
  902. BYTE Buffer[sizeof(SID) + SID_MAX_SUB_AUTHORITIES * sizeof(ULONG)];
  903. ULONG BufferSize = sizeof(Buffer);
  904. PSID Sid = (PSID) Buffer;
  905. DWORD RegErr;
  906. NTSTATUS Status = STATUS_SUCCESS;
  907. ULONG ValueType;
  909. *MachineSid = NULL;
  910. RegErr = RegQueryValueEx(
  911. KerbSidCacheKey,
  912. KERB_MACHINE_SID_CACHE_NAME,
  913. NULL,
  914. &ValueType,
  915. Buffer,
  916. &BufferSize
  917. );
  918. if (RegErr != ERROR_SUCCESS)
  919. {
  920. DebugLog((DEB_ERROR,"Failed to query for machine sid value: %d\n",
  921. RegErr ));
  922. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  923. goto Cleanup;
  924. }
  926. //
  927. // If it isn't valid, delete it now
  928. //
  930. if (!RtlValidSid(Sid))
  931. {
  932. (VOID) RegDeleteValue(
  933. KerbSidCacheKey,
  934. KERB_MACHINE_SID_CACHE_NAME
  935. );
  936. }
  938. *MachineSid = (PSID) KerbAllocate(RtlLengthSid(Buffer));
  940. if (*MachineSid == NULL)
  941. {
  942. Status = STATUS_INSUFFICIENT_RESOURCES;
  943. goto Cleanup;
  944. }
  945. RtlCopyMemory(
  946. *MachineSid,
  947. Sid,
  948. RtlLengthSid(Sid)
  949. );
  951. Cleanup:
  952. return(Status);
  954. }