archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/gina/snapins/gpedit/sid.cpp

556 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. //*************************************************************
  2. //
  3. // SID management functions.
  4. //
  5. // THESE FUNCTIONS ARE WINDOWS NT SPECIFIC!!!!!
  6. //
  7. // Microsoft Confidential
  8. // Copyright (c) Microsoft Corporation 1995
  9. // All rights reserved
  10. //
  11. //*************************************************************
  13. #include "main.h"
  15. /***************************************************************************\
  16. * GetSidString
  17. *
  18. * Allocates and returns a string representing the sid of the current user
  19. * The returned pointer should be freed using DeleteSidString().
  20. *
  21. * Returns a pointer to the string or NULL on failure.
  22. *
  23. * History:
  24. * 26-Aug-92 Davidc Created
  25. *
  26. \***************************************************************************/
  27. LPTSTR GetSidString(HANDLE UserToken)
  28. {
  29. NTSTATUS NtStatus;
  30. PSID UserSid;
  31. UNICODE_STRING UnicodeString;
  32. LPTSTR lpEnd;
  33. #ifndef UNICODE
  34. STRING String;
  35. #endif
  37. //
  38. // Get the user sid
  39. //
  41. UserSid = GetUserSid(UserToken);
  42. if (UserSid == NULL) {
  43. DebugMsg((DM_WARNING, TEXT("GetSidString: GetUserSid returned NULL")));
  44. return NULL;
  45. }
  47. //
  48. // Convert user SID to a string.
  49. //
  51. NtStatus = RtlConvertSidToUnicodeString(
  52. &UnicodeString,
  53. UserSid,
  54. (BOOLEAN)TRUE // Allocate
  55. );
  56. //
  57. // We're finished with the user sid
  58. //
  60. DeleteUserSid(UserSid);
  62. //
  63. // See if the conversion to a string worked
  64. //
  66. if (!NT_SUCCESS(NtStatus)) {
  67. DebugMsg((DM_WARNING, TEXT("GetSidString: RtlConvertSidToUnicodeString failed, status = 0x%x"),
  68. NtStatus));
  69. return NULL;
  70. }
  72. #ifdef UNICODE
  75. return(UnicodeString.Buffer);
  77. #else
  79. //
  80. // Convert the string to ansi
  81. //
  83. NtStatus = RtlUnicodeStringToAnsiString(&String, &UnicodeString, TRUE);
  84. RtlFreeUnicodeString(&UnicodeString);
  85. if (!NT_SUCCESS(NtStatus)) {
  86. DebugMsg((DM_WARNING, TEXT("GetSidString: RtlUnicodeStringToAnsiString failed, status = 0x%x"),
  87. status));
  88. return NULL;
  89. }
  92. return(String.Buffer);
  94. #endif
  96. }
  99. /***************************************************************************\
  100. * DeleteSidString
  101. *
  102. * Frees up a sid string previously returned by GetSidString()
  103. *
  104. * Returns nothing.
  105. *
  106. * History:
  107. * 26-Aug-92 Davidc Created
  108. *
  109. \***************************************************************************/
  110. VOID DeleteSidString(LPTSTR SidString)
  111. {
  113. #ifdef UNICODE
  114. UNICODE_STRING String;
  116. RtlInitUnicodeString(&String, SidString);
  118. RtlFreeUnicodeString(&String);
  119. #else
  120. ANSI_STRING String;
  122. RtlInitAnsiString(&String, SidString);
  124. RtlFreeAnsiString(&String);
  125. #endif
  127. }
  131. /***************************************************************************\
  132. * GetUserSid
  133. *
  134. * Allocs space for the user sid, fills it in and returns a pointer. Caller
  135. * The sid should be freed by calling DeleteUserSid.
  136. *
  137. * Note the sid returned is the user's real sid, not the per-logon sid.
  138. *
  139. * Returns pointer to sid or NULL on failure.
  140. *
  141. * History:
  142. * 26-Aug-92 Davidc Created.
  143. \***************************************************************************/
  144. PSID GetUserSid (HANDLE UserToken)
  145. {
  146. PTOKEN_USER pUser, pTemp;
  147. PSID pSid;
  148. DWORD BytesRequired = 200;
  149. NTSTATUS status;
  152. //
  153. // Allocate space for the user info
  154. //
  156. pUser = (PTOKEN_USER)LocalAlloc(LMEM_FIXED, BytesRequired);
  159. if (pUser == NULL) {
  160. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  161. BytesRequired));
  162. return NULL;
  163. }
  166. //
  167. // Read in the UserInfo
  168. //
  170. status = NtQueryInformationToken(
  171. UserToken, // Handle
  172. TokenUser, // TokenInformationClass
  173. pUser, // TokenInformation
  174. BytesRequired, // TokenInformationLength
  175. &BytesRequired // ReturnLength
  176. );
  178. if (status == STATUS_BUFFER_TOO_SMALL) {
  180. //
  181. // Allocate a bigger buffer and try again.
  182. //
  184. pTemp = (PTOKEN_USER)LocalReAlloc(pUser, BytesRequired, LMEM_MOVEABLE);
  185. if (pTemp == NULL) {
  186. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  187. BytesRequired));
  188. LocalFree (pUser);
  189. return NULL;
  190. }
  192. pUser = pTemp;
  194. status = NtQueryInformationToken(
  195. UserToken, // Handle
  196. TokenUser, // TokenInformationClass
  197. pUser, // TokenInformation
  198. BytesRequired, // TokenInformationLength
  199. &BytesRequired // ReturnLength
  200. );
  202. }
  204. if (!NT_SUCCESS(status)) {
  205. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to query user info from user token, status = 0x%x"),
  206. status));
  207. LocalFree(pUser);
  208. return NULL;
  209. }
  212. BytesRequired = RtlLengthSid(pUser->User.Sid);
  213. pSid = LocalAlloc(LMEM_FIXED, BytesRequired);
  214. if (pSid == NULL) {
  215. DebugMsg((DM_WARNING, TEXT("GetUserSid: Failed to allocate %d bytes"),
  216. BytesRequired));
  217. LocalFree(pUser);
  218. return NULL;
  219. }
  222. status = RtlCopySid(BytesRequired, pSid, pUser->User.Sid);
  224. LocalFree(pUser);
  226. if (!NT_SUCCESS(status)) {
  227. DebugMsg((DM_WARNING, TEXT("GetUserSid: RtlCopySid Failed. status = %d"),
  228. status));
  229. LocalFree(pSid);
  230. pSid = NULL;
  231. }
  234. return pSid;
  235. }
  238. /***************************************************************************\
  239. * DeleteUserSid
  240. *
  241. * Deletes a user sid previously returned by GetUserSid()
  242. *
  243. * Returns nothing.
  244. *
  245. * History:
  246. * 26-Aug-92 Davidc Created
  247. *
  248. \***************************************************************************/
  249. VOID DeleteUserSid(PSID Sid)
  250. {
  251. LocalFree(Sid);
  252. }
  255. //+--------------------------------------------------------------------------
  256. //
  257. // Function: AllocateAndInitSidFromString
  258. //
  259. // Synopsis: given the string representation of a SID, this function
  260. // allocate and initializes a SID which the string represents
  261. // For more information on the string representation of SIDs
  262. // refer to ntseapi.h & ntrtl.h
  263. //
  264. // Arguments: [in] lpszSidStr : the string representation of the SID
  265. // [out] pSID : the actual SID structure created from the string
  266. //
  267. // Returns: STATUS_SUCCESS : if the sid structure was successfully created
  268. // or an error code based on errors that might occur
  269. //
  270. // History: 10/6/1998 RahulTh created
  271. //
  272. //---------------------------------------------------------------------------
  273. NTSTATUS AllocateAndInitSidFromString (const WCHAR* lpszSidStr, PSID* ppSid)
  274. {
  275. WCHAR * pSidStr = 0;
  276. WCHAR* pString = 0;
  277. NTSTATUS Status;
  278. WCHAR* pEnd = 0;
  279. int count;
  280. BYTE SubAuthCount;
  281. DWORD SubAuths[8] = {0, 0, 0, 0, 0, 0, 0, 0};
  282. ULONG n;
  283. SID_IDENTIFIER_AUTHORITY Auth;
  285. pSidStr = (WCHAR *)LocalAlloc(LPTR, (lstrlen (lpszSidStr) + 1)*sizeof(WCHAR));;
  286. if (!pSidStr)
  287. {
  288. Status = STATUS_NO_MEMORY;
  289. goto AllocAndInitSidFromStr_End;
  290. }
  292. lstrcpy (pSidStr, lpszSidStr);
  293. pString = pSidStr;
  294. *ppSid = NULL;
  296. count = 0;
  297. do
  298. {
  299. pString = wcschr (pString, '-');
  300. if (NULL == pString)
  301. break;
  302. count++;
  303. pString++;
  304. } while (1);
  306. SubAuthCount = (BYTE)(count - 2);
  307. if (0 > SubAuthCount || 8 < SubAuthCount)
  308. {
  309. Status = ERROR_INVALID_SID;
  310. goto AllocAndInitSidFromStr_End;
  311. }
  313. pString = wcschr (pSidStr, L'-');
  314. pString++;
  315. pString = wcschr (pString, L'-'); //ignore the revision #
  316. pString++;
  317. pEnd = wcschr (pString, L'-'); //go to the beginning of subauths.
  318. if (NULL != pEnd) *pEnd = L'\0';
  320. Status = LoadSidAuthFromString (pString, &Auth);
  322. if (STATUS_SUCCESS != Status)
  323. goto AllocAndInitSidFromStr_End;
  325. for (count = 0; count < SubAuthCount; count++)
  326. {
  327. pString = pEnd + 1;
  328. pEnd = wcschr (pString, L'-');
  329. if (pEnd)
  330. *pEnd = L'\0';
  331. Status = GetIntFromUnicodeString (pString, 10, &n);
  332. if (STATUS_SUCCESS != Status)
  333. goto AllocAndInitSidFromStr_End;
  334. SubAuths[count] = n;
  335. }
  337. Status = RtlAllocateAndInitializeSid (&Auth, SubAuthCount,
  338. SubAuths[0], SubAuths[1], SubAuths[2],
  339. SubAuths[3], SubAuths[4], SubAuths[5],
  340. SubAuths[6], SubAuths[7], ppSid);
  342. AllocAndInitSidFromStr_End:
  343. if (pSidStr)
  344. LocalFree( pSidStr );
  345. return Status;
  346. }
  348. //+--------------------------------------------------------------------------
  349. //
  350. // Function: LoadSidAuthFromString
  351. //
  352. // Synopsis: given a string representing the SID authority (as it is
  353. // normally represented in string format, fill the SID_AUTH..
  354. // structure. For more details on the format of the string
  355. // representation of the sid authority, refer to ntseapi.h and
  356. // ntrtl.h
  357. //
  358. // Arguments: [in] pString : pointer to the unicode string
  359. // [out] pSidAuth : pointer to the SID_IDENTIFIER_AUTH.. that is
  360. // desired
  361. //
  362. // Returns: STATUS_SUCCESS if it succeeds
  363. // or an error code
  364. //
  365. // History: 9/29/1998 RahulTh created
  366. //
  367. //---------------------------------------------------------------------------
  368. NTSTATUS LoadSidAuthFromString (const WCHAR* pString,
  369. PSID_IDENTIFIER_AUTHORITY pSidAuth)
  370. {
  371. size_t len;
  372. int i;
  373. NTSTATUS Status;
  374. const ULONG LowByteMask = 0xFF;
  375. ULONG n;
  377. len = lstrlenW (pString);
  379. if (len > 2 && 'x' == pString[1])
  380. {
  381. //this is in hex.
  382. //so we must have exactly 14 characters
  383. //(2 each for each of the 6 bytes) + 2 for the leading 0x
  384. if (14 != len)
  385. {
  386. Status = ERROR_INVALID_SID;
  387. goto LoadAuthEnd;
  388. }
  390. for (i=0; i < 6; i++)
  391. {
  392. pString += 2; //we need to skip the leading 0x
  393. pSidAuth->Value[i] = (UCHAR)(((pString[0] - L'0') << 4) +
  394. (pString[1] - L'0'));
  395. }
  396. }
  397. else
  398. {
  399. //this is in decimal
  400. Status = GetIntFromUnicodeString (pString, 10, &n);
  401. if (Status != STATUS_SUCCESS)
  402. goto LoadAuthEnd;
  404. pSidAuth->Value[0] = pSidAuth->Value[1] = 0;
  405. for (i = 5; i >=2; i--, n>>=8)
  406. pSidAuth->Value[i] = (UCHAR)(n & LowByteMask);
  407. }
  409. Status = STATUS_SUCCESS;
  411. LoadAuthEnd:
  412. return Status;
  413. }
  415. //+--------------------------------------------------------------------------
  416. //
  417. // Function: GetIntfromUnicodeString
  418. //
  419. // Synopsis: converts a unicode string into an integer
  420. //
  421. // Arguments: [in] szNum : the number represented as a unicode string
  422. // [in] Base : the base in which the resultant int is desired
  423. // [out] pValue : pointer to the integer representation of the
  424. // number
  425. //
  426. // Returns: STATUS_SUCCESS if successful.
  427. // or some other error code
  428. //
  429. // History: 9/29/1998 RahulTh created
  430. //
  431. //---------------------------------------------------------------------------
  432. NTSTATUS GetIntFromUnicodeString (const WCHAR* szNum, ULONG Base, PULONG pValue)
  433. {
  434. WCHAR * pwszNumStr = 0;
  435. UNICODE_STRING StringW;
  436. size_t len;
  437. NTSTATUS Status;
  439. len = lstrlen (szNum);
  440. pwszNumStr = (WCHAR *)LocalAlloc( LPTR, (len + 1) * sizeof(WCHAR));
  442. if (!pwszNumStr)
  443. {
  444. Status = STATUS_NO_MEMORY;
  445. goto GetNumEnd;
  446. }
  448. lstrcpy (pwszNumStr, szNum);
  449. StringW.Length = len * sizeof(WCHAR);
  450. StringW.MaximumLength = StringW.Length + sizeof (WCHAR);
  451. StringW.Buffer = pwszNumStr;
  453. Status = RtlUnicodeStringToInteger (&StringW, Base, pValue);
  455. GetNumEnd:
  456. if (pwszNumStr)
  457. LocalFree( pwszNumStr );
  458. return Status;
  459. }
  462. //*************************************************************
  463. //
  464. // GetDomainSidFromRid()
  465. //
  466. // Purpose: Given one domain sid, constructs another domain sid
  467. // by replacing the tail by the passed in Rid
  468. //
  469. // Parameters: pSid - Given Domain Sid
  470. // dwRid - Domain Rid
  471. // ppNewSid - Pointer to the New Sid
  472. //
  473. // Return: ERROR_SUCCESS on Success
  474. // FALSE if an error occurs
  475. //
  476. // Comments:
  477. // Sid returned must be freed using FreeSid.
  478. //
  479. // History: Date Author Comment
  480. // 6/6/95 ericflo Created
  481. //
  482. //*************************************************************
  484. NTSTATUS GetDomainSidFromDomainRid(PSID pSid, DWORD dwRid, PSID *ppNewSid)
  485. {
  487. PSID_IDENTIFIER_AUTHORITY pIdentifierAuthority;
  488. // pointer to identifier authority
  489. BYTE nSubAuthorityCount, i; // count of subauthorities
  490. DWORD dwSubAuthority[8]={0,0,0,0,0,0,0,0}; // subauthority
  491. PUCHAR pSubAuthCount;
  492. DWORD *pdwSubAuth;
  493. NTSTATUS Status=ERROR_SUCCESS;
  495. DmAssert(IsValidSid(pSid));
  497. //
  498. // Will fail only if passed in sid is invalid and in the case
  499. // the returned value is undefined.
  500. //
  502. pIdentifierAuthority = RtlIdentifierAuthoritySid(pSid);
  504. //
  505. // get the count of subauthorities
  506. //
  508. pSubAuthCount = RtlSubAuthorityCountSid (pSid);
  510. if (!pSubAuthCount) {
  511. Status = ERROR_INVALID_SID;
  512. goto Exit;
  513. }
  515. nSubAuthorityCount = *pSubAuthCount;
  517. //
  518. // get each of the subauthorities
  519. //
  521. for (i = 0; i < (nSubAuthorityCount-1); i++) {
  522. pdwSubAuth = RtlSubAuthoritySid(pSid, i);
  524. if (!pdwSubAuth) {
  525. Status = ERROR_INVALID_SID;
  526. goto Exit;
  527. }
  529. dwSubAuthority[i] = *pdwSubAuth;
  530. }
  532. dwSubAuthority[i] = dwRid;
  534. //
  535. // Allocate a sid with these..
  536. //
  538. Status = RtlAllocateAndInitializeSid(
  539. pIdentifierAuthority,
  540. nSubAuthorityCount,
  541. dwSubAuthority[0],
  542. dwSubAuthority[1],
  543. dwSubAuthority[2],
  544. dwSubAuthority[3],
  545. dwSubAuthority[4],
  546. dwSubAuthority[5],
  547. dwSubAuthority[6],
  548. dwSubAuthority[7],
  549. ppNewSid
  550. );
  552. Exit:
  554. // Sid, All Done
  555. return Status;
  556. }