archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/ras/autodial/rasauto/imperson.c

1157 lines
26 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright(c) 1995 Microsoft Corporation
  5. MODULE NAME
  6. impersn.c
  8. ABSTRACT
  9. Impersonation routines for the automatic connection service.
  11. AUTHOR
  12. Anthony Discolo (adiscolo) 04-Aug-1995
  14. REVISION HISTORY
  16. --*/
  18. #define UNICODE
  19. #define _UNICODE
  21. #include <nt.h>
  22. #include <ntrtl.h>
  23. #include <nturtl.h>
  25. #include <stdlib.h>
  26. #include <windows.h>
  27. #include <stdio.h>
  28. #include <npapi.h>
  29. #include <acd.h>
  30. #include <debug.h>
  32. #include "reg.h"
  33. #include "misc.h"
  34. #include "process.h"
  35. #include "imperson.h"
  36. #include "mprlog.h"
  37. #include "rtutils.h"
  39. extern HANDLE g_hLogEvent;
  41. DWORD
  42. LoadGroupMemberships();
  44. //
  45. // The static information we
  46. // need to impersonate the currently
  47. // logged-in user.
  48. //
  49. IMPERSONATION_INFO ImpersonationInfoG;
  51. //
  52. // TRUE if ImpersonationInfoG has been initialized
  53. //
  55. BOOLEAN ImpersonationInfoInitializedG = FALSE;
  57. //
  58. // Security attributes and descriptor
  59. // necessary for creating shareable handles.
  60. //
  61. SECURITY_ATTRIBUTES SecurityAttributeG;
  62. SECURITY_DESCRIPTOR SecurityDescriptorG;
  64. HKEY hkeyCUG = NULL;
  66. #ifdef notdef
  68. BOOLEAN
  69. InteractiveSession()
  71. /*++
  73. DESCRIPTION
  74. Determine whether the active process is owned by the
  75. currently logged-in user.
  77. ARGUMENTS
  78. None.
  80. RETURNS
  81. TRUE if it is, FALSE if it isn't.
  83. --*/
  85. {
  86. HANDLE hToken;
  87. BOOLEAN bStatus;
  88. ULONG ulInfoLength;
  89. PTOKEN_GROUPS pTokenGroupList;
  90. PTOKEN_USER pTokenUser;
  91. ULONG ulGroupIndex;
  92. BOOLEAN bFoundInteractive = FALSE;
  93. PSID InteractiveSid;
  94. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  95. static BOOLEAN fIsInteractiveSession = 0xffff;
  97. #if 0
  98. //
  99. // Return the previous value of this function
  100. // if we're called multiple times?! Doesn't
  101. // GetCurrentProcess() return different values?
  102. //
  103. if (fIsInteractiveSession != 0xffff) {
  104. return fIsInteractiveSession;
  105. }
  106. #endif
  108. bStatus = AllocateAndInitializeSid(
  109. &NtAuthority,
  110. 1,
  111. SECURITY_INTERACTIVE_RID,
  112. 0, 0, 0, 0, 0, 0, 0,
  113. &InteractiveSid);
  114. if (!bStatus) {
  115. RASAUTO_TRACE("InteractiveSession: AllocateAndInitializeSid failed");
  116. return (fIsInteractiveSession = FALSE);
  117. }
  118. if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken)) {
  119. RASAUTO_TRACE("InteractiveSession: OpenProcessToken failed");
  120. FreeSid(InteractiveSid);
  121. return (fIsInteractiveSession = FALSE);
  122. }
  123. //
  124. // Get a list of groups in the token.
  125. //
  126. GetTokenInformation(
  127. hToken,
  128. TokenGroups,
  129. NULL,
  130. 0,
  131. &ulInfoLength);
  132. pTokenGroupList = (PTOKEN_GROUPS)LocalAlloc(LPTR, ulInfoLength);
  133. if (pTokenGroupList == NULL) {
  134. RASAUTO_TRACE("InteractiveSession: LocalAlloc failed");
  135. FreeSid(InteractiveSid);
  136. return (fIsInteractiveSession = FALSE);
  137. }
  138. bStatus = GetTokenInformation(
  139. hToken,
  140. TokenGroups,
  141. pTokenGroupList,
  142. ulInfoLength,
  143. &ulInfoLength);
  144. if (!bStatus) {
  145. RASAUTO_TRACE("InteractiveSession: GetTokenInformation failed");
  146. FreeSid(InteractiveSid);
  147. LocalFree(pTokenGroupList);
  148. return (fIsInteractiveSession = FALSE);
  149. }
  150. //
  151. // Search group list for admin alias. If we
  152. // find a match, it most certainly is an
  153. // interactive process.
  154. //
  155. bFoundInteractive = FALSE;
  156. for (ulGroupIndex=0; ulGroupIndex < pTokenGroupList->GroupCount;
  157. ulGroupIndex++)
  158. {
  159. if (EqualSid(
  160. pTokenGroupList->Groups[ulGroupIndex].Sid,
  161. InteractiveSid))
  162. {
  163. bFoundInteractive = TRUE;
  164. break;
  165. }
  166. }
  168. if (!bFoundInteractive) {
  169. //
  170. // If we haven't found a match,
  171. // query and check the user ID.
  172. //
  173. GetTokenInformation(
  174. hToken,
  175. TokenUser,
  176. NULL,
  177. 0,
  178. &ulInfoLength);
  179. pTokenUser = LocalAlloc(LPTR, ulInfoLength);
  180. if (pTokenUser == NULL) {
  181. RASAUTO_TRACE("InteractiveSession: LocalAlloc failed");
  182. FreeSid(InteractiveSid);
  183. LocalFree(pTokenGroupList);
  184. return (fIsInteractiveSession = FALSE);
  185. }
  186. bStatus = GetTokenInformation(
  187. hToken,
  188. TokenUser,
  189. pTokenUser,
  190. ulInfoLength,
  191. &ulInfoLength);
  192. if (!bStatus) {
  193. RASAUTO_TRACE("InteractiveSession: GetTokenInformation failed");
  194. FreeSid(InteractiveSid);
  195. LocalFree(pTokenGroupList);
  196. LocalFree(pTokenUser);
  197. return (fIsInteractiveSession = FALSE);
  198. }
  199. if (EqualSid(pTokenUser->User.Sid, InteractiveSid))
  200. fIsInteractiveSession = TRUE;
  201. LocalFree(pTokenUser);
  202. }
  203. FreeSid(InteractiveSid);
  204. LocalFree(pTokenGroupList);
  206. return (fIsInteractiveSession = bFoundInteractive);
  207. }
  208. #endif
  212. BOOLEAN
  213. SetProcessImpersonationToken(
  214. HANDLE hProcess
  215. )
  216. {
  217. NTSTATUS status;
  218. HANDLE hThread,
  219. hToken = NULL;
  222. //
  223. // Open the impersonation token for the
  224. // process we want to impersonate.
  225. //
  226. if (ImpersonationInfoG.hTokenImpersonation == NULL)
  227. {
  228. if (!OpenProcessToken(
  229. hProcess,
  230. TOKEN_ALL_ACCESS,
  231. &hToken))
  232. {
  233. RASAUTO_TRACE1(
  234. "SetProcessImpersonationToken: OpenProcessToken failed (dwErr=%d)",
  235. GetLastError());
  237. return FALSE;
  238. }
  240. //
  241. // Duplicate the impersonation token.
  242. //
  243. if(!DuplicateToken(
  244. hToken,
  245. TokenImpersonation,
  246. &ImpersonationInfoG.hTokenImpersonation))
  247. {
  248. RASAUTO_TRACE1(
  249. "SetProcessImpersonationToken: NtSetInformationThread failed (error=%d)",
  250. GetLastError());
  252. return FALSE;
  253. }
  254. }
  256. //
  257. // Set the impersonation token on the current
  258. // thread. We are now running in the same
  259. // security context as the supplied process.
  260. //
  261. hThread = NtCurrentThread();
  262. status = NtSetInformationThread(
  263. hThread,
  264. ThreadImpersonationToken,
  265. (PVOID)&ImpersonationInfoG.hTokenImpersonation,
  266. sizeof (ImpersonationInfoG.hTokenImpersonation));
  268. if (status != STATUS_SUCCESS)
  269. {
  270. RASAUTO_TRACE1(
  271. "SetProcessImpersonationToken: NtSetInformationThread failed (error=%d)",
  272. GetLastError());
  273. }
  275. if(NULL != hToken)
  276. {
  277. CloseHandle(hToken);
  278. }
  280. return (status == STATUS_SUCCESS);
  281. } // SetProcessImpersonationToken
  285. VOID
  286. ClearImpersonationToken()
  287. {
  288. //
  289. // Clear the impersonation token on the current
  290. // thread. We are now running in LocalSystem
  291. // security context.
  292. //
  293. if (!SetThreadToken(NULL, NULL)) {
  294. DWORD retcode = GetLastError();
  296. RASAUTO_TRACE1(
  297. "ClearImpersonationToken: SetThreadToken failed (error=%d)",
  298. retcode);
  300. //
  301. // Event log that thread failed to revert.
  302. //
  303. RouterLogWarning(
  304. g_hLogEvent,
  305. ROUTERLOG_CANNOT_REVERT_IMPERSONATION,
  306. 0, NULL, retcode) ;
  307. }
  308. } // ClearImpersonationToken
  312. BOOLEAN
  313. SetPrivilege(
  314. HANDLE hToken,
  315. LPCTSTR Privilege,
  316. BOOLEAN fEnable
  317. )
  318. {
  319. TOKEN_PRIVILEGES tp;
  320. LUID luid;
  321. TOKEN_PRIVILEGES tpPrevious;
  322. DWORD cbPrevious = sizeof(TOKEN_PRIVILEGES);
  324. if (!LookupPrivilegeValue(NULL, Privilege, &luid))
  325. return FALSE;
  327. //
  328. // First pass. Get current privilege setting.
  329. //
  330. tp.PrivilegeCount = 1;
  331. tp.Privileges[0].Luid = luid;
  332. tp.Privileges[0].Attributes = 0;
  334. AdjustTokenPrivileges(
  335. hToken,
  336. FALSE,
  337. &tp,
  338. sizeof(TOKEN_PRIVILEGES),
  339. &tpPrevious,
  340. &cbPrevious);
  342. if (GetLastError() != ERROR_SUCCESS)
  343. return FALSE;
  345. //
  346. // Second pass. Set privilege based on previous setting
  347. //
  348. tpPrevious.PrivilegeCount = 1;
  349. tpPrevious.Privileges[0].Luid = luid;
  351. if (fEnable)
  352. tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED);
  353. else {
  354. tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED &
  355. tpPrevious.Privileges[0].Attributes);
  356. }
  358. AdjustTokenPrivileges(
  359. hToken,
  360. FALSE,
  361. &tpPrevious,
  362. cbPrevious,
  363. NULL,
  364. NULL);
  366. if (GetLastError() != ERROR_SUCCESS)
  367. return FALSE;
  369. return TRUE;
  370. } // SetPrivilege
  374. BOOLEAN
  375. GetCurrentlyLoggedOnUser(
  376. HANDLE *phProcess
  377. )
  378. {
  379. BOOLEAN fSuccess = FALSE;
  380. HKEY hkey;
  381. DWORD dwErr, dwType;
  382. DWORD dwDisp;
  383. WCHAR *pszShell = NULL, **pszShellArray = NULL;
  384. PSYSTEM_PROCESS_INFORMATION pSystemInfo, pProcessInfo;
  385. PWCHAR psz, pszStart;
  386. DWORD i, dwSize, dwcCommands;
  387. NTSTATUS status;
  388. HANDLE hProcess = NULL;
  389. DWORD dwPid = 0;
  391. //
  392. // Get the shell process name. We will look for this
  393. // to find out who the currently logged-on user is.
  394. // Create a unicode string that describes this name.
  395. //
  396. if (RegCreateKeyEx(
  397. HKEY_LOCAL_MACHINE,
  398. SHELL_REGKEY,
  399. 0,
  400. NULL,
  401. REG_OPTION_NON_VOLATILE,
  402. KEY_ALL_ACCESS,
  403. NULL,
  404. &hkey,
  405. &dwDisp) == ERROR_SUCCESS)
  406. {
  407. dwSize = 0;
  408. if (RegQueryValueEx(
  409. hkey,
  410. SHELL_REGVAL,
  411. NULL,
  412. &dwType,
  413. NULL,
  414. &dwSize) == ERROR_SUCCESS)
  415. {
  416. pszShell = (PWCHAR)LocalAlloc(LPTR, dwSize + sizeof (WCHAR));
  417. if (pszShell == NULL) {
  418. RegCloseKey(hkey);
  419. return FALSE;
  420. }
  421. dwErr = RegQueryValueEx(
  422. hkey,
  423. SHELL_REGVAL,
  424. NULL,
  425. &dwType,
  426. (LPBYTE)pszShell,
  427. &dwSize);
  428. RegCloseKey(hkey);
  429. if (dwErr != ERROR_SUCCESS || dwType != REG_SZ) {
  430. LocalFree(pszShell);
  431. pszShell = NULL;
  432. }
  433. }
  434. }
  435. //
  436. // If no shell was found, use DEFAULT_SHELL.
  437. //
  438. if (pszShell == NULL) {
  439. pszShell = (PWCHAR)LocalAlloc(
  440. LPTR,
  441. (lstrlen(DEFAULT_SHELL) + 1) * sizeof (WCHAR));
  442. if (pszShell == NULL)
  443. return FALSE;
  444. lstrcpy(pszShell, DEFAULT_SHELL);
  445. }
  446. RASAUTO_TRACE1("ImpersonateCurrentlyLoggedInUser: pszShell is %S", pszShell);
  447. //
  448. // This string can be a comma separated list,
  449. // so we need to parse it into a list of commands.
  450. //
  451. dwcCommands = 1;
  452. for (psz = pszShell; *psz != L'\0'; psz++) {
  453. if (*psz == L',')
  454. dwcCommands++;
  455. }
  456. //
  457. // Allocate the list of string pointers.
  458. //
  459. pszShellArray = LocalAlloc(LPTR, sizeof (PWCHAR) * dwcCommands);
  460. if (pszShellArray == NULL) {
  461. LocalFree(pszShell);
  462. return FALSE;
  463. }
  464. //
  465. // Ignore any arguments from the command line.
  466. //
  467. dwcCommands = 0;
  468. psz = pszShell;
  469. pszStart = NULL;
  470. for (;;) {
  471. if (*psz == L'\0') {
  472. if (pszStart != NULL)
  473. pszShellArray[dwcCommands++] = pszStart;
  474. break;
  475. }
  476. else if (*psz == L',') {
  477. if (pszStart != NULL)
  478. pszShellArray[dwcCommands++] = pszStart;
  479. *psz = L'\0';
  480. pszStart = NULL;
  481. }
  482. else if (*psz == L' ') {
  483. if (pszStart != NULL)
  484. *psz = L'\0';
  485. }
  486. else {
  487. if (pszStart == NULL)
  488. pszStart = psz;
  489. }
  490. psz++;
  491. }
  492. for (i = 0; i < dwcCommands; i++) {
  493. RASAUTO_TRACE2(
  494. "ImpersonateCurrentlyLoggedInUser: pszShellArray[%d] is %S",
  495. i,
  496. pszShellArray[i]);
  497. }
  498. //
  499. // Get the process list.
  500. //
  501. pSystemInfo = GetSystemProcessInfo();
  503. if(NULL == pSystemInfo)
  504. {
  505. LocalFree(pszShell);
  506. LocalFree(pszShellArray);
  507. return FALSE;
  508. }
  510. while(TRUE)
  511. {
  512. //
  513. // See if any of the processes are running.
  514. //
  515. pProcessInfo =
  516. FindProcessByNameList(
  517. pSystemInfo,
  518. pszShellArray,
  519. dwcCommands,
  520. dwPid,
  521. ImpersonationInfoG.fSessionInitialized,
  522. ImpersonationInfoG.dwCurSessionId);
  523. //
  524. // Open the process token if we've found a match.
  525. //
  526. if (pProcessInfo != NULL)
  527. {
  528. HANDLE hToken;
  530. //
  531. // Open the process.
  532. //
  533. hProcess = OpenProcess(
  534. PROCESS_ALL_ACCESS,
  535. FALSE,
  536. PtrToUlong(pProcessInfo->UniqueProcessId));
  537. if (hProcess == NULL)
  538. {
  539. RASAUTO_TRACE2(
  540. "ImpersonateCurrentlyLoggedInUser: OpenProcess(%d) failed (dwErr=%d)",
  541. PtrToUlong(pProcessInfo->UniqueProcessId),
  542. GetLastError());
  544. dwPid = PtrToUlong(pProcessInfo->UniqueProcessId);
  545. }
  546. else
  547. {
  549. fSuccess = TRUE;
  550. break;
  551. }
  552. }
  553. else
  554. {
  555. break;
  556. }
  557. }
  559. #ifdef notdef
  560. done:
  561. #endif
  562. //
  563. // Free resources.
  564. //
  565. FreeSystemProcessInfo(pSystemInfo);
  566. if (pszShell != NULL)
  567. LocalFree(pszShell);
  568. if (pszShellArray != NULL)
  569. LocalFree(pszShellArray);
  570. //
  571. // Return process handle.
  572. //
  573. *phProcess = hProcess;
  575. return fSuccess;
  576. } // GetCurrentlyLoggedOnUser
  578. DWORD
  579. SetCurrentLoginSession(
  580. IN DWORD dwSessionId)
  581. {
  582. RASAUTO_TRACE1("SetCurrentLoginSession %d", dwSessionId);
  584. EnterCriticalSection(&ImpersonationInfoG.csLock);
  586. ImpersonationInfoG.dwCurSessionId = dwSessionId;
  587. ImpersonationInfoG.fSessionInitialized = TRUE;
  589. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  591. return NO_ERROR;
  592. }
  594. HANDLE
  595. RefreshImpersonation(
  596. HANDLE hProcess
  597. )
  598. {
  599. NTSTATUS status;
  601. EnterCriticalSection(&ImpersonationInfoG.csLock);
  602. //
  603. // If the process still exists,
  604. // we can return.
  605. //
  606. if (ImpersonationInfoG.hProcess != NULL &&
  607. hProcess == ImpersonationInfoG.hProcess)
  608. {
  609. RASAUTO_TRACE1("RefreshImpersonation: hProcess=0x%x no change", hProcess);
  610. goto done;
  611. }
  612. //
  613. // Otherwise recalcuate the current information.
  614. // We have to clear the previous impersonation token,
  615. // if any.
  616. //
  617. if (hProcess != NULL)
  618. ClearImpersonationToken();
  619. if (ImpersonationInfoG.hProcess == NULL) {
  620. RASAUTO_TRACE("RefreshImpersonation: recalcuating token");
  621. if (!GetCurrentlyLoggedOnUser(&ImpersonationInfoG.hProcess)) {
  622. RASAUTO_TRACE("RefreshImpersonation: GetCurrentlyLoggedOnUser failed");
  623. goto done;
  624. }
  625. RASAUTO_TRACE("RefreshImpersonation: new user logged in");
  626. }
  627. //
  628. // Impersonate the currently logged-in user.
  629. //
  630. if (!SetProcessImpersonationToken(ImpersonationInfoG.hProcess))
  631. {
  632. RASAUTO_TRACE(
  633. "RefreshImpersonation: SetProcessImpersonationToken failed");
  634. goto done;
  635. }
  636. #ifdef notdef // imperson
  637. //
  638. // Reset HKEY_CURRENT_USER to get the
  639. // correct value with the new impersonation
  640. // token.
  641. //
  642. RegCloseKey(HKEY_CURRENT_USER);
  643. #endif
  644. RASAUTO_TRACE1(
  645. "RefreshImpersonation: new hProcess=0x%x",
  646. ImpersonationInfoG.hProcess);
  647. TraceCurrentUser();
  649. //
  650. // Open the currently logged on users hive and store it in a global
  651. //
  652. if(NULL != hkeyCUG)
  653. {
  654. NtClose(hkeyCUG);
  655. hkeyCUG = NULL;
  656. }
  658. if(STATUS_SUCCESS != RtlOpenCurrentUser(KEY_ALL_ACCESS, &hkeyCUG))
  659. {
  660. RASAUTO_TRACE("Failed to open HKCU for the current user");
  661. }
  663. done:
  664. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  666. return ImpersonationInfoG.hProcess;
  667. } // RefreshImpersonation
  671. VOID
  672. RevertImpersonation()
  674. /*++
  676. DESCRIPTION
  677. Close all open handles associated with the
  678. logged-in user who has just logged out.
  680. ARGUMENTS
  681. None.
  683. RETURN VALUE
  684. None.
  686. --*/
  688. {
  689. EnterCriticalSection(&ImpersonationInfoG.csLock);
  691. if(ImpersonationInfoG.hToken != NULL)
  692. {
  693. CloseHandle(ImpersonationInfoG.hToken);
  694. ImpersonationInfoG.hToken = NULL;
  695. }
  697. if(ImpersonationInfoG.hTokenImpersonation != NULL)
  698. {
  699. CloseHandle(ImpersonationInfoG.hTokenImpersonation);
  700. ImpersonationInfoG.hTokenImpersonation = NULL;
  701. }
  703. if(ImpersonationInfoG.hProcess != NULL)
  704. {
  705. CloseHandle(ImpersonationInfoG.hProcess);
  706. ImpersonationInfoG.hProcess = NULL;
  707. }
  709. ImpersonationInfoG.fGroupsLoaded = FALSE;
  711. if(NULL != hkeyCUG)
  712. {
  713. NtClose(hkeyCUG);
  714. hkeyCUG = NULL;
  715. }
  717. //
  718. // Clear the thread's impersonation
  719. // token, or it won't be able to open
  720. // another user's process the next
  721. // time around.
  722. //
  723. ClearImpersonationToken();
  724. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  725. } // RevertImpersonation
  729. DWORD
  730. InitSecurityDescriptor(
  731. IN PSECURITY_DESCRIPTOR pSecurityDescriptor
  732. )
  734. /*++
  736. DESCRIPTION
  737. Initialize a security descriptor allowing administrator
  738. access for the sharing of handles between rasman.dll.
  740. This code courtesy of Gurdeep. You need to ask him
  741. exactly what it does.
  743. ARGUMENTS
  744. pSecurityDescriptor: a pointer to the security descriptor
  745. to be initialized.
  747. RETURN VALUE
  748. Win32 error code.
  750. --*/
  752. {
  753. DWORD dwErr = 0;
  754. DWORD cbDaclSize;
  755. PULONG pSubAuthority;
  756. PSID pObjSid = NULL;
  757. PACL pDacl = NULL;
  758. SID_IDENTIFIER_AUTHORITY sidIdentifierWorldAuth =
  759. SECURITY_WORLD_SID_AUTHORITY;
  761. DWORD dwAcls;
  763. //
  764. // Set up the SID for the adminstrators that
  765. // will be allowed access. This SID will have
  766. // 1 sub-authorities: SECURITY_BUILTIN_DOMAIN_RID.
  767. //
  768. pObjSid = (PSID)LocalAlloc(LPTR, GetSidLengthRequired(1));
  769. if (pObjSid == NULL) {
  770. RASAUTO_TRACE("InitSecurityDescriptor: LocalAlloc failed");
  771. return GetLastError();
  772. }
  773. if (!InitializeSid(pObjSid, &sidIdentifierWorldAuth, 1)) {
  774. dwErr = GetLastError();
  775. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeSid failed (dwErr=0x%x)", dwErr);
  776. goto done;
  777. }
  778. //
  779. // Set the sub-authorities.
  780. //
  781. pSubAuthority = GetSidSubAuthority(pObjSid, 0);
  782. *pSubAuthority = SECURITY_WORLD_RID;
  783. //
  784. // Set up the DACL that will allow
  785. // all processes with the above SID all
  786. // access. It should be large enough to
  787. // hold all ACEs.
  788. //
  789. cbDaclSize = sizeof(ACCESS_ALLOWED_ACE) +
  790. GetLengthSid(pObjSid) +
  791. sizeof (ACL);
  792. pDacl = (PACL)LocalAlloc(LPTR, cbDaclSize);
  793. if (pDacl == NULL ) {
  794. RASAUTO_TRACE("InitSecurityDescriptor: LocalAlloc failed");
  795. dwErr = GetLastError();
  796. goto done;
  797. }
  798. if (!InitializeAcl(pDacl, cbDaclSize, ACL_REVISION2)) {
  799. dwErr = GetLastError();
  800. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeAcl failed (dwErr=0x%x)", dwErr);
  801. goto done;
  802. }
  804. dwAcls = SPECIFIC_RIGHTS_ALL | STANDARD_RIGHTS_ALL;
  806. dwAcls &= ~(WRITE_DAC | WRITE_OWNER);
  808. //
  809. // Add the ACE to the DACL
  810. //
  811. if (!AddAccessAllowedAce(
  812. pDacl,
  813. ACL_REVISION2,
  814. dwAcls,
  815. pObjSid))
  816. {
  817. dwErr = GetLastError();
  818. RASAUTO_TRACE1("InitSecurityDescriptor: AddAccessAllowedAce failed (dwErr=0x%x)", dwErr);
  819. goto done;
  820. }
  821. //
  822. // Create the security descriptor an put
  823. // the DACL in it.
  824. //
  825. if (!InitializeSecurityDescriptor(pSecurityDescriptor, 1)) {
  826. dwErr = GetLastError();
  827. RASAUTO_TRACE1("InitSecurityDescriptor: InitializeSecurityDescriptor failed (dwErr=0x%x)", dwErr);
  828. goto done;
  829. }
  830. if (!SetSecurityDescriptorDacl(
  831. pSecurityDescriptor,
  832. TRUE,
  833. pDacl,
  834. FALSE))
  835. {
  836. dwErr = GetLastError();
  837. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorDacl failed (dwErr=0x%x)", dwErr);
  838. goto done;
  839. }
  840. //
  841. // Set owner for the descriptor.
  842. //
  843. if (!SetSecurityDescriptorOwner(pSecurityDescriptor, NULL, FALSE)) {
  844. dwErr = GetLastError();
  845. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorOwner failed (dwErr=0x%x)", dwErr);
  846. goto done;
  847. }
  848. //
  849. // Set group for the descriptor.
  850. //
  851. if (!SetSecurityDescriptorGroup(pSecurityDescriptor, NULL, FALSE)) {
  852. dwErr = GetLastError();
  853. RASAUTO_TRACE1("InitSecurityDescriptor: SetSecurityDescriptorGroup failed (dwErr=0x%x)", dwErr);
  854. goto done;
  855. }
  857. done:
  858. //
  859. // Cleanup if necessary.
  860. //
  861. if (dwErr) {
  862. if (pObjSid != NULL)
  863. LocalFree(pObjSid);
  864. if (pDacl != NULL)
  865. LocalFree(pDacl);
  866. }
  867. return dwErr;
  868. }
  872. DWORD
  873. InitSecurityAttribute()
  875. /*++
  877. DESCRIPTION
  878. Initializes the global security attribute used in
  879. creating shareable handles.
  881. This code courtesy of Gurdeep. You need to ask him
  882. exactly what it does.
  884. ARGUMENTS
  885. None.
  887. RETURN VALUE
  888. Win32 error code.
  890. --*/
  892. {
  893. DWORD dwErr;
  895. //
  896. // Initialize the security descriptor.
  897. //
  898. dwErr = InitSecurityDescriptor(&SecurityDescriptorG);
  899. if (dwErr)
  900. return dwErr;
  901. //
  902. // Initialize the security attributes.
  903. //
  904. SecurityAttributeG.nLength = sizeof(SECURITY_ATTRIBUTES);
  905. SecurityAttributeG.lpSecurityDescriptor = &SecurityDescriptorG;
  906. SecurityAttributeG.bInheritHandle = TRUE;
  908. return 0;
  909. }
  913. VOID
  914. TraceCurrentUser(VOID)
  915. {
  916. //WCHAR szUserName[512];
  917. //DWORD dwSize = sizeof (szUserName) - 1;
  919. //GetUserName(szUserName, &dwSize);
  920. RASAUTO_TRACE1(
  921. "TraceCurrentUser: impersonating Current User %d",
  922. ImpersonationInfoG.dwCurSessionId);
  923. } // TraceCurrentUser
  925. DWORD
  926. DwGetHkcu()
  927. {
  928. DWORD dwErr = ERROR_SUCCESS;
  930. if(NULL == hkeyCUG)
  931. {
  932. dwErr = RtlOpenCurrentUser(
  933. KEY_ALL_ACCESS,
  934. &hkeyCUG);
  936. if(ERROR_SUCCESS != dwErr)
  937. {
  938. RASAUTO_TRACE1("DwGetHhcu: failed to open current user. 0x%x",
  939. dwErr);
  941. goto done;
  942. }
  943. }
  945. done:
  946. return dwErr;
  947. }
  950. DWORD
  951. InitializeImpersonation()
  953. /*++
  955. DESCRIPTION
  956. Initializes the global structures used for impersonation
  958. ARGUMENTS
  959. None
  961. RETURN VALUE
  962. Win32 error code.
  964. --*/
  966. {
  967. DWORD dwError = ERROR_SUCCESS;
  969. if (!ImpersonationInfoInitializedG)
  970. {
  971. ZeroMemory(&ImpersonationInfoG, sizeof(ImpersonationInfoG));
  972. InitializeCriticalSection(&ImpersonationInfoG.csLock);
  973. ImpersonationInfoInitializedG = TRUE;
  974. }
  976. return dwError;
  977. }
  980. VOID
  981. CleanupImpersonation()
  983. /*++
  985. DESCRIPTION
  986. Cleans up the global structures used for impersonation
  988. ARGUMENTS
  989. None
  991. RETURN VALUE
  992. None
  994. --*/
  996. {
  997. if (ImpersonationInfoInitializedG)
  998. {
  999. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1001. if (NULL != ImpersonationInfoG.pGuestSid)
  1002. {
  1003. FreeSid(ImpersonationInfoG.pGuestSid);
  1004. ImpersonationInfoG.pGuestSid = NULL;
  1005. }
  1007. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1008. DeleteCriticalSection(&ImpersonationInfoG.csLock);
  1009. ImpersonationInfoInitializedG = FALSE;
  1010. }
  1011. }
  1014. BOOLEAN
  1015. ImpersonatingGuest()
  1017. /*++
  1019. DESCRIPTION
  1020. Returns whether or not the user that is currently being impersonating
  1021. is a member of the local guests group
  1023. ARGUMENTS
  1024. None
  1026. RETURN VALUE
  1027. BOOLEAN -- TRUE if currently impersonating a guests, FALSE otherwise
  1029. --*/
  1031. {
  1032. BOOLEAN fIsGuest = FALSE;
  1034. ASSERT(ImpersonationInfoInitializedG);
  1036. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1038. if (ERROR_SUCCESS == LoadGroupMemberships())
  1039. {
  1040. fIsGuest = ImpersonationInfoG.fGuest;
  1041. }
  1043. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1045. return fIsGuest;
  1046. }
  1049. DWORD
  1050. LoadGroupMemberships()
  1052. /*++
  1054. DESCRIPTION
  1055. Caches the group membership information for the impersonated user.
  1057. ARGUMENTS
  1058. None
  1060. RETURN VALUE
  1061. Win32 error code.
  1063. --*/
  1065. {
  1066. DWORD dwError = ERROR_SUCCESS;
  1067. SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_NT_AUTHORITY;
  1068. BOOL fIsGuest;
  1070. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1072. do
  1073. {
  1074. if (ImpersonationInfoG.fGroupsLoaded)
  1075. {
  1076. //
  1077. // Information already loaded
  1078. //
  1080. break;
  1081. }
  1083. if (NULL == ImpersonationInfoG.hTokenImpersonation)
  1084. {
  1085. //
  1086. // There isn't an impersonated user.
  1087. //
  1089. dwError = ERROR_CAN_NOT_COMPLETE;
  1090. break;
  1091. }
  1093. if (NULL == ImpersonationInfoG.pGuestSid)
  1094. {
  1095. //
  1096. // Allocate the SID for the local guests group;
  1097. //
  1099. if (!AllocateAndInitializeSid(
  1100. &IdentifierAuthority,
  1101. 2,
  1102. SECURITY_BUILTIN_DOMAIN_RID,
  1103. DOMAIN_ALIAS_RID_GUESTS,
  1104. 0,
  1105. 0,
  1106. 0,
  1107. 0,
  1108. 0,
  1109. 0,
  1110. &ImpersonationInfoG.pGuestSid
  1111. ))
  1112. {
  1113. dwError = GetLastError();
  1114. break;
  1115. }
  1116. }
  1118. if (!CheckTokenMembership(
  1119. ImpersonationInfoG.hTokenImpersonation,
  1120. ImpersonationInfoG.pGuestSid,
  1121. &fIsGuest
  1122. ))
  1123. {
  1124. dwError = GetLastError();
  1125. break;
  1126. }
  1128. ImpersonationInfoG.fGuest = !!fIsGuest;
  1130. } while (FALSE);
  1132. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1134. return dwError;
  1135. }
  1137. VOID
  1138. LockImpersonation()
  1139. {
  1140. ASSERT(ImpersonationInfoInitializedG);
  1142. if(ImpersonationInfoInitializedG)
  1143. {
  1144. EnterCriticalSection(&ImpersonationInfoG.csLock);
  1145. }
  1146. }
  1148. VOID
  1149. UnlockImpersonation()
  1150. {
  1151. ASSERT(ImpersonationInfoInitializedG);
  1153. if(ImpersonationInfoInitializedG)
  1154. {
  1155. LeaveCriticalSection(&ImpersonationInfoG.csLock);
  1156. }
  1157. }