archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/services/hdsrv/lib/users.cpp

512 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  5. #include <windows.h>
  7. #include <lmaccess.h>
  8. #include <lmapibuf.h>
  10. #include <winsta.h>
  11. #include <dsgetdc.h>
  13. #include <userenv.h>
  14. #include <userenvp.h>
  16. extern "C"
  17. {
  18. #include <syslib.h>
  19. }
  21. #ifdef ASSERT
  22. #undef ASSERT
  23. #endif
  25. #include "users.h"
  27. #include "sfstr.h"
  28. #include "str.h"
  29. #include "mischlpr.h"
  31. #include "dbg.h"
  32. #include "tfids.h"
  34. #define ARRAYSIZE(a) (sizeof((a))/sizeof((a)[0]))
  36. HRESULT _GetUserHKCU(HANDLE hThreadToken, LPCWSTR pszUserName, HKEY* phkey)
  37. {
  38. HRESULT hr;
  39. PROFILEINFO profileinfo = {0};
  41. *phkey = NULL;
  43. profileinfo.dwSize = sizeof(profileinfo);
  44. profileinfo.dwFlags = PI_NOUI | PI_LITELOAD;
  45. profileinfo.lpUserName = (LPWSTR)pszUserName;
  47. if (LoadUserProfile(hThreadToken, &profileinfo))
  48. {
  49. *phkey = (HKEY)(profileinfo.hProfile);
  50. hr = S_OK;
  52. TRACE(TF_USERS, TEXT("Loaded user profile"));
  53. }
  54. else
  55. {
  56. hr = S_FALSE;
  58. TRACE(TF_USERS,
  59. TEXT("FAILED to load user profile: GLE = 0x%08X"),
  60. GetLastError());
  61. }
  63. return hr;
  64. }
  66. HRESULT _GetThreadTokenAndUserName(HANDLE* phThreadToken,
  67. LPWSTR pszUserName, DWORD cchUserName)
  68. {
  69. HRESULT hr = E_FAIL;
  71. if (OpenThreadToken(GetCurrentThread(),
  72. TOKEN_QUERY | TOKEN_DUPLICATE | TOKEN_IMPERSONATE,
  73. TRUE, phThreadToken))
  74. {
  75. #ifdef DEBUG
  76. // For information only
  77. DWORD dwImp = 0;
  78. DWORD dwBytesReturned;
  80. if (GetTokenInformation(*phThreadToken, TokenImpersonationLevel,
  81. &dwImp, sizeof(DWORD), &dwBytesReturned))
  82. {
  83. switch (dwImp)
  84. {
  85. case SecurityAnonymous:
  86. TRACE(TF_USERS, TEXT("SecurityAnonymous"));
  87. break;
  89. case SecurityIdentification:
  90. TRACE(TF_USERS, TEXT("SecurityIdentification"));
  91. break;
  93. case SecurityImpersonation:
  94. TRACE(TF_USERS, TEXT("SecurityImpersonation"));
  95. break;
  97. case SecurityDelegation:
  98. TRACE(TF_USERS, TEXT("SecurityDelegation"));
  99. break;
  101. default:
  102. TRACE(TF_USERS, TEXT("Error. Unable to determine impersonation level"));
  103. break;
  104. }
  105. }
  106. else
  107. {
  108. TRACE(TF_USERS, TEXT("Unable to read impersonation level"));
  109. }
  110. #endif
  111. if (GetUserName(pszUserName, &cchUserName))
  112. {
  113. TRACE(TF_USERS, TEXT("UserName: %s"), pszUserName);
  114. hr = S_OK;
  115. }
  116. else
  117. {
  118. TRACE(TF_USERS, TEXT("Failed to get username"));
  119. }
  120. }
  121. else
  122. {
  123. TRACE(TF_USERS, TEXT("Unable to read thread token (%d)"),
  124. GetLastError());
  125. }
  127. return hr;
  128. }
  130. HRESULT _GetCurrentUserHKCU(HANDLE* phThreadToken, HKEY* phkey)
  131. {
  132. HRESULT hr = E_INVALIDARG;
  134. if (phkey && phThreadToken)
  135. {
  136. CImpersonateConsoleSessionUser icsu;
  138. hr = icsu.Impersonate();
  140. if (SUCCEEDED(hr) && (S_FALSE != hr))
  141. {
  142. WCHAR szUserName[UNLEN + 1];
  144. hr = _GetThreadTokenAndUserName(phThreadToken,
  145. szUserName, ARRAYSIZE(szUserName));
  147. icsu.RevertToSelf();
  149. if (SUCCEEDED(hr) && (S_FALSE != hr))
  150. {
  151. hr = _GetUserHKCU(*phThreadToken, szUserName, phkey);
  152. }
  153. }
  154. else
  155. {
  156. TRACE(TF_USERS, TEXT("WinStationQueryInformation FAILED"));
  157. }
  158. }
  160. if (FAILED(hr) || (S_FALSE == hr))
  161. {
  162. TRACE(TF_USERS, TEXT("_GetCurrentUserHKCU FAILED or S_FALSE'D: 0x%08X"), hr);
  163. }
  164. else
  165. {
  166. TRACE(TF_USERS, TEXT("_GetCurrentUserHKCU SUCCEEDED"));
  167. }
  169. return hr;
  170. }
  172. HRESULT _CloseCurrentUserHKCU(HANDLE hThreadToken, HKEY hkey)
  173. {
  174. UnloadUserProfile(hThreadToken, hkey);
  176. CloseHandle(hThreadToken);
  178. return S_OK;
  179. }
  181. HRESULT _CoGetCallingUserHKCU(HANDLE* phThreadToken, HKEY* phkey)
  182. {
  183. HRESULT hr = E_INVALIDARG;
  185. if (phkey && phThreadToken)
  186. {
  187. CImpersonateCOMCaller icc;
  189. // You must call this before trying to open a thread token!
  190. hr = icc.Impersonate();
  192. if (SUCCEEDED(hr) && (S_FALSE != hr))
  193. {
  194. WCHAR szUserName[UNLEN + 1];
  196. hr = _GetThreadTokenAndUserName(phThreadToken,
  197. szUserName, ARRAYSIZE(szUserName));
  199. icc.RevertToSelf();
  201. if (SUCCEEDED(hr) && (S_FALSE != hr))
  202. {
  203. hr = _GetUserHKCU(*phThreadToken, szUserName, phkey);
  204. }
  205. }
  206. else
  207. {
  208. TRACE(TF_USERS, TEXT("CoImpersonateClient failed: 0x%08X"), hr);
  209. }
  210. }
  212. if (FAILED(hr) || (S_FALSE == hr))
  213. {
  214. TRACE(TF_USERS, TEXT("_CoGetCallingUserHKCU FAILED or S_FALSE'D: 0x%08X"), hr);
  215. }
  216. else
  217. {
  218. TRACE(TF_USERS, TEXT("_CoGetCallingUserHKCU SUCCEEDED"));
  219. }
  221. return hr;
  222. }
  224. HRESULT _CoCloseCallingUserHKCU(HANDLE hThreadToken, HKEY hkey)
  225. {
  226. UnloadUserProfile(hThreadToken, hkey);
  228. CloseHandle(hThreadToken);
  230. return S_OK;
  231. }
  233. #define SESSION_MONIKER TEXT("Session:Console!clsid:")
  235. HRESULT _CoCreateInstanceInConsoleSession(REFCLSID rclsid, IUnknown* punkOuter,
  236. DWORD /*dwClsContext*/, REFIID riid, void** ppv)
  237. {
  238. IBindCtx* pbc;
  239. HRESULT hr = CreateBindCtx(0, &pbc);
  241. *ppv = NULL;
  243. if (SUCCEEDED(hr))
  244. {
  245. WCHAR szCLSID[39];
  247. hr = _StringFromGUID(&rclsid, szCLSID, ARRAYSIZE(szCLSID));
  249. if (SUCCEEDED(hr))
  250. {
  251. ULONG ulEaten;
  252. IMoniker* pmoniker;
  253. WCHAR szDisplayName[ARRAYSIZE(SESSION_MONIKER) + ARRAYSIZE(szCLSID)] =
  254. SESSION_MONIKER;
  256. // We want something like: "Session:Console!clsid:760befd0-5b0b-44d7-957e-969af35ce954"
  257. szCLSID[ARRAYSIZE(szCLSID) - 2] = 0;
  259. // Form display name string
  260. hr = SafeStrCatN(szDisplayName, szCLSID + 1, ARRAYSIZE(szDisplayName));
  262. if (SUCCEEDED(hr))
  263. {
  264. // Parse the name and get a moniker:
  265. hr = MkParseDisplayName(pbc, szDisplayName, &ulEaten, &pmoniker);
  267. if (SUCCEEDED(hr))
  268. {
  269. IClassFactory* pcf;
  271. hr = pmoniker->BindToObject(pbc, NULL, IID_IClassFactory, (void**)&pcf);
  273. if (SUCCEEDED(hr))
  274. {
  275. hr = pcf->CreateInstance(punkOuter, riid, ppv);
  277. TRACE(TF_USERS,
  278. TEXT("pcf->CreateInstance returned: hr = 0x%08X"), hr);
  280. pcf->Release();
  281. }
  282. else
  283. {
  284. TRACE(TF_USERS, TEXT("pmoniker->BindToObject returned: hr = 0x%08X"), hr);
  285. }
  287. pmoniker->Release();
  288. }
  289. }
  290. }
  291. else
  292. {
  293. TRACE(TF_USERS, TEXT("MkParseDisplayName returned: hr = 0x%08X"), hr);
  294. }
  296. pbc->Release();
  297. }
  298. else
  299. {
  300. TRACE(TF_USERS, TEXT("CreateBindCtxt returned: hr = 0x%08X"), hr);
  301. }
  303. return hr;
  304. }
  306. HRESULT CImpersonateTokenBased::Impersonate()
  307. {
  308. HRESULT hr = S_FALSE;
  310. if (!_hToken)
  311. {
  312. hr = _GetToken(&_hToken);
  313. }
  315. if (SUCCEEDED(hr) && (S_FALSE != hr))
  316. {
  317. if (ImpersonateLoggedOnUser(_hToken))
  318. {
  319. hr = S_OK;
  320. }
  321. else
  322. {
  323. TRACE(TF_USERS, TEXT("Impersonate FAILED"));
  324. }
  325. }
  327. return hr;
  328. }
  330. HRESULT CImpersonateTokenBased::RevertToSelf()
  331. {
  332. return _RevertToSelf();
  333. }
  335. HRESULT CImpersonateTokenBased::_RevertToSelf()
  336. {
  337. if (_hToken)
  338. {
  339. ::RevertToSelf();
  340. CloseHandle(_hToken);
  341. _hToken = NULL;
  342. }
  344. return S_OK;
  345. }
  347. CImpersonateTokenBased::CImpersonateTokenBased()
  348. {
  349. _hToken = NULL;
  350. }
  352. CImpersonateTokenBased::~CImpersonateTokenBased()
  353. {
  354. _RevertToSelf();
  355. }
  357. HRESULT CImpersonateConsoleSessionUser::_GetToken(HANDLE* phToken)
  358. {
  359. HRESULT hr;
  360. ULONG ulReturnLength;
  361. WINSTATIONUSERTOKEN wsUserToken = {0};
  363. // Yep, the next casts are intentional...
  364. wsUserToken.ProcessId = (HANDLE)(DWORD_PTR)GetCurrentProcessId();
  365. wsUserToken.ThreadId = (HANDLE)(DWORD_PTR)GetCurrentThreadId();
  366. wsUserToken.UserToken = NULL;
  368. BOOL fActiveConsole = WinStationQueryInformation(SERVERNAME_CURRENT,
  369. USER_SHARED_DATA->ActiveConsoleId, WinStationUserToken,
  370. &wsUserToken, sizeof(wsUserToken), &ulReturnLength);
  372. if (fActiveConsole)
  373. {
  374. *phToken = wsUserToken.UserToken;
  375. hr = S_OK;
  376. }
  377. else
  378. {
  379. hr = S_FALSE;
  380. }
  382. return hr;
  383. }
  385. HRESULT CImpersonateEveryone::_GetToken(HANDLE* phToken)
  386. {
  387. HRESULT hr = S_FALSE;
  389. PSID gAdminSid;
  390. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  392. NTSTATUS ntstatus = RtlAllocateAndInitializeSid(
  393. &NtAuthority,
  394. 2,
  395. SECURITY_BUILTIN_DOMAIN_RID,
  396. DOMAIN_ALIAS_RID_ADMINS,
  397. 0, 0, 0, 0, 0, 0,
  398. &gAdminSid);
  400. if (NT_SUCCESS(ntstatus))
  401. {
  402. HANDLE hTokenProcess;
  404. ntstatus = NtOpenProcessToken(
  405. NtCurrentProcess(),
  406. TOKEN_ALL_ACCESS,
  407. &hTokenProcess);
  409. if (NT_SUCCESS(ntstatus))
  410. {
  411. TOKEN_GROUPS TokenGroups = {0};
  413. TokenGroups.GroupCount = 1 ;
  414. TokenGroups.Groups[0].Attributes = 0 ;
  415. TokenGroups.Groups[0].Sid = gAdminSid ;
  417. ntstatus = NtFilterToken(
  418. hTokenProcess,
  419. DISABLE_MAX_PRIVILEGE,
  420. &TokenGroups,
  421. NULL,
  422. NULL,
  423. phToken);
  425. NtClose(hTokenProcess);
  427. hr = S_OK;
  428. }
  430. RtlFreeSid(gAdminSid);
  431. }
  433. return hr;
  434. }
  436. ///////////////////////////////////////////////////////////////////////////////
  437. ///////////////////////////////////////////////////////////////////////////////
  438. HRESULT CImpersonateCOMCaller::Impersonate()
  439. {
  440. HRESULT hr = CoImpersonateClient();
  442. if (SUCCEEDED(hr))
  443. {
  444. _fImpersonating = TRUE;
  445. }
  446. else
  447. {
  448. hr = S_FALSE;
  449. }
  451. return hr;
  452. }
  454. HRESULT CImpersonateCOMCaller::RevertToSelf()
  455. {
  456. return _RevertToSelf();
  457. }
  459. HRESULT CImpersonateCOMCaller::_RevertToSelf()
  460. {
  461. if (_fImpersonating)
  462. {
  463. CoRevertToSelf();
  464. _fImpersonating = FALSE;
  465. }
  467. return S_OK;
  468. }
  470. CImpersonateCOMCaller::CImpersonateCOMCaller() : _fImpersonating(FALSE)
  471. {}
  473. CImpersonateCOMCaller::~CImpersonateCOMCaller()
  474. {
  475. _RevertToSelf();
  476. }
  478. HRESULT _GiveAllowForegroundToConsoleShell()
  479. {
  480. HANDLE hImpersonationToken;
  481. DWORD dwSessionID = USER_SHARED_DATA->ActiveConsoleId;
  483. if (GetWinStationUserToken(dwSessionID, &hImpersonationToken))
  484. {
  485. HANDLE hUserToken;
  487. if (DuplicateTokenEx(hImpersonationToken, 0, NULL,
  488. SecurityImpersonation, TokenPrimary, &hUserToken))
  489. {
  490. STARTUPINFO StartupInfo = {0};
  491. PROCESS_INFORMATION ProcessInfo = {0};
  492. WCHAR szCommand[] = TEXT("rundll32.exe shell32.dll,Activate_RunDLL");
  494. StartupInfo.cb = sizeof(StartupInfo);
  495. StartupInfo.wShowWindow = SW_SHOW;
  496. StartupInfo.lpDesktop = L"WinSta0\\Default";
  498. if (CreateProcessAsUser(hUserToken, NULL, szCommand,
  499. NULL, NULL, FALSE, DETACHED_PROCESS, NULL, NULL,
  500. &StartupInfo, &ProcessInfo))
  501. {
  502. CloseHandle(ProcessInfo.hProcess);
  503. CloseHandle(ProcessInfo.hThread);
  504. }
  506. CloseHandle(hUserToken);
  507. }
  509. CloseHandle(hImpersonationToken);
  510. }
  512. return S_OK;
  513. }