archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/common/commonlib/txtsid.cpp

321 lines
10 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: TextualSid.cpp
  4. Comments: Converts a SID to and from its canonical textual representation.
  6. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  7. Proprietary and confidential to Mission Critical Software, Inc.
  9. REVISION LOG ENTRY
  10. Revision By: Christy Boles
  11. Revised on 02/15/99 11:33:52
  13. ---------------------------------------------------------------------------
  14. */
  16. #ifdef USE_STDAFX
  17. #include "stdafx.h"
  18. #else
  19. #include <windows.h>
  20. #include <malloc.h>
  21. #include <stdio.h>
  22. #endif
  23. #include "Mcs.h"
  24. #include "TxtSid.h"
  26. BOOL
  27. GetTextualSid(
  28. PSID pSid, // in - binary Sid
  29. LPTSTR TextualSid, // i/o- buffer for Textual representation of Sid
  30. LPDWORD lpdwBufferLen // in - required/provided TextualSid buffersize
  31. )
  32. {
  33. PSID_IDENTIFIER_AUTHORITY psia;
  34. DWORD dwSubAuthorities;
  35. DWORD dwSidRev=SID_REVISION;
  36. DWORD dwCounter;
  37. DWORD dwSidSize;
  39. // Validate the binary SID.
  40. if(!IsValidSid(pSid))
  41. return FALSE;
  42. // Get the identifier authority value from the SID.
  43. psia = GetSidIdentifierAuthority(pSid);
  44. // Get the number of subauthorities in the SID.
  45. dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
  46. // Compute the buffer length.
  47. // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
  48. dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
  50. // Check input buffer length.
  51. // If too small, indicate the proper size and set last error.
  52. if (*lpdwBufferLen < dwSidSize)
  53. {
  54. *lpdwBufferLen = dwSidSize;
  55. SetLastError(ERROR_INSUFFICIENT_BUFFER);
  56. return FALSE;
  57. }
  58. // Add 'S' prefix and revision number to the string.
  59. dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
  60. // Add SID identifier authority to the string.
  61. if ( (psia->Value[0] != 0) || (psia->Value[1] != 0) )
  62. {
  63. dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
  64. TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
  65. (USHORT)psia->Value[0],
  66. (USHORT)psia->Value[1],
  67. (USHORT)psia->Value[2],
  68. (USHORT)psia->Value[3],
  69. (USHORT)psia->Value[4],
  70. (USHORT)psia->Value[5]);
  71. }
  72. else
  73. {
  74. dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
  75. TEXT("%lu"),
  76. (ULONG)(psia->Value[5] ) +
  77. (ULONG)(psia->Value[4] << 8) +
  78. (ULONG)(psia->Value[3] << 16) +
  79. (ULONG)(psia->Value[2] << 24) );
  80. }
  81. // Add SID subauthorities to the string. //
  82. for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++)
  83. {
  84. dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
  85. *GetSidSubAuthority(pSid, dwCounter) );
  86. }
  87. return TRUE;
  88. }
  90. PSID // ret- binary representation of SID, or NULL
  91. SidFromString(
  92. WCHAR const * strSid // in - string representation of SID
  93. )
  94. {
  95. BOOL bSuccess = TRUE;
  96. PSID pSid = NULL;
  97. DWORD dwSidRev;
  98. // WCHAR * strPtr = NULL;
  99. WCHAR sidIA[100];
  100. WCHAR sidSubs[100];
  101. int ia0,ia1,ia2,ia3,ia4,ia5;
  102. SID_IDENTIFIER_AUTHORITY sia;
  104. do
  105. {
  106. if ( strSid[0] != L'S' || strSid[1] != L'-' )
  107. {
  108. bSuccess = FALSE;
  109. break;
  110. }
  111. // Read SID revision level
  112. sidSubs[0] = 0;
  113. int result = swscanf(strSid,L"S-%d-%[^-]-%ls",&dwSidRev,sidIA,sidSubs);
  114. if ( result == 3 )
  115. {
  116. // evaluate the IA
  117. if ( sidIA[1] == L'x' )
  118. {
  119. // full format
  120. result = swscanf(sidIA,L"0x%02hx%02hx%02hx%02hx%02hx%02hx",&ia0,&ia1,&ia2,&ia3,&ia4,&ia5);
  121. if ( result == 6 )
  122. {
  123. sia.Value[0] = (BYTE) ia0;
  124. sia.Value[1] = (BYTE) ia1;
  125. sia.Value[2] = (BYTE) ia2;
  126. sia.Value[3] = (BYTE) ia3;
  127. sia.Value[4] = (BYTE) ia4;
  128. sia.Value[5] = (BYTE) ia5;
  130. }
  131. else
  132. {
  133. bSuccess = FALSE;
  134. break;
  135. }
  136. }
  137. else
  138. {
  139. DWORD bignumber;
  141. result = swscanf(sidIA,L"%lu",&bignumber);
  142. sia.Value[0] = 0;
  143. sia.Value[1] = 0;
  144. sia.Value[2] = BYTE( (bignumber & 0xff000000) >> 24);
  145. sia.Value[3] = BYTE( (bignumber & 0x00ff0000) >> 16);
  146. sia.Value[4] = BYTE( (bignumber & 0x0000ff00) >> 8);
  147. sia.Value[5] = BYTE(bignumber & 0x000000ff);
  148. }
  150. // read the subauthorities
  151. DWORD subs[10];
  153. memset(subs,0,(sizeof subs));
  155. result = swscanf(sidSubs,L"%lu-%lu-%lu-%lu-%lu-%lu-%lu-%lu",&subs[0],&subs[1],&subs[2],&subs[3],&subs[4],
  156. &subs[5],&subs[6],&subs[7]);
  158. if ( result )
  159. {
  160. if ( !AllocateAndInitializeSid(&sia,(BYTE)result,subs[0],subs[1],subs[2],subs[3],subs[4],subs[5],subs[6],subs[7],&pSid) )
  161. {
  162. pSid = NULL;
  163. bSuccess = FALSE;
  164. }
  165. }
  166. }
  167. } while ( false);
  169. //see if IsValidSid also thinks this is valid
  170. if (pSid)
  171. {
  172. //if not valid, free it and return NULL
  173. if (!IsValidSid(pSid))
  174. {
  175. FreeSid(pSid);
  176. pSid = NULL;
  177. }
  178. }
  180. return pSid;
  181. }
  183. /*****************************************************************************************************/
  184. /* DomainizeSid:
  185. Takes a domain sid, and verifies that its last subauthority value is -1. If the RID is not
  186. -1, DomainizeSid adds a -1 to the end.
  187. /*****************************************************************************************************/
  188. PSID // ret -the sid with RID = -1
  189. DomainizeSid(
  190. PSID psid, // in -sid to check and possibly fix
  191. BOOL freeOldSid // in -whether to free the old sid
  192. )
  193. {
  194. MCSASSERT(psid);
  196. UCHAR len = (* GetSidSubAuthorityCount(psid));
  197. PDWORD sub = GetSidSubAuthority(psid,len-1);
  199. if ( *sub != -1 )
  200. {
  201. DWORD sdsize = GetSidLengthRequired(len+1); // sid doesn't already have -1 as rid
  202. PSID newsid = (SID *)malloc(sdsize); // copy the sid, and add -1 to the end
  204. if (newsid)
  205. {
  206. if ( ! InitializeSid(newsid,GetSidIdentifierAuthority(psid),len+1) ) // make a bigger sid w/same IA
  207. {
  208. MCSASSERT(false);
  209. }
  210. for ( DWORD i = 0 ; i < len ; i++ )
  211. {
  212. sub = GetSidSubAuthority(newsid,i); // copy subauthorities
  213. (*sub) = (*GetSidSubAuthority(psid,i));
  214. }
  215. sub = GetSidSubAuthority(newsid,len);
  216. *sub = -1; // set rid =-1
  217. if ( freeOldSid )
  218. {
  219. FreeSid(psid);
  220. }
  221. psid = newsid;
  222. len++;
  223. }
  224. }
  225. return psid;
  226. }
  228. /*********************************************************************
  229. * *
  230. * Written by: Paul Thompson *
  231. * Date: 4 OCT 2000 *
  232. * *
  233. * This function is responsible for taking the given source and *
  234. * target account SIDs and breaking them up and returning the src *
  235. * domain sid, src account rid, tgt domain sid, and tgt account rid. *
  236. * The caller must call "FreeSid" on the src and tgt domain sid *
  237. * pointers. *
  238. * *
  239. *********************************************************************/
  241. //BEGIN SplitAccountSids
  242. BOOL // ret - Success ? TRUE | FALSE
  243. SplitAccountSids(
  244. PSID srcSid, // in - src account sid
  245. WCHAR *srcDomainSid, // out - src domain sid textual
  246. DWORD *srcRid, // out - src account rid
  247. PSID tgtSid, // in - tgt account sid
  248. WCHAR *tgtDomainSid, // out - tgt domain sid textual
  249. DWORD *tgtRid // out - tgt account rid
  250. )
  251. {
  252. /* local variables */
  253. DWORD sidLen;
  254. UCHAR Count;
  255. PDWORD psubAuth;
  256. BOOL bSuccess = TRUE;
  257. DWORD lenTxt = MAX_PATH;
  259. /* function body */
  260. if ((!IsValidSid(srcSid)) && (!IsValidSid(tgtSid)))
  261. return FALSE;
  263. //split up the src account sid
  264. sidLen = GetLengthSid(srcSid);
  265. PSID srcDomSid = new BYTE[sidLen+1];
  266. if (!srcDomSid)
  267. return FALSE;
  269. if (!CopySid(sidLen+1, srcDomSid, srcSid))
  270. {
  271. delete [] srcDomSid;
  272. return FALSE;
  273. }
  275. //get the RID out of the SID and get the domain SID
  276. Count = (* GetSidSubAuthorityCount(srcDomSid));
  277. psubAuth = GetSidSubAuthority(srcDomSid, Count-1);
  278. if (psubAuth)
  279. {
  280. *srcRid = *psubAuth;
  281. *psubAuth = -1;
  282. }
  284. //convert domain sid to text format
  285. if (srcDomSid)
  286. {
  287. GetTextualSid(srcDomSid,srcDomainSid,&lenTxt);
  288. delete [] srcDomSid;
  289. }
  291. //split up the tgt account sid
  292. sidLen = GetLengthSid(tgtSid);
  293. PSID tgtDomSid = new BYTE[sidLen+1];
  294. if (!tgtDomSid)
  295. return FALSE;
  297. if (!CopySid(sidLen+1, tgtDomSid, tgtSid))
  298. {
  299. delete [] tgtDomSid;
  300. return FALSE;
  301. }
  303. //get the RID out of the SID and get the domain SID
  304. Count = (* GetSidSubAuthorityCount(tgtDomSid));
  305. psubAuth = GetSidSubAuthority(tgtDomSid, Count-1);
  306. if (psubAuth)
  307. {
  308. *tgtRid = *psubAuth;
  309. *psubAuth = -1;
  310. }
  312. //convert domain sid to text format
  313. lenTxt = MAX_PATH;
  314. if (tgtDomSid)
  315. {
  316. GetTextualSid(tgtDomSid,tgtDomainSid,&lenTxt);
  317. delete [] tgtDomSid;
  318. }
  320. return bSuccess;
  321. }
  322. //END SplitAccountSids