archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/lib/generic/tokeninformation.cpp

512 lines
16 KiB
Raw Normal View History

Add source files
4 years ago
  1. // --------------------------------------------------------------------------
  2. // Module Name: TokenInformation.h
  3. //
  4. // Copyright (c) 1999-2000, Microsoft Corporation
  5. //
  6. // Class to get information about either the current thread/process token or
  7. // a specified token.
  8. //
  9. // History: 1999-10-05 vtan created
  10. // 2000-02-01 vtan moved from Neptune to Whistler
  11. // --------------------------------------------------------------------------
  13. #include "StandardHeader.h"
  14. #include "TokenInformation.h"
  16. // --------------------------------------------------------------------------
  17. // CTokenInformation::CTokenInformation
  18. //
  19. // Arguments: hToken = Optional user token to get information on.
  20. //
  21. // Returns: <none>
  22. //
  23. // Purpose: Duplicates the given token if provided. Otherwise the thread
  24. // token is opened or the process token if that doesn't exist.
  25. //
  26. // History: 1999-10-05 vtan created
  27. // --------------------------------------------------------------------------
  29. CTokenInformation::CTokenInformation (HANDLE hToken) :
  30. _hToken(hToken),
  31. _hTokenToRelease(NULL),
  32. _pvGroupBuffer(NULL),
  33. _pvPrivilegeBuffer(NULL),
  34. _pvUserBuffer(NULL),
  35. _pszUserLogonName(NULL),
  36. _pszUserDisplayName(NULL)
  38. {
  39. if (hToken == NULL)
  40. {
  41. if (OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, FALSE, &_hToken) == FALSE)
  42. {
  43. TBOOL(OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &_hToken));
  44. }
  45. if (_hToken != NULL)
  46. {
  47. _hTokenToRelease = _hToken;
  48. }
  49. }
  50. }
  52. // --------------------------------------------------------------------------
  53. // CTokenInformation::~CTokenInformation
  54. //
  55. // Arguments: <none>
  56. //
  57. // Returns: <none>
  58. //
  59. // Purpose: Releases resources used by the object.
  60. //
  61. // History: 1999-10-05 vtan created
  62. // --------------------------------------------------------------------------
  64. CTokenInformation::~CTokenInformation (void)
  66. {
  67. ReleaseMemory(_pszUserLogonName);
  68. ReleaseMemory(_pszUserDisplayName);
  69. ReleaseMemory(_pvUserBuffer);
  70. ReleaseMemory(_pvPrivilegeBuffer);
  71. ReleaseMemory(_pvGroupBuffer);
  72. ReleaseHandle(_hTokenToRelease);
  73. }
  75. // --------------------------------------------------------------------------
  76. // CTokenInformation::GetLogonSID
  77. //
  78. // Arguments: <none>
  79. //
  80. // Returns: PSID
  81. //
  82. // Purpose: Gets token information for the token groups. Walks the groups
  83. // looking for the SID with SE_GROUP_LOGON_ID and returns a
  84. // pointer to this SID. This memory is available for the scope
  85. // of the object.
  86. //
  87. // History: 1999-10-05 vtan created
  88. // --------------------------------------------------------------------------
  90. PSID CTokenInformation::GetLogonSID (void)
  92. {
  93. PSID pSID;
  95. pSID = NULL;
  96. if ((_hToken != NULL) && (_pvGroupBuffer == NULL))
  97. {
  98. GetTokenGroups();
  99. }
  100. if (_pvGroupBuffer != NULL)
  101. {
  102. ULONG ulIndex, ulLimit;
  103. TOKEN_GROUPS *pTG;
  105. pTG = reinterpret_cast<TOKEN_GROUPS*>(_pvGroupBuffer);
  106. ulLimit = pTG->GroupCount;
  107. for (ulIndex = 0; (pSID == NULL) && (ulIndex < ulLimit); ++ulIndex)
  108. {
  109. if ((pTG->Groups[ulIndex].Attributes & SE_GROUP_LOGON_ID) != 0)
  110. {
  111. pSID = pTG->Groups[ulIndex].Sid;
  112. }
  113. }
  114. }
  115. return(pSID);
  116. }
  118. // --------------------------------------------------------------------------
  119. // CTokenInformation::GetUserSID
  120. //
  121. // Arguments: <none>
  122. //
  123. // Returns: PSID
  124. //
  125. // Purpose: Gets token information for the token user. This returns the
  126. // SID for the user of the token. This memory is available for
  127. // the scope of the object.
  128. //
  129. // History: 1999-10-05 vtan created
  130. // --------------------------------------------------------------------------
  132. PSID CTokenInformation::GetUserSID (void)
  134. {
  135. PSID pSID;
  137. if ((_pvUserBuffer == NULL) && (_hToken != NULL))
  138. {
  139. DWORD dwReturnLength;
  141. dwReturnLength = 0;
  142. (BOOL)GetTokenInformation(_hToken, TokenUser, NULL, 0, &dwReturnLength);
  143. _pvUserBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  144. if ((_pvUserBuffer != NULL) &&
  145. (GetTokenInformation(_hToken, TokenUser, _pvUserBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  146. {
  147. ReleaseMemory(_pvUserBuffer);
  148. _pvUserBuffer = NULL;
  149. }
  150. }
  151. if (_pvUserBuffer != NULL)
  152. {
  153. pSID = reinterpret_cast<TOKEN_USER*>(_pvUserBuffer)->User.Sid;
  154. }
  155. else
  156. {
  157. pSID = NULL;
  158. }
  159. return(pSID);
  160. }
  162. // --------------------------------------------------------------------------
  163. // CTokenInformation::IsUserTheSystem
  164. //
  165. // Arguments: <none>
  166. //
  167. // Returns: bool
  168. //
  169. // Purpose: Gets token information for the token user. This returns
  170. // whether the user is the local system.
  171. //
  172. // History: 1999-12-13 vtan created
  173. // --------------------------------------------------------------------------
  175. bool CTokenInformation::IsUserTheSystem (void)
  177. {
  178. static const LUID sLUIDSystem = SYSTEM_LUID;
  180. ULONG ulReturnLength;
  181. TOKEN_STATISTICS tokenStatistics;
  183. return((GetTokenInformation(_hToken, TokenStatistics, &tokenStatistics, sizeof(tokenStatistics), &ulReturnLength) != FALSE) &&
  184. RtlEqualLuid(&tokenStatistics.AuthenticationId, &sLUIDSystem));
  185. }
  187. // --------------------------------------------------------------------------
  188. // CTokenInformation::IsUserAnAdministrator
  189. //
  190. // Arguments: <none>
  191. //
  192. // Returns: bool
  193. //
  194. // Purpose: Gets token information for the token user. This returns
  195. // whether the user is a member of the local administrator group.
  196. //
  197. // History: 92-05-06 davidc created
  198. // 1999-11-06 vtan stolen
  199. // --------------------------------------------------------------------------
  201. bool CTokenInformation::IsUserAnAdministrator (void)
  203. {
  204. bool fIsAnAdministrator;
  206. fIsAnAdministrator = false;
  207. if ((_hToken != NULL) && (_pvGroupBuffer == NULL))
  208. {
  209. GetTokenGroups();
  210. }
  211. if (_pvGroupBuffer != NULL)
  212. {
  213. PSID pAdministratorSID;
  215. static SID_IDENTIFIER_AUTHORITY sSystemSidAuthority = SECURITY_NT_AUTHORITY;
  217. if (NT_SUCCESS(RtlAllocateAndInitializeSid(&sSystemSidAuthority,
  218. 2,
  219. SECURITY_BUILTIN_DOMAIN_RID,
  220. DOMAIN_ALIAS_RID_ADMINS,
  221. 0, 0, 0, 0, 0, 0,
  222. &pAdministratorSID)))
  223. {
  224. ULONG ulIndex, ulLimit;
  225. TOKEN_GROUPS *pTG;
  227. pTG = reinterpret_cast<TOKEN_GROUPS*>(_pvGroupBuffer);
  228. ulLimit = pTG->GroupCount;
  229. for (ulIndex = 0; !fIsAnAdministrator && (ulIndex < ulLimit); ++ulIndex)
  230. {
  231. fIsAnAdministrator = ((RtlEqualSid(pTG->Groups[ulIndex].Sid, pAdministratorSID) != FALSE) &&
  232. ((pTG->Groups[ulIndex].Attributes & SE_GROUP_ENABLED) != 0));
  233. }
  234. (void*)RtlFreeSid(pAdministratorSID);
  235. }
  236. }
  237. return(fIsAnAdministrator);
  238. }
  240. // --------------------------------------------------------------------------
  241. // CTokenInformation::UserHasPrivilege
  242. //
  243. // Arguments: <none>
  244. //
  245. // Returns: bool
  246. //
  247. // Purpose: Gets token information for the token user. This returns
  248. // whether the user is a member of the local administrator group.
  249. //
  250. // History: 2000-04-26 vtan created
  251. // --------------------------------------------------------------------------
  253. bool CTokenInformation::UserHasPrivilege (DWORD dwPrivilege)
  255. {
  256. bool fUserHasPrivilege;
  258. fUserHasPrivilege = false;
  259. if ((_hToken != NULL) && (_pvPrivilegeBuffer == NULL))
  260. {
  261. GetTokenPrivileges();
  262. }
  263. if (_pvPrivilegeBuffer != NULL)
  264. {
  265. ULONG ulIndex, ulLimit;
  266. TOKEN_PRIVILEGES *pTP;
  267. LUID luidPrivilege;
  269. luidPrivilege.LowPart = dwPrivilege;
  270. luidPrivilege.HighPart = 0;
  271. pTP = reinterpret_cast<TOKEN_PRIVILEGES*>(_pvPrivilegeBuffer);
  272. ulLimit = pTP->PrivilegeCount;
  273. for (ulIndex = 0; !fUserHasPrivilege && (ulIndex < ulLimit); ++ulIndex)
  274. {
  275. fUserHasPrivilege = (RtlEqualLuid(&pTP->Privileges[ulIndex].Luid, &luidPrivilege) != FALSE);
  276. }
  277. }
  278. return(fUserHasPrivilege);
  279. }
  281. // --------------------------------------------------------------------------
  282. // CTokenInformation::GetUserName
  283. //
  284. // Arguments: <none>
  285. //
  286. // Returns: WCHAR
  287. //
  288. // Purpose: Looks up the account name of the implicit token..
  289. //
  290. // History: 2000-08-31 vtan created
  291. // --------------------------------------------------------------------------
  293. const WCHAR* CTokenInformation::GetUserName (void)
  295. {
  296. if (_pszUserLogonName == NULL)
  297. {
  298. DWORD dwUserNameSize, dwReferencedDomainSize;
  299. SID_NAME_USE eUse;
  300. WCHAR *pszReferencedDomain;
  302. dwUserNameSize = dwReferencedDomainSize = 0;
  303. (BOOL)LookupAccountSid(NULL,
  304. GetUserSID(),
  305. NULL,
  306. &dwUserNameSize,
  307. NULL,
  308. &dwReferencedDomainSize,
  309. &eUse);
  310. pszReferencedDomain = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, dwReferencedDomainSize * sizeof(WCHAR)));
  311. if (pszReferencedDomain != NULL)
  312. {
  313. _pszUserLogonName = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, dwUserNameSize * sizeof(WCHAR)));
  314. if (_pszUserLogonName != NULL)
  315. {
  316. if (LookupAccountSid(NULL,
  317. GetUserSID(),
  318. _pszUserLogonName,
  319. &dwUserNameSize,
  320. pszReferencedDomain,
  321. &dwReferencedDomainSize,
  322. &eUse) == FALSE)
  323. {
  324. ReleaseMemory(_pszUserLogonName);
  325. }
  326. }
  327. (HLOCAL)LocalFree(pszReferencedDomain);
  328. }
  329. }
  330. return(_pszUserLogonName);
  331. }
  333. // --------------------------------------------------------------------------
  334. // CTokenInformation::GetUserDisplayName
  335. //
  336. // Arguments: <none>
  337. //
  338. // Returns: WCHAR
  339. //
  340. // Purpose: Returns the display name of the implicit token.
  341. //
  342. // History: 2000-08-31 vtan created
  343. // --------------------------------------------------------------------------
  345. const WCHAR* CTokenInformation::GetUserDisplayName (void)
  347. {
  348. if (_pszUserDisplayName == NULL)
  349. {
  350. const WCHAR *pszUserName;
  352. pszUserName = GetUserName();
  353. if (pszUserName != NULL)
  354. {
  355. USER_INFO_2 *pUserInfo;
  357. if (NERR_Success == NetUserGetInfo(NULL, pszUserName, 2, reinterpret_cast<LPBYTE*>(&pUserInfo)))
  358. {
  359. const WCHAR *pszUserDisplayName;
  361. if (pUserInfo->usri2_full_name[0] != L'\0')
  362. {
  363. pszUserDisplayName = pUserInfo->usri2_full_name;
  364. }
  365. else
  366. {
  367. pszUserDisplayName = pszUserName;
  368. }
  369. _pszUserDisplayName = static_cast<WCHAR*>(LocalAlloc(LMEM_FIXED, (lstrlen(pszUserDisplayName) + sizeof('\0')) * sizeof(WCHAR)));
  370. if (_pszUserDisplayName != NULL)
  371. {
  372. lstrcpy(_pszUserDisplayName, pszUserDisplayName);
  373. }
  374. TW32(NetApiBufferFree(pUserInfo));
  375. }
  376. }
  377. }
  378. return(_pszUserDisplayName);
  379. }
  381. // --------------------------------------------------------------------------
  382. // CTokenInformation::LogonUser
  383. //
  384. // Arguments: See the platform SDK under LogonUser.
  385. //
  386. // Returns: DWORD
  387. //
  388. // Purpose: Calls advapi32!LogonUserW with supplied credentials using
  389. // interactive logon type. Returns the error code as a DWORD
  390. // rather than the standard Win32 API method which allows the
  391. // filtering of certain error codes.
  392. //
  393. // History: 2001-03-28 vtan created
  394. // --------------------------------------------------------------------------
  396. DWORD CTokenInformation::LogonUser (const WCHAR *pszUsername, const WCHAR *pszDomain, const WCHAR *pszPassword, HANDLE *phToken)
  398. {
  399. DWORD dwErrorCode;
  401. if (::LogonUserW(const_cast<WCHAR*>(pszUsername),
  402. const_cast<WCHAR*>(pszDomain),
  403. const_cast<WCHAR*>(pszPassword),
  404. LOGON32_LOGON_INTERACTIVE,
  405. LOGON32_PROVIDER_DEFAULT,
  406. phToken) != FALSE)
  407. {
  408. dwErrorCode = ERROR_SUCCESS;
  409. }
  410. else
  411. {
  412. *phToken = NULL;
  413. dwErrorCode = GetLastError();
  415. // Ignore ERROR_PASSWORD_MUST_CHANGE and ERROR_PASSWORD_EXPIRED.
  417. if ((dwErrorCode == ERROR_PASSWORD_MUST_CHANGE) || (dwErrorCode == ERROR_PASSWORD_EXPIRED))
  418. {
  419. dwErrorCode = ERROR_SUCCESS;
  420. }
  421. }
  422. return(dwErrorCode);
  423. }
  425. // --------------------------------------------------------------------------
  426. // CTokenInformation::IsSameUser
  427. //
  428. // Arguments: hToken1 = Token of one user.
  429. // hToken2 = Token of other user.
  430. //
  431. // Returns: bool
  432. //
  433. // Purpose: Compares the user SID of the tokens for a match.
  434. //
  435. // History: 2001-03-28 vtan created
  436. // --------------------------------------------------------------------------
  438. bool CTokenInformation::IsSameUser (HANDLE hToken1, HANDLE hToken2)
  440. {
  441. PSID pSID1;
  442. PSID pSID2;
  443. CTokenInformation tokenInformation1(hToken1);
  444. CTokenInformation tokenInformation2(hToken2);
  446. pSID1 = tokenInformation1.GetUserSID();
  447. pSID2 = tokenInformation2.GetUserSID();
  448. return((pSID1 != NULL) &&
  449. (pSID2 != NULL) &&
  450. (EqualSid(pSID1, pSID2) != FALSE));
  451. }
  453. // --------------------------------------------------------------------------
  454. // CTokenInformation::GetTokenGroups
  455. //
  456. // Arguments: <none>
  457. //
  458. // Returns: <none>
  459. //
  460. // Purpose: Gets token information for the token user. This function
  461. // allocates the memory for the token groups. This memory is
  462. // available for the scope of the object.
  463. //
  464. // History: 1999-11-06 vtan created
  465. // --------------------------------------------------------------------------
  467. void CTokenInformation::GetTokenGroups (void)
  469. {
  470. DWORD dwReturnLength;
  472. dwReturnLength = 0;
  473. (BOOL)GetTokenInformation(_hToken, TokenGroups, NULL, 0, &dwReturnLength);
  474. _pvGroupBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  475. if ((_pvGroupBuffer != NULL) &&
  476. (GetTokenInformation(_hToken, TokenGroups, _pvGroupBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  477. {
  478. ReleaseMemory(_pvGroupBuffer);
  479. _pvGroupBuffer = NULL;
  480. }
  481. }
  483. // --------------------------------------------------------------------------
  484. // CTokenInformation::GetTokenPrivileges
  485. //
  486. // Arguments: <none>
  487. //
  488. // Returns: <none>
  489. //
  490. // Purpose: Gets token privileges for the token user. This function
  491. // allocates the memory for the token privileges. This memory is
  492. // available for the scope of the object.
  493. //
  494. // History: 2000-04-26 vtan created
  495. // --------------------------------------------------------------------------
  497. void CTokenInformation::GetTokenPrivileges (void)
  499. {
  500. DWORD dwReturnLength;
  502. dwReturnLength = 0;
  503. (BOOL)GetTokenInformation(_hToken, TokenPrivileges, NULL, 0, &dwReturnLength);
  504. _pvPrivilegeBuffer = LocalAlloc(LMEM_FIXED, dwReturnLength);
  505. if ((_pvPrivilegeBuffer != NULL) &&
  506. (GetTokenInformation(_hToken, TokenPrivileges, _pvPrivilegeBuffer, dwReturnLength, &dwReturnLength) == FALSE))
  507. {
  508. ReleaseMemory(_pvPrivilegeBuffer);
  509. _pvPrivilegeBuffer = NULL;
  510. }
  511. }