Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

221 lines
7.0 KiB

  1. // --------------------------------------------------------------------------
  2. // Module Name: TokenGroups.cpp
  3. //
  4. // Copyright (c) 1999-2000, Microsoft Corporation
  5. //
  6. // Classes related to authentication for use in neptune logon
  7. //
  8. // History: 1999-08-17 vtan created
  9. // 2000-02-01 vtan moved from Neptune to Whistler
  10. // --------------------------------------------------------------------------
  11. #include "StandardHeader.h"
  12. #include "TokenGroups.h"
  13. // --------------------------------------------------------------------------
  14. // CTokenGroups::sLocalSID
  15. //
  16. // Purpose: Static member variable for local authority (owner) SID.
  17. // --------------------------------------------------------------------------
  18. PSID CTokenGroups::s_localSID = NULL;
  19. PSID CTokenGroups::s_administratorSID = NULL;
  20. // --------------------------------------------------------------------------
  21. // CTokenGroups::CTokenGroups
  22. //
  23. // Arguments: <none>
  24. //
  25. // Returns: <none>
  26. //
  27. // Purpose: Initialize CTokenGroups object.
  28. //
  29. // History: 1999-08-17 vtan created
  30. // --------------------------------------------------------------------------
  31. CTokenGroups::CTokenGroups (void) :
  32. _pTokenGroups(NULL)
  33. {
  34. ASSERTMSG((s_localSID != NULL) && (s_administratorSID != NULL), "Cannot use CTokenGroups with invoking CTokenGroups::StaticInitialize");
  35. }
  36. // --------------------------------------------------------------------------
  37. // CTokenGroups::CTokenGroups
  38. //
  39. // Arguments: <none>
  40. //
  41. // Returns: <none>
  42. //
  43. // Purpose: Destroys buffer used by CTokenGroups if created.
  44. //
  45. // History: 1999-08-17 vtan created
  46. // --------------------------------------------------------------------------
  47. CTokenGroups::~CTokenGroups (void)
  48. {
  49. ReleaseMemory(_pTokenGroups);
  50. }
  51. // --------------------------------------------------------------------------
  52. // CTokenGroups::Get
  53. //
  54. // Arguments: <none>
  55. //
  56. // Returns: const TOKEN_GROUPS* = Pointer to the TOKEN_GROUPS
  57. // created in CTokenGroups::Create.
  58. //
  59. // Purpose: Returns the pointer to the TOKEN_GROUPS created in
  60. // CTokenGroups::Create for use with secur32!LsaLogonUser.
  61. //
  62. // History: 1999-08-17 vtan created
  63. // --------------------------------------------------------------------------
  64. const TOKEN_GROUPS* CTokenGroups::Get (void) const
  65. {
  66. return(_pTokenGroups);
  67. }
  68. // --------------------------------------------------------------------------
  69. // CTokenGroups::CreateLogonGroup
  70. //
  71. // Arguments: pLogonSID = logon SID to be used when create the token
  72. // group for logon. This will include the local
  73. // authority SID as well.
  74. //
  75. // Returns: NTSTATUS
  76. //
  77. // Purpose: Creates the TOKEN_GROUP with logon SID and local authority
  78. // SID for use with secur32!LsaLogonUser.
  79. //
  80. // History: 1999-08-17 vtan created
  81. // --------------------------------------------------------------------------
  82. NTSTATUS CTokenGroups::CreateLogonGroup (PSID pLogonSID)
  83. {
  84. static const int TOKEN_GROUP_COUNT = 2;
  85. NTSTATUS status;
  86. _pTokenGroups = static_cast<PTOKEN_GROUPS>(LocalAlloc(LPTR, sizeof(TOKEN_GROUPS) + (sizeof(SID_AND_ATTRIBUTES) * (TOKEN_GROUP_COUNT - ANYSIZE_ARRAY))));
  87. if (_pTokenGroups != NULL)
  88. {
  89. _pTokenGroups->GroupCount = TOKEN_GROUP_COUNT;
  90. _pTokenGroups->Groups[0].Sid = pLogonSID;
  91. _pTokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
  92. _pTokenGroups->Groups[1].Sid = s_localSID;
  93. _pTokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT;
  94. status = STATUS_SUCCESS;
  95. }
  96. else
  97. {
  98. status = STATUS_NO_MEMORY;
  99. }
  100. return(status);
  101. }
  102. // --------------------------------------------------------------------------
  103. // CTokenGroups::CreateAdministratorGroup
  104. //
  105. // Arguments: <none>
  106. //
  107. // Returns: NTSTATUS
  108. //
  109. // Purpose: Creates a TOKEN_GROUP structure with the administrator's SID
  110. //
  111. // History: 1999-09-13 vtan created
  112. // --------------------------------------------------------------------------
  113. NTSTATUS CTokenGroups::CreateAdministratorGroup (void)
  114. {
  115. static const int TOKEN_GROUP_COUNT = 1;
  116. NTSTATUS status;
  117. _pTokenGroups = static_cast<PTOKEN_GROUPS>(LocalAlloc(LPTR, sizeof(TOKEN_GROUPS) + (sizeof(SID_AND_ATTRIBUTES) * (TOKEN_GROUP_COUNT - ANYSIZE_ARRAY))));
  118. if (_pTokenGroups != NULL)
  119. {
  120. _pTokenGroups->GroupCount = TOKEN_GROUP_COUNT;
  121. _pTokenGroups->Groups[0].Sid = s_administratorSID;
  122. _pTokenGroups->Groups[0].Attributes = 0;
  123. status = STATUS_SUCCESS;
  124. }
  125. else
  126. {
  127. status = STATUS_NO_MEMORY;
  128. }
  129. return(status);
  130. }
  131. // --------------------------------------------------------------------------
  132. // CTokenGroups::StaticInitialize
  133. //
  134. // Arguments: <none>
  135. //
  136. // Returns: NTSTATUS
  137. //
  138. // Purpose: Allocates a SID for the local authority which identifies the
  139. // owner.
  140. //
  141. // History: 1999-08-17 vtan created
  142. // --------------------------------------------------------------------------
  143. NTSTATUS CTokenGroups::StaticInitialize (void)
  144. {
  145. static SID_IDENTIFIER_AUTHORITY localSIDAuthority = SECURITY_LOCAL_SID_AUTHORITY;
  146. static SID_IDENTIFIER_AUTHORITY systemSIDAuthority = SECURITY_NT_AUTHORITY;
  147. NTSTATUS status;
  148. ASSERTMSG(s_localSID == NULL, "CTokenGroups::StaticInitialize already invoked");
  149. status = RtlAllocateAndInitializeSid(&localSIDAuthority,
  150. 1,
  151. SECURITY_LOCAL_RID,
  152. 0, 0, 0, 0, 0, 0, 0,
  153. &s_localSID);
  154. if (NT_SUCCESS(status))
  155. {
  156. status = RtlAllocateAndInitializeSid(&systemSIDAuthority,
  157. 2,
  158. SECURITY_BUILTIN_DOMAIN_RID,
  159. DOMAIN_ALIAS_RID_ADMINS,
  160. 0, 0, 0, 0, 0, 0,
  161. &s_administratorSID);
  162. }
  163. return(status);
  164. }
  165. // --------------------------------------------------------------------------
  166. // CTokenGroups::StaticTerminate
  167. //
  168. // Arguments: <none>
  169. //
  170. // Returns: NTSTATUS
  171. //
  172. // Purpose: Destroys memory allocated for the local authority SID.
  173. //
  174. // History: 1999-08-17 vtan created
  175. // --------------------------------------------------------------------------
  176. NTSTATUS CTokenGroups::StaticTerminate (void)
  177. {
  178. if (s_administratorSID != NULL)
  179. {
  180. RtlFreeSid(s_administratorSID);
  181. s_administratorSID = NULL;
  182. }
  183. if (s_localSID != NULL)
  184. {
  185. RtlFreeSid(s_localSID);
  186. s_localSID = NULL;
  187. }
  188. return(STATUS_SUCCESS);
  189. }