archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/netapi/svcdlls/logonsrv/server/rgroups.c

682 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1987-1996 Microsoft Corporation
  5. Module Name:
  7. rgroups.c
  9. Abstract:
  11. Routines to expand transitive group membership.
  13. Author:
  15. Mike Swift (mikesw) 8-May-1998
  17. Environment:
  19. User mode only.
  20. Contains NT-specific code.
  21. Requires ANSI C extensions: slash-slash comments, long external names.
  23. Revision History:
  26. --*/
  28. //
  29. // Common include files.
  30. //
  32. #include "logonsrv.h" // Include files common to entire service
  33. #pragma hdrstop
  38. PSID
  39. NlpCopySid(
  40. IN PSID Sid
  41. )
  43. /*++
  45. Routine Description:
  47. Given a SID allocatees space for a new SID from the LSA heap and copies
  48. the original SID.
  50. Arguments:
  52. Sid - The original SID.
  54. Return Value:
  56. Sid - Returns a pointer to a buffer allocated from the LsaHeap
  57. containing the resultant Sid.
  59. --*/
  60. {
  61. PSID NewSid;
  62. ULONG Size;
  64. Size = RtlLengthSid( Sid );
  68. if ((NewSid = MIDL_user_allocate( Size )) == NULL ) {
  69. return NULL;
  70. }
  73. if ( !NT_SUCCESS( RtlCopySid( Size, NewSid, Sid ) ) ) {
  74. MIDL_user_free( NewSid );
  75. return NULL;
  76. }
  79. return NewSid;
  80. }
  83. NTSTATUS
  84. NlpBuildPacSidList(
  85. IN PNETLOGON_VALIDATION_SAM_INFO4 UserInfo,
  86. OUT PSAMPR_PSID_ARRAY Sids
  87. )
  88. /*++
  90. Routine Description:
  92. Given the validation information for a user, expands the group member-
  93. ships and user id into a list of sids
  95. Arguments:
  97. UserInfo - user's validation information
  98. Sids - receives an array of all the user's group sids and user id
  100. Return Value:
  103. STATUS_INSUFFICIENT_RESOURCES - there wasn't enough memory to
  104. create the list of sids.
  106. --*/
  107. {
  108. NTSTATUS Status = STATUS_SUCCESS;
  109. NET_API_STATUS NetStatus;
  110. ULONG Size = 0, i;
  112. Sids->Count = 0;
  113. Sids->Sids = NULL;
  116. if (UserInfo->UserId != 0) {
  117. Size += sizeof(SAMPR_SID_INFORMATION);
  118. }
  120. Size += UserInfo->GroupCount * (ULONG)sizeof(SAMPR_SID_INFORMATION);
  123. //
  124. // If there are extra SIDs, add space for them
  125. //
  127. if (UserInfo->UserFlags & LOGON_EXTRA_SIDS) {
  128. Size += UserInfo->SidCount * (ULONG)sizeof(SAMPR_SID_INFORMATION);
  129. }
  133. Sids->Sids = (PSAMPR_SID_INFORMATION) MIDL_user_allocate( Size );
  135. if ( Sids->Sids == NULL ) {
  136. Status = STATUS_INSUFFICIENT_RESOURCES;
  137. goto Cleanup;
  138. }
  140. RtlZeroMemory(
  141. Sids->Sids,
  142. Size
  143. );
  146. //
  147. // Start copying SIDs into the structure
  148. //
  150. i = 0;
  152. //
  153. // If the UserId is non-zero, then it contians the users RID.
  154. //
  156. if ( UserInfo->UserId ) {
  157. NetStatus = NetpDomainIdToSid(
  158. UserInfo->LogonDomainId,
  159. UserInfo->UserId,
  160. (PSID *) &Sids->Sids[0].SidPointer
  161. );
  163. if( NetStatus != ERROR_SUCCESS ) {
  164. Status = STATUS_INSUFFICIENT_RESOURCES;
  165. goto Cleanup;
  166. }
  167. Sids->Count++;
  168. }
  170. //
  171. // Copy over all the groups passed as RIDs
  172. //
  174. for ( i=0; i < UserInfo->GroupCount; i++ ) {
  176. NetStatus = NetpDomainIdToSid(
  177. UserInfo->LogonDomainId,
  178. UserInfo->GroupIds[i].RelativeId,
  179. (PSID *) &Sids->Sids[Sids->Count].SidPointer
  180. );
  181. if( NetStatus != ERROR_SUCCESS ) {
  182. Status = STATUS_INSUFFICIENT_RESOURCES;
  183. goto Cleanup;
  184. }
  186. Sids->Count++;
  187. }
  190. //
  191. // Add in the extra SIDs
  192. //
  194. //
  195. // ???: no need to allocate these
  196. //
  197. if (UserInfo->UserFlags & LOGON_EXTRA_SIDS) {
  200. for ( i = 0; i < UserInfo->SidCount; i++ ) {
  203. Sids->Sids[Sids->Count].SidPointer = NlpCopySid(
  204. UserInfo->ExtraSids[i].Sid
  205. );
  206. if (Sids->Sids[Sids->Count].SidPointer == NULL) {
  207. Status = STATUS_INSUFFICIENT_RESOURCES;
  208. goto Cleanup;
  209. }
  212. Sids->Count++;
  213. }
  214. }
  217. //
  218. // Deallocate any memory we've allocated
  219. //
  221. Cleanup:
  222. if (!NT_SUCCESS(Status)) {
  223. if (Sids->Sids != NULL) {
  224. for (i = 0; i < Sids->Count ;i++ ) {
  225. if (Sids->Sids[i].SidPointer != NULL) {
  226. MIDL_user_free(Sids->Sids[i].SidPointer);
  227. }
  228. }
  229. MIDL_user_free(Sids->Sids);
  230. Sids->Sids = NULL;
  231. Sids->Count = 0;
  232. }
  233. }
  234. return Status;
  236. }
  239. NTSTATUS
  240. NlpAddResourceGroupsToSamInfo (
  241. IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
  242. IN OUT PNETLOGON_VALIDATION_SAM_INFO4 *ValidationInformation,
  243. IN PSAMPR_PSID_ARRAY ResourceGroups
  244. )
  245. /*++
  247. Routine Description:
  249. This function converts a NETLOGON_VALIDATION_SAM_INFO version 1, 2, or 4 to
  250. a NETLOGON_VALIDATION_SAM_INFO version 4 and optionally adds in an array of
  251. ResourceGroup sids.
  253. Since version 4 is a superset of the other two levels, the returned structure can
  254. be used even though one of the other info levels are needed.
  257. Arguments:
  259. ValidationLevel -- Specifies the level of information passed as input in
  260. ValidationInformation. Must be NetlogonValidationSamInfo or
  261. NetlogonValidationSamInfo2, NetlogonValidationSamInfo4
  263. NetlogonValidationSamInfo4 is always returned on output.
  265. ValidationInformation -- Specifies the NETLOGON_VALIDATION_SAM_INFO
  266. to convert.
  268. ResourceGroups - The list of resource groups to add to the structure.
  269. If NULL, no resource groups are added.
  272. Return Value:
  274. STATUS_INSUFFICIENT_RESOURCES: not enough memory to allocate the new
  275. structure.
  277. --*/
  278. {
  279. ULONG Length;
  280. PNETLOGON_VALIDATION_SAM_INFO4 SamInfo = *ValidationInformation;
  281. PNETLOGON_VALIDATION_SAM_INFO4 SamInfo4;
  282. PBYTE Where;
  283. ULONG Index;
  284. ULONG GroupIndex;
  285. ULONG ExtraSids = 0;
  287. //
  288. // Calculate the size of the new structure
  289. //
  291. Length = sizeof( NETLOGON_VALIDATION_SAM_INFO4 )
  292. + SamInfo->GroupCount * sizeof(GROUP_MEMBERSHIP)
  293. + RtlLengthSid( SamInfo->LogonDomainId );
  296. //
  297. // Add space for extra sids & resource groups
  298. //
  300. if ( ValidationLevel != NetlogonValidationSamInfo &&
  301. (SamInfo->UserFlags & LOGON_EXTRA_SIDS) != 0 ) {
  303. for (Index = 0; Index < SamInfo->SidCount ; Index++ ) {
  304. Length += sizeof(NETLOGON_SID_AND_ATTRIBUTES) + RtlLengthSid(SamInfo->ExtraSids[Index].Sid);
  305. }
  306. ExtraSids += SamInfo->SidCount;
  307. }
  309. if ( ResourceGroups != NULL ) {
  310. for (Index = 0; Index < ResourceGroups->Count ; Index++ ) {
  311. Length += sizeof(NETLOGON_SID_AND_ATTRIBUTES) + RtlLengthSid(ResourceGroups->Sids[Index].SidPointer);
  312. }
  313. ExtraSids += ResourceGroups->Count;
  314. }
  316. //
  317. // Round up now to take into account the round up in the
  318. // middle of marshalling
  319. //
  321. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  322. + SamInfo->LogonDomainName.Length + sizeof(WCHAR)
  323. + SamInfo->LogonServer.Length + sizeof(WCHAR)
  324. + SamInfo->EffectiveName.Length + sizeof(WCHAR)
  325. + SamInfo->FullName.Length + sizeof(WCHAR)
  326. + SamInfo->LogonScript.Length + sizeof(WCHAR)
  327. + SamInfo->ProfilePath.Length + sizeof(WCHAR)
  328. + SamInfo->HomeDirectory.Length + sizeof(WCHAR)
  329. + SamInfo->HomeDirectoryDrive.Length + sizeof(WCHAR);
  331. if ( ValidationLevel == NetlogonValidationSamInfo4 ) {
  332. Length += SamInfo->DnsLogonDomainName.Length + sizeof(WCHAR)
  333. + SamInfo->Upn.Length + sizeof(WCHAR);
  335. //
  336. // The ExpansionStrings may be used to transport byte aligned data
  337. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  338. + SamInfo->ExpansionString1.Length + sizeof(WCHAR);
  340. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  341. + SamInfo->ExpansionString2.Length + sizeof(WCHAR);
  343. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  344. + SamInfo->ExpansionString3.Length + sizeof(WCHAR);
  346. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  347. + SamInfo->ExpansionString4.Length + sizeof(WCHAR);
  349. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  350. + SamInfo->ExpansionString5.Length + sizeof(WCHAR);
  352. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  353. + SamInfo->ExpansionString6.Length + sizeof(WCHAR);
  355. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  356. + SamInfo->ExpansionString7.Length + sizeof(WCHAR);
  358. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  359. + SamInfo->ExpansionString8.Length + sizeof(WCHAR);
  361. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  362. + SamInfo->ExpansionString9.Length + sizeof(WCHAR);
  364. Length = ROUND_UP_COUNT(Length, sizeof(WCHAR))
  365. + SamInfo->ExpansionString10.Length + sizeof(WCHAR);
  366. }
  368. Length = ROUND_UP_COUNT( Length, sizeof(WCHAR) );
  370. SamInfo4 = (PNETLOGON_VALIDATION_SAM_INFO4) MIDL_user_allocate( Length );
  372. if ( !SamInfo4 ) {
  373. *ValidationInformation = NULL;
  374. return STATUS_INSUFFICIENT_RESOURCES;
  375. }
  377. //
  378. // First copy the whole structure, since most parts are the same
  379. //
  381. RtlCopyMemory( SamInfo4, SamInfo, sizeof(NETLOGON_VALIDATION_SAM_INFO));
  382. RtlZeroMemory( &((LPBYTE)SamInfo4)[sizeof(NETLOGON_VALIDATION_SAM_INFO)],
  383. sizeof(NETLOGON_VALIDATION_SAM_INFO4) - sizeof(NETLOGON_VALIDATION_SAM_INFO) );
  385. //
  386. // Copy all the variable length data
  387. //
  389. Where = (PBYTE) (SamInfo4 + 1);
  391. RtlCopyMemory(
  392. Where,
  393. SamInfo->GroupIds,
  394. SamInfo->GroupCount * sizeof( GROUP_MEMBERSHIP) );
  396. SamInfo4->GroupIds = (PGROUP_MEMBERSHIP) Where;
  397. Where += SamInfo->GroupCount * sizeof( GROUP_MEMBERSHIP );
  399. //
  400. // Copy the extra groups
  401. //
  403. if (ExtraSids != 0) {
  405. ULONG SidLength;
  407. SamInfo4->ExtraSids = (PNETLOGON_SID_AND_ATTRIBUTES) Where;
  408. Where += sizeof(NETLOGON_SID_AND_ATTRIBUTES) * ExtraSids;
  410. GroupIndex = 0;
  412. if ( ValidationLevel != NetlogonValidationSamInfo &&
  413. (SamInfo->UserFlags & LOGON_EXTRA_SIDS) != 0 ) {
  415. for (Index = 0; Index < SamInfo->SidCount ; Index++ ) {
  417. SamInfo4->ExtraSids[GroupIndex].Attributes = SamInfo->ExtraSids[Index].Attributes;
  418. SamInfo4->ExtraSids[GroupIndex].Sid = (PSID) Where;
  419. SidLength = RtlLengthSid(SamInfo->ExtraSids[Index].Sid);
  420. RtlCopyMemory(
  421. Where,
  422. SamInfo->ExtraSids[Index].Sid,
  423. SidLength
  425. );
  426. Where += SidLength;
  427. GroupIndex++;
  428. }
  429. }
  431. //
  432. // Add the resource groups
  433. //
  436. if ( ResourceGroups != NULL ) {
  437. for (Index = 0; Index < ResourceGroups->Count ; Index++ ) {
  439. SamInfo4->ExtraSids[GroupIndex].Attributes = SE_GROUP_MANDATORY |
  440. SE_GROUP_ENABLED |
  441. SE_GROUP_ENABLED_BY_DEFAULT;
  443. SamInfo4->ExtraSids[GroupIndex].Sid = (PSID) Where;
  444. SidLength = RtlLengthSid(ResourceGroups->Sids[Index].SidPointer);
  445. RtlCopyMemory(
  446. Where,
  447. ResourceGroups->Sids[Index].SidPointer,
  448. SidLength
  449. );
  450. Where += SidLength;
  451. GroupIndex++;
  452. }
  453. }
  454. SamInfo4->SidCount = GroupIndex;
  455. NlAssert(GroupIndex == ExtraSids);
  458. }
  460. RtlCopyMemory(
  461. Where,
  462. SamInfo->LogonDomainId,
  463. RtlLengthSid( SamInfo->LogonDomainId ) );
  465. SamInfo4->LogonDomainId = (PSID) Where;
  466. Where += RtlLengthSid( SamInfo->LogonDomainId );
  468. //
  469. // Copy the WCHAR-aligned data
  470. //
  471. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  473. NlpPutString( &SamInfo4->EffectiveName,
  474. &SamInfo->EffectiveName,
  475. &Where );
  477. NlpPutString( &SamInfo4->FullName,
  478. &SamInfo->FullName,
  479. &Where );
  481. NlpPutString( &SamInfo4->LogonScript,
  482. &SamInfo->LogonScript,
  483. &Where );
  485. NlpPutString( &SamInfo4->ProfilePath,
  486. &SamInfo->ProfilePath,
  487. &Where );
  489. NlpPutString( &SamInfo4->HomeDirectory,
  490. &SamInfo->HomeDirectory,
  491. &Where );
  493. NlpPutString( &SamInfo4->HomeDirectoryDrive,
  494. &SamInfo->HomeDirectoryDrive,
  495. &Where );
  497. NlpPutString( &SamInfo4->LogonServer,
  498. &SamInfo->LogonServer,
  499. &Where );
  501. NlpPutString( &SamInfo4->LogonDomainName,
  502. &SamInfo->LogonDomainName,
  503. &Where );
  505. if ( ValidationLevel == NetlogonValidationSamInfo4 ) {
  507. NlpPutString( &SamInfo4->DnsLogonDomainName,
  508. &SamInfo->DnsLogonDomainName,
  509. &Where );
  511. NlpPutString( &SamInfo4->Upn,
  512. &SamInfo->Upn,
  513. &Where );
  515. NlpPutString( &SamInfo4->ExpansionString1,
  516. &SamInfo->ExpansionString1,
  517. &Where );
  519. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  521. NlpPutString( &SamInfo4->ExpansionString2,
  522. &SamInfo->ExpansionString2,
  523. &Where );
  525. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  527. NlpPutString( &SamInfo4->ExpansionString3,
  528. &SamInfo->ExpansionString3,
  529. &Where );
  531. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  533. NlpPutString( &SamInfo4->ExpansionString4,
  534. &SamInfo->ExpansionString4,
  535. &Where );
  537. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  539. NlpPutString( &SamInfo4->ExpansionString5,
  540. &SamInfo->ExpansionString5,
  541. &Where );
  543. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  545. NlpPutString( &SamInfo4->ExpansionString6,
  546. &SamInfo->ExpansionString6,
  547. &Where );
  549. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  551. NlpPutString( &SamInfo4->ExpansionString7,
  552. &SamInfo->ExpansionString7,
  553. &Where );
  555. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  557. NlpPutString( &SamInfo4->ExpansionString8,
  558. &SamInfo->ExpansionString8,
  559. &Where );
  561. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  563. NlpPutString( &SamInfo4->ExpansionString9,
  564. &SamInfo->ExpansionString9,
  565. &Where );
  567. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  569. NlpPutString( &SamInfo4->ExpansionString10,
  570. &SamInfo->ExpansionString10,
  571. &Where );
  573. Where = ROUND_UP_POINTER(Where, sizeof(WCHAR) );
  575. }
  578. MIDL_user_free(SamInfo);
  580. *ValidationInformation = SamInfo4;
  582. return STATUS_SUCCESS;
  584. }
  588. NTSTATUS
  589. NlpExpandResourceGroupMembership(
  590. IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
  591. IN OUT PNETLOGON_VALIDATION_SAM_INFO4 * UserInfo,
  592. IN PDOMAIN_INFO DomainInfo
  593. )
  594. /*++
  596. Routine Description:
  598. Given the validation information for a user, expands the group member-
  599. ships and user id into a list of sids
  601. Arguments:
  603. ValidationLevel -- Specifies the level of information passed as input in
  604. UserInfo. Must be NetlogonValidationSamInfo or
  605. NetlogonValidationSamInfo2, NetlogonValidationSamInfo4
  607. NetlogonValidationSamInfo4 is always returned on output.
  609. UserInfo - user's validation information
  610. This structure is updated to include the resource groups that the user is a member of
  612. DomainInfo - Structure identifying the hosted domain used to determine the group membership.
  614. Return Value:
  617. STATUS_INSUFFICIENT_RESOURCES - there wasn't enough memory to
  618. create the list of sids.
  620. --*/
  621. {
  622. NTSTATUS Status = STATUS_SUCCESS;
  623. SAMPR_PSID_ARRAY SidList = {0};
  624. PSAMPR_PSID_ARRAY ResourceGroups = NULL;
  625. ULONG Index;
  628. Status = NlpBuildPacSidList(
  629. *UserInfo,
  630. &SidList
  631. );
  633. if (!NT_SUCCESS(Status)) {
  634. goto Cleanup;
  635. }
  636. //
  637. // Call SAM to get the sids
  638. //
  640. Status = SamIGetResourceGroupMembershipsTransitive(
  641. DomainInfo->DomSamAccountDomainHandle,
  642. &SidList,
  643. 0, // no flags
  644. &ResourceGroups
  645. );
  646. if (!NT_SUCCESS(Status)) {
  647. goto Cleanup;
  648. }
  650. //
  651. // Build a new validation information structure
  652. //
  654. if (ResourceGroups->Count != 0) {
  656. Status = NlpAddResourceGroupsToSamInfo(
  657. ValidationLevel,
  658. UserInfo,
  659. ResourceGroups
  660. );
  661. if (!NT_SUCCESS(Status)) {
  662. goto Cleanup;
  663. }
  664. }
  666. Cleanup:
  668. SamIFreeSidArray(
  669. ResourceGroups
  670. );
  672. if (SidList.Sids != NULL) {
  673. for (Index = 0; Index < SidList.Count ;Index++ ) {
  674. if (SidList.Sids[Index].SidPointer != NULL) {
  675. MIDL_user_free(SidList.Sids[Index].SidPointer);
  676. }
  677. }
  678. MIDL_user_free(SidList.Sids);
  679. }
  681. return(Status);
  682. }