mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1256 lines
27 KiB
1256 lines
27 KiB
/*--
|
|
Copyright (c) 1992 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
sysdb.c
|
|
|
|
Abstract:
|
|
|
|
System database access routines.
|
|
|
|
Author:
|
|
|
|
Matthew Bradburn (mattbr) 04-Mar-1992
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#include "psxsrv.h"
|
|
#include "psxmsg.h"
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <ntsam.h>
|
|
#include <ntlsa.h>
|
|
#include <seposix.h>
|
|
#include <ctype.h>
|
|
|
|
#define UNICODE
|
|
#include <windef.h>
|
|
#include <winbase.h>
|
|
|
|
static NTSTATUS
|
|
PutUserInfo(
|
|
PSID DomainSid,
|
|
SAM_HANDLE DomainHandle,
|
|
ULONG UserId,
|
|
PCHAR DataDest,
|
|
OUT int *pLength
|
|
);
|
|
|
|
static VOID
|
|
PutSpecialUserInfo(
|
|
PUNICODE_STRING Name,
|
|
PCHAR DataDest,
|
|
uid_t Uid,
|
|
OUT int *pLength
|
|
);
|
|
|
|
static NTSTATUS
|
|
PutGroupInfo(
|
|
PSID DomainSid,
|
|
SAM_HANDLE DomainHandle,
|
|
ULONG GroupId,
|
|
PCHAR DataDest,
|
|
IN SID_NAME_USE Type,
|
|
OUT int *pLength
|
|
);
|
|
|
|
static VOID
|
|
PutSpecialGroupInfo(
|
|
PUNICODE_STRING Name,
|
|
PCHAR DataDest,
|
|
gid_t Gid,
|
|
OUT int *pLength
|
|
);
|
|
|
|
static BOOLEAN
|
|
ConvertPathToPsx(
|
|
ANSI_STRING *A
|
|
);
|
|
|
|
PSID
|
|
GetSpecialSid(
|
|
uid_t Uid
|
|
);
|
|
|
|
NTSTATUS
|
|
MySamConnect(
|
|
IN PSID DomainSid, // NULL if domain unknown
|
|
OUT PSAM_HANDLE ServerHandle
|
|
)
|
|
{
|
|
SECURITY_QUALITY_OF_SERVICE
|
|
SecurityQoS;
|
|
OBJECT_ATTRIBUTES
|
|
Obj;
|
|
NTSTATUS
|
|
Status;
|
|
LSA_HANDLE
|
|
TrustedDomainHandle,
|
|
PolicyHandle;
|
|
PTRUSTED_CONTROLLERS_INFO
|
|
pBuf;
|
|
ULONG i;
|
|
|
|
SecurityQoS.ImpersonationLevel = SecurityIdentification;
|
|
SecurityQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
SecurityQoS.EffectiveOnly = TRUE;
|
|
|
|
InitializeObjectAttributes(&Obj, NULL, 0, NULL, NULL);
|
|
Obj.SecurityQualityOfService = &SecurityQoS;
|
|
|
|
if (NULL == DomainSid) {
|
|
Status = SamConnect(NULL, ServerHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE, &Obj);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't connect to SAM: 0x%x\n",
|
|
Status));
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
Status = LsaOpenPolicy(NULL, &Obj, GENERIC_EXECUTE, &PolicyHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: MySamConnect: LsaOpenPolicy: 0x%x\n", Status));
|
|
return Status;
|
|
}
|
|
Status = LsaOpenTrustedDomain(PolicyHandle, DomainSid,
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
&TrustedDomainHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
LsaClose(PolicyHandle);
|
|
|
|
Status = SamConnect(NULL, ServerHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE, &Obj);
|
|
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't connect to SAM: 0x%x\n",
|
|
Status));
|
|
}
|
|
return Status;
|
|
}
|
|
Status = LsaQueryInfoTrustedDomain(TrustedDomainHandle,
|
|
TrustedControllersInformation, (PVOID *)&pBuf);
|
|
LsaClose(PolicyHandle);
|
|
LsaClose(TrustedDomainHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: MySamConnect: LsaQueryInfoTrusted: 0x%x\n",
|
|
Status));
|
|
return Status;
|
|
}
|
|
for (i = 0; i < pBuf->Entries; ++i) {
|
|
if (0 == pBuf->Names[i].Length) {
|
|
// the null string signifies domain controller unknown
|
|
continue;
|
|
}
|
|
Status = SamConnect(&pBuf->Names[i], ServerHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE, &Obj);
|
|
if (NT_SUCCESS(Status)) {
|
|
// found an acceptable choice
|
|
LsaFreeMemory(pBuf);
|
|
return Status;
|
|
}
|
|
}
|
|
LsaFreeMemory(pBuf);
|
|
|
|
//
|
|
// If there were no acceptable domain controllers, we try the
|
|
// machine domain
|
|
//
|
|
|
|
Status = SamConnect(NULL, ServerHandle, GENERIC_EXECUTE, &Obj);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't connect to SAM: 0x%x\n", Status));
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
NTSTATUS
|
|
GetMyAccountDomainName(
|
|
PUNICODE_STRING Domain_U
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
OBJECT_ATTRIBUTES Obj;
|
|
SECURITY_QUALITY_OF_SERVICE SecurityQoS;
|
|
LSA_HANDLE PolicyHandle;
|
|
PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo;
|
|
|
|
SecurityQoS.ImpersonationLevel = SecurityIdentification;
|
|
SecurityQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
SecurityQoS.EffectiveOnly = TRUE;
|
|
|
|
InitializeObjectAttributes(&Obj, NULL, 0, NULL, NULL);
|
|
Obj.SecurityQualityOfService = &SecurityQoS;
|
|
|
|
Status = LsaOpenPolicy(NULL, &Obj, GENERIC_EXECUTE, &PolicyHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
return Status;
|
|
}
|
|
Status = LsaQueryInformationPolicy(PolicyHandle,
|
|
PolicyAccountDomainInformation, (PVOID *)&AccountDomainInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
LsaClose(PolicyHandle);
|
|
return Status;
|
|
}
|
|
|
|
LsaClose(PolicyHandle);
|
|
|
|
Domain_U->MaximumLength = AccountDomainInfo->DomainName.MaximumLength;
|
|
Domain_U->Buffer = RtlAllocateHeap(PsxHeap, 0,
|
|
Domain_U->MaximumLength);
|
|
if (NULL == Domain_U->Buffer) {
|
|
return STATUS_NO_MEMORY;
|
|
}
|
|
|
|
RtlCopyUnicodeString(Domain_U, &AccountDomainInfo->DomainName);
|
|
|
|
LsaFreeMemory(AccountDomainInfo);
|
|
|
|
return STATUS_SUCCESS;
|
|
}
|
|
|
|
BOOLEAN
|
|
PsxGetPwUid(
|
|
IN PPSX_PROCESS p,
|
|
IN PPSX_API_MSG m
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PPSX_GETPWUID_MSG args;
|
|
PSID DomainSid;
|
|
SAM_HANDLE
|
|
ServerHandle = NULL,
|
|
DomainHandle = NULL;
|
|
LSA_HANDLE
|
|
PolicyHandle = NULL;
|
|
|
|
PSID Sid = NULL;
|
|
OBJECT_ATTRIBUTES Obj;
|
|
SECURITY_QUALITY_OF_SERVICE SecurityQoS;
|
|
PLSA_REFERENCED_DOMAIN_LIST ReferencedDomains;
|
|
PLSA_TRANSLATED_NAME Names;
|
|
|
|
args = &m->u.GetPwUid;
|
|
|
|
if (SE_NULL_POSIX_ID == (args->Uid & 0xFFFF0000)) {
|
|
// Special case for universal well-known sids and nt
|
|
// ... well-known sids.
|
|
|
|
Sid = GetSpecialSid(args->Uid);
|
|
if (NULL == Sid) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
goto TryLsa;
|
|
}
|
|
|
|
DomainSid = GetSidByOffset(args->Uid & 0xFFFF0000);
|
|
if (NULL == DomainSid) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
Status = MySamConnect(DomainSid, &ServerHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
Status = SamOpenDomain(ServerHandle, GENERIC_EXECUTE, DomainSid,
|
|
&DomainHandle);
|
|
if (NT_SUCCESS(Status)) {
|
|
Status = PutUserInfo(DomainSid, DomainHandle,
|
|
args->Uid & 0xFFFF,
|
|
(PCHAR)args->PwBuf, &args->Length);
|
|
if (NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
//
|
|
// SAM can't find the name, so we'll try the LSA.
|
|
//
|
|
|
|
|
|
Sid = MakeSid(DomainSid, args->Uid & 0x0000FFFF);
|
|
|
|
TryLsa:
|
|
SecurityQoS.ImpersonationLevel = SecurityIdentification;
|
|
SecurityQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
SecurityQoS.EffectiveOnly = TRUE;
|
|
|
|
InitializeObjectAttributes(&Obj, NULL, 0, NULL, NULL);
|
|
Obj.SecurityQualityOfService = &SecurityQoS;
|
|
|
|
Status = LsaOpenPolicy(NULL, &Obj, GENERIC_EXECUTE, &PolicyHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = PsxStatusToErrno(Status);
|
|
goto out;
|
|
}
|
|
|
|
Status = LsaLookupSids(PolicyHandle, 1, &Sid, &ReferencedDomains,
|
|
&Names);
|
|
if (NT_SUCCESS(Status)) {
|
|
LsaFreeMemory((PVOID)ReferencedDomains);
|
|
PutSpecialUserInfo(&Names->Name, (PCHAR)args->PwBuf,
|
|
args->Uid, &args->Length);
|
|
LsaFreeMemory((PVOID)Names);
|
|
} else {
|
|
UNICODE_STRING U;
|
|
RtlConvertSidToUnicodeString(&U, Sid, TRUE);
|
|
PutSpecialUserInfo(&U, (PCHAR)args->PwBuf, args->Uid,
|
|
&args->Length);
|
|
RtlFreeUnicodeString(&U);
|
|
}
|
|
|
|
out:
|
|
if (NULL != Sid) RtlFreeHeap(PsxHeap, 0, (PVOID)Sid);
|
|
if (NULL != ServerHandle) SamCloseHandle(ServerHandle);
|
|
if (NULL != DomainHandle) SamCloseHandle(DomainHandle);
|
|
if (NULL != PolicyHandle) LsaClose(PolicyHandle);
|
|
return TRUE;
|
|
}
|
|
|
|
BOOLEAN
|
|
PsxGetPwNam(
|
|
IN PPSX_PROCESS p,
|
|
IN PPSX_API_MSG m
|
|
)
|
|
{
|
|
PPSX_GETPWNAM_MSG args;
|
|
NTSTATUS Status;
|
|
UNICODE_STRING
|
|
Name_U, // the user's name in unicode
|
|
Domain_U; // the name of the account domain
|
|
ANSI_STRING
|
|
Name_A; // the user's name in Ansi
|
|
PULONG pUserId = NULL; // the relative offset for the user
|
|
SAM_HANDLE
|
|
ServerHandle = NULL,
|
|
DomainHandle = NULL;
|
|
PSID_NAME_USE
|
|
pUse;
|
|
PSID DomainSid = NULL;
|
|
WCHAR ComputerNameBuf[32 + 1];
|
|
ULONG Len = 32 + 1;
|
|
|
|
Name_U.Buffer = NULL;
|
|
|
|
args = &m->u.GetPwNam;
|
|
|
|
Status = MySamConnect(DomainSid, &ServerHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
//
|
|
// Find the name of the local machine -- we look there for
|
|
// the name being requested.
|
|
//
|
|
|
|
if (!GetComputerName(ComputerNameBuf, &Len)) {
|
|
KdPrint(("PSXSS: GetComputerName: 0x%x\n", GetLastError()));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
RtlInitUnicodeString(&Domain_U, ComputerNameBuf);
|
|
Status = SamLookupDomainInSamServer(ServerHandle, &Domain_U,
|
|
&DomainSid);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't lookup domain: 0x%x\n", Status));
|
|
|
|
//
|
|
// If the "machinename" domain didn't work, try the
|
|
// account domain.
|
|
//
|
|
|
|
Status = GetMyAccountDomainName(&Domain_U);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
Status = SamLookupDomainInSamServer(ServerHandle, &Domain_U,
|
|
&DomainSid);
|
|
|
|
RtlFreeHeap(PsxHeap, 0, (PVOID)Domain_U.Buffer);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't lookup acct domain: 0x%x\n", Status));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
Status = SamOpenDomain(ServerHandle, GENERIC_EXECUTE, DomainSid,
|
|
&DomainHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
RtlInitAnsiString(&Name_A, args->Name);
|
|
Status = RtlAnsiStringToUnicodeString(&Name_U, &Name_A, TRUE);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = ENOMEM;
|
|
goto out;
|
|
}
|
|
|
|
Status = SamLookupNamesInDomain(DomainHandle, 1, &Name_U, &pUserId,
|
|
&pUse);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = ENOENT;
|
|
goto out;
|
|
}
|
|
|
|
// Make sure the name is a user name.
|
|
if (*pUse != SidTypeUser) {
|
|
SamFreeMemory(pUse);
|
|
KdPrint(("PSXSS: Group name is type %d\n", *pUse));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
SamFreeMemory(pUse);
|
|
|
|
Status = PutUserInfo(DomainSid, DomainHandle, *pUserId,
|
|
(PCHAR)args->PwBuf, &args->Length);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
}
|
|
out:
|
|
if (NULL != ServerHandle) {
|
|
SamCloseHandle(ServerHandle);
|
|
}
|
|
if (NULL != DomainHandle) {
|
|
SamCloseHandle(DomainHandle);
|
|
}
|
|
if (NULL != Name_U.Buffer) {
|
|
RtlFreeUnicodeString(&Name_U);
|
|
}
|
|
if (NULL != pUserId) {
|
|
SamFreeMemory(pUserId);
|
|
}
|
|
if (NULL != DomainSid) {
|
|
SamFreeMemory(DomainSid);
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
static VOID
|
|
PutSpecialUserInfo(
|
|
PUNICODE_STRING Name,
|
|
PCHAR DataDest,
|
|
uid_t Uid,
|
|
OUT int *pLength
|
|
)
|
|
{
|
|
PCHAR pch;
|
|
struct passwd *pwd;
|
|
ANSI_STRING A;
|
|
|
|
pwd = (struct passwd *)DataDest;
|
|
pwd->pw_uid = Uid;
|
|
|
|
|
|
// Don't know what the gid should be, we use the uid.
|
|
pwd->pw_gid = Uid;
|
|
|
|
pch = DataDest + sizeof(struct passwd);
|
|
pwd->pw_name = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = NAME_MAX;
|
|
RtlUnicodeStringToAnsiString(&A, Name, FALSE);
|
|
|
|
pch += strlen(pch) + 1;
|
|
pwd->pw_dir = pch - (ULONG_PTR)DataDest;
|
|
strcpy(pch, "/");
|
|
|
|
pch += strlen(pch) + 1;
|
|
pwd->pw_shell = pch - (ULONG_PTR)DataDest;
|
|
strcpy(pch, "noshell");
|
|
|
|
pch += strlen(pch) + 1;
|
|
*pLength = (int)((ULONG_PTR)pch - (ULONG_PTR)DataDest);
|
|
}
|
|
|
|
//
|
|
// PutUserInfo -- place password database information about the user at
|
|
// the specified data destination address.
|
|
//
|
|
static NTSTATUS
|
|
PutUserInfo(
|
|
PSID DomainSid,
|
|
SAM_HANDLE DomainHandle,
|
|
ULONG UserId,
|
|
PCHAR DataDest,
|
|
int *pLength
|
|
)
|
|
{
|
|
SAM_HANDLE
|
|
UserHandle = NULL;
|
|
PUSER_ACCOUNT_INFORMATION
|
|
AccountInfo = NULL;
|
|
PSID Sid; // User Sid
|
|
ULONG SpaceLeft;
|
|
struct passwd *pwd;
|
|
PCHAR pch;
|
|
NTSTATUS Status;
|
|
ANSI_STRING A;
|
|
PCHAR pchPsxDir;
|
|
|
|
Status = SamOpenUser(DomainHandle, GENERIC_READ | GENERIC_EXECUTE,
|
|
UserId, &UserHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
|
|
Status = SamQueryInformationUser(UserHandle, UserAccountInformation,
|
|
(PVOID *)&AccountInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't query info user: 0x%x\n", Status));
|
|
goto out;
|
|
}
|
|
|
|
pwd = (struct passwd *)DataDest;
|
|
Sid = MakeSid(DomainSid, AccountInfo->UserId);
|
|
if (NULL == Sid) {
|
|
goto out;
|
|
}
|
|
pwd->pw_uid = MakePosixId(Sid);
|
|
|
|
RtlFreeHeap(PsxHeap, 0, (PVOID)Sid);
|
|
|
|
Sid = MakeSid(DomainSid, AccountInfo->PrimaryGroupId);
|
|
if (NULL == Sid) {
|
|
goto out;
|
|
}
|
|
pwd->pw_gid = MakePosixId(Sid);
|
|
|
|
RtlFreeHeap(PsxHeap, 0, (PVOID)Sid);
|
|
|
|
SpaceLeft = ARG_MAX - sizeof(struct passwd);
|
|
|
|
pch = DataDest + sizeof(struct passwd);
|
|
pwd->pw_name = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = (USHORT)SpaceLeft;
|
|
Status = RtlUnicodeStringToAnsiString(&A, &AccountInfo->UserName,
|
|
FALSE);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
SpaceLeft -= A.Length;
|
|
|
|
pch = pch + A.Length + 1;
|
|
pwd->pw_dir = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = (USHORT)SpaceLeft;
|
|
|
|
Status = RtlUnicodeStringToAnsiString(&A, &AccountInfo->HomeDirectory,
|
|
FALSE);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
if (!ConvertPathToPsx(&A)) {
|
|
goto out;
|
|
}
|
|
SpaceLeft -= A.Length;
|
|
|
|
if (SpaceLeft <= strlen("noshell")) {
|
|
goto out;
|
|
}
|
|
|
|
pch = pch + A.Length + 1;
|
|
pwd->pw_shell = pch - (ULONG_PTR)DataDest;
|
|
strcpy(pch, "noshell");
|
|
|
|
pch += strlen(pch) + 1;
|
|
|
|
*pLength = (int)((ULONG_PTR)pch - (ULONG_PTR)DataDest);
|
|
|
|
out:
|
|
if (NULL != UserHandle) {
|
|
SamCloseHandle(UserHandle);
|
|
}
|
|
if (NULL != AccountInfo) {
|
|
SamFreeMemory(AccountInfo);
|
|
}
|
|
return Status;
|
|
}
|
|
|
|
BOOLEAN
|
|
PsxGetGrGid(
|
|
IN PPSX_PROCESS p,
|
|
IN PPSX_API_MSG m
|
|
)
|
|
{
|
|
NTSTATUS Status;
|
|
PPSX_GETGRGID_MSG args;
|
|
ULONG Gid;
|
|
PSID DomainSid, GroupSid;
|
|
SAM_HANDLE
|
|
ServerHandle = NULL,
|
|
DomainHandle = NULL;
|
|
PLSA_REFERENCED_DOMAIN_LIST
|
|
ReferencedDomains = NULL;
|
|
PLSA_TRANSLATED_NAME
|
|
Names = NULL;
|
|
LSA_HANDLE PolicyHandle = NULL;
|
|
|
|
OBJECT_ATTRIBUTES Obj;
|
|
SECURITY_QUALITY_OF_SERVICE SecurityQoS;
|
|
PSID Sid = NULL;
|
|
|
|
args = &m->u.GetGrGid;
|
|
Gid = args->Gid;
|
|
|
|
if (0xFFF == Gid) {
|
|
UNICODE_STRING U;
|
|
|
|
//
|
|
// This is a login group, which we'll just translate to
|
|
// S-1-5-5-0-0
|
|
//
|
|
|
|
RtlInitUnicodeString(&U, L"S-1-5-5-0-0");
|
|
PutSpecialGroupInfo(&U, (PCHAR)args->GrBuf, Gid,
|
|
&args->Length);
|
|
return TRUE;
|
|
}
|
|
|
|
if (SE_NULL_POSIX_ID == (Gid & 0xFFFF0000)) {
|
|
// Special case for universal well-known sids and nt
|
|
// ... well-known sids.
|
|
|
|
Sid = GetSpecialSid(Gid);
|
|
if (NULL == Sid) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
goto TryLsa;
|
|
}
|
|
|
|
DomainSid = GetSidByOffset(Gid & 0xFFFF0000);
|
|
if (NULL == DomainSid) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
Status = MySamConnect(DomainSid, &ServerHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
Status = SamOpenDomain(ServerHandle, GENERIC_READ | GENERIC_EXECUTE,
|
|
DomainSid, &DomainHandle);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
|
|
//
|
|
// Look for a group
|
|
//
|
|
|
|
Status = PutGroupInfo(DomainSid, DomainHandle, Gid & 0xFFFF,
|
|
(PCHAR)args->GrBuf, SidTypeGroup,
|
|
&args->Length);
|
|
if (NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
|
|
//
|
|
// Try again, except look for an alias
|
|
//
|
|
|
|
Status = PutGroupInfo(DomainSid, DomainHandle, Gid & 0xFFFF,
|
|
(PCHAR)args->GrBuf, SidTypeAlias, &args->Length);
|
|
|
|
if (NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Give up looking in SAM, ask LSA to identify.
|
|
//
|
|
|
|
Sid = MakeSid(DomainSid, Gid & 0x0000FFFF);
|
|
|
|
TryLsa:
|
|
SecurityQoS.ImpersonationLevel = SecurityIdentification;
|
|
SecurityQoS.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
|
|
SecurityQoS.EffectiveOnly = TRUE;
|
|
|
|
InitializeObjectAttributes(&Obj, NULL, 0, NULL, NULL);
|
|
Obj.SecurityQualityOfService = &SecurityQoS;
|
|
|
|
Status = LsaOpenPolicy(NULL, &Obj, GENERIC_EXECUTE, &PolicyHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = PsxStatusToErrno(Status);
|
|
goto out;
|
|
}
|
|
|
|
Status = LsaLookupSids(PolicyHandle, 1, &Sid, &ReferencedDomains,
|
|
&Names);
|
|
if (NT_SUCCESS(Status)) {
|
|
LsaFreeMemory((PVOID)ReferencedDomains);
|
|
PutSpecialGroupInfo(&Names->Name, (PCHAR)args->GrBuf, Gid,
|
|
&args->Length);
|
|
LsaFreeMemory((PVOID)Names);
|
|
goto out;
|
|
} else {
|
|
UNICODE_STRING U;
|
|
RtlConvertSidToUnicodeString(&U, Sid, TRUE);
|
|
PutSpecialGroupInfo(&U, (PCHAR)args->GrBuf, Gid,
|
|
&args->Length);
|
|
RtlFreeUnicodeString(&U);
|
|
goto out;
|
|
}
|
|
|
|
out:
|
|
if (NULL != PolicyHandle) LsaClose(PolicyHandle);
|
|
if (NULL != ServerHandle) SamCloseHandle(ServerHandle);
|
|
if (NULL != DomainHandle) SamCloseHandle(DomainHandle);
|
|
if (NULL != Sid) RtlFreeHeap(PsxHeap, 0, (PVOID)Sid);
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
BOOLEAN
|
|
PsxGetGrNam(
|
|
IN PPSX_PROCESS p,
|
|
IN PPSX_API_MSG m
|
|
)
|
|
{
|
|
PPSX_GETGRNAM_MSG args;
|
|
NTSTATUS Status;
|
|
UNICODE_STRING
|
|
Name_U, // the group name in unicode
|
|
Domain_U; // the name of the account domain
|
|
ANSI_STRING
|
|
Name_A; // the group name in Ansi
|
|
PULONG pGroupId = NULL; // the relative offset for the group
|
|
SAM_HANDLE
|
|
ServerHandle = NULL,
|
|
DomainHandle = NULL;
|
|
PSID_NAME_USE
|
|
pUse;
|
|
PSID DomainSid = NULL,
|
|
Sid = NULL;
|
|
WCHAR ComputerNameBuf[32 + 1];
|
|
ULONG Len = 32 + 1;
|
|
SID_NAME_USE Type;
|
|
|
|
Name_U.Buffer = NULL;
|
|
args = &m->u.GetGrNam;
|
|
|
|
Status = MySamConnect(DomainSid, &ServerHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
return TRUE;
|
|
}
|
|
|
|
//
|
|
// Find the name of the local machine -- we look here for
|
|
// the name being requested.
|
|
//
|
|
|
|
if (!GetComputerName(ComputerNameBuf, &Len)) {
|
|
KdPrint(("PSXSS: GetComputerName: 0x%x\n", GetLastError()));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
RtlInitUnicodeString(&Domain_U, ComputerNameBuf);
|
|
|
|
Status = SamLookupDomainInSamServer(ServerHandle, &Domain_U,
|
|
&DomainSid);
|
|
if (!NT_SUCCESS(Status)) {
|
|
//
|
|
// If the "machinename" domain didn't work, try the
|
|
// account domain.
|
|
//
|
|
|
|
Status = GetMyAccountDomainName(&Domain_U);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
Status = SamLookupDomainInSamServer(ServerHandle, &Domain_U,
|
|
&DomainSid);
|
|
RtlFreeHeap(PsxHeap, 0, (PVOID)Domain_U.Buffer);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't lookup acct domain: 0x%x\n", Status));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
Status = SamOpenDomain(ServerHandle, GENERIC_READ | GENERIC_EXECUTE,
|
|
DomainSid, &DomainHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't open domain: 0x%x\n", Status));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
RtlInitAnsiString(&Name_A, args->Name);
|
|
Status = RtlAnsiStringToUnicodeString(&Name_U, &Name_A, TRUE);
|
|
if (!NT_SUCCESS(Status)) {
|
|
m->Error = ENOMEM;
|
|
goto out;
|
|
}
|
|
|
|
Status = SamLookupNamesInDomain(DomainHandle, 1, &Name_U, &pGroupId,
|
|
&pUse);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't lookup name: 0x%x\n", Status));
|
|
m->Error = 1;
|
|
goto out;
|
|
}
|
|
|
|
// Make sure the name is a group name.
|
|
Type = *pUse;
|
|
|
|
SamFreeMemory(pUse);
|
|
if (Type != SidTypeGroup && Type != SidTypeAlias) {
|
|
m->Error = EINVAL;
|
|
goto out;
|
|
}
|
|
|
|
Status = PutGroupInfo(DomainSid, DomainHandle, *pGroupId,
|
|
(PCHAR)args->GrBuf, Type, &args->Length);
|
|
|
|
out:
|
|
if (NULL != ServerHandle) {
|
|
SamCloseHandle(ServerHandle);
|
|
}
|
|
if (NULL != DomainHandle) {
|
|
SamCloseHandle(DomainHandle);
|
|
}
|
|
if (NULL != Name_U.Buffer) {
|
|
RtlFreeUnicodeString(&Name_U);
|
|
}
|
|
if (NULL != pGroupId) {
|
|
SamFreeMemory(pGroupId);
|
|
}
|
|
if (NULL != DomainSid) {
|
|
SamFreeMemory(DomainSid);
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
static VOID
|
|
PutSpecialGroupInfo(
|
|
PUNICODE_STRING Name,
|
|
PCHAR DataDest,
|
|
gid_t Gid,
|
|
OUT int *pLength
|
|
)
|
|
{
|
|
struct group *grp;
|
|
PCHAR pch, *ppchMem;
|
|
ANSI_STRING A;
|
|
|
|
//
|
|
// The struct group goes at the beginning of the view memory,
|
|
// followed by the array of member name pointers.
|
|
//
|
|
grp = (struct group *)DataDest;
|
|
ppchMem = (PCHAR *)((PCHAR)DataDest + sizeof(struct group));
|
|
|
|
grp->gr_mem = (PCHAR *)((PCHAR)ppchMem - (ULONG_PTR)DataDest);
|
|
|
|
grp->gr_gid = Gid;
|
|
|
|
// No members.
|
|
|
|
ppchMem[0] = NULL;
|
|
|
|
pch = (PCHAR)(ppchMem + 1);
|
|
grp->gr_name = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = NAME_MAX;
|
|
RtlUnicodeStringToAnsiString(&A, Name, FALSE);
|
|
|
|
pch += strlen(pch) + 1;
|
|
*pLength = (int)((ULONG_PTR)(pch - (ULONG_PTR)DataDest));
|
|
}
|
|
|
|
NTSTATUS
|
|
GetUserNameFromSid(
|
|
PSID Sid,
|
|
PANSI_STRING pA)
|
|
{
|
|
ULONG SubAuthCount;
|
|
ULONG RelativeId;
|
|
PSID DomainSid = NULL;
|
|
SAM_HANDLE
|
|
ServerHandle = NULL,
|
|
DomainHandle = NULL,
|
|
UserHandle = NULL;
|
|
PUSER_ACCOUNT_INFORMATION
|
|
AccountInfo = NULL;
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
|
|
SubAuthCount = *RtlSubAuthorityCountSid(Sid);
|
|
RelativeId = *RtlSubAuthoritySid(Sid, SubAuthCount - 1);
|
|
|
|
DomainSid = RtlAllocateHeap(PsxHeap, 0, RtlLengthSid(Sid));
|
|
if (NULL == DomainSid) {
|
|
goto out;
|
|
}
|
|
Status = RtlCopySid(RtlLengthSid(Sid), DomainSid, Sid);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
--*RtlSubAuthorityCountSid(DomainSid);
|
|
|
|
Status = MySamConnect(DomainSid, &ServerHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
|
|
Status = SamOpenDomain(ServerHandle, GENERIC_EXECUTE,
|
|
DomainSid, &DomainHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
|
|
Status = SamOpenUser(DomainHandle, GENERIC_READ | GENERIC_EXECUTE,
|
|
RelativeId, &UserHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
|
|
Status = SamQueryInformationUser(UserHandle, UserAccountInformation,
|
|
(PVOID *)&AccountInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
Status = RtlUnicodeStringToAnsiString(pA, &AccountInfo->UserName, FALSE);
|
|
|
|
out:
|
|
if (NULL != DomainSid) RtlFreeHeap(PsxHeap, 0, DomainSid);
|
|
if (NULL != ServerHandle) SamCloseHandle(ServerHandle);
|
|
if (NULL != DomainHandle) SamCloseHandle(DomainHandle);
|
|
if (NULL != UserHandle) SamCloseHandle(UserHandle);
|
|
if (NULL != AccountInfo) SamFreeMemory(AccountInfo);
|
|
|
|
return Status;
|
|
}
|
|
|
|
static NTSTATUS
|
|
PutGroupInfo(
|
|
PSID DomainSid,
|
|
SAM_HANDLE DomainHandle,
|
|
ULONG GroupId,
|
|
PCHAR DataDest,
|
|
IN SID_NAME_USE Type,
|
|
OUT int *pLength
|
|
)
|
|
{
|
|
ANSI_STRING
|
|
A; // misc. ansi strings
|
|
PGROUP_NAME_INFORMATION
|
|
NameInfo = NULL;
|
|
ULONG SpaceLeft,
|
|
count,
|
|
i;
|
|
struct group *grp;
|
|
PCHAR pch, *ppchMem;
|
|
PSID Sid;
|
|
NTSTATUS Status;
|
|
SAM_HANDLE GroupHandle = NULL;
|
|
PULONG
|
|
puGroupMem = NULL, // array of group members' relative id's
|
|
puAttr = NULL; // array of group members' attributes
|
|
PSID
|
|
*ppsGroupMem = NULL; // array of alias members' relative id's
|
|
|
|
//
|
|
// The struct group goes at the beginning of the view memory,
|
|
// followed by the array of member name pointers.
|
|
//
|
|
grp = (struct group *)DataDest;
|
|
ppchMem = (PCHAR *)((PCHAR)DataDest + sizeof(struct group));
|
|
|
|
grp->gr_mem = (PCHAR *)((PCHAR)ppchMem - (ULONG_PTR)DataDest);
|
|
|
|
Sid = MakeSid(DomainSid, GroupId);
|
|
if (NULL == Sid) {
|
|
goto out;
|
|
}
|
|
grp->gr_gid = MakePosixId(Sid);
|
|
RtlFreeHeap(PsxHeap, 0, Sid);
|
|
|
|
if (SidTypeGroup == Type) {
|
|
Status = SamOpenGroup(DomainHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
GroupId, &GroupHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
Status = SamGetMembersInGroup(GroupHandle, &puGroupMem,
|
|
&puAttr, &count);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
Status = SamQueryInformationGroup(GroupHandle,
|
|
GroupNameInformation, (PVOID *)&NameInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't query info group: 0x%x\n",
|
|
Status));
|
|
goto out;
|
|
}
|
|
} else {
|
|
Status = SamOpenAlias(DomainHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
GroupId, &GroupHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
Status = SamGetMembersInAlias(GroupHandle, &ppsGroupMem,
|
|
&count);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
Status = SamQueryInformationAlias(GroupHandle,
|
|
AliasNameInformation, (PVOID *)&NameInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: Can't query info alias: 0x%x\n",
|
|
Status));
|
|
goto out;
|
|
}
|
|
}
|
|
|
|
|
|
//
|
|
// The strings start after the member name pointer array. We leave
|
|
// an extra member name pointer for the null-terminator.
|
|
//
|
|
|
|
pch = (PCHAR)(ppchMem + 1 + count);
|
|
|
|
SpaceLeft = (ULONG)(PSX_CLIENT_PORT_MEMORY_SIZE -
|
|
(ULONG_PTR)(pch - (ULONG_PTR)DataDest));
|
|
grp->gr_name = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = (USHORT)SpaceLeft;
|
|
Status = RtlUnicodeStringToAnsiString(&A, &NameInfo->Name, FALSE);
|
|
if (!NT_SUCCESS(Status)) {
|
|
goto out;
|
|
}
|
|
SpaceLeft -= A.Length;
|
|
pch = pch + A.Length + 1;
|
|
|
|
for (i = 0; i < count; ++i) {
|
|
|
|
SAM_HANDLE UserHandle;
|
|
PUSER_ACCOUNT_NAME_INFORMATION pUserInfo;
|
|
|
|
ppchMem[i] = pch - (ULONG_PTR)DataDest;
|
|
A.Buffer = pch;
|
|
A.MaximumLength = (USHORT)SpaceLeft;
|
|
|
|
if (Type == SidTypeGroup) {
|
|
Status = SamOpenUser(DomainHandle,
|
|
GENERIC_READ | GENERIC_EXECUTE,
|
|
puGroupMem[i], &UserHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: SamOpenUser: 0x%x\n", Status));
|
|
continue;
|
|
}
|
|
|
|
Status = SamQueryInformationUser(UserHandle,
|
|
UserAccountNameInformation,
|
|
(PVOID *)&pUserInfo);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: SamQueryInfoUser: 0x%x\n",
|
|
Status));
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
Status = SamCloseHandle(UserHandle);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: SamCloseHandle: 0x%x\n",
|
|
Status));
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
RtlUnicodeStringToAnsiString(&A,
|
|
&pUserInfo->UserName, FALSE);
|
|
|
|
SamFreeMemory(pUserInfo);
|
|
} else {
|
|
Status = GetUserNameFromSid(ppsGroupMem[i], &A);
|
|
if (!NT_SUCCESS(Status)) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
SpaceLeft -= A.Length;
|
|
pch = pch + A.Length + 1;
|
|
|
|
}
|
|
|
|
ppchMem[i] = NULL;
|
|
*pLength = (int)((ULONG_PTR)(pch - (ULONG_PTR)DataDest));
|
|
|
|
SamCloseHandle(GroupHandle);
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
out:
|
|
if (NULL != GroupHandle) {
|
|
SamCloseHandle(GroupHandle);
|
|
}
|
|
if (NULL != puGroupMem) {
|
|
SamFreeMemory(puGroupMem);
|
|
}
|
|
if (NULL != ppsGroupMem) {
|
|
SamFreeMemory(ppsGroupMem);
|
|
}
|
|
if (NULL != puAttr) {
|
|
SamFreeMemory(puAttr);
|
|
}
|
|
if (NULL != NameInfo) {
|
|
SamFreeMemory(NameInfo);
|
|
}
|
|
return STATUS_BUFFER_TOO_SMALL;
|
|
}
|
|
|
|
//
|
|
// MakeSid -- Attach the given relative id to the given Domain Sid to
|
|
// make a new Sid, and return it. That new sid must be freed with
|
|
// RtlFreeHeap.
|
|
//
|
|
PSID
|
|
MakeSid(
|
|
PSID DomainSid,
|
|
ULONG RelativeId
|
|
)
|
|
{
|
|
PSID NewSid;
|
|
NTSTATUS Status;
|
|
UCHAR AuthCount;
|
|
int i;
|
|
|
|
AuthCount = *RtlSubAuthorityCountSid(DomainSid) + 1;
|
|
|
|
NewSid = RtlAllocateHeap(PsxHeap, 0, RtlLengthRequiredSid(AuthCount));
|
|
if (NULL == NewSid) {
|
|
return NULL;
|
|
}
|
|
|
|
Status = RtlInitializeSid(NewSid, RtlIdentifierAuthoritySid(DomainSid),
|
|
AuthCount);
|
|
if (!NT_SUCCESS(Status)) {
|
|
KdPrint(("PSXSS: 0x%x\n", Status));
|
|
}
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
//
|
|
// Copy the Domain Sid.
|
|
//
|
|
|
|
for (i = 0; i < AuthCount - 1; ++i) {
|
|
*RtlSubAuthoritySid(NewSid, i) = *RtlSubAuthoritySid(DomainSid,
|
|
i);
|
|
}
|
|
|
|
//
|
|
// Append the Relative Id.
|
|
//
|
|
|
|
*RtlSubAuthoritySid(NewSid, AuthCount - 1) = RelativeId;
|
|
|
|
return NewSid;
|
|
}
|
|
|
|
//
|
|
// ConvertPathToPsx -- Converts an ANSI_STRING representation of
|
|
// a path to a posix format path. The ANSI_STRING's buffer is assumed
|
|
// to point to a section of the ClientView memory, and the MaximumLength
|
|
// member of the ANSI_STRING is assumed to be set to the maximum length
|
|
// of the final path string. This function will modify the Buffer and
|
|
// Length members of the input ANSI_STRING. This function will return
|
|
// false if a working buffer cannot be allocated in the PsxHeap heap.
|
|
//
|
|
static BOOLEAN
|
|
ConvertPathToPsx (
|
|
ANSI_STRING *A
|
|
)
|
|
{
|
|
PCHAR TmpBuff;
|
|
PCHAR InRover;
|
|
PCHAR OutRover;
|
|
|
|
TmpBuff = RtlAllocateHeap(PsxHeap, 0, A->Length*2);
|
|
if (NULL == TmpBuff) {
|
|
return(FALSE);
|
|
}
|
|
if (*(A->Buffer) == '\0') {
|
|
strcpy(TmpBuff, "//C/" );
|
|
} else {
|
|
for (InRover = A->Buffer, OutRover = TmpBuff;
|
|
*InRover != '\0';
|
|
++InRover) {
|
|
if (';' == *InRover) {
|
|
// semis become colons
|
|
*OutRover++ = ':';
|
|
} else if ('\\' == *InRover) {
|
|
// back-slashes become forward-slashes
|
|
*OutRover++ = '/';
|
|
} else if (':' == *(InRover + 1)) {
|
|
// "X:" becomes "//X" - drive letter must be uppercase
|
|
*OutRover++ = '/';
|
|
*OutRover++ = '/';
|
|
*OutRover++ = (CHAR)toupper(*InRover);
|
|
++InRover; // skip the colon
|
|
} else {
|
|
*OutRover++ = *InRover;
|
|
}
|
|
}
|
|
*OutRover = '\0';
|
|
}
|
|
strcpy(A->Buffer, TmpBuff);
|
|
A->Length = (USHORT)strlen(A->Buffer);
|
|
RtlFreeHeap(PsxHeap, 0, (PVOID)TmpBuff);
|
|
return (TRUE);
|
|
}
|
|
|
|
PSID
|
|
GetSpecialSid(
|
|
uid_t Uid
|
|
)
|
|
{
|
|
PSID Sid;
|
|
NTSTATUS Status;
|
|
SID_IDENTIFIER_AUTHORITY Auth = SECURITY_NULL_SID_AUTHORITY;
|
|
UCHAR uc;
|
|
ULONG ul;
|
|
|
|
Sid = RtlAllocateHeap(PsxHeap, 0, RtlLengthRequiredSid(1));
|
|
if (NULL == Sid)
|
|
return NULL;
|
|
|
|
Status = RtlInitializeSid(Sid, &Auth, 1);
|
|
ASSERT(NT_SUCCESS(Status));
|
|
|
|
uc = (UCHAR)((Uid & 0xFFF) >> 8);
|
|
RtlIdentifierAuthoritySid(Sid)->Value[5] = uc;
|
|
|
|
ul = Uid & 0xF;
|
|
*RtlSubAuthoritySid(Sid, 0) = ul;
|
|
|
|
return Sid;
|
|
}
|