Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

221 lines
7.0 KiB

// --------------------------------------------------------------------------
// Module Name: TokenGroups.cpp
//
// Copyright (c) 1999-2000, Microsoft Corporation
//
// Classes related to authentication for use in neptune logon
//
// History: 1999-08-17 vtan created
// 2000-02-01 vtan moved from Neptune to Whistler
// --------------------------------------------------------------------------
#include "StandardHeader.h"
#include "TokenGroups.h"
// --------------------------------------------------------------------------
// CTokenGroups::sLocalSID
//
// Purpose: Static member variable for local authority (owner) SID.
// --------------------------------------------------------------------------
PSID CTokenGroups::s_localSID = NULL;
PSID CTokenGroups::s_administratorSID = NULL;
// --------------------------------------------------------------------------
// CTokenGroups::CTokenGroups
//
// Arguments: <none>
//
// Returns: <none>
//
// Purpose: Initialize CTokenGroups object.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
CTokenGroups::CTokenGroups (void) :
_pTokenGroups(NULL)
{
ASSERTMSG((s_localSID != NULL) && (s_administratorSID != NULL), "Cannot use CTokenGroups with invoking CTokenGroups::StaticInitialize");
}
// --------------------------------------------------------------------------
// CTokenGroups::CTokenGroups
//
// Arguments: <none>
//
// Returns: <none>
//
// Purpose: Destroys buffer used by CTokenGroups if created.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
CTokenGroups::~CTokenGroups (void)
{
ReleaseMemory(_pTokenGroups);
}
// --------------------------------------------------------------------------
// CTokenGroups::Get
//
// Arguments: <none>
//
// Returns: const TOKEN_GROUPS* = Pointer to the TOKEN_GROUPS
// created in CTokenGroups::Create.
//
// Purpose: Returns the pointer to the TOKEN_GROUPS created in
// CTokenGroups::Create for use with secur32!LsaLogonUser.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
const TOKEN_GROUPS* CTokenGroups::Get (void) const
{
return(_pTokenGroups);
}
// --------------------------------------------------------------------------
// CTokenGroups::CreateLogonGroup
//
// Arguments: pLogonSID = logon SID to be used when create the token
// group for logon. This will include the local
// authority SID as well.
//
// Returns: NTSTATUS
//
// Purpose: Creates the TOKEN_GROUP with logon SID and local authority
// SID for use with secur32!LsaLogonUser.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
NTSTATUS CTokenGroups::CreateLogonGroup (PSID pLogonSID)
{
static const int TOKEN_GROUP_COUNT = 2;
NTSTATUS status;
_pTokenGroups = static_cast<PTOKEN_GROUPS>(LocalAlloc(LPTR, sizeof(TOKEN_GROUPS) + (sizeof(SID_AND_ATTRIBUTES) * (TOKEN_GROUP_COUNT - ANYSIZE_ARRAY))));
if (_pTokenGroups != NULL)
{
_pTokenGroups->GroupCount = TOKEN_GROUP_COUNT;
_pTokenGroups->Groups[0].Sid = pLogonSID;
_pTokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
_pTokenGroups->Groups[1].Sid = s_localSID;
_pTokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT;
status = STATUS_SUCCESS;
}
else
{
status = STATUS_NO_MEMORY;
}
return(status);
}
// --------------------------------------------------------------------------
// CTokenGroups::CreateAdministratorGroup
//
// Arguments: <none>
//
// Returns: NTSTATUS
//
// Purpose: Creates a TOKEN_GROUP structure with the administrator's SID
//
// History: 1999-09-13 vtan created
// --------------------------------------------------------------------------
NTSTATUS CTokenGroups::CreateAdministratorGroup (void)
{
static const int TOKEN_GROUP_COUNT = 1;
NTSTATUS status;
_pTokenGroups = static_cast<PTOKEN_GROUPS>(LocalAlloc(LPTR, sizeof(TOKEN_GROUPS) + (sizeof(SID_AND_ATTRIBUTES) * (TOKEN_GROUP_COUNT - ANYSIZE_ARRAY))));
if (_pTokenGroups != NULL)
{
_pTokenGroups->GroupCount = TOKEN_GROUP_COUNT;
_pTokenGroups->Groups[0].Sid = s_administratorSID;
_pTokenGroups->Groups[0].Attributes = 0;
status = STATUS_SUCCESS;
}
else
{
status = STATUS_NO_MEMORY;
}
return(status);
}
// --------------------------------------------------------------------------
// CTokenGroups::StaticInitialize
//
// Arguments: <none>
//
// Returns: NTSTATUS
//
// Purpose: Allocates a SID for the local authority which identifies the
// owner.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
NTSTATUS CTokenGroups::StaticInitialize (void)
{
static SID_IDENTIFIER_AUTHORITY localSIDAuthority = SECURITY_LOCAL_SID_AUTHORITY;
static SID_IDENTIFIER_AUTHORITY systemSIDAuthority = SECURITY_NT_AUTHORITY;
NTSTATUS status;
ASSERTMSG(s_localSID == NULL, "CTokenGroups::StaticInitialize already invoked");
status = RtlAllocateAndInitializeSid(&localSIDAuthority,
1,
SECURITY_LOCAL_RID,
0, 0, 0, 0, 0, 0, 0,
&s_localSID);
if (NT_SUCCESS(status))
{
status = RtlAllocateAndInitializeSid(&systemSIDAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&s_administratorSID);
}
return(status);
}
// --------------------------------------------------------------------------
// CTokenGroups::StaticTerminate
//
// Arguments: <none>
//
// Returns: NTSTATUS
//
// Purpose: Destroys memory allocated for the local authority SID.
//
// History: 1999-08-17 vtan created
// --------------------------------------------------------------------------
NTSTATUS CTokenGroups::StaticTerminate (void)
{
if (s_administratorSID != NULL)
{
RtlFreeSid(s_administratorSID);
s_administratorSID = NULL;
}
if (s_localSID != NULL)
{
RtlFreeSid(s_localSID);
s_localSID = NULL;
}
return(STATUS_SUCCESS);
}