|
1 /* |
|
2 * Copyright (c) 2000, 2015, Oracle and/or its affiliates. All rights reserved. |
|
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
|
4 * |
|
5 * This code is free software; you can redistribute it and/or modify it |
|
6 * under the terms of the GNU General Public License version 2 only, as |
|
7 * published by the Free Software Foundation. Oracle designates this |
|
8 * particular file as subject to the "Classpath" exception as provided |
|
9 * by Oracle in the LICENSE file that accompanied this code. |
|
10 * |
|
11 * This code is distributed in the hope that it will be useful, but WITHOUT |
|
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or |
|
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License |
|
14 * version 2 for more details (a copy is included in the LICENSE file that |
|
15 * accompanied this code). |
|
16 * |
|
17 * You should have received a copy of the GNU General Public License version |
|
18 * 2 along with this work; if not, write to the Free Software Foundation, |
|
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. |
|
20 * |
|
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA |
|
22 * or visit www.oracle.com if you need additional information or have any |
|
23 * questions. |
|
24 */ |
|
25 |
|
26 #include <jni.h> |
|
27 #include "jni_util.h" |
|
28 #include "com_sun_security_auth_module_NTSystem.h" |
|
29 |
|
30 #include <windows.h> |
|
31 #include <stdio.h> |
|
32 #include <wchar.h> |
|
33 #include <ntsecapi.h> |
|
34 #include <lmerr.h> |
|
35 |
|
36 static BOOL debug = FALSE; |
|
37 |
|
38 BOOL getToken(PHANDLE); |
|
39 BOOL getUser(HANDLE tokenHandle, LPTSTR *userName, |
|
40 LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid); |
|
41 BOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup); |
|
42 BOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups); |
|
43 BOOL getImpersonationToken(PHANDLE impersonationToken); |
|
44 BOOL getTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen); |
|
45 void DisplayErrorText(DWORD dwLastError); |
|
46 |
|
47 static void throwIllegalArgumentException(JNIEnv *env, const char *msg) { |
|
48 jclass clazz = (*env)->FindClass(env, "java/lang/IllegalArgumentException"); |
|
49 if (clazz != NULL) |
|
50 (*env)->ThrowNew(env, clazz, msg); |
|
51 } |
|
52 |
|
53 /* |
|
54 * Declare library specific JNI_Onload entry if static build |
|
55 */ |
|
56 DEF_STATIC_JNI_OnLoad |
|
57 |
|
58 JNIEXPORT jlong JNICALL |
|
59 Java_com_sun_security_auth_module_NTSystem_getImpersonationToken0 |
|
60 (JNIEnv *env, jobject obj) { |
|
61 HANDLE impersonationToken = 0; // impersonation token |
|
62 if (debug) { |
|
63 printf("getting impersonation token\n"); |
|
64 } |
|
65 if (getImpersonationToken(&impersonationToken) == FALSE) { |
|
66 return 0; |
|
67 } |
|
68 return (jlong)impersonationToken; |
|
69 } |
|
70 |
|
71 JNIEXPORT void JNICALL |
|
72 Java_com_sun_security_auth_module_NTSystem_getCurrent |
|
73 (JNIEnv *env, jobject obj, jboolean debugNative) { |
|
74 |
|
75 long i, j = 0; |
|
76 HANDLE tokenHandle = INVALID_HANDLE_VALUE; |
|
77 |
|
78 LPTSTR userName = NULL; // user name |
|
79 LPTSTR userSid = NULL; // user sid |
|
80 LPTSTR domainName = NULL; // domain name |
|
81 LPTSTR domainSid = NULL; // domain sid |
|
82 LPTSTR primaryGroup = NULL; // primary group sid |
|
83 DWORD numGroups = 0; // num groups |
|
84 LPTSTR *groups = NULL; // groups array |
|
85 long pIndex = -1; // index of primaryGroup in groups array |
|
86 |
|
87 jfieldID fid; |
|
88 jstring jstr; |
|
89 jobjectArray jgroups; |
|
90 jclass stringClass = 0; |
|
91 jclass cls = (*env)->GetObjectClass(env, obj); |
|
92 |
|
93 debug = debugNative; |
|
94 |
|
95 // get NT information first |
|
96 |
|
97 if (debug) { |
|
98 printf("getting access token\n"); |
|
99 } |
|
100 if (getToken(&tokenHandle) == FALSE) { |
|
101 return; |
|
102 } |
|
103 |
|
104 if (debug) { |
|
105 printf("getting user info\n"); |
|
106 } |
|
107 if (getUser |
|
108 (tokenHandle, &userName, &domainName, &userSid, &domainSid) == FALSE) { |
|
109 return; |
|
110 } |
|
111 |
|
112 if (debug) { |
|
113 printf("getting primary group\n"); |
|
114 } |
|
115 if (getPrimaryGroup(tokenHandle, &primaryGroup) == FALSE) { |
|
116 return; |
|
117 } |
|
118 |
|
119 if (debug) { |
|
120 printf("getting supplementary groups\n"); |
|
121 } |
|
122 if (getGroups(tokenHandle, &numGroups, &groups) == FALSE) { |
|
123 return; |
|
124 } |
|
125 |
|
126 // then set values into NTSystem |
|
127 |
|
128 fid = (*env)->GetFieldID(env, cls, "userName", "Ljava/lang/String;"); |
|
129 if (fid == 0) { |
|
130 (*env)->ExceptionClear(env); |
|
131 throwIllegalArgumentException(env, "invalid field: userName"); |
|
132 goto cleanup; |
|
133 } |
|
134 jstr = (*env)->NewStringUTF(env, userName); |
|
135 if (jstr == NULL) |
|
136 goto cleanup; |
|
137 (*env)->SetObjectField(env, obj, fid, jstr); |
|
138 |
|
139 fid = (*env)->GetFieldID(env, cls, "userSID", "Ljava/lang/String;"); |
|
140 if (fid == 0) { |
|
141 (*env)->ExceptionClear(env); |
|
142 throwIllegalArgumentException(env, "invalid field: userSID"); |
|
143 goto cleanup; |
|
144 } |
|
145 jstr = (*env)->NewStringUTF(env, userSid); |
|
146 if (jstr == NULL) |
|
147 goto cleanup; |
|
148 (*env)->SetObjectField(env, obj, fid, jstr); |
|
149 |
|
150 fid = (*env)->GetFieldID(env, cls, "domain", "Ljava/lang/String;"); |
|
151 if (fid == 0) { |
|
152 (*env)->ExceptionClear(env); |
|
153 throwIllegalArgumentException(env, "invalid field: domain"); |
|
154 goto cleanup; |
|
155 } |
|
156 jstr = (*env)->NewStringUTF(env, domainName); |
|
157 if (jstr == NULL) |
|
158 goto cleanup; |
|
159 (*env)->SetObjectField(env, obj, fid, jstr); |
|
160 |
|
161 if (domainSid != NULL) { |
|
162 fid = (*env)->GetFieldID(env, cls, "domainSID", "Ljava/lang/String;"); |
|
163 if (fid == 0) { |
|
164 (*env)->ExceptionClear(env); |
|
165 throwIllegalArgumentException(env, "invalid field: domainSID"); |
|
166 goto cleanup; |
|
167 } |
|
168 jstr = (*env)->NewStringUTF(env, domainSid); |
|
169 if (jstr == NULL) |
|
170 goto cleanup; |
|
171 (*env)->SetObjectField(env, obj, fid, jstr); |
|
172 } |
|
173 |
|
174 fid = (*env)->GetFieldID(env, cls, "primaryGroupID", "Ljava/lang/String;"); |
|
175 if (fid == 0) { |
|
176 (*env)->ExceptionClear(env); |
|
177 throwIllegalArgumentException(env, "invalid field: PrimaryGroupID"); |
|
178 goto cleanup; |
|
179 } |
|
180 jstr = (*env)->NewStringUTF(env, primaryGroup); |
|
181 if (jstr == NULL) |
|
182 goto cleanup; |
|
183 (*env)->SetObjectField(env, obj, fid, jstr); |
|
184 |
|
185 // primary group may or may not be part of supplementary groups |
|
186 for (i = 0; i < (long)numGroups; i++) { |
|
187 if (strcmp(primaryGroup, groups[i]) == 0) { |
|
188 // found primary group in groups array |
|
189 pIndex = i; |
|
190 break; |
|
191 } |
|
192 } |
|
193 |
|
194 if (numGroups == 0 || (pIndex == 0 && numGroups == 1)) { |
|
195 // primary group is only group in groups array |
|
196 |
|
197 if (debug) { |
|
198 printf("no secondary groups\n"); |
|
199 } |
|
200 } else { |
|
201 |
|
202 // the groups array is non-empty, |
|
203 // and may or may not contain the primary group |
|
204 |
|
205 fid = (*env)->GetFieldID(env, cls, "groupIDs", "[Ljava/lang/String;"); |
|
206 if (fid == 0) { |
|
207 (*env)->ExceptionClear(env); |
|
208 throwIllegalArgumentException(env, "groupIDs"); |
|
209 goto cleanup; |
|
210 } |
|
211 |
|
212 stringClass = (*env)->FindClass(env, "java/lang/String"); |
|
213 if (stringClass == NULL) |
|
214 goto cleanup; |
|
215 |
|
216 if (pIndex == -1) { |
|
217 // primary group not in groups array |
|
218 jgroups = (*env)->NewObjectArray(env, numGroups, stringClass, 0); |
|
219 } else { |
|
220 // primary group in groups array - |
|
221 // allocate one less array entry and do not add into new array |
|
222 jgroups = (*env)->NewObjectArray(env, numGroups-1, stringClass, 0); |
|
223 } |
|
224 if (jgroups == NULL) |
|
225 goto cleanup; |
|
226 |
|
227 for (i = 0, j = 0; i < (long)numGroups; i++) { |
|
228 if (pIndex == i) { |
|
229 // continue if equal to primary group |
|
230 continue; |
|
231 } |
|
232 jstr = (*env)->NewStringUTF(env, groups[i]); |
|
233 if (jstr == NULL) |
|
234 goto cleanup; |
|
235 (*env)->SetObjectArrayElement(env, jgroups, j++, jstr); |
|
236 } |
|
237 (*env)->SetObjectField(env, obj, fid, jgroups); |
|
238 } |
|
239 |
|
240 cleanup: |
|
241 if (userName != NULL) { |
|
242 HeapFree(GetProcessHeap(), 0, userName); |
|
243 } |
|
244 if (domainName != NULL) { |
|
245 HeapFree(GetProcessHeap(), 0, domainName); |
|
246 } |
|
247 if (userSid != NULL) { |
|
248 HeapFree(GetProcessHeap(), 0, userSid); |
|
249 } |
|
250 if (domainSid != NULL) { |
|
251 HeapFree(GetProcessHeap(), 0, domainSid); |
|
252 } |
|
253 if (primaryGroup != NULL) { |
|
254 HeapFree(GetProcessHeap(), 0, primaryGroup); |
|
255 } |
|
256 if (groups != NULL) { |
|
257 for (i = 0; i < (long)numGroups; i++) { |
|
258 if (groups[i] != NULL) { |
|
259 HeapFree(GetProcessHeap(), 0, groups[i]); |
|
260 } |
|
261 } |
|
262 HeapFree(GetProcessHeap(), 0, groups); |
|
263 } |
|
264 CloseHandle(tokenHandle); |
|
265 |
|
266 return; |
|
267 } |
|
268 |
|
269 BOOL getToken(PHANDLE tokenHandle) { |
|
270 |
|
271 // first try the thread token |
|
272 if (OpenThreadToken(GetCurrentThread(), |
|
273 TOKEN_READ, |
|
274 FALSE, |
|
275 tokenHandle) == 0) { |
|
276 if (debug) { |
|
277 printf(" [getToken] OpenThreadToken error [%d]: ", GetLastError()); |
|
278 DisplayErrorText(GetLastError()); |
|
279 } |
|
280 |
|
281 // next try the process token |
|
282 if (OpenProcessToken(GetCurrentProcess(), |
|
283 TOKEN_READ, |
|
284 tokenHandle) == 0) { |
|
285 if (debug) { |
|
286 printf(" [getToken] OpenProcessToken error [%d]: ", |
|
287 GetLastError()); |
|
288 DisplayErrorText(GetLastError()); |
|
289 } |
|
290 return FALSE; |
|
291 } |
|
292 } |
|
293 |
|
294 if (debug) { |
|
295 printf(" [getToken] got user access token\n"); |
|
296 } |
|
297 |
|
298 return TRUE; |
|
299 } |
|
300 |
|
301 BOOL getUser(HANDLE tokenHandle, LPTSTR *userName, |
|
302 LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid) { |
|
303 |
|
304 BOOL error = FALSE; |
|
305 DWORD bufSize = 0; |
|
306 DWORD buf2Size = 0; |
|
307 DWORD retBufSize = 0; |
|
308 PTOKEN_USER tokenUserInfo = NULL; // getTokenInformation |
|
309 SID_NAME_USE nameUse; // LookupAccountSid |
|
310 |
|
311 PSID dSid = NULL; |
|
312 LPTSTR domainSidName = NULL; |
|
313 |
|
314 // get token information |
|
315 GetTokenInformation(tokenHandle, |
|
316 TokenUser, |
|
317 NULL, // TokenInformation - if NULL get buffer size |
|
318 0, // since TokenInformation is NULL |
|
319 &bufSize); |
|
320 |
|
321 tokenUserInfo = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
322 if (GetTokenInformation(tokenHandle, |
|
323 TokenUser, |
|
324 tokenUserInfo, |
|
325 bufSize, |
|
326 &retBufSize) == 0) { |
|
327 if (debug) { |
|
328 printf(" [getUser] GetTokenInformation error [%d]: ", |
|
329 GetLastError()); |
|
330 DisplayErrorText(GetLastError()); |
|
331 } |
|
332 error = TRUE; |
|
333 goto cleanup; |
|
334 } |
|
335 |
|
336 if (debug) { |
|
337 printf(" [getUser] Got TokenUser info\n"); |
|
338 } |
|
339 |
|
340 // get userName |
|
341 bufSize = 0; |
|
342 buf2Size = 0; |
|
343 LookupAccountSid(NULL, // local host |
|
344 tokenUserInfo->User.Sid, |
|
345 NULL, |
|
346 &bufSize, |
|
347 NULL, |
|
348 &buf2Size, |
|
349 &nameUse); |
|
350 |
|
351 *userName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
352 *domainName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size); |
|
353 if (LookupAccountSid(NULL, // local host |
|
354 tokenUserInfo->User.Sid, |
|
355 *userName, |
|
356 &bufSize, |
|
357 *domainName, |
|
358 &buf2Size, |
|
359 &nameUse) == 0) { |
|
360 if (debug) { |
|
361 printf(" [getUser] LookupAccountSid error [%d]: ", |
|
362 GetLastError()); |
|
363 DisplayErrorText(GetLastError()); |
|
364 } |
|
365 error = TRUE; |
|
366 goto cleanup; |
|
367 } |
|
368 |
|
369 if (debug) { |
|
370 printf(" [getUser] userName: %s, domainName = %s\n", |
|
371 *userName, *domainName); |
|
372 } |
|
373 |
|
374 bufSize = 0; |
|
375 getTextualSid(tokenUserInfo->User.Sid, NULL, &bufSize); |
|
376 *userSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
377 getTextualSid(tokenUserInfo->User.Sid, *userSid, &bufSize); |
|
378 if (debug) { |
|
379 printf(" [getUser] userSid: %s\n", *userSid); |
|
380 } |
|
381 |
|
382 // get domainSid |
|
383 bufSize = 0; |
|
384 buf2Size = 0; |
|
385 LookupAccountName(NULL, // local host |
|
386 *domainName, |
|
387 NULL, |
|
388 &bufSize, |
|
389 NULL, |
|
390 &buf2Size, |
|
391 &nameUse); |
|
392 |
|
393 dSid = (PSID)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
394 domainSidName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size); |
|
395 if (LookupAccountName(NULL, // local host |
|
396 *domainName, |
|
397 dSid, |
|
398 &bufSize, |
|
399 domainSidName, |
|
400 &buf2Size, |
|
401 &nameUse) == 0) { |
|
402 if (debug) { |
|
403 printf(" [getUser] LookupAccountName error [%d]: ", |
|
404 GetLastError()); |
|
405 DisplayErrorText(GetLastError()); |
|
406 } |
|
407 // ok not to have a domain SID (no error) |
|
408 goto cleanup; |
|
409 } |
|
410 |
|
411 bufSize = 0; |
|
412 getTextualSid(dSid, NULL, &bufSize); |
|
413 *domainSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
414 getTextualSid(dSid, *domainSid, &bufSize); |
|
415 if (debug) { |
|
416 printf(" [getUser] domainSid: %s\n", *domainSid); |
|
417 } |
|
418 |
|
419 cleanup: |
|
420 if (tokenUserInfo != NULL) { |
|
421 HeapFree(GetProcessHeap(), 0, tokenUserInfo); |
|
422 } |
|
423 if (dSid != NULL) { |
|
424 HeapFree(GetProcessHeap(), 0, dSid); |
|
425 } |
|
426 if (domainSidName != NULL) { |
|
427 HeapFree(GetProcessHeap(), 0, domainSidName); |
|
428 } |
|
429 if (error) { |
|
430 return FALSE; |
|
431 } |
|
432 return TRUE; |
|
433 } |
|
434 |
|
435 BOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup) { |
|
436 |
|
437 BOOL error = FALSE; |
|
438 DWORD bufSize = 0; |
|
439 DWORD retBufSize = 0; |
|
440 |
|
441 PTOKEN_PRIMARY_GROUP tokenGroupInfo = NULL; |
|
442 |
|
443 // get token information |
|
444 GetTokenInformation(tokenHandle, |
|
445 TokenPrimaryGroup, |
|
446 NULL, // TokenInformation - if NULL get buffer size |
|
447 0, // since TokenInformation is NULL |
|
448 &bufSize); |
|
449 |
|
450 tokenGroupInfo = (PTOKEN_PRIMARY_GROUP)HeapAlloc |
|
451 (GetProcessHeap(), 0, bufSize); |
|
452 if (GetTokenInformation(tokenHandle, |
|
453 TokenPrimaryGroup, |
|
454 tokenGroupInfo, |
|
455 bufSize, |
|
456 &retBufSize) == 0) { |
|
457 if (debug) { |
|
458 printf(" [getPrimaryGroup] GetTokenInformation error [%d]: ", |
|
459 GetLastError()); |
|
460 DisplayErrorText(GetLastError()); |
|
461 } |
|
462 error = TRUE; |
|
463 goto cleanup; |
|
464 } |
|
465 |
|
466 if (debug) { |
|
467 printf(" [getPrimaryGroup] Got TokenPrimaryGroup info\n"); |
|
468 } |
|
469 |
|
470 bufSize = 0; |
|
471 getTextualSid(tokenGroupInfo->PrimaryGroup, NULL, &bufSize); |
|
472 *primaryGroup = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
473 getTextualSid(tokenGroupInfo->PrimaryGroup, *primaryGroup, &bufSize); |
|
474 if (debug) { |
|
475 printf(" [getPrimaryGroup] primaryGroup: %s\n", *primaryGroup); |
|
476 } |
|
477 |
|
478 cleanup: |
|
479 if (tokenGroupInfo != NULL) { |
|
480 HeapFree(GetProcessHeap(), 0, tokenGroupInfo); |
|
481 } |
|
482 if (error) { |
|
483 return FALSE; |
|
484 } |
|
485 return TRUE; |
|
486 } |
|
487 |
|
488 BOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups) { |
|
489 |
|
490 BOOL error = FALSE; |
|
491 DWORD bufSize = 0; |
|
492 DWORD retBufSize = 0; |
|
493 long i = 0; |
|
494 |
|
495 PTOKEN_GROUPS tokenGroupInfo = NULL; |
|
496 |
|
497 // get token information |
|
498 GetTokenInformation(tokenHandle, |
|
499 TokenGroups, |
|
500 NULL, // TokenInformation - if NULL get buffer size |
|
501 0, // since TokenInformation is NULL |
|
502 &bufSize); |
|
503 |
|
504 tokenGroupInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
505 if (GetTokenInformation(tokenHandle, |
|
506 TokenGroups, |
|
507 tokenGroupInfo, |
|
508 bufSize, |
|
509 &retBufSize) == 0) { |
|
510 if (debug) { |
|
511 printf(" [getGroups] GetTokenInformation error [%d]: ", |
|
512 GetLastError()); |
|
513 DisplayErrorText(GetLastError()); |
|
514 } |
|
515 error = TRUE; |
|
516 goto cleanup; |
|
517 } |
|
518 |
|
519 if (debug) { |
|
520 printf(" [getGroups] Got TokenGroups info\n"); |
|
521 } |
|
522 |
|
523 if (tokenGroupInfo->GroupCount == 0) { |
|
524 // no groups |
|
525 goto cleanup; |
|
526 } |
|
527 |
|
528 // return group info |
|
529 *numGroups = tokenGroupInfo->GroupCount; |
|
530 *groups = (LPTSTR *)HeapAlloc |
|
531 (GetProcessHeap(), 0, (*numGroups) * sizeof(LPTSTR)); |
|
532 for (i = 0; i < (long)*numGroups; i++) { |
|
533 bufSize = 0; |
|
534 getTextualSid(tokenGroupInfo->Groups[i].Sid, NULL, &bufSize); |
|
535 (*groups)[i] = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize); |
|
536 getTextualSid(tokenGroupInfo->Groups[i].Sid, (*groups)[i], &bufSize); |
|
537 if (debug) { |
|
538 printf(" [getGroups] group %d: %s\n", i, (*groups)[i]); |
|
539 } |
|
540 } |
|
541 |
|
542 cleanup: |
|
543 if (tokenGroupInfo != NULL) { |
|
544 HeapFree(GetProcessHeap(), 0, tokenGroupInfo); |
|
545 } |
|
546 if (error) { |
|
547 return FALSE; |
|
548 } |
|
549 return TRUE; |
|
550 } |
|
551 |
|
552 BOOL getImpersonationToken(PHANDLE impersonationToken) { |
|
553 |
|
554 HANDLE dupToken; |
|
555 |
|
556 if (OpenThreadToken(GetCurrentThread(), |
|
557 TOKEN_DUPLICATE, |
|
558 FALSE, |
|
559 &dupToken) == 0) { |
|
560 if (OpenProcessToken(GetCurrentProcess(), |
|
561 TOKEN_DUPLICATE, |
|
562 &dupToken) == 0) { |
|
563 if (debug) { |
|
564 printf |
|
565 (" [getImpersonationToken] OpenProcessToken error [%d]: ", |
|
566 GetLastError()); |
|
567 DisplayErrorText(GetLastError()); |
|
568 } |
|
569 return FALSE; |
|
570 } |
|
571 } |
|
572 |
|
573 if (DuplicateToken(dupToken, |
|
574 SecurityImpersonation, |
|
575 impersonationToken) == 0) { |
|
576 if (debug) { |
|
577 printf(" [getImpersonationToken] DuplicateToken error [%d]: ", |
|
578 GetLastError()); |
|
579 DisplayErrorText(GetLastError()); |
|
580 } |
|
581 return FALSE; |
|
582 } |
|
583 CloseHandle(dupToken); |
|
584 |
|
585 if (debug) { |
|
586 printf(" [getImpersonationToken] token = %p\n", |
|
587 (void *)*impersonationToken); |
|
588 } |
|
589 return TRUE; |
|
590 } |
|
591 |
|
592 BOOL getTextualSid |
|
593 (PSID pSid, // binary SID |
|
594 LPTSTR TextualSid, // buffer for Textual representation of SID |
|
595 LPDWORD lpdwBufferLen) { // required/provided TextualSid buffersize |
|
596 |
|
597 PSID_IDENTIFIER_AUTHORITY psia; |
|
598 DWORD dwSubAuthorities; |
|
599 DWORD dwSidRev=SID_REVISION; |
|
600 DWORD dwCounter; |
|
601 DWORD dwSidSize; |
|
602 |
|
603 // Validate the binary SID. |
|
604 if(!IsValidSid(pSid)) return FALSE; |
|
605 |
|
606 // Get the identifier authority value from the SID. |
|
607 psia = GetSidIdentifierAuthority(pSid); |
|
608 |
|
609 // Get the number of subauthorities in the SID. |
|
610 dwSubAuthorities = *GetSidSubAuthorityCount(pSid); |
|
611 |
|
612 // Compute the buffer length. |
|
613 // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL |
|
614 dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR); |
|
615 |
|
616 // Check input buffer length. |
|
617 // If too small, indicate the proper size and set last error. |
|
618 if (*lpdwBufferLen < dwSidSize) { |
|
619 *lpdwBufferLen = dwSidSize; |
|
620 SetLastError(ERROR_INSUFFICIENT_BUFFER); |
|
621 return FALSE; |
|
622 } |
|
623 |
|
624 // Add 'S' prefix and revision number to the string. |
|
625 dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev ); |
|
626 |
|
627 // Add SID identifier authority to the string. |
|
628 if ((psia->Value[0] != 0) || (psia->Value[1] != 0)) { |
|
629 dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid), |
|
630 TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"), |
|
631 (USHORT)psia->Value[0], |
|
632 (USHORT)psia->Value[1], |
|
633 (USHORT)psia->Value[2], |
|
634 (USHORT)psia->Value[3], |
|
635 (USHORT)psia->Value[4], |
|
636 (USHORT)psia->Value[5]); |
|
637 } else { |
|
638 dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid), |
|
639 TEXT("%lu"), |
|
640 (ULONG)(psia->Value[5] ) + |
|
641 (ULONG)(psia->Value[4] << 8) + |
|
642 (ULONG)(psia->Value[3] << 16) + |
|
643 (ULONG)(psia->Value[2] << 24) ); |
|
644 } |
|
645 |
|
646 // Add SID subauthorities to the string. |
|
647 for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++) { |
|
648 dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"), |
|
649 *GetSidSubAuthority(pSid, dwCounter) ); |
|
650 } |
|
651 |
|
652 return TRUE; |
|
653 } |
|
654 |
|
655 void DisplayErrorText(DWORD dwLastError) { |
|
656 HMODULE hModule = NULL; // default to system source |
|
657 LPSTR MessageBuffer; |
|
658 DWORD dwBufferLength; |
|
659 |
|
660 DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER | |
|
661 FORMAT_MESSAGE_IGNORE_INSERTS | |
|
662 FORMAT_MESSAGE_FROM_SYSTEM ; |
|
663 |
|
664 // |
|
665 // If dwLastError is in the network range, |
|
666 // load the message source. |
|
667 // |
|
668 |
|
669 if(dwLastError >= NERR_BASE && dwLastError <= MAX_NERR) { |
|
670 hModule = LoadLibraryEx(TEXT("netmsg.dll"), |
|
671 NULL, |
|
672 LOAD_LIBRARY_AS_DATAFILE); |
|
673 |
|
674 if(hModule != NULL) |
|
675 dwFormatFlags |= FORMAT_MESSAGE_FROM_HMODULE; |
|
676 } |
|
677 |
|
678 // |
|
679 // Call FormatMessage() to allow for message |
|
680 // text to be acquired from the system |
|
681 // or from the supplied module handle. |
|
682 // |
|
683 |
|
684 if(dwBufferLength = FormatMessageA(dwFormatFlags, |
|
685 hModule, // module to get message from (NULL == system) |
|
686 dwLastError, |
|
687 MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language |
|
688 (LPSTR) &MessageBuffer, |
|
689 0, |
|
690 NULL)) { |
|
691 DWORD dwBytesWritten; |
|
692 |
|
693 // |
|
694 // Output message string on stderr. |
|
695 // |
|
696 WriteFile(GetStdHandle(STD_ERROR_HANDLE), |
|
697 MessageBuffer, |
|
698 dwBufferLength, |
|
699 &dwBytesWritten, |
|
700 NULL); |
|
701 |
|
702 // |
|
703 // Free the buffer allocated by the system. |
|
704 // |
|
705 LocalFree(MessageBuffer); |
|
706 } |
|
707 |
|
708 // |
|
709 // If we loaded a message source, unload it. |
|
710 // |
|
711 if(hModule != NULL) |
|
712 FreeLibrary(hModule); |
|
713 } |
|
714 |
|
715 /** |
|
716 * 1. comment out first two #includes |
|
717 * 2. set 'debug' to TRUE |
|
718 * 3. comment out 'getCurrent' |
|
719 * 4. uncomment 'main' |
|
720 * 5. cc -c nt.c |
|
721 * 6. link nt.obj user32.lib advapi32.lib /out:nt.exe |
|
722 */ |
|
723 /* |
|
724 void main(int argc, char *argv[]) { |
|
725 |
|
726 long i = 0; |
|
727 HANDLE tokenHandle = INVALID_HANDLE_VALUE; |
|
728 |
|
729 LPTSTR userName = NULL; |
|
730 LPTSTR userSid = NULL; |
|
731 LPTSTR domainName = NULL; |
|
732 LPTSTR domainSid = NULL; |
|
733 LPTSTR primaryGroup = NULL; |
|
734 DWORD numGroups = 0; |
|
735 LPTSTR *groups = NULL; |
|
736 HANDLE impersonationToken = 0; |
|
737 |
|
738 printf("getting access token\n"); |
|
739 if (getToken(&tokenHandle) == FALSE) { |
|
740 exit(1); |
|
741 } |
|
742 |
|
743 printf("getting user info\n"); |
|
744 if (getUser |
|
745 (tokenHandle, &userName, &domainName, &userSid, &domainSid) == FALSE) { |
|
746 exit(1); |
|
747 } |
|
748 |
|
749 printf("getting primary group\n"); |
|
750 if (getPrimaryGroup(tokenHandle, &primaryGroup) == FALSE) { |
|
751 exit(1); |
|
752 } |
|
753 |
|
754 printf("getting supplementary groups\n"); |
|
755 if (getGroups(tokenHandle, &numGroups, &groups) == FALSE) { |
|
756 exit(1); |
|
757 } |
|
758 |
|
759 printf("getting impersonation token\n"); |
|
760 if (getImpersonationToken(&impersonationToken) == FALSE) { |
|
761 exit(1); |
|
762 } |
|
763 |
|
764 printf("userName = %s, userSid = %s, domainName = %s, domainSid = %s\n", |
|
765 userName, userSid, domainName, domainSid); |
|
766 printf("primaryGroup = %s\n", primaryGroup); |
|
767 for (i = 0; i < numGroups; i++) { |
|
768 printf("Group[%d] = %s\n", i, groups[i]); |
|
769 } |
|
770 printf("impersonationToken = %ld\n", impersonationToken); |
|
771 |
|
772 if (userName != NULL) { |
|
773 HeapFree(GetProcessHeap(), 0, userName); |
|
774 } |
|
775 if (userSid != NULL) { |
|
776 HeapFree(GetProcessHeap(), 0, userSid); |
|
777 } |
|
778 if (domainName != NULL) { |
|
779 HeapFree(GetProcessHeap(), 0, domainName); |
|
780 } |
|
781 if (domainSid != NULL) { |
|
782 HeapFree(GetProcessHeap(), 0, domainSid); |
|
783 } |
|
784 if (primaryGroup != NULL) { |
|
785 HeapFree(GetProcessHeap(), 0, primaryGroup); |
|
786 } |
|
787 if (groups != NULL) { |
|
788 for (i = 0; i < numGroups; i++) { |
|
789 if (groups[i] != NULL) { |
|
790 HeapFree(GetProcessHeap(), 0, groups[i]); |
|
791 } |
|
792 } |
|
793 HeapFree(GetProcessHeap(), 0, groups); |
|
794 } |
|
795 CloseHandle(impersonationToken); |
|
796 CloseHandle(tokenHandle); |
|
797 } |
|
798 */ |
|
799 |
|
800 /** |
|
801 * extra main method for testing debug printing |
|
802 */ |
|
803 /* |
|
804 void main(int argc, char *argv[]) { |
|
805 if(argc != 2) { |
|
806 fprintf(stderr,"Usage: %s <error number>\n", argv[0]); |
|
807 } |
|
808 |
|
809 DisplayErrorText(atoi(argv[1])); |
|
810 } |
|
811 */ |