0N/A/*
4377N/A * Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
0N/A * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
0N/A *
0N/A * This code is free software; you can redistribute it and/or modify it
0N/A * under the terms of the GNU General Public License version 2 only, as
2362N/A * published by the Free Software Foundation. Oracle designates this
0N/A * particular file as subject to the "Classpath" exception as provided
2362N/A * by Oracle in the LICENSE file that accompanied this code.
0N/A *
0N/A * This code is distributed in the hope that it will be useful, but WITHOUT
0N/A * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
0N/A * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
0N/A * version 2 for more details (a copy is included in the LICENSE file that
0N/A * accompanied this code).
0N/A *
0N/A * You should have received a copy of the GNU General Public License version
0N/A * 2 along with this work; if not, write to the Free Software Foundation,
0N/A * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
0N/A *
2362N/A * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
2362N/A * or visit www.oracle.com if you need additional information or have any
2362N/A * questions.
0N/A */
0N/A
0N/A#include <jni.h>
0N/A#include "com_sun_security_auth_module_NTSystem.h"
0N/A
0N/A#include <windows.h>
0N/A#include <stdio.h>
0N/A#include <wchar.h>
0N/A#include <ntsecapi.h>
0N/A#include <lmerr.h>
0N/A
0N/Astatic BOOL debug = FALSE;
0N/A
0N/ABOOL getToken(PHANDLE);
0N/ABOOL getUser(HANDLE tokenHandle, LPTSTR *userName,
0N/A LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid);
0N/ABOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup);
0N/ABOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups);
0N/ABOOL getImpersonationToken(PHANDLE impersonationToken);
0N/ABOOL getTextualSid(PSID pSid, LPTSTR TextualSid, LPDWORD lpdwBufferLen);
0N/Avoid DisplayErrorText(DWORD dwLastError);
0N/A
4377N/AJNIEXPORT jlong JNICALL
4377N/AJava_com_sun_security_auth_module_NTSystem_getImpersonationToken0
4377N/A (JNIEnv *env, jobject obj) {
4377N/A HANDLE impersonationToken = 0; // impersonation token
4377N/A if (debug) {
4377N/A printf("getting impersonation token\n");
4377N/A }
4377N/A if (getImpersonationToken(&impersonationToken) == FALSE) {
4377N/A return 0;
4377N/A }
4377N/A return (jlong)impersonationToken;
4377N/A}
4377N/A
0N/AJNIEXPORT void JNICALL
0N/AJava_com_sun_security_auth_module_NTSystem_getCurrent
0N/A (JNIEnv *env, jobject obj, jboolean debugNative) {
0N/A
0N/A long i, j = 0;
0N/A HANDLE tokenHandle = INVALID_HANDLE_VALUE;
0N/A BOOL systemError = FALSE;
0N/A
0N/A LPTSTR userName = NULL; // user name
0N/A LPTSTR userSid = NULL; // user sid
0N/A LPTSTR domainName = NULL; // domain name
0N/A LPTSTR domainSid = NULL; // domain sid
0N/A LPTSTR primaryGroup = NULL; // primary group sid
0N/A DWORD numGroups = 0; // num groups
0N/A LPTSTR *groups = NULL; // groups array
0N/A long pIndex = -1; // index of primaryGroup in groups array
0N/A
0N/A jfieldID fid;
0N/A jstring jstr;
0N/A jobjectArray jgroups;
0N/A jclass stringClass = 0;
0N/A jclass cls = (*env)->GetObjectClass(env, obj);
0N/A
0N/A debug = debugNative;
0N/A
0N/A // get NT information first
0N/A
0N/A if (debug) {
0N/A printf("getting access token\n");
0N/A }
0N/A if (getToken(&tokenHandle) == FALSE) {
0N/A return;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf("getting user info\n");
0N/A }
0N/A if (getUser
0N/A (tokenHandle, &userName, &domainName, &userSid, &domainSid) == FALSE) {
0N/A return;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf("getting primary group\n");
0N/A }
0N/A if (getPrimaryGroup(tokenHandle, &primaryGroup) == FALSE) {
0N/A return;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf("getting supplementary groups\n");
0N/A }
0N/A if (getGroups(tokenHandle, &numGroups, &groups) == FALSE) {
0N/A return;
0N/A }
0N/A
0N/A // then set values into NTSystem
0N/A
0N/A fid = (*env)->GetFieldID(env, cls, "userName", "Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A // Unable to find exception class
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: userName");
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, userName);
0N/A (*env)->SetObjectField(env, obj, fid, jstr);
0N/A
0N/A fid = (*env)->GetFieldID(env, cls, "userSID", "Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: userSID");
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, userSid);
0N/A (*env)->SetObjectField(env, obj, fid, jstr);
0N/A
0N/A fid = (*env)->GetFieldID(env, cls, "domain", "Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: domain");
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, domainName);
0N/A (*env)->SetObjectField(env, obj, fid, jstr);
0N/A
0N/A if (domainSid != NULL) {
0N/A fid = (*env)->GetFieldID(env, cls, "domainSID", "Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: domainSID");
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, domainSid);
0N/A (*env)->SetObjectField(env, obj, fid, jstr);
0N/A }
0N/A
0N/A fid = (*env)->GetFieldID(env, cls, "primaryGroupID", "Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: PrimaryGroupID");
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, primaryGroup);
0N/A (*env)->SetObjectField(env, obj, fid, jstr);
0N/A
0N/A // primary group may or may not be part of supplementary groups
0N/A for (i = 0; i < (long)numGroups; i++) {
0N/A if (strcmp(primaryGroup, groups[i]) == 0) {
0N/A // found primary group in groups array
0N/A pIndex = i;
0N/A break;
0N/A }
0N/A }
0N/A
0N/A if (numGroups == 0 || (pIndex == 0 && numGroups == 1)) {
0N/A // primary group is only group in groups array
0N/A
0N/A if (debug) {
0N/A printf("no secondary groups\n");
0N/A }
0N/A } else {
0N/A
0N/A // the groups array is non-empty,
0N/A // and may or may not contain the primary group
0N/A
0N/A fid = (*env)->GetFieldID(env, cls, "groupIDs", "[Ljava/lang/String;");
0N/A if (fid == 0) {
0N/A jclass newExcCls =
0N/A (*env)->FindClass(env, "java/lang/IllegalArgumentException");
0N/A if (newExcCls == 0) {
0N/A systemError = TRUE;
0N/A goto out;
0N/A }
0N/A (*env)->ThrowNew(env, newExcCls, "invalid field: groupIDs");
0N/A }
0N/A
0N/A stringClass = (*env)->FindClass(env, "java/lang/String");
0N/A if (stringClass == 0) {
0N/A goto out;
0N/A }
0N/A
0N/A if (pIndex == -1) {
0N/A // primary group not in groups array
0N/A jgroups = (*env)->NewObjectArray(env, numGroups, stringClass, 0);
0N/A } else {
0N/A // primary group in groups array -
0N/A // allocate one less array entry and do not add into new array
0N/A jgroups = (*env)->NewObjectArray(env, numGroups-1, stringClass, 0);
0N/A }
0N/A
0N/A for (i = 0, j = 0; i < (long)numGroups; i++) {
0N/A if (pIndex == i) {
0N/A // continue if equal to primary group
0N/A continue;
0N/A }
0N/A jstr = (*env)->NewStringUTF(env, groups[i]);
0N/A (*env)->SetObjectArrayElement(env, jgroups, j++, jstr);
0N/A }
0N/A (*env)->SetObjectField(env, obj, fid, jgroups);
0N/A }
0N/A
0N/Aout:
0N/A if (userName != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, userName);
0N/A }
0N/A if (domainName != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, domainName);
0N/A }
0N/A if (userSid != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, userSid);
0N/A }
0N/A if (domainSid != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, domainSid);
0N/A }
0N/A if (primaryGroup != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, primaryGroup);
0N/A }
0N/A if (groups != NULL) {
0N/A for (i = 0; i < (long)numGroups; i++) {
0N/A if (groups[i] != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, groups[i]);
0N/A }
0N/A }
0N/A HeapFree(GetProcessHeap(), 0, groups);
0N/A }
4377N/A CloseHandle(tokenHandle);
0N/A
0N/A if (systemError && debug) {
0N/A printf(" [getCurrent] System Error: ");
0N/A printf("unable to find IllegalArgumentException class\n");
0N/A }
0N/A
0N/A return;
0N/A}
0N/A
0N/ABOOL getToken(PHANDLE tokenHandle) {
0N/A
0N/A // first try the thread token
0N/A if (OpenThreadToken(GetCurrentThread(),
0N/A TOKEN_READ,
0N/A FALSE,
0N/A tokenHandle) == 0) {
0N/A if (debug) {
0N/A printf(" [getToken] OpenThreadToken error [%d]: ", GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A
0N/A // next try the process token
0N/A if (OpenProcessToken(GetCurrentProcess(),
0N/A TOKEN_READ,
0N/A tokenHandle) == 0) {
0N/A if (debug) {
0N/A printf(" [getToken] OpenProcessToken error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A return FALSE;
0N/A }
0N/A }
0N/A
0N/A if (debug) {
0N/A printf(" [getToken] got user access token\n");
0N/A }
0N/A
0N/A return TRUE;
0N/A}
0N/A
0N/ABOOL getUser(HANDLE tokenHandle, LPTSTR *userName,
0N/A LPTSTR *domainName, LPTSTR *userSid, LPTSTR *domainSid) {
0N/A
0N/A BOOL error = FALSE;
0N/A DWORD bufSize = 0;
0N/A DWORD buf2Size = 0;
0N/A DWORD retBufSize = 0;
0N/A PTOKEN_USER tokenUserInfo = NULL; // getTokenInformation
0N/A SID_NAME_USE nameUse; // LookupAccountSid
0N/A
0N/A PSID dSid = NULL;
0N/A LPTSTR domainSidName = NULL;
0N/A
0N/A // get token information
0N/A GetTokenInformation(tokenHandle,
0N/A TokenUser,
0N/A NULL, // TokenInformation - if NULL get buffer size
0N/A 0, // since TokenInformation is NULL
0N/A &bufSize);
0N/A
0N/A tokenUserInfo = (PTOKEN_USER)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A if (GetTokenInformation(tokenHandle,
0N/A TokenUser,
0N/A tokenUserInfo,
0N/A bufSize,
0N/A &retBufSize) == 0) {
0N/A if (debug) {
0N/A printf(" [getUser] GetTokenInformation error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A error = TRUE;
0N/A goto out;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf(" [getUser] Got TokenUser info\n");
0N/A }
0N/A
0N/A // get userName
0N/A bufSize = 0;
0N/A buf2Size = 0;
0N/A LookupAccountSid(NULL, // local host
0N/A tokenUserInfo->User.Sid,
0N/A NULL,
0N/A &bufSize,
0N/A NULL,
0N/A &buf2Size,
0N/A &nameUse);
0N/A
0N/A *userName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A *domainName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size);
0N/A if (LookupAccountSid(NULL, // local host
0N/A tokenUserInfo->User.Sid,
0N/A *userName,
0N/A &bufSize,
0N/A *domainName,
0N/A &buf2Size,
0N/A &nameUse) == 0) {
0N/A if (debug) {
0N/A printf(" [getUser] LookupAccountSid error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A error = TRUE;
0N/A goto out;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf(" [getUser] userName: %s, domainName = %s\n",
0N/A *userName, *domainName);
0N/A }
0N/A
0N/A bufSize = 0;
0N/A getTextualSid(tokenUserInfo->User.Sid, NULL, &bufSize);
0N/A *userSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A getTextualSid(tokenUserInfo->User.Sid, *userSid, &bufSize);
0N/A if (debug) {
0N/A printf(" [getUser] userSid: %s\n", *userSid);
0N/A }
0N/A
0N/A // get domainSid
0N/A bufSize = 0;
0N/A buf2Size = 0;
0N/A LookupAccountName(NULL, // local host
0N/A *domainName,
0N/A NULL,
0N/A &bufSize,
0N/A NULL,
0N/A &buf2Size,
0N/A &nameUse);
0N/A
0N/A dSid = (PSID)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A domainSidName = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, buf2Size);
0N/A if (LookupAccountName(NULL, // local host
0N/A *domainName,
0N/A dSid,
0N/A &bufSize,
0N/A domainSidName,
0N/A &buf2Size,
0N/A &nameUse) == 0) {
0N/A if (debug) {
0N/A printf(" [getUser] LookupAccountName error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A // ok not to have a domain SID (no error)
0N/A goto out;
0N/A }
0N/A
0N/A bufSize = 0;
0N/A getTextualSid(dSid, NULL, &bufSize);
0N/A *domainSid = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A getTextualSid(dSid, *domainSid, &bufSize);
0N/A if (debug) {
0N/A printf(" [getUser] domainSid: %s\n", *domainSid);
0N/A }
0N/A
0N/Aout:
0N/A if (tokenUserInfo != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, tokenUserInfo);
0N/A }
0N/A if (dSid != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, dSid);
0N/A }
0N/A if (domainSidName != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, domainSidName);
0N/A }
0N/A if (error) {
0N/A return FALSE;
0N/A }
0N/A return TRUE;
0N/A}
0N/A
0N/ABOOL getPrimaryGroup(HANDLE tokenHandle, LPTSTR *primaryGroup) {
0N/A
0N/A BOOL error = FALSE;
0N/A DWORD bufSize = 0;
0N/A DWORD retBufSize = 0;
0N/A
0N/A PTOKEN_PRIMARY_GROUP tokenGroupInfo = NULL;
0N/A
0N/A // get token information
0N/A GetTokenInformation(tokenHandle,
0N/A TokenPrimaryGroup,
0N/A NULL, // TokenInformation - if NULL get buffer size
0N/A 0, // since TokenInformation is NULL
0N/A &bufSize);
0N/A
0N/A tokenGroupInfo = (PTOKEN_PRIMARY_GROUP)HeapAlloc
0N/A (GetProcessHeap(), 0, bufSize);
0N/A if (GetTokenInformation(tokenHandle,
0N/A TokenPrimaryGroup,
0N/A tokenGroupInfo,
0N/A bufSize,
0N/A &retBufSize) == 0) {
0N/A if (debug) {
0N/A printf(" [getPrimaryGroup] GetTokenInformation error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A error = TRUE;
0N/A goto out;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf(" [getPrimaryGroup] Got TokenPrimaryGroup info\n");
0N/A }
0N/A
0N/A bufSize = 0;
0N/A getTextualSid(tokenGroupInfo->PrimaryGroup, NULL, &bufSize);
0N/A *primaryGroup = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A getTextualSid(tokenGroupInfo->PrimaryGroup, *primaryGroup, &bufSize);
0N/A if (debug) {
0N/A printf(" [getPrimaryGroup] primaryGroup: %s\n", *primaryGroup);
0N/A }
0N/A
0N/Aout:
0N/A if (tokenGroupInfo != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, tokenGroupInfo);
0N/A }
0N/A if (error) {
0N/A return FALSE;
0N/A }
0N/A return TRUE;
0N/A}
0N/A
0N/ABOOL getGroups(HANDLE tokenHandle, PDWORD numGroups, LPTSTR **groups) {
0N/A
0N/A BOOL error = FALSE;
0N/A DWORD bufSize = 0;
0N/A DWORD retBufSize = 0;
0N/A long i = 0;
0N/A
0N/A PTOKEN_GROUPS tokenGroupInfo = NULL;
0N/A
0N/A // get token information
0N/A GetTokenInformation(tokenHandle,
0N/A TokenGroups,
0N/A NULL, // TokenInformation - if NULL get buffer size
0N/A 0, // since TokenInformation is NULL
0N/A &bufSize);
0N/A
0N/A tokenGroupInfo = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A if (GetTokenInformation(tokenHandle,
0N/A TokenGroups,
0N/A tokenGroupInfo,
0N/A bufSize,
0N/A &retBufSize) == 0) {
0N/A if (debug) {
0N/A printf(" [getGroups] GetTokenInformation error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A error = TRUE;
0N/A goto out;
0N/A }
0N/A
0N/A if (debug) {
0N/A printf(" [getGroups] Got TokenGroups info\n");
0N/A }
0N/A
0N/A if (tokenGroupInfo->GroupCount == 0) {
0N/A // no groups
0N/A goto out;
0N/A }
0N/A
0N/A // return group info
0N/A *numGroups = tokenGroupInfo->GroupCount;
0N/A *groups = (LPTSTR *)HeapAlloc
0N/A (GetProcessHeap(), 0, (*numGroups) * sizeof(LPTSTR));
0N/A for (i = 0; i < (long)*numGroups; i++) {
0N/A bufSize = 0;
0N/A getTextualSid(tokenGroupInfo->Groups[i].Sid, NULL, &bufSize);
0N/A (*groups)[i] = (LPTSTR)HeapAlloc(GetProcessHeap(), 0, bufSize);
0N/A getTextualSid(tokenGroupInfo->Groups[i].Sid, (*groups)[i], &bufSize);
0N/A if (debug) {
0N/A printf(" [getGroups] group %d: %s\n", i, (*groups)[i]);
0N/A }
0N/A }
0N/A
0N/Aout:
0N/A if (tokenGroupInfo != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, tokenGroupInfo);
0N/A }
0N/A if (error) {
0N/A return FALSE;
0N/A }
0N/A return TRUE;
0N/A}
0N/A
0N/ABOOL getImpersonationToken(PHANDLE impersonationToken) {
0N/A
0N/A HANDLE dupToken;
0N/A
0N/A if (OpenThreadToken(GetCurrentThread(),
0N/A TOKEN_DUPLICATE,
0N/A FALSE,
0N/A &dupToken) == 0) {
0N/A if (OpenProcessToken(GetCurrentProcess(),
0N/A TOKEN_DUPLICATE,
0N/A &dupToken) == 0) {
0N/A if (debug) {
0N/A printf
0N/A (" [getImpersonationToken] OpenProcessToken error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A return FALSE;
0N/A }
0N/A }
0N/A
0N/A if (DuplicateToken(dupToken,
0N/A SecurityImpersonation,
0N/A impersonationToken) == 0) {
0N/A if (debug) {
0N/A printf(" [getImpersonationToken] DuplicateToken error [%d]: ",
0N/A GetLastError());
0N/A DisplayErrorText(GetLastError());
0N/A }
0N/A return FALSE;
0N/A }
4377N/A CloseHandle(dupToken);
0N/A
0N/A if (debug) {
0N/A printf(" [getImpersonationToken] token = %d\n", *impersonationToken);
0N/A }
0N/A return TRUE;
0N/A}
0N/A
0N/ABOOL getTextualSid
0N/A (PSID pSid, // binary SID
0N/A LPTSTR TextualSid, // buffer for Textual representation of SID
0N/A LPDWORD lpdwBufferLen) { // required/provided TextualSid buffersize
0N/A
0N/A PSID_IDENTIFIER_AUTHORITY psia;
0N/A DWORD dwSubAuthorities;
0N/A DWORD dwSidRev=SID_REVISION;
0N/A DWORD dwCounter;
0N/A DWORD dwSidSize;
0N/A
0N/A // Validate the binary SID.
0N/A if(!IsValidSid(pSid)) return FALSE;
0N/A
0N/A // Get the identifier authority value from the SID.
0N/A psia = GetSidIdentifierAuthority(pSid);
0N/A
0N/A // Get the number of subauthorities in the SID.
0N/A dwSubAuthorities = *GetSidSubAuthorityCount(pSid);
0N/A
0N/A // Compute the buffer length.
0N/A // S-SID_REVISION- + IdentifierAuthority- + subauthorities- + NULL
0N/A dwSidSize=(15 + 12 + (12 * dwSubAuthorities) + 1) * sizeof(TCHAR);
0N/A
0N/A // Check input buffer length.
0N/A // If too small, indicate the proper size and set last error.
0N/A if (*lpdwBufferLen < dwSidSize) {
0N/A *lpdwBufferLen = dwSidSize;
0N/A SetLastError(ERROR_INSUFFICIENT_BUFFER);
0N/A return FALSE;
0N/A }
0N/A
0N/A // Add 'S' prefix and revision number to the string.
0N/A dwSidSize=wsprintf(TextualSid, TEXT("S-%lu-"), dwSidRev );
0N/A
0N/A // Add SID identifier authority to the string.
0N/A if ((psia->Value[0] != 0) || (psia->Value[1] != 0)) {
0N/A dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
0N/A TEXT("0x%02hx%02hx%02hx%02hx%02hx%02hx"),
0N/A (USHORT)psia->Value[0],
0N/A (USHORT)psia->Value[1],
0N/A (USHORT)psia->Value[2],
0N/A (USHORT)psia->Value[3],
0N/A (USHORT)psia->Value[4],
0N/A (USHORT)psia->Value[5]);
0N/A } else {
0N/A dwSidSize+=wsprintf(TextualSid + lstrlen(TextualSid),
0N/A TEXT("%lu"),
0N/A (ULONG)(psia->Value[5] ) +
0N/A (ULONG)(psia->Value[4] << 8) +
0N/A (ULONG)(psia->Value[3] << 16) +
0N/A (ULONG)(psia->Value[2] << 24) );
0N/A }
0N/A
0N/A // Add SID subauthorities to the string.
0N/A for (dwCounter=0 ; dwCounter < dwSubAuthorities ; dwCounter++) {
0N/A dwSidSize+=wsprintf(TextualSid + dwSidSize, TEXT("-%lu"),
0N/A *GetSidSubAuthority(pSid, dwCounter) );
0N/A }
0N/A
0N/A return TRUE;
0N/A}
0N/A
0N/Avoid DisplayErrorText(DWORD dwLastError) {
0N/A HMODULE hModule = NULL; // default to system source
0N/A LPSTR MessageBuffer;
0N/A DWORD dwBufferLength;
0N/A
0N/A DWORD dwFormatFlags = FORMAT_MESSAGE_ALLOCATE_BUFFER |
0N/A FORMAT_MESSAGE_IGNORE_INSERTS |
0N/A FORMAT_MESSAGE_FROM_SYSTEM ;
0N/A
0N/A //
0N/A // If dwLastError is in the network range,
0N/A // load the message source.
0N/A //
0N/A
0N/A if(dwLastError >= NERR_BASE && dwLastError <= MAX_NERR) {
0N/A hModule = LoadLibraryEx(TEXT("netmsg.dll"),
0N/A NULL,
0N/A LOAD_LIBRARY_AS_DATAFILE);
0N/A
0N/A if(hModule != NULL)
0N/A dwFormatFlags |= FORMAT_MESSAGE_FROM_HMODULE;
0N/A }
0N/A
0N/A //
0N/A // Call FormatMessage() to allow for message
0N/A // text to be acquired from the system
0N/A // or from the supplied module handle.
0N/A //
0N/A
0N/A if(dwBufferLength = FormatMessageA(dwFormatFlags,
0N/A hModule, // module to get message from (NULL == system)
0N/A dwLastError,
0N/A MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // default language
0N/A (LPSTR) &MessageBuffer,
0N/A 0,
0N/A NULL)) {
0N/A DWORD dwBytesWritten;
0N/A
0N/A //
0N/A // Output message string on stderr.
0N/A //
0N/A WriteFile(GetStdHandle(STD_ERROR_HANDLE),
0N/A MessageBuffer,
0N/A dwBufferLength,
0N/A &dwBytesWritten,
0N/A NULL);
0N/A
0N/A //
0N/A // Free the buffer allocated by the system.
0N/A //
0N/A LocalFree(MessageBuffer);
0N/A }
0N/A
0N/A //
0N/A // If we loaded a message source, unload it.
0N/A //
0N/A if(hModule != NULL)
0N/A FreeLibrary(hModule);
0N/A}
0N/A
0N/A/**
0N/A * 1. comment out first two #includes
0N/A * 2. set 'debug' to TRUE
0N/A * 3. comment out 'getCurrent'
0N/A * 4. uncomment 'main'
0N/A * 5. cc -c nt.c
0N/A * 6. link nt.obj user32.lib advapi32.lib /out:nt.exe
0N/A */
0N/A/*
0N/Avoid main(int argc, char *argv[]) {
0N/A
0N/A long i = 0;
0N/A HANDLE tokenHandle = INVALID_HANDLE_VALUE;
0N/A
0N/A LPTSTR userName = NULL;
0N/A LPTSTR userSid = NULL;
0N/A LPTSTR domainName = NULL;
0N/A LPTSTR domainSid = NULL;
0N/A LPTSTR primaryGroup = NULL;
0N/A DWORD numGroups = 0;
0N/A LPTSTR *groups = NULL;
0N/A HANDLE impersonationToken = 0;
0N/A
0N/A printf("getting access token\n");
0N/A if (getToken(&tokenHandle) == FALSE) {
0N/A exit(1);
0N/A }
0N/A
0N/A printf("getting user info\n");
0N/A if (getUser
0N/A (tokenHandle, &userName, &domainName, &userSid, &domainSid) == FALSE) {
0N/A exit(1);
0N/A }
0N/A
0N/A printf("getting primary group\n");
0N/A if (getPrimaryGroup(tokenHandle, &primaryGroup) == FALSE) {
0N/A exit(1);
0N/A }
0N/A
0N/A printf("getting supplementary groups\n");
0N/A if (getGroups(tokenHandle, &numGroups, &groups) == FALSE) {
0N/A exit(1);
0N/A }
0N/A
0N/A printf("getting impersonation token\n");
0N/A if (getImpersonationToken(&impersonationToken) == FALSE) {
0N/A exit(1);
0N/A }
0N/A
0N/A printf("userName = %s, userSid = %s, domainName = %s, domainSid = %s\n",
0N/A userName, userSid, domainName, domainSid);
0N/A printf("primaryGroup = %s\n", primaryGroup);
0N/A for (i = 0; i < numGroups; i++) {
0N/A printf("Group[%d] = %s\n", i, groups[i]);
0N/A }
0N/A printf("impersonationToken = %ld\n", impersonationToken);
0N/A
0N/A if (userName != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, userName);
0N/A }
0N/A if (userSid != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, userSid);
0N/A }
0N/A if (domainName != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, domainName);
0N/A }
0N/A if (domainSid != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, domainSid);
0N/A }
0N/A if (primaryGroup != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, primaryGroup);
0N/A }
0N/A if (groups != NULL) {
0N/A for (i = 0; i < numGroups; i++) {
0N/A if (groups[i] != NULL) {
0N/A HeapFree(GetProcessHeap(), 0, groups[i]);
0N/A }
0N/A }
0N/A HeapFree(GetProcessHeap(), 0, groups);
0N/A }
4377N/A CloseHandle(impersonationToken);
4377N/A CloseHandle(tokenHandle);
0N/A}
0N/A*/
0N/A
0N/A/**
0N/A * extra main method for testing debug printing
0N/A */
0N/A/*
0N/Avoid main(int argc, char *argv[]) {
0N/A if(argc != 2) {
0N/A fprintf(stderr,"Usage: %s <error number>\n", argv[0]);
0N/A }
0N/A
0N/A DisplayErrorText(atoi(argv[1]));
0N/A}
0N/A*/