2020-09-30 16:53:55 +02:00

1280 lines
35 KiB
C++

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2000 - 2001.
//
// File: sidcache.cpp
//
// Contents:
//
// History:
//----------------------------------------------------------------------------
#include "headers.h"
const struct
{
SID sid; // contains 1 subauthority
DWORD dwSubAuth[1]; // we currently need at most 2 subauthorities
} g_StaticSids[] =
{
{{SID_REVISION,2,SECURITY_NT_AUTHORITY, {SECURITY_BUILTIN_DOMAIN_RID}}, {DOMAIN_ALIAS_RID_ADMINS} },
};
#define IsAliasSid(pSid) EqualPrefixSid(pSid, (PSID)&g_StaticSids[0])
/******************************************************************************
Class: SID_CACHE_ENTRY
Purpose: Contains info for a single security principle
******************************************************************************/
DEBUG_DECLARE_INSTANCE_COUNTER(SID_CACHE_ENTRY);
SID_CACHE_ENTRY::
SID_CACHE_ENTRY(PSID pSid)
:m_SidType(SidTypeUnknown)
{
DEBUG_INCREMENT_INSTANCE_COUNTER(SID_CACHE_ENTRY);
ASSERT(pSid);
DWORD dwLen = GetLengthSid(pSid);
m_pSid = new BYTE[dwLen];
ASSERT(m_pSid);
CopySid(dwLen,m_pSid,pSid);
ConvertSidToStringSid(m_pSid,&m_strSid);
m_strType.LoadString(IDS_TYPE_UNKNOWN);
m_strNameToDisplay = m_strSid;
m_SidType = SidTypeUnknown;
}
SID_CACHE_ENTRY::
~SID_CACHE_ENTRY()
{
DEBUG_DECREMENT_INSTANCE_COUNTER(SID_CACHE_ENTRY);
delete[] m_pSid;
}
VOID
SID_CACHE_ENTRY::
AddNameAndType(IN SID_NAME_USE SidType,
const CString& strAccountName,
const CString& strLogonName)
{
AFX_MANAGE_STATE(AfxGetStaticModuleState());
//Empty the m_strNameToDisplay which was made using
//ealier values of strAccountName and strLogonName
m_strNameToDisplay.Empty();
m_strType.Empty();
m_SidType = SidType;
m_strAccountName = strAccountName;
m_strLogonName = strLogonName;
//
//Set the Display Name
//
if(m_SidType == SidTypeDeletedAccount ||
m_SidType == SidTypeInvalid ||
m_SidType == SidTypeUnknown)
{
UINT idFormat;
if(m_SidType == SidTypeDeletedAccount)
idFormat = IDS_SID_DELETED;
if(m_SidType == SidTypeInvalid)
idFormat = IDS_SID_INVALID;
if(m_SidType == SidTypeUnknown)
idFormat = IDS_SID_UNKNOWN;
FormatString(m_strNameToDisplay,idFormat,LPCTSTR(m_strSid));
}
else if(!m_strAccountName.IsEmpty())
{
if(!m_strLogonName.IsEmpty())
{
//Both the names are present.
FormatString(m_strNameToDisplay,
IDS_NT_USER_FORMAT,
(LPCTSTR)m_strAccountName,
(LPCTSTR)m_strLogonName);
}
else
{
m_strNameToDisplay = m_strAccountName;
}
}
else
{
//Just return the sid in string format
m_SidType = SidTypeUnknown;
m_strNameToDisplay = m_strSid;
}
//
//Set Sid Type String
//
if(m_SidType == SidTypeDeletedAccount ||
m_SidType == SidTypeInvalid ||
m_SidType == SidTypeUnknown)
{
m_strType.LoadString(IDS_TYPE_UNKNOWN);
}
else if(m_SidType == SidTypeUser)
{
m_strType.LoadString(IDS_TYPE_WINDOWS_USER);
}
else if(m_SidType == SidTypeComputer)
{
m_strType.LoadString(IDS_TYPE_WINDOWS_COMPUTER);
}
else //Assume everything else is group
{
m_strType.LoadString(IDS_TYPE_WINDOWS_GROUP);
}
}
/******************************************************************************
Class: CMachineInfo
Purpose: Contains all the info for machine.
******************************************************************************/
DEBUG_DECLARE_INSTANCE_COUNTER(CMachineInfo);
CMachineInfo::
CMachineInfo():m_bIsStandAlone(TRUE),
m_bIsDC(FALSE)
{
DEBUG_INCREMENT_INSTANCE_COUNTER(CMachineInfo);
}
CMachineInfo::
~CMachineInfo()
{
DEBUG_DECREMENT_INSTANCE_COUNTER(CMachineInfo);
}
//+----------------------------------------------------------------------------
// Function:InitializeMacineConfiguration
// Synopsis:Get the information about TargetComputer's conficguration
//-----------------------------------------------------------------------------
VOID
CMachineInfo::
InitializeMacineConfiguration(IN const CString& strTargetComputerName)
{
TRACE_METHOD_EX(DEB_SNAPIN,CMachineInfo,InitializeMacineConfiguration)
//
//Initialize the values to default
//
m_strTargetComputerName = strTargetComputerName;
m_bIsStandAlone = TRUE;
m_strDCName.Empty();
m_bIsDC = FALSE;
m_strTargetDomainFlat.Empty();
m_strTargetDomainDNS.Empty();
HRESULT hr = S_OK;
ULONG ulResult;
PDSROLE_PRIMARY_DOMAIN_INFO_BASIC pDsRole = NULL;
PDOMAIN_CONTROLLER_INFO pdci = NULL;
do
{
PCWSTR pwzMachine = strTargetComputerName;
ulResult = DsRoleGetPrimaryDomainInformation(pwzMachine,
DsRolePrimaryDomainInfoBasic,
(PBYTE *)&pDsRole);
if (ulResult != NO_ERROR)
{
DBG_OUT_LRESULT(ulResult);
break;
}
if(!pDsRole)
{
//We should never reach here, but sadly DsRoleGetPrimaryDomainInformation
//sometimes succeeds but pDsRole is null.
ASSERT(FALSE);
break;
}
Dbg(DEB_SNAPIN, "DsRoleGetPrimaryDomainInformation returned:\n");
Dbg(DEB_SNAPIN, "DomainNameFlat: %ws\n", CHECK_NULL(pDsRole->DomainNameFlat));
Dbg(DEB_SNAPIN, "DomainNameDns: %ws\n", CHECK_NULL(pDsRole->DomainNameDns));
Dbg(DEB_SNAPIN, "DomainForestName: %ws\n", CHECK_NULL(pDsRole->DomainForestName));
//
// If machine is in a workgroup, we're done.
//
if (pDsRole->MachineRole == DsRole_RoleStandaloneWorkstation ||
pDsRole->MachineRole == DsRole_RoleStandaloneServer)
{
Dbg(DEB_SNAPIN, "Target machine is not joined to a domain\n");
m_bIsStandAlone = TRUE;
m_bIsDC = FALSE;
break;
}
//
// Target Computer is joined to a domain
//
m_bIsStandAlone = FALSE;
if (pDsRole->DomainNameFlat)
{
m_strTargetDomainFlat = pDsRole->DomainNameFlat;
}
if (pDsRole->DomainNameDns)
{
m_strTargetDomainDNS = pDsRole->DomainNameDns;
}
//
// TargetComputer is Joined to a domain and is dc
//
if (pDsRole->MachineRole == DsRole_RolePrimaryDomainController ||
pDsRole->MachineRole == DsRole_RoleBackupDomainController)
{
m_bIsDC = TRUE;
m_strDCName = m_strTargetComputerName;
break;
}
//
//Target computer is Joined to domain and is not a DC.
//Get a DC for the domain
//
PWSTR pwzDomainNameForDsGetDc;
ULONG flDsGetDc = DS_DIRECTORY_SERVICE_PREFERRED;
if (pDsRole->DomainNameDns)
{
pwzDomainNameForDsGetDc = pDsRole->DomainNameDns;
flDsGetDc |= DS_IS_DNS_NAME;
Dbg(DEB_TRACE,
"DsGetDcName(Domain=%ws, flags=DS_IS_DNS_NAME | DS_DIRECTORY_SERVICE_PREFERRED)\n",
CHECK_NULL(pwzDomainNameForDsGetDc));
}
else
{
pwzDomainNameForDsGetDc = pDsRole->DomainNameFlat;
flDsGetDc |= DS_IS_FLAT_NAME;
Dbg(DEB_TRACE,
"DsGetDcName(Domain=%ws, flags=DS_IS_FLAT_NAME | DS_DIRECTORY_SERVICE_PREFERRED)\n",
CHECK_NULL(pwzDomainNameForDsGetDc));
}
ulResult = DsGetDcName(NULL,
pwzDomainNameForDsGetDc,
NULL,
NULL,
flDsGetDc,
&pdci);
if (ulResult != NO_ERROR)
{
Dbg(DEB_ERROR,
"DsGetDcName for domain %ws returned %#x, Too bad don't have the dc name\n",
pwzDomainNameForDsGetDc,
ulResult);
break;
}
ASSERT(pdci);
m_strDCName = pdci->DomainControllerName;
} while (0);
if (pdci)
{
NetApiBufferFree(pdci);
}
if (pDsRole)
{
DsRoleFreeMemory(pDsRole);
}
}
int
CopyUnicodeString(CString* pstrDest, PLSA_UNICODE_STRING pSrc)
{
ULONG cchSrc;
// If UNICODE, cchDest is size of destination buffer in chars
// Else (MBCS) cchDest is size of destination buffer in bytes
if (pstrDest == NULL )
return 0;
if (pSrc == NULL || pSrc->Buffer == NULL)
return 0;
// Get # of chars in source (not including NULL)
cchSrc = pSrc->Length/sizeof(WCHAR);
//
// Note that pSrc->Buffer may not be NULL terminated so we can't just
// call lstrcpynW with cchDest. Also, if we call lstrcpynW with cchSrc,
// it copies the correct # of chars, but then overwrites the last char
// with NULL giving an incorrect result. If we call lstrcpynW with
// (cchSrc+1) it reads past the end of the buffer, which may fault (360251)
// causing lstrcpynW's exception handler to return 0 without NULL-
// terminating the resulting string.
//
// So let's just copy the bits.
//
CString temp(pSrc->Buffer,cchSrc);
*pstrDest = temp;
return cchSrc;
}
VOID
GetAccountAndDomainName(int index,
PLSA_TRANSLATED_NAME pTranslatedNames,
PLSA_REFERENCED_DOMAIN_LIST pRefDomains,
CString* pstrAccountName,
CString* pstrDomainName,
SID_NAME_USE* puse)
{
PLSA_TRANSLATED_NAME pLsaName = &pTranslatedNames[index];
PLSA_TRUST_INFORMATION pLsaDomain = NULL;
// Get the referenced domain, if any
if (pLsaName->DomainIndex >= 0 && pRefDomains)
{
pLsaDomain = &pRefDomains->Domains[pLsaName->DomainIndex];
}
CopyUnicodeString(pstrAccountName,&pLsaName->Name);
if (pLsaDomain)
{
CopyUnicodeString(pstrDomainName,&pLsaDomain->Name);
}
*puse = pLsaName->Use;
}
HRESULT
TranslateNameInternal(IN const CString& strAccountName,
IN EXTENDED_NAME_FORMAT AccountNameFormat,
IN EXTENDED_NAME_FORMAT DesiredNameFormat,
OUT CString* pstrTranslatedName)
{
if (!pstrTranslatedName)
{
ASSERT(pstrTranslatedName);
return E_POINTER;
}
HRESULT hr = S_OK;
//
// cchTrans is static so that if a particular installation's
// account names are really long, we'll not be resizing the
// buffer for each account.
//
static ULONG cchTrans = MAX_PATH;
ULONG cch = cchTrans;
LPTSTR lpszTranslatedName = (LPTSTR)LocalAlloc(LPTR, cch*sizeof(WCHAR));
if (lpszTranslatedName == NULL)
return E_OUTOFMEMORY;
*lpszTranslatedName = L'\0';
//
// TranslateName is delay-loaded from secur32.dll using the linker's
// delay-load mechanism. Therefore, wrap with an exception handler.
//
__try
{
while(!::TranslateName(strAccountName,
AccountNameFormat,
DesiredNameFormat,
lpszTranslatedName,
&cch))
{
if (ERROR_INSUFFICIENT_BUFFER == GetLastError())
{
LocalFree(lpszTranslatedName);
lpszTranslatedName = (LPTSTR)LocalAlloc(LPTR, cch*sizeof(WCHAR));
if (!lpszTranslatedName)
{
hr = E_OUTOFMEMORY;
break;
}
*lpszTranslatedName = L'\0';
}
else
{
hr = E_FAIL;
break;
}
}
cchTrans = max(cch, cchTrans);
}
__except(EXCEPTION_EXECUTE_HANDLER)
{
hr = E_FAIL;
}
if (FAILED(hr))
{
if(lpszTranslatedName)
{
LocalFree(lpszTranslatedName);
}
}
else
{
*pstrTranslatedName = lpszTranslatedName;
}
return hr;
}
#define DSOP_FILTER_COMMON1 ( DSOP_FILTER_INCLUDE_ADVANCED_VIEW \
| DSOP_FILTER_USERS \
| DSOP_FILTER_UNIVERSAL_GROUPS_SE \
| DSOP_FILTER_GLOBAL_GROUPS_SE \
| DSOP_FILTER_COMPUTERS \
)
#define DSOP_FILTER_COMMON2 ( DSOP_FILTER_COMMON1 \
| DSOP_FILTER_WELL_KNOWN_PRINCIPALS \
| DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE\
)
#define DSOP_FILTER_COMMON3 ( DSOP_FILTER_COMMON2 \
| DSOP_FILTER_BUILTIN_GROUPS \
)
#define DSOP_FILTER_DL_COMMON1 ( DSOP_DOWNLEVEL_FILTER_USERS \
| DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS \
)
#define DSOP_FILTER_DL_COMMON2 ( DSOP_FILTER_DL_COMMON1 \
| DSOP_DOWNLEVEL_FILTER_ALL_WELLKNOWN_SIDS \
)
#define DSOP_FILTER_DL_COMMON3 ( DSOP_FILTER_DL_COMMON2 \
| DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS \
)
// Same as DSOP_DOWNLEVEL_FILTER_ALL_WELLKNOWN_SIDS, except no CREATOR flags.
// Note that we need to keep this in sync with any object picker changes.
#define DSOP_FILTER_DL_WELLKNOWN ( DSOP_DOWNLEVEL_FILTER_WORLD \
| DSOP_DOWNLEVEL_FILTER_AUTHENTICATED_USER \
| DSOP_DOWNLEVEL_FILTER_ANONYMOUS \
| DSOP_DOWNLEVEL_FILTER_BATCH \
| DSOP_DOWNLEVEL_FILTER_DIALUP \
| DSOP_DOWNLEVEL_FILTER_INTERACTIVE \
| DSOP_DOWNLEVEL_FILTER_NETWORK \
| DSOP_DOWNLEVEL_FILTER_SERVICE \
| DSOP_DOWNLEVEL_FILTER_SYSTEM \
| DSOP_DOWNLEVEL_FILTER_TERMINAL_SERVER \
)
#define DECLARE_SCOPE(t,f,b,m,n,d) \
{ sizeof(DSOP_SCOPE_INIT_INFO), (t), (f|DSOP_SCOPE_FLAG_DEFAULT_FILTER_GROUPS|DSOP_SCOPE_FLAG_DEFAULT_FILTER_USERS), { { (b), (m), (n) }, (d) }, NULL, NULL, S_OK }
// The domain to which the target computer is joined.
// Make 2 scopes, one for uplevel domains, the other for downlevel.
#define JOINED_DOMAIN_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON2 & ~(DSOP_FILTER_UNIVERSAL_GROUPS_SE|DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE)),DSOP_FILTER_COMMON2,0), \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON2)
// The domain for which the target computer is a Domain Controller.
// Make 2 scopes, one for uplevel domains, the other for downlevel.
#define JOINED_DOMAIN_SCOPE_DC(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON3 & ~DSOP_FILTER_UNIVERSAL_GROUPS_SE),DSOP_FILTER_COMMON3,0), \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
// Target computer scope. Computer scopes are always treated as
// downlevel (i.e., they use the WinNT provider).
#define TARGET_COMPUTER_SCOPE(f)\
DECLARE_SCOPE(DSOP_SCOPE_TYPE_TARGET_COMPUTER,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
// The Global Catalog
#define GLOBAL_CATALOG_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_GLOBAL_CATALOG,(f),DSOP_FILTER_COMMON1|DSOP_FILTER_WELL_KNOWN_PRINCIPALS,0,0,0)
// The domains in the same forest (enterprise) as the domain to which
// the target machine is joined. Note these can only be DS-aware
#define ENTERPRISE_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN,(f),DSOP_FILTER_COMMON1,0,0,0)
// Domains external to the enterprise but trusted directly by the
// domain to which the target machine is joined.
#define EXTERNAL_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN|DSOP_SCOPE_TYPE_EXTERNAL_DOWNLEVEL_DOMAIN,\
(f),DSOP_FILTER_COMMON1,0,0,DSOP_DOWNLEVEL_FILTER_USERS|DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS)
// Workgroup scope. Only valid if the target computer is not joined
// to a domain.
#define WORKGROUP_SCOPE(f) \
DECLARE_SCOPE(DSOP_SCOPE_TYPE_WORKGROUP,(f),0,0,0, DSOP_FILTER_DL_COMMON1|DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS )
//
// Array of Default Scopes
//
static const DSOP_SCOPE_INIT_INFO g_aDefaultScopes[] =
{
JOINED_DOMAIN_SCOPE(DSOP_SCOPE_FLAG_STARTING_SCOPE),
TARGET_COMPUTER_SCOPE(0),
GLOBAL_CATALOG_SCOPE(0),
ENTERPRISE_SCOPE(0),
EXTERNAL_SCOPE(0),
};
//
// Same as above, but without the Target Computer
// Used when the target is a Domain Controller
//
static const DSOP_SCOPE_INIT_INFO g_aDCScopes[] =
{
JOINED_DOMAIN_SCOPE_DC(DSOP_SCOPE_FLAG_STARTING_SCOPE),
GLOBAL_CATALOG_SCOPE(0),
ENTERPRISE_SCOPE(0),
EXTERNAL_SCOPE(0),
};
//
// Array of scopes for standalone machines
//
static const DSOP_SCOPE_INIT_INFO g_aStandAloneScopes[] =
{
//
//On Standalone machine Both User And Groups are selected by default
//
TARGET_COMPUTER_SCOPE(DSOP_SCOPE_FLAG_STARTING_SCOPE|DSOP_SCOPE_FLAG_DEFAULT_FILTER_USERS),
};
//
// Attributes that we want the Object Picker to retrieve
//
static const LPCTSTR g_aszOPAttributes[] =
{
TEXT("ObjectSid"),
};
/******************************************************************************
Class: CSidHandler
Purpose: class for handling tasks related to selecting windows users,
converting sids to name etc.
******************************************************************************/
DEBUG_DECLARE_INSTANCE_COUNTER(CSidHandler);
CSidHandler::
CSidHandler(CMachineInfo* pMachineInfo)
:m_pMachineInfo(pMachineInfo),
m_bObjectPickerInitialized(FALSE)
{
DEBUG_INCREMENT_INSTANCE_COUNTER(CSidHandler);
InitializeCriticalSection(&m_csSidHandlerLock);
InitializeCriticalSection(&m_csSidCacheLock);
}
CSidHandler::~CSidHandler()
{
DEBUG_DECREMENT_INSTANCE_COUNTER(CSidHandler);
delete m_pMachineInfo;
//Remove itesm from the map
LockSidHandler();
for (SidCacheMap::iterator it = m_mapSidCache.begin();
it != m_mapSidCache.end();
++it)
{
delete (*it).second;
}
UnlockSidHandler();
DeleteCriticalSection(&m_csSidCacheLock);
DeleteCriticalSection(&m_csSidHandlerLock);
}
PSID_CACHE_ENTRY
CSidHandler::
GetEntryFromCache(PSID pSid)
{
PSID_CACHE_ENTRY pSidCache = NULL;
LockSidHandler();
//Check if item in the cache
CString strSid;
ConvertSidToStringSid(pSid,&strSid);
SidCacheMap::iterator it = m_mapSidCache.find(&strSid);
if(it != m_mapSidCache.end())
pSidCache = (*it).second;
if(!pSidCache)
{
//No in the cache Create a new entry and add to the cache
pSidCache = new SID_CACHE_ENTRY(pSid);
if(pSidCache)
{
m_mapSidCache.insert(pair<const CString*,PSID_CACHE_ENTRY>(&(pSidCache->GetStringSid()),pSidCache));
}
}
UnlockSidHandler();
return pSidCache;
}
//+----------------------------------------------------------------------------
// Synopsis: CoCreateInstance ObjectPikcer
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::
GetObjectPicker()
{
LockSidHandler();
TRACE_METHOD_EX(DEB_SNAPIN,CSidHandler,GetObjectPicker)
HRESULT hr = S_OK;
if (!m_spDsObjectPicker)
{
hr = CoCreateInstance(CLSID_DsObjectPicker,
NULL,
CLSCTX_INPROC_SERVER,
IID_IDsObjectPicker,
(LPVOID*)&m_spDsObjectPicker);
CHECK_HRESULT(hr);
}
UnlockSidHandler();
return hr;
}
//+----------------------------------------------------------------------------
// Function: InitObjectPicker
// Synopsis: Initializes the object picker. This needs to be done once in
// lifetime
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::InitObjectPicker()
{
TRACE_METHOD_EX(DEB_SNAPIN,CSidHandler,InitObjectPicker)
HRESULT hr = S_OK;
hr = GetObjectPicker();
if(FAILED(hr))
return hr;
LockSidHandler();
do
{
if(m_bObjectPickerInitialized)
break;
DSOP_INIT_INFO InitInfo;
InitInfo.cbSize = sizeof(InitInfo);
InitInfo.flOptions = DSOP_FLAG_SKIP_TARGET_COMPUTER_DC_CHECK | DSOP_FLAG_MULTISELECT;
//Select the appropriate scopes
PCDSOP_SCOPE_INIT_INFO pScopes;
ULONG cScopes;
if(m_pMachineInfo->IsStandAlone())
{
cScopes = ARRAYLEN(g_aStandAloneScopes);
pScopes = g_aStandAloneScopes;
}
else if(m_pMachineInfo->IsDC())
{
cScopes = ARRAYLEN(g_aDCScopes);
pScopes = g_aDCScopes;
}
else
{
pScopes = g_aDefaultScopes;
cScopes = ARRAYLEN(g_aDefaultScopes);
}
InitInfo.pwzTargetComputer = m_pMachineInfo->GetMachineName();
InitInfo.cDsScopeInfos = cScopes;
InitInfo.aDsScopeInfos = (PDSOP_SCOPE_INIT_INFO)LocalAlloc(LPTR, sizeof(*pScopes)*cScopes);
if (!InitInfo.aDsScopeInfos)
{
hr = E_OUTOFMEMORY;
break;
}
CopyMemory(InitInfo.aDsScopeInfos, pScopes, sizeof(*pScopes)*cScopes);
InitInfo.cAttributesToFetch = ARRAYLEN(g_aszOPAttributes);
InitInfo.apwzAttributeNames = (LPCTSTR*)g_aszOPAttributes;
if (m_pMachineInfo->IsDC())
{
for (ULONG i = 0; i < cScopes; i++)
{
// Set the DC name if appropriate
if(InitInfo.aDsScopeInfos[i].flType & DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN)
{
InitInfo.aDsScopeInfos[i].pwzDcName = InitInfo.pwzTargetComputer;
}
}
}
//Initialize the object picker
hr = m_spDsObjectPicker->Initialize(&InitInfo);
if (SUCCEEDED(hr))
{
m_bObjectPickerInitialized = TRUE;
}
if(InitInfo.aDsScopeInfos)
LocalFree(InitInfo.aDsScopeInfos);
}while(0);
UnlockSidHandler();
return hr;
}
//+----------------------------------------------------------------------------
// Synopsis: Pops up object pikcer. Function also does the sidlookop for
// objects selected. Information is returned in listSidCacheEntry
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::
GetUserGroup(IN HWND hDlg,
IN CBaseAz* pOwnerAz,
OUT CList<CBaseAz*,CBaseAz*>& listWindowsGroups)
{
if(!pOwnerAz)
{
ASSERT(pOwnerAz);
return E_POINTER;
}
TRACE_METHOD_EX(DEB_SNAPIN,CSidHandler,GetUserGroup)
HRESULT hr;
LPDATAOBJECT pdoSelection = NULL;
STGMEDIUM medium = {0};
FORMATETC fe = { (CLIPFORMAT)g_cfDsSelectionList, NULL, DVASPECT_CONTENT, -1, TYMED_HGLOBAL };
PDS_SELECTION_LIST pDsSelList = NULL;
do
{
// Create and initialize the Object Picker object
hr = InitObjectPicker();
if (FAILED(hr))
return hr;
// Bring up the object picker dialog
hr = m_spDsObjectPicker->InvokeDialog(hDlg, &pdoSelection);
BREAK_ON_FAIL_HRESULT(hr);
//User Pressed cancel
if (S_FALSE == hr)
{
hr = S_OK;
break;
}
hr = pdoSelection->GetData(&fe, &medium);
BREAK_ON_FAIL_HRESULT(hr);
pDsSelList = (PDS_SELECTION_LIST)GlobalLock(medium.hGlobal);
if (!pDsSelList)
{
hr = E_FAIL;
BREAK_ON_FAIL_HRESULT(hr);
}
CList<SID_CACHE_ENTRY*,SID_CACHE_ENTRY*> listSidCacheEntry;
CList<SID_CACHE_ENTRY*,SID_CACHE_ENTRY*> listUnresolvedSidCacheEntry;
//Get the listof sidcache entries from pDsSelList
hr = GetSidCacheListFromOPOutput(pDsSelList,
listSidCacheEntry,
listUnresolvedSidCacheEntry);
BREAK_ON_FAIL_HRESULT(hr);
//Resolve the sids not resolved in listSidCacheEntry
LookupSidsHelper(listUnresolvedSidCacheEntry,
m_pMachineInfo->GetMachineName(),
m_pMachineInfo->IsStandAlone(),
m_pMachineInfo->IsDC(),
FALSE);
POSITION pos = listSidCacheEntry.GetHeadPosition();
for( int i = 0; i < listSidCacheEntry.GetCount(); ++i)
{
SID_CACHE_ENTRY* pSidCacheEntry = listSidCacheEntry.GetNext(pos);
CSidCacheAz* pSidCacheAz = new CSidCacheAz(pSidCacheEntry,
pOwnerAz);
if(!pSidCacheAz)
{
hr = E_OUTOFMEMORY;
break;
}
listWindowsGroups.AddTail(pSidCacheAz);
}
}while(0);
if (pDsSelList)
GlobalUnlock(medium.hGlobal);
ReleaseStgMedium(&medium);
if(pdoSelection)
pdoSelection->Release();
return hr;
}
//+----------------------------------------------------------------------------
// Function:LookupSidsHelper
// Synopsis:Calls LsaLookupSid for sids in listSids. First it tries on
// strServerName machine and next it tries on DC( if possible).
// Arguments:listSidCacheEntry
// Returns:
//-----------------------------------------------------------------------------
VOID
CSidHandler::
LookupSidsHelper(IN OUT CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY>& listSidCacheEntry,
IN const CString& strServerName,
IN BOOL bStandAlone,
IN BOOL bIsDC,
IN BOOL bSecondTry)
{
TRACE_METHOD_EX(DEB_SNAPIN,CSidHandler,LookupSidsHelper)
PLSA_REFERENCED_DOMAIN_LIST pRefDomains = NULL;
PLSA_TRANSLATED_NAME pTranslatedNames = NULL;
LSA_HANDLE hlsa = NULL;
CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY> listUnknownSids;
PSID *ppSid = NULL;
if(!listSidCacheEntry.GetCount())
return;
do
{
//
//Open LsaConnection
//
hlsa = GetLSAConnection(strServerName,
POLICY_LOOKUP_NAMES);
if (NULL == hlsa &&
!strServerName.IsEmpty() &&
!bSecondTry)
{
CString strLocalMachine = L"";
hlsa = GetLSAConnection(strLocalMachine, POLICY_LOOKUP_NAMES);
}
if (hlsa == NULL)
{
break;
}
//
//Now we have LSA Connection
//Do LookupSids
//
int cSids = (int)listSidCacheEntry.GetCount();
ppSid = new PSID[cSids];
if(!ppSid)
{
break;
}
POSITION pos = listSidCacheEntry.GetHeadPosition();
for (int i=0;i < cSids; i++)
{
PSID_CACHE_ENTRY pSidCacheEntry = listSidCacheEntry.GetNext(pos);
ppSid[i] = pSidCacheEntry->GetSid();
}
DWORD dwStatus = 0;
dwStatus = LsaLookupSids(hlsa,
cSids,
ppSid,
&pRefDomains,
&pTranslatedNames);
if (STATUS_SUCCESS == dwStatus ||
STATUS_SOME_NOT_MAPPED == dwStatus ||
STATUS_NONE_MAPPED == dwStatus)
{
ASSERT(pTranslatedNames);
ASSERT(pRefDomains);
//
// Build cache entries with NT4 style names
//
pos = listSidCacheEntry.GetHeadPosition();
for (int i = 0; i < cSids; i++)
{
PSID_CACHE_ENTRY pSidCacheEntry = listSidCacheEntry.GetNext(pos);
PSID pSid = pSidCacheEntry->GetSid();
BOOL bNoCache = FALSE;
CString strAccountName;
CString strDomainName;
SID_NAME_USE sid_name_use;
GetAccountAndDomainName(i,
pTranslatedNames,
pRefDomains,
&strAccountName,
&strDomainName,
&sid_name_use);
CString strLogonName;
//
// Build NT4 "domain\user" style name
//
if (!strDomainName.IsEmpty() && !strAccountName.IsEmpty())
{
strLogonName = strDomainName;
strLogonName += L"\\";
strLogonName += strAccountName;
}
switch (sid_name_use)
{
case SidTypeUser:
{
if(!bStandAlone)
{
// Get "User Principal Name" etc.
CString strNewLogonName;
CString strNewAccountName;
GetUserFriendlyName(strLogonName,
&strNewLogonName,
&strNewAccountName);
if (!strNewLogonName.IsEmpty())
strLogonName = strNewLogonName;
if (!strNewAccountName.IsEmpty())
strAccountName = strNewAccountName;
}
break;
}
case SidTypeGroup:
case SidTypeDomain:
break;
case SidTypeAlias:
{
if (!IsAliasSid(pSid))
{
sid_name_use = SidTypeGroup;
break;
}
if(!m_pMachineInfo->GetTargetDomainFlat().IsEmpty() &&
!strAccountName.IsEmpty())
{
strLogonName = m_pMachineInfo->GetTargetDomainFlat();
strLogonName += L"\\";
strLogonName += strAccountName;
}
break;
}
// else Fall Through
case SidTypeWellKnownGroup:
{
// No logon name for these
strLogonName.Empty();
break;
}
case SidTypeDeletedAccount:
case SidTypeInvalid: // 7
break;
case SidTypeUnknown: // 8
{
// Some SIDs can only be looked up on a DC, so
// if pszServer is not a DC, remember them and
// look them up on a DC after this loop is done.
if (!bSecondTry && !bStandAlone && !bIsDC && !(m_pMachineInfo->GetDCName()).IsEmpty())
{
//Add to unknown list
listUnknownSids.AddTail(pSidCacheEntry);
bNoCache = TRUE;
}
break;
}
case SidTypeComputer: // 9
{
// TODO
// Strip the trailing '$'
break;
}
}
if (!bNoCache)
{
//Only one sidcahce entry per sid chache handler can
//be updated at a time. Which is fine.
LockSidCacheEntry();
pSidCacheEntry->AddNameAndType(sid_name_use,
strAccountName,
strLogonName);
UnlockSidCacheEntry();
}
}
}
}while(0);
// Cleanup
if(pTranslatedNames)
LsaFreeMemory(pTranslatedNames);
if(pRefDomains)
LsaFreeMemory(pRefDomains);
if(hlsa)
LsaClose(hlsa);
if(ppSid)
delete[] ppSid;
if (!listUnknownSids.IsEmpty())
{
//
// Some (or all) SIDs were unknown on the target machine,
// try a DC for the target machine's primary domain.
//
// This typically happens for certain Alias SIDs, such
// as Print Operators and System Operators, for which LSA
// only returns names if the lookup is done on a DC.
//
LookupSidsHelper(listUnknownSids,
m_pMachineInfo->GetDCName(),
FALSE,
TRUE,
TRUE);
}
}
//+----------------------------------------------------------------------------
// Function: GetUserFriendlyName
// Synopsis: Gets name in Domain\Name format and returns UPN name and
// Display Name.
// Arguments:
// Returns:
//-----------------------------------------------------------------------------
void
CSidHandler::
GetUserFriendlyName(IN const CString & strSamLogonName,
OUT CString *pstrLogonName,
OUT CString *pstrDisplayName)
{
if(strSamLogonName.IsEmpty()|| !pstrLogonName || !pstrDisplayName)
{
ASSERT(strSamLogonName.IsEmpty());
ASSERT(!pstrLogonName);
ASSERT(!pstrDisplayName);
return;
}
//
// Start by getting the FQDN. Cracking is most efficient when the
// FQDN is the starting point.
//
// TranslateName takes a while to complete, so bUseSamCompatibleInfo
// should be TRUE whenever possible, e.g. for local accounts on a non-DC
// or anything where we know a FQDN doesn't exist.
//
CString strFQDN;
if (FAILED(TranslateNameInternal(strSamLogonName,
NameSamCompatible,
NameFullyQualifiedDN,
&strFQDN)))
{
return;
}
//
//Get UPN
//
TranslateNameInternal(strFQDN,
NameFullyQualifiedDN,
NameUserPrincipal,
pstrLogonName);
//
//Get Display Name
//
TranslateNameInternal(strFQDN,
NameFullyQualifiedDN,
NameDisplay,
pstrDisplayName);
}
//+----------------------------------------------------------------------------
// Function: LookupSids
// Synopsis: Given a list of sids, retuns a list of corresponding
// CSidCacheAz objects
// Arguments:
// Returns:
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::
LookupSids(IN CBaseAz* pOwnerAz,
IN CList<PSID,PSID>& listSids,
OUT CList<CBaseAz*,CBaseAz*>& listSidCacheAz)
{
if(!pOwnerAz)
{
ASSERT(pOwnerAz);
return E_POINTER;
}
HRESULT hr = S_OK;
CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY> listSidCacheEntries;
CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY> listUnResolvedSidCacheEntries;
hr = GetSidCacheListFromSidList(listSids,
listSidCacheEntries,
listUnResolvedSidCacheEntries);
if(FAILED(hr))
{
return hr;
}
//Do the Lookup for unresolved sids
LookupSidsHelper(listUnResolvedSidCacheEntries,
m_pMachineInfo->GetMachineName(),
m_pMachineInfo->IsStandAlone(),
m_pMachineInfo->IsDC(),
FALSE);
POSITION pos = listSidCacheEntries.GetHeadPosition();
for( int i = 0; i < listSidCacheEntries.GetCount(); ++i)
{
PSID_CACHE_ENTRY pSidCacheEntry = listSidCacheEntries.GetNext(pos);
CSidCacheAz* pSidCacheAz = new CSidCacheAz(pSidCacheEntry,
pOwnerAz);
if(!pSidCacheAz)
{
hr = E_OUTOFMEMORY;
break;
}
listSidCacheAz.AddTail(pSidCacheAz);
}
if(FAILED(hr))
{
RemoveItemsFromList(listSidCacheAz);
}
return hr;
}
//+----------------------------------------------------------------------------
// Function: GetSidCacheListFromSidList
// Gets a list of sids and returns corresponding list of sidcache
// entries and unresolved sid cache entries
// Arguments:listSid: List of sids
// listSidCacheEntry: Gets list of SidCacheEntries
// listUnresolvedSidCacheEntry Gets List of unresolved
// SidCacheEntries
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::
GetSidCacheListFromSidList(IN CList<PSID,PSID>& listSid,
OUT CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY>& listSidCacheEntry,
OUT CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY>& listUnresolvedSidCacheEntry)
{
POSITION pos = listSid.GetHeadPosition();
for( int i = 0; i < listSid.GetCount(); ++i)
{
PSID pSid = listSid.GetNext(pos);
PSID_CACHE_ENTRY pEntry = GetEntryFromCache(pSid);
if(!pEntry)
{
return E_OUTOFMEMORY;
}
listSidCacheEntry.AddTail(pEntry);
if(!pEntry->IsSidResolved())
listUnresolvedSidCacheEntry.AddTail(pEntry);
}
return S_OK;
}
//+----------------------------------------------------------------------------
// Function: GetSidCacheListFromOPOutput
// Synopsis: Gets the sid from Object Pickers output and returns corresponding
// list of SidCacheEntries. Also returns sids of unresolved sids.
//
// Arguments:pDsSelList selection list from OP.
// listSidCacheEntry: Gets list of SidCacheEntries
// listUnresolvedSidCacheEntry Gets List of unresolved
// SidCacheEntries
//-----------------------------------------------------------------------------
HRESULT
CSidHandler::
GetSidCacheListFromOPOutput(IN PDS_SELECTION_LIST pDsSelList,
OUT CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY>& listSidCacheEntry,
OUT CList<PSID_CACHE_ENTRY,PSID_CACHE_ENTRY>& listUnresolvedSidCacheEntry)
{
if(!pDsSelList)
{
ASSERT(pDsSelList);
return E_POINTER;
}
HRESULT hr = S_OK;
int cNames = pDsSelList->cItems;
for (int i = 0; i < cNames; i++)
{
PSID pSid = NULL;
LPVARIANT pvarSid = pDsSelList->aDsSelection[i].pvarFetchedAttributes;
if (NULL == pvarSid || (VT_ARRAY | VT_UI1) != V_VT(pvarSid)
|| FAILED(SafeArrayAccessData(V_ARRAY(pvarSid), &pSid)))
{
continue;
}
PSID_CACHE_ENTRY pEntry = GetEntryFromCache(pSid);
if(!pEntry)
{
return E_OUTOFMEMORY;
}
listSidCacheEntry.AddTail(pEntry);
if(!pEntry->IsSidResolved())
listUnresolvedSidCacheEntry.AddTail(pEntry);
}
return S_OK;
}