src/WINNT/afsrdr/tools/authgroup/AuthGroup.cpp

   1 /*
   2  * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
   3  * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
   4  * All rights reserved.
   5  *
   6  * Redistribution and use in source and binary forms, with or without
   7  * modification, are permitted provided that the following conditions
   8  * are met:
   9  *
  10  * - Redistributions of source code must retain the above copyright notice,
  11  *   this list of conditions and the following disclaimer.
  12  * - Redistributions in binary form must reproduce the above copyright
  13  *   notice,
  14  *   this list of conditions and the following disclaimer in the
  15  *   documentation
  16  *   and/or other materials provided with the distribution.
  17  * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
  18  *   nor the names of their contributors may be used to endorse or promote
  19  *   products derived from this software without specific prior written
  20  *   permission from Kernel Drivers, LLC and Your File System, Inc.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
  23  * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  24  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
  25  * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
  26  * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  27  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  28  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
  29  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
  30  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
  31  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
  32  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  33  */
  34
  35 #include <windows.h>
  36 #include <stdio.h>
  37 #include <stdlib.h>
  38 #include <stdarg.h>
  39 #include <shlwapi.h>
  40 #include <winioctl.h>
  41
  42 #include <rpc.h>
  43
  44 #include "AFSUserDefines.h"
  45 #include "AFSUserIoctl.h"
  46 #include "AFSUserStructs.h"
  47
  48 void
  49 Usage()
  50 {
  51
  52     printf("Usage: AFSAuthGroup < /sid <SID to use> | /ag <Auth Group GUID> /session <Session ID> | /thread <Thread Specific> | /active <Set Active> | \
  53             /q <Query Active AuthGroup> | /l <Query AuthGroup List> | /c <Create new AuthGroup on process or thread> | /s <Set AuthGroup on process or thread> | \
  54             /r <Reset AuthGroup list on process or thread> | /n <Create new AuthGroup>\n");
  55
  56     return;
  57 }
  58
  59 int main(int argc, char* argv[])
  60 {
  61
  62     ULONG rc = 0;
  63     DWORD bytesReturned = 0;
  64     HANDLE hControlDevice = NULL;
  65     char *pBuffer = NULL;
  66     DWORD dwError = 0, dwIndex = 0;
  67     BOOLEAN bQueryActiveAuthGroup = FALSE;
  68     BOOLEAN bQueryProcessAuthGroupList = FALSE;
  69     GUID stAuthGroup;
  70     unsigned char *pchGUID = NULL;
  71     WCHAR wchUserSID[ 256];
  72     DWORD dwSessionId = (DWORD)-1;
  73     BOOLEAN bThreadSpecific = FALSE;
  74     BOOLEAN bSetActive = FALSE;
  75     BOOLEAN bCreateSetAuthGroup = FALSE;
  76     BOOLEAN bSetAuthGroup = FALSE;
  77     BOOLEAN bResetAuthGroup = FALSE;
  78     BOOLEAN bCreateAuthGroup = FALSE;
  79     AFSAuthGroupRequestCB *pAuthGroupRequest = NULL;
  80     DWORD dwAuthGroupRequestLen = 0;
  81     char chGUID[ 256];
  82
  83     if( argc < 2)
  84     {
  85         Usage();
  86         return 0;
  87     }
  88
  89     dwIndex = 1;
  90
  91     dwError = 1;
  92
  93     memset( wchUserSID, '\0', 256 * sizeof( WCHAR));
  94
  95     memset( chGUID, '\0', 256);
  96
  97     while( dwIndex < (DWORD)argc)
  98     {
  99
 100         if( _stricmp(argv[ dwIndex], "/q") == 0)
 101         {
 102             bQueryActiveAuthGroup = TRUE;
 103         }
 104         else if( _stricmp(argv[ dwIndex], "/l") == 0)
 105         {
 106             bQueryProcessAuthGroupList = TRUE;
 107         }
 108         else if( _stricmp(argv[ dwIndex], "/c") == 0)
 109         {
 110             bCreateSetAuthGroup = TRUE;
 111         }
 112         else if( _stricmp(argv[ dwIndex], "/s") == 0)
 113         {
 114             bSetAuthGroup = TRUE;
 115         }
 116         else if( _stricmp(argv[ dwIndex], "/r") == 0)
 117         {
 118             bResetAuthGroup = TRUE;
 119         }
 120         else if( _stricmp(argv[ dwIndex], "/n") == 0)
 121         {
 122             bCreateAuthGroup = TRUE;
 123         }
 124         else if( _stricmp( argv[ dwIndex], "/sid") == 0)
 125         {
 126
 127             dwIndex++;
 128
 129             if( MultiByteToWideChar( CP_ACP,
 130                                     MB_PRECOMPOSED,
 131                                     argv[dwIndex],
 132                                     -1,
 133                                     wchUserSID,
 134                                     (int)strlen( argv[dwIndex]) + 1) == 0)
 135             {
 136                 dwError = -1;
 137                 break;
 138             }
 139         }
 140         else if( _stricmp( argv[ dwIndex], "/ag") == 0)
 141         {
 142
 143             dwIndex++;
 144
 145             strcpy( chGUID,
 146                     argv[dwIndex]);
 147         }
 148         else if( _stricmp( argv[ dwIndex], "/session") == 0)
 149         {
 150
 151             dwIndex++;
 152
 153             if( !StrToIntExA( argv[ dwIndex],
 154                               STIF_SUPPORT_HEX,
 155                               (int *)&dwSessionId))
 156             {
 157
 158                 dwError = -1;
 159                 break;
 160             }
 161         }
 162         else if( _stricmp( argv[ dwIndex], "/thread") == 0)
 163         {
 164
 165             dwIndex++;
 166
 167             bThreadSpecific = TRUE;
 168         }
 169         else if( _stricmp( argv[ dwIndex], "/active") == 0)
 170         {
 171
 172             dwIndex++;
 173
 174             bSetActive = TRUE;
 175         }
 176         else
 177         {
 178             Usage();
 179             dwError = -1;
 180             break;
 181         }
 182
 183         dwIndex++;
 184     }
 185
 186     if( dwError == -1)
 187     {
 188         return 0;
 189     }
 190
 191     hControlDevice = CreateFile( AFS_SYMLINK,
 192                                  GENERIC_READ | GENERIC_WRITE,
 193                                  FILE_SHARE_READ | FILE_SHARE_WRITE,
 194                                  NULL,
 195                                  OPEN_EXISTING,
 196                                  0,
 197                                  NULL );
 198
 199     if( hControlDevice == INVALID_HANDLE_VALUE)
 200     {
 201
 202         printf( "AFSAuthGroup: Failed to open control device error: %d\n", GetLastError());
 203
 204         return 0;
 205     }
 206
 207     if( bQueryActiveAuthGroup)
 208     {
 209         dwError = DeviceIoControl( hControlDevice,
 210                                    IOCTL_AFS_AUTHGROUP_SID_QUERY,
 211                                    NULL,
 212                                    0,
 213                                    &stAuthGroup,
 214                                    sizeof( GUID),
 215                                    &bytesReturned,
 216                                    NULL);
 217
 218         if( !dwError)
 219         {
 220             printf( "AFSAuthGroup Failed to query auth group error %d\n", GetLastError());
 221         }
 222         else
 223         {
 224
 225             if( UuidToString( (UUID *)&stAuthGroup,
 226                               &pchGUID) == RPC_S_OK)
 227             {
 228                 printf("AFSAuthGroup Successfully retrieved auth group %s\n", pchGUID);
 229                 RpcStringFree( &pchGUID);
 230             }
 231             else
 232             {
 233                 printf("AFSAuthGroup Failed to convert GUID to string\n");
 234             }
 235         }
 236     }
 237     else if( bQueryProcessAuthGroupList)
 238     {
 239
 240         pBuffer = (char *)malloc( 0x1000);
 241
 242         if( pBuffer == NULL)
 243         {
 244             printf("AFSAuthGroup Failed to allocate query buffer\n");
 245             goto cleanup;
 246         }
 247
 248         dwError = DeviceIoControl( hControlDevice,
 249                                    IOCTL_AFS_AUTHGROUP_QUERY,
 250                                    NULL,
 251                                    0,
 252                                    pBuffer,
 253                                    0x1000,
 254                                    &bytesReturned,
 255                                    NULL);
 256
 257         if( !dwError)
 258         {
 259             printf( "AFSAuthGroup Failed to query auth group list error %d\n", GetLastError());
 260         }
 261         else
 262         {
 263
 264             GUID *pCurrentGUID = (GUID *)pBuffer;
 265
 266             if( bytesReturned == 0)
 267             {
 268                 printf("AFSAuthGroup No custom auth groups assigned to process\n");
 269             }
 270             else
 271             {
 272                 while( bytesReturned > 0)
 273                 {
 274                     if( UuidToString( (UUID *)pCurrentGUID,
 275                                       &pchGUID) == RPC_S_OK)
 276                     {
 277                         printf("AFSAuthGroup Successfully retrieved auth group list entry %s\n", pchGUID);
 278                         RpcStringFree( &pchGUID);
 279                     }
 280                     else
 281                     {
 282                         printf("AFSAuthGroup Failed to convert GUID to string\n");
 283                     }
 284
 285                     pCurrentGUID++;
 286
 287                     bytesReturned -= sizeof( GUID);
 288                 }
 289             }
 290         }
 291     }
 292     else if( bCreateSetAuthGroup)
 293     {
 294
 295         dwAuthGroupRequestLen = (DWORD)(sizeof( AFSAuthGroupRequestCB) +
 296                                         (wcslen( wchUserSID) * sizeof( WCHAR)));
 297
 298         pAuthGroupRequest = (AFSAuthGroupRequestCB *)malloc( dwAuthGroupRequestLen);
 299
 300         if( pAuthGroupRequest == NULL)
 301         {
 302             printf("AFSAuthGroup Failed to allocate request block\n");
 303             goto cleanup;
 304         }
 305
 306         memset( pAuthGroupRequest,
 307                 '\0',
 308                 dwAuthGroupRequestLen);
 309
 310         pAuthGroupRequest->SIDLength = (USHORT)(wcslen( wchUserSID) * sizeof( WCHAR));
 311
 312         if( pAuthGroupRequest->SIDLength > 0)
 313         {
 314             wcscpy( &pAuthGroupRequest->SIDString[ 0], wchUserSID);
 315         }
 316
 317         pAuthGroupRequest->SessionId = dwSessionId;
 318
 319         if( bThreadSpecific)
 320         {
 321             pAuthGroupRequest->Flags |= AFS_PAG_FLAGS_THREAD_AUTH_GROUP;
 322         }
 323
 324         if( bSetActive)
 325         {
 326             pAuthGroupRequest->Flags |= AFS_PAG_FLAGS_SET_AS_ACTIVE;
 327         }
 328
 329         dwError = DeviceIoControl( hControlDevice,
 330                                    IOCTL_AFS_AUTHGROUP_CREATE_AND_SET,
 331                                    pAuthGroupRequest,
 332                                    dwAuthGroupRequestLen,
 333                                    NULL,
 334                                    0,
 335                                    &bytesReturned,
 336                                    NULL);
 337
 338         if( !dwError)
 339         {
 340             printf( "AFSAuthGroup Failed to create and set auth group error %d\n", GetLastError());
 341         }
 342         else
 343         {
 344             printf( "AFSAuthGroup Successfully create and set auth group\n");
 345         }
 346
 347         free( pAuthGroupRequest);
 348     }
 349     else if( bSetAuthGroup)
 350     {
 351
 352         if( strlen( chGUID) == 0)
 353         {
 354             printf("AFSAuthGroup Failed to specify AuthGroup GUID when setting\n");
 355             goto cleanup;
 356         }
 357
 358         dwAuthGroupRequestLen = sizeof( AFSAuthGroupRequestCB);
 359
 360         pAuthGroupRequest = (AFSAuthGroupRequestCB *)malloc( dwAuthGroupRequestLen);
 361
 362         if( pAuthGroupRequest == NULL)
 363         {
 364             printf("AFSAuthGroup Failed to allocate request block\n");
 365             goto cleanup;
 366         }
 367
 368         memset( pAuthGroupRequest,
 369                 '\0',
 370                 dwAuthGroupRequestLen);
 371
 372         if( bThreadSpecific)
 373         {
 374             pAuthGroupRequest->Flags |= AFS_PAG_FLAGS_THREAD_AUTH_GROUP;
 375         }
 376
 377         if( bSetActive)
 378         {
 379             pAuthGroupRequest->Flags |= AFS_PAG_FLAGS_SET_AS_ACTIVE;
 380         }
 381
 382         if( UuidFromString( (unsigned char *)chGUID,
 383                             &pAuthGroupRequest->AuthGroup) != RPC_S_OK)
 384         {
 385             printf("AFSAuthGroup Failed to convert string to GUID\n");
 386             free( pAuthGroupRequest);
 387             goto cleanup;
 388         }
 389
 390         dwError = DeviceIoControl( hControlDevice,
 391                                    IOCTL_AFS_AUTHGROUP_SET,
 392                                    pAuthGroupRequest,
 393                                    dwAuthGroupRequestLen,
 394                                    NULL,
 395                                    0,
 396                                    &bytesReturned,
 397                                    NULL);
 398
 399         if( !dwError)
 400         {
 401             printf( "AFSAuthGroup Failed to set auth group error %d\n", GetLastError());
 402         }
 403         else
 404         {
 405             printf( "AFSAuthGroup Successfully set auth group\n");
 406         }
 407
 408         free( pAuthGroupRequest);
 409     }
 410     else if( bResetAuthGroup)
 411     {
 412
 413         dwAuthGroupRequestLen = sizeof( AFSAuthGroupRequestCB);
 414
 415         pAuthGroupRequest = (AFSAuthGroupRequestCB *)malloc( dwAuthGroupRequestLen);
 416
 417         if( pAuthGroupRequest == NULL)
 418         {
 419             printf("AFSAuthGroup Failed to allocate request block\n");
 420             goto cleanup;
 421         }
 422
 423         memset( pAuthGroupRequest,
 424                 '\0',
 425                 dwAuthGroupRequestLen);
 426
 427         if( bThreadSpecific)
 428         {
 429             pAuthGroupRequest->Flags |= AFS_PAG_FLAGS_THREAD_AUTH_GROUP;
 430         }
 431
 432         dwError = DeviceIoControl( hControlDevice,
 433                                    IOCTL_AFS_AUTHGROUP_RESET,
 434                                    pAuthGroupRequest,
 435                                    dwAuthGroupRequestLen,
 436                                    NULL,
 437                                    0,
 438                                    &bytesReturned,
 439                                    NULL);
 440
 441         if( !dwError)
 442         {
 443             printf( "AFSAuthGroup Failed to reset auth group error %d\n", GetLastError());
 444         }
 445         else
 446         {
 447             printf( "AFSAuthGroup Successfully reset auth group\n");
 448         }
 449
 450         free( pAuthGroupRequest);
 451     }
 452     else if( bCreateAuthGroup)
 453     {
 454
 455         dwAuthGroupRequestLen = (DWORD)(sizeof( AFSAuthGroupRequestCB) +
 456                                         (wcslen( wchUserSID) * sizeof( WCHAR)));
 457
 458         pAuthGroupRequest = (AFSAuthGroupRequestCB *)malloc( dwAuthGroupRequestLen);
 459
 460         if( pAuthGroupRequest == NULL)
 461         {
 462             printf("AFSAuthGroup Failed to allocate request block\n");
 463             goto cleanup;
 464         }
 465
 466         memset( pAuthGroupRequest,
 467                 '\0',
 468                 dwAuthGroupRequestLen);
 469
 470         pAuthGroupRequest->SIDLength = (USHORT)((wcslen( wchUserSID) * sizeof( WCHAR)));
 471
 472         if( pAuthGroupRequest->SIDLength > 0)
 473         {
 474             wcscpy( &pAuthGroupRequest->SIDString[ 0], wchUserSID);
 475         }
 476
 477         pAuthGroupRequest->SessionId = dwSessionId;
 478
 479         dwError = DeviceIoControl( hControlDevice,
 480                                    IOCTL_AFS_AUTHGROUP_SID_CREATE,
 481                                    pAuthGroupRequest,
 482                                    dwAuthGroupRequestLen,
 483                                    NULL,
 484                                    0,
 485                                    &bytesReturned,
 486                                    NULL);
 487
 488         if( !dwError)
 489         {
 490             printf( "AFSAuthGroup Failed to create auth group error %d\n", GetLastError());
 491         }
 492         else
 493         {
 494             printf( "AFSAuthGroup Successfully create auth group\n");
 495         }
 496
 497         free( pAuthGroupRequest);
 498     }
 499     else
 500     {
 501         printf("AFSAuthGroup Invalid request parameters\n");
 502         Usage();
 503     }
 504
 505 cleanup:
 506
 507     if( pBuffer != NULL)
 508     {
 509         free( pBuffer);
 510     }
 511
 512     if( hControlDevice != NULL)
 513     {
 514         CloseHandle( hControlDevice);
 515     }
 516
 517         return 0;
 518 }