2 * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
3 * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * - Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
14 * this list of conditions and the following disclaimer in the
16 * and/or other materials provided with the distribution.
17 * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
18 * nor the names of their contributors may be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission from Kernel Drivers, LLC and Your File System, Inc.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
26 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 // File: AFSAuthGroupSupport.cpp
39 #include "AFSCommon.h"
42 AFSRetrieveAuthGroup( IN ULONGLONG ProcessId,
43 IN ULONGLONG ThreadId,
47 NTSTATUS ntStatus = STATUS_SUCCESS;
48 AFSProcessCB *pProcessCB = NULL;
49 AFSThreadCB *pThreadCB = NULL;
50 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
51 GUID *pAuthGroup = NULL;
52 UNICODE_STRING uniGUIDString;
53 ULONG ulSessionId = 0;
54 BOOLEAN bImpersonation = FALSE;
59 ulSessionId = AFSGetSessionId( (HANDLE)ProcessId, &bImpersonation);
61 if( ulSessionId == (ULONG)-1)
64 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
65 AFS_TRACE_LEVEL_ERROR,
66 "%s Failed to retrieve session ID for PID %I64X\n",
70 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
73 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
74 AFS_TRACE_LEVEL_VERBOSE,
75 "%s Entry for Session %08lX PID %I64X TID %I64X\n",
81 ntStatus = AFSCheckThreadDacl( AuthGroup);
83 if( NT_SUCCESS( ntStatus))
86 uniGUIDString.Buffer = NULL;
87 uniGUIDString.Length = 0;
88 uniGUIDString.MaximumLength = 0;
90 RtlStringFromGUID( *AuthGroup,
93 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
94 AFS_TRACE_LEVEL_VERBOSE,
95 "%s Located AuthGroup %wZ via DACL for Session %08lX PID %I64X TID %I64X\n",
102 if( uniGUIDString.Buffer != NULL)
104 RtlFreeUnicodeString( &uniGUIDString);
107 try_return( ntStatus = STATUS_SUCCESS);
110 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
111 AFS_TRACE_LEVEL_VERBOSE,
112 "AFSRetrieveAuthGroup Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
113 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
114 PsGetCurrentThread());
116 ntStatus = STATUS_SUCCESS;
118 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
121 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
122 (ULONGLONG)ProcessId,
123 (AFSBTreeEntry **)&pProcessCB);
125 if( !NT_SUCCESS( ntStatus) ||
129 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
130 AFS_TRACE_LEVEL_ERROR,
131 "%s Failed to locate process entry for Session %08lX PID %I64X TID %I64X\n",
137 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
138 try_return( ntStatus);
141 for ( pThreadCB = pProcessCB->ThreadList;
143 pThreadCB = pThreadCB->Next)
146 if( pThreadCB->ThreadId == ThreadId)
152 if( pThreadCB != NULL &&
153 pThreadCB->ActiveAuthGroup != NULL)
155 pAuthGroup = pThreadCB->ActiveAuthGroup;
157 RtlCopyMemory( AuthGroup,
161 uniGUIDString.Buffer = NULL;
162 uniGUIDString.Length = 0;
163 uniGUIDString.MaximumLength = 0;
165 RtlStringFromGUID( *AuthGroup,
168 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
169 AFS_TRACE_LEVEL_VERBOSE,
170 "%s Located AuthGroup %wZ in thread Session %08lX PID %I64X TID %I64X\n",
177 if( uniGUIDString.Buffer != NULL)
179 RtlFreeUnicodeString( &uniGUIDString);
182 else if( pProcessCB->ActiveAuthGroup != NULL)
185 pAuthGroup = pProcessCB->ActiveAuthGroup;
187 RtlCopyMemory( AuthGroup,
191 uniGUIDString.Buffer = NULL;
192 uniGUIDString.Length = 0;
193 uniGUIDString.MaximumLength = 0;
195 RtlStringFromGUID( *AuthGroup,
198 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
199 AFS_TRACE_LEVEL_VERBOSE,
200 "%s Located AuthGroup %wZ in process Session %08lX PID %I64X TID %I64X\n",
207 if( uniGUIDString.Buffer != NULL)
209 RtlFreeUnicodeString( &uniGUIDString);
213 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
215 if( pAuthGroup == NULL ||
216 AFSIsNoPAGAuthGroup( pAuthGroup))
219 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
220 AFS_TRACE_LEVEL_VERBOSE,
221 "%s No AuthGroup located, validating process for Session %08lX PID %I64X TID %I64X\n",
227 pAuthGroup = AFSValidateProcessEntry();
229 if( pAuthGroup != NULL)
231 RtlCopyMemory( AuthGroup,
235 uniGUIDString.Buffer = NULL;
236 uniGUIDString.Length = 0;
237 uniGUIDString.MaximumLength = 0;
239 RtlStringFromGUID( *AuthGroup,
242 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
243 AFS_TRACE_LEVEL_VERBOSE,
244 "%s Located AuthGroup %wZ after validation Session %08lX PID %I64X TID %I64X\n",
251 if( uniGUIDString.Buffer != NULL)
253 RtlFreeUnicodeString( &uniGUIDString);
258 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
259 AFS_TRACE_LEVEL_ERROR,
260 "%s Failed to locate AuthGroup for Session %08lX PID %I64X TID %I64X\n",
277 // AFSIsLocalSystemAuthGroup returns TRUE if the AuthGroup matches
278 // the AuthGroup associated with the first process that communicates
279 // with the redirector which will always be "System" (PID 4).
283 AFSIsLocalSystemAuthGroup( IN GUID *AuthGroup)
286 BOOLEAN bIsLocalSys = FALSE;
287 AFSProcessCB *pProcessCB = NULL;
288 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
289 UNICODE_STRING uniGUIDString;
294 uniGUIDString.Length = 0;
295 uniGUIDString.MaximumLength = 0;
296 uniGUIDString.Buffer = NULL;
298 RtlStringFromGUID( *AuthGroup,
301 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
302 AFS_TRACE_LEVEL_VERBOSE_2,
303 "%s Checking AuthGroup %wZ\n",
307 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
310 pProcessCB = (AFSProcessCB *)pDeviceExt->Specific.Control.ProcessTree.TreeHead;
312 if( pProcessCB->ActiveAuthGroup != NULL &&
313 RtlCompareMemory( pProcessCB->ActiveAuthGroup,
315 sizeof( GUID)) == sizeof( GUID))
319 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
320 AFS_TRACE_LEVEL_VERBOSE,
321 "%s AuthGroup %wZ is LOCAL SYSTEM\n",
326 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
328 if( uniGUIDString.Buffer != NULL)
330 RtlFreeUnicodeString( &uniGUIDString);
338 AFSIsLocalSystemSID( IN UNICODE_STRING *SIDString)
341 BOOLEAN bIsLocalSys = FALSE;
342 UNICODE_STRING uniSysLocal;
347 RtlInitUnicodeString( &uniSysLocal,
350 if( RtlCompareUnicodeString( &uniSysLocal,
357 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
358 AFS_TRACE_LEVEL_VERBOSE_2,
359 "%s AuthGroup SID %wZ is %sLOCAL SYSTEM\n",
362 bIsLocalSys ? "" : "not ");
369 AFSIsNoPAGAuthGroup( IN GUID *AuthGroup)
372 BOOLEAN bIsNoPAG = FALSE;
373 UNICODE_STRING uniGUIDString;
378 uniGUIDString.Length = 0;
379 uniGUIDString.MaximumLength = 0;
380 uniGUIDString.Buffer = NULL;
382 RtlStringFromGUID( *AuthGroup,
385 if( RtlCompareMemory( AuthGroup,
387 sizeof( GUID)) == sizeof( GUID))
392 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
393 AFS_TRACE_LEVEL_VERBOSE_2,
394 "%s AuthGroup %wZ is %sNoPAG\n",
397 bIsNoPAG ? "" : "not ");
399 if( uniGUIDString.Buffer != NULL)
401 RtlFreeUnicodeString( &uniGUIDString);
409 // Creates a new AuthGroup and either activates it for
410 // the process or the current thread. If set as the
411 // new process AuthGroup, the prior AuthGroup list is
416 AFSCreateSetProcessAuthGroup( AFSAuthGroupRequestCB *CreateSetAuthGroup)
419 NTSTATUS ntStatus = STATUS_SUCCESS;
420 AFSProcessCB *pProcessCB = NULL;
421 AFSThreadCB *pThreadCB = NULL;
422 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
423 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
424 ULONGLONG ullThreadId = (ULONGLONG)PsGetCurrentThreadId();
425 UNICODE_STRING uniSIDString, uniPassedSIDString;
427 AFSProcessAuthGroupCB *pAuthGroup = NULL, *pLastAuthGroup = NULL;
428 ULONG ulSessionId = 0;
429 ULONGLONG ullTableHash = 0;
431 UNICODE_STRING uniCallerSID;
432 BOOLEAN bImpersonation = FALSE;
437 uniCallerSID.Length = 0;
438 uniCallerSID.MaximumLength = 0;
439 uniCallerSID.Buffer = NULL;
441 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
444 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
445 (ULONGLONG)ullProcessID,
446 (AFSBTreeEntry **)&pProcessCB);
448 if( !NT_SUCCESS( ntStatus) ||
452 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
453 AFS_TRACE_LEVEL_ERROR,
454 "%s Failed to locate process CB for PID %I64X\n",
458 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
459 try_return( ntStatus = STATUS_UNSUCCESSFUL);
462 AFSAcquireExcl( &pProcessCB->Lock,
465 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
467 ntStatus = AFSGetCallerSID( &uniCallerSID, &bImpersonation);
469 if( !NT_SUCCESS( ntStatus))
472 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
473 AFS_TRACE_LEVEL_ERROR,
474 "%s Failed to locate caller SID for PID %I64X Status %08lX\n",
479 try_return( ntStatus);
482 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
483 AFS_TRACE_LEVEL_VERBOSE,
484 "%s Retrieved caller SID %wZ for PID %I64X\n",
490 if( CreateSetAuthGroup->SIDLength != 0)
493 uniPassedSIDString.Length = CreateSetAuthGroup->SIDLength;
494 uniPassedSIDString.MaximumLength = uniPassedSIDString.Length;
496 uniPassedSIDString.Buffer = CreateSetAuthGroup->SIDString;
498 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
499 AFS_TRACE_LEVEL_VERBOSE,
500 "%s Validating passed SID %wZ for PID %I64X\n",
505 if( RtlCompareUnicodeString( &uniCallerSID,
510 if( !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH))
513 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
514 AFS_TRACE_LEVEL_ERROR,
515 "%s Caller specified SID %wZ for PID %I64X but caller is not LOCAL SYSTEM AUTHORITY\n",
520 try_return( ntStatus = STATUS_ACCESS_DENIED);
523 uniSIDString = uniPassedSIDString;
525 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
526 AFS_TRACE_LEVEL_VERBOSE,
527 "%s Using passed SID %wZ for PID %I64X\n",
534 uniSIDString = uniCallerSID;
536 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
537 AFS_TRACE_LEVEL_VERBOSE,
538 "%s Caller and passed SID are equal SID %wZ for PID %I64X\n",
546 uniSIDString = uniCallerSID;
548 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
549 AFS_TRACE_LEVEL_VERBOSE,
550 "%s No SID passed, using callers SID %wZ for PID %I64X\n",
556 ntStatus = RtlHashUnicodeString( &uniSIDString,
558 HASH_STRING_ALGORITHM_DEFAULT,
561 if( !NT_SUCCESS( ntStatus))
564 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
565 AFS_TRACE_LEVEL_ERROR,
566 "%s Failed to hash SID %wZ for PID %I64X Status %08lX\n",
572 try_return( ntStatus);
575 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
577 if( ulSessionId == (ULONG)-1)
580 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
581 AFS_TRACE_LEVEL_ERROR,
582 "%s Failed to retrieve SessionID PID %I64X Status %08lX\n",
587 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
590 if( CreateSetAuthGroup->SessionId != (ULONG)-1)
593 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
594 AFS_TRACE_LEVEL_VERBOSE,
595 "%s Checking passed SessionID %08lX for PID %I64X\n",
597 CreateSetAuthGroup->SessionId,
600 if( ulSessionId != CreateSetAuthGroup->SessionId)
603 if( !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH))
606 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
607 AFS_TRACE_LEVEL_ERROR,
608 "%s Passed SessionID %08lX for PID %I64X, failed because caller is not LOCAL SYSTEM AUTHORITY\n",
610 CreateSetAuthGroup->SessionId,
613 try_return( ntStatus = STATUS_ACCESS_DENIED);
616 ulSessionId = CreateSetAuthGroup->SessionId;
618 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
619 AFS_TRACE_LEVEL_VERBOSE,
620 "%s Using passed SessionID %08lX for PID %I64X\n",
628 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
629 AFS_TRACE_LEVEL_VERBOSE,
630 "%s Using callers SessionID %08lX for PID %I64X\n",
636 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
638 pAuthGroup = pProcessCB->AuthGroupList;
640 while( pAuthGroup != NULL)
643 if( pAuthGroup->AuthGroupHash == ullTableHash)
648 pLastAuthGroup = pAuthGroup;
650 pAuthGroup = pAuthGroup->Next;
653 if( pAuthGroup != NULL)
656 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
657 AFS_TRACE_LEVEL_ERROR,
658 "%s Located AuthGroup for SID %wZ SessionID %08lX for PID %I64X, failing request\n",
664 try_return( ntStatus = STATUS_INVALID_PARAMETER);
667 pAuthGroup = (AFSProcessAuthGroupCB *)AFSExAllocatePoolWithTag( NonPagedPool,
668 sizeof( AFSProcessAuthGroupCB),
669 AFS_AG_ENTRY_CB_TAG);
671 if( pAuthGroup == NULL)
673 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
676 RtlZeroMemory( pAuthGroup,
677 sizeof( AFSProcessAuthGroupCB));
679 pAuthGroup->AuthGroupHash = (ULONGLONG)ullTableHash;
681 while( ExUuidCreate( &pAuthGroup->AuthGroup) == STATUS_RETRY);
683 if( pLastAuthGroup == NULL)
685 pProcessCB->AuthGroupList = pAuthGroup;
689 pLastAuthGroup->Next = pAuthGroup;
692 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
693 AFS_TRACE_LEVEL_VERBOSE,
694 "%s Allocated new AuthGroup for SID %wZ SessionID %08lX for PID %I64X\n",
700 if( BooleanFlagOn( CreateSetAuthGroup->Flags, AFS_PAG_FLAGS_THREAD_AUTH_GROUP))
703 pThreadCB = pProcessCB->ThreadList;
705 while( pThreadCB != NULL)
708 if( pThreadCB->ThreadId == ullThreadId)
710 pThreadCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
714 pThreadCB = pThreadCB->Next;
717 if( pThreadCB == NULL)
720 pThreadCB = AFSInitializeThreadCB( pProcessCB,
723 if( pThreadCB == NULL)
725 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
728 pThreadCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
731 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
732 AFS_TRACE_LEVEL_VERBOSE,
733 "%s Set new AuthGroup for SID %wZ SessionID %08lX for PID %I64X on thread ID %I64X\n",
740 else if( BooleanFlagOn( CreateSetAuthGroup->Flags, AFS_PAG_FLAGS_SET_AS_ACTIVE))
742 pProcessCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
744 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
745 AFS_TRACE_LEVEL_VERBOSE,
746 "%s Set new AuthGroup for SID %wZ SessionID %08lX for PID %I64X on process\n",
755 if( pProcessCB != NULL)
757 AFSReleaseResource( &pProcessCB->Lock);
760 if( uniCallerSID.Length > 0)
762 RtlFreeUnicodeString( &uniCallerSID);
770 // Returns a list of the AuthGroup GUIDS associated
771 // with the current process, the current process GUID,
772 // and the current thread GUID.
776 AFSQueryProcessAuthGroupList( IN GUID *GUIDList,
777 IN ULONG BufferLength,
778 OUT ULONG_PTR *ReturnLength)
781 NTSTATUS ntStatus = STATUS_SUCCESS;
782 AFSProcessCB *pProcessCB = NULL;
783 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
784 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
785 ULONG ulRequiredLength = 0;
786 AFSProcessAuthGroupCB *pAuthGroup = NULL;
787 GUID *pCurrentGUID = GUIDList;
788 UNICODE_STRING uniGUIDString;
793 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
794 AFS_TRACE_LEVEL_VERBOSE,
795 "%s Entry for PID %I64X\n",
799 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
802 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
803 (ULONGLONG)ullProcessID,
804 (AFSBTreeEntry **)&pProcessCB);
806 if( !NT_SUCCESS( ntStatus) ||
810 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
811 AFS_TRACE_LEVEL_ERROR,
812 "%s Failed to locate process entry PID %I64X\n",
816 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
817 try_return( ntStatus = STATUS_UNSUCCESSFUL);
820 AFSAcquireShared( &pProcessCB->Lock,
823 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
825 pAuthGroup = pProcessCB->AuthGroupList;
827 ulRequiredLength = 0;
829 while( pAuthGroup != NULL)
831 ulRequiredLength += sizeof( GUID);
832 pAuthGroup = pAuthGroup->Next;
835 if( BufferLength == 0 ||
836 BufferLength < ulRequiredLength ||
840 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
841 AFS_TRACE_LEVEL_VERBOSE,
842 "%s Buffer too small for query, required %08lX for PID %I64X\n",
847 *ReturnLength = ulRequiredLength;
848 try_return( ntStatus = STATUS_BUFFER_OVERFLOW);
851 pAuthGroup = pProcessCB->AuthGroupList;
855 while( pAuthGroup != NULL)
857 RtlCopyMemory( pCurrentGUID,
858 &pAuthGroup->AuthGroup,
861 uniGUIDString.Buffer = NULL;
862 uniGUIDString.Length = 0;
863 uniGUIDString.MaximumLength = 0;
865 RtlStringFromGUID( pAuthGroup->AuthGroup,
868 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
869 AFS_TRACE_LEVEL_VERBOSE,
870 "%s Adding AuthGroup %wZ for PID %I64X\n",
875 if( uniGUIDString.Buffer != NULL)
877 RtlFreeUnicodeString( &uniGUIDString);
880 pCurrentGUID = (GUID *)((char *)pCurrentGUID + sizeof( GUID));
882 *ReturnLength += sizeof( GUID);
884 pAuthGroup = pAuthGroup->Next;
889 if( pProcessCB != NULL)
891 AFSReleaseResource( &pProcessCB->Lock);
899 // Permits the current AuthGroup for the process or
900 // thread to be set to the specified GUID. The GUID
901 // must be in the list of current values for the process.
905 AFSSetActiveProcessAuthGroup( IN AFSAuthGroupRequestCB *ActiveAuthGroup)
908 NTSTATUS ntStatus = STATUS_SUCCESS;
909 AFSProcessCB *pProcessCB = NULL;
910 AFSThreadCB *pThreadCB = NULL;
911 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
912 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
913 ULONGLONG ullThreadId = (ULONGLONG)PsGetCurrentThreadId();
914 AFSProcessAuthGroupCB *pAuthGroup = NULL;
915 UNICODE_STRING uniGUIDString;
920 uniGUIDString.Length = 0;
921 uniGUIDString.MaximumLength = 0;
922 uniGUIDString.Buffer = NULL;
924 RtlStringFromGUID( ActiveAuthGroup->AuthGroup,
927 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
928 AFS_TRACE_LEVEL_VERBOSE,
929 "%s Entry for ProcessID %I64X AuthGroup GUID %wZ\n",
934 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
937 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
938 (ULONGLONG)ullProcessID,
939 (AFSBTreeEntry **)&pProcessCB);
941 if( !NT_SUCCESS( ntStatus) ||
945 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
946 AFS_TRACE_LEVEL_ERROR,
947 "%s Failed to locate process entry for ProcessID %I64X\n",
951 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
952 try_return( ntStatus = STATUS_UNSUCCESSFUL);
956 AFSAcquireExcl( &pProcessCB->Lock,
959 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
961 pAuthGroup = pProcessCB->AuthGroupList;
963 while( pAuthGroup != NULL)
966 if( RtlCompareMemory( &ActiveAuthGroup->AuthGroup,
967 &pAuthGroup->AuthGroup,
968 sizeof( GUID)) == sizeof( GUID))
972 pAuthGroup = pAuthGroup->Next;
975 if( pAuthGroup == NULL)
978 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
979 AFS_TRACE_LEVEL_VERBOSE,
980 "%s Failed to locate AuthGroup for ProcessID %I64X AuthGroup GUID %wZ\n",
985 try_return( ntStatus = STATUS_INVALID_PARAMETER);
988 if( BooleanFlagOn( ActiveAuthGroup->Flags, AFS_PAG_FLAGS_THREAD_AUTH_GROUP))
991 pThreadCB = pProcessCB->ThreadList;
993 while( pThreadCB != NULL)
996 if( pThreadCB->ThreadId == ullThreadId)
998 pThreadCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
1002 pThreadCB = pThreadCB->Next;
1005 if( pThreadCB == NULL)
1008 pThreadCB = AFSInitializeThreadCB( pProcessCB,
1011 if( pThreadCB == NULL)
1013 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
1016 pThreadCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
1019 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1020 AFS_TRACE_LEVEL_VERBOSE,
1021 "%s Set active AuthGroup for ProcessID %I64X AuthGroup GUID %wZ on thread %I64X\n",
1029 pProcessCB->ActiveAuthGroup = &pAuthGroup->AuthGroup;
1031 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1032 AFS_TRACE_LEVEL_VERBOSE,
1033 "%s Set active AuthGroup for ProcessID %I64X AuthGroup GUID %wZ on process\n",
1041 if( pProcessCB != NULL)
1043 AFSReleaseResource( &pProcessCB->Lock);
1046 if( uniGUIDString.Buffer != NULL)
1048 RtlFreeUnicodeString( &uniGUIDString);
1056 // Resets the current AuthGroup for the process or
1057 // thread to the SID-AuthGroup
1061 AFSResetActiveProcessAuthGroup( IN IN AFSAuthGroupRequestCB *AuthGroup)
1064 NTSTATUS ntStatus = STATUS_SUCCESS;
1065 GUID *pAuthGroup = NULL;
1066 AFSProcessCB *pProcessCB = NULL;
1067 AFSThreadCB *pThreadCB = NULL;
1068 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
1069 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
1070 ULONGLONG ullThreadId = (ULONGLONG)PsGetCurrentThreadId();
1075 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1076 AFS_TRACE_LEVEL_VERBOSE,
1077 "%s Entry for ProcessID %I64X\n",
1081 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
1084 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
1085 (ULONGLONG)ullProcessID,
1086 (AFSBTreeEntry **)&pProcessCB);
1088 if( !NT_SUCCESS( ntStatus) ||
1092 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1093 AFS_TRACE_LEVEL_ERROR,
1094 "%s Failed to locate AuthGroup for ProcessID %I64X\n",
1098 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
1099 try_return( ntStatus = STATUS_UNSUCCESSFUL);
1102 AFSAcquireExcl( &pProcessCB->Lock,
1105 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
1107 if( BooleanFlagOn( AuthGroup->Flags, AFS_PAG_FLAGS_THREAD_AUTH_GROUP))
1110 pThreadCB = pProcessCB->ThreadList;
1112 while( pThreadCB != NULL)
1115 if( pThreadCB->ThreadId == ullThreadId)
1117 pThreadCB->ActiveAuthGroup = NULL;
1121 pThreadCB = pThreadCB->Next;
1124 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1125 AFS_TRACE_LEVEL_VERBOSE,
1126 "%s Reset AuthGroup list on thread %I64X for ProcessID %I64X\n",
1133 pProcessCB->ActiveAuthGroup = NULL;
1135 pThreadCB = pProcessCB->ThreadList;
1137 while( pThreadCB != NULL)
1139 pThreadCB->ActiveAuthGroup = NULL;
1140 pThreadCB = pThreadCB->Next;
1143 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1144 AFS_TRACE_LEVEL_VERBOSE,
1145 "%s Reset AuthGroup list on process for ProcessID %I64X\n",
1150 AFSReleaseResource( &pProcessCB->Lock);
1161 // When bLogonSession == FALSE, the SID must not be specified
1162 // and the SessionId must be -1. A new AuthGroup GUID is
1163 // assigned to the SID and SessionId of the calling Process.
1165 // When bLogonSession == TRUE, the SID must be specified and
1166 // the SessionId must not be -1. The SID of the calling process
1167 // must be LOCAL_SYSTEM and a new AuthGroup GUID is assigned to
1168 // the specified SID and logon session.
1172 AFSCreateAuthGroupForSIDorLogonSession( IN AFSAuthGroupRequestCB *AuthGroupRequestCB,
1173 IN BOOLEAN bLogonSession)
1176 NTSTATUS ntStatus = STATUS_SUCCESS;
1177 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
1178 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
1179 ULONGLONG ullThreadId = (ULONGLONG)PsGetCurrentThreadId();
1180 UNICODE_STRING uniSIDString, uniPassedSIDString;
1181 ULONG ulSIDHash = 0;
1182 AFSSIDEntryCB *pSIDEntryCB = NULL;
1183 ULONG ulSessionId = 0;
1184 ULONGLONG ullTableHash = 0;
1186 UNICODE_STRING uniCallerSID;
1187 UNICODE_STRING uniGUID;
1188 BOOLEAN bLocalSystem = FALSE;
1189 BOOLEAN bImpersonation = FALSE;
1194 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1195 AFS_TRACE_LEVEL_VERBOSE,
1196 "%s Entry for ProcessID %I64X ThreadID %I64X\n",
1201 ntStatus = AFSGetCallerSID( &uniCallerSID, &bImpersonation);
1203 if( !NT_SUCCESS( ntStatus))
1206 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1207 AFS_TRACE_LEVEL_ERROR,
1208 "%s Failed to retrieve callers SID for ProcessID %I64X ThreadID %I64X Status %08lX\n",
1214 try_return( ntStatus);
1217 bLocalSystem = AFSIsLocalSystemSID( &uniCallerSID);
1219 if( bLogonSession == TRUE &&
1220 bLocalSystem == FALSE)
1223 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1224 AFS_TRACE_LEVEL_ERROR,
1225 "%s caller is %wZ and LOCAL SYSTEM AUTHORITY required\n",
1229 try_return( ntStatus = STATUS_ACCESS_DENIED);
1232 if ( bLogonSession == TRUE &&
1233 ( AuthGroupRequestCB == NULL ||
1234 AuthGroupRequestCB->SIDLength == 0 ||
1235 AuthGroupRequestCB->SessionId == (ULONG)-1))
1238 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1239 AFS_TRACE_LEVEL_ERROR,
1240 "%s SID and SessionId are mandatory\n",
1243 try_return( ntStatus = STATUS_INVALID_PARAMETER);
1246 if ( bLogonSession == FALSE &&
1247 AuthGroupRequestCB != NULL &&
1248 ( AuthGroupRequestCB->SIDLength > 0 ||
1249 AuthGroupRequestCB->SessionId != (ULONG)-1))
1252 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1253 AFS_TRACE_LEVEL_ERROR,
1254 "%s SID and SessionId must not be specified\n",
1257 try_return( ntStatus = STATUS_INVALID_PARAMETER);
1261 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1262 AFS_TRACE_LEVEL_VERBOSE,
1263 "%s Retrieved callers SID %wZ for ProcessID %I64X ThreadID %I64X\n",
1269 if( AuthGroupRequestCB != NULL &&
1270 AuthGroupRequestCB->SIDLength != 0)
1273 uniPassedSIDString.Length = AuthGroupRequestCB->SIDLength;
1274 uniPassedSIDString.MaximumLength = uniPassedSIDString.Length;
1276 uniPassedSIDString.Buffer = AuthGroupRequestCB->SIDString;
1278 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1279 AFS_TRACE_LEVEL_VERBOSE,
1280 "%s Checking passed SID %wZ for ProcessID %I64X ThreadID %I64X\n",
1282 &uniPassedSIDString,
1286 if( RtlCompareUnicodeString( &uniCallerSID,
1287 &uniPassedSIDString,
1294 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1295 AFS_TRACE_LEVEL_ERROR,
1296 "%s Not using passed SID %wZ for ProcessID %I64X ThreadID %I64X caller is not LOCAL SYSTEM AUTHORITY\n",
1298 &uniPassedSIDString,
1302 try_return( ntStatus = STATUS_ACCESS_DENIED);
1305 uniSIDString = uniPassedSIDString;
1307 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1308 AFS_TRACE_LEVEL_VERBOSE,
1309 "%s Using passed SID %wZ for ProcessID %I64X ThreadID %I64X\n",
1317 uniSIDString = uniCallerSID;
1319 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1320 AFS_TRACE_LEVEL_VERBOSE,
1321 "%s Both SIDs are equal, using callers SID %wZ for ProcessID %I64X ThreadID %I64X\n",
1330 uniSIDString = uniCallerSID;
1332 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1333 AFS_TRACE_LEVEL_VERBOSE,
1334 "%s Using callers SID %wZ for ProcessID %I64X ThreadID %I64X\n",
1341 ntStatus = RtlHashUnicodeString( &uniSIDString,
1343 HASH_STRING_ALGORITHM_DEFAULT,
1346 if( !NT_SUCCESS( ntStatus))
1349 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1350 AFS_TRACE_LEVEL_ERROR,
1351 "%s Failed to hash SID %wZ for ProcessID %I64X ThreadID %I64X Status %08lX\n",
1358 try_return( ntStatus);
1361 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
1363 if( ulSessionId == (ULONG)-1)
1366 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1367 AFS_TRACE_LEVEL_ERROR,
1368 "%s Failed to retrieve session ID for ProcessID %I64X ThreadID %I64X\n",
1373 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
1376 if( bLogonSession == TRUE &&
1377 AuthGroupRequestCB != NULL &&
1378 AuthGroupRequestCB->SessionId != (ULONG)-1)
1381 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1382 AFS_TRACE_LEVEL_VERBOSE,
1383 "%s Checking passed SessionID %08lX for ProcessID %I64X ThreadID %I64X\n",
1385 AuthGroupRequestCB->SessionId,
1389 if( ulSessionId != AuthGroupRequestCB->SessionId)
1392 ulSessionId = AuthGroupRequestCB->SessionId;
1394 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1395 AFS_TRACE_LEVEL_VERBOSE,
1396 "%s Using passed SessionID %08lX for ProcessID %I64X ThreadID %I64X\n",
1398 AuthGroupRequestCB->SessionId,
1406 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1407 AFS_TRACE_LEVEL_VERBOSE,
1408 "%s Using callers SessionID %08lX for ProcessID %I64X ThreadID %I64X\n",
1415 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
1417 AFSAcquireExcl( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
1420 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
1421 (ULONGLONG)ullTableHash,
1422 (AFSBTreeEntry **)&pSIDEntryCB);
1424 if( NT_SUCCESS( ntStatus) &&
1425 pSIDEntryCB != NULL)
1428 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1429 AFS_TRACE_LEVEL_VERBOSE,
1430 "%s Located SID entry for SID %wZ SessionID %08lX ProcessID %I64X ThreadID %I64X, updating GUID\n",
1437 uniGUID.Buffer = NULL;
1439 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
1442 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1443 AFS_TRACE_LEVEL_VERBOSE,
1444 "%s Updating existing AuthGroup GUID %wZ\n",
1448 if( uniGUID.Buffer != NULL)
1450 RtlFreeUnicodeString( &uniGUID);
1453 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
1455 uniGUID.Buffer = NULL;
1457 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
1460 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1461 AFS_TRACE_LEVEL_VERBOSE,
1462 "%s Updated existing AuthGroup GUID %wZ\n",
1466 if( uniGUID.Buffer != NULL)
1468 RtlFreeUnicodeString( &uniGUID);
1471 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
1472 try_return( ntStatus);
1475 pSIDEntryCB = (AFSSIDEntryCB *)AFSExAllocatePoolWithTag( NonPagedPool,
1476 sizeof( AFSSIDEntryCB),
1477 AFS_AG_ENTRY_CB_TAG);
1479 if( pSIDEntryCB == NULL)
1481 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
1482 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
1485 RtlZeroMemory( pSIDEntryCB,
1486 sizeof( AFSSIDEntryCB));
1488 pSIDEntryCB->TreeEntry.HashIndex = (ULONGLONG)ullTableHash;
1490 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
1492 if( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead == NULL)
1494 pDeviceExt->Specific.Control.AuthGroupTree.TreeHead = (AFSBTreeEntry *)pSIDEntryCB;
1498 AFSInsertHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
1499 &pSIDEntryCB->TreeEntry);
1502 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
1504 uniGUID.Buffer = NULL;
1506 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
1509 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1510 AFS_TRACE_LEVEL_VERBOSE,
1511 "%s Created new AuthGroup GUID %wZ SID %wZ Session %08lX\n",
1517 if( uniGUID.Buffer != NULL)
1519 RtlFreeUnicodeString( &uniGUID);
1524 if( uniCallerSID.Length > 0)
1526 RtlFreeUnicodeString( &uniCallerSID);
1534 // Given a SID and SessionId as input, returns the associated AuthGroup GUID.
1535 // If SID or SessionId are not specified, the current process values are used.
1539 AFSQueryAuthGroup( IN AFSAuthGroupRequestCB *AuthGroup,
1540 OUT GUID *AuthGroupGUID,
1541 OUT ULONG_PTR *ReturnLength)
1544 NTSTATUS ntStatus = STATUS_SUCCESS;
1545 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
1546 ULONGLONG ullProcessID = (ULONGLONG)PsGetCurrentProcessId();
1547 UNICODE_STRING uniSIDString;
1548 ULONG ulSIDHash = 0;
1549 AFSSIDEntryCB *pSIDEntryCB = NULL;
1550 ULONG ulSessionId = 0;
1551 ULONGLONG ullTableHash = 0;
1552 BOOLEAN bReleaseSID = FALSE;
1553 UNICODE_STRING uniGUID;
1554 BOOLEAN bImpersonation = FALSE;
1559 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1560 AFS_TRACE_LEVEL_VERBOSE,
1561 "%s Entry for ProcessID %I64X\n",
1565 if( AuthGroup == NULL ||
1566 AuthGroup->SIDLength == 0)
1569 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1570 AFS_TRACE_LEVEL_VERBOSE,
1571 "%s No SID specified, retrieving callers SID for ProcessID %I64X\n",
1575 ntStatus = AFSGetCallerSID( &uniSIDString, &bImpersonation);
1577 if( !NT_SUCCESS( ntStatus))
1580 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1581 AFS_TRACE_LEVEL_ERROR,
1582 "%s Failed to retrieve callers SID for ProcessID %I64X Status %08lX\n",
1587 try_return( ntStatus);
1592 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1593 AFS_TRACE_LEVEL_VERBOSE,
1594 "%s Retrieved callers SID %wZ for ProcessID %I64X\n",
1602 uniSIDString.Length = AuthGroup->SIDLength;
1603 uniSIDString.MaximumLength = uniSIDString.Length;
1605 uniSIDString.Buffer = AuthGroup->SIDString;
1607 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1608 AFS_TRACE_LEVEL_VERBOSE,
1609 "%s Using passed SID %wZ for ProcessID %I64X\n",
1615 ntStatus = RtlHashUnicodeString( &uniSIDString,
1617 HASH_STRING_ALGORITHM_DEFAULT,
1620 if( !NT_SUCCESS( ntStatus))
1623 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1624 AFS_TRACE_LEVEL_ERROR,
1625 "%s Failed to hash SID %wZ for ProcessID %I64X Status %08lX\n",
1631 try_return( ntStatus);
1634 if( AuthGroup == NULL ||
1635 AuthGroup->SessionId == -1)
1638 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1639 AFS_TRACE_LEVEL_VERBOSE,
1640 "%s No SessionID specified, retrieving callers for ProcessID %I64X\n",
1644 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
1646 if( ulSessionId == (ULONG)-1)
1649 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1650 AFS_TRACE_LEVEL_ERROR,
1651 "%s Failed to retrieve callers Session ID for ProcessID %I64X\n",
1655 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
1658 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1659 AFS_TRACE_LEVEL_VERBOSE,
1660 "%s Retrieved callers SessionID %08lX for ProcessID %I64X\n",
1667 ulSessionId = AuthGroup->SessionId;
1669 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1670 AFS_TRACE_LEVEL_VERBOSE,
1671 "%s Using passed SessionID %08lX for ProcessID %I64X\n",
1677 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
1679 AFSAcquireShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
1682 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
1683 (ULONGLONG)ullTableHash,
1684 (AFSBTreeEntry **)&pSIDEntryCB);
1686 if( pSIDEntryCB == NULL)
1689 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1690 AFS_TRACE_LEVEL_ERROR,
1691 "%s Failed to locate SID entry for SID %wZ SessionID %08lX ProcessID %I64X\n",
1697 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
1698 try_return( ntStatus = STATUS_NOT_FOUND);
1701 RtlCopyMemory( AuthGroupGUID,
1702 &pSIDEntryCB->AuthGroup,
1705 *ReturnLength = sizeof( GUID);
1707 uniGUID.Buffer = NULL;
1709 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
1712 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
1713 AFS_TRACE_LEVEL_VERBOSE,
1714 "%s Retrieved AuthGroup GUID %wZ for ProcessID %I64X\n",
1719 if( uniGUID.Buffer != NULL)
1721 RtlFreeUnicodeString( &uniGUID);
1724 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
1729 uniSIDString.Length > 0)
1731 RtlFreeUnicodeString( &uniSIDString);