Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 12:13:01 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV][MSV1_0]

Browse source 
- Move the creation of the default DACL from msv1_0 to lsasrv. Create the default DACL only if the selected authentication package does not provide one.

svn path=/trunk/; revision=61401
This commit is contained in:
Eric Kohl 2013-12-25 13:24:42 +00:00
parent aac4baa0ad
commit 021ea6a4f8
4 changed files with 175 additions and 128 deletions
Download patch file Download diff file Expand all files Collapse all files

105
reactos/dll/win32/lsasrv/authpackage.c
View file

@ -547,9 +547,9 @@ LsapCopyLocalGroups(
PTOKEN_GROUPS LocalGroups = NULL; PTOKEN_GROUPS LocalGroups = NULL;
ULONG SidHeaderLength = 0; ULONG SidHeaderLength = 0;
PSID SidHeader = NULL; PSID SidHeader = NULL;
PSID Sid; PSID SrcSid, DstSid;
ULONG SidLength; ULONG SidLength;
ULONG CopiedSids = 0; ULONG AllocatedSids = 0;
ULONG i; ULONG i;
NTSTATUS Status; NTSTATUS Status;
@ -585,8 +585,10 @@ LsapCopyLocalGroups(
for (i = 0; i < ClientGroupsCount; i++) for (i = 0; i < ClientGroupsCount; i++)
{ {
SrcSid = LocalGroups->Groups[i].Sid;
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle, Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
LocalGroups->Groups[i].Sid, SrcSid,
SidHeader, SidHeader,
SidHeaderLength, SidHeaderLength,
NULL); NULL);
@ -596,28 +598,28 @@ LsapCopyLocalGroups(
SidLength = RtlLengthSid(SidHeader); SidLength = RtlLengthSid(SidHeader);
TRACE("Sid %lu: Length %lu\n", i, SidLength); TRACE("Sid %lu: Length %lu\n", i, SidLength);
Sid = RtlAllocateHeap(RtlGetProcessHeap(), DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY, HEAP_ZERO_MEMORY,
SidLength); SidLength);
if (SidHeader == NULL) if (DstSid == NULL)
{ {
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
goto done; goto done;
} }
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle, Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
LocalGroups->Groups[i].Sid, SrcSid,
Sid, DstSid,
SidLength, SidLength,
NULL); NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
RtlFreeHeap(RtlGetProcessHeap(), 0, Sid); RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
goto done; goto done;
} }
LocalGroups->Groups[i].Sid = Sid; LocalGroups->Groups[i].Sid = DstSid;
CopiedSids++; AllocatedSids++;
} }
*TokenGroups = LocalGroups; *TokenGroups = LocalGroups;
@ -630,7 +632,7 @@ done:
{ {
if (LocalGroups != NULL) if (LocalGroups != NULL)
{ {
for (i = 0; i < CopiedSids; i++) for (i = 0; i < AllocatedSids; i++)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid); RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups); RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
@ -641,6 +643,52 @@ done:
} }
static
NTSTATUS
LsapAddTokenDefaultDacl(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
{
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
PACL Dacl = NULL;
ULONG Length;
if (TokenInformationType == LsaTokenInformationV1)
{
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
return STATUS_SUCCESS;
Length = sizeof(ACL) +
(2 * sizeof(ACCESS_ALLOWED_ACE)) +
RtlLengthSid(TokenInfo1->Owner.Owner) +
RtlLengthSid(LsapLocalSystemSid);
Dacl = DispatchTable.AllocateLsaHeap(Length);
if (Dacl == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCreateAcl(Dacl, Length, ACL_REVISION);
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
TokenInfo1->Owner.Owner);
/* SID: S-1-5-18 */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LsapLocalSystemSid);
TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
}
return STATUS_SUCCESS;
}
NTSTATUS NTSTATUS
LsapLogonUser(PLSA_API_MSG RequestMsg, LsapLogonUser(PLSA_API_MSG RequestMsg,
PLSAP_LOGON_CONTEXT LogonContext) PLSAP_LOGON_CONTEXT LogonContext)
@ -669,7 +717,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
Package = LsapGetAuthenticationPackage(PackageId); Package = LsapGetAuthenticationPackage(PackageId);
if (Package == NULL) if (Package == NULL)
{ {
TRACE("LsapGetAuthenticationPackage() failed to find a package\n"); ERR("LsapGetAuthenticationPackage() failed to find a package\n");
return STATUS_NO_SUCH_PACKAGE; return STATUS_NO_SUCH_PACKAGE;
} }
@ -681,7 +729,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
RequestMsg->LogonUser.Request.AuthenticationInformationLength); RequestMsg->LogonUser.Request.AuthenticationInformationLength);
if (LocalAuthInfo == NULL) if (LocalAuthInfo == NULL)
{ {
TRACE("RtlAllocateHeap() failed\n"); ERR("RtlAllocateHeap() failed\n");
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
} }
@ -693,7 +741,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
NULL); NULL);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status); ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo); RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
return Status; return Status;
} }
@ -706,7 +754,10 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
RequestMsg->LogonUser.Request.LocalGroupsCount, RequestMsg->LogonUser.Request.LocalGroupsCount,
&LocalGroups); &LocalGroups);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{
ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
goto done; goto done;
}
TRACE("GroupCount: %lu\n", LocalGroups->GroupCount); TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
} }
@ -766,7 +817,16 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status); ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = LsapAddTokenDefaultDacl(TokenInformation,
TokenInformationType);
if (!NT_SUCCESS(Status))
{
ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
goto done; goto done;
} }
@ -802,7 +862,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
&RequestMsg->LogonUser.Request.SourceContext); &RequestMsg->LogonUser.Request.SourceContext);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status); ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
goto done; goto done;
} }
} }
@ -823,7 +883,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE); DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status); ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
goto done; goto done;
} }
@ -832,7 +892,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId); Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status); ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
goto done; goto done;
} }
@ -847,7 +907,10 @@ done:
if (LocalGroups != NULL) if (LocalGroups != NULL)
{ {
for (i = 0; i < LocalGroups->GroupCount; i++) for (i = 0; i < LocalGroups->GroupCount; i++)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid); {
if (LocalGroups->Groups[i].Sid != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
}
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups); RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
} }

130
reactos/dll/win32/lsasrv/lookup.c
View file

@ -80,6 +80,7 @@ typedef struct _WELL_KNOWN_SID
LIST_ENTRY WellKnownSidListHead; LIST_ENTRY WellKnownSidListHead;
PSID LsapLocalSystemSid = NULL;
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
@ -90,7 +91,8 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
PULONG SubAuthorities, PULONG SubAuthorities,
PWSTR AccountName, PWSTR AccountName,
PWSTR DomainName, PWSTR DomainName,
SID_NAME_USE Use) SID_NAME_USE Use,
PSID *SidPtr)
{ {
PWELL_KNOWN_SID SidEntry; PWELL_KNOWN_SID SidEntry;
PULONG p; PULONG p;
@ -159,6 +161,9 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
InsertTailList(&WellKnownSidListHead, InsertTailList(&WellKnownSidListHead,
&SidEntry->ListEntry); &SidEntry->ListEntry);
if (SidPtr != NULL)
*SidPtr = SidEntry->Sid;
return TRUE; return TRUE;
} }
@ -184,7 +189,8 @@ LsapInitSids(VOID)
NULL, NULL,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeDomain); SidTypeDomain,
NULL);
/* Null Sid */ /* Null Sid */
LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
@ -195,7 +201,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* World Sid */ /* World Sid */
LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
@ -206,7 +213,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Local Sid */ /* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@ -217,7 +225,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Creator Owner Sid */ /* Creator Owner Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
@ -228,7 +237,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Creator Group Sid */ /* Creator Group Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
@ -239,7 +249,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Creator Owner Server Sid */ /* Creator Owner Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
@ -250,7 +261,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Creator Group Server Sid */ /* Creator Group Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
@ -261,7 +273,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Dialup Sid */ /* Dialup Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@ -273,7 +286,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Network Sid */ /* Network Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@ -284,7 +298,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Batch Sid*/ /* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@ -295,7 +310,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Interactive Sid */ /* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@ -306,7 +322,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Service Sid */ /* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@ -317,7 +334,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Anonymous Logon Sid */ /* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
@ -328,7 +346,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Proxy Sid */ /* Proxy Sid */
LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
@ -339,7 +358,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Enterprise Controllers Sid */ /* Enterprise Controllers Sid */
LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
@ -350,7 +370,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Principal Self Sid */ /* Principal Self Sid */
LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
@ -361,7 +382,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Authenticated Users Sid */ /* Authenticated Users Sid */
LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
@ -372,7 +394,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Restricted Code Sid */ /* Restricted Code Sid */
LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
@ -383,7 +406,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Terminal Server Sid */ /* Terminal Server Sid */
LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
@ -394,7 +418,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Remote Logon Sid */ /* Remote Logon Sid */
LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
@ -405,7 +430,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* This Organization Sid */ /* This Organization Sid */
LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
@ -416,7 +442,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Local System Sid */ /* Local System Sid */
LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
@ -427,7 +454,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
&LsapLocalSystemSid);
/* Local Service Sid */ /* Local Service Sid */
LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
@ -438,14 +466,16 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
LsapCreateSid(&NtAuthority, LsapCreateSid(&NtAuthority,
1, 1,
SubAuthorities, SubAuthorities,
L"LOCALSERVICE", L"LOCALSERVICE",
L"NT AUTHORITY", L"NT AUTHORITY",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Network Service Sid */ /* Network Service Sid */
LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
@ -456,14 +486,16 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
LsapCreateSid(&NtAuthority, LsapCreateSid(&NtAuthority,
1, 1,
SubAuthorities, SubAuthorities,
L"NETWORKSERVICE", L"NETWORKSERVICE",
L"NT AUTHORITY", L"NT AUTHORITY",
SidTypeWellKnownGroup); SidTypeWellKnownGroup,
NULL);
/* Builtin Domain Sid */ /* Builtin Domain Sid */
LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
@ -475,7 +507,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeDomain); SidTypeDomain,
NULL);
/* Administrators Alias Sid */ /* Administrators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
@ -487,7 +520,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Users Alias Sid */ /* Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
@ -499,7 +533,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Guests Alias Sid */ /* Guests Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
@ -511,7 +546,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Power User Alias Sid */ /* Power User Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
@ -523,7 +559,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Account Operators Alias Sid */ /* Account Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
@ -535,7 +572,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* System Operators Alias Sid */ /* System Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
@ -547,7 +585,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Print Operators Alias Sid */ /* Print Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
@ -559,7 +598,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Backup Operators Alias Sid */ /* Backup Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
@ -571,7 +611,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Replicators Alias Sid */ /* Replicators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
@ -583,7 +624,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* RAS Servers Alias Sid */ /* RAS Servers Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
@ -595,7 +637,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Pre-Windows 2000 Compatible Access Alias Sid */ /* Pre-Windows 2000 Compatible Access Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
@ -607,7 +650,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Remote Desktop Users Alias Sid */ /* Remote Desktop Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
@ -619,7 +663,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* Network Configuration Operators Alias Sid */ /* Network Configuration Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80); LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
@ -631,7 +676,8 @@ LsapInitSids(VOID)
SubAuthorities, SubAuthorities,
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeAlias); SidTypeAlias,
NULL);
/* FIXME: Add more well known sids */ /* FIXME: Add more well known sids */

3
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -91,6 +91,9 @@ extern UNICODE_STRING BuiltinDomainName;
extern PSID AccountDomainSid; extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName; extern UNICODE_STRING AccountDomainName;
extern PSID LsapLocalSystemSid;
/* authpackage.c */ /* authpackage.c */
NTSTATUS NTSTATUS
LsapInitAuthPackages(VOID); LsapInitAuthPackages(VOID);

65
reactos/dll/win32/msv1_0/msv1_0.c
View file

@ -571,66 +571,6 @@ BuildTokenOwner(PTOKEN_OWNER Owner,
} }
static
NTSTATUS
BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
PSID OwnerSid)
{
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PSID LocalSystemSid = NULL;
PACL Dacl = NULL;
NTSTATUS Status = STATUS_SUCCESS;
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&LocalSystemSid);
Dacl = DispatchTable.AllocateLsaHeap(1024);
if (Dacl == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
if (!NT_SUCCESS(Status))
goto done;
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
OwnerSid);
/* SID: S-1-5-18 */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LocalSystemSid);
DefaultDacl->DefaultDacl = Dacl;
done:
if (!NT_SUCCESS(Status))
{
if (Dacl != NULL)
DispatchTable.FreeLsaHeap(Dacl);
}
if (LocalSystemSid != NULL)
RtlFreeSid(LocalSystemSid);
return Status;
}
static static
NTSTATUS NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@ -683,11 +623,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
OwnerSid);
if (!NT_SUCCESS(Status))
goto done;
*TokenInformation = Buffer; *TokenInformation = Buffer;
done: done: