Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-30 19:14:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV]

Browse source 
- Store the names and SIDs of the built-in and account domains in global vaiables.
- Move the lookup code for isolated names to a separate function.

svn path=/trunk/; revision=57511
This commit is contained in:
Eric Kohl 2012-10-07 12:10:45 +00:00
parent 4bebb78d5e
commit 1c7cd63a6f
3 changed files with 292 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

152
reactos/dll/win32/lsasrv/database.c
View file

@ -17,6 +17,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
static HANDLE SecurityKeyHandle = NULL;
SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
PSID BuiltinDomainSid = NULL;
PSID AccountDomainSid = NULL;
UNICODE_STRING BuiltinDomainName = {0, 0, NULL};
UNICODE_STRING AccountDomainName = {0, 0, NULL};
/* FUNCTIONS ***************************************************************/
@ -202,14 +213,13 @@ Done:
static NTSTATUS
LsapCreateRandomDomainSid(OUT PSID *Sid)
{
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
LARGE_INTEGER SystemTime;
PULONG Seed;
NtQuerySystemTime(&SystemTime);
Seed = &SystemTime.u.LowPart;
return RtlAllocateAndInitializeSid(&SystemAuthority,
return RtlAllocateAndInitializeSid(&NtAuthority,
4,
SECURITY_NT_NON_UNIQUE,
RtlUniform(Seed),
@ -380,6 +390,137 @@ LsapUpdateDatabase(VOID)
}
static NTSTATUS
LsapGetDomainInfo(VOID)
{
PLSA_DB_OBJECT PolicyObject = NULL;
PUNICODE_STRING DomainName = NULL;
ULONG AttributeSize;
LPWSTR SidString = NULL;
NTSTATUS Status;
/* Get the built-in domain SID and name */
Status = RtlAllocateAndInitializeSid(&NtAuthority,
1,
SECURITY_BUILTIN_DOMAIN_RID,
0, 0, 0, 0, 0, 0, 0,
&BuiltinDomainSid);
if (!NT_SUCCESS(Status))
return Status;
/**/
RtlInitUnicodeString(&BuiltinDomainName,
L"BUILTIN");
/* Open the 'Policy' object */
Status = LsapOpenDbObject(NULL,
NULL,
L"Policy",
LsaDbPolicyObject,
0,
&PolicyObject);
if (!NT_SUCCESS(Status))
goto done;
/* Get the account domain SID */
AttributeSize = 0;
Status = LsapGetObjectAttribute(PolicyObject,
L"PolAcDmS",
NULL,
&AttributeSize);
if (!NT_SUCCESS(Status))
goto done;
if (AttributeSize > 0)
{
AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AttributeSize);
if (AccountDomainSid == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = LsapGetObjectAttribute(PolicyObject,
L"PolAcDmS",
AccountDomainSid,
&AttributeSize);
if (!NT_SUCCESS(Status))
goto done;
}
/* Get the account domain name */
AttributeSize = 0;
Status = LsapGetObjectAttribute(PolicyObject,
L"PolAcDmN",
NULL,
&AttributeSize);
if (!NT_SUCCESS(Status))
goto done;
if (AttributeSize > 0)
{
DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AttributeSize);
if (DomainName == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = LsapGetObjectAttribute(PolicyObject,
L"PolAcDmN",
DomainName,
&AttributeSize);
if (!NT_SUCCESS(Status))
goto done;
DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
AccountDomainName.Length = DomainName->Length;
AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AccountDomainName.MaximumLength);
if (AccountDomainName.Buffer == NULL)
{
ERR("Failed to allocate the account domain name buffer\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
RtlCopyMemory(AccountDomainName.Buffer,
DomainName->Buffer,
DomainName->Length);
}
ConvertSidToStringSidW(BuiltinDomainSid, &SidString);
TRACE("Builtin Domain SID: %S\n", SidString);
LocalFree(SidString);
SidString = NULL;
TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
ConvertSidToStringSidW(AccountDomainSid, &SidString);
TRACE("Account Domain SID: %S\n", SidString);
LocalFree(SidString);
SidString = NULL;
TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
done:
if (DomainName != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
if (PolicyObject != NULL)
LsapCloseDbObject(PolicyObject);
return Status;
}
NTSTATUS
LsapInitDatabase(VOID)
{
@ -420,6 +561,13 @@ LsapInitDatabase(VOID)
}
}
Status = LsapGetDomainInfo();
if (!NT_SUCCESS(Status))
{
ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
return Status;
}
TRACE("LsapInitDatabase() done\n");
return STATUS_SUCCESS;

12
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -60,6 +60,18 @@ typedef struct _LSAP_POLICY_AUDIT_EVENTS_DATA
} LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA;
extern SID_IDENTIFIER_AUTHORITY NullSidAuthority;
extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority;
extern SID_IDENTIFIER_AUTHORITY CreatorSidAuthority;
extern SID_IDENTIFIER_AUTHORITY NtAuthority;
extern PSID BuiltinDomainSid;
extern UNICODE_STRING BuiltinDomainName;
extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName;
/* authport.c */
NTSTATUS
StartAuthenticationPort(VOID);

143
reactos/dll/win32/lsasrv/sids.c
View file

@ -21,16 +21,8 @@ typedef struct _WELL_KNOWN_SID
} WELL_KNOWN_SID, *PWELL_KNOWN_SID;
static SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
static SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
static SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
LIST_ENTRY WellKnownSidListHead;
#if 0
typedef struct _AccountSid
{
@ -820,6 +812,119 @@ LsapGetRelativeIdFromSid(PSID Sid_)
}
static
NTSTATUS
LsapLookupIsolatedNames(DWORD Count,
PRPC_UNICODE_STRING DomainNames,
PRPC_UNICODE_STRING AccountNames,
PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
PULONG Mapped)
{
PWELL_KNOWN_SID ptr, ptr2;
ULONG DomainIndex;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
LPWSTR SidString = NULL;
for (i = 0; i < Count; i++)
{
/* Ignore names which were already mapped */
if (SidsBuffer[i].Use != SidTypeUnknown)
continue;
/* Ignore fully qualified account names */
if (DomainNames[i].Length != 0)
continue;
/* Look-up all well-known names */
ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
if (ptr != NULL)
{
SidsBuffer[i].Use = ptr->Use;
SidsBuffer[i].Sid = ptr->Sid;
SidsBuffer[i].DomainIndex = -1;
SidsBuffer[i].Flags = 0;
if (ptr->Use == SidTypeDomain)
{
Status = LsapAddDomainToDomainsList(DomainsBuffer,
&ptr->Name,
ptr->Sid,
&DomainIndex);
if (!NT_SUCCESS(Status))
goto done;
SidsBuffer[i].DomainIndex = DomainIndex;
}
else
{
ptr2= LsapLookupWellKnownName(&ptr->Domain);
if (ptr2 != NULL)
{
Status = LsapAddDomainToDomainsList(DomainsBuffer,
&ptr2->Name,
ptr2->Sid,
&DomainIndex);
if (!NT_SUCCESS(Status))
goto done;
SidsBuffer[i].DomainIndex = DomainIndex;
}
}
(*Mapped)++;
continue;
}
/* FIXME: Look-up the built-in domain */
ConvertSidToStringSidW(AccountDomainSid, &SidString);
TRACE("Account Domain SID: %S\n", SidString);
LocalFree(SidString);
SidString = NULL;
TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
/* Look-up the account domain */
if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
{
SidsBuffer[i].Use = SidTypeDomain;
SidsBuffer[i].Sid = AccountDomainSid;
SidsBuffer[i].DomainIndex = -1;
SidsBuffer[i].Flags = 0;
Status = LsapAddDomainToDomainsList(DomainsBuffer,
&AccountDomainName,
AccountDomainSid,
&DomainIndex);
if (!NT_SUCCESS(Status))
goto done;
SidsBuffer[i].DomainIndex = DomainIndex;
(*Mapped)++;
continue;
}
/* FIXME: Look-up the primary domain */
/* FIXME: Look-up the trusted domains */
/* FIXME: Look-up accounts in the built-in domain */
/* FIXME: Look-up accounts in the account domain */
/* FIXME: Look-up accounts in the primary domain */
/* FIXME: Look-up accounts in the trusted domains */
}
done:
return Status;
}
NTSTATUS
LsapLookupNames(DWORD Count,
PRPC_UNICODE_STRING Names,
@ -835,12 +940,12 @@ LsapLookupNames(DWORD Count,
PRPC_UNICODE_STRING DomainNames = NULL;
PRPC_UNICODE_STRING AccountNames = NULL;
ULONG SidsBufferLength;
ULONG DomainIndex;
// ULONG DomainIndex;
ULONG i;
ULONG Mapped = 0;
NTSTATUS Status = STATUS_SUCCESS;
PWELL_KNOWN_SID ptr, ptr2;
// PWELL_KNOWN_SID ptr, ptr2;
//TRACE("()\n");
@ -893,6 +998,20 @@ LsapLookupNames(DWORD Count,
goto done;
}
Status = LsapLookupIsolatedNames(Count,
DomainNames,
AccountNames,
DomainsBuffer,
SidsBuffer,
&Mapped);
if (!NT_SUCCESS(Status))
goto done;
if (Mapped == Count)
goto done;
#if 0
for (i = 0; i < Count; i++)
{
//TRACE("Name: %wZ\n", &Names[i]);
@ -941,10 +1060,8 @@ LsapLookupNames(DWORD Count,
Mapped++;
continue;
}
}
#endif
done:
// TRACE("done: Status %lx\n", Status);