mirror of
https://github.com/reactos/reactos.git
synced 2025-01-04 21:38:43 +00:00
[LSASRV]
- Store the names and SIDs of the built-in and account domains in global vaiables. - Move the lookup code for isolated names to a separate function. svn path=/trunk/; revision=57511
This commit is contained in:
parent
4bebb78d5e
commit
1c7cd63a6f
3 changed files with 292 additions and 15 deletions
|
@ -17,6 +17,17 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
|
||||||
|
|
||||||
static HANDLE SecurityKeyHandle = NULL;
|
static HANDLE SecurityKeyHandle = NULL;
|
||||||
|
|
||||||
|
SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
||||||
|
SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||||
|
SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
||||||
|
SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
|
||||||
|
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
|
||||||
|
|
||||||
|
PSID BuiltinDomainSid = NULL;
|
||||||
|
PSID AccountDomainSid = NULL;
|
||||||
|
UNICODE_STRING BuiltinDomainName = {0, 0, NULL};
|
||||||
|
UNICODE_STRING AccountDomainName = {0, 0, NULL};
|
||||||
|
|
||||||
|
|
||||||
/* FUNCTIONS ***************************************************************/
|
/* FUNCTIONS ***************************************************************/
|
||||||
|
|
||||||
|
@ -202,14 +213,13 @@ Done:
|
||||||
static NTSTATUS
|
static NTSTATUS
|
||||||
LsapCreateRandomDomainSid(OUT PSID *Sid)
|
LsapCreateRandomDomainSid(OUT PSID *Sid)
|
||||||
{
|
{
|
||||||
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
|
|
||||||
LARGE_INTEGER SystemTime;
|
LARGE_INTEGER SystemTime;
|
||||||
PULONG Seed;
|
PULONG Seed;
|
||||||
|
|
||||||
NtQuerySystemTime(&SystemTime);
|
NtQuerySystemTime(&SystemTime);
|
||||||
Seed = &SystemTime.u.LowPart;
|
Seed = &SystemTime.u.LowPart;
|
||||||
|
|
||||||
return RtlAllocateAndInitializeSid(&SystemAuthority,
|
return RtlAllocateAndInitializeSid(&NtAuthority,
|
||||||
4,
|
4,
|
||||||
SECURITY_NT_NON_UNIQUE,
|
SECURITY_NT_NON_UNIQUE,
|
||||||
RtlUniform(Seed),
|
RtlUniform(Seed),
|
||||||
|
@ -380,6 +390,137 @@ LsapUpdateDatabase(VOID)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static NTSTATUS
|
||||||
|
LsapGetDomainInfo(VOID)
|
||||||
|
{
|
||||||
|
PLSA_DB_OBJECT PolicyObject = NULL;
|
||||||
|
PUNICODE_STRING DomainName = NULL;
|
||||||
|
ULONG AttributeSize;
|
||||||
|
LPWSTR SidString = NULL;
|
||||||
|
NTSTATUS Status;
|
||||||
|
|
||||||
|
/* Get the built-in domain SID and name */
|
||||||
|
Status = RtlAllocateAndInitializeSid(&NtAuthority,
|
||||||
|
1,
|
||||||
|
SECURITY_BUILTIN_DOMAIN_RID,
|
||||||
|
0, 0, 0, 0, 0, 0, 0,
|
||||||
|
&BuiltinDomainSid);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
return Status;
|
||||||
|
|
||||||
|
/**/
|
||||||
|
RtlInitUnicodeString(&BuiltinDomainName,
|
||||||
|
L"BUILTIN");
|
||||||
|
|
||||||
|
/* Open the 'Policy' object */
|
||||||
|
Status = LsapOpenDbObject(NULL,
|
||||||
|
NULL,
|
||||||
|
L"Policy",
|
||||||
|
LsaDbPolicyObject,
|
||||||
|
0,
|
||||||
|
&PolicyObject);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
/* Get the account domain SID */
|
||||||
|
AttributeSize = 0;
|
||||||
|
Status = LsapGetObjectAttribute(PolicyObject,
|
||||||
|
L"PolAcDmS",
|
||||||
|
NULL,
|
||||||
|
&AttributeSize);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (AttributeSize > 0)
|
||||||
|
{
|
||||||
|
AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||||
|
HEAP_ZERO_MEMORY,
|
||||||
|
AttributeSize);
|
||||||
|
if (AccountDomainSid == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = LsapGetObjectAttribute(PolicyObject,
|
||||||
|
L"PolAcDmS",
|
||||||
|
AccountDomainSid,
|
||||||
|
&AttributeSize);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Get the account domain name */
|
||||||
|
AttributeSize = 0;
|
||||||
|
Status = LsapGetObjectAttribute(PolicyObject,
|
||||||
|
L"PolAcDmN",
|
||||||
|
NULL,
|
||||||
|
&AttributeSize);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (AttributeSize > 0)
|
||||||
|
{
|
||||||
|
DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||||
|
HEAP_ZERO_MEMORY,
|
||||||
|
AttributeSize);
|
||||||
|
if (DomainName == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
Status = LsapGetObjectAttribute(PolicyObject,
|
||||||
|
L"PolAcDmN",
|
||||||
|
DomainName,
|
||||||
|
&AttributeSize);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
|
||||||
|
|
||||||
|
AccountDomainName.Length = DomainName->Length;
|
||||||
|
AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
|
||||||
|
AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||||
|
HEAP_ZERO_MEMORY,
|
||||||
|
AccountDomainName.MaximumLength);
|
||||||
|
if (AccountDomainName.Buffer == NULL)
|
||||||
|
{
|
||||||
|
ERR("Failed to allocate the account domain name buffer\n");
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
RtlCopyMemory(AccountDomainName.Buffer,
|
||||||
|
DomainName->Buffer,
|
||||||
|
DomainName->Length);
|
||||||
|
}
|
||||||
|
|
||||||
|
ConvertSidToStringSidW(BuiltinDomainSid, &SidString);
|
||||||
|
TRACE("Builtin Domain SID: %S\n", SidString);
|
||||||
|
LocalFree(SidString);
|
||||||
|
SidString = NULL;
|
||||||
|
|
||||||
|
TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
|
||||||
|
|
||||||
|
ConvertSidToStringSidW(AccountDomainSid, &SidString);
|
||||||
|
TRACE("Account Domain SID: %S\n", SidString);
|
||||||
|
LocalFree(SidString);
|
||||||
|
SidString = NULL;
|
||||||
|
|
||||||
|
TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
|
||||||
|
|
||||||
|
done:
|
||||||
|
if (DomainName != NULL)
|
||||||
|
RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
|
||||||
|
|
||||||
|
if (PolicyObject != NULL)
|
||||||
|
LsapCloseDbObject(PolicyObject);
|
||||||
|
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapInitDatabase(VOID)
|
LsapInitDatabase(VOID)
|
||||||
{
|
{
|
||||||
|
@ -420,6 +561,13 @@ LsapInitDatabase(VOID)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Status = LsapGetDomainInfo();
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
TRACE("LsapInitDatabase() done\n");
|
TRACE("LsapInitDatabase() done\n");
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
return STATUS_SUCCESS;
|
||||||
|
|
|
@ -60,6 +60,18 @@ typedef struct _LSAP_POLICY_AUDIT_EVENTS_DATA
|
||||||
} LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA;
|
} LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA;
|
||||||
|
|
||||||
|
|
||||||
|
extern SID_IDENTIFIER_AUTHORITY NullSidAuthority;
|
||||||
|
extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
|
||||||
|
extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority;
|
||||||
|
extern SID_IDENTIFIER_AUTHORITY CreatorSidAuthority;
|
||||||
|
extern SID_IDENTIFIER_AUTHORITY NtAuthority;
|
||||||
|
|
||||||
|
extern PSID BuiltinDomainSid;
|
||||||
|
extern UNICODE_STRING BuiltinDomainName;
|
||||||
|
extern PSID AccountDomainSid;
|
||||||
|
extern UNICODE_STRING AccountDomainName;
|
||||||
|
|
||||||
|
|
||||||
/* authport.c */
|
/* authport.c */
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
StartAuthenticationPort(VOID);
|
StartAuthenticationPort(VOID);
|
||||||
|
|
|
@ -21,16 +21,8 @@ typedef struct _WELL_KNOWN_SID
|
||||||
} WELL_KNOWN_SID, *PWELL_KNOWN_SID;
|
} WELL_KNOWN_SID, *PWELL_KNOWN_SID;
|
||||||
|
|
||||||
|
|
||||||
static SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
|
|
||||||
static SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
|
||||||
static SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
|
||||||
static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
|
|
||||||
static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
|
|
||||||
|
|
||||||
LIST_ENTRY WellKnownSidListHead;
|
LIST_ENTRY WellKnownSidListHead;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
typedef struct _AccountSid
|
typedef struct _AccountSid
|
||||||
{
|
{
|
||||||
|
@ -820,6 +812,119 @@ LsapGetRelativeIdFromSid(PSID Sid_)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
NTSTATUS
|
||||||
|
LsapLookupIsolatedNames(DWORD Count,
|
||||||
|
PRPC_UNICODE_STRING DomainNames,
|
||||||
|
PRPC_UNICODE_STRING AccountNames,
|
||||||
|
PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
|
||||||
|
PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
|
||||||
|
PULONG Mapped)
|
||||||
|
{
|
||||||
|
PWELL_KNOWN_SID ptr, ptr2;
|
||||||
|
ULONG DomainIndex;
|
||||||
|
ULONG i;
|
||||||
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
LPWSTR SidString = NULL;
|
||||||
|
|
||||||
|
for (i = 0; i < Count; i++)
|
||||||
|
{
|
||||||
|
/* Ignore names which were already mapped */
|
||||||
|
if (SidsBuffer[i].Use != SidTypeUnknown)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
/* Ignore fully qualified account names */
|
||||||
|
if (DomainNames[i].Length != 0)
|
||||||
|
continue;
|
||||||
|
|
||||||
|
/* Look-up all well-known names */
|
||||||
|
ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
|
||||||
|
if (ptr != NULL)
|
||||||
|
{
|
||||||
|
SidsBuffer[i].Use = ptr->Use;
|
||||||
|
SidsBuffer[i].Sid = ptr->Sid;
|
||||||
|
SidsBuffer[i].DomainIndex = -1;
|
||||||
|
SidsBuffer[i].Flags = 0;
|
||||||
|
|
||||||
|
if (ptr->Use == SidTypeDomain)
|
||||||
|
{
|
||||||
|
Status = LsapAddDomainToDomainsList(DomainsBuffer,
|
||||||
|
&ptr->Name,
|
||||||
|
ptr->Sid,
|
||||||
|
&DomainIndex);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
SidsBuffer[i].DomainIndex = DomainIndex;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ptr2= LsapLookupWellKnownName(&ptr->Domain);
|
||||||
|
if (ptr2 != NULL)
|
||||||
|
{
|
||||||
|
Status = LsapAddDomainToDomainsList(DomainsBuffer,
|
||||||
|
&ptr2->Name,
|
||||||
|
ptr2->Sid,
|
||||||
|
&DomainIndex);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
SidsBuffer[i].DomainIndex = DomainIndex;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
(*Mapped)++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* FIXME: Look-up the built-in domain */
|
||||||
|
|
||||||
|
ConvertSidToStringSidW(AccountDomainSid, &SidString);
|
||||||
|
TRACE("Account Domain SID: %S\n", SidString);
|
||||||
|
LocalFree(SidString);
|
||||||
|
SidString = NULL;
|
||||||
|
|
||||||
|
TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
|
||||||
|
|
||||||
|
/* Look-up the account domain */
|
||||||
|
if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
|
||||||
|
{
|
||||||
|
SidsBuffer[i].Use = SidTypeDomain;
|
||||||
|
SidsBuffer[i].Sid = AccountDomainSid;
|
||||||
|
SidsBuffer[i].DomainIndex = -1;
|
||||||
|
SidsBuffer[i].Flags = 0;
|
||||||
|
|
||||||
|
Status = LsapAddDomainToDomainsList(DomainsBuffer,
|
||||||
|
&AccountDomainName,
|
||||||
|
AccountDomainSid,
|
||||||
|
&DomainIndex);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
SidsBuffer[i].DomainIndex = DomainIndex;
|
||||||
|
|
||||||
|
(*Mapped)++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* FIXME: Look-up the primary domain */
|
||||||
|
|
||||||
|
/* FIXME: Look-up the trusted domains */
|
||||||
|
|
||||||
|
/* FIXME: Look-up accounts in the built-in domain */
|
||||||
|
|
||||||
|
/* FIXME: Look-up accounts in the account domain */
|
||||||
|
|
||||||
|
/* FIXME: Look-up accounts in the primary domain */
|
||||||
|
|
||||||
|
/* FIXME: Look-up accounts in the trusted domains */
|
||||||
|
}
|
||||||
|
|
||||||
|
done:
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapLookupNames(DWORD Count,
|
LsapLookupNames(DWORD Count,
|
||||||
PRPC_UNICODE_STRING Names,
|
PRPC_UNICODE_STRING Names,
|
||||||
|
@ -835,12 +940,12 @@ LsapLookupNames(DWORD Count,
|
||||||
PRPC_UNICODE_STRING DomainNames = NULL;
|
PRPC_UNICODE_STRING DomainNames = NULL;
|
||||||
PRPC_UNICODE_STRING AccountNames = NULL;
|
PRPC_UNICODE_STRING AccountNames = NULL;
|
||||||
ULONG SidsBufferLength;
|
ULONG SidsBufferLength;
|
||||||
ULONG DomainIndex;
|
// ULONG DomainIndex;
|
||||||
ULONG i;
|
ULONG i;
|
||||||
ULONG Mapped = 0;
|
ULONG Mapped = 0;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
PWELL_KNOWN_SID ptr, ptr2;
|
// PWELL_KNOWN_SID ptr, ptr2;
|
||||||
|
|
||||||
//TRACE("()\n");
|
//TRACE("()\n");
|
||||||
|
|
||||||
|
@ -893,6 +998,20 @@ LsapLookupNames(DWORD Count,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Status = LsapLookupIsolatedNames(Count,
|
||||||
|
DomainNames,
|
||||||
|
AccountNames,
|
||||||
|
DomainsBuffer,
|
||||||
|
SidsBuffer,
|
||||||
|
&Mapped);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
if (Mapped == Count)
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
|
||||||
|
#if 0
|
||||||
for (i = 0; i < Count; i++)
|
for (i = 0; i < Count; i++)
|
||||||
{
|
{
|
||||||
//TRACE("Name: %wZ\n", &Names[i]);
|
//TRACE("Name: %wZ\n", &Names[i]);
|
||||||
|
@ -941,10 +1060,8 @@ LsapLookupNames(DWORD Count,
|
||||||
Mapped++;
|
Mapped++;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
done:
|
done:
|
||||||
// TRACE("done: Status %lx\n", Status);
|
// TRACE("done: Status %lx\n", Status);
|
||||||
|
|
Loading…
Reference in a new issue