Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-12-30 19:14:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV][MSV1_0]

Browse source 
- Add default group SIDs to the token groups list (WorldSID aka Everyone and the logon type SID).
- Remove these SIDs from the hard-coded list.

svn path=/trunk/; revision=61457
This commit is contained in:
Eric Kohl 2013-12-28 01:45:36 +00:00
parent 8313d9bf2b
commit 20ef076be6
4 changed files with 149 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
reactos/dll/win32/lsasrv/authpackage.c
View file

@ -726,6 +726,128 @@ LsapAddLocalGroups(
return STATUS_SUCCESS;
}
static
NTSTATUS
LsapAddDefaultGroups(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
IN SECURITY_LOGON_TYPE LogonType)
{
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
PTOKEN_GROUPS Groups;
ULONG i, Length;
PSID SrcSid;
if (TokenInformationType == LsaTokenInformationV1)
{
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
if (TokenInfo1->Groups != NULL)
{
Length = sizeof(TOKEN_GROUPS) +
(TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
Groups->GroupCount = TokenInfo1->Groups->GroupCount;
for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
{
Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
}
RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
TokenInfo1->Groups = Groups;
}
else
{
Length = sizeof(TOKEN_GROUPS) +
(2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
TokenInfo1->Groups = Groups;
}
/* Append the World SID (aka Everyone) */
Length = RtlLengthSid(LsapWorldSid);
Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
Length);
if (Groups->Groups[Groups->GroupCount].Sid == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
LsapWorldSid,
Length);
Groups->Groups[Groups->GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
Groups->GroupCount++;
/* Append the logon type SID */
switch (LogonType)
{
case Interactive:
SrcSid = LsapInteractiveSid;
break;
case Network:
SrcSid = LsapNetworkSid;
break;
case Batch:
SrcSid = LsapBatchSid;
break;
case Service:
SrcSid = LsapServiceSid;
break;
default:
FIXME("LogonType %d is not supported!\n", LogonType);
return STATUS_NOT_IMPLEMENTED;
}
Length = RtlLengthSid(SrcSid);
Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
Length);
if (Groups->Groups[Groups->GroupCount].Sid == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
SrcSid,
Length);
Groups->Groups[Groups->GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
Groups->GroupCount++;
}
else
{
FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
return STATUS_NOT_IMPLEMENTED;
}
return STATUS_SUCCESS;
}
static
NTSTATUS
@ -832,11 +954,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
HANDLE TokenHandle = NULL;
ULONG i;
ULONG PackageId;
SECURITY_LOGON_TYPE LogonType;
NTSTATUS Status;
TRACE("(%p %p)\n", RequestMsg, LogonContext);
PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
LogonType = RequestMsg->LogonUser.Request.LogonType;
/* Get the right authentication package */
Package = LsapGetAuthenticationPackage(PackageId);
@ -959,6 +1083,15 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
}
}
Status = LsapAddDefaultGroups(TokenInformation,
TokenInformationType,
LogonType);
if (!NT_SUCCESS(Status))
{
ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = LsapSetTokenOwner(TokenInformation,
TokenInformationType);
if (!NT_SUCCESS(Status))

15
reactos/dll/win32/lsasrv/lookup.c
View file

@ -80,6 +80,11 @@ typedef struct _WELL_KNOWN_SID
LIST_ENTRY WellKnownSidListHead;
PSID LsapWorldSid = NULL;
PSID LsapNetworkSid = NULL;
PSID LsapBatchSid = NULL;
PSID LsapInteractiveSid = NULL;
PSID LsapServiceSid = NULL;
PSID LsapLocalSystemSid = NULL;
PSID LsapAdministratorsSid = NULL;
@ -215,7 +220,7 @@ LsapInitSids(VOID)
szAccountName,
L"",
SidTypeWellKnownGroup,
NULL);
&LsapWorldSid);
/* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@ -300,7 +305,7 @@ LsapInitSids(VOID)
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
NULL);
&LsapNetworkSid);
/* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@ -312,7 +317,7 @@ LsapInitSids(VOID)
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
NULL);
&LsapBatchSid);
/* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@ -324,7 +329,7 @@ LsapInitSids(VOID)
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
NULL);
&LsapInteractiveSid);
/* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@ -336,7 +341,7 @@ LsapInitSids(VOID)
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
NULL);
&LsapServiceSid);
/* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);

5
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -91,6 +91,11 @@ extern UNICODE_STRING BuiltinDomainName;
extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName;
extern PSID LsapWorldSid;
extern PSID LsapNetworkSid;
extern PSID LsapBatchSid;
extern PSID LsapInteractiveSid;
extern PSID LsapServiceSid;
extern PSID LsapLocalSystemSid;
extern PSID LsapAdministratorsSid;

35
reactos/dll/win32/msv1_0/msv1_0.c
View file

@ -273,10 +273,9 @@ BuildTokenGroups(IN PSID AccountDomainSid,
OUT PTOKEN_GROUPS *Groups,
OUT PSID *PrimaryGroupSid)
{
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups;
#define MAX_GROUPS 6
#define MAX_GROUPS 4
DWORD GroupCount = 0;
PSID Sid;
NTSTATUS Status = STATUS_SUCCESS;
@ -301,22 +300,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
*PrimaryGroupSid = Sid;
GroupCount++;
/* Member of 'Everyone' */
RtlAllocateAndInitializeSid(&WorldAuthority,
1,
SECURITY_WORLD_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
#if 1
/* Member of 'Administrators' */
@ -356,22 +339,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
/* Member of 'Interactive users' */
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_INTERACTIVE_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
/* Member of 'Authenticated users' */
RtlAllocateAndInitializeSid(&SystemAuthority,