Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-02 20:43:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV][MSV1_0]

Browse source 
- Add default group SIDs to the token groups list (WorldSID aka Everyone and the logon type SID).
- Remove these SIDs from the hard-coded list.

svn path=/trunk/; revision=61457
This commit is contained in:
Eric Kohl 2013-12-28 01:45:36 +00:00
parent 8313d9bf2b
commit 20ef076be6
4 changed files with 149 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

133
reactos/dll/win32/lsasrv/authpackage.c
View file

@ -726,6 +726,128 @@ LsapAddLocalGroups(
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
static
NTSTATUS
LsapAddDefaultGroups(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
IN SECURITY_LOGON_TYPE LogonType)
{
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
PTOKEN_GROUPS Groups;
ULONG i, Length;
PSID SrcSid;
if (TokenInformationType == LsaTokenInformationV1)
{
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
if (TokenInfo1->Groups != NULL)
{
Length = sizeof(TOKEN_GROUPS) +
(TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
Groups->GroupCount = TokenInfo1->Groups->GroupCount;
for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
{
Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
}
RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
TokenInfo1->Groups = Groups;
}
else
{
Length = sizeof(TOKEN_GROUPS) +
(2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
TokenInfo1->Groups = Groups;
}
/* Append the World SID (aka Everyone) */
Length = RtlLengthSid(LsapWorldSid);
Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
Length);
if (Groups->Groups[Groups->GroupCount].Sid == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
LsapWorldSid,
Length);
Groups->Groups[Groups->GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
Groups->GroupCount++;
/* Append the logon type SID */
switch (LogonType)
{
case Interactive:
SrcSid = LsapInteractiveSid;
break;
case Network:
SrcSid = LsapNetworkSid;
break;
case Batch:
SrcSid = LsapBatchSid;
break;
case Service:
SrcSid = LsapServiceSid;
break;
default:
FIXME("LogonType %d is not supported!\n", LogonType);
return STATUS_NOT_IMPLEMENTED;
}
Length = RtlLengthSid(SrcSid);
Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
Length);
if (Groups->Groups[Groups->GroupCount].Sid == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
SrcSid,
Length);
Groups->Groups[Groups->GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
Groups->GroupCount++;
}
else
{
FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
return STATUS_NOT_IMPLEMENTED;
}
return STATUS_SUCCESS;
}
static static
NTSTATUS NTSTATUS
@ -832,11 +954,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
HANDLE TokenHandle = NULL; HANDLE TokenHandle = NULL;
ULONG i; ULONG i;
ULONG PackageId; ULONG PackageId;
SECURITY_LOGON_TYPE LogonType;
NTSTATUS Status; NTSTATUS Status;
TRACE("(%p %p)\n", RequestMsg, LogonContext); TRACE("(%p %p)\n", RequestMsg, LogonContext);
PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage; PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
LogonType = RequestMsg->LogonUser.Request.LogonType;
/* Get the right authentication package */ /* Get the right authentication package */
Package = LsapGetAuthenticationPackage(PackageId); Package = LsapGetAuthenticationPackage(PackageId);
@ -959,6 +1083,15 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
} }
} }
Status = LsapAddDefaultGroups(TokenInformation,
TokenInformationType,
LogonType);
if (!NT_SUCCESS(Status))
{
ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = LsapSetTokenOwner(TokenInformation, Status = LsapSetTokenOwner(TokenInformation,
TokenInformationType); TokenInformationType);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))

15
reactos/dll/win32/lsasrv/lookup.c
View file

@ -80,6 +80,11 @@ typedef struct _WELL_KNOWN_SID
LIST_ENTRY WellKnownSidListHead; LIST_ENTRY WellKnownSidListHead;
PSID LsapWorldSid = NULL;
PSID LsapNetworkSid = NULL;
PSID LsapBatchSid = NULL;
PSID LsapInteractiveSid = NULL;
PSID LsapServiceSid = NULL;
PSID LsapLocalSystemSid = NULL; PSID LsapLocalSystemSid = NULL;
PSID LsapAdministratorsSid = NULL; PSID LsapAdministratorsSid = NULL;
@ -215,7 +220,7 @@ LsapInitSids(VOID)
szAccountName, szAccountName,
L"", L"",
SidTypeWellKnownGroup, SidTypeWellKnownGroup,
NULL); &LsapWorldSid);
/* Local Sid */ /* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@ -300,7 +305,7 @@ LsapInitSids(VOID)
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup, SidTypeWellKnownGroup,
NULL); &LsapNetworkSid);
/* Batch Sid*/ /* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@ -312,7 +317,7 @@ LsapInitSids(VOID)
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup, SidTypeWellKnownGroup,
NULL); &LsapBatchSid);
/* Interactive Sid */ /* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@ -324,7 +329,7 @@ LsapInitSids(VOID)
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup, SidTypeWellKnownGroup,
NULL); &LsapInteractiveSid);
/* Service Sid */ /* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@ -336,7 +341,7 @@ LsapInitSids(VOID)
szAccountName, szAccountName,
szDomainName, szDomainName,
SidTypeWellKnownGroup, SidTypeWellKnownGroup,
NULL); &LsapServiceSid);
/* Anonymous Logon Sid */ /* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80); LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);

5
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -91,6 +91,11 @@ extern UNICODE_STRING BuiltinDomainName;
extern PSID AccountDomainSid; extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName; extern UNICODE_STRING AccountDomainName;
extern PSID LsapWorldSid;
extern PSID LsapNetworkSid;
extern PSID LsapBatchSid;
extern PSID LsapInteractiveSid;
extern PSID LsapServiceSid;
extern PSID LsapLocalSystemSid; extern PSID LsapLocalSystemSid;
extern PSID LsapAdministratorsSid; extern PSID LsapAdministratorsSid;

35
reactos/dll/win32/msv1_0/msv1_0.c
View file

@ -273,10 +273,9 @@ BuildTokenGroups(IN PSID AccountDomainSid,
OUT PTOKEN_GROUPS *Groups, OUT PTOKEN_GROUPS *Groups,
OUT PSID *PrimaryGroupSid) OUT PSID *PrimaryGroupSid)
{ {
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups; PTOKEN_GROUPS TokenGroups;
#define MAX_GROUPS 6 #define MAX_GROUPS 4
DWORD GroupCount = 0; DWORD GroupCount = 0;
PSID Sid; PSID Sid;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
@ -301,22 +300,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
*PrimaryGroupSid = Sid; *PrimaryGroupSid = Sid;
GroupCount++; GroupCount++;
/* Member of 'Everyone' */
RtlAllocateAndInitializeSid(&WorldAuthority,
1,
SECURITY_WORLD_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
#if 1 #if 1
/* Member of 'Administrators' */ /* Member of 'Administrators' */
@ -356,22 +339,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++; GroupCount++;
/* Member of 'Interactive users' */
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_INTERACTIVE_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
/* Member of 'Authenticated users' */ /* Member of 'Authenticated users' */
RtlAllocateAndInitializeSid(&SystemAuthority, RtlAllocateAndInitializeSid(&SystemAuthority,