[][LSASRV][MSV1_0]

- Move the creation of the token owner SID from msv1_0 to lsasrv. - If the user is a member of the administrators group, the adminstrators group becomes the owner of the token. Otheriwse, the user is the owner of the token. svn path=/trunk/; revision=61415
2024-12-30 19:14:31 +00:00 · 2013-12-25 18:15:53 +00:00 · 2013-12-25 18:15:53 +00:00 · 3dc69167c9
commit 3dc69167c9
parent 6db005ca4d
4 changed files with 53 additions and 40 deletions
--- a/reactos/dll/win32/lsasrv/authpackage.c
+++ b/reactos/dll/win32/lsasrv/authpackage.c
@ -643,6 +643,47 @@ done:
 }


+static
+NTSTATUS
+LsapSetTokenOwner(
+    IN PVOID TokenInformation,
+    IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+    PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+    PSID OwnerSid = NULL;
+    ULONG i, Length;
+
+    if (TokenInformationType == LsaTokenInformationV1)
+    {
+        TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+        if (TokenInfo1->Owner.Owner != NULL)
+            return STATUS_SUCCESS;
+
+        OwnerSid = TokenInfo1->User.User.Sid;
+        for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
+        {
+            if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
+            {
+                OwnerSid = LsapAdministratorsSid;
+                break;
+            }
+        }
+
+        Length = RtlLengthSid(OwnerSid);
+        TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
+        if (TokenInfo1->Owner.Owner == NULL)
+            return STATUS_INSUFFICIENT_RESOURCES;
+
+        RtlCopyMemory(TokenInfo1->Owner.Owner,
+                      OwnerSid,
+                      Length);
+    }
+
+    return STATUS_SUCCESS;
+}
+
+
 static
 NTSTATUS
 LsapAddTokenDefaultDacl(
@ -821,6 +862,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
        goto done;
    }

+    Status = LsapSetTokenOwner(TokenInformation,
+                               TokenInformationType);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }

    Status = LsapAddTokenDefaultDacl(TokenInformation,
                                     TokenInformationType);
--- a/reactos/dll/win32/lsasrv/lookup.c
+++ b/reactos/dll/win32/lsasrv/lookup.c
@ -81,6 +81,7 @@ typedef struct _WELL_KNOWN_SID

 LIST_ENTRY WellKnownSidListHead;
 PSID LsapLocalSystemSid = NULL;
+PSID LsapAdministratorsSid = NULL;


 /* FUNCTIONS ***************************************************************/
@ -521,7 +522,7 @@ LsapInitSids(VOID)
                  szAccountName,
                  szDomainName,
                  SidTypeAlias,
-                  NULL);
+                  &LsapAdministratorsSid);

    /* Users Alias Sid */
    LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
--- a/reactos/dll/win32/lsasrv/lsasrv.h
+++ b/reactos/dll/win32/lsasrv/lsasrv.h
@ -92,6 +92,7 @@ extern PSID AccountDomainSid;
 extern UNICODE_STRING AccountDomainName;

 extern PSID LsapLocalSystemSid;
+extern PSID LsapAdministratorsSid;


 /* authpackage.c */
--- a/reactos/dll/win32/msv1_0/msv1_0.c
+++ b/reactos/dll/win32/msv1_0/msv1_0.c
@ -271,8 +271,7 @@ NTSTATUS
 BuildTokenGroups(IN PSID AccountDomainSid,
                 IN PLUID LogonId,
                 OUT PTOKEN_GROUPS *Groups,
-                 OUT PSID *PrimaryGroupSid,
-                 OUT PSID *OwnerSid)
+                 OUT PSID *PrimaryGroupSid)
 {
    SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
    SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
@ -374,7 +373,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
    TokenGroups->Groups[GroupCount].Attributes =
        SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
    GroupCount++;
-    *OwnerSid = Sid;

    /* Member of 'Local users */
    RtlAllocateAndInitializeSid(&LocalAuthority,
@ -546,31 +544,6 @@ done:
 }


-static
-NTSTATUS
-BuildTokenOwner(PTOKEN_OWNER Owner,
-                PSID OwnerSid)
-{
-    ULONG RidCount;
-    ULONG Size;
-
-    RidCount = *RtlSubAuthorityCountSid(OwnerSid);
-    Size = RtlLengthRequiredSid(RidCount);
-
-    Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
-    if (Owner->Owner == NULL)
-    {
-        return STATUS_INSUFFICIENT_RESOURCES;
-    }
-
-    RtlCopyMemory(Owner->Owner,
-                  OwnerSid,
-                  Size);
-
-    return STATUS_SUCCESS;
-}
-
-
 static
 NTSTATUS
 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@ -579,7 +552,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
                            PLUID LogonId)
 {
    PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
-    PSID OwnerSid = NULL;
    PSID PrimaryGroupSid = NULL;
    ULONG i;
    NTSTATUS Status = STATUS_SUCCESS;
@ -604,8 +576,7 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
    Status = BuildTokenGroups((PSID)AccountDomainSid,
                              LogonId,
                              &Buffer->Groups,
-                              &PrimaryGroupSid,
-                              &OwnerSid);
+                              &PrimaryGroupSid);
    if (!NT_SUCCESS(Status))
        goto done;

@ -618,11 +589,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
    if (!NT_SUCCESS(Status))
        goto done;

-    Status = BuildTokenOwner(&Buffer->Owner,
-                             OwnerSid);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
    *TokenInformation = Buffer;

 done:
@ -650,9 +616,6 @@ done:
            if (Buffer->Privileges != NULL)
                DispatchTable.FreeLsaHeap(Buffer->Privileges);

-            if (Buffer->Owner.Owner != NULL)
-                DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
-
            if (Buffer->DefaultDacl.DefaultDacl != NULL)
                DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);