mirror of
https://github.com/reactos/reactos.git
synced 2025-01-04 21:38:43 +00:00
[][LSASRV][MSV1_0]
- Move the creation of the token owner SID from msv1_0 to lsasrv. - If the user is a member of the administrators group, the adminstrators group becomes the owner of the token. Otheriwse, the user is the owner of the token. svn path=/trunk/; revision=61415
This commit is contained in:
parent
6db005ca4d
commit
3dc69167c9
4 changed files with 53 additions and 40 deletions
|
@ -643,6 +643,47 @@ done:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static
|
||||||
|
NTSTATUS
|
||||||
|
LsapSetTokenOwner(
|
||||||
|
IN PVOID TokenInformation,
|
||||||
|
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
|
||||||
|
{
|
||||||
|
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
|
||||||
|
PSID OwnerSid = NULL;
|
||||||
|
ULONG i, Length;
|
||||||
|
|
||||||
|
if (TokenInformationType == LsaTokenInformationV1)
|
||||||
|
{
|
||||||
|
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
|
||||||
|
|
||||||
|
if (TokenInfo1->Owner.Owner != NULL)
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
|
||||||
|
OwnerSid = TokenInfo1->User.User.Sid;
|
||||||
|
for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
|
||||||
|
{
|
||||||
|
if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
|
||||||
|
{
|
||||||
|
OwnerSid = LsapAdministratorsSid;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
Length = RtlLengthSid(OwnerSid);
|
||||||
|
TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
|
||||||
|
if (TokenInfo1->Owner.Owner == NULL)
|
||||||
|
return STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
|
||||||
|
RtlCopyMemory(TokenInfo1->Owner.Owner,
|
||||||
|
OwnerSid,
|
||||||
|
Length);
|
||||||
|
}
|
||||||
|
|
||||||
|
return STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static
|
static
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapAddTokenDefaultDacl(
|
LsapAddTokenDefaultDacl(
|
||||||
|
@ -821,6 +862,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Status = LsapSetTokenOwner(TokenInformation,
|
||||||
|
TokenInformationType);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
Status = LsapAddTokenDefaultDacl(TokenInformation,
|
Status = LsapAddTokenDefaultDacl(TokenInformation,
|
||||||
TokenInformationType);
|
TokenInformationType);
|
||||||
|
|
|
@ -81,6 +81,7 @@ typedef struct _WELL_KNOWN_SID
|
||||||
|
|
||||||
LIST_ENTRY WellKnownSidListHead;
|
LIST_ENTRY WellKnownSidListHead;
|
||||||
PSID LsapLocalSystemSid = NULL;
|
PSID LsapLocalSystemSid = NULL;
|
||||||
|
PSID LsapAdministratorsSid = NULL;
|
||||||
|
|
||||||
|
|
||||||
/* FUNCTIONS ***************************************************************/
|
/* FUNCTIONS ***************************************************************/
|
||||||
|
@ -521,7 +522,7 @@ LsapInitSids(VOID)
|
||||||
szAccountName,
|
szAccountName,
|
||||||
szDomainName,
|
szDomainName,
|
||||||
SidTypeAlias,
|
SidTypeAlias,
|
||||||
NULL);
|
&LsapAdministratorsSid);
|
||||||
|
|
||||||
/* Users Alias Sid */
|
/* Users Alias Sid */
|
||||||
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
|
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
|
||||||
|
|
|
@ -92,6 +92,7 @@ extern PSID AccountDomainSid;
|
||||||
extern UNICODE_STRING AccountDomainName;
|
extern UNICODE_STRING AccountDomainName;
|
||||||
|
|
||||||
extern PSID LsapLocalSystemSid;
|
extern PSID LsapLocalSystemSid;
|
||||||
|
extern PSID LsapAdministratorsSid;
|
||||||
|
|
||||||
|
|
||||||
/* authpackage.c */
|
/* authpackage.c */
|
||||||
|
|
|
@ -271,8 +271,7 @@ NTSTATUS
|
||||||
BuildTokenGroups(IN PSID AccountDomainSid,
|
BuildTokenGroups(IN PSID AccountDomainSid,
|
||||||
IN PLUID LogonId,
|
IN PLUID LogonId,
|
||||||
OUT PTOKEN_GROUPS *Groups,
|
OUT PTOKEN_GROUPS *Groups,
|
||||||
OUT PSID *PrimaryGroupSid,
|
OUT PSID *PrimaryGroupSid)
|
||||||
OUT PSID *OwnerSid)
|
|
||||||
{
|
{
|
||||||
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
|
||||||
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
||||||
|
@ -374,7 +373,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
|
||||||
TokenGroups->Groups[GroupCount].Attributes =
|
TokenGroups->Groups[GroupCount].Attributes =
|
||||||
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
|
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
|
||||||
GroupCount++;
|
GroupCount++;
|
||||||
*OwnerSid = Sid;
|
|
||||||
|
|
||||||
/* Member of 'Local users */
|
/* Member of 'Local users */
|
||||||
RtlAllocateAndInitializeSid(&LocalAuthority,
|
RtlAllocateAndInitializeSid(&LocalAuthority,
|
||||||
|
@ -546,31 +544,6 @@ done:
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static
|
|
||||||
NTSTATUS
|
|
||||||
BuildTokenOwner(PTOKEN_OWNER Owner,
|
|
||||||
PSID OwnerSid)
|
|
||||||
{
|
|
||||||
ULONG RidCount;
|
|
||||||
ULONG Size;
|
|
||||||
|
|
||||||
RidCount = *RtlSubAuthorityCountSid(OwnerSid);
|
|
||||||
Size = RtlLengthRequiredSid(RidCount);
|
|
||||||
|
|
||||||
Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
|
|
||||||
if (Owner->Owner == NULL)
|
|
||||||
{
|
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
RtlCopyMemory(Owner->Owner,
|
|
||||||
OwnerSid,
|
|
||||||
Size);
|
|
||||||
|
|
||||||
return STATUS_SUCCESS;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static
|
static
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
|
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
|
||||||
|
@ -579,7 +552,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
|
||||||
PLUID LogonId)
|
PLUID LogonId)
|
||||||
{
|
{
|
||||||
PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
|
PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
|
||||||
PSID OwnerSid = NULL;
|
|
||||||
PSID PrimaryGroupSid = NULL;
|
PSID PrimaryGroupSid = NULL;
|
||||||
ULONG i;
|
ULONG i;
|
||||||
NTSTATUS Status = STATUS_SUCCESS;
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
@ -604,8 +576,7 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
|
||||||
Status = BuildTokenGroups((PSID)AccountDomainSid,
|
Status = BuildTokenGroups((PSID)AccountDomainSid,
|
||||||
LogonId,
|
LogonId,
|
||||||
&Buffer->Groups,
|
&Buffer->Groups,
|
||||||
&PrimaryGroupSid,
|
&PrimaryGroupSid);
|
||||||
&OwnerSid);
|
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
|
@ -618,11 +589,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
|
||||||
if (!NT_SUCCESS(Status))
|
if (!NT_SUCCESS(Status))
|
||||||
goto done;
|
goto done;
|
||||||
|
|
||||||
Status = BuildTokenOwner(&Buffer->Owner,
|
|
||||||
OwnerSid);
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
goto done;
|
|
||||||
|
|
||||||
*TokenInformation = Buffer;
|
*TokenInformation = Buffer;
|
||||||
|
|
||||||
done:
|
done:
|
||||||
|
@ -650,9 +616,6 @@ done:
|
||||||
if (Buffer->Privileges != NULL)
|
if (Buffer->Privileges != NULL)
|
||||||
DispatchTable.FreeLsaHeap(Buffer->Privileges);
|
DispatchTable.FreeLsaHeap(Buffer->Privileges);
|
||||||
|
|
||||||
if (Buffer->Owner.Owner != NULL)
|
|
||||||
DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
|
|
||||||
|
|
||||||
if (Buffer->DefaultDacl.DefaultDacl != NULL)
|
if (Buffer->DefaultDacl.DefaultDacl != NULL)
|
||||||
DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
|
DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue