[][LSASRV][MSV1_0]

- Move the creation of the token owner SID from msv1_0 to lsasrv. - If the user is a member of the administrators group, the adminstrators group becomes the owner of the token. Otheriwse, the user is the owner of the token. svn path=/trunk/; revision=61415
2025-01-02 20:43:18 +00:00 · 2013-12-25 18:15:53 +00:00 · 2013-12-25 18:15:53 +00:00 · 3dc69167c9
commit 3dc69167c9
parent 6db005ca4d
4 changed files with 53 additions and 40 deletions
--- a/reactos/dll/win32/lsasrv/authpackage.c
+++ b/reactos/dll/win32/lsasrv/authpackage.c
@ -643,6 +643,47 @@ done:
 }
 static
 NTSTATUS
 LsapSetTokenOwner(
    IN PVOID TokenInformation,
    IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
 {
    PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
    PSID OwnerSid = NULL;
    ULONG i, Length;
    if (TokenInformationType == LsaTokenInformationV1)
    {
        TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
        if (TokenInfo1->Owner.Owner != NULL)
            return STATUS_SUCCESS;
        OwnerSid = TokenInfo1->User.User.Sid;
        for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
        {
            if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
            {
                OwnerSid = LsapAdministratorsSid;
                break;
            }
        }
        Length = RtlLengthSid(OwnerSid);
        TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
        if (TokenInfo1->Owner.Owner == NULL)
            return STATUS_INSUFFICIENT_RESOURCES;
        RtlCopyMemory(TokenInfo1->Owner.Owner,
                      OwnerSid,
                      Length);
    }
    return STATUS_SUCCESS;
 }
 static
 NTSTATUS
 LsapAddTokenDefaultDacl(
@ -821,6 +862,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
        goto done;
    }
    Status = LsapSetTokenOwner(TokenInformation,
                               TokenInformationType);
    if (!NT_SUCCESS(Status))
    {
        ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
        goto done;
    }
    Status = LsapAddTokenDefaultDacl(TokenInformation,
                                     TokenInformationType);
--- a/reactos/dll/win32/lsasrv/lookup.c
+++ b/reactos/dll/win32/lsasrv/lookup.c
@ -81,6 +81,7 @@ typedef struct _WELL_KNOWN_SID
 LIST_ENTRY WellKnownSidListHead;
 PSID LsapLocalSystemSid = NULL;
 PSID LsapAdministratorsSid = NULL;
 /* FUNCTIONS ***************************************************************/
@ -521,7 +522,7 @@ LsapInitSids(VOID)
                  szAccountName,
                  szDomainName,
                  SidTypeAlias,
-                  NULL);
+                  &LsapAdministratorsSid);
    /* Users Alias Sid */
    LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
--- a/reactos/dll/win32/lsasrv/lsasrv.h
+++ b/reactos/dll/win32/lsasrv/lsasrv.h
@ -92,6 +92,7 @@ extern PSID AccountDomainSid;
 extern UNICODE_STRING AccountDomainName;
 extern PSID LsapLocalSystemSid;
 extern PSID LsapAdministratorsSid;
 /* authpackage.c */
--- a/reactos/dll/win32/msv1_0/msv1_0.c
+++ b/reactos/dll/win32/msv1_0/msv1_0.c
@ -271,8 +271,7 @@ NTSTATUS
 BuildTokenGroups(IN PSID AccountDomainSid,
                 IN PLUID LogonId,
                 OUT PTOKEN_GROUPS *Groups,
-                 OUT PSID *PrimaryGroupSid,
+                 OUT PSID *PrimaryGroupSid)
                 OUT PSID *OwnerSid)
 {
    SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
    SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
@ -374,7 +373,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
    TokenGroups->Groups[GroupCount].Attributes =
        SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
    GroupCount++;
    *OwnerSid = Sid;
    /* Member of 'Local users */
    RtlAllocateAndInitializeSid(&LocalAuthority,
@ -546,31 +544,6 @@ done:
 }
 static
 NTSTATUS
 BuildTokenOwner(PTOKEN_OWNER Owner,
                PSID OwnerSid)
 {
    ULONG RidCount;
    ULONG Size;
    RidCount = *RtlSubAuthorityCountSid(OwnerSid);
    Size = RtlLengthRequiredSid(RidCount);
    Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
    if (Owner->Owner == NULL)
    {
        return STATUS_INSUFFICIENT_RESOURCES;
    }
    RtlCopyMemory(Owner->Owner,
                  OwnerSid,
                  Size);
    return STATUS_SUCCESS;
 }
 static
 NTSTATUS
 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@ -579,7 +552,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
                            PLUID LogonId)
 {
    PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
    PSID OwnerSid = NULL;
    PSID PrimaryGroupSid = NULL;
    ULONG i;
    NTSTATUS Status = STATUS_SUCCESS;
@ -604,8 +576,7 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
    Status = BuildTokenGroups((PSID)AccountDomainSid,
                              LogonId,
                              &Buffer->Groups,
-                              &PrimaryGroupSid,
+                              &PrimaryGroupSid);
                              &OwnerSid);
    if (!NT_SUCCESS(Status))
        goto done;
@ -618,11 +589,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
    if (!NT_SUCCESS(Status))
        goto done;
    Status = BuildTokenOwner(&Buffer->Owner,
                             OwnerSid);
    if (!NT_SUCCESS(Status))
        goto done;
    *TokenInformation = Buffer;
 done:
@ -650,9 +616,6 @@ done:
            if (Buffer->Privileges != NULL)
                DispatchTable.FreeLsaHeap(Buffer->Privileges);
            if (Buffer->Owner.Owner != NULL)
                DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
            if (Buffer->DefaultDacl.DefaultDacl != NULL)
                DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);