Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-04 21:38:43 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV][MSV1_0]

Browse source 
- Add local group SIDs to the token groups list (LocalSID and LogonSID).
- Remove these SIDs from the hard-coded list.

svn path=/trunk/; revision=61433
This commit is contained in:
Eric Kohl 2013-12-26 19:20:33 +00:00
parent ecefc27d4b
commit a2896cf4ad
2 changed files with 98 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

97
reactos/dll/win32/lsasrv/authpackage.c
View file

@ -643,6 +643,90 @@ done:
} }
static
NTSTATUS
LsapAddLocalGroups(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
IN PTOKEN_GROUPS LocalGroups)
{
PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
PTOKEN_GROUPS Groups;
ULONG Length;
ULONG i;
ULONG j;
if (LocalGroups == NULL || LocalGroups->GroupCount == 0)
return STATUS_SUCCESS;
if (TokenInformationType == LsaTokenInformationV1)
{
TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
if (TokenInfo1->Groups != NULL)
{
Length = sizeof(TOKEN_GROUPS) +
(LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount;
for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
{
Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
}
for (j = 0; j < LocalGroups->GroupCount; i++, j++)
{
Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid;
Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes;
LocalGroups->Groups[j].Sid = NULL;
}
RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
TokenInfo1->Groups = Groups;
}
else
{
Length = sizeof(TOKEN_GROUPS) +
(LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
if (Groups == NULL)
{
ERR("Group buffer allocation failed!\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
Groups->GroupCount = LocalGroups->GroupCount;
for (i = 0; i < LocalGroups->GroupCount; i++)
{
Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid;
Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes;
}
TokenInfo1->Groups = Groups;
}
}
else
{
FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
return STATUS_NOT_IMPLEMENTED;
}
return STATUS_SUCCESS;
}
static static
NTSTATUS NTSTATUS
LsapSetTokenOwner( LsapSetTokenOwner(
@ -862,6 +946,19 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
goto done; goto done;
} }
if (LocalGroups->GroupCount > 0)
{
/* Add local groups to the token information */
Status = LsapAddLocalGroups(TokenInformation,
TokenInformationType,
LocalGroups);
if (!NT_SUCCESS(Status))
{
ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status);
goto done;
}
}
Status = LsapSetTokenOwner(TokenInformation, Status = LsapSetTokenOwner(TokenInformation,
TokenInformationType); TokenInformationType);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))

37
reactos/dll/win32/msv1_0/msv1_0.c
View file

@ -274,10 +274,9 @@ BuildTokenGroups(IN PSID AccountDomainSid,
OUT PSID *PrimaryGroupSid) OUT PSID *PrimaryGroupSid)
{ {
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups; PTOKEN_GROUPS TokenGroups;
#define MAX_GROUPS 8 #define MAX_GROUPS 6
DWORD GroupCount = 0; DWORD GroupCount = 0;
PSID Sid; PSID Sid;
NTSTATUS Status = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS;
@ -357,40 +356,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++; GroupCount++;
/* Logon SID */
RtlAllocateAndInitializeSid(&SystemAuthority,
SECURITY_LOGON_IDS_RID_COUNT,
SECURITY_LOGON_IDS_RID,
LogonId->HighPart,
LogonId->LowPart,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
GroupCount++;
/* Member of 'Local users */
RtlAllocateAndInitializeSid(&LocalAuthority,
1,
SECURITY_LOCAL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
/* Member of 'Interactive users' */ /* Member of 'Interactive users' */
RtlAllocateAndInitializeSid(&SystemAuthority, RtlAllocateAndInitializeSid(&SystemAuthority,
1, 1,