From a4d1f42fdf9f73df528cfc27fb43779c16269ee4 Mon Sep 17 00:00:00 2001
From: Eric Kohl <eric.kohl@reactos.org>
Date: Sun, 14 Oct 2012 10:20:59 +0000
Subject: [PATCH] [LSASRV] LsapLookupIsolatedNames: Add a domain entry to the
 referenced domain list for an unknown/unidentified domain. Its SID is the SID
 of the account minus the last sub-authority and its name is an empty string.

svn path=/trunk/; revision=57557
---
 reactos/dll/win32/lsasrv/sids.c | 82 ++++++++++++++++++++++++++++++++-
 1 file changed, 80 insertions(+), 2 deletions(-)

diff --git a/reactos/dll/win32/lsasrv/sids.c b/reactos/dll/win32/lsasrv/sids.c
index 5e46cb45d38..b36397018f0 100644
--- a/reactos/dll/win32/lsasrv/sids.c
+++ b/reactos/dll/win32/lsasrv/sids.c
@@ -921,7 +921,7 @@ CreateSidFromSidAndRid(PSID SrcSid,
 
     DstSid = MIDL_user_allocate(DstSidSize);
     if (DstSid == NULL)
-        return FALSE;
+        return NULL;
 
     RtlInitializeSid(DstSid,
                      RtlIdentifierAuthoritySid(SrcSid),
@@ -941,6 +941,40 @@ CreateSidFromSidAndRid(PSID SrcSid,
 }
 
 
+static PSID
+CreateDomainSidFromAccountSid(PSID AccountSid)
+{
+    UCHAR RidCount;
+    PSID DomainSid;
+    ULONG i;
+    ULONG DstSidSize;
+    PULONG p, q;
+
+    RidCount = *RtlSubAuthorityCountSid(AccountSid);
+    if (RidCount > 0)
+        RidCount--;
+
+    DstSidSize = RtlLengthRequiredSid(RidCount);
+
+    DomainSid = MIDL_user_allocate(DstSidSize);
+    if (DomainSid == NULL)
+        return NULL;
+
+    RtlInitializeSid(DomainSid,
+                     RtlIdentifierAuthoritySid(AccountSid),
+                     RidCount);
+
+    for (i = 0; i < (ULONG)RidCount; i++)
+    {
+        p = RtlSubAuthoritySid(AccountSid, i);
+        q = RtlSubAuthoritySid(DomainSid, i);
+        *q = *p;
+    }
+
+    return DomainSid;
+}
+
+
 static
 NTSTATUS
 LsapLookupIsolatedNames(DWORD Count,
@@ -950,7 +984,9 @@ LsapLookupIsolatedNames(DWORD Count,
                         PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
                         PULONG Mapped)
 {
+    UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
     PWELL_KNOWN_SID ptr, ptr2;
+    PSID DomainSid;
     ULONG DomainIndex;
     ULONG i;
     NTSTATUS Status = STATUS_SUCCESS;
@@ -965,6 +1001,8 @@ LsapLookupIsolatedNames(DWORD Count,
         if (DomainNames[i].Length != 0)
             continue;
 
+        TRACE("Mapping name: %wZ\n", &AccountNames[i]);
+
         /* Look-up all well-known names */
         ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
         if (ptr != NULL)
@@ -999,6 +1037,31 @@ LsapLookupIsolatedNames(DWORD Count,
 
                     SidsBuffer[i].DomainIndex = DomainIndex;
                 }
+                else
+                {
+                    DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
+                    if (DomainSid == NULL)
+                    {
+                        Status = STATUS_INSUFFICIENT_RESOURCES;
+                        goto done;
+                    }
+
+                    Status = LsapAddDomainToDomainsList(DomainsBuffer,
+                                                        &EmptyDomainName,
+                                                        DomainSid,
+                                                        &DomainIndex);
+
+                    if (DomainSid != NULL)
+                    {
+                        MIDL_user_free(DomainSid);
+                        DomainSid = NULL;
+                    }
+
+                    if (!NT_SUCCESS(Status))
+                        goto done;
+
+                    SidsBuffer[i].DomainIndex = DomainIndex;
+                }
             }
 
             (*Mapped)++;
@@ -1054,6 +1117,7 @@ LsapLookupIsolatedNames(DWORD Count,
     }
 
 done:
+
     return Status;
 }
 
@@ -1430,7 +1494,6 @@ done:
 }
 
 
-
 NTSTATUS
 LsapLookupNames(DWORD Count,
                 PRPC_UNICODE_STRING Names,
@@ -1514,7 +1577,10 @@ LsapLookupNames(DWORD Count,
     if (!NT_SUCCESS(Status) &&
         Status != STATUS_NONE_MAPPED &&
         Status != STATUS_SOME_NOT_MAPPED)
+    {
+        TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
         goto done;
+    }
 
     if (Mapped == Count)
         goto done;
@@ -1529,7 +1595,10 @@ LsapLookupNames(DWORD Count,
     if (!NT_SUCCESS(Status) &&
         Status != STATUS_NONE_MAPPED &&
         Status != STATUS_SOME_NOT_MAPPED)
+    {
+        TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
         goto done;
+    }
 
     if (Mapped == Count)
         goto done;
@@ -1544,7 +1613,10 @@ LsapLookupNames(DWORD Count,
     if (!NT_SUCCESS(Status) &&
         Status != STATUS_NONE_MAPPED &&
         Status != STATUS_SOME_NOT_MAPPED)
+    {
+        TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
         goto done;
+    }
 
     if (Mapped == Count)
         goto done;
@@ -1560,7 +1632,10 @@ LsapLookupNames(DWORD Count,
     if (!NT_SUCCESS(Status) &&
         Status != STATUS_NONE_MAPPED &&
         Status != STATUS_SOME_NOT_MAPPED)
+    {
+        TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
         goto done;
+    }
 
     if (Mapped == Count)
         goto done;
@@ -1575,7 +1650,10 @@ LsapLookupNames(DWORD Count,
     if (!NT_SUCCESS(Status) &&
         Status != STATUS_NONE_MAPPED &&
         Status != STATUS_SOME_NOT_MAPPED)
+    {
+        TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
         goto done;
+    }
 
     if (Mapped == Count)
         goto done;