Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 22:56:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ADVAPI32]

Browse source 
- Get the logon user SID using the new SAM keys and values. This is still a hack.

[SAMLIB]
- Remove all hacks.

[SYSSETUP]
- Remove all administrator account hacks.

svn path=/trunk/; revision=56680
This commit is contained in:
Eric Kohl 2012-05-31 14:02:19 +00:00
parent fb25b9f54f
commit ba744e9859
6 changed files with 134 additions and 468 deletions
Download patch file Download diff file Expand all files Collapse all files

217
reactos/dll/win32/advapi32/misc/logon.c
View file

@ -211,9 +211,104 @@ UsernameDone:
static BOOL WINAPI static BOOL WINAPI
SamGetUserSid(LPCWSTR UserName, GetAccountDomainSid(PSID *Sid)
PSID *Sid)
{ {
PPOLICY_ACCOUNT_DOMAIN_INFO Info = NULL;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
PSID lpSid;
ULONG Length;
NTSTATUS Status;
*Sid = NULL;
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION,
&PolicyHandle);
if (!NT_SUCCESS(Status))
{
ERR("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
return FALSE;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *)&Info);
if (!NT_SUCCESS(Status))
{
ERR("LsaQueryInformationPolicy failed (Status: 0x%08lx)\n", Status);
LsaClose(PolicyHandle);
return FALSE;
}
Length = RtlLengthSid(Info->DomainSid);
lpSid = RtlAllocateHeap(RtlGetProcessHeap(),
0,
Length);
if (lpSid == NULL)
{
ERR("Failed to allocate SID buffer!\n");
LsaFreeMemory(Info);
LsaClose(PolicyHandle);
return FALSE;
}
memcpy(lpSid, Info->DomainSid, Length);
*Sid = lpSid;
LsaFreeMemory(Info);
LsaClose(PolicyHandle);
return TRUE;
}
static PSID
AppendRidToSid(PSID SrcSid,
ULONG Rid)
{
ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0};
UCHAR RidCount;
PSID DstSid;
ULONG i;
RidCount = *RtlSubAuthorityCountSid(SrcSid);
if (RidCount >= 8)
return NULL;
for (i = 0; i < RidCount; i++)
Rids[i] = *RtlSubAuthoritySid(SrcSid, i);
Rids[RidCount] = Rid;
RidCount++;
RtlAllocateAndInitializeSid(RtlIdentifierAuthoritySid(SrcSid),
RidCount,
Rids[0],
Rids[1],
Rids[2],
Rids[3],
Rids[4],
Rids[5],
Rids[6],
Rids[7],
&DstSid);
return DstSid;
}
static BOOL WINAPI
GetUserSid(LPCWSTR UserName,
PSID *Sid)
{
#if 0
PSID lpSid; PSID lpSid;
DWORD dwLength; DWORD dwLength;
HKEY hUsersKey; HKEY hUsersKey;
@ -303,100 +398,56 @@ SamGetUserSid(LPCWSTR UserName,
*Sid = lpSid; *Sid = lpSid;
return TRUE; return TRUE;
} #endif
PSID AccountDomainSid = NULL;
ULONG ulUserRid;
DWORD dwLength;
HKEY hNamesKey = NULL;
LONG lError;
BOOL bResult = TRUE;
static BOOL WINAPI if (!GetAccountDomainSid(&AccountDomainSid))
GetDomainSid(PSID *Sid)
{
PPOLICY_ACCOUNT_DOMAIN_INFO Info = NULL;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
PSID lpSid;
ULONG Length;
NTSTATUS Status;
*Sid = NULL;
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_TRUST_ADMIN,
&PolicyHandle);
if (!NT_SUCCESS(Status))
{ {
ERR("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
return FALSE; return FALSE;
} }
Status = LsaQueryInformationPolicy(PolicyHandle, /* Open the Users\Names key */
PolicyAccountDomainInformation, if (RegOpenKeyExW(HKEY_LOCAL_MACHINE,
(PVOID *)&Info); L"SAM\\SAM\\Domains\\Account\\Users\\Names",
if (!NT_SUCCESS(Status)) 0,
KEY_READ,
&hNamesKey))
{ {
ERR("LsaQueryInformationPolicy failed (Status: 0x%08lx)\n", Status); ERR("Failed to open Users\\Names key! (Error %lu)\n", GetLastError());
LsaClose(PolicyHandle); bResult = FALSE;
return FALSE; goto done;
} }
Length = RtlLengthSid(Info->DomainSid); /* Read the user RID */
dwLength = sizeof(ULONG);
lpSid = RtlAllocateHeap(RtlGetProcessHeap(), if (RegQueryValueExW(hNamesKey,
0, UserName,
Length); NULL,
if (lpSid == NULL) NULL,
(LPBYTE)&ulUserRid,
&dwLength))
{ {
ERR("Failed to allocate SID buffer!\n"); ERR("Failed to read the SID! (Error %ld)\n", lError);
LsaFreeMemory(Info); bResult = FALSE;
LsaClose(PolicyHandle); goto done;
return FALSE;
} }
memcpy(lpSid, Info->DomainSid, Length); *Sid = AppendRidToSid(AccountDomainSid, ulUserRid);
*Sid = lpSid; done:
if (hNamesKey != NULL)
RegCloseKey(hNamesKey);
LsaFreeMemory(Info); if (AccountDomainSid != NULL)
LsaClose(PolicyHandle); RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
return TRUE; return bResult;
}
static PSID
AppendRidToSid(PSID SrcSid,
ULONG Rid)
{
ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0};
UCHAR RidCount;
PSID DstSid;
ULONG i;
RidCount = *RtlSubAuthorityCountSid(SrcSid);
if (RidCount >= 8)
return NULL;
for (i = 0; i < RidCount; i++)
Rids[i] = *RtlSubAuthoritySid(SrcSid, i);
Rids[RidCount] = Rid;
RidCount++;
RtlAllocateAndInitializeSid(RtlIdentifierAuthoritySid(SrcSid),
RidCount,
Rids[0],
Rids[1],
Rids[2],
Rids[3],
Rids[4],
Rids[5],
Rids[6],
Rids[7],
&DstSid);
return DstSid;
} }
@ -419,7 +470,7 @@ AllocateGroupSids(OUT PSID *PrimaryGroupSid,
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return NULL; return NULL;
if (!GetDomainSid(&DomainSid)) if (!GetAccountDomainSid(&DomainSid))
return NULL; return NULL;
TokenGroups = RtlAllocateHeap( TokenGroups = RtlAllocateHeap(
@ -669,7 +720,7 @@ LogonUserW(LPWSTR lpszUsername,
ExpirationTime.QuadPart = -1; ExpirationTime.QuadPart = -1;
/* Get the user SID from the registry */ /* Get the user SID from the registry */
if (!SamGetUserSid (lpszUsername, &UserSid)) if (!GetUserSid (lpszUsername, &UserSid))
{ {
ERR("SamGetUserSid() failed\n"); ERR("SamGetUserSid() failed\n");
return FALSE; return FALSE;

280
reactos/dll/win32/samlib/samlib.c
View file

@ -36,286 +36,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(samlib);
/* FUNCTIONS *****************************************************************/ /* FUNCTIONS *****************************************************************/
/*
* ERROR_USER_EXISTS
*/
BOOL WINAPI
SamCreateUser (PWSTR UserName,
PWSTR UserPassword,
PSID UserSid)
{
DWORD dwDisposition;
HKEY hUsersKey;
HKEY hUserKey;
TRACE("SamCreateUser() called\n");
/* FIXME: Check whether the SID is a real user sid */
/* Open the Users key */
if (RegOpenKeyExW (HKEY_LOCAL_MACHINE,
L"SAM\\SAM\\Domains\\Account\\Users",
0,
KEY_ALL_ACCESS,
&hUsersKey))
{
ERR("Failed to open Account key! (Error %lu)\n", GetLastError());
return FALSE;
}
/* Create user name key */
if (RegCreateKeyExW (hUsersKey,
UserName,
0,
NULL,
REG_OPTION_NON_VOLATILE,
KEY_ALL_ACCESS,
NULL,
&hUserKey,
&dwDisposition))
{
ERR("Failed to create/open the user key! (Error %lu)\n", GetLastError());
RegCloseKey (hUsersKey);
return FALSE;
}
RegCloseKey (hUsersKey);
if (dwDisposition == REG_OPENED_EXISTING_KEY)
{
ERR("User already exists!\n");
RegCloseKey (hUserKey);
SetLastError (ERROR_USER_EXISTS);
return FALSE;
}
/* Set 'Name' value */
if (RegSetValueExW (hUserKey,
L"Name",
0,
REG_SZ,
(LPBYTE)UserName,
(wcslen (UserName) + 1) * sizeof (WCHAR)))
{
ERR("Failed to set the user name value! (Error %lu)\n", GetLastError());
RegCloseKey (hUserKey);
return FALSE;
}
/* Set 'Password' value */
if (RegSetValueExW (hUserKey,
L"Password",
0,
REG_SZ,
(LPBYTE)UserPassword,
(wcslen (UserPassword) + 1) * sizeof (WCHAR)))
{
ERR("Failed to set the user name value! (Error %lu)\n", GetLastError());
RegCloseKey (hUserKey);
return FALSE;
}
/* Set 'Sid' value */
if (RegSetValueExW (hUserKey,
L"Sid",
0,
REG_BINARY,
(LPBYTE)UserSid,
RtlLengthSid (UserSid)))
{
ERR("Failed to set the user SID value! (Error %lu)\n", GetLastError());
RegCloseKey (hUserKey);
return FALSE;
}
RegCloseKey (hUserKey);
TRACE("SamCreateUser() done\n");
return TRUE;
}
/*
* ERROR_WRONG_PASSWORD
* ERROR_NO_SUCH_USER
*/
BOOL WINAPI
SamCheckUserPassword (PWSTR UserName,
PWSTR UserPassword)
{
WCHAR szPassword[256];
DWORD dwLength;
HKEY hUsersKey;
HKEY hUserKey;
TRACE("SamCheckUserPassword() called\n");
/* Open the Users key */
if (RegOpenKeyExW (HKEY_LOCAL_MACHINE,
L"SAM\\SAM\\Domains\\Account\\Users",
0,
KEY_READ,
&hUsersKey))
{
ERR("Failed to open Users key! (Error %lu)\n", GetLastError());
return FALSE;
}
/* Open the user key */
if (RegOpenKeyExW (hUsersKey,
UserName,
0,
KEY_READ,
&hUserKey))
{
if (GetLastError () == ERROR_FILE_NOT_FOUND)
{
ERR("Invalid user name!\n");
SetLastError (ERROR_NO_SUCH_USER);
}
else
{
ERR("Failed to open user key! (Error %lu)\n", GetLastError());
}
RegCloseKey (hUsersKey);
return FALSE;
}
RegCloseKey (hUsersKey);
/* Get the password */
dwLength = 256 * sizeof(WCHAR);
if (RegQueryValueExW (hUserKey,
L"Password",
NULL,
NULL,
(LPBYTE)szPassword,
&dwLength))
{
ERR("Failed to read the password! (Error %lu)\n", GetLastError());
RegCloseKey (hUserKey);
return FALSE;
}
RegCloseKey (hUserKey);
/* Compare passwords */
if ((wcslen (szPassword) != wcslen (UserPassword)) ||
(wcscmp (szPassword, UserPassword) != 0))
{
ERR("Wrong password!\n");
SetLastError (ERROR_WRONG_PASSWORD);
return FALSE;
}
TRACE("SamCheckUserPassword() done\n");
return TRUE;
}
BOOL WINAPI
SamGetUserSid (PWSTR UserName,
PSID *Sid)
{
PSID lpSid;
DWORD dwLength;
HKEY hUsersKey;
HKEY hUserKey;
TRACE("SamGetUserSid() called\n");
if (Sid != NULL)
*Sid = NULL;
/* Open the Users key */
if (RegOpenKeyExW (HKEY_LOCAL_MACHINE,
L"SAM\\SAM\\Domains\\Account\\Users",
0,
KEY_READ,
&hUsersKey))
{
ERR("Failed to open Users key! (Error %lu)\n", GetLastError());
return FALSE;
}
/* Open the user key */
if (RegOpenKeyExW (hUsersKey,
UserName,
0,
KEY_READ,
&hUserKey))
{
if (GetLastError () == ERROR_FILE_NOT_FOUND)
{
ERR("Invalid user name!\n");
SetLastError (ERROR_NO_SUCH_USER);
}
else
{
ERR("Failed to open user key! (Error %lu)\n", GetLastError());
}
RegCloseKey (hUsersKey);
return FALSE;
}
RegCloseKey (hUsersKey);
/* Get SID size */
dwLength = 0;
if (RegQueryValueExW (hUserKey,
L"Sid",
NULL,
NULL,
NULL,
&dwLength))
{
ERR("Failed to read the SID size! (Error %lu)\n", GetLastError());
RegCloseKey (hUserKey);
return FALSE;
}
/* Allocate sid buffer */
TRACE("Required SID buffer size: %lu\n", dwLength);
lpSid = (PSID)RtlAllocateHeap (RtlGetProcessHeap (),
0,
dwLength);
if (lpSid == NULL)
{
ERR("Failed to allocate SID buffer!\n");
RegCloseKey (hUserKey);
return FALSE;
}
/* Read sid */
if (RegQueryValueExW (hUserKey,
L"Sid",
NULL,
NULL,
(LPBYTE)lpSid,
&dwLength))
{
ERR("Failed to read the SID! (Error %lu)\n", GetLastError());
RtlFreeHeap (RtlGetProcessHeap (),
0,
lpSid);
RegCloseKey (hUserKey);
return FALSE;
}
RegCloseKey (hUserKey);
*Sid = lpSid;
TRACE("SamGetUserSid() done\n");
return TRUE;
}
void __RPC_FAR * __RPC_USER midl_user_allocate(SIZE_T len) void __RPC_FAR * __RPC_USER midl_user_allocate(SIZE_T len)
{ {
return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len); return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len);

4
reactos/dll/win32/samlib/samlib.spec
View file

@ -63,7 +63,3 @@
@ stub SamiSetBootKeyInformation @ stub SamiSetBootKeyInformation
@ stub SamiSetDSRMPassword @ stub SamiSetDSRMPassword
@ stub SamiSetDSRMPasswordOWF @ stub SamiSetDSRMPasswordOWF
@ stdcall SamCreateUser(wstr wstr ptr)
@ stdcall SamCheckUserPassword(wstr wstr)
@ stdcall SamGetUserSid(wstr ptr)

1
reactos/dll/win32/syssetup/globals.h
View file

@ -64,7 +64,6 @@ extern SETUPDATA SetupData;
/* security.c */ /* security.c */
NTSTATUS SetAccountDomain(LPCWSTR DomainName, NTSTATUS SetAccountDomain(LPCWSTR DomainName,
PSID DomainSid); PSID DomainSid);
NTSTATUS GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo);
VOID InstallSecurity(VOID); VOID InstallSecurity(VOID);
/* wizard.c */ /* wizard.c */

68
reactos/dll/win32/syssetup/install.c
View file

@ -224,40 +224,6 @@ CreateShortcutFolder(int csidl, UINT nID, LPTSTR pszName, int cchNameLen)
return CreateDirectory(szPath, NULL) || GetLastError()==ERROR_ALREADY_EXISTS; return CreateDirectory(szPath, NULL) || GetLastError()==ERROR_ALREADY_EXISTS;
} }
static VOID
AppendRidToSid(
OUT PSID *Dst,
IN PSID Src,
IN ULONG NewRid)
{
ULONG Rid[8] = {0, 0, 0, 0, 0, 0, 0, 0};
UCHAR RidCount;
ULONG i;
RidCount = *RtlSubAuthorityCountSid (Src);
for (i = 0; i < RidCount; i++)
Rid[i] = *RtlSubAuthoritySid (Src, i);
if (RidCount < 8)
{
Rid[RidCount] = NewRid;
RidCount++;
}
RtlAllocateAndInitializeSid(
RtlIdentifierAuthoritySid(Src),
RidCount,
Rid[0],
Rid[1],
Rid[2],
Rid[3],
Rid[4],
Rid[5],
Rid[6],
Rid[7],
Dst);
}
static VOID static VOID
CreateTempDir( CreateTempDir(
@ -848,10 +814,7 @@ SetSetupType(DWORD dwSetupType)
DWORD WINAPI DWORD WINAPI
InstallReactOS(HINSTANCE hInstance) InstallReactOS(HINSTANCE hInstance)
{ {
PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL;
PSID AdminSid = NULL;
TCHAR szBuffer[MAX_PATH]; TCHAR szBuffer[MAX_PATH];
DWORD LastError;
HANDLE token; HANDLE token;
TOKEN_PRIVILEGES privs; TOKEN_PRIVILEGES privs;
HKEY hKey; HKEY hKey;
@ -865,18 +828,6 @@ InstallReactOS(HINSTANCE hInstance)
return 0; return 0;
} }
/* Get account domain information */
if (GetAccountDomainInfo(&AccountDomainInfo) != STATUS_SUCCESS)
{
FatalError("GetAccountDomainInfo() failed!");
return 0;
}
/* Append the Admin-RID */
AppendRidToSid(&AdminSid, AccountDomainInfo->DomainSid, DOMAIN_USER_RID_ADMIN);
LsaFreeMemory(AccountDomainInfo);
CreateTempDir(L"TEMP"); CreateTempDir(L"TEMP");
CreateTempDir(L"TMP"); CreateTempDir(L"TMP");
@ -917,25 +868,6 @@ InstallReactOS(HINSTANCE hInstance)
InstallSecurity(); InstallSecurity();
/* Create the Administrator account */
if (!SamCreateUser(L"Administrator", L"", AdminSid))
{
/* Check what the error was.
* If the Admin Account already exists, then it means Setup
* wasn't allowed to finish properly. Instead of rebooting
* and not completing it, let it restart instead
*/
LastError = GetLastError();
if (LastError != ERROR_USER_EXISTS)
{
FatalError("SamCreateUser() failed!");
RtlFreeSid(AdminSid);
return 0;
}
}
RtlFreeSid(AdminSid);
if (!CreateShortcuts()) if (!CreateShortcuts())
{ {
FatalError("CreateShortcuts() failed"); FatalError("CreateShortcuts() failed");

32
reactos/dll/win32/syssetup/security.c
View file

@ -89,38 +89,6 @@ SetAccountDomain(LPCWSTR DomainName,
} }
NTSTATUS
GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo)
{
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
NTSTATUS Status;
DPRINT1("SYSSETUP: GetAccountDomain\n");
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_TRUST_ADMIN,
&PolicyHandle);
if (Status != STATUS_SUCCESS)
{
DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
return Status;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *)AccountDomainInfo);
LsaClose(PolicyHandle);
return Status;
}
static static
VOID VOID
InstallBuiltinAccounts(VOID) InstallBuiltinAccounts(VOID)