mirror of
https://github.com/reactos/reactos.git
synced 2025-01-04 21:38:43 +00:00
[LSASRV]
- Move most of the code from LsarLookupSids into LsapLookupSids. - Use the code from LsapLookupNames to handle the referenced domains list in LsapLookupSids. svn path=/trunk/; revision=57488
This commit is contained in:
parent
f6573a4432
commit
bc733f3d0a
3 changed files with 180 additions and 153 deletions
|
@ -647,14 +647,6 @@ NTSTATUS WINAPI LsarLookupSids(
|
||||||
LSAP_LOOKUP_LEVEL LookupLevel,
|
LSAP_LOOKUP_LEVEL LookupLevel,
|
||||||
DWORD *MappedCount)
|
DWORD *MappedCount)
|
||||||
{
|
{
|
||||||
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = {SECURITY_NT_AUTHORITY};
|
|
||||||
static const UNICODE_STRING DomainName = RTL_CONSTANT_STRING(L"DOMAIN");
|
|
||||||
PLSAPR_REFERENCED_DOMAIN_LIST OutputDomains = NULL;
|
|
||||||
PLSAPR_TRANSLATED_NAME OutputNames = NULL;
|
|
||||||
ULONG OutputNamesLength;
|
|
||||||
ULONG i;
|
|
||||||
PSID Sid;
|
|
||||||
ULONG SidLength;
|
|
||||||
NTSTATUS Status;
|
NTSTATUS Status;
|
||||||
|
|
||||||
TRACE("LsarLookupSids(%p, %p, %p, %p, %d, %p)\n",
|
TRACE("LsarLookupSids(%p, %p, %p, %p, %d, %p)\n",
|
||||||
|
@ -665,67 +657,13 @@ NTSTATUS WINAPI LsarLookupSids(
|
||||||
TranslatedNames->Names = NULL;
|
TranslatedNames->Names = NULL;
|
||||||
*ReferencedDomains = NULL;
|
*ReferencedDomains = NULL;
|
||||||
|
|
||||||
OutputNamesLength = SidEnumBuffer->Entries * sizeof(LSA_TRANSLATED_NAME);
|
/* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
|
||||||
OutputNames = MIDL_user_allocate(OutputNamesLength);
|
|
||||||
if (OutputNames == NULL)
|
|
||||||
{
|
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
RtlZeroMemory(OutputNames, OutputNamesLength);
|
|
||||||
|
|
||||||
OutputDomains = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
|
|
||||||
if (OutputDomains == NULL)
|
|
||||||
{
|
|
||||||
MIDL_user_free(OutputNames);
|
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
OutputDomains->Entries = SidEnumBuffer->Entries;
|
|
||||||
OutputDomains->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
|
|
||||||
if (OutputDomains->Domains == NULL)
|
|
||||||
{
|
|
||||||
MIDL_user_free(OutputDomains);
|
|
||||||
MIDL_user_free(OutputNames);
|
|
||||||
return STATUS_INSUFFICIENT_RESOURCES;
|
|
||||||
}
|
|
||||||
|
|
||||||
Status = RtlAllocateAndInitializeSid(&IdentifierAuthority,
|
|
||||||
2,
|
|
||||||
SECURITY_BUILTIN_DOMAIN_RID,
|
|
||||||
DOMAIN_ALIAS_RID_ADMINS,
|
|
||||||
0, 0, 0, 0, 0, 0,
|
|
||||||
&Sid);
|
|
||||||
if (!NT_SUCCESS(Status))
|
|
||||||
{
|
|
||||||
MIDL_user_free(OutputDomains->Domains);
|
|
||||||
MIDL_user_free(OutputDomains);
|
|
||||||
MIDL_user_free(OutputNames);
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
SidLength = RtlLengthSid(Sid);
|
|
||||||
|
|
||||||
for (i = 0; i < SidEnumBuffer->Entries; i++)
|
|
||||||
{
|
|
||||||
OutputDomains->Domains[i].Sid = MIDL_user_allocate(SidLength);
|
|
||||||
RtlCopyMemory(OutputDomains->Domains[i].Sid, Sid, SidLength);
|
|
||||||
|
|
||||||
OutputDomains->Domains[i].Name.Buffer = MIDL_user_allocate(DomainName.MaximumLength);
|
|
||||||
OutputDomains->Domains[i].Name.Length = DomainName.Length;
|
|
||||||
OutputDomains->Domains[i].Name.MaximumLength = DomainName.MaximumLength;
|
|
||||||
RtlCopyMemory(OutputDomains->Domains[i].Name.Buffer, DomainName.Buffer, DomainName.MaximumLength);
|
|
||||||
}
|
|
||||||
|
|
||||||
Status = LsapLookupSids(SidEnumBuffer,
|
Status = LsapLookupSids(SidEnumBuffer,
|
||||||
OutputNames);
|
ReferencedDomains,
|
||||||
|
TranslatedNames,
|
||||||
*ReferencedDomains = OutputDomains;
|
LookupLevel,
|
||||||
|
MappedCount);
|
||||||
*MappedCount = SidEnumBuffer->Entries;
|
|
||||||
|
|
||||||
TranslatedNames->Entries = SidEnumBuffer->Entries;
|
|
||||||
TranslatedNames->Names = OutputNames;
|
|
||||||
|
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
|
@ -192,10 +192,6 @@ LsarpEnumeratePrivileges(DWORD *EnumerationContext,
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapInitSids(VOID);
|
LsapInitSids(VOID);
|
||||||
|
|
||||||
NTSTATUS
|
|
||||||
LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
|
||||||
PLSAPR_TRANSLATED_NAME OutputNames);
|
|
||||||
|
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapLookupNames(DWORD Count,
|
LsapLookupNames(DWORD Count,
|
||||||
PRPC_UNICODE_STRING Names,
|
PRPC_UNICODE_STRING Names,
|
||||||
|
@ -206,4 +202,11 @@ LsapLookupNames(DWORD Count,
|
||||||
DWORD LookupOptions,
|
DWORD LookupOptions,
|
||||||
DWORD ClientRevision);
|
DWORD ClientRevision);
|
||||||
|
|
||||||
|
NTSTATUS
|
||||||
|
LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
||||||
|
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
||||||
|
PLSAPR_TRANSLATED_NAMES TranslatedNames,
|
||||||
|
LSAP_LOOKUP_LEVEL LookupLevel,
|
||||||
|
DWORD *MappedCount);
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
@ -161,7 +161,7 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
|
||||||
PULONG p;
|
PULONG p;
|
||||||
ULONG i;
|
ULONG i;
|
||||||
|
|
||||||
SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), 0, sizeof(WELL_KNOWN_SID));
|
SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
|
||||||
if (SidEntry == NULL)
|
if (SidEntry == NULL)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
|
@ -204,10 +204,18 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
|
||||||
NTSTATUS
|
NTSTATUS
|
||||||
LsapInitSids(VOID)
|
LsapInitSids(VOID)
|
||||||
{
|
{
|
||||||
ULONG SubAuthorities[5];
|
ULONG SubAuthorities[8];
|
||||||
|
|
||||||
InitializeListHead(&WellKnownSidListHead);
|
InitializeListHead(&WellKnownSidListHead);
|
||||||
|
|
||||||
|
/* NT Authority */
|
||||||
|
LsapCreateSid(&NtAuthority,
|
||||||
|
0,
|
||||||
|
NULL,
|
||||||
|
L"NT AUTHORITY",
|
||||||
|
L"NT AUTHORITY",
|
||||||
|
SidTypeDomain);
|
||||||
|
|
||||||
/* Null Sid */
|
/* Null Sid */
|
||||||
SubAuthorities[0] = SECURITY_NULL_RID;
|
SubAuthorities[0] = SECURITY_NULL_RID;
|
||||||
LsapCreateSid(&NullSidAuthority,
|
LsapCreateSid(&NullSidAuthority,
|
||||||
|
@ -271,14 +279,6 @@ LsapInitSids(VOID)
|
||||||
L"",
|
L"",
|
||||||
SidTypeWellKnownGroup);
|
SidTypeWellKnownGroup);
|
||||||
|
|
||||||
/* NT Domain Sid */
|
|
||||||
LsapCreateSid(&NtAuthority,
|
|
||||||
0,
|
|
||||||
NULL,
|
|
||||||
L"NT AUTHORITY",
|
|
||||||
L"NT AUTHORITY",
|
|
||||||
SidTypeDomain);
|
|
||||||
|
|
||||||
/* Dialup Sid */
|
/* Dialup Sid */
|
||||||
SubAuthorities[0] = SECURITY_DIALUP_RID;
|
SubAuthorities[0] = SECURITY_DIALUP_RID;
|
||||||
LsapCreateSid(&NtAuthority,
|
LsapCreateSid(&NtAuthority,
|
||||||
|
@ -603,78 +603,6 @@ LsapLookupWellKnownSid(PSID Sid)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
NTSTATUS
|
|
||||||
LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
|
||||||
PLSAPR_TRANSLATED_NAME OutputNames)
|
|
||||||
{
|
|
||||||
static const UNICODE_STRING UserName = RTL_CONSTANT_STRING(L"Administrator");
|
|
||||||
PWELL_KNOWN_SID ptr;
|
|
||||||
ULONG Mapped = 0;
|
|
||||||
ULONG i;
|
|
||||||
NTSTATUS Status;
|
|
||||||
|
|
||||||
PSID *Sids = (PSID *) SidEnumBuffer->SidInfo;
|
|
||||||
|
|
||||||
TRACE("LsapLookupSids(%p, %p)\n", SidEnumBuffer, OutputNames);
|
|
||||||
TRACE("SidEnumBuffer->Entries: %lu\n", SidEnumBuffer->Entries);
|
|
||||||
TRACE("SidEnumBuffer->SidInfo: %p\n", SidEnumBuffer->SidInfo);
|
|
||||||
|
|
||||||
for (i = 0; i < SidEnumBuffer->Entries; i++)
|
|
||||||
{
|
|
||||||
TRACE("i: %lu\n", i);
|
|
||||||
ptr = LsapLookupWellKnownSid(Sids[i]);
|
|
||||||
if (ptr != NULL)
|
|
||||||
{
|
|
||||||
OutputNames[i].Use = ptr->Use;
|
|
||||||
|
|
||||||
OutputNames[i].DomainIndex = i; /* Fixme */
|
|
||||||
|
|
||||||
OutputNames[i].Name.Buffer = MIDL_user_allocate(ptr->Name.MaximumLength);
|
|
||||||
OutputNames[i].Name.Length = ptr->Name.Length;
|
|
||||||
OutputNames[i].Name.MaximumLength = ptr->Name.MaximumLength;
|
|
||||||
RtlCopyMemory(OutputNames[i].Name.Buffer, ptr->Name.Buffer, ptr->Name.MaximumLength);
|
|
||||||
|
|
||||||
Mapped++;
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Check for buildin domain SID */
|
|
||||||
|
|
||||||
/* Check for account domain SID */
|
|
||||||
|
|
||||||
/* Check for primary domain SID (later) */
|
|
||||||
|
|
||||||
/* Check for trusted domain SID (later) */
|
|
||||||
|
|
||||||
/* Check for builtin domain account SID */
|
|
||||||
|
|
||||||
/* Check for account domain account SID */
|
|
||||||
|
|
||||||
/* Check for primary domain account SID (later) */
|
|
||||||
|
|
||||||
|
|
||||||
/* Unknown SID */
|
|
||||||
OutputNames[i].Use = SidTypeWellKnownGroup;
|
|
||||||
OutputNames[i].DomainIndex = i;
|
|
||||||
OutputNames[i].Name.Buffer = MIDL_user_allocate(UserName.MaximumLength);
|
|
||||||
OutputNames[i].Name.Length = UserName.Length;
|
|
||||||
OutputNames[i].Name.MaximumLength = UserName.MaximumLength;
|
|
||||||
RtlCopyMemory(OutputNames[i].Name.Buffer, UserName.Buffer, UserName.MaximumLength);
|
|
||||||
|
|
||||||
Mapped++;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (Mapped == 0)
|
|
||||||
Status = STATUS_NONE_MAPPED;
|
|
||||||
else if (Mapped < SidEnumBuffer->Entries)
|
|
||||||
Status = STATUS_SOME_NOT_MAPPED;
|
|
||||||
else
|
|
||||||
Status = STATUS_SUCCESS;
|
|
||||||
|
|
||||||
return Status;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
PWELL_KNOWN_SID
|
PWELL_KNOWN_SID
|
||||||
LsapLookupWellKnownName(PUNICODE_STRING Name)
|
LsapLookupWellKnownName(PUNICODE_STRING Name)
|
||||||
{
|
{
|
||||||
|
@ -688,7 +616,9 @@ LsapLookupWellKnownName(PUNICODE_STRING Name)
|
||||||
WELL_KNOWN_SID,
|
WELL_KNOWN_SID,
|
||||||
ListEntry);
|
ListEntry);
|
||||||
if (RtlEqualUnicodeString(Name, &Ptr->Name, TRUE))
|
if (RtlEqualUnicodeString(Name, &Ptr->Name, TRUE))
|
||||||
|
{
|
||||||
return Ptr;
|
return Ptr;
|
||||||
|
}
|
||||||
|
|
||||||
ListEntry = ListEntry->Flink;
|
ListEntry = ListEntry->Flink;
|
||||||
}
|
}
|
||||||
|
@ -1075,4 +1005,160 @@ done:
|
||||||
return Status;
|
return Status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
NTSTATUS
|
||||||
|
LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
|
||||||
|
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
|
||||||
|
PLSAPR_TRANSLATED_NAMES TranslatedNames,
|
||||||
|
LSAP_LOOKUP_LEVEL LookupLevel,
|
||||||
|
DWORD *MappedCount)
|
||||||
|
{
|
||||||
|
PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
|
||||||
|
PLSAPR_TRANSLATED_NAME NamesBuffer = NULL;
|
||||||
|
ULONG NamesBufferLength;
|
||||||
|
ULONG DomainIndex;
|
||||||
|
ULONG i;
|
||||||
|
ULONG Mapped = 0;
|
||||||
|
NTSTATUS Status = STATUS_SUCCESS;
|
||||||
|
|
||||||
|
PWELL_KNOWN_SID ptr, ptr2;
|
||||||
|
|
||||||
|
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = {SECURITY_NT_AUTHORITY};
|
||||||
|
static const UNICODE_STRING DomainName = RTL_CONSTANT_STRING(L"DOMAIN");
|
||||||
|
static const UNICODE_STRING AdminName = RTL_CONSTANT_STRING(L"Administrator");
|
||||||
|
PSID AdminsSid = NULL;
|
||||||
|
ULONG SidLength;
|
||||||
|
|
||||||
|
|
||||||
|
NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSA_TRANSLATED_NAME);
|
||||||
|
NamesBuffer = MIDL_user_allocate(NamesBufferLength);
|
||||||
|
if (NamesBuffer == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
|
||||||
|
if (DomainsBuffer == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
|
||||||
|
if (DomainsBuffer->Domains == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
DomainsBuffer->Entries = 0;
|
||||||
|
DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
|
||||||
|
|
||||||
|
/* Initialize all name entries */
|
||||||
|
for (i = 0; i < SidEnumBuffer->Entries; i++)
|
||||||
|
{
|
||||||
|
NamesBuffer[i].Use = SidTypeUnknown;
|
||||||
|
NamesBuffer[i].Name.Length = 0;
|
||||||
|
NamesBuffer[i].Name.MaximumLength = 0;
|
||||||
|
NamesBuffer[i].Name.Buffer = NULL;
|
||||||
|
NamesBuffer[i].DomainIndex = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Status = RtlAllocateAndInitializeSid(&IdentifierAuthority,
|
||||||
|
2,
|
||||||
|
SECURITY_BUILTIN_DOMAIN_RID,
|
||||||
|
DOMAIN_ALIAS_RID_ADMINS,
|
||||||
|
0, 0, 0, 0, 0, 0,
|
||||||
|
&AdminsSid);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
|
||||||
|
SidLength = RtlLengthSid(AdminsSid);
|
||||||
|
|
||||||
|
|
||||||
|
for (i = 0; i < SidEnumBuffer->Entries; i++)
|
||||||
|
{
|
||||||
|
ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
|
||||||
|
if (ptr != NULL)
|
||||||
|
{
|
||||||
|
NamesBuffer[i].Use = ptr->Use;
|
||||||
|
|
||||||
|
NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->Name.MaximumLength);
|
||||||
|
NamesBuffer[i].Name.Length = ptr->Name.Length;
|
||||||
|
NamesBuffer[i].Name.MaximumLength = ptr->Name.MaximumLength;
|
||||||
|
RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->Name.Buffer, ptr->Name.MaximumLength);
|
||||||
|
|
||||||
|
ptr2= LsapLookupWellKnownName(&ptr->Domain);
|
||||||
|
if (ptr2 != NULL)
|
||||||
|
{
|
||||||
|
Status = LsapAddDomainToDomainsList(DomainsBuffer,
|
||||||
|
&ptr2->Name,
|
||||||
|
ptr2->Sid,
|
||||||
|
&DomainIndex);
|
||||||
|
if (NT_SUCCESS(Status))
|
||||||
|
NamesBuffer[i].DomainIndex = DomainIndex;
|
||||||
|
}
|
||||||
|
|
||||||
|
Mapped++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Hack: Map the SID to the Admin Account if it is not a well-known SID */
|
||||||
|
NamesBuffer[i].Use = SidTypeWellKnownGroup;
|
||||||
|
NamesBuffer[i].Name.Length = AdminName.Length;
|
||||||
|
NamesBuffer[i].Name.MaximumLength = AdminName.MaximumLength;
|
||||||
|
NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AdminName.MaximumLength);
|
||||||
|
RtlCopyMemory(NamesBuffer[i].Name.Buffer, AdminName.Buffer, AdminName.MaximumLength);
|
||||||
|
|
||||||
|
Status = LsapAddDomainToDomainsList(DomainsBuffer,
|
||||||
|
(PUNICODE_STRING)&DomainName,
|
||||||
|
AdminsSid,
|
||||||
|
&DomainIndex);
|
||||||
|
if (NT_SUCCESS(Status))
|
||||||
|
NamesBuffer[i].DomainIndex = DomainIndex;
|
||||||
|
|
||||||
|
Mapped++;
|
||||||
|
continue;
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
done:
|
||||||
|
if (AdminsSid != NULL)
|
||||||
|
RtlFreeSid(AdminsSid);
|
||||||
|
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
if (DomainsBuffer != NULL)
|
||||||
|
{
|
||||||
|
if (DomainsBuffer->Domains != NULL)
|
||||||
|
MIDL_user_free(DomainsBuffer->Domains);
|
||||||
|
|
||||||
|
MIDL_user_free(DomainsBuffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (NamesBuffer != NULL)
|
||||||
|
MIDL_user_free(NamesBuffer);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
*ReferencedDomains = DomainsBuffer;
|
||||||
|
TranslatedNames->Entries = SidEnumBuffer->Entries;
|
||||||
|
TranslatedNames->Names = NamesBuffer;
|
||||||
|
*MappedCount = Mapped;
|
||||||
|
|
||||||
|
if (Mapped == 0)
|
||||||
|
Status = STATUS_NONE_MAPPED;
|
||||||
|
else if (Mapped < SidEnumBuffer->Entries)
|
||||||
|
Status = STATUS_SOME_NOT_MAPPED;
|
||||||
|
}
|
||||||
|
|
||||||
|
return Status;
|
||||||
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
Loading…
Reference in a new issue