Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-10-04 00:13:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

[LSASRV]

Browse source 
- Add well-known account names "LOCALSERVICE" and "NETWORKSERVICE" as aliases of "LOCAL SERVICE" and "NETWORKSERVICE". They can be found on a german Windows XP.
- Remove a part LsaLookupSids that returned "UNKNOWN\Test" for unknown SIDs. Was used for tests only.

svn path=/trunk/; revision=57568
This commit is contained in:
Eric Kohl 2012-10-17 20:16:06 +00:00
parent 08f38d2ff7
commit c881b2b949
1 changed files with 14 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

100
reactos/dll/win32/lsasrv/sids.c
View file

@ -472,6 +472,13 @@ LsapInitSids(VOID)
L"NT AUTHORITY",
SidTypeWellKnownGroup);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"LOCALSERVICE",
L"NT AUTHORITY",
SidTypeWellKnownGroup);
/* Network Service Sid */
SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
LsapCreateSid(&NtAuthority,
@ -481,6 +488,13 @@ LsapInitSids(VOID)
L"NT AUTHORITY",
SidTypeWellKnownGroup);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"NETWORKSERVICE",
L"NT AUTHORITY",
SidTypeWellKnownGroup);
/* Builtin Domain Sid */
SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
LsapCreateSid(&NtAuthority,
@ -2062,82 +2076,6 @@ done:
}
static NTSTATUS
LsapLookupUnknownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
PULONG Mapped)
{
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = {SECURITY_NT_AUTHORITY};
static const UNICODE_STRING DomainName = RTL_CONSTANT_STRING(L"UNKNOWN");
static const UNICODE_STRING AdminName = RTL_CONSTANT_STRING(L"Test");
PSID AdminsSid = NULL;
LPWSTR SidString = NULL;
ULONG SidLength;
ULONG DomainIndex;
ULONG i;
NTSTATUS Status;
Status = RtlAllocateAndInitializeSid(&IdentifierAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&AdminsSid);
if (!NT_SUCCESS(Status))
goto done;
SidLength = RtlLengthSid(AdminsSid);
for (i = 0; i < SidEnumBuffer->Entries; i++)
{
/* Ignore SIDs which are already mapped */
if (NamesBuffer[i].Use != SidTypeUnknown)
continue;
ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
TRACE("Mapping SID: %S\n", SidString);
LocalFree(SidString);
SidString = NULL;
/* Hack: Map the SID to the Admin Account if it is not a well-known SID */
NamesBuffer[i].Use = SidTypeUser;
NamesBuffer[i].Flags = 0;
NamesBuffer[i].Name.Length = AdminName.Length;
NamesBuffer[i].Name.MaximumLength = AdminName.MaximumLength;
NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AdminName.MaximumLength);
if (NamesBuffer[i].Name.Buffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
RtlCopyMemory(NamesBuffer[i].Name.Buffer, AdminName.Buffer, AdminName.MaximumLength);
Status = LsapAddDomainToDomainsList(DomainsBuffer,
(PUNICODE_STRING)&DomainName,
AdminsSid,
&DomainIndex);
if (!NT_SUCCESS(Status))
goto done;
NamesBuffer[i].DomainIndex = DomainIndex;
TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
(*Mapped)++;
}
done:
if (AdminsSid != NULL)
RtlFreeSid(AdminsSid);
return Status;
}
NTSTATUS
LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
@ -2229,16 +2167,6 @@ LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
if (Mapped == SidEnumBuffer->Entries)
goto done;
/* Map unknown SIDs */
Status = LsapLookupUnknownSids(SidEnumBuffer,
NamesBuffer,
DomainsBuffer,
&Mapped);
if (!NT_SUCCESS(Status) &&
Status != STATUS_NONE_MAPPED &&
Status != STATUS_SOME_NOT_MAPPED)
goto done;
done:
TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);