Clean up method which assigns groups to logged on user

We have now a compile time switch to test ReactOS with a non-administrator account svn path=/trunk/; revision=30004
2025-08-05 01:15:43 +00:00 · 2007-10-31 09:41:56 +00:00 · 2007-10-31 09:41:56 +00:00 · d5426e5dc0
commit d5426e5dc0
parent 3c7eb9f6d5
1 changed files with 156 additions and 155 deletions
--- a/reactos/dll/win32/advapi32/misc/logon.c
+++ b/reactos/dll/win32/advapi32/misc/logon.c
@ -404,13 +404,16 @@ AppendRidToSid(PSID SrcSid,
 static PTOKEN_GROUPS
-AllocateGroupSids(PSID *PrimaryGroupSid,
+AllocateGroupSids(
-		  PSID *OwnerSid)
+    OUT PSID *PrimaryGroupSid,
    OUT PSID *OwnerSid)
 {
    SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
    SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
    PTOKEN_GROUPS TokenGroups;
 #define MAX_GROUPS 8
    DWORD GroupCount = 0;
    PSID DomainSid;
    PSID Sid;
    LUID Luid;
@ -418,41 +421,33 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
    Status = NtAllocateLocallyUniqueId(&Luid);
    if (!NT_SUCCESS(Status))
    {
        return NULL;
    }
    if (!SamGetDomainSid(&DomainSid))
    {
        return NULL;
    }
-  TokenGroups = RtlAllocateHeap(GetProcessHeap(), 0,
+    TokenGroups = RtlAllocateHeap(
        GetProcessHeap(), 0,
        sizeof(TOKEN_GROUPS) +
-                                8 * sizeof(SID_AND_ATTRIBUTES));
+        MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
    if (TokenGroups == NULL)
    {
-      RtlFreeHeap (RtlGetProcessHeap (),
+        RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
 		   0,
 		   DomainSid);
        return NULL;
    }
-  TokenGroups->GroupCount = 8;
+    Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS);
    RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
-  Sid = AppendRidToSid(DomainSid,
+    /* Member of the domain */
-                       DOMAIN_GROUP_RID_USERS);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
-
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
  RtlFreeHeap(RtlGetProcessHeap(),
 	      0,
 	      DomainSid);
  TokenGroups->Groups[0].Sid = Sid;
  TokenGroups->Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    *PrimaryGroupSid = Sid;
    GroupCount++;
-
+    /* Member of 'Everyone' */
-  RtlAllocateAndInitializeSid(&WorldAuthority,
+    RtlAllocateAndInitializeSid(
        &WorldAuthority,
        1,
        SECURITY_WORLD_RID,
        SECURITY_NULL_RID,
@ -463,12 +458,14 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    GroupCount++;
-  TokenGroups->Groups[1].Sid = Sid;
+#if 1
-  TokenGroups->Groups[1].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    /* Member of 'Administrators' */
-
+    RtlAllocateAndInitializeSid(
-
+        &SystemAuthority,
  RtlAllocateAndInitializeSid(&SystemAuthority,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_ADMINS,
@ -479,13 +476,16 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    GroupCount++;
 #else
    DPRINT1("Not adding user to Administrators group\n");
 #endif
-  TokenGroups->Groups[2].Sid = Sid;
+    /* Member of 'Users' */
-  TokenGroups->Groups[2].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    RtlAllocateAndInitializeSid(
-
+        &SystemAuthority,
  *OwnerSid = Sid;
  RtlAllocateAndInitializeSid(&SystemAuthority,
        2,
        SECURITY_BUILTIN_DOMAIN_RID,
        DOMAIN_ALIAS_RID_USERS,
@ -496,12 +496,13 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
-
+    TokenGroups->Groups[GroupCount].Sid = Sid;
-  TokenGroups->Groups[3].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-  TokenGroups->Groups[3].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
    /* Logon SID */
-  RtlAllocateAndInitializeSid(&SystemAuthority,
+    RtlAllocateAndInitializeSid(
        &SystemAuthority,
        SECURITY_LOGON_IDS_RID_COUNT,
        SECURITY_LOGON_IDS_RID,
        Luid.HighPart,
@ -512,11 +513,14 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
    GroupCount++;
    *OwnerSid = Sid;
-  TokenGroups->Groups[4].Sid = Sid;
+    /* Member of 'Local users */
-  TokenGroups->Groups[4].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
+    RtlAllocateAndInitializeSid(
-
+        &LocalAuthority,
  RtlAllocateAndInitializeSid(&LocalAuthority,
        1,
        SECURITY_LOCAL_RID,
        SECURITY_NULL_RID,
@ -527,11 +531,13 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    GroupCount++;
-  TokenGroups->Groups[5].Sid = Sid;
+    /* Member of 'Interactive users' */
-  TokenGroups->Groups[5].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    RtlAllocateAndInitializeSid(
-
+        &SystemAuthority,
  RtlAllocateAndInitializeSid(&SystemAuthority,
        1,
        SECURITY_INTERACTIVE_RID,
        SECURITY_NULL_RID,
@ -542,11 +548,13 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    GroupCount++;
-  TokenGroups->Groups[6].Sid = Sid;
+    /* Member of 'Authenticated users' */
-  TokenGroups->Groups[6].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    RtlAllocateAndInitializeSid(
-
+        &SystemAuthority,
  RtlAllocateAndInitializeSid(&SystemAuthority,
        1,
        SECURITY_AUTHENTICATED_USER_RID,
        SECURITY_NULL_RID,
@ -557,9 +565,12 @@ AllocateGroupSids(PSID *PrimaryGroupSid,
        SECURITY_NULL_RID,
        SECURITY_NULL_RID,
        &Sid);
    TokenGroups->Groups[GroupCount].Sid = Sid;
    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
    GroupCount++;
-  TokenGroups->Groups[7].Sid = Sid;
+    TokenGroups->GroupCount = GroupCount;
-  TokenGroups->Groups[7].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
    return TokenGroups;
 }
@ -663,18 +674,8 @@ LogonUserW (LPWSTR lpszUsername,
  /* Get the user SID from the registry */
  if (!SamGetUserSid (lpszUsername, &UserSid))
    {
-      DPRINT ("SamGetUserSid() failed\n");
+      DPRINT1 ("SamGetUserSid() failed\n");
-      RtlAllocateAndInitializeSid (&SystemAuthority,
+      return FALSE;
 				   5,
 				   SECURITY_NT_NON_UNIQUE,
 				   0x12345678,
 				   0x12345678,
 				   0x12345678,
 				   DOMAIN_USER_RID_ADMIN,
 				   SECURITY_NULL_RID,
 				   SECURITY_NULL_RID,
 				   SECURITY_NULL_RID,
 				   &UserSid);
    }
  TokenUser.User.Sid = UserSid;