Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-02-25 01:39:30 +00:00
Code Issues Projects Releases Packages Wiki Activity

Clean up method which assigns groups to logged on user

Browse source 
We have now a compile time switch to test ReactOS with a non-administrator account

svn path=/trunk/; revision=30004
This commit is contained in:
Hervé Poussineau 2007-10-31 09:41:56 +00:00
parent 3c7eb9f6d5
commit d5426e5dc0
1 changed files with 156 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

311
reactos/dll/win32/advapi32/misc/logon.c
View file

@ -404,164 +404,175 @@ AppendRidToSid(PSID SrcSid,
static PTOKEN_GROUPS static PTOKEN_GROUPS
AllocateGroupSids(PSID *PrimaryGroupSid, AllocateGroupSids(
PSID *OwnerSid) OUT PSID *PrimaryGroupSid,
OUT PSID *OwnerSid)
{ {
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups; PTOKEN_GROUPS TokenGroups;
PSID DomainSid; #define MAX_GROUPS 8
PSID Sid; DWORD GroupCount = 0;
LUID Luid; PSID DomainSid;
NTSTATUS Status; PSID Sid;
LUID Luid;
NTSTATUS Status;
Status = NtAllocateLocallyUniqueId(&Luid); Status = NtAllocateLocallyUniqueId(&Luid);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return NULL;
if (!SamGetDomainSid(&DomainSid))
return NULL;
TokenGroups = RtlAllocateHeap(
GetProcessHeap(), 0,
sizeof(TOKEN_GROUPS) +
MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
if (TokenGroups == NULL)
{ {
return NULL; RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
return NULL;
} }
if (!SamGetDomainSid(&DomainSid)) Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS);
{ RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
return NULL;
}
TokenGroups = RtlAllocateHeap(GetProcessHeap(), 0, /* Member of the domain */
sizeof(TOKEN_GROUPS) + TokenGroups->Groups[GroupCount].Sid = Sid;
8 * sizeof(SID_AND_ATTRIBUTES)); TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
if (TokenGroups == NULL) *PrimaryGroupSid = Sid;
{ GroupCount++;
RtlFreeHeap (RtlGetProcessHeap (),
0,
DomainSid);
return NULL;
}
TokenGroups->GroupCount = 8; /* Member of 'Everyone' */
RtlAllocateAndInitializeSid(
&WorldAuthority,
1,
SECURITY_WORLD_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
Sid = AppendRidToSid(DomainSid, #if 1
DOMAIN_GROUP_RID_USERS); /* Member of 'Administrators' */
RtlAllocateAndInitializeSid(
&SystemAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
#else
DPRINT1("Not adding user to Administrators group\n");
#endif
RtlFreeHeap(RtlGetProcessHeap(), /* Member of 'Users' */
0, RtlAllocateAndInitializeSid(
DomainSid); &SystemAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_USERS,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
TokenGroups->Groups[0].Sid = Sid; /* Logon SID */
TokenGroups->Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; RtlAllocateAndInitializeSid(
*PrimaryGroupSid = Sid; &SystemAuthority,
SECURITY_LOGON_IDS_RID_COUNT,
SECURITY_LOGON_IDS_RID,
Luid.HighPart,
Luid.LowPart,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
GroupCount++;
*OwnerSid = Sid;
/* Member of 'Local users */
RtlAllocateAndInitializeSid(
&LocalAuthority,
1,
SECURITY_LOCAL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
RtlAllocateAndInitializeSid(&WorldAuthority, /* Member of 'Interactive users' */
1, RtlAllocateAndInitializeSid(
SECURITY_WORLD_RID, &SystemAuthority,
SECURITY_NULL_RID, 1,
SECURITY_NULL_RID, SECURITY_INTERACTIVE_RID,
SECURITY_NULL_RID, SECURITY_NULL_RID,
SECURITY_NULL_RID, SECURITY_NULL_RID,
SECURITY_NULL_RID, SECURITY_NULL_RID,
SECURITY_NULL_RID, SECURITY_NULL_RID,
SECURITY_NULL_RID, SECURITY_NULL_RID,
&Sid); SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
TokenGroups->Groups[1].Sid = Sid; /* Member of 'Authenticated users' */
TokenGroups->Groups[1].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; RtlAllocateAndInitializeSid(
&SystemAuthority,
1,
SECURITY_AUTHENTICATED_USER_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[GroupCount].Sid = Sid;
TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
TokenGroups->GroupCount = GroupCount;
ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
RtlAllocateAndInitializeSid(&SystemAuthority, return TokenGroups;
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[2].Sid = Sid;
TokenGroups->Groups[2].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
*OwnerSid = Sid;
RtlAllocateAndInitializeSid(&SystemAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_USERS,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[3].Sid = Sid;
TokenGroups->Groups[3].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
/* Logon SID */
RtlAllocateAndInitializeSid(&SystemAuthority,
SECURITY_LOGON_IDS_RID_COUNT,
SECURITY_LOGON_IDS_RID,
Luid.HighPart,
Luid.LowPart,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[4].Sid = Sid;
TokenGroups->Groups[4].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
RtlAllocateAndInitializeSid(&LocalAuthority,
1,
SECURITY_LOCAL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[5].Sid = Sid;
TokenGroups->Groups[5].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_INTERACTIVE_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[6].Sid = Sid;
TokenGroups->Groups[6].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_AUTHENTICATED_USER_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&Sid);
TokenGroups->Groups[7].Sid = Sid;
TokenGroups->Groups[7].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
return TokenGroups;
} }
@ -663,18 +674,8 @@ LogonUserW (LPWSTR lpszUsername,
/* Get the user SID from the registry */ /* Get the user SID from the registry */
if (!SamGetUserSid (lpszUsername, &UserSid)) if (!SamGetUserSid (lpszUsername, &UserSid))
{ {
DPRINT ("SamGetUserSid() failed\n"); DPRINT1 ("SamGetUserSid() failed\n");
RtlAllocateAndInitializeSid (&SystemAuthority, return FALSE;
5,
SECURITY_NT_NON_UNIQUE,
0x12345678,
0x12345678,
0x12345678,
DOMAIN_USER_RID_ADMIN,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&UserSid);
} }
TokenUser.User.Sid = UserSid; TokenUser.User.Sid = UserSid;