Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2024-09-28 21:44:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Cleanup SID initialization and fill all SeExports fields.

Browse source 
svn path=/trunk/; revision=16936
This commit is contained in:
Filip Navara 2005-08-01 09:05:20 +00:00
parent e18c5c1218
commit f89cc27ede
4 changed files with 138 additions and 359 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
reactos/ntoskrnl/include/internal/se.h
View file

@ -37,6 +37,9 @@ extern PSID SeAliasAccountOpsSid;
extern PSID SeAliasSystemOpsSid;
extern PSID SeAliasPrintOpsSid;
extern PSID SeAliasBackupOpsSid;
extern PSID SeAuthenticatedUsersSid;
extern PSID SeRestrictedSid;
extern PSID SeAnonymousLogonSid;
/* Privileges */
extern LUID SeCreateTokenPrivilege;
@ -62,6 +65,9 @@ extern LUID SeAuditPrivilege;
extern LUID SeSystemEnvironmentPrivilege;
extern LUID SeChangeNotifyPrivilege;
extern LUID SeRemoteShutdownPrivilege;
extern LUID SeUndockPrivilege;
extern LUID SeSyncAgentPrivilege;
extern LUID SeEnableDelegationPrivilege;
/* DACLs */
extern PACL SePublicDefaultUnrestrictedDacl;

9
reactos/ntoskrnl/se/priv.c
View file

@ -40,6 +40,9 @@ LUID SeAuditPrivilege;
LUID SeSystemEnvironmentPrivilege;
LUID SeChangeNotifyPrivilege;
LUID SeRemoteShutdownPrivilege;
LUID SeUndockPrivilege;
LUID SeSyncAgentPrivilege;
LUID SeEnableDelegationPrivilege;
/* FUNCTIONS ***************************************************************/
@ -93,6 +96,12 @@ SepInitPrivileges (VOID)
SeChangeNotifyPrivilege.HighPart = 0;
SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE;
SeRemoteShutdownPrivilege.HighPart = 0;
SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE;
SeUndockPrivilege.HighPart = 0;
SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE;
SeSyncAgentPrivilege.HighPart = 0;
SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE;
SeEnableDelegationPrivilege.HighPart = 0;
}

7
reactos/ntoskrnl/se/semgr.c
View file

@ -165,7 +165,14 @@ SepInitExports(VOID)
SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid;
SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid;
SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid;
SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid;
SepExports.SeRestrictedSid = SeRestrictedSid;
SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid;
SepExports.SeUndockPrivilege = SeUndockPrivilege;
SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege;
SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege;
SeExports = &SepExports;
return TRUE;
}

475
reactos/ntoskrnl/se/sid.c
View file

@ -36,7 +36,6 @@ PSID SeNetworkSid = NULL;
PSID SeBatchSid = NULL;
PSID SeInteractiveSid = NULL;
PSID SeServiceSid = NULL;
PSID SeAnonymousLogonSid = NULL;
PSID SePrincipalSelfSid = NULL;
PSID SeLocalSystemSid = NULL;
PSID SeAuthenticatedUserSid = NULL;
@ -49,6 +48,9 @@ PSID SeAliasAccountOpsSid = NULL;
PSID SeAliasSystemOpsSid = NULL;
PSID SeAliasPrintOpsSid = NULL;
PSID SeAliasBackupOpsSid = NULL;
PSID SeAuthenticatedUsersSid = NULL;
PSID SeRestrictedSid = NULL;
PSID SeAnonymousLogonSid = NULL;
/* FUNCTIONS ****************************************************************/
@ -67,398 +69,153 @@ SepInitSecurityIDs(VOID)
SidLength2 = RtlLengthRequiredSid(2);
/* create NullSid */
SeNullSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeNullSid == NULL)
SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID);
SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID);
SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID);
if (SeNullSid == NULL || SeNullSid == NULL || SeWorldSid == NULL ||
SeLocalSid == NULL || SeCreatorOwnerSid == NULL ||
SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL ||
SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL ||
SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL ||
SeInteractiveSid == NULL || SeServiceSid == NULL ||
SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL ||
SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL ||
SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL ||
SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL ||
SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL ||
SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL ||
SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL ||
SeAnonymousLogonSid == NULL)
{
/* FIXME: We're leaking memory here. */
return(FALSE);
}
RtlInitializeSid(SeNullSid,
&SeNullSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeNullSid,
0);
RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1);
RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1);
RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1);
RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1);
RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1);
RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1);
RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1);
RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0);
RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2);
RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1);
RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1);
SubAuthority = RtlSubAuthoritySid(SeNullSid, 0);
*SubAuthority = SECURITY_NULL_RID;
/* create WorldSid */
SeWorldSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeWorldSid == NULL)
return(FALSE);
RtlInitializeSid(SeWorldSid,
&SeWorldSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeWorldSid,
0);
SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0);
*SubAuthority = SECURITY_WORLD_RID;
/* create LocalSid */
SeLocalSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeLocalSid == NULL)
return(FALSE);
RtlInitializeSid(SeLocalSid,
&SeLocalSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeLocalSid,
0);
SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0);
*SubAuthority = SECURITY_LOCAL_RID;
/* create CreatorOwnerSid */
SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeCreatorOwnerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorOwnerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid,
0);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0);
*SubAuthority = SECURITY_CREATOR_OWNER_RID;
/* create CreatorGroupSid */
SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeCreatorGroupSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorGroupSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid,
0);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0);
*SubAuthority = SECURITY_CREATOR_GROUP_RID;
/* create CreatorOwnerServerSid */
SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeCreatorOwnerServerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorOwnerServerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid,
0);
SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0);
*SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID;
/* create CreatorGroupServerSid */
SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeCreatorGroupServerSid == NULL)
return(FALSE);
RtlInitializeSid(SeCreatorGroupServerSid,
&SeCreatorSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid,
0);
SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0);
*SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID;
/* create NtAuthoritySid */
SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool,
SidLength0,
TAG_SID);
if (SeNtAuthoritySid == NULL)
return(FALSE);
RtlInitializeSid(SeNtAuthoritySid,
&SeNtSidAuthority,
0);
/* create DialupSid */
SeDialupSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeDialupSid == NULL)
return(FALSE);
RtlInitializeSid(SeDialupSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeDialupSid,
0);
SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0);
*SubAuthority = SECURITY_DIALUP_RID;
/* create NetworkSid */
SeNetworkSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeNetworkSid == NULL)
return(FALSE);
RtlInitializeSid(SeNetworkSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeNetworkSid,
0);
SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0);
*SubAuthority = SECURITY_NETWORK_RID;
/* create BatchSid */
SeBatchSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeBatchSid == NULL)
return(FALSE);
RtlInitializeSid(SeBatchSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeBatchSid,
0);
SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0);
*SubAuthority = SECURITY_BATCH_RID;
/* create InteractiveSid */
SeInteractiveSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeInteractiveSid == NULL)
return(FALSE);
RtlInitializeSid(SeInteractiveSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid,
0);
SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0);
*SubAuthority = SECURITY_INTERACTIVE_RID;
/* create ServiceSid */
SeServiceSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeServiceSid == NULL)
return(FALSE);
RtlInitializeSid(SeServiceSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeServiceSid,
0);
SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0);
*SubAuthority = SECURITY_SERVICE_RID;
/* create AnonymousLogonSid */
SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeAnonymousLogonSid == NULL)
return(FALSE);
RtlInitializeSid(SeAnonymousLogonSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid,
0);
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
/* create PrincipalSelfSid */
SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SePrincipalSelfSid == NULL)
return(FALSE);
RtlInitializeSid(SePrincipalSelfSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid,
0);
SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0);
*SubAuthority = SECURITY_PRINCIPAL_SELF_RID;
/* create LocalSystemSid */
SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeLocalSystemSid == NULL)
return(FALSE);
RtlInitializeSid(SeLocalSystemSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid,
0);
SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0);
*SubAuthority = SECURITY_LOCAL_SYSTEM_RID;
/* create AuthenticatedUserSid */
SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeAuthenticatedUserSid == NULL)
return(FALSE);
RtlInitializeSid(SeAuthenticatedUserSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0);
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
/* create RestrictedCodeSid */
SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool,
SidLength1,
TAG_SID);
if (SeRestrictedCodeSid == NULL)
return(FALSE);
RtlInitializeSid(SeRestrictedCodeSid,
&SeNtSidAuthority,
1);
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid,
0);
SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0);
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
/* create AliasAdminsSid */
SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasAdminsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasAdminsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_ADMINS;
/* create AliasUsersSid */
SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasUsersSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasUsersSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_USERS;
/* create AliasGuestsSid */
SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasGuestsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasGuestsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_GUESTS;
/* create AliasPowerUsersSid */
SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasPowerUsersSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasPowerUsersSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS;
/* create AliasAccountOpsSid */
SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasAccountOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasAccountOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
/* create AliasSystemOpsSid */
SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasSystemOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasSystemOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS;
/* create AliasPrintOpsSid */
SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasPrintOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasPrintOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS;
/* create AliasBackupOpsSid */
SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool,
SidLength2,
TAG_SID);
if (SeAliasBackupOpsSid == NULL)
return(FALSE);
RtlInitializeSid(SeAliasBackupOpsSid,
&SeNtSidAuthority,
2);
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
0);
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0);
*SubAuthority = SECURITY_BUILTIN_DOMAIN_RID;
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid,
1);
SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1);
*SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS;
SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0);
*SubAuthority = SECURITY_AUTHENTICATED_USER_RID;
SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0);
*SubAuthority = SECURITY_RESTRICTED_CODE_RID;
SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0);
*SubAuthority = SECURITY_ANONYMOUS_LOGON_RID;
return(TRUE);
}