diff --git a/reactos/ntoskrnl/include/internal/se.h b/reactos/ntoskrnl/include/internal/se.h index 99bfea33947..5514eca6bc3 100644 --- a/reactos/ntoskrnl/include/internal/se.h +++ b/reactos/ntoskrnl/include/internal/se.h @@ -37,6 +37,9 @@ extern PSID SeAliasAccountOpsSid; extern PSID SeAliasSystemOpsSid; extern PSID SeAliasPrintOpsSid; extern PSID SeAliasBackupOpsSid; +extern PSID SeAuthenticatedUsersSid; +extern PSID SeRestrictedSid; +extern PSID SeAnonymousLogonSid; /* Privileges */ extern LUID SeCreateTokenPrivilege; @@ -62,6 +65,9 @@ extern LUID SeAuditPrivilege; extern LUID SeSystemEnvironmentPrivilege; extern LUID SeChangeNotifyPrivilege; extern LUID SeRemoteShutdownPrivilege; +extern LUID SeUndockPrivilege; +extern LUID SeSyncAgentPrivilege; +extern LUID SeEnableDelegationPrivilege; /* DACLs */ extern PACL SePublicDefaultUnrestrictedDacl; diff --git a/reactos/ntoskrnl/se/priv.c b/reactos/ntoskrnl/se/priv.c index a61fc8438a0..f8019d18236 100644 --- a/reactos/ntoskrnl/se/priv.c +++ b/reactos/ntoskrnl/se/priv.c @@ -40,6 +40,9 @@ LUID SeAuditPrivilege; LUID SeSystemEnvironmentPrivilege; LUID SeChangeNotifyPrivilege; LUID SeRemoteShutdownPrivilege; +LUID SeUndockPrivilege; +LUID SeSyncAgentPrivilege; +LUID SeEnableDelegationPrivilege; /* FUNCTIONS ***************************************************************/ @@ -93,6 +96,12 @@ SepInitPrivileges (VOID) SeChangeNotifyPrivilege.HighPart = 0; SeRemoteShutdownPrivilege.LowPart = SE_REMOTE_SHUTDOWN_PRIVILEGE; SeRemoteShutdownPrivilege.HighPart = 0; + SeUndockPrivilege.LowPart = SE_UNDOCK_PRIVILEGE; + SeUndockPrivilege.HighPart = 0; + SeSyncAgentPrivilege.LowPart = SE_SYNC_AGENT_PRIVILEGE; + SeSyncAgentPrivilege.HighPart = 0; + SeEnableDelegationPrivilege.LowPart = SE_ENABLE_DELEGATION_PRIVILEGE; + SeEnableDelegationPrivilege.HighPart = 0; } diff --git a/reactos/ntoskrnl/se/semgr.c b/reactos/ntoskrnl/se/semgr.c index 3278bbce910..b72d6c50a44 100644 --- a/reactos/ntoskrnl/se/semgr.c +++ b/reactos/ntoskrnl/se/semgr.c @@ -165,7 +165,14 @@ SepInitExports(VOID) SepExports.SeAliasSystemOpsSid = SeAliasSystemOpsSid; SepExports.SeAliasPrintOpsSid = SeAliasPrintOpsSid; SepExports.SeAliasBackupOpsSid = SeAliasBackupOpsSid; + SepExports.SeAuthenticatedUsersSid = SeAuthenticatedUsersSid; + SepExports.SeRestrictedSid = SeRestrictedSid; + SepExports.SeAnonymousLogonSid = SeAnonymousLogonSid; + SepExports.SeUndockPrivilege = SeUndockPrivilege; + SepExports.SeSyncAgentPrivilege = SeSyncAgentPrivilege; + SepExports.SeEnableDelegationPrivilege = SeEnableDelegationPrivilege; + SeExports = &SepExports; return TRUE; } diff --git a/reactos/ntoskrnl/se/sid.c b/reactos/ntoskrnl/se/sid.c index 00b9656c4a1..e23220a526d 100644 --- a/reactos/ntoskrnl/se/sid.c +++ b/reactos/ntoskrnl/se/sid.c @@ -36,7 +36,6 @@ PSID SeNetworkSid = NULL; PSID SeBatchSid = NULL; PSID SeInteractiveSid = NULL; PSID SeServiceSid = NULL; -PSID SeAnonymousLogonSid = NULL; PSID SePrincipalSelfSid = NULL; PSID SeLocalSystemSid = NULL; PSID SeAuthenticatedUserSid = NULL; @@ -49,6 +48,9 @@ PSID SeAliasAccountOpsSid = NULL; PSID SeAliasSystemOpsSid = NULL; PSID SeAliasPrintOpsSid = NULL; PSID SeAliasBackupOpsSid = NULL; +PSID SeAuthenticatedUsersSid = NULL; +PSID SeRestrictedSid = NULL; +PSID SeAnonymousLogonSid = NULL; /* FUNCTIONS ****************************************************************/ @@ -67,398 +69,153 @@ SepInitSecurityIDs(VOID) SidLength2 = RtlLengthRequiredSid(2); /* create NullSid */ - SeNullSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeNullSid == NULL) + SeNullSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeWorldSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeLocalSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, SidLength0, TAG_SID); + SeDialupSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeNetworkSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeBatchSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeServiceSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, SidLength2, TAG_SID); + SeAuthenticatedUsersSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeRestrictedSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, SidLength1, TAG_SID); + + if (SeNullSid == NULL || SeNullSid == NULL || SeWorldSid == NULL || + SeLocalSid == NULL || SeCreatorOwnerSid == NULL || + SeCreatorGroupSid == NULL || SeCreatorOwnerServerSid == NULL || + SeCreatorGroupServerSid == NULL || SeNtAuthoritySid == NULL || + SeDialupSid == NULL || SeNetworkSid == NULL || SeBatchSid == NULL || + SeInteractiveSid == NULL || SeServiceSid == NULL || + SePrincipalSelfSid == NULL || SeLocalSystemSid == NULL || + SeAuthenticatedUserSid == NULL || SeRestrictedCodeSid == NULL || + SeAliasAdminsSid == NULL || SeAliasUsersSid == NULL || + SeAliasGuestsSid == NULL || SeAliasPowerUsersSid == NULL || + SeAliasAccountOpsSid == NULL || SeAliasSystemOpsSid == NULL || + SeAliasPrintOpsSid == NULL || SeAliasBackupOpsSid == NULL || + SeAuthenticatedUsersSid == NULL || SeRestrictedSid == NULL || + SeAnonymousLogonSid == NULL) + { + /* FIXME: We're leaking memory here. */ return(FALSE); + } - RtlInitializeSid(SeNullSid, - &SeNullSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeNullSid, - 0); + RtlInitializeSid(SeNullSid, &SeNullSidAuthority, 1); + RtlInitializeSid(SeWorldSid, &SeWorldSidAuthority, 1); + RtlInitializeSid(SeLocalSid, &SeLocalSidAuthority, 1); + RtlInitializeSid(SeCreatorOwnerSid, &SeCreatorSidAuthority, 1); + RtlInitializeSid(SeCreatorGroupSid, &SeCreatorSidAuthority, 1); + RtlInitializeSid(SeCreatorOwnerServerSid, &SeCreatorSidAuthority, 1); + RtlInitializeSid(SeCreatorGroupServerSid, &SeCreatorSidAuthority, 1); + RtlInitializeSid(SeNtAuthoritySid, &SeNtSidAuthority, 0); + RtlInitializeSid(SeDialupSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeNetworkSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeBatchSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeInteractiveSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeServiceSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SePrincipalSelfSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeLocalSystemSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeAuthenticatedUserSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeRestrictedCodeSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeAliasAdminsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasUsersSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasGuestsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasPowerUsersSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasAccountOpsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasSystemOpsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasPrintOpsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAliasBackupOpsSid, &SeNtSidAuthority, 2); + RtlInitializeSid(SeAuthenticatedUsersSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeRestrictedSid, &SeNtSidAuthority, 1); + RtlInitializeSid(SeAnonymousLogonSid, &SeNtSidAuthority, 1); + + SubAuthority = RtlSubAuthoritySid(SeNullSid, 0); *SubAuthority = SECURITY_NULL_RID; - - /* create WorldSid */ - SeWorldSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeWorldSid == NULL) - return(FALSE); - - RtlInitializeSid(SeWorldSid, - &SeWorldSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeWorldSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeWorldSid, 0); *SubAuthority = SECURITY_WORLD_RID; - - /* create LocalSid */ - SeLocalSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeLocalSid == NULL) - return(FALSE); - - RtlInitializeSid(SeLocalSid, - &SeLocalSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeLocalSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeLocalSid, 0); *SubAuthority = SECURITY_LOCAL_RID; - - /* create CreatorOwnerSid */ - SeCreatorOwnerSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeCreatorOwnerSid == NULL) - return(FALSE); - - RtlInitializeSid(SeCreatorOwnerSid, - &SeCreatorSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerSid, 0); *SubAuthority = SECURITY_CREATOR_OWNER_RID; - - /* create CreatorGroupSid */ - SeCreatorGroupSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeCreatorGroupSid == NULL) - return(FALSE); - - RtlInitializeSid(SeCreatorGroupSid, - &SeCreatorSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeCreatorGroupSid, 0); *SubAuthority = SECURITY_CREATOR_GROUP_RID; - - /* create CreatorOwnerServerSid */ - SeCreatorOwnerServerSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeCreatorOwnerServerSid == NULL) - return(FALSE); - - RtlInitializeSid(SeCreatorOwnerServerSid, - &SeCreatorSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeCreatorOwnerServerSid, 0); *SubAuthority = SECURITY_CREATOR_OWNER_SERVER_RID; - - /* create CreatorGroupServerSid */ - SeCreatorGroupServerSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeCreatorGroupServerSid == NULL) - return(FALSE); - - RtlInitializeSid(SeCreatorGroupServerSid, - &SeCreatorSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeCreatorGroupServerSid, 0); *SubAuthority = SECURITY_CREATOR_GROUP_SERVER_RID; - - - /* create NtAuthoritySid */ - SeNtAuthoritySid = ExAllocatePoolWithTag(PagedPool, - SidLength0, - TAG_SID); - if (SeNtAuthoritySid == NULL) - return(FALSE); - - RtlInitializeSid(SeNtAuthoritySid, - &SeNtSidAuthority, - 0); - - /* create DialupSid */ - SeDialupSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeDialupSid == NULL) - return(FALSE); - - RtlInitializeSid(SeDialupSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeDialupSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeDialupSid, 0); *SubAuthority = SECURITY_DIALUP_RID; - - /* create NetworkSid */ - SeNetworkSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeNetworkSid == NULL) - return(FALSE); - - RtlInitializeSid(SeNetworkSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeNetworkSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeNetworkSid, 0); *SubAuthority = SECURITY_NETWORK_RID; - - /* create BatchSid */ - SeBatchSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeBatchSid == NULL) - return(FALSE); - - RtlInitializeSid(SeBatchSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeBatchSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeBatchSid, 0); *SubAuthority = SECURITY_BATCH_RID; - - /* create InteractiveSid */ - SeInteractiveSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeInteractiveSid == NULL) - return(FALSE); - - RtlInitializeSid(SeInteractiveSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeInteractiveSid, 0); *SubAuthority = SECURITY_INTERACTIVE_RID; - - /* create ServiceSid */ - SeServiceSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeServiceSid == NULL) - return(FALSE); - - RtlInitializeSid(SeServiceSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeServiceSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeServiceSid, 0); *SubAuthority = SECURITY_SERVICE_RID; - - /* create AnonymousLogonSid */ - SeAnonymousLogonSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeAnonymousLogonSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAnonymousLogonSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, - 0); - *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID; - - /* create PrincipalSelfSid */ - SePrincipalSelfSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SePrincipalSelfSid == NULL) - return(FALSE); - - RtlInitializeSid(SePrincipalSelfSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, - 0); + SubAuthority = RtlSubAuthoritySid(SePrincipalSelfSid, 0); *SubAuthority = SECURITY_PRINCIPAL_SELF_RID; - - /* create LocalSystemSid */ - SeLocalSystemSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeLocalSystemSid == NULL) - return(FALSE); - - RtlInitializeSid(SeLocalSystemSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeLocalSystemSid, 0); *SubAuthority = SECURITY_LOCAL_SYSTEM_RID; - - /* create AuthenticatedUserSid */ - SeAuthenticatedUserSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeAuthenticatedUserSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAuthenticatedUserSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUserSid, 0); *SubAuthority = SECURITY_AUTHENTICATED_USER_RID; - - /* create RestrictedCodeSid */ - SeRestrictedCodeSid = ExAllocatePoolWithTag(PagedPool, - SidLength1, - TAG_SID); - if (SeRestrictedCodeSid == NULL) - return(FALSE); - - RtlInitializeSid(SeRestrictedCodeSid, - &SeNtSidAuthority, - 1); - SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeRestrictedCodeSid, 0); *SubAuthority = SECURITY_RESTRICTED_CODE_RID; - - /* create AliasAdminsSid */ - SeAliasAdminsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasAdminsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasAdminsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasAdminsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_ADMINS; - - /* create AliasUsersSid */ - SeAliasUsersSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasUsersSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasUsersSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasUsersSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_USERS; - - /* create AliasGuestsSid */ - SeAliasGuestsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasGuestsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasGuestsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasGuestsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_GUESTS; - - /* create AliasPowerUsersSid */ - SeAliasPowerUsersSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasPowerUsersSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasPowerUsersSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasPowerUsersSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_POWER_USERS; - - /* create AliasAccountOpsSid */ - SeAliasAccountOpsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasAccountOpsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasAccountOpsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasAccountOpsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_ACCOUNT_OPS; - - /* create AliasSystemOpsSid */ - SeAliasSystemOpsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasSystemOpsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasSystemOpsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasSystemOpsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_SYSTEM_OPS; - - /* create AliasPrintOpsSid */ - SeAliasPrintOpsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasPrintOpsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasPrintOpsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasPrintOpsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_PRINT_OPS; - - /* create AliasBackupOpsSid */ - SeAliasBackupOpsSid = ExAllocatePoolWithTag(PagedPool, - SidLength2, - TAG_SID); - if (SeAliasBackupOpsSid == NULL) - return(FALSE); - - RtlInitializeSid(SeAliasBackupOpsSid, - &SeNtSidAuthority, - 2); - SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, - 0); + SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 0); *SubAuthority = SECURITY_BUILTIN_DOMAIN_RID; - - SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, - 1); + SubAuthority = RtlSubAuthoritySid(SeAliasBackupOpsSid, 1); *SubAuthority = DOMAIN_ALIAS_RID_BACKUP_OPS; + SubAuthority = RtlSubAuthoritySid(SeAuthenticatedUsersSid, 0); + *SubAuthority = SECURITY_AUTHENTICATED_USER_RID; + SubAuthority = RtlSubAuthoritySid(SeRestrictedSid, 0); + *SubAuthority = SECURITY_RESTRICTED_CODE_RID; + SubAuthority = RtlSubAuthoritySid(SeAnonymousLogonSid, 0); + *SubAuthority = SECURITY_ANONYMOUS_LOGON_RID; return(TRUE); }