Hi folks
based on my knowledge and some docs I used to read ages ago. Plus some recent googling, I kinda recreated function GetSiteSidFromToken from advapi32.dll - as it was missing there, and I couldn't start w2k taskmgr because of that. Of course simple stub returning NULL should be sufficient, but I gave it a shot and tried to implement it fresh and fully functional.
First, I am not sure of few things there. And if someone is more knowledgable than I am - please let me know your thoughts. As far as I know the function returns pointer to SID from token. But there's more than one token. So it returns token that has "SITE" SID. Now, there were quite few SIDs missing in ROS, I tried to add them - mainly guessing their names based on some googling. Some docs on msdn say that they are all defined in ntseapi.h - but I couldn't found that file anywhere. For more details lookup attachment 1043 and corresponding bug. Function is quite simple, it iterates through all sids, trying to match the one with "SITE" authority. Question now arises - what if there's more than one such SID ? Does ROS use SIDs 1-6 to 1-8 at all ? is the SECURITY_INTERNETSITE_AUTHORITY the SITE authority or perhaps SECURITY_SITESERVER_AUTHORITY ? I don't know. I will try to write simple code that would ask original function from original dll about it, and see what it comes up with. First part of the code comes as simple c&p from other functions. The iteration is quite obvious. I didn't knew what should I use to compare SIDs, so I used memcmp. But perhaps simple comparing values in the table one by one would be simple, or maybe there's some sort of ROSish/NTish specific function that is more "right" than memcmp. Another question I have - is it normal practice that you alloc extra ram and return pointer to copy (seems to be in other places in your code), or should I just simply return pointer to the SID ?
I do appreciate any comment. Patch is attached. if someone has the ntseapi.h file anywhere on their discs, I would like you to verify SECURITY_*_AUTHORITY names as well as values. I spent whole day gathering info, and I used all info I could find.
Sorry for such long letter. Much too long I suppose. this is my first attempt to hack anything for ros. I promise next time I would try to take care of something more obvious and better documented. till than, ta.