11 Mar
2013
11 Mar
'13
9:01 p.m.
Author: ekohl
Date: Mon Mar 11 21:01:30 2013
New Revision: 58472
URL: http://svn.reactos.org/svn/reactos?rev=58472&view=rev
Log:
[SAMSRV]
- Implement SamIConnect.
- Add a trusted caller flag to the database object type and inherit it to opened or
created sub objects.
- Restrict access to SamrQueryInformationUser.UserInternal1Information for non-trusted
callers.
Modified:
trunk/reactos/dll/win32/samsrv/database.c
trunk/reactos/dll/win32/samsrv/samrpc.c
trunk/reactos/dll/win32/samsrv/samsrv.c
trunk/reactos/dll/win32/samsrv/samsrv.h
trunk/reactos/dll/win32/samsrv/samsrv.spec
Modified: trunk/reactos/dll/win32/samsrv/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/database.…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] Mon Mar 11 21:01:30 2013
@@ -210,7 +210,7 @@
}
NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
- 0,
+ HEAP_ZERO_MEMORY,
sizeof(SAM_DB_OBJECT));
if (NewObject == NULL)
{
@@ -243,6 +243,9 @@
NewObject->RelativeId = RelativeId;
NewObject->ParentObject = ParentObject;
+ if (ParentObject != NULL)
+ NewObject->Trusted = ParentObject->Trusted;
+
*DbObject = NewObject;
return STATUS_SUCCESS;
@@ -359,7 +362,7 @@
}
NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
- 0,
+ HEAP_ZERO_MEMORY,
sizeof(SAM_DB_OBJECT));
if (NewObject == NULL)
{
@@ -391,6 +394,9 @@
NewObject->RelativeId = RelativeId;
NewObject->ParentObject = ParentObject;
+ if (ParentObject != NULL)
+ NewObject->Trusted = ParentObject->Trusted;
+
*DbObject = NewObject;
return STATUS_SUCCESS;
Modified: trunk/reactos/dll/win32/samsrv/samrpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Mon Mar 11 21:01:30 2013
@@ -56,6 +56,8 @@
USER_EXECUTE,
USER_ALL_ACCESS
};
+
+PGENERIC_MAPPING pServerMapping = &ServerMapping;
/* FUNCTIONS *****************************************************************/
@@ -6043,13 +6045,18 @@
}
-static NTSTATUS
+static
+NTSTATUS
SampQueryUserInternal1(PSAM_DB_OBJECT UserObject,
- PSAMPR_USER_INFO_BUFFER *Buffer)
+ PSAMPR_USER_INFO_BUFFER *Buffer)
{
PSAMPR_USER_INFO_BUFFER InfoBuffer = NULL;
ULONG Length = 0;
NTSTATUS Status = STATUS_SUCCESS;
+
+ /* Fail, if the caller is not a trusted caller */
+ if (UserObject->Trusted == FALSE)
+ return STATUS_INVALID_INFO_CLASS;
*Buffer = NULL;
Modified: trunk/reactos/dll/win32/samsrv/samsrv.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.c?…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samsrv.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samsrv.c [iso-8859-1] Mon Mar 11 21:01:30 2013
@@ -24,6 +24,43 @@
WINE_DEFAULT_DEBUG_CHANNEL(samsrv);
/* FUNCTIONS ****************************************************************/
+
+NTSTATUS
+NTAPI
+SamIConnect(IN PSAMPR_SERVER_NAME ServerName,
+ OUT SAMPR_HANDLE *ServerHandle,
+ IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN Trusted)
+{
+ PSAM_DB_OBJECT ServerObject;
+ NTSTATUS Status;
+
+ TRACE("SamIConnect(%p %p %lx %ld)\n",
+ ServerName, ServerHandle, DesiredAccess, Trusted);
+
+ /* Map generic access rights */
+ RtlMapGenericMask(&DesiredAccess,
+ pServerMapping);
+
+ /* Open the Server Object */
+ Status = SampOpenDbObject(NULL,
+ NULL,
+ L"SAM",
+ 0,
+ SamDbServerObject,
+ DesiredAccess,
+ &ServerObject);
+ if (NT_SUCCESS(Status))
+ {
+ ServerObject->Trusted = Trusted;
+ *ServerHandle = (SAMPR_HANDLE)ServerObject;
+ }
+
+ TRACE("SamIConnect done (Status 0x%08lx)\n", Status);
+
+ return Status;
+}
+
NTSTATUS
NTAPI
Modified: trunk/reactos/dll/win32/samsrv/samsrv.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.h?…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] Mon Mar 11 21:01:30 2013
@@ -50,6 +50,7 @@
HANDLE KeyHandle;
HANDLE MembersKeyHandle; // only used by Aliases
ULONG RelativeId;
+ BOOLEAN Trusted;
struct _SAM_DB_OBJECT *ParentObject;
} SAM_DB_OBJECT, *PSAM_DB_OBJECT;
@@ -113,6 +114,9 @@
} SAM_USER_FIXED_DATA, *PSAM_USER_FIXED_DATA;
+extern PGENERIC_MAPPING pServerMapping;
+
+
/* database.c */
NTSTATUS
Modified: trunk/reactos/dll/win32/samsrv/samsrv.spec
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.sp…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samsrv.spec [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samsrv.spec [iso-8859-1] Mon Mar 11 21:01:30 2013
@@ -4,7 +4,7 @@
@ stub SamIAmIGC
@ stub SamIChangePasswordForeignUser
@ stub SamIChangePasswordForeignUser2
-@ stub SamIConnect
+@ stdcall SamIConnect(ptr ptr long long)
@ stub SamICreateAccountByRid
@ stub SamIDemote
@ stub SamIDemoteUndo
@@ -156,4 +156,4 @@
@ stdcall SamrTestPrivateFunctionsDomain(ptr)
@ stdcall SamrTestPrivateFunctionsUser(ptr)
@ stdcall SamrUnicodeChangePasswordUser2(ptr ptr ptr ptr ptr long ptr ptr)
-; EOF
+; EOF