[ros-diffs] [ekohl] 61433: [LSASRV][MSV1_0] - Add local group SIDs to the token groups list (LocalSID and LogonSID). - Remove these SIDs from the hard-coded list.

Author: ekohl Date: Thu Dec 26 19:20:33 2013 New Revision: 61433 URL: http://svn.reactos.org/svn/reactos?rev=61433&view=rev Log: [LSASRV][MSV1_0] - Add local group SIDs to the token groups list (LocalSID and LogonSID). - Remove these SIDs from the hard-coded list. Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c trunk/reactos/dll/win32/msv1_0/msv1_0.c Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpacka… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Thu Dec 26 19:20:33 2013 @@ -645,6 +645,90 @@ static NTSTATUS +LsapAddLocalGroups( + IN PVOID TokenInformation, + IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, + IN PTOKEN_GROUPS LocalGroups) +{ + PLSA_TOKEN_INFORMATION_V1 TokenInfo1; + PTOKEN_GROUPS Groups; + ULONG Length; + ULONG i; + ULONG j; + + if (LocalGroups == NULL || LocalGroups->GroupCount == 0) + return STATUS_SUCCESS; + + if (TokenInformationType == LsaTokenInformationV1) + { + TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation; + + if (TokenInfo1->Groups != NULL) + { + Length = sizeof(TOKEN_GROUPS) + + (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount; + + for (i = 0; i < TokenInfo1->Groups->GroupCount; i++) + { + Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid; + Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes; + } + + for (j = 0; j < LocalGroups->GroupCount; i++, j++) + { + Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid; + Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes; + LocalGroups->Groups[j].Sid = NULL; + } + + RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups); + + TokenInfo1->Groups = Groups; + } + else + { + Length = sizeof(TOKEN_GROUPS) + + (LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + Groups->GroupCount = LocalGroups->GroupCount; + + for (i = 0; i < LocalGroups->GroupCount; i++) + { + Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid; + Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes; + } + + TokenInfo1->Groups = Groups; + } + } + else + { + FIXME("TokenInformationType %d is not supported!\n", TokenInformationType); + return STATUS_NOT_IMPLEMENTED; + } + + return STATUS_SUCCESS; +} + + +static +NTSTATUS LsapSetTokenOwner( IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType) @@ -862,6 +946,19 @@ goto done; } + if (LocalGroups->GroupCount > 0) + { + /* Add local groups to the token information */ + Status = LsapAddLocalGroups(TokenInformation, + TokenInformationType, + LocalGroups); + if (!NT_SUCCESS(Status)) + { + ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status); + goto done; + } + } + Status = LsapSetTokenOwner(TokenInformation, TokenInformationType); if (!NT_SUCCESS(Status)) Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?… ============================================================================== --- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Thu Dec 26 19:20:33 2013 @@ -274,10 +274,9 @@ OUT PSID *PrimaryGroupSid) { SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; - SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; PTOKEN_GROUPS TokenGroups; -#define MAX_GROUPS 8 +#define MAX_GROUPS 6 DWORD GroupCount = 0; PSID Sid; NTSTATUS Status = STATUS_SUCCESS; @@ -345,40 +344,6 @@ 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_USERS, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - - /* Logon SID */ - RtlAllocateAndInitializeSid(&SystemAuthority, - SECURITY_LOGON_IDS_RID_COUNT, - SECURITY_LOGON_IDS_RID, - LogonId->HighPart, - LogonId->LowPart, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID; - GroupCount++; - - /* Member of 'Local users */ - RtlAllocateAndInitializeSid(&LocalAuthority, - 1, - SECURITY_LOCAL_RID, - SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID, SECURITY_NULL_RID,