[ros-diffs] [ekohl] 56680: [ADVAPI32] - Get the logon user SID using the new SAM keys and values. This is still a hack. [SAMLIB] - Remove all hacks. [SYSSETUP] - Remove all administrator account hacks.

Author: ekohl Date: Thu May 31 14:02:19 2012 New Revision: 56680 URL: http://svn.reactos.org/svn/reactos?rev=56680&view=rev Log: [ADVAPI32] - Get the logon user SID using the new SAM keys and values. This is still a hack. [SAMLIB] - Remove all hacks. [SYSSETUP] - Remove all administrator account hacks. Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c trunk/reactos/dll/win32/samlib/samlib.c trunk/reactos/dll/win32/samlib/samlib.spec trunk/reactos/dll/win32/syssetup/globals.h trunk/reactos/dll/win32/syssetup/install.c trunk/reactos/dll/win32/syssetup/security.c Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/lo… ============================================================================== --- trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] Thu May 31 14:02:19 2012 @@ -211,103 +211,7 @@ static BOOL WINAPI -SamGetUserSid(LPCWSTR UserName, - PSID *Sid) -{ - PSID lpSid; - DWORD dwLength; - HKEY hUsersKey; - HKEY hUserKey; - - if (Sid != NULL) - *Sid = NULL; - - /* Open the Users key */ - if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, - L"SAM\\SAM\\Domains\\Account\\Users", - 0, - KEY_READ, - &hUsersKey)) - { - ERR("Failed to open Users key! (Error %lu)\n", GetLastError()); - return FALSE; - } - - /* Open the user key */ - if (RegOpenKeyExW(hUsersKey, - UserName, - 0, - KEY_READ, - &hUserKey)) - { - if (GetLastError() == ERROR_FILE_NOT_FOUND) - { - ERR("Invalid user name!\n"); - SetLastError(ERROR_NO_SUCH_USER); - } - else - { - ERR("Failed to open user key! (Error %lu)\n", GetLastError()); - } - - RegCloseKey(hUsersKey); - return FALSE; - } - - RegCloseKey (hUsersKey); - - /* Get SID size */ - dwLength = 0; - if (RegQueryValueExW(hUserKey, - L"Sid", - NULL, - NULL, - NULL, - &dwLength)) - { - ERR("Failed to read the SID size! (Error %lu)\n", GetLastError()); - RegCloseKey(hUserKey); - return FALSE; - } - - /* Allocate sid buffer */ - TRACE("Required SID buffer size: %lu\n", dwLength); - lpSid = (PSID)RtlAllocateHeap(RtlGetProcessHeap(), - 0, - dwLength); - if (lpSid == NULL) - { - ERR("Failed to allocate SID buffer!\n"); - RegCloseKey(hUserKey); - return FALSE; - } - - /* Read sid */ - if (RegQueryValueExW(hUserKey, - L"Sid", - NULL, - NULL, - (LPBYTE)lpSid, - &dwLength)) - { - ERR("Failed to read the SID! (Error %lu)\n", GetLastError()); - RtlFreeHeap(RtlGetProcessHeap(), - 0, - lpSid); - RegCloseKey(hUserKey); - return FALSE; - } - - RegCloseKey(hUserKey); - - *Sid = lpSid; - - return TRUE; -} - - -static BOOL WINAPI -GetDomainSid(PSID *Sid) +GetAccountDomainSid(PSID *Sid) { PPOLICY_ACCOUNT_DOMAIN_INFO Info = NULL; LSA_OBJECT_ATTRIBUTES ObjectAttributes; @@ -323,7 +227,7 @@ Status = LsaOpenPolicy(NULL, &ObjectAttributes, - POLICY_TRUST_ADMIN, + POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle); if (!NT_SUCCESS(Status)) { @@ -400,6 +304,153 @@ } +static BOOL WINAPI +GetUserSid(LPCWSTR UserName, + PSID *Sid) +{ +#if 0 + PSID lpSid; + DWORD dwLength; + HKEY hUsersKey; + HKEY hUserKey; + + if (Sid != NULL) + *Sid = NULL; + + /* Open the Users key */ + if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, + L"SAM\\SAM\\Domains\\Account\\Users", + 0, + KEY_READ, + &hUsersKey)) + { + ERR("Failed to open Users key! (Error %lu)\n", GetLastError()); + return FALSE; + } + + /* Open the user key */ + if (RegOpenKeyExW(hUsersKey, + UserName, + 0, + KEY_READ, + &hUserKey)) + { + if (GetLastError() == ERROR_FILE_NOT_FOUND) + { + ERR("Invalid user name!\n"); + SetLastError(ERROR_NO_SUCH_USER); + } + else + { + ERR("Failed to open user key! (Error %lu)\n", GetLastError()); + } + + RegCloseKey(hUsersKey); + return FALSE; + } + + RegCloseKey (hUsersKey); + + /* Get SID size */ + dwLength = 0; + if (RegQueryValueExW(hUserKey, + L"Sid", + NULL, + NULL, + NULL, + &dwLength)) + { + ERR("Failed to read the SID size! (Error %lu)\n", GetLastError()); + RegCloseKey(hUserKey); + return FALSE; + } + + /* Allocate sid buffer */ + TRACE("Required SID buffer size: %lu\n", dwLength); + lpSid = (PSID)RtlAllocateHeap(RtlGetProcessHeap(), + 0, + dwLength); + if (lpSid == NULL) + { + ERR("Failed to allocate SID buffer!\n"); + RegCloseKey(hUserKey); + return FALSE; + } + + /* Read sid */ + if (RegQueryValueExW(hUserKey, + L"Sid", + NULL, + NULL, + (LPBYTE)lpSid, + &dwLength)) + { + ERR("Failed to read the SID! (Error %lu)\n", GetLastError()); + RtlFreeHeap(RtlGetProcessHeap(), + 0, + lpSid); + RegCloseKey(hUserKey); + return FALSE; + } + + RegCloseKey(hUserKey); + + *Sid = lpSid; + + return TRUE; +#endif + + PSID AccountDomainSid = NULL; + ULONG ulUserRid; + DWORD dwLength; + HKEY hNamesKey = NULL; + LONG lError; + BOOL bResult = TRUE; + + if (!GetAccountDomainSid(&AccountDomainSid)) + { + return FALSE; + } + + /* Open the Users\Names key */ + if (RegOpenKeyExW(HKEY_LOCAL_MACHINE, + L"SAM\\SAM\\Domains\\Account\\Users\\Names", + 0, + KEY_READ, + &hNamesKey)) + { + ERR("Failed to open Users\\Names key! (Error %lu)\n", GetLastError()); + bResult = FALSE; + goto done; + } + + /* Read the user RID */ + dwLength = sizeof(ULONG); + if (RegQueryValueExW(hNamesKey, + UserName, + NULL, + NULL, + (LPBYTE)&ulUserRid, + &dwLength)) + { + ERR("Failed to read the SID! (Error %ld)\n", lError); + bResult = FALSE; + goto done; + } + + *Sid = AppendRidToSid(AccountDomainSid, ulUserRid); + +done: + if (hNamesKey != NULL) + RegCloseKey(hNamesKey); + + if (AccountDomainSid != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid); + + return bResult; +} + + static PTOKEN_GROUPS AllocateGroupSids(OUT PSID *PrimaryGroupSid, OUT PSID *OwnerSid) @@ -419,7 +470,7 @@ if (!NT_SUCCESS(Status)) return NULL; - if (!GetDomainSid(&DomainSid)) + if (!GetAccountDomainSid(&DomainSid)) return NULL; TokenGroups = RtlAllocateHeap( @@ -669,7 +720,7 @@ ExpirationTime.QuadPart = -1; /* Get the user SID from the registry */ - if (!SamGetUserSid (lpszUsername, &UserSid)) + if (!GetUserSid (lpszUsername, &UserSid)) { ERR("SamGetUserSid() failed\n"); return FALSE; Modified: trunk/reactos/dll/win32/samlib/samlib.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samlib/samlib.c?… ============================================================================== --- trunk/reactos/dll/win32/samlib/samlib.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samlib/samlib.c [iso-8859-1] Thu May 31 14:02:19 2012 @@ -36,286 +36,6 @@ /* FUNCTIONS *****************************************************************/ -/* - * ERROR_USER_EXISTS - */ -BOOL WINAPI -SamCreateUser (PWSTR UserName, - PWSTR UserPassword, - PSID UserSid) -{ - DWORD dwDisposition; - HKEY hUsersKey; - HKEY hUserKey; - - TRACE("SamCreateUser() called\n"); - - /* FIXME: Check whether the SID is a real user sid */ - - /* Open the Users key */ - if (RegOpenKeyExW (HKEY_LOCAL_MACHINE, - L"SAM\\SAM\\Domains\\Account\\Users", - 0, - KEY_ALL_ACCESS, - &hUsersKey)) - { - ERR("Failed to open Account key! (Error %lu)\n", GetLastError()); - return FALSE; - } - - /* Create user name key */ - if (RegCreateKeyExW (hUsersKey, - UserName, - 0, - NULL, - REG_OPTION_NON_VOLATILE, - KEY_ALL_ACCESS, - NULL, - &hUserKey, - &dwDisposition)) - { - ERR("Failed to create/open the user key! (Error %lu)\n", GetLastError()); - RegCloseKey (hUsersKey); - return FALSE; - } - - RegCloseKey (hUsersKey); - - if (dwDisposition == REG_OPENED_EXISTING_KEY) - { - ERR("User already exists!\n"); - RegCloseKey (hUserKey); - SetLastError (ERROR_USER_EXISTS); - return FALSE; - } - - - /* Set 'Name' value */ - if (RegSetValueExW (hUserKey, - L"Name", - 0, - REG_SZ, - (LPBYTE)UserName, - (wcslen (UserName) + 1) * sizeof (WCHAR))) - { - ERR("Failed to set the user name value! (Error %lu)\n", GetLastError()); - RegCloseKey (hUserKey); - return FALSE; - } - - /* Set 'Password' value */ - if (RegSetValueExW (hUserKey, - L"Password", - 0, - REG_SZ, - (LPBYTE)UserPassword, - (wcslen (UserPassword) + 1) * sizeof (WCHAR))) - { - ERR("Failed to set the user name value! (Error %lu)\n", GetLastError()); - RegCloseKey (hUserKey); - return FALSE; - } - - /* Set 'Sid' value */ - if (RegSetValueExW (hUserKey, - L"Sid", - 0, - REG_BINARY, - (LPBYTE)UserSid, - RtlLengthSid (UserSid))) - { - ERR("Failed to set the user SID value! (Error %lu)\n", GetLastError()); - RegCloseKey (hUserKey); - return FALSE; - } - - RegCloseKey (hUserKey); - - TRACE("SamCreateUser() done\n"); - - return TRUE; -} - - -/* - * ERROR_WRONG_PASSWORD - * ERROR_NO_SUCH_USER - */ -BOOL WINAPI -SamCheckUserPassword (PWSTR UserName, - PWSTR UserPassword) -{ - WCHAR szPassword[256]; - DWORD dwLength; - HKEY hUsersKey; - HKEY hUserKey; - - TRACE("SamCheckUserPassword() called\n"); - - /* Open the Users key */ - if (RegOpenKeyExW (HKEY_LOCAL_MACHINE, - L"SAM\\SAM\\Domains\\Account\\Users", - 0, - KEY_READ, - &hUsersKey)) - { - ERR("Failed to open Users key! (Error %lu)\n", GetLastError()); - return FALSE; - } - - /* Open the user key */ - if (RegOpenKeyExW (hUsersKey, - UserName, - 0, - KEY_READ, - &hUserKey)) - { - if (GetLastError () == ERROR_FILE_NOT_FOUND) - { - ERR("Invalid user name!\n"); - SetLastError (ERROR_NO_SUCH_USER); - } - else - { - ERR("Failed to open user key! (Error %lu)\n", GetLastError()); - } - - RegCloseKey (hUsersKey); - return FALSE; - } - - RegCloseKey (hUsersKey); - - /* Get the password */ - dwLength = 256 * sizeof(WCHAR); - if (RegQueryValueExW (hUserKey, - L"Password", - NULL, - NULL, - (LPBYTE)szPassword, - &dwLength)) - { - ERR("Failed to read the password! (Error %lu)\n", GetLastError()); - RegCloseKey (hUserKey); - return FALSE; - } - - RegCloseKey (hUserKey); - - /* Compare passwords */ - if ((wcslen (szPassword) != wcslen (UserPassword)) || - (wcscmp (szPassword, UserPassword) != 0)) - { - ERR("Wrong password!\n"); - SetLastError (ERROR_WRONG_PASSWORD); - return FALSE; - } - - TRACE("SamCheckUserPassword() done\n"); - - return TRUE; -} - - -BOOL WINAPI -SamGetUserSid (PWSTR UserName, - PSID *Sid) -{ - PSID lpSid; - DWORD dwLength; - HKEY hUsersKey; - HKEY hUserKey; - - TRACE("SamGetUserSid() called\n"); - - if (Sid != NULL) - *Sid = NULL; - - /* Open the Users key */ - if (RegOpenKeyExW (HKEY_LOCAL_MACHINE, - L"SAM\\SAM\\Domains\\Account\\Users", - 0, - KEY_READ, - &hUsersKey)) - { - ERR("Failed to open Users key! (Error %lu)\n", GetLastError()); - return FALSE; - } - - /* Open the user key */ - if (RegOpenKeyExW (hUsersKey, - UserName, - 0, - KEY_READ, - &hUserKey)) - { - if (GetLastError () == ERROR_FILE_NOT_FOUND) - { - ERR("Invalid user name!\n"); - SetLastError (ERROR_NO_SUCH_USER); - } - else - { - ERR("Failed to open user key! (Error %lu)\n", GetLastError()); - } - - RegCloseKey (hUsersKey); - return FALSE; - } - - RegCloseKey (hUsersKey); - - /* Get SID size */ - dwLength = 0; - if (RegQueryValueExW (hUserKey, - L"Sid", - NULL, - NULL, - NULL, - &dwLength)) - { - ERR("Failed to read the SID size! (Error %lu)\n", GetLastError()); - RegCloseKey (hUserKey); - return FALSE; - } - - /* Allocate sid buffer */ - TRACE("Required SID buffer size: %lu\n", dwLength); - lpSid = (PSID)RtlAllocateHeap (RtlGetProcessHeap (), - 0, - dwLength); - if (lpSid == NULL) - { - ERR("Failed to allocate SID buffer!\n"); - RegCloseKey (hUserKey); - return FALSE; - } - - /* Read sid */ - if (RegQueryValueExW (hUserKey, - L"Sid", - NULL, - NULL, - (LPBYTE)lpSid, - &dwLength)) - { - ERR("Failed to read the SID! (Error %lu)\n", GetLastError()); - RtlFreeHeap (RtlGetProcessHeap (), - 0, - lpSid); - RegCloseKey (hUserKey); - return FALSE; - } - - RegCloseKey (hUserKey); - - *Sid = lpSid; - - TRACE("SamGetUserSid() done\n"); - - return TRUE; -} - void __RPC_FAR * __RPC_USER midl_user_allocate(SIZE_T len) { return HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len); Modified: trunk/reactos/dll/win32/samlib/samlib.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samlib/samlib.sp… ============================================================================== --- trunk/reactos/dll/win32/samlib/samlib.spec [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samlib/samlib.spec [iso-8859-1] Thu May 31 14:02:19 2012 @@ -63,7 +63,3 @@ @ stub SamiSetBootKeyInformation @ stub SamiSetDSRMPassword @ stub SamiSetDSRMPasswordOWF - -@ stdcall SamCreateUser(wstr wstr ptr) -@ stdcall SamCheckUserPassword(wstr wstr) -@ stdcall SamGetUserSid(wstr ptr) Modified: trunk/reactos/dll/win32/syssetup/globals.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/globals… ============================================================================== --- trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] Thu May 31 14:02:19 2012 @@ -64,7 +64,6 @@ /* security.c */ NTSTATUS SetAccountDomain(LPCWSTR DomainName, PSID DomainSid); -NTSTATUS GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo); VOID InstallSecurity(VOID); /* wizard.c */ Modified: trunk/reactos/dll/win32/syssetup/install.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/install… ============================================================================== --- trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] Thu May 31 14:02:19 2012 @@ -224,40 +224,6 @@ return CreateDirectory(szPath, NULL) || GetLastError()==ERROR_ALREADY_EXISTS; } -static VOID -AppendRidToSid( - OUT PSID *Dst, - IN PSID Src, - IN ULONG NewRid) -{ - ULONG Rid[8] = {0, 0, 0, 0, 0, 0, 0, 0}; - UCHAR RidCount; - ULONG i; - - RidCount = *RtlSubAuthorityCountSid (Src); - - for (i = 0; i < RidCount; i++) - Rid[i] = *RtlSubAuthoritySid (Src, i); - - if (RidCount < 8) - { - Rid[RidCount] = NewRid; - RidCount++; - } - - RtlAllocateAndInitializeSid( - RtlIdentifierAuthoritySid(Src), - RidCount, - Rid[0], - Rid[1], - Rid[2], - Rid[3], - Rid[4], - Rid[5], - Rid[6], - Rid[7], - Dst); -} static VOID CreateTempDir( @@ -848,10 +814,7 @@ DWORD WINAPI InstallReactOS(HINSTANCE hInstance) { - PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL; - PSID AdminSid = NULL; TCHAR szBuffer[MAX_PATH]; - DWORD LastError; HANDLE token; TOKEN_PRIVILEGES privs; HKEY hKey; @@ -864,18 +827,6 @@ FatalError("InitializeProfiles() failed"); return 0; } - - /* Get account domain information */ - if (GetAccountDomainInfo(&AccountDomainInfo) != STATUS_SUCCESS) - { - FatalError("GetAccountDomainInfo() failed!"); - return 0; - } - - /* Append the Admin-RID */ - AppendRidToSid(&AdminSid, AccountDomainInfo->DomainSid, DOMAIN_USER_RID_ADMIN); - - LsaFreeMemory(AccountDomainInfo); CreateTempDir(L"TEMP"); CreateTempDir(L"TMP"); @@ -916,25 +867,6 @@ InstallWizard(); InstallSecurity(); - - /* Create the Administrator account */ - if (!SamCreateUser(L"Administrator", L"", AdminSid)) - { - /* Check what the error was. - * If the Admin Account already exists, then it means Setup - * wasn't allowed to finish properly. Instead of rebooting - * and not completing it, let it restart instead - */ - LastError = GetLastError(); - if (LastError != ERROR_USER_EXISTS) - { - FatalError("SamCreateUser() failed!"); - RtlFreeSid(AdminSid); - return 0; - } - } - - RtlFreeSid(AdminSid); if (!CreateShortcuts()) { Modified: trunk/reactos/dll/win32/syssetup/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/securit… ============================================================================== --- trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] Thu May 31 14:02:19 2012 @@ -82,38 +82,6 @@ if (OrigInfo != NULL) LsaFreeMemory(OrigInfo); - - LsaClose(PolicyHandle); - - return Status; -} - - -NTSTATUS -GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo) -{ - LSA_OBJECT_ATTRIBUTES ObjectAttributes; - LSA_HANDLE PolicyHandle; - NTSTATUS Status; - - DPRINT1("SYSSETUP: GetAccountDomain\n"); - - memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); - ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); - - Status = LsaOpenPolicy(NULL, - &ObjectAttributes, - POLICY_TRUST_ADMIN, - &PolicyHandle); - if (Status != STATUS_SUCCESS) - { - DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); - return Status; - } - - Status = LsaQueryInformationPolicy(PolicyHandle, - PolicyAccountDomainInformation, - (PVOID *)AccountDomainInfo); LsaClose(PolicyHandle);