25 Dec
2013
25 Dec
'13
1:24 p.m.
Author: ekohl
Date: Wed Dec 25 13:24:42 2013
New Revision: 61401
URL: http://svn.reactos.org/svn/reactos?rev=61401&view=rev
Log:
[LSASRV][MSV1_0]
- Move the creation of the default DACL from msv1_0 to lsasrv. Create the default DACL
only if the selected authentication package does not provide one.
Modified:
trunk/reactos/dll/win32/lsasrv/authpackage.c
trunk/reactos/dll/win32/lsasrv/lookup.c
trunk/reactos/dll/win32/lsasrv/lsasrv.h
trunk/reactos/dll/win32/msv1_0/msv1_0.c
Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpacka…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Wed Dec 25 13:24:42 2013
@@ -547,9 +547,9 @@
PTOKEN_GROUPS LocalGroups = NULL;
ULONG SidHeaderLength = 0;
PSID SidHeader = NULL;
- PSID Sid;
+ PSID SrcSid, DstSid;
ULONG SidLength;
- ULONG CopiedSids = 0;
+ ULONG AllocatedSids = 0;
ULONG i;
NTSTATUS Status;
@@ -585,8 +585,10 @@
for (i = 0; i < ClientGroupsCount; i++)
{
+ SrcSid = LocalGroups->Groups[i].Sid;
+
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
- LocalGroups->Groups[i].Sid,
+ SrcSid,
SidHeader,
SidHeaderLength,
NULL);
@@ -596,28 +598,28 @@
SidLength = RtlLengthSid(SidHeader);
TRACE("Sid %lu: Length %lu\n", i, SidLength);
- Sid = RtlAllocateHeap(RtlGetProcessHeap(),
- HEAP_ZERO_MEMORY,
- SidLength);
- if (SidHeader == NULL)
+ DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ SidLength);
+ if (DstSid == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
- LocalGroups->Groups[i].Sid,
- Sid,
+ SrcSid,
+ DstSid,
SidLength,
NULL);
if (!NT_SUCCESS(Status))
{
- RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
+ RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
goto done;
}
- LocalGroups->Groups[i].Sid = Sid;
- CopiedSids++;
+ LocalGroups->Groups[i].Sid = DstSid;
+ AllocatedSids++;
}
*TokenGroups = LocalGroups;
@@ -630,7 +632,7 @@
{
if (LocalGroups != NULL)
{
- for (i = 0; i < CopiedSids; i++)
+ for (i = 0; i < AllocatedSids; i++)
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
@@ -638,6 +640,52 @@
}
return Status;
+}
+
+
+static
+NTSTATUS
+LsapAddTokenDefaultDacl(
+ IN PVOID TokenInformation,
+ IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+ PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+ PACL Dacl = NULL;
+ ULONG Length;
+
+ if (TokenInformationType == LsaTokenInformationV1)
+ {
+ TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+ if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
+ return STATUS_SUCCESS;
+
+ Length = sizeof(ACL) +
+ (2 * sizeof(ACCESS_ALLOWED_ACE)) +
+ RtlLengthSid(TokenInfo1->Owner.Owner) +
+ RtlLengthSid(LsapLocalSystemSid);
+
+ Dacl = DispatchTable.AllocateLsaHeap(Length);
+ if (Dacl == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ RtlCreateAcl(Dacl, Length, ACL_REVISION);
+
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ TokenInfo1->Owner.Owner);
+
+ /* SID: S-1-5-18 */
+ RtlAddAccessAllowedAce(Dacl,
+ ACL_REVISION,
+ GENERIC_ALL,
+ LsapLocalSystemSid);
+
+ TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
+ }
+
+ return STATUS_SUCCESS;
}
@@ -669,7 +717,7 @@
Package = LsapGetAuthenticationPackage(PackageId);
if (Package == NULL)
{
- TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
+ ERR("LsapGetAuthenticationPackage() failed to find a package\n");
return STATUS_NO_SUCH_PACKAGE;
}
@@ -681,7 +729,7 @@
RequestMsg->LogonUser.Request.AuthenticationInformationLength);
if (LocalAuthInfo == NULL)
{
- TRACE("RtlAllocateHeap() failed\n");
+ ERR("RtlAllocateHeap() failed\n");
return STATUS_INSUFFICIENT_RESOURCES;
}
@@ -693,7 +741,7 @@
NULL);
if (!NT_SUCCESS(Status))
{
- TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
+ ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
return Status;
}
@@ -706,7 +754,10 @@
RequestMsg->LogonUser.Request.LocalGroupsCount,
&LocalGroups);
if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
goto done;
+ }
TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
}
@@ -766,7 +817,16 @@
if (!NT_SUCCESS(Status))
{
- TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
+ ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+
+ Status = LsapAddTokenDefaultDacl(TokenInformation,
+ TokenInformationType);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
goto done;
}
@@ -802,7 +862,7 @@
&RequestMsg->LogonUser.Request.SourceContext);
if (!NT_SUCCESS(Status))
{
- TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status);
+ ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
goto done;
}
}
@@ -823,7 +883,7 @@
DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES |
DUPLICATE_CLOSE_SOURCE);
if (!NT_SUCCESS(Status))
{
- TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+ ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
goto done;
}
@@ -832,7 +892,7 @@
Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId);
if (!NT_SUCCESS(Status))
{
- TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
+ ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
goto done;
}
@@ -847,7 +907,10 @@
if (LocalGroups != NULL)
{
for (i = 0; i < LocalGroups->GroupCount; i++)
- RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
+ {
+ if (LocalGroups->Groups[i].Sid != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
+ }
RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
}
Modified: trunk/reactos/dll/win32/lsasrv/lookup.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lookup.c?…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] Wed Dec 25 13:24:42 2013
@@ -80,6 +80,7 @@
LIST_ENTRY WellKnownSidListHead;
+PSID LsapLocalSystemSid = NULL;
/* FUNCTIONS ***************************************************************/
@@ -90,7 +91,8 @@
PULONG SubAuthorities,
PWSTR AccountName,
PWSTR DomainName,
- SID_NAME_USE Use)
+ SID_NAME_USE Use,
+ PSID *SidPtr)
{
PWELL_KNOWN_SID SidEntry;
PULONG p;
@@ -159,6 +161,9 @@
InsertTailList(&WellKnownSidListHead,
&SidEntry->ListEntry);
+ if (SidPtr != NULL)
+ *SidPtr = SidEntry->Sid;
+
return TRUE;
}
@@ -184,7 +189,8 @@
NULL,
szAccountName,
szDomainName,
- SidTypeDomain);
+ SidTypeDomain,
+ NULL);
/* Null Sid */
LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
@@ -195,7 +201,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* World Sid */
LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
@@ -206,7 +213,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@@ -217,7 +225,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Creator Owner Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
@@ -228,7 +237,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Creator Group Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
@@ -239,7 +249,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Creator Owner Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
@@ -250,7 +261,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Creator Group Server Sid */
LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
@@ -261,7 +273,8 @@
SubAuthorities,
szAccountName,
L"",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Dialup Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@@ -273,7 +286,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Network Sid */
LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@@ -284,7 +298,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@@ -295,7 +310,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@@ -306,7 +322,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@@ -317,7 +334,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
@@ -328,7 +346,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Proxy Sid */
LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
@@ -339,7 +358,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Enterprise Controllers Sid */
LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
@@ -350,7 +370,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Principal Self Sid */
LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
@@ -361,7 +382,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Authenticated Users Sid */
LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
@@ -372,7 +394,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Restricted Code Sid */
LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
@@ -383,7 +406,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Terminal Server Sid */
LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
@@ -394,7 +418,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Remote Logon Sid */
LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
@@ -405,7 +430,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* This Organization Sid */
LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
@@ -416,7 +442,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Local System Sid */
LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
@@ -427,7 +454,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ &LsapLocalSystemSid);
/* Local Service Sid */
LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
@@ -438,14 +466,16 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"LOCALSERVICE",
L"NT AUTHORITY",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Network Service Sid */
LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
@@ -456,14 +486,16 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
LsapCreateSid(&NtAuthority,
1,
SubAuthorities,
L"NETWORKSERVICE",
L"NT AUTHORITY",
- SidTypeWellKnownGroup);
+ SidTypeWellKnownGroup,
+ NULL);
/* Builtin Domain Sid */
LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
@@ -475,7 +507,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeDomain);
+ SidTypeDomain,
+ NULL);
/* Administrators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
@@ -487,7 +520,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
@@ -499,7 +533,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Guests Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
@@ -511,7 +546,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Power User Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
@@ -523,7 +559,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Account Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
@@ -535,7 +572,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* System Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
@@ -547,7 +585,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Print Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
@@ -559,7 +598,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Backup Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
@@ -571,7 +611,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Replicators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
@@ -583,7 +624,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* RAS Servers Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
@@ -595,7 +637,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Pre-Windows 2000 Compatible Access Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
@@ -607,7 +650,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Remote Desktop Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
@@ -619,7 +663,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* Network Configuration Operators Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName,
80);
@@ -631,7 +676,8 @@
SubAuthorities,
szAccountName,
szDomainName,
- SidTypeAlias);
+ SidTypeAlias,
+ NULL);
/* FIXME: Add more well known sids */
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Wed Dec 25 13:24:42 2013
@@ -91,6 +91,9 @@
extern PSID AccountDomainSid;
extern UNICODE_STRING AccountDomainName;
+extern PSID LsapLocalSystemSid;
+
+
/* authpackage.c */
NTSTATUS
LsapInitAuthPackages(VOID);
Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?…
==============================================================================
--- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Wed Dec 25 13:24:42 2013
@@ -573,66 +573,6 @@
static
NTSTATUS
-BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
- PSID OwnerSid)
-{
- SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
- PSID LocalSystemSid = NULL;
- PACL Dacl = NULL;
- NTSTATUS Status = STATUS_SUCCESS;
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_LOCAL_SYSTEM_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &LocalSystemSid);
-
- Dacl = DispatchTable.AllocateLsaHeap(1024);
- if (Dacl == NULL)
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- goto done;
- }
-
- Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
- if (!NT_SUCCESS(Status))
- goto done;
-
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- OwnerSid);
-
- /* SID: S-1-5-18 */
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- LocalSystemSid);
-
- DefaultDacl->DefaultDacl = Dacl;
-
-done:
- if (!NT_SUCCESS(Status))
- {
- if (Dacl != NULL)
- DispatchTable.FreeLsaHeap(Dacl);
- }
-
- if (LocalSystemSid != NULL)
- RtlFreeSid(LocalSystemSid);
-
- return Status;
-}
-
-
-static
-NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
PRPC_SID AccountDomainSid,
ULONG RelativeId,
@@ -680,11 +620,6 @@
Status = BuildTokenOwner(&Buffer->Owner,
OwnerSid);
- if (!NT_SUCCESS(Status))
- goto done;
-
- Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
- OwnerSid);
if (!NT_SUCCESS(Status))
goto done;