[ros-diffs] [ekohl] 61415: [][LSASRV][MSV1_0] - Move the creation of the token owner SID from msv1_0 to lsasrv. - If the user is a member of the administrators group, the adminstrators group becomes the owner ...

Author: ekohl Date: Wed Dec 25 18:15:53 2013 New Revision: 61415 URL: http://svn.reactos.org/svn/reactos?rev=61415&view=rev Log: [][LSASRV][MSV1_0] - Move the creation of the token owner SID from msv1_0 to lsasrv. - If the user is a member of the administrators group, the adminstrators group becomes the owner of the token. Otheriwse, the user is the owner of the token. Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c trunk/reactos/dll/win32/lsasrv/lookup.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/msv1_0/msv1_0.c Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpacka… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Wed Dec 25 18:15:53 2013 @@ -645,6 +645,47 @@ static NTSTATUS +LsapSetTokenOwner( + IN PVOID TokenInformation, + IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType) +{ + PLSA_TOKEN_INFORMATION_V1 TokenInfo1; + PSID OwnerSid = NULL; + ULONG i, Length; + + if (TokenInformationType == LsaTokenInformationV1) + { + TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation; + + if (TokenInfo1->Owner.Owner != NULL) + return STATUS_SUCCESS; + + OwnerSid = TokenInfo1->User.User.Sid; + for (i = 0; i < TokenInfo1->Groups->GroupCount; i++) + { + if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid)) + { + OwnerSid = LsapAdministratorsSid; + break; + } + } + + Length = RtlLengthSid(OwnerSid); + TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length); + if (TokenInfo1->Owner.Owner == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + RtlCopyMemory(TokenInfo1->Owner.Owner, + OwnerSid, + Length); + } + + return STATUS_SUCCESS; +} + + +static +NTSTATUS LsapAddTokenDefaultDacl( IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType) @@ -821,6 +862,13 @@ goto done; } + Status = LsapSetTokenOwner(TokenInformation, + TokenInformationType); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status); + goto done; + } Status = LsapAddTokenDefaultDacl(TokenInformation, TokenInformationType); Modified: trunk/reactos/dll/win32/lsasrv/lookup.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lookup.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] Wed Dec 25 18:15:53 2013 @@ -81,6 +81,7 @@ LIST_ENTRY WellKnownSidListHead; PSID LsapLocalSystemSid = NULL; +PSID LsapAdministratorsSid = NULL; /* FUNCTIONS ***************************************************************/ @@ -521,7 +522,7 @@ szAccountName, szDomainName, SidTypeAlias, - NULL); + &LsapAdministratorsSid); /* Users Alias Sid */ LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80); Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Wed Dec 25 18:15:53 2013 @@ -92,6 +92,7 @@ extern UNICODE_STRING AccountDomainName; extern PSID LsapLocalSystemSid; +extern PSID LsapAdministratorsSid; /* authpackage.c */ Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?… ============================================================================== --- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Wed Dec 25 18:15:53 2013 @@ -271,8 +271,7 @@ BuildTokenGroups(IN PSID AccountDomainSid, IN PLUID LogonId, OUT PTOKEN_GROUPS *Groups, - OUT PSID *PrimaryGroupSid, - OUT PSID *OwnerSid) + OUT PSID *PrimaryGroupSid) { SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; @@ -374,7 +373,6 @@ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID; GroupCount++; - *OwnerSid = Sid; /* Member of 'Local users */ RtlAllocateAndInitializeSid(&LocalAuthority, @@ -548,38 +546,12 @@ static NTSTATUS -BuildTokenOwner(PTOKEN_OWNER Owner, - PSID OwnerSid) -{ - ULONG RidCount; - ULONG Size; - - RidCount = *RtlSubAuthorityCountSid(OwnerSid); - Size = RtlLengthRequiredSid(RidCount); - - Owner->Owner = DispatchTable.AllocateLsaHeap(Size); - if (Owner->Owner == NULL) - { - return STATUS_INSUFFICIENT_RESOURCES; - } - - RtlCopyMemory(Owner->Owner, - OwnerSid, - Size); - - return STATUS_SUCCESS; -} - - -static -NTSTATUS BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, ULONG RelativeId, PLUID LogonId) { PLSA_TOKEN_INFORMATION_V1 Buffer = NULL; - PSID OwnerSid = NULL; PSID PrimaryGroupSid = NULL; ULONG i; NTSTATUS Status = STATUS_SUCCESS; @@ -604,8 +576,7 @@ Status = BuildTokenGroups((PSID)AccountDomainSid, LogonId, &Buffer->Groups, - &PrimaryGroupSid, - &OwnerSid); + &PrimaryGroupSid); if (!NT_SUCCESS(Status)) goto done; @@ -615,11 +586,6 @@ goto done; Status = BuildTokenPrivileges(&Buffer->Privileges); - if (!NT_SUCCESS(Status)) - goto done; - - Status = BuildTokenOwner(&Buffer->Owner, - OwnerSid); if (!NT_SUCCESS(Status)) goto done; @@ -649,9 +615,6 @@ if (Buffer->Privileges != NULL) DispatchTable.FreeLsaHeap(Buffer->Privileges); - - if (Buffer->Owner.Owner != NULL) - DispatchTable.FreeLsaHeap(Buffer->Owner.Owner); if (Buffer->DefaultDacl.DefaultDacl != NULL) DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);