[ros-diffs] [ekohl] 56917: [SAMSRV] Check if the name of a new account (alias, group or user) is used before the account is created. This check is needed because account names must be unique.

Author: ekohl Date: Fri Jul 20 20:42:53 2012 New Revision: 56917 URL: http://svn.reactos.org/svn/reactos?rev=56917&view=rev Log: [SAMSRV] Check if the name of a new account (alias, group or user) is used before the account is created. This check is needed because account names must be unique. Modified: trunk/reactos/dll/win32/samsrv/database.c trunk/reactos/dll/win32/samsrv/samrpc.c trunk/reactos/dll/win32/samsrv/samsrv.h Modified: trunk/reactos/dll/win32/samsrv/database.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/database.… ============================================================================== --- trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] Fri Jul 20 20:42:53 2012 @@ -629,6 +629,121 @@ NTSTATUS +SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject, + IN LPWSTR lpAccountName) +{ + HANDLE AccountKey; + HANDLE NamesKey; + NTSTATUS Status; + + TRACE("SampCheckNameInDomain()\n"); + + Status = SampRegOpenKey(DomainObject->KeyHandle, + L"Aliases", + KEY_READ, + &AccountKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegOpenKey(AccountKey, + L"Names", + KEY_READ, + &NamesKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegQueryValue(NamesKey, + lpAccountName, + NULL, + NULL, + NULL); + if (Status == STATUS_SUCCESS) + Status = STATUS_ALIAS_EXISTS; + else if (Status == STATUS_OBJECT_NAME_NOT_FOUND) + Status = STATUS_SUCCESS; + + SampRegCloseKey(NamesKey); + } + + SampRegCloseKey(AccountKey); + } + + if (!NT_SUCCESS(Status)) + { + TRACE("Checking for alias account failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SampRegOpenKey(DomainObject->KeyHandle, + L"Groups", + KEY_READ, + &AccountKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegOpenKey(AccountKey, + L"Names", + KEY_READ, + &NamesKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegQueryValue(NamesKey, + lpAccountName, + NULL, + NULL, + NULL); + if (Status == STATUS_SUCCESS) + Status = STATUS_ALIAS_EXISTS; + else if (Status == STATUS_OBJECT_NAME_NOT_FOUND) + Status = STATUS_SUCCESS; + + SampRegCloseKey(NamesKey); + } + + SampRegCloseKey(AccountKey); + } + + if (!NT_SUCCESS(Status)) + { + TRACE("Checking for group account failed (Status 0x%08lx)\n", Status); + return Status; + } + + Status = SampRegOpenKey(DomainObject->KeyHandle, + L"Users", + KEY_READ, + &AccountKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegOpenKey(AccountKey, + L"Names", + KEY_READ, + &NamesKey); + if (NT_SUCCESS(Status)) + { + Status = SampRegQueryValue(NamesKey, + lpAccountName, + NULL, + NULL, + NULL); + if (Status == STATUS_SUCCESS) + Status = STATUS_ALIAS_EXISTS; + else if (Status == STATUS_OBJECT_NAME_NOT_FOUND) + Status = STATUS_SUCCESS; + + SampRegCloseKey(NamesKey); + } + + SampRegCloseKey(AccountKey); + } + + if (!NT_SUCCESS(Status)) + { + TRACE("Checking for user account failed (Status 0x%08lx)\n", Status); + } + + return Status; +} + + +NTSTATUS SampSetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, Modified: trunk/reactos/dll/win32/samsrv/samrpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?… ============================================================================== --- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Fri Jul 20 20:42:53 2012 @@ -1565,6 +1565,16 @@ return Status; } + /* Check if the group name already exists in the domain */ + Status = SampCheckAccountNameInDomain(DomainObject, + Name->Buffer); + if (!NT_SUCCESS(Status)) + { + TRACE("Group name \'%S\' already exists in domain (Status 0x%08lx)\n", + Name->Buffer, Status); + return Status; + } + /* Get the fixed domain attributes */ ulSize = sizeof(SAM_DOMAIN_FIXED_DATA); Status = SampGetObjectAttribute(DomainObject, @@ -1598,8 +1608,6 @@ /* Convert the RID into a string (hex) */ swprintf(szRid, L"%08lX", ulRid); - - /* FIXME: Check whether the group name is already in use */ /* Create the group object */ Status = SampCreateDbObject(DomainObject, @@ -1710,7 +1718,6 @@ ULONG ulSize; ULONG ulRid; WCHAR szRid[9]; - BOOL bAliasExists = FALSE; NTSTATUS Status; TRACE("SamrCreateUserInDomain(%p %p %lx %p %p)\n", @@ -1724,6 +1731,16 @@ if (!NT_SUCCESS(Status)) { TRACE("failed with status 0x%08lx\n", Status); + return Status; + } + + /* Check if the user name already exists in the domain */ + Status = SampCheckAccountNameInDomain(DomainObject, + Name->Buffer); + if (!NT_SUCCESS(Status)) + { + TRACE("User name \'%S\' already exists in domain (Status 0x%08lx)\n", + Name->Buffer, Status); return Status; } @@ -1761,23 +1778,6 @@ /* Convert the RID into a string (hex) */ swprintf(szRid, L"%08lX", ulRid); - /* Check whether the user name is already in use */ - Status = SampCheckDbObjectNameAlias(DomainObject, - L"Users", - Name->Buffer, - &bAliasExists); - if (!NT_SUCCESS(Status)) - { - TRACE("failed with status 0x%08lx\n", Status); - return Status; - } - - if (bAliasExists) - { - TRACE("The user account %S already exists!\n", Name->Buffer); - return STATUS_USER_EXISTS; - } - /* Create the user object */ Status = SampCreateDbObject(DomainObject, L"Users", @@ -1807,6 +1807,10 @@ FixedUserData.Version = 1; FixedUserData.UserId = ulRid; + FixedUserData.PrimaryGroupId = DOMAIN_GROUP_RID_USERS; +// FixedUserData.UserAccountControl = USER_ACCOUNT_DISABLED | +// USER_PASSWORD_NOT_REQUIRED || +// USER_NORMAL_ACCOUNT; /* Set fixed user data attribute */ Status = SampSetObjectAttribute(UserObject, @@ -1973,7 +1977,6 @@ ULONG ulSize; ULONG ulRid; WCHAR szRid[9]; - BOOL bAliasExists = FALSE; NTSTATUS Status; TRACE("SamrCreateAliasInDomain(%p %p %lx %p %p)\n", @@ -1987,6 +1990,16 @@ if (!NT_SUCCESS(Status)) { TRACE("failed with status 0x%08lx\n", Status); + return Status; + } + + /* Check if the alias name already exists in the domain */ + Status = SampCheckAccountNameInDomain(DomainObject, + AccountName->Buffer); + if (!NT_SUCCESS(Status)) + { + TRACE("Alias name \'%S\' already exists in domain (Status 0x%08lx)\n", + AccountName->Buffer, Status); return Status; } @@ -2023,23 +2036,6 @@ /* Convert the RID into a string (hex) */ swprintf(szRid, L"%08lX", ulRid); - - /* Check whether the user name is already in use */ - Status = SampCheckDbObjectNameAlias(DomainObject, - L"Aliases", - AccountName->Buffer, - &bAliasExists); - if (!NT_SUCCESS(Status)) - { - TRACE("failed with status 0x%08lx\n", Status); - return Status; - } - - if (bAliasExists) - { - TRACE("The alias account %S already exists!\n", AccountName->Buffer); - return STATUS_ALIAS_EXISTS; - } /* Create the alias object */ Status = SampCreateDbObject(DomainObject, Modified: trunk/reactos/dll/win32/samsrv/samsrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.h?… ============================================================================== --- trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] Fri Jul 20 20:42:53 2012 @@ -151,6 +151,10 @@ OUT PBOOL bAliasExists); NTSTATUS +SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject, + IN LPWSTR lpAccountName); + +NTSTATUS SampSetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType,