Author: hpoussin
Date: Wed Oct 31 12:41:56 2007
New Revision: 30004
URL:
http://svn.reactos.org/svn/reactos?rev=30004&view=rev
Log:
Clean up method which assigns groups to logged on user
We have now a compile time switch to test ReactOS with a non-administrator account
Modified:
trunk/reactos/dll/win32/advapi32/misc/logon.c
Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/lo…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/misc/logon.c (original)
+++ trunk/reactos/dll/win32/advapi32/misc/logon.c Wed Oct 31 12:41:56 2007
@@ -404,164 +404,175 @@
static PTOKEN_GROUPS
-AllocateGroupSids(PSID *PrimaryGroupSid,
- PSID *OwnerSid)
+AllocateGroupSids(
+ OUT PSID *PrimaryGroupSid,
+ OUT PSID *OwnerSid)
{
- SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
- SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
- SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
- PTOKEN_GROUPS TokenGroups;
- PSID DomainSid;
- PSID Sid;
- LUID Luid;
- NTSTATUS Status;
-
- Status = NtAllocateLocallyUniqueId(&Luid);
- if (!NT_SUCCESS(Status))
- {
- return NULL;
- }
-
- if (!SamGetDomainSid(&DomainSid))
- {
- return NULL;
- }
-
- TokenGroups = RtlAllocateHeap(GetProcessHeap(), 0,
- sizeof(TOKEN_GROUPS) +
- 8 * sizeof(SID_AND_ATTRIBUTES));
- if (TokenGroups == NULL)
- {
- RtlFreeHeap (RtlGetProcessHeap (),
- 0,
- DomainSid);
- return NULL;
- }
-
- TokenGroups->GroupCount = 8;
-
- Sid = AppendRidToSid(DomainSid,
- DOMAIN_GROUP_RID_USERS);
-
- RtlFreeHeap(RtlGetProcessHeap(),
- 0,
- DomainSid);
-
- TokenGroups->Groups[0].Sid = Sid;
- TokenGroups->Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
- *PrimaryGroupSid = Sid;
-
-
- RtlAllocateAndInitializeSid(&WorldAuthority,
- 1,
- SECURITY_WORLD_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[1].Sid = Sid;
- TokenGroups->Groups[1].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 2,
- SECURITY_BUILTIN_DOMAIN_RID,
- DOMAIN_ALIAS_RID_ADMINS,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[2].Sid = Sid;
- TokenGroups->Groups[2].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
- *OwnerSid = Sid;
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 2,
- SECURITY_BUILTIN_DOMAIN_RID,
- DOMAIN_ALIAS_RID_USERS,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[3].Sid = Sid;
- TokenGroups->Groups[3].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
- /* Logon SID */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- SECURITY_LOGON_IDS_RID_COUNT,
- SECURITY_LOGON_IDS_RID,
- Luid.HighPart,
- Luid.LowPart,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[4].Sid = Sid;
- TokenGroups->Groups[4].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
-
- RtlAllocateAndInitializeSid(&LocalAuthority,
- 1,
- SECURITY_LOCAL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[5].Sid = Sid;
- TokenGroups->Groups[5].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_INTERACTIVE_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[6].Sid = Sid;
- TokenGroups->Groups[6].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_AUTHENTICATED_USER_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
-
- TokenGroups->Groups[7].Sid = Sid;
- TokenGroups->Groups[7].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT |
SE_GROUP_MANDATORY;
-
- return TokenGroups;
+ SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+ SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+ SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
+ PTOKEN_GROUPS TokenGroups;
+#define MAX_GROUPS 8
+ DWORD GroupCount = 0;
+ PSID DomainSid;
+ PSID Sid;
+ LUID Luid;
+ NTSTATUS Status;
+
+ Status = NtAllocateLocallyUniqueId(&Luid);
+ if (!NT_SUCCESS(Status))
+ return NULL;
+
+ if (!SamGetDomainSid(&DomainSid))
+ return NULL;
+
+ TokenGroups = RtlAllocateHeap(
+ GetProcessHeap(), 0,
+ sizeof(TOKEN_GROUPS) +
+ MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
+ if (TokenGroups == NULL)
+ {
+ RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
+ return NULL;
+ }
+
+ Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS);
+ RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
+
+ /* Member of the domain */
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ *PrimaryGroupSid = Sid;
+ GroupCount++;
+
+ /* Member of 'Everyone' */
+ RtlAllocateAndInitializeSid(
+ &WorldAuthority,
+ 1,
+ SECURITY_WORLD_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+
+#if 1
+ /* Member of 'Administrators' */
+ RtlAllocateAndInitializeSid(
+ &SystemAuthority,
+ 2,
+ SECURITY_BUILTIN_DOMAIN_RID,
+ DOMAIN_ALIAS_RID_ADMINS,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+#else
+ DPRINT1("Not adding user to Administrators group\n");
+#endif
+
+ /* Member of 'Users' */
+ RtlAllocateAndInitializeSid(
+ &SystemAuthority,
+ 2,
+ SECURITY_BUILTIN_DOMAIN_RID,
+ DOMAIN_ALIAS_RID_USERS,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+
+ /* Logon SID */
+ RtlAllocateAndInitializeSid(
+ &SystemAuthority,
+ SECURITY_LOGON_IDS_RID_COUNT,
+ SECURITY_LOGON_IDS_RID,
+ Luid.HighPart,
+ Luid.LowPart,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
+ GroupCount++;
+ *OwnerSid = Sid;
+
+ /* Member of 'Local users */
+ RtlAllocateAndInitializeSid(
+ &LocalAuthority,
+ 1,
+ SECURITY_LOCAL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+
+ /* Member of 'Interactive users' */
+ RtlAllocateAndInitializeSid(
+ &SystemAuthority,
+ 1,
+ SECURITY_INTERACTIVE_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+
+ /* Member of 'Authenticated users' */
+ RtlAllocateAndInitializeSid(
+ &SystemAuthority,
+ 1,
+ SECURITY_AUTHENTICATED_USER_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &Sid);
+ TokenGroups->Groups[GroupCount].Sid = Sid;
+ TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED |
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+ GroupCount++;
+
+ TokenGroups->GroupCount = GroupCount;
+ ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
+
+ return TokenGroups;
}
@@ -663,18 +674,8 @@
/* Get the user SID from the registry */
if (!SamGetUserSid (lpszUsername, &UserSid))
{
- DPRINT ("SamGetUserSid() failed\n");
- RtlAllocateAndInitializeSid (&SystemAuthority,
- 5,
- SECURITY_NT_NON_UNIQUE,
- 0x12345678,
- 0x12345678,
- 0x12345678,
- DOMAIN_USER_RID_ADMIN,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &UserSid);
+ DPRINT1 ("SamGetUserSid() failed\n");
+ return FALSE;
}
TokenUser.User.Sid = UserSid;