[ros-diffs] [ekohl] 61457: [LSASRV][MSV1_0] - Add default group SIDs to the token groups list (WorldSID aka Everyone and the logon type SID). - Remove these SIDs from the hard-coded list.

Author: ekohl Date: Sat Dec 28 01:45:36 2013 New Revision: 61457 URL: http://svn.reactos.org/svn/reactos?rev=61457&view=rev Log: [LSASRV][MSV1_0] - Add default group SIDs to the token groups list (WorldSID aka Everyone and the logon type SID). - Remove these SIDs from the hard-coded list. Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c trunk/reactos/dll/win32/lsasrv/lookup.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/msv1_0/msv1_0.c Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpacka… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Sat Dec 28 01:45:36 2013 @@ -726,6 +726,128 @@ return STATUS_SUCCESS; } +static +NTSTATUS +LsapAddDefaultGroups( + IN PVOID TokenInformation, + IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, + IN SECURITY_LOGON_TYPE LogonType) +{ + PLSA_TOKEN_INFORMATION_V1 TokenInfo1; + PTOKEN_GROUPS Groups; + ULONG i, Length; + PSID SrcSid; + + if (TokenInformationType == LsaTokenInformationV1) + { + TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation; + + if (TokenInfo1->Groups != NULL) + { + Length = sizeof(TOKEN_GROUPS) + + (TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + Groups->GroupCount = TokenInfo1->Groups->GroupCount; + + for (i = 0; i < TokenInfo1->Groups->GroupCount; i++) + { + Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid; + Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes; + } + + RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups); + + TokenInfo1->Groups = Groups; + + } + else + { + Length = sizeof(TOKEN_GROUPS) + + (2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + TokenInfo1->Groups = Groups; + } + + /* Append the World SID (aka Everyone) */ + Length = RtlLengthSid(LsapWorldSid); + Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + Length); + if (Groups->Groups[Groups->GroupCount].Sid == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid, + LsapWorldSid, + Length); + + Groups->Groups[Groups->GroupCount].Attributes = + SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; + + Groups->GroupCount++; + + /* Append the logon type SID */ + switch (LogonType) + { + case Interactive: + SrcSid = LsapInteractiveSid; + break; + + case Network: + SrcSid = LsapNetworkSid; + break; + + case Batch: + SrcSid = LsapBatchSid; + break; + + case Service: + SrcSid = LsapServiceSid; + break; + + default: + FIXME("LogonType %d is not supported!\n", LogonType); + return STATUS_NOT_IMPLEMENTED; + } + + Length = RtlLengthSid(SrcSid); + Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + Length); + if (Groups->Groups[Groups->GroupCount].Sid == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid, + SrcSid, + Length); + + Groups->Groups[Groups->GroupCount].Attributes = + SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; + + Groups->GroupCount++; + } + else + { + FIXME("TokenInformationType %d is not supported!\n", TokenInformationType); + return STATUS_NOT_IMPLEMENTED; + } + + return STATUS_SUCCESS; +} + static NTSTATUS @@ -832,11 +954,13 @@ HANDLE TokenHandle = NULL; ULONG i; ULONG PackageId; + SECURITY_LOGON_TYPE LogonType; NTSTATUS Status; TRACE("(%p %p)\n", RequestMsg, LogonContext); PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage; + LogonType = RequestMsg->LogonUser.Request.LogonType; /* Get the right authentication package */ Package = LsapGetAuthenticationPackage(PackageId); @@ -959,6 +1083,15 @@ } } + Status = LsapAddDefaultGroups(TokenInformation, + TokenInformationType, + LogonType); + if (!NT_SUCCESS(Status)) + { + ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status); + goto done; + } + Status = LsapSetTokenOwner(TokenInformation, TokenInformationType); if (!NT_SUCCESS(Status)) Modified: trunk/reactos/dll/win32/lsasrv/lookup.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lookup.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lookup.c [iso-8859-1] Sat Dec 28 01:45:36 2013 @@ -80,6 +80,11 @@ LIST_ENTRY WellKnownSidListHead; +PSID LsapWorldSid = NULL; +PSID LsapNetworkSid = NULL; +PSID LsapBatchSid = NULL; +PSID LsapInteractiveSid = NULL; +PSID LsapServiceSid = NULL; PSID LsapLocalSystemSid = NULL; PSID LsapAdministratorsSid = NULL; @@ -215,7 +220,7 @@ szAccountName, L"", SidTypeWellKnownGroup, - NULL); + &LsapWorldSid); /* Local Sid */ LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80); @@ -300,7 +305,7 @@ szAccountName, szDomainName, SidTypeWellKnownGroup, - NULL); + &LsapNetworkSid); /* Batch Sid*/ LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80); @@ -312,7 +317,7 @@ szAccountName, szDomainName, SidTypeWellKnownGroup, - NULL); + &LsapBatchSid); /* Interactive Sid */ LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80); @@ -324,7 +329,7 @@ szAccountName, szDomainName, SidTypeWellKnownGroup, - NULL); + &LsapInteractiveSid); /* Service Sid */ LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80); @@ -336,7 +341,7 @@ szAccountName, szDomainName, SidTypeWellKnownGroup, - NULL); + &LsapServiceSid); /* Anonymous Logon Sid */ LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80); Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sat Dec 28 01:45:36 2013 @@ -91,6 +91,11 @@ extern PSID AccountDomainSid; extern UNICODE_STRING AccountDomainName; +extern PSID LsapWorldSid; +extern PSID LsapNetworkSid; +extern PSID LsapBatchSid; +extern PSID LsapInteractiveSid; +extern PSID LsapServiceSid; extern PSID LsapLocalSystemSid; extern PSID LsapAdministratorsSid; Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?… ============================================================================== --- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Sat Dec 28 01:45:36 2013 @@ -273,10 +273,9 @@ OUT PTOKEN_GROUPS *Groups, OUT PSID *PrimaryGroupSid) { - SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; PTOKEN_GROUPS TokenGroups; -#define MAX_GROUPS 6 +#define MAX_GROUPS 4 DWORD GroupCount = 0; PSID Sid; NTSTATUS Status = STATUS_SUCCESS; @@ -301,22 +300,6 @@ *PrimaryGroupSid = Sid; GroupCount++; - /* Member of 'Everyone' */ - RtlAllocateAndInitializeSid(&WorldAuthority, - 1, - SECURITY_WORLD_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; #if 1 /* Member of 'Administrators' */ @@ -356,22 +339,6 @@ SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; GroupCount++; - /* Member of 'Interactive users' */ - RtlAllocateAndInitializeSid(&SystemAuthority, - 1, - SECURITY_INTERACTIVE_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; /* Member of 'Authenticated users' */ RtlAllocateAndInitializeSid(&SystemAuthority,