[ekohl] 57520: [LSASRV] - Add missing SAM domain lookup code. - Fix a bug in the calls to SamrCloseHandle.
8 Oct
2012
8 Oct
'12
7:23 p.m.
Author: ekohl
Date: Mon Oct 8 19:23:06 2012
New Revision: 57520
URL: http://svn.reactos.org/svn/reactos?rev=57520&view=rev
Log:
[LSASRV]
- Add missing SAM domain lookup code.
- Fix a bug in the calls to SamrCloseHandle.
Modified:
trunk/reactos/dll/win32/lsasrv/sids.c
Modified: trunk/reactos/dll/win32/lsasrv/sids.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/sids.c?re…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] Mon Oct 8 19:23:06 2012
@@ -58,6 +58,14 @@
IN ULONG *RelativeIds,
OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
OUT PSAMPR_ULONG_ARRAY Use);
+
+NTSTATUS
+NTAPI
+SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
+ IN ULONG Count,
+ IN RPC_UNICODE_STRING Names[],
+ OUT PSAMPR_ULONG_ARRAY RelativeIds,
+ OUT PSAMPR_ULONG_ARRAY Use);
typedef struct _WELL_KNOWN_SID
@@ -895,6 +903,44 @@
}
+static PSID
+CreateSidFromSidAndRid(PSID SrcSid,
+ ULONG RelativeId)
+{
+ UCHAR RidCount;
+ PSID DstSid;
+ ULONG i;
+ ULONG DstSidSize;
+ PULONG p, q;
+
+ RidCount = *RtlSubAuthorityCountSid(SrcSid);
+ if (RidCount >= 8)
+ return NULL;
+
+ DstSidSize = RtlLengthRequiredSid(RidCount + 1);
+
+ DstSid = MIDL_user_allocate(DstSidSize);
+ if (DstSid == NULL)
+ return FALSE;
+
+ RtlInitializeSid(DstSid,
+ RtlIdentifierAuthoritySid(SrcSid),
+ RidCount + 1);
+
+ for (i = 0; i < (ULONG)RidCount; i++)
+ {
+ p = RtlSubAuthoritySid(SrcSid, i);
+ q = RtlSubAuthoritySid(DstSid, i);
+ *q = *p;
+ }
+
+ q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
+ *q = RelativeId;
+
+ return DstSid;
+}
+
+
static
NTSTATUS
LsapLookupIsolatedNames(DWORD Count,
@@ -908,7 +954,6 @@
ULONG DomainIndex;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
- LPWSTR SidString = NULL;
for (i = 0; i < Count; i++)
{
@@ -960,14 +1005,26 @@
continue;
}
- /* FIXME: Look-up the built-in domain */
-
- ConvertSidToStringSidW(AccountDomainSid, &SidString);
- TRACE("Account Domain SID: %S\n", SidString);
- LocalFree(SidString);
- SidString = NULL;
-
- TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
+ /* Look-up the built-in domain */
+ if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i],
&BuiltinDomainName, TRUE))
+ {
+ SidsBuffer[i].Use = SidTypeDomain;
+ SidsBuffer[i].Sid = BuiltinDomainSid;
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &BuiltinDomainName,
+ BuiltinDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ continue;
+ }
/* Look-up the account domain */
if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i],
&AccountDomainName, TRUE))
@@ -994,18 +1051,380 @@
/* FIXME: Look-up the trusted domains */
- /* FIXME: Look-up accounts in the built-in domain */
-
- /* FIXME: Look-up accounts in the account domain */
-
- /* FIXME: Look-up accounts in the primary domain */
-
- /* FIXME: Look-up accounts in the trusted domains */
}
done:
return Status;
}
+
+
+static
+NTSTATUS
+LsapLookupIsolatedBuiltinNames(DWORD Count,
+ PRPC_UNICODE_STRING DomainNames,
+ PRPC_UNICODE_STRING AccountNames,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+ PULONG Mapped)
+{
+ SAMPR_HANDLE ServerHandle = NULL;
+ SAMPR_HANDLE DomainHandle = NULL;
+ SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
+ SAMPR_ULONG_ARRAY Use = {0, NULL};
+ ULONG DomainIndex;
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ Status = SamrConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamrConnect failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamrOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ BuiltinDomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ for (i = 0; i < Count; i++)
+ {
+ /* Ignore names which were already mapped */
+ if (SidsBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ /* Ignore fully qualified account names */
+ if (DomainNames[i].Length != 0)
+ continue;
+
+ Status = SamrLookupNamesInDomain(DomainHandle,
+ 1,
+ &AccountNames[i],
+ &RelativeIds,
+ &Use);
+ if (NT_SUCCESS(Status))
+ {
+ SidsBuffer[i].Use = Use.Element[0];
+ SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
+ RelativeIds.Element[0]);
+ if (SidsBuffer[i].Sid == NULL)
+ goto done;
+
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &BuiltinDomainName,
+ BuiltinDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ }
+
+ SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamrCloseHandle(&DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamrCloseHandle(&ServerHandle);
+
+ return Status;
+}
+
+
+static
+NTSTATUS
+LsapLookupIsolatedAccountNames(DWORD Count,
+ PRPC_UNICODE_STRING DomainNames,
+ PRPC_UNICODE_STRING AccountNames,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+ PULONG Mapped)
+{
+ SAMPR_HANDLE ServerHandle = NULL;
+ SAMPR_HANDLE DomainHandle = NULL;
+ SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
+ SAMPR_ULONG_ARRAY Use = {0, NULL};
+ ULONG DomainIndex;
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ TRACE("()\n");
+
+ Status = SamrConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamrConnect failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamrOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ AccountDomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ for (i = 0; i < Count; i++)
+ {
+ /* Ignore names which were already mapped */
+ if (SidsBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ /* Ignore fully qualified account names */
+ if (DomainNames[i].Length != 0)
+ continue;
+
+ TRACE("Mapping name: %wZ\n", &AccountNames[i]);
+
+ Status = SamrLookupNamesInDomain(DomainHandle,
+ 1,
+ &AccountNames[i],
+ &RelativeIds,
+ &Use);
+ if (NT_SUCCESS(Status))
+ {
+ TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
+
+ SidsBuffer[i].Use = Use.Element[0];
+ SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
+ RelativeIds.Element[0]);
+ if (SidsBuffer[i].Sid == NULL)
+ goto done;
+
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &AccountDomainName,
+ AccountDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ }
+
+ SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamrCloseHandle(&DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamrCloseHandle(&ServerHandle);
+
+ return Status;
+}
+
+
+static
+NTSTATUS
+LsapLookupBuiltinNames(DWORD Count,
+ PRPC_UNICODE_STRING DomainNames,
+ PRPC_UNICODE_STRING AccountNames,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+ PULONG Mapped)
+{
+ SAMPR_HANDLE ServerHandle = NULL;
+ SAMPR_HANDLE DomainHandle = NULL;
+ SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
+ SAMPR_ULONG_ARRAY Use = {0, NULL};
+ ULONG DomainIndex;
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ Status = SamrConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamrConnect failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamrOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ BuiltinDomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ for (i = 0; i < Count; i++)
+ {
+ /* Ignore names which were already mapped */
+ if (SidsBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ /* Ignore isolated account names */
+ if (DomainNames[i].Length == 0)
+ continue;
+
+ if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i],
&BuiltinDomainName, TRUE))
+ continue;
+
+ Status = SamrLookupNamesInDomain(DomainHandle,
+ 1,
+ &AccountNames[i],
+ &RelativeIds,
+ &Use);
+ if (NT_SUCCESS(Status))
+ {
+ SidsBuffer[i].Use = Use.Element[0];
+ SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
+ RelativeIds.Element[0]);
+ if (SidsBuffer[i].Sid == NULL)
+ goto done;
+
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &BuiltinDomainName,
+ BuiltinDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ }
+
+ SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamrCloseHandle(&DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamrCloseHandle(&ServerHandle);
+
+ return Status;
+}
+
+
+static
+NTSTATUS
+LsapLookupAccountNames(DWORD Count,
+ PRPC_UNICODE_STRING DomainNames,
+ PRPC_UNICODE_STRING AccountNames,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+ PULONG Mapped)
+{
+ SAMPR_HANDLE ServerHandle = NULL;
+ SAMPR_HANDLE DomainHandle = NULL;
+ SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
+ SAMPR_ULONG_ARRAY Use = {0, NULL};
+ ULONG DomainIndex;
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ Status = SamrConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamrConnect failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamrOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ AccountDomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ for (i = 0; i < Count; i++)
+ {
+ /* Ignore names which were already mapped */
+ if (SidsBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ /* Ignore isolated account names */
+ if (DomainNames[i].Length == 0)
+ continue;
+
+ if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i],
&AccountDomainName, TRUE))
+ continue;
+
+ Status = SamrLookupNamesInDomain(DomainHandle,
+ 1,
+ &AccountNames[i],
+ &RelativeIds,
+ &Use);
+ if (NT_SUCCESS(Status))
+ {
+ SidsBuffer[i].Use = Use.Element[0];
+ SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
+ RelativeIds.Element[0]);
+ if (SidsBuffer[i].Sid == NULL)
+ goto done;
+
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &AccountDomainName,
+ AccountDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ }
+
+ SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamrCloseHandle(&DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamrCloseHandle(&ServerHandle);
+
+ return Status;
+}
+
NTSTATUS
@@ -1081,6 +1500,7 @@
goto done;
}
+
Status = LsapLookupIsolatedNames(Count,
DomainNames,
AccountNames,
@@ -1094,57 +1514,57 @@
goto done;
-#if 0
- for (i = 0; i < Count; i++)
- {
-//TRACE("Name: %wZ\n", &Names[i]);
-
-//TRACE("Domain name: %wZ\n", &DomainNames[i]);
-//TRACE("Account name: %wZ\n", &AccountNames[i]);
- ptr2 = NULL;
- ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
- if (ptr != NULL)
- {
-//TRACE("Found well known account!\n");
- SidsBuffer[i].Use = ptr->Use;
- SidsBuffer[i].Sid = ptr->Sid;
-
- SidsBuffer[i].DomainIndex = -1;
- SidsBuffer[i].Flags = 0;
-
- if (DomainNames[i].Length != 0)
- {
- ptr2= LsapLookupWellKnownName((PUNICODE_STRING)&DomainNames[i]);
- if (ptr2 != NULL)
- {
- Status = LsapAddDomainToDomainsList(DomainsBuffer,
- &ptr2->Name,
- ptr2->Sid,
- &DomainIndex);
- if (NT_SUCCESS(Status))
- SidsBuffer[i].DomainIndex = DomainIndex;
- }
- }
-
- if (ptr2 == NULL && ptr->Domain.Length != 0)
- {
- ptr2= LsapLookupWellKnownName(&ptr->Domain);
- if (ptr2 != NULL)
- {
- Status = LsapAddDomainToDomainsList(DomainsBuffer,
- &ptr2->Name,
- ptr2->Sid,
- &DomainIndex);
- if (NT_SUCCESS(Status))
- SidsBuffer[i].DomainIndex = DomainIndex;
- }
- }
-
- Mapped++;
- continue;
- }
- }
-#endif
+ Status = LsapLookupIsolatedBuiltinNames(Count,
+ DomainNames,
+ AccountNames,
+ DomainsBuffer,
+ SidsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == Count)
+ goto done;
+
+
+ Status = LsapLookupIsolatedAccountNames(Count,
+ DomainNames,
+ AccountNames,
+ DomainsBuffer,
+ SidsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == Count)
+ goto done;
+
+
+
+ Status = LsapLookupBuiltinNames(Count,
+ DomainNames,
+ AccountNames,
+ DomainsBuffer,
+ SidsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == Count)
+ goto done;
+
+
+ Status = LsapLookupAccountNames(Count,
+ DomainNames,
+ AccountNames,
+ DomainsBuffer,
+ SidsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == Count)
+ goto done;
done:
// TRACE("done: Status %lx\n", Status);
@@ -1273,7 +1693,7 @@
static NTSTATUS
-LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
+LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
PULONG Mapped)
@@ -1299,7 +1719,7 @@
Status = SamrOpenDomain(ServerHandle,
DOMAIN_LOOKUP,
- AccountDomainSid,
+ BuiltinDomainSid,
&DomainHandle);
if (!NT_SUCCESS(Status))
{
@@ -1318,27 +1738,27 @@
LocalFree(SidString);
SidString = NULL;
- if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
- {
- TRACE("Found account domain!\n");
+ if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
+ {
+ TRACE("Found builtin domain!\n");
NamesBuffer[i].Use = SidTypeDomain;
NamesBuffer[i].Flags = 0;
- NamesBuffer[i].Name.Length = AccountDomainName.Length;
- NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
- NamesBuffer[i].Name.Buffer =
MIDL_user_allocate(AccountDomainName.MaximumLength);
+ NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
+ NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
+ NamesBuffer[i].Name.Buffer =
MIDL_user_allocate(BuiltinDomainName.MaximumLength);
if (NamesBuffer[i].Name.Buffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
- RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer,
AccountDomainName.MaximumLength);
+ RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer,
BuiltinDomainName.MaximumLength);
Status = LsapAddDomainToDomainsList(DomainsBuffer,
- &AccountDomainName,
- AccountDomainSid,
+ &BuiltinDomainName,
+ BuiltinDomainSid,
&DomainIndex);
if (!NT_SUCCESS(Status))
goto done;
@@ -1350,9 +1770,9 @@
(*Mapped)++;
continue;
}
- else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
- {
- TRACE("Found account domain account!\n");
+ else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
+ {
+ TRACE("Found builtin domain account!\n");
RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
@@ -1367,11 +1787,11 @@
goto done;
}
- NamesBuffer[i].Use = Use.Element[0]; //SidTypeUser;
+ NamesBuffer[i].Use = Use.Element[0];
NamesBuffer[i].Flags = 0;
- NamesBuffer[i].Name.Length = Names.Element[0].Length; //TestName.Length;
- NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
//TestName.MaximumLength;
+ NamesBuffer[i].Name.Length = Names.Element[0].Length;
+ NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
NamesBuffer[i].Name.Buffer =
MIDL_user_allocate(Names.Element[0].MaximumLength);
if (NamesBuffer[i].Name.Buffer == NULL)
{
@@ -1386,6 +1806,97 @@
SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
SamIFree_SAMPR_ULONG_ARRAY(&Use);
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &BuiltinDomainName,
+ BuiltinDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ NamesBuffer[i].DomainIndex = DomainIndex;
+
+ TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
+
+ (*Mapped)++;
+ continue;
+ }
+ }
+
+done:
+ if (DomainHandle != NULL)
+ SamrCloseHandle(&DomainHandle);
+
+ if (ServerHandle != NULL)
+ SamrCloseHandle(&ServerHandle);
+
+ return Status;
+}
+
+
+static NTSTATUS
+LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
+ PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PULONG Mapped)
+{
+ SAMPR_HANDLE ServerHandle = NULL;
+ SAMPR_HANDLE DomainHandle = NULL;
+ SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
+ SAMPR_ULONG_ARRAY Use = {0, NULL};
+ LPWSTR SidString = NULL;
+ ULONG DomainIndex;
+ ULONG RelativeIds[1];
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ Status = SamrConnect(NULL,
+ &ServerHandle,
+ SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamrConnect failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SamrOpenDomain(ServerHandle,
+ DOMAIN_LOOKUP,
+ AccountDomainSid,
+ &DomainHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ for (i = 0; i < SidEnumBuffer->Entries; i++)
+ {
+ /* Ignore SIDs which are already mapped */
+ if (NamesBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
+ TRACE("Mapping SID: %S\n", SidString);
+ LocalFree(SidString);
+ SidString = NULL;
+
+ if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
+ {
+ TRACE("Found account domain!\n");
+
+ NamesBuffer[i].Use = SidTypeDomain;
+ NamesBuffer[i].Flags = 0;
+
+ NamesBuffer[i].Name.Length = AccountDomainName.Length;
+ NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
+ NamesBuffer[i].Name.Buffer =
MIDL_user_allocate(AccountDomainName.MaximumLength);
+ if (NamesBuffer[i].Name.Buffer == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer,
AccountDomainName.MaximumLength);
Status = LsapAddDomainToDomainsList(DomainsBuffer,
&AccountDomainName,
@@ -1401,14 +1912,65 @@
(*Mapped)++;
continue;
}
+ else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
+ {
+ TRACE("Found account domain account!\n");
+
+ RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
+
+ Status = SamrLookupIdsInDomain(DomainHandle,
+ 1,
+ RelativeIds,
+ &Names,
+ &Use);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SamLookupIdsInDomain failed (Status %08lx)\n", Status);
+ goto done;
+ }
+
+ NamesBuffer[i].Use = Use.Element[0];
+ NamesBuffer[i].Flags = 0;
+
+ NamesBuffer[i].Name.Length = Names.Element[0].Length;
+ NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
+ NamesBuffer[i].Name.Buffer =
MIDL_user_allocate(Names.Element[0].MaximumLength);
+ if (NamesBuffer[i].Name.Buffer == NULL)
+ {
+ SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ RtlCopyMemory(NamesBuffer[i].Name.Buffer, Names.Element[0].Buffer,
Names.Element[0].MaximumLength);
+
+ SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
+ SamIFree_SAMPR_ULONG_ARRAY(&Use);
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &AccountDomainName,
+ AccountDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ NamesBuffer[i].DomainIndex = DomainIndex;
+
+ TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
+
+ (*Mapped)++;
+ continue;
+ }
}
done:
if (DomainHandle != NULL)
- SamrCloseHandle(DomainHandle);
+ SamrCloseHandle(&DomainHandle);
if (ServerHandle != NULL)
- SamrCloseHandle(ServerHandle);
+ SamrCloseHandle(&ServerHandle);
return Status;
}
@@ -1553,6 +2115,17 @@
if (Mapped == SidEnumBuffer->Entries)
goto done;
+ /* Look-up builtin domain SIDs */
+ Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
+ NamesBuffer,
+ DomainsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == SidEnumBuffer->Entries)
+ goto done;
+
/* Look-up account domain SIDs */
Status = LsapLookupAccountDomainSids(SidEnumBuffer,
NamesBuffer,
4462
days inactive
4462
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org