[ekohl] 61433: [LSASRV][MSV1_0] - Add local group SIDs to the token groups list (LocalSID and LogonSID). - Remove these SIDs from the hard-coded list.
26 Dec
2013
26 Dec
'13
7:20 p.m.
Author: ekohl
Date: Thu Dec 26 19:20:33 2013
New Revision: 61433
URL: http://svn.reactos.org/svn/reactos?rev=61433&view=rev
Log:
[LSASRV][MSV1_0]
- Add local group SIDs to the token groups list (LocalSID and LogonSID).
- Remove these SIDs from the hard-coded list.
Modified:
trunk/reactos/dll/win32/lsasrv/authpackage.c
trunk/reactos/dll/win32/msv1_0/msv1_0.c
Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpacka…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Thu Dec 26 19:20:33 2013
@@ -645,6 +645,90 @@
static
NTSTATUS
+LsapAddLocalGroups(
+ IN PVOID TokenInformation,
+ IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
+ IN PTOKEN_GROUPS LocalGroups)
+{
+ PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+ PTOKEN_GROUPS Groups;
+ ULONG Length;
+ ULONG i;
+ ULONG j;
+
+ if (LocalGroups == NULL || LocalGroups->GroupCount == 0)
+ return STATUS_SUCCESS;
+
+ if (TokenInformationType == LsaTokenInformationV1)
+ {
+ TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+ if (TokenInfo1->Groups != NULL)
+ {
+ Length = sizeof(TOKEN_GROUPS) +
+ (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount -
ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
+
+ Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
+ if (Groups == NULL)
+ {
+ ERR("Group buffer allocation failed!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Groups->GroupCount = LocalGroups->GroupCount +
TokenInfo1->Groups->GroupCount;
+
+ for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
+ {
+ Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
+ Groups->Groups[i].Attributes =
TokenInfo1->Groups->Groups[i].Attributes;
+ }
+
+ for (j = 0; j < LocalGroups->GroupCount; i++, j++)
+ {
+ Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid;
+ Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes;
+ LocalGroups->Groups[j].Sid = NULL;
+ }
+
+ RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
+
+ TokenInfo1->Groups = Groups;
+ }
+ else
+ {
+ Length = sizeof(TOKEN_GROUPS) +
+ (LocalGroups->GroupCount - ANYSIZE_ARRAY) *
sizeof(SID_AND_ATTRIBUTES);
+
+ Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
+ if (Groups == NULL)
+ {
+ ERR("Group buffer allocation failed!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Groups->GroupCount = LocalGroups->GroupCount;
+
+ for (i = 0; i < LocalGroups->GroupCount; i++)
+ {
+ Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid;
+ Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes;
+ }
+
+ TokenInfo1->Groups = Groups;
+ }
+ }
+ else
+ {
+ FIXME("TokenInformationType %d is not supported!\n",
TokenInformationType);
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ return STATUS_SUCCESS;
+}
+
+
+static
+NTSTATUS
LsapSetTokenOwner(
IN PVOID TokenInformation,
IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
@@ -862,6 +946,19 @@
goto done;
}
+ if (LocalGroups->GroupCount > 0)
+ {
+ /* Add local groups to the token information */
+ Status = LsapAddLocalGroups(TokenInformation,
+ TokenInformationType,
+ LocalGroups);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n",
Status);
+ goto done;
+ }
+ }
+
Status = LsapSetTokenOwner(TokenInformation,
TokenInformationType);
if (!NT_SUCCESS(Status))
Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?…
==============================================================================
--- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Thu Dec 26 19:20:33 2013
@@ -274,10 +274,9 @@
OUT PSID *PrimaryGroupSid)
{
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
- SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups;
-#define MAX_GROUPS 8
+#define MAX_GROUPS 6
DWORD GroupCount = 0;
PSID Sid;
NTSTATUS Status = STATUS_SUCCESS;
@@ -345,40 +344,6 @@
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_USERS,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
- /* Logon SID */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- SECURITY_LOGON_IDS_RID_COUNT,
- SECURITY_LOGON_IDS_RID,
- LogonId->HighPart,
- LogonId->LowPart,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY |
SE_GROUP_LOGON_ID;
- GroupCount++;
-
- /* Member of 'Local users */
- RtlAllocateAndInitializeSid(&LocalAuthority,
- 1,
- SECURITY_LOCAL_RID,
- SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
3977
days inactive
3977
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org