[ekohl] 57511: [LSASRV] - Store the names and SIDs of the built-in and account domains in global vaiables. - Move the lookup code for isolated names to a separate function. - Ros-diffs

7 Oct 2012

Author: ekohl
Date: Sun Oct  7 12:10:45 2012
New Revision: 57511
URL: http://svn.reactos.org/svn/reactos?rev=57511&view=rev
Log:
[LSASRV]
- Store the names and SIDs of the built-in and account domains in global vaiables.
- Move the lookup code for isolated names to a separate function.
Modified:
    trunk/reactos/dll/win32/lsasrv/database.c
    trunk/reactos/dll/win32/lsasrv/lsasrv.h
    trunk/reactos/dll/win32/lsasrv/sids.c
Modified: trunk/reactos/dll/win32/lsasrv/database.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/database.c...
==============================================================================

--- trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] Sun Oct  7 12:10:45 2012
@@ -17,6 +17,17 @@
static HANDLE SecurityKeyHandle = NULL;
+SID_IDENTIFIER_AUTHORITY NullSidAuthority    = {SECURITY_NULL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY WorldSidAuthority   = {SECURITY_WORLD_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY LocalSidAuthority   = {SECURITY_LOCAL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY NtAuthority         = {SECURITY_NT_AUTHORITY};
+
+PSID BuiltinDomainSid = NULL;
+PSID AccountDomainSid = NULL;
+UNICODE_STRING BuiltinDomainName = {0, 0, NULL};
+UNICODE_STRING AccountDomainName = {0, 0, NULL};
+
/* FUNCTIONS ***************************************************************/
@@ -202,14 +213,13 @@
 static NTSTATUS
 LsapCreateRandomDomainSid(OUT PSID *Sid)
 {
-    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
     LARGE_INTEGER SystemTime;
     PULONG Seed;
NtQuerySystemTime(&SystemTime);
     Seed = &SystemTime.u.LowPart;
-    return RtlAllocateAndInitializeSid(&SystemAuthority,
+    return RtlAllocateAndInitializeSid(&NtAuthority,
                                        4,
                                        SECURITY_NT_NON_UNIQUE,
                                        RtlUniform(Seed),
@@ -380,6 +390,137 @@
 }
+static NTSTATUS
+LsapGetDomainInfo(VOID)
+{
+    PLSA_DB_OBJECT PolicyObject = NULL;
+    PUNICODE_STRING DomainName = NULL;
+    ULONG AttributeSize;
+    LPWSTR SidString = NULL;
+    NTSTATUS Status;
+
+    /* Get the built-in domain SID and name */
+    Status = RtlAllocateAndInitializeSid(&NtAuthority,
+                                         1,
+                                         SECURITY_BUILTIN_DOMAIN_RID,
+                                         0, 0, 0, 0, 0, 0, 0,
+                                         &BuiltinDomainSid);
+    if (!NT_SUCCESS(Status))
+        return Status;
+
+    /**/
+    RtlInitUnicodeString(&BuiltinDomainName,
+                         L"BUILTIN");
+
+    /* Open the 'Policy' object */
+    Status = LsapOpenDbObject(NULL,
+                              NULL,
+                              L"Policy",
+                              LsaDbPolicyObject,
+                              0,
+                              &PolicyObject);
+    if (!NT_SUCCESS(Status))
+        goto done;
+
+    /* Get the account domain SID */
+    AttributeSize = 0;
+    Status = LsapGetObjectAttribute(PolicyObject,
+                                    L"PolAcDmS",
+                                    NULL,
+                                    &AttributeSize);
+    if (!NT_SUCCESS(Status))
+        goto done;
+
+    if (AttributeSize > 0)
+    {
+        AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
+                                           HEAP_ZERO_MEMORY,
+                                           AttributeSize);
+        if (AccountDomainSid == NULL)
+        {
+            Status = STATUS_INSUFFICIENT_RESOURCES;
+            goto done;
+        }
+
+        Status = LsapGetObjectAttribute(PolicyObject,
+                                        L"PolAcDmS",
+                                        AccountDomainSid,
+                                        &AttributeSize);
+        if (!NT_SUCCESS(Status))
+            goto done;
+    }
+
+    /* Get the account domain name */
+    AttributeSize = 0;
+    Status = LsapGetObjectAttribute(PolicyObject,
+                                    L"PolAcDmN",
+                                    NULL,
+                                    &AttributeSize);
+    if (!NT_SUCCESS(Status))
+        goto done;
+
+    if (AttributeSize > 0)
+    {
+        DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
+                                     HEAP_ZERO_MEMORY,
+                                     AttributeSize);
+        if (DomainName == NULL)
+        {
+            Status = STATUS_INSUFFICIENT_RESOURCES;
+            goto done;
+        }
+
+        Status = LsapGetObjectAttribute(PolicyObject,
+                                        L"PolAcDmN",
+                                        DomainName,
+                                        &AttributeSize);
+        if (!NT_SUCCESS(Status))
+            goto done;
+
+        DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
+
+        AccountDomainName.Length = DomainName->Length;
+        AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
+        AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
+                                                   HEAP_ZERO_MEMORY,
+                                                   AccountDomainName.MaximumLength);
+        if (AccountDomainName.Buffer == NULL)
+        {
+            ERR("Failed to allocate the account domain name buffer\n");
+            Status = STATUS_INSUFFICIENT_RESOURCES;
+            goto done;
+        }
+
+        RtlCopyMemory(AccountDomainName.Buffer,
+                      DomainName->Buffer,
+                      DomainName->Length);
+    }
+
+    ConvertSidToStringSidW(BuiltinDomainSid, &SidString);
+    TRACE("Builtin Domain SID: %S\n", SidString);
+    LocalFree(SidString);
+    SidString = NULL;
+
+    TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
+
+    ConvertSidToStringSidW(AccountDomainSid, &SidString);
+    TRACE("Account Domain SID: %S\n", SidString);
+    LocalFree(SidString);
+    SidString = NULL;
+
+    TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
+
+done:
+    if (DomainName != NULL)
+        RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
+
+    if (PolicyObject != NULL)
+        LsapCloseDbObject(PolicyObject);
+
+    return Status;
+}
+
+
 NTSTATUS
 LsapInitDatabase(VOID)
 {
@@ -418,6 +559,13 @@
             ERR("Failed to update the LSA database (Status: 0x%08lx)\n", Status);
             return Status;
         }
+    }
+
+    Status = LsapGetDomainInfo();
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
+        return Status;
     }
TRACE("LsapInitDatabase() done\n");
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?r...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sun Oct  7 12:10:45 2012
@@ -60,6 +60,18 @@
 } LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA;
+extern SID_IDENTIFIER_AUTHORITY NullSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY CreatorSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY NtAuthority;
+
+extern PSID BuiltinDomainSid;
+extern UNICODE_STRING BuiltinDomainName;
+extern PSID AccountDomainSid;
+extern UNICODE_STRING AccountDomainName;
+
+
 /* authport.c */
 NTSTATUS
 StartAuthenticationPort(VOID);
Modified: trunk/reactos/dll/win32/lsasrv/sids.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/sids.c?rev...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] Sun Oct  7 12:10:45 2012
@@ -21,15 +21,7 @@
 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
-static SID_IDENTIFIER_AUTHORITY NullSidAuthority    = {SECURITY_NULL_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY WorldSidAuthority   = {SECURITY_WORLD_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY LocalSidAuthority   = {SECURITY_LOCAL_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY NtAuthority         = {SECURITY_NT_AUTHORITY};
-
 LIST_ENTRY WellKnownSidListHead;
-
-
#if 0
 typedef struct _AccountSid
@@ -820,6 +812,119 @@
 }
+static
+NTSTATUS
+LsapLookupIsolatedNames(DWORD Count,
+                        PRPC_UNICODE_STRING DomainNames,
+                        PRPC_UNICODE_STRING AccountNames,
+                        PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+                        PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+                        PULONG Mapped)
+{
+    PWELL_KNOWN_SID ptr, ptr2;
+    ULONG DomainIndex;
+    ULONG i;
+    NTSTATUS Status = STATUS_SUCCESS;
+    LPWSTR SidString = NULL;
+
+    for (i = 0; i < Count; i++)
+    {
+        /* Ignore names which were already mapped */
+        if (SidsBuffer[i].Use != SidTypeUnknown)
+            continue;
+
+        /* Ignore fully qualified account names */
+        if (DomainNames[i].Length != 0)
+            continue;
+
+        /* Look-up all well-known names */
+        ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
+        if (ptr != NULL)
+        {
+            SidsBuffer[i].Use = ptr->Use;
+            SidsBuffer[i].Sid = ptr->Sid;
+            SidsBuffer[i].DomainIndex = -1;
+            SidsBuffer[i].Flags = 0;
+
+            if (ptr->Use == SidTypeDomain)
+            {
+                Status = LsapAddDomainToDomainsList(DomainsBuffer,
+                                                    &ptr->Name,
+                                                    ptr->Sid,
+                                                    &DomainIndex);
+                if (!NT_SUCCESS(Status))
+                    goto done;
+
+                SidsBuffer[i].DomainIndex = DomainIndex;
+            }
+            else
+            {
+                ptr2= LsapLookupWellKnownName(&ptr->Domain);
+                if (ptr2 != NULL)
+                {
+                    Status = LsapAddDomainToDomainsList(DomainsBuffer,
+                                                        &ptr2->Name,
+                                                        ptr2->Sid,
+                                                        &DomainIndex);
+                    if (!NT_SUCCESS(Status))
+                        goto done;
+
+                    SidsBuffer[i].DomainIndex = DomainIndex;
+                }
+            }
+
+            (*Mapped)++;
+            continue;
+        }
+
+        /* FIXME: Look-up the built-in domain */
+
+        ConvertSidToStringSidW(AccountDomainSid, &SidString);
+        TRACE("Account Domain SID: %S\n", SidString);
+        LocalFree(SidString);
+        SidString = NULL;
+
+        TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
+
+        /* Look-up the account domain */
+        if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
+        {
+            SidsBuffer[i].Use = SidTypeDomain;
+            SidsBuffer[i].Sid = AccountDomainSid;
+            SidsBuffer[i].DomainIndex = -1;
+            SidsBuffer[i].Flags = 0;
+
+            Status = LsapAddDomainToDomainsList(DomainsBuffer,
+                                                &AccountDomainName,
+                                                AccountDomainSid,
+                                                &DomainIndex);
+            if (!NT_SUCCESS(Status))
+                goto done;
+
+            SidsBuffer[i].DomainIndex = DomainIndex;
+
+            (*Mapped)++;
+            continue;
+        }
+
+        /* FIXME: Look-up the primary domain */
+
+        /* FIXME: Look-up the trusted domains */
+
+        /* FIXME: Look-up accounts in the built-in domain */
+
+        /* FIXME: Look-up accounts in the account domain */
+
+        /* FIXME: Look-up accounts in the primary domain */
+
+        /* FIXME: Look-up accounts in the trusted domains */
+    }
+
+done:
+    return Status;
+}
+
+
 NTSTATUS
 LsapLookupNames(DWORD Count,
                 PRPC_UNICODE_STRING Names,
@@ -835,12 +940,12 @@
     PRPC_UNICODE_STRING DomainNames = NULL;
     PRPC_UNICODE_STRING AccountNames = NULL;
     ULONG SidsBufferLength;
-    ULONG DomainIndex;
+//    ULONG DomainIndex;
     ULONG i;
     ULONG Mapped = 0;
     NTSTATUS Status = STATUS_SUCCESS;
-    PWELL_KNOWN_SID ptr, ptr2;
+//    PWELL_KNOWN_SID ptr, ptr2;
//TRACE("()\n");
@@ -893,6 +998,20 @@
         goto done;
     }
+    Status = LsapLookupIsolatedNames(Count,
+                                     DomainNames,
+                                     AccountNames,
+                                     DomainsBuffer,
+                                     SidsBuffer,
+                                     &Mapped);
+    if (!NT_SUCCESS(Status))
+        goto done;
+
+    if (Mapped == Count)
+        goto done;
+
+
+#if 0
     for (i = 0; i < Count; i++)
     {
 //TRACE("Name: %wZ\n", &Names[i]);
@@ -941,10 +1060,8 @@
             Mapped++;
             continue;
         }
-
-
-
-    }
+    }
+#endif
done:
 //    TRACE("done: Status %lx\n", Status);

    