Author: ekohl Date: Sun Oct 7 12:10:45 2012 New Revision: 57511 URL: http://svn.reactos.org/svn/reactos?rev=57511&view=rev Log: [LSASRV] - Store the names and SIDs of the built-in and account domains in global vaiables. - Move the lookup code for isolated names to a separate function. Modified: trunk/reactos/dll/win32/lsasrv/database.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/lsasrv/sids.c Modified: trunk/reactos/dll/win32/lsasrv/database.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/database.… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] Sun Oct 7 12:10:45 2012 @@ -17,6 +17,17 @@ static HANDLE SecurityKeyHandle = NULL; +SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; +SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}; +SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; +SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}; +SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; + +PSID BuiltinDomainSid = NULL; +PSID AccountDomainSid = NULL; +UNICODE_STRING BuiltinDomainName = {0, 0, NULL}; +UNICODE_STRING AccountDomainName = {0, 0, NULL}; + /* FUNCTIONS ***************************************************************/ @@ -202,14 +213,13 @@ static NTSTATUS LsapCreateRandomDomainSid(OUT PSID *Sid) { - SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; LARGE_INTEGER SystemTime; PULONG Seed; NtQuerySystemTime(&SystemTime); Seed = &SystemTime.u.LowPart; - return RtlAllocateAndInitializeSid(&SystemAuthority, + return RtlAllocateAndInitializeSid(&NtAuthority, 4, SECURITY_NT_NON_UNIQUE, RtlUniform(Seed), @@ -380,6 +390,137 @@ } +static NTSTATUS +LsapGetDomainInfo(VOID) +{ + PLSA_DB_OBJECT PolicyObject = NULL; + PUNICODE_STRING DomainName = NULL; + ULONG AttributeSize; + LPWSTR SidString = NULL; + NTSTATUS Status; + + /* Get the built-in domain SID and name */ + Status = RtlAllocateAndInitializeSid(&NtAuthority, + 1, + SECURITY_BUILTIN_DOMAIN_RID, + 0, 0, 0, 0, 0, 0, 0, + &BuiltinDomainSid); + if (!NT_SUCCESS(Status)) + return Status; + + /**/ + RtlInitUnicodeString(&BuiltinDomainName, + L"BUILTIN"); + + /* Open the 'Policy' object */ + Status = LsapOpenDbObject(NULL, + NULL, + L"Policy", + LsaDbPolicyObject, + 0, + &PolicyObject); + if (!NT_SUCCESS(Status)) + goto done; + + /* Get the account domain SID */ + AttributeSize = 0; + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAcDmS", + NULL, + &AttributeSize); + if (!NT_SUCCESS(Status)) + goto done; + + if (AttributeSize > 0) + { + AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + AttributeSize); + if (AccountDomainSid == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAcDmS", + AccountDomainSid, + &AttributeSize); + if (!NT_SUCCESS(Status)) + goto done; + } + + /* Get the account domain name */ + AttributeSize = 0; + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAcDmN", + NULL, + &AttributeSize); + if (!NT_SUCCESS(Status)) + goto done; + + if (AttributeSize > 0) + { + DomainName = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + AttributeSize); + if (DomainName == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAcDmN", + DomainName, + &AttributeSize); + if (!NT_SUCCESS(Status)) + goto done; + + DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer); + + AccountDomainName.Length = DomainName->Length; + AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR); + AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + AccountDomainName.MaximumLength); + if (AccountDomainName.Buffer == NULL) + { + ERR("Failed to allocate the account domain name buffer\n"); + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + RtlCopyMemory(AccountDomainName.Buffer, + DomainName->Buffer, + DomainName->Length); + } + + ConvertSidToStringSidW(BuiltinDomainSid, &SidString); + TRACE("Builtin Domain SID: %S\n", SidString); + LocalFree(SidString); + SidString = NULL; + + TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName); + + ConvertSidToStringSidW(AccountDomainSid, &SidString); + TRACE("Account Domain SID: %S\n", SidString); + LocalFree(SidString); + SidString = NULL; + + TRACE("Account Domain Name: %wZ\n", &AccountDomainName); + +done: + if (DomainName != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName); + + if (PolicyObject != NULL) + LsapCloseDbObject(PolicyObject); + + return Status; +} + + NTSTATUS LsapInitDatabase(VOID) { @@ -418,6 +559,13 @@ ERR("Failed to update the LSA database (Status: 0x%08lx)\n", Status); return Status; } + } + + Status = LsapGetDomainInfo(); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status); + return Status; } TRACE("LsapInitDatabase() done\n"); Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sun Oct 7 12:10:45 2012 @@ -60,6 +60,18 @@ } LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA; +extern SID_IDENTIFIER_AUTHORITY NullSidAuthority; +extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority; +extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority; +extern SID_IDENTIFIER_AUTHORITY CreatorSidAuthority; +extern SID_IDENTIFIER_AUTHORITY NtAuthority; + +extern PSID BuiltinDomainSid; +extern UNICODE_STRING BuiltinDomainName; +extern PSID AccountDomainSid; +extern UNICODE_STRING AccountDomainName; + + /* authport.c */ NTSTATUS StartAuthenticationPort(VOID); Modified: trunk/reactos/dll/win32/lsasrv/sids.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/sids.c?re… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] Sun Oct 7 12:10:45 2012 @@ -21,15 +21,7 @@ } WELL_KNOWN_SID, *PWELL_KNOWN_SID; -static SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}; -static SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}; -static SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; -static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}; -static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}; - LIST_ENTRY WellKnownSidListHead; - - #if 0 typedef struct _AccountSid @@ -820,6 +812,119 @@ } +static +NTSTATUS +LsapLookupIsolatedNames(DWORD Count, + PRPC_UNICODE_STRING DomainNames, + PRPC_UNICODE_STRING AccountNames, + PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, + PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, + PULONG Mapped) +{ + PWELL_KNOWN_SID ptr, ptr2; + ULONG DomainIndex; + ULONG i; + NTSTATUS Status = STATUS_SUCCESS; + LPWSTR SidString = NULL; + + for (i = 0; i < Count; i++) + { + /* Ignore names which were already mapped */ + if (SidsBuffer[i].Use != SidTypeUnknown) + continue; + + /* Ignore fully qualified account names */ + if (DomainNames[i].Length != 0) + continue; + + /* Look-up all well-known names */ + ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]); + if (ptr != NULL) + { + SidsBuffer[i].Use = ptr->Use; + SidsBuffer[i].Sid = ptr->Sid; + SidsBuffer[i].DomainIndex = -1; + SidsBuffer[i].Flags = 0; + + if (ptr->Use == SidTypeDomain) + { + Status = LsapAddDomainToDomainsList(DomainsBuffer, + &ptr->Name, + ptr->Sid, + &DomainIndex); + if (!NT_SUCCESS(Status)) + goto done; + + SidsBuffer[i].DomainIndex = DomainIndex; + } + else + { + ptr2= LsapLookupWellKnownName(&ptr->Domain); + if (ptr2 != NULL) + { + Status = LsapAddDomainToDomainsList(DomainsBuffer, + &ptr2->Name, + ptr2->Sid, + &DomainIndex); + if (!NT_SUCCESS(Status)) + goto done; + + SidsBuffer[i].DomainIndex = DomainIndex; + } + } + + (*Mapped)++; + continue; + } + + /* FIXME: Look-up the built-in domain */ + + ConvertSidToStringSidW(AccountDomainSid, &SidString); + TRACE("Account Domain SID: %S\n", SidString); + LocalFree(SidString); + SidString = NULL; + + TRACE("Account Domain Name: %wZ\n", &AccountDomainName); + + /* Look-up the account domain */ + if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE)) + { + SidsBuffer[i].Use = SidTypeDomain; + SidsBuffer[i].Sid = AccountDomainSid; + SidsBuffer[i].DomainIndex = -1; + SidsBuffer[i].Flags = 0; + + Status = LsapAddDomainToDomainsList(DomainsBuffer, + &AccountDomainName, + AccountDomainSid, + &DomainIndex); + if (!NT_SUCCESS(Status)) + goto done; + + SidsBuffer[i].DomainIndex = DomainIndex; + + (*Mapped)++; + continue; + } + + /* FIXME: Look-up the primary domain */ + + /* FIXME: Look-up the trusted domains */ + + /* FIXME: Look-up accounts in the built-in domain */ + + /* FIXME: Look-up accounts in the account domain */ + + /* FIXME: Look-up accounts in the primary domain */ + + /* FIXME: Look-up accounts in the trusted domains */ + } + +done: + return Status; +} + + NTSTATUS LsapLookupNames(DWORD Count, PRPC_UNICODE_STRING Names, @@ -835,12 +940,12 @@ PRPC_UNICODE_STRING DomainNames = NULL; PRPC_UNICODE_STRING AccountNames = NULL; ULONG SidsBufferLength; - ULONG DomainIndex; +// ULONG DomainIndex; ULONG i; ULONG Mapped = 0; NTSTATUS Status = STATUS_SUCCESS; - PWELL_KNOWN_SID ptr, ptr2; +// PWELL_KNOWN_SID ptr, ptr2; //TRACE("()\n"); @@ -893,6 +998,20 @@ goto done; } + Status = LsapLookupIsolatedNames(Count, + DomainNames, + AccountNames, + DomainsBuffer, + SidsBuffer, + &Mapped); + if (!NT_SUCCESS(Status)) + goto done; + + if (Mapped == Count) + goto done; + + +#if 0 for (i = 0; i < Count; i++) { //TRACE("Name: %wZ\n", &Names[i]); @@ -941,10 +1060,8 @@ Mapped++; continue; } - - - - } + } +#endif done: // TRACE("done: Status %lx\n", Status);