[ekohl] 56917: [SAMSRV] Check if the name of a new account (alias, group or user) is used before the account is created. This check is needed because account names must be unique. - Ros-diffs

20 Jul 2012

Author: ekohl
Date: Fri Jul 20 20:42:53 2012
New Revision: 56917
URL: http://svn.reactos.org/svn/reactos?rev=56917&view=rev
Log:
[SAMSRV]
Check if the name of a new account (alias, group or user) is used before the account is created. This check is needed because account names must be unique.
Modified:
    trunk/reactos/dll/win32/samsrv/database.c
    trunk/reactos/dll/win32/samsrv/samrpc.c
    trunk/reactos/dll/win32/samsrv/samsrv.h
Modified: trunk/reactos/dll/win32/samsrv/database.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/database.c...
==============================================================================

--- trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] Fri Jul 20 20:42:53 2012
@@ -629,6 +629,121 @@
NTSTATUS
+SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
+                             IN LPWSTR lpAccountName)
+{
+    HANDLE AccountKey;
+    HANDLE NamesKey;
+    NTSTATUS Status;
+
+    TRACE("SampCheckNameInDomain()\n");
+
+    Status = SampRegOpenKey(DomainObject->KeyHandle,
+                            L"Aliases",
+                            KEY_READ,
+                            &AccountKey);
+    if (NT_SUCCESS(Status))
+    {
+        Status = SampRegOpenKey(AccountKey,
+                                L"Names",
+                                KEY_READ,
+                                &NamesKey);
+        if (NT_SUCCESS(Status))
+        {
+            Status = SampRegQueryValue(NamesKey,
+                                       lpAccountName,
+                                       NULL,
+                                       NULL,
+                                       NULL);
+            if (Status == STATUS_SUCCESS)
+                Status = STATUS_ALIAS_EXISTS;
+            else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
+                Status = STATUS_SUCCESS;
+
+            SampRegCloseKey(NamesKey);
+        }
+
+        SampRegCloseKey(AccountKey);
+    }
+
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("Checking for alias account failed (Status 0x%08lx)\n", Status);
+        return Status;
+    }
+
+    Status = SampRegOpenKey(DomainObject->KeyHandle,
+                            L"Groups",
+                            KEY_READ,
+                            &AccountKey);
+    if (NT_SUCCESS(Status))
+    {
+        Status = SampRegOpenKey(AccountKey,
+                                L"Names",
+                                KEY_READ,
+                                &NamesKey);
+        if (NT_SUCCESS(Status))
+        {
+            Status = SampRegQueryValue(NamesKey,
+                                       lpAccountName,
+                                       NULL,
+                                       NULL,
+                                       NULL);
+            if (Status == STATUS_SUCCESS)
+                Status = STATUS_ALIAS_EXISTS;
+            else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
+                Status = STATUS_SUCCESS;
+
+            SampRegCloseKey(NamesKey);
+        }
+
+        SampRegCloseKey(AccountKey);
+    }
+
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("Checking for group account failed (Status 0x%08lx)\n", Status);
+        return Status;
+    }
+
+    Status = SampRegOpenKey(DomainObject->KeyHandle,
+                            L"Users",
+                            KEY_READ,
+                            &AccountKey);
+    if (NT_SUCCESS(Status))
+    {
+        Status = SampRegOpenKey(AccountKey,
+                                L"Names",
+                                KEY_READ,
+                                &NamesKey);
+        if (NT_SUCCESS(Status))
+        {
+            Status = SampRegQueryValue(NamesKey,
+                                       lpAccountName,
+                                       NULL,
+                                       NULL,
+                                       NULL);
+            if (Status == STATUS_SUCCESS)
+                Status = STATUS_ALIAS_EXISTS;
+            else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
+                Status = STATUS_SUCCESS;
+
+            SampRegCloseKey(NamesKey);
+        }
+
+        SampRegCloseKey(AccountKey);
+    }
+
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("Checking for user account failed (Status 0x%08lx)\n", Status);
+    }
+
+    return Status;
+}
+
+
+NTSTATUS
 SampSetObjectAttribute(PSAM_DB_OBJECT DbObject,
                        LPWSTR AttributeName,
                        ULONG AttributeType,
Modified: trunk/reactos/dll/win32/samsrv/samrpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?r...
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Fri Jul 20 20:42:53 2012
@@ -1565,6 +1565,16 @@
         return Status;
     }
+    /* Check if the group name already exists in the domain */
+    Status = SampCheckAccountNameInDomain(DomainObject,
+                                          Name->Buffer);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("Group name '%S' already exists in domain (Status 0x%08lx)\n",
+              Name->Buffer, Status);
+        return Status;
+    }
+
     /* Get the fixed domain attributes */
     ulSize = sizeof(SAM_DOMAIN_FIXED_DATA);
     Status = SampGetObjectAttribute(DomainObject,
@@ -1598,8 +1608,6 @@
/* Convert the RID into a string (hex) */
     swprintf(szRid, L"%08lX", ulRid);
-
-    /* FIXME: Check whether the group name is already in use */
/* Create the group object */
     Status = SampCreateDbObject(DomainObject,
@@ -1710,7 +1718,6 @@
     ULONG ulSize;
     ULONG ulRid;
     WCHAR szRid[9];
-    BOOL bAliasExists = FALSE;
     NTSTATUS Status;
TRACE("SamrCreateUserInDomain(%p %p %lx %p %p)\n",
@@ -1724,6 +1731,16 @@
     if (!NT_SUCCESS(Status))
     {
         TRACE("failed with status 0x%08lx\n", Status);
+        return Status;
+    }
+
+    /* Check if the user name already exists in the domain */
+    Status = SampCheckAccountNameInDomain(DomainObject,
+                                          Name->Buffer);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("User name '%S' already exists in domain (Status 0x%08lx)\n",
+              Name->Buffer, Status);
         return Status;
     }
@@ -1761,23 +1778,6 @@
     /* Convert the RID into a string (hex) */
     swprintf(szRid, L"%08lX", ulRid);
-    /* Check whether the user name is already in use */
-    Status = SampCheckDbObjectNameAlias(DomainObject,
-                                        L"Users",
-                                        Name->Buffer,
-                                        &bAliasExists);
-    if (!NT_SUCCESS(Status))
-    {
-        TRACE("failed with status 0x%08lx\n", Status);
-        return Status;
-    }
-
-    if (bAliasExists)
-    {
-        TRACE("The user account %S already exists!\n", Name->Buffer);
-        return STATUS_USER_EXISTS;
-    }
-
     /* Create the user object */
     Status = SampCreateDbObject(DomainObject,
                                 L"Users",
@@ -1807,6 +1807,10 @@
     FixedUserData.Version = 1;
FixedUserData.UserId = ulRid;
+    FixedUserData.PrimaryGroupId = DOMAIN_GROUP_RID_USERS;
+//    FixedUserData.UserAccountControl = USER_ACCOUNT_DISABLED |
+//                                       USER_PASSWORD_NOT_REQUIRED ||
+//                                       USER_NORMAL_ACCOUNT;
/* Set fixed user data attribute */
     Status = SampSetObjectAttribute(UserObject,
@@ -1973,7 +1977,6 @@
     ULONG ulSize;
     ULONG ulRid;
     WCHAR szRid[9];
-    BOOL bAliasExists = FALSE;
     NTSTATUS Status;
TRACE("SamrCreateAliasInDomain(%p %p %lx %p %p)\n",
@@ -1987,6 +1990,16 @@
     if (!NT_SUCCESS(Status))
     {
         TRACE("failed with status 0x%08lx\n", Status);
+        return Status;
+    }
+
+    /* Check if the alias name already exists in the domain */
+    Status = SampCheckAccountNameInDomain(DomainObject,
+                                          AccountName->Buffer);
+    if (!NT_SUCCESS(Status))
+    {
+        TRACE("Alias name '%S' already exists in domain (Status 0x%08lx)\n",
+              AccountName->Buffer, Status);
         return Status;
     }
@@ -2023,23 +2036,6 @@
/* Convert the RID into a string (hex) */
     swprintf(szRid, L"%08lX", ulRid);
-
-    /* Check whether the user name is already in use */
-    Status = SampCheckDbObjectNameAlias(DomainObject,
-                                        L"Aliases",
-                                        AccountName->Buffer,
-                                        &bAliasExists);
-    if (!NT_SUCCESS(Status))
-    {
-        TRACE("failed with status 0x%08lx\n", Status);
-        return Status;
-    }
-
-    if (bAliasExists)
-    {
-        TRACE("The alias account %S already exists!\n", AccountName->Buffer);
-        return STATUS_ALIAS_EXISTS;
-    }
/* Create the alias object */
     Status = SampCreateDbObject(DomainObject,
Modified: trunk/reactos/dll/win32/samsrv/samsrv.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.h?r...
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] Fri Jul 20 20:42:53 2012
@@ -151,6 +151,10 @@
                            OUT PBOOL bAliasExists);
NTSTATUS
+SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
+                             IN LPWSTR lpAccountName);
+
+NTSTATUS
 SampSetObjectAttribute(PSAM_DB_OBJECT DbObject,
                        LPWSTR AttributeName,
                        ULONG AttributeType,

    