[hpoussin] 30004: Clean up method which assigns groups to logged on user We have now a compile time switch to test ReactOS with a non-administrator account - Ros-diffs

31 Oct 2007

Author: hpoussin
Date: Wed Oct 31 12:41:56 2007
New Revision: 30004
URL: http://svn.reactos.org/svn/reactos?rev=30004&view=rev
Log:
Clean up method which assigns groups to logged on user
We have now a compile time switch to test ReactOS with a non-administrator account
Modified:
    trunk/reactos/dll/win32/advapi32/misc/logon.c
Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/log...
==============================================================================

--- trunk/reactos/dll/win32/advapi32/misc/logon.c (original)
+++ trunk/reactos/dll/win32/advapi32/misc/logon.c Wed Oct 31 12:41:56 2007
@@ -404,164 +404,175 @@
static PTOKEN_GROUPS
-AllocateGroupSids(PSID *PrimaryGroupSid,
-		  PSID *OwnerSid)
+AllocateGroupSids(
+    OUT PSID *PrimaryGroupSid,
+    OUT PSID *OwnerSid)
 {
-  SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
-  SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
-  SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
-  PTOKEN_GROUPS TokenGroups;
-  PSID DomainSid;
-  PSID Sid;
-  LUID Luid;
-  NTSTATUS Status;
-
-  Status = NtAllocateLocallyUniqueId(&Luid);
-  if (!NT_SUCCESS(Status))
-    {
-      return NULL;
-    }
-
-  if (!SamGetDomainSid(&DomainSid))
-    {
-      return NULL;
-    }
-
-  TokenGroups = RtlAllocateHeap(GetProcessHeap(), 0,
-                                sizeof(TOKEN_GROUPS) +
-                                8 * sizeof(SID_AND_ATTRIBUTES));
-  if (TokenGroups == NULL)
-    {
-      RtlFreeHeap (RtlGetProcessHeap (),
-		   0,
-		   DomainSid);
-      return NULL;
-    }
-
-  TokenGroups->GroupCount = 8;
-
-  Sid = AppendRidToSid(DomainSid,
-                       DOMAIN_GROUP_RID_USERS);
-
-  RtlFreeHeap(RtlGetProcessHeap(),
-	      0,
-	      DomainSid);
-
-  TokenGroups->Groups[0].Sid = Sid;
-  TokenGroups->Groups[0].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-  *PrimaryGroupSid = Sid;
-
-
-  RtlAllocateAndInitializeSid(&WorldAuthority,
-			      1,
-			      SECURITY_WORLD_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[1].Sid = Sid;
-  TokenGroups->Groups[1].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-
-  RtlAllocateAndInitializeSid(&SystemAuthority,
-			      2,
-			      SECURITY_BUILTIN_DOMAIN_RID,
-			      DOMAIN_ALIAS_RID_ADMINS,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[2].Sid = Sid;
-  TokenGroups->Groups[2].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-  *OwnerSid = Sid;
-
-  RtlAllocateAndInitializeSid(&SystemAuthority,
-			      2,
-			      SECURITY_BUILTIN_DOMAIN_RID,
-			      DOMAIN_ALIAS_RID_USERS,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[3].Sid = Sid;
-  TokenGroups->Groups[3].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-  /* Logon SID */
-  RtlAllocateAndInitializeSid(&SystemAuthority,
-			      SECURITY_LOGON_IDS_RID_COUNT,
-			      SECURITY_LOGON_IDS_RID,
-			      Luid.HighPart,
-			      Luid.LowPart,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[4].Sid = Sid;
-  TokenGroups->Groups[4].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
-
-  RtlAllocateAndInitializeSid(&LocalAuthority,
-			      1,
-			      SECURITY_LOCAL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[5].Sid = Sid;
-  TokenGroups->Groups[5].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-  RtlAllocateAndInitializeSid(&SystemAuthority,
-			      1,
-			      SECURITY_INTERACTIVE_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[6].Sid = Sid;
-  TokenGroups->Groups[6].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-  RtlAllocateAndInitializeSid(&SystemAuthority,
-			      1,
-			      SECURITY_AUTHENTICATED_USER_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      SECURITY_NULL_RID,
-			      &Sid);
-
-  TokenGroups->Groups[7].Sid = Sid;
-  TokenGroups->Groups[7].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
-
-  return TokenGroups;
+    SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+    SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
+    PTOKEN_GROUPS TokenGroups;
+#define MAX_GROUPS 8
+    DWORD GroupCount = 0;
+    PSID DomainSid;
+    PSID Sid;
+    LUID Luid;
+    NTSTATUS Status;
+
+    Status = NtAllocateLocallyUniqueId(&Luid);
+    if (!NT_SUCCESS(Status))
+        return NULL;
+
+    if (!SamGetDomainSid(&DomainSid))
+        return NULL;
+
+    TokenGroups = RtlAllocateHeap(
+        GetProcessHeap(), 0,
+        sizeof(TOKEN_GROUPS) +
+        MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
+    if (TokenGroups == NULL)
+    {
+        RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
+        return NULL;
+    }
+
+    Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS);
+    RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
+
+    /* Member of the domain */
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    *PrimaryGroupSid = Sid;
+    GroupCount++;
+
+    /* Member of 'Everyone' */
+    RtlAllocateAndInitializeSid(
+        &WorldAuthority,
+        1,
+        SECURITY_WORLD_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+
+#if 1
+    /* Member of 'Administrators' */
+    RtlAllocateAndInitializeSid(
+        &SystemAuthority,
+        2,
+        SECURITY_BUILTIN_DOMAIN_RID,
+        DOMAIN_ALIAS_RID_ADMINS,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+#else
+    DPRINT1("Not adding user to Administrators group\n");
+#endif
+
+    /* Member of 'Users' */
+    RtlAllocateAndInitializeSid(
+        &SystemAuthority,
+        2,
+        SECURITY_BUILTIN_DOMAIN_RID,
+        DOMAIN_ALIAS_RID_USERS,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+
+    /* Logon SID */
+    RtlAllocateAndInitializeSid(
+        &SystemAuthority,
+        SECURITY_LOGON_IDS_RID_COUNT,
+        SECURITY_LOGON_IDS_RID,
+        Luid.HighPart,
+        Luid.LowPart,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
+    GroupCount++;
+    *OwnerSid = Sid;
+
+    /* Member of 'Local users */
+    RtlAllocateAndInitializeSid(
+        &LocalAuthority,
+        1,
+        SECURITY_LOCAL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+
+    /* Member of 'Interactive users' */
+    RtlAllocateAndInitializeSid(
+        &SystemAuthority,
+        1,
+        SECURITY_INTERACTIVE_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+
+    /* Member of 'Authenticated users' */
+    RtlAllocateAndInitializeSid(
+        &SystemAuthority,
+        1,
+        SECURITY_AUTHENTICATED_USER_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        SECURITY_NULL_RID,
+        &Sid);
+    TokenGroups->Groups[GroupCount].Sid = Sid;
+    TokenGroups->Groups[GroupCount].Attributes = SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+    GroupCount++;
+
+    TokenGroups->GroupCount = GroupCount;
+    ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
+
+    return TokenGroups;
 }
@@ -663,18 +674,8 @@
   /* Get the user SID from the registry */
   if (!SamGetUserSid (lpszUsername, &UserSid))
     {
-      DPRINT ("SamGetUserSid() failed\n");
-      RtlAllocateAndInitializeSid (&SystemAuthority,
-				   5,
-				   SECURITY_NT_NON_UNIQUE,
-				   0x12345678,
-				   0x12345678,
-				   0x12345678,
-				   DOMAIN_USER_RID_ADMIN,
-				   SECURITY_NULL_RID,
-				   SECURITY_NULL_RID,
-				   SECURITY_NULL_RID,
-				   &UserSid);
+      DPRINT1 ("SamGetUserSid() failed\n");
+      return FALSE;
     }
TokenUser.User.Sid = UserSid;

    