Author: ekohl Date: Sun Oct 14 10:20:59 2012 New Revision: 57557

URL: http://svn.reactos.org/svn/reactos?rev=57557&view=rev Log: [LSASRV] LsapLookupIsolatedNames: Add a domain entry to the referenced domain list for an unknown/unidentified domain. Its SID is the SID of the account minus the last sub-authority and its name is an empty string.

Modified: trunk/reactos/dll/win32/lsasrv/sids.c

Modified: trunk/reactos/dll/win32/lsasrv/sids.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/sids.c?rev... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/sids.c [iso-8859-1] Sun Oct 14 10:20:59 2012 @@ -921,7 +921,7 @@

DstSid = MIDL_user_allocate(DstSidSize); if (DstSid == NULL) - return FALSE; + return NULL;

RtlInitializeSid(DstSid, RtlIdentifierAuthoritySid(SrcSid), @@ -938,6 +938,40 @@ *q = RelativeId;

return DstSid; +} + + +static PSID +CreateDomainSidFromAccountSid(PSID AccountSid) +{ + UCHAR RidCount; + PSID DomainSid; + ULONG i; + ULONG DstSidSize; + PULONG p, q; + + RidCount = *RtlSubAuthorityCountSid(AccountSid); + if (RidCount > 0) + RidCount--; + + DstSidSize = RtlLengthRequiredSid(RidCount); + + DomainSid = MIDL_user_allocate(DstSidSize); + if (DomainSid == NULL) + return NULL; + + RtlInitializeSid(DomainSid, + RtlIdentifierAuthoritySid(AccountSid), + RidCount); + + for (i = 0; i < (ULONG)RidCount; i++) + { + p = RtlSubAuthoritySid(AccountSid, i); + q = RtlSubAuthoritySid(DomainSid, i); + *q = *p; + } + + return DomainSid; }

@@ -950,7 +984,9 @@ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, PULONG Mapped) { + UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L""); PWELL_KNOWN_SID ptr, ptr2; + PSID DomainSid; ULONG DomainIndex; ULONG i; NTSTATUS Status = STATUS_SUCCESS; @@ -964,6 +1000,8 @@ /* Ignore fully qualified account names */ if (DomainNames[i].Length != 0) continue; + + TRACE("Mapping name: %wZ\n", &AccountNames[i]);

/* Look-up all well-known names */ ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]); @@ -999,6 +1037,31 @@

SidsBuffer[i].DomainIndex = DomainIndex; } + else + { + DomainSid = CreateDomainSidFromAccountSid(ptr->Sid); + if (DomainSid == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + Status = LsapAddDomainToDomainsList(DomainsBuffer, + &EmptyDomainName, + DomainSid, + &DomainIndex); + + if (DomainSid != NULL) + { + MIDL_user_free(DomainSid); + DomainSid = NULL; + } + + if (!NT_SUCCESS(Status)) + goto done; + + SidsBuffer[i].DomainIndex = DomainIndex; + } }

(*Mapped)++; @@ -1054,6 +1117,7 @@ }

done: + return Status; }

@@ -1428,7 +1492,6 @@

return Status; } -

NTSTATUS @@ -1514,7 +1577,10 @@ if (!NT_SUCCESS(Status) && Status != STATUS_NONE_MAPPED && Status != STATUS_SOME_NOT_MAPPED) - goto done; + { + TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status); + goto done; + }

if (Mapped == Count) goto done; @@ -1529,7 +1595,10 @@ if (!NT_SUCCESS(Status) && Status != STATUS_NONE_MAPPED && Status != STATUS_SOME_NOT_MAPPED) - goto done; + { + TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status); + goto done; + }

if (Mapped == Count) goto done; @@ -1544,7 +1613,10 @@ if (!NT_SUCCESS(Status) && Status != STATUS_NONE_MAPPED && Status != STATUS_SOME_NOT_MAPPED) - goto done; + { + TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status); + goto done; + }

if (Mapped == Count) goto done; @@ -1560,7 +1632,10 @@ if (!NT_SUCCESS(Status) && Status != STATUS_NONE_MAPPED && Status != STATUS_SOME_NOT_MAPPED) - goto done; + { + TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status); + goto done; + }

if (Mapped == Count) goto done; @@ -1575,7 +1650,10 @@ if (!NT_SUCCESS(Status) && Status != STATUS_NONE_MAPPED && Status != STATUS_SOME_NOT_MAPPED) - goto done; + { + TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status); + goto done; + }

if (Mapped == Count) goto done;