[ekohl] 56936: [SAMSRV] - Ensure that account names are not in use when a new alias, group or user is created. Return a proper status code if the account name is alread in use. - Initialize logon/p...
22 Jul
2012
22 Jul
'12
3:12 p.m.
Author: ekohl
Date: Sun Jul 22 15:12:00 2012
New Revision: 56936
URL: http://svn.reactos.org/svn/reactos?rev=56936&view=rev
Log:
[SAMSRV]
- Ensure that account names are not in use when a new alias, group or user is created.
Return a proper status code if the account name is alread in use.
- Initialize logon/password related data for new user account objects.
- Add missing prototypes and user account control bits to ntsam.h
Modified:
trunk/reactos/dll/win32/samsrv/database.c
trunk/reactos/dll/win32/samsrv/samrpc.c
trunk/reactos/dll/win32/samsrv/samsrv.h
trunk/reactos/include/ddk/ntsam.h
trunk/reactos/include/reactos/idl/sam.idl
Modified: trunk/reactos/dll/win32/samsrv/database.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/database.…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/database.c [iso-8859-1] Sun Jul 22 15:12:00 2012
@@ -484,10 +484,10 @@
NTSTATUS
-SampSetDbObjectNameAlias(IN PSAM_DB_OBJECT DomainObject,
- IN LPCWSTR lpContainerName,
- IN LPCWSTR lpAliasName,
- IN ULONG ulAliasValue)
+SampSetAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
+ IN LPCWSTR lpContainerName,
+ IN LPCWSTR lpAccountName,
+ IN ULONG ulRelativeId)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
@@ -496,6 +496,8 @@
HANDLE NamesKeyHandle = NULL;
NTSTATUS Status;
+ TRACE("SampSetAccountNameInDomain()\n");
+
/* Open the container key */
RtlInitUnicodeString(&KeyName, lpContainerName);
@@ -527,13 +529,13 @@
goto done;
/* Set the alias value */
- RtlInitUnicodeString(&ValueName, lpAliasName);
+ RtlInitUnicodeString(&ValueName, lpAccountName);
Status = NtSetValueKey(NamesKeyHandle,
&ValueName,
0,
REG_DWORD,
- (LPVOID)&ulAliasValue,
+ (LPVOID)&ulRelativeId,
sizeof(ULONG));
done:
@@ -548,87 +550,6 @@
NTSTATUS
-SampCheckDbObjectNameAlias(IN PSAM_DB_OBJECT DomainObject,
- IN LPCWSTR lpContainerName,
- IN LPCWSTR lpAliasName,
- OUT PBOOL bAliasExists)
-{
- PKEY_VALUE_PARTIAL_INFORMATION ValueInfo;
- OBJECT_ATTRIBUTES ObjectAttributes;
- UNICODE_STRING KeyName;
- UNICODE_STRING ValueName;
- HANDLE ContainerKeyHandle = NULL;
- HANDLE NamesKeyHandle = NULL;
- ULONG BufferLength = sizeof(ULONG);
- NTSTATUS Status;
-
- /* Open the container key */
- RtlInitUnicodeString(&KeyName, lpContainerName);
-
- InitializeObjectAttributes(&ObjectAttributes,
- &KeyName,
- OBJ_CASE_INSENSITIVE,
- DomainObject->KeyHandle,
- NULL);
-
- Status = NtOpenKey(&ContainerKeyHandle,
- KEY_ALL_ACCESS,
- &ObjectAttributes);
- if (!NT_SUCCESS(Status))
- return Status;
-
- /* Open the 'Names' key */
- RtlInitUnicodeString(&KeyName, L"Names");
-
- InitializeObjectAttributes(&ObjectAttributes,
- &KeyName,
- OBJ_CASE_INSENSITIVE,
- ContainerKeyHandle,
- NULL);
-
- Status = NtOpenKey(&NamesKeyHandle,
- KEY_ALL_ACCESS,
- &ObjectAttributes);
- if (!NT_SUCCESS(Status))
- goto done;
-
- /* Get the alias value */
- RtlInitUnicodeString(&ValueName, lpAliasName);
-
- BufferLength += FIELD_OFFSET(KEY_VALUE_PARTIAL_INFORMATION, Data);
-
- /* Allocate memory for the value */
- ValueInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
- if (ValueInfo == NULL)
- return STATUS_NO_MEMORY;
-
- /* Query the value */
- Status = ZwQueryValueKey(NamesKeyHandle,
- &ValueName,
- KeyValuePartialInformation,
- ValueInfo,
- BufferLength,
- &BufferLength);
-
- *bAliasExists = (Status != STATUS_OBJECT_NAME_NOT_FOUND);
-
- Status = STATUS_SUCCESS;
-
- /* Free the memory and return status */
- RtlFreeHeap(RtlGetProcessHeap(), 0, ValueInfo);
-
-done:
- if (NamesKeyHandle)
- NtClose(NamesKeyHandle);
-
- if (ContainerKeyHandle)
- NtClose(ContainerKeyHandle);
-
- return Status;
-}
-
-
-NTSTATUS
SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
IN LPWSTR lpAccountName)
{
@@ -636,7 +557,7 @@
HANDLE NamesKey;
NTSTATUS Status;
- TRACE("SampCheckNameInDomain()\n");
+ TRACE("SampCheckAccountNameInDomain()\n");
Status = SampRegOpenKey(DomainObject->KeyHandle,
L"Aliases",
@@ -656,11 +577,12 @@
NULL,
NULL);
if (Status == STATUS_SUCCESS)
+ {
+ SampRegCloseKey(NamesKey);
Status = STATUS_ALIAS_EXISTS;
+ }
else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
Status = STATUS_SUCCESS;
-
- SampRegCloseKey(NamesKey);
}
SampRegCloseKey(AccountKey);
@@ -690,11 +612,12 @@
NULL,
NULL);
if (Status == STATUS_SUCCESS)
+ {
+ SampRegCloseKey(NamesKey);
Status = STATUS_ALIAS_EXISTS;
+ }
else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
Status = STATUS_SUCCESS;
-
- SampRegCloseKey(NamesKey);
}
SampRegCloseKey(AccountKey);
@@ -724,11 +647,12 @@
NULL,
NULL);
if (Status == STATUS_SUCCESS)
+ {
+ SampRegCloseKey(NamesKey);
Status = STATUS_ALIAS_EXISTS;
+ }
else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
Status = STATUS_SUCCESS;
-
- SampRegCloseKey(NamesKey);
}
SampRegCloseKey(AccountKey);
Modified: trunk/reactos/dll/win32/samsrv/samrpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Sun Jul 22 15:12:00 2012
@@ -1622,11 +1622,11 @@
return Status;
}
- /* Add the name alias for the user object */
- Status = SampSetDbObjectNameAlias(DomainObject,
- L"Groups",
- Name->Buffer,
- ulRid);
+ /* Add the account name of the user object */
+ Status = SampSetAccountNameInDomain(DomainObject,
+ L"Groups",
+ Name->Buffer,
+ ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
@@ -1723,6 +1723,13 @@
TRACE("SamrCreateUserInDomain(%p %p %lx %p %p)\n",
DomainHandle, Name, DesiredAccess, UserHandle, RelativeId);
+ if (Name == NULL ||
+ Name->Length == 0 ||
+ Name->Buffer == NULL ||
+ UserHandle == NULL ||
+ RelativeId == NULL)
+ return STATUS_INVALID_PARAMETER;
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
@@ -1791,11 +1798,11 @@
return Status;
}
- /* Add the name alias for the user object */
- Status = SampSetDbObjectNameAlias(DomainObject,
- L"Users",
- Name->Buffer,
- ulRid);
+ /* Add the account name for the user object */
+ Status = SampSetAccountNameInDomain(DomainObject,
+ L"Users",
+ Name->Buffer,
+ ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
@@ -1805,12 +1812,17 @@
/* Initialize fixed user data */
memset(&FixedUserData, 0, sizeof(SAM_USER_FIXED_DATA));
FixedUserData.Version = 1;
-
+ FixedUserData.LastLogon.QuadPart = 0;
+ FixedUserData.LastLogoff.QuadPart = 0;
+ FixedUserData.PasswordLastSet.QuadPart = 0;
+ FixedUserData.AccountExpires.LowPart = MAXULONG;
+ FixedUserData.AccountExpires.HighPart = MAXLONG;
+ FixedUserData.LastBadPasswordTime.QuadPart = 0;
FixedUserData.UserId = ulRid;
FixedUserData.PrimaryGroupId = DOMAIN_GROUP_RID_USERS;
-// FixedUserData.UserAccountControl = USER_ACCOUNT_DISABLED |
-// USER_PASSWORD_NOT_REQUIRED ||
-// USER_NORMAL_ACCOUNT;
+ FixedUserData.UserAccountControl = USER_ACCOUNT_DISABLED |
+ USER_PASSWORD_NOT_REQUIRED |
+ USER_NORMAL_ACCOUNT;
/* Set fixed user data attribute */
Status = SampSetObjectAttribute(UserObject,
@@ -2050,11 +2062,11 @@
return Status;
}
- /* Add the name alias for the user object */
- Status = SampSetDbObjectNameAlias(DomainObject,
- L"Aliases",
- AccountName->Buffer,
- ulRid);
+ /* Add the account name for the alias object */
+ Status = SampSetAccountNameInDomain(DomainObject,
+ L"Aliases",
+ AccountName->Buffer,
+ ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
Modified: trunk/reactos/dll/win32/samsrv/samsrv.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samsrv.h?…
==============================================================================
--- trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samsrv.h [iso-8859-1] Sun Jul 22 15:12:00 2012
@@ -139,20 +139,14 @@
SampCloseDbObject(PSAM_DB_OBJECT DbObject);
NTSTATUS
-SampSetDbObjectNameAlias(IN PSAM_DB_OBJECT DomainObject,
- IN LPCWSTR lpContainerName,
- IN LPCWSTR lpAliasName,
- IN DWORD dwAliasValue);
-
-NTSTATUS
-SampCheckDbObjectNameAlias(IN PSAM_DB_OBJECT DomainObject,
- IN LPCWSTR lpContainerName,
- IN LPCWSTR lpAliasName,
- OUT PBOOL bAliasExists);
-
-NTSTATUS
SampCheckAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
IN LPWSTR lpAccountName);
+
+NTSTATUS
+SampSetAccountNameInDomain(IN PSAM_DB_OBJECT DomainObject,
+ IN LPCWSTR lpContainerName,
+ IN LPCWSTR lpAccountName,
+ IN ULONG ulRelativeId);
NTSTATUS
SampSetObjectAttribute(PSAM_DB_OBJECT DbObject,
Modified: trunk/reactos/include/ddk/ntsam.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/ddk/ntsam.h?rev=56…
==============================================================================
--- trunk/reactos/include/ddk/ntsam.h [iso-8859-1] (original)
+++ trunk/reactos/include/ddk/ntsam.h [iso-8859-1] Sun Jul 22 15:12:00 2012
@@ -162,6 +162,31 @@
USER_LIST_GROUPS |\
USER_READ_GROUP_INFORMATION |\
USER_WRITE_GROUP_INFORMATION)
+
+/* User account control bits */
+#define USER_ACCOUNT_DISABLED 0x00000001
+#define USER_HOME_DIRECTORY_REQUIRED 0x00000002
+#define USER_PASSWORD_NOT_REQUIRED 0x00000004
+#define USER_TEMP_DUPLICATE_ACCOUNT 0x00000008
+#define USER_NORMAL_ACCOUNT 0x00000010
+#define USER_MNS_LOGON_ACCOUNT 0x00000020
+#define USER_INTERDOMAIN_TRUST_ACCOUNT 0x00000040
+#define USER_WORKSTATION_TRUST_ACCOUNT 0x00000080
+#define USER_SERVER_TRUST_ACCOUNT 0x00000100
+#define USER_DONT_EXPIRE_PASSWORD 0x00000200
+#define USER_ACCOUNT_AUTO_LOCKED 0x00000400
+#define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x00000800
+#define USER_SMARTCARD_REQUIRED 0x00001000
+#define USER_TRUSTED_FOR_DELEGATION 0x00002000
+#define USER_NOT_DELEGATED 0x00004000
+#define USER_USE_DES_KEY_ONLY 0x00008000
+#define USER_DONT_REQUIRE_PREAUTH 0x00010000
+#define USER_PASSWORD_EXPIRED 0x00020000
+#define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x00040000
+#define USER_NO_AUTH_DATA_REQUIRED 0x00080000
+#define USER_PARTIAL_SECRETS_ACCOUNT 0x00100000
+#define USER_USE_AES_KEYS 0x00200000
+
typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
typedef ULONG SAM_ENUMERATE_HANDLE, *PSAM_ENUMERATE_HANDLE;
@@ -293,6 +318,12 @@
NTSTATUS
NTAPI
+SamAddMemberToGroup(IN SAM_HANDLE GroupHandle,
+ IN ULONG MemberId,
+ IN ULONG Attributes);
+
+NTSTATUS
+NTAPI
SamCloseHandle(IN SAM_HANDLE SamHandle);
NTSTATUS
@@ -416,6 +447,12 @@
NTSTATUS
NTAPI
+SamQueryInformationGroup(IN SAM_HANDLE GroupHandle,
+ IN GROUP_INFORMATION_CLASS GroupInformationClass,
+ OUT PVOID *Buffer);
+
+NTSTATUS
+NTAPI
SamQueryInformationUser(IN SAM_HANDLE UserHandle,
IN USER_INFORMATION_CLASS UserInformationClass,
OUT PVOID *Buffer);
@@ -435,7 +472,13 @@
NTAPI
SamSetInformationDomain(IN SAM_HANDLE DomainHandle,
IN DOMAIN_INFORMATION_CLASS DomainInformationClass,
- IN PVOID DomainInformation);
+ IN PVOID Buffer);
+
+NTSTATUS
+NTAPI
+SamSetInformationGroup(IN SAM_HANDLE GroupHandle,
+ IN GROUP_INFORMATION_CLASS GroupInformationClass,
+ IN PVOID Buffer);
NTSTATUS
NTAPI
@@ -447,7 +490,6 @@
NTAPI
SamShutdownSamServer(IN SAM_HANDLE ServerHandle);
-
#ifdef __cplusplus
}
#endif
Modified: trunk/reactos/include/reactos/idl/sam.idl
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/idl/sam.id…
==============================================================================
--- trunk/reactos/include/reactos/idl/sam.idl [iso-8859-1] (original)
+++ trunk/reactos/include/reactos/idl/sam.idl [iso-8859-1] Sun Jul 22 15:12:00 2012
@@ -628,9 +628,9 @@
{
ENCRYPTED_NT_OWF_PASSWORD EncryptedNtOwfPassword;
ENCRYPTED_LM_OWF_PASSWORD EncryptedLmOwfPassword;
- unsigned char NtPasswordPresent;
- unsigned char LmPasswordPresent;
- unsigned char PasswordExpired;
+ BOOLEAN NtPasswordPresent;
+ BOOLEAN LmPasswordPresent;
+ BOOLEAN PasswordExpired;
} SAMPR_USER_INTERNAL1_INFORMATION, *PSAMPR_USER_INTERNAL1_INFORMATION;
typedef struct _SAMPR_USER_INTERNAL4_INFORMATION
@@ -648,13 +648,13 @@
typedef struct _SAMPR_USER_INTERNAL5_INFORMATION
{
SAMPR_ENCRYPTED_USER_PASSWORD UserPassword;
- unsigned char PasswordExpired;
+ BOOLEAN PasswordExpired;
} SAMPR_USER_INTERNAL5_INFORMATION, *PSAMPR_USER_INTERNAL5_INFORMATION;
typedef struct _SAMPR_USER_INTERNAL5_INFORMATION_NEW
{
SAMPR_ENCRYPTED_USER_PASSWORD_NEW UserPassword;
- unsigned char PasswordExpired;
+ BOOLEAN PasswordExpired;
} SAMPR_USER_INTERNAL5_INFORMATION_NEW, *PSAMPR_USER_INTERNAL5_INFORMATION_NEW;
cpp_quote("#ifndef _NTSAM_")
4442
days inactive
4442
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org