[ekohl] 56678: [LSASRV][SYSSETUP] Move the creation of the random account domain SID from syssetup.dll to lsasrv.dll. This change is required because the account domain SID must be stored in the LS...
Author: ekohl Date: Wed May 30 22:53:37 2012 New Revision: 56678
URL: http://svn.reactos.org/svn/reactos?rev=56678&view=rev Log: [LSASRV][SYSSETUP] Move the creation of the random account domain SID from syssetup.dll to lsasrv.dll. This change is required because the account domain SID must be stored in the LSA database before the SAM database initializes. Syssetup.dll created the account domain SID much too late.
Modified: trunk/reactos/dll/win32/lsasrv/database.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/syssetup/globals.h trunk/reactos/dll/win32/syssetup/install.c trunk/reactos/dll/win32/syssetup/security.c
Modified: trunk/reactos/dll/win32/lsasrv/database.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/database.c... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/database.c [iso-8859-1] Wed May 30 22:53:37 2012 @@ -200,10 +200,40 @@
static NTSTATUS +LsapCreateRandomDomainSid(OUT PSID *Sid) +{ + SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; + LARGE_INTEGER SystemTime; + PULONG Seed; + + NtQuerySystemTime(&SystemTime); + Seed = &SystemTime.u.LowPart; + + return RtlAllocateAndInitializeSid(&SystemAuthority, + 4, + SECURITY_NT_NON_UNIQUE, + RtlUniform(Seed), + RtlUniform(Seed), + RtlUniform(Seed), + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + Sid); +} + + +static NTSTATUS LsapCreateDatabaseObjects(VOID) { - PLSA_DB_OBJECT PolicyObject; - NTSTATUS Status; + PLSA_DB_OBJECT PolicyObject = NULL; + PSID AccountDomainSid = NULL; + NTSTATUS Status; + + /* Create a random domain SID */ + Status = LsapCreateRandomDomainSid(&AccountDomainSid); + if (!NT_SUCCESS(Status)) + return Status;
/* Open the 'Policy' object */ Status = LsapOpenDbObject(NULL, @@ -212,7 +242,7 @@ 0, &PolicyObject); if (!NT_SUCCESS(Status)) - return Status; + goto done;
LsapSetObjectAttribute(PolicyObject, L"PolPrDmN", @@ -231,13 +261,17 @@
LsapSetObjectAttribute(PolicyObject, L"PolAcDmS", - NULL, - 0); - - /* Close the 'Policy' object */ - LsapCloseDbObject(PolicyObject); - - return STATUS_SUCCESS; + AccountDomainSid, + RtlLengthSid(AccountDomainSid)); + +done: + if (PolicyObject != NULL) + LsapCloseDbObject(PolicyObject); + + if (AccountDomainSid != NULL) + RtlFreeSid(AccountDomainSid); + + return Status; }
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Wed May 30 22:53:37 2012 @@ -11,6 +11,7 @@ #include <windows.h> #define NTOS_MODE_USER #include <ndk/cmfuncs.h> +#include <ndk/kefuncs.h> #include <ndk/lpctypes.h> #include <ndk/lpcfuncs.h> #include <ndk/obfuncs.h>
Modified: trunk/reactos/dll/win32/syssetup/globals.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/globals.... ============================================================================== --- trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/globals.h [iso-8859-1] Wed May 30 22:53:37 2012 @@ -64,6 +64,7 @@ /* security.c */ NTSTATUS SetAccountDomain(LPCWSTR DomainName, PSID DomainSid); +NTSTATUS GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo); VOID InstallSecurity(VOID);
/* wizard.c */
Modified: trunk/reactos/dll/win32/syssetup/install.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/install.... ============================================================================== --- trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/install.c [iso-8859-1] Wed May 30 22:53:37 2012 @@ -36,9 +36,6 @@
/* GLOBALS ******************************************************************/
-PSID DomainSid = NULL; -PSID AdminSid = NULL; - HINF hSysSetupInf = INVALID_HANDLE_VALUE;
/* FUNCTIONS ****************************************************************/ @@ -225,33 +222,6 @@ _tcscpy(p, pszName);
return CreateDirectory(szPath, NULL) || GetLastError()==ERROR_ALREADY_EXISTS; -} - -static BOOL -CreateRandomSid( - OUT PSID *Sid) -{ - SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; - LARGE_INTEGER SystemTime; - PULONG Seed; - NTSTATUS Status; - - NtQuerySystemTime(&SystemTime); - Seed = &SystemTime.u.LowPart; - - Status = RtlAllocateAndInitializeSid( - &SystemAuthority, - 4, - SECURITY_NT_NON_UNIQUE, - RtlUniform(Seed), - RtlUniform(Seed), - RtlUniform(Seed), - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - Sid); - return NT_SUCCESS(Status); }
static VOID @@ -878,6 +848,8 @@ DWORD WINAPI InstallReactOS(HINSTANCE hInstance) { + PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL; + PSID AdminSid = NULL; TCHAR szBuffer[MAX_PATH]; DWORD LastError; HANDLE token; @@ -893,23 +865,17 @@ return 0; }
- /* Create the semi-random Domain-SID */ - if (!CreateRandomSid(&DomainSid)) - { - FatalError("Domain-SID creation failed!"); + /* Get account domain information */ + if (GetAccountDomainInfo(&AccountDomainInfo) != STATUS_SUCCESS) + { + FatalError("GetAccountDomainInfo() failed!"); return 0; }
- /* Set the Domain SID (aka Computer SID) */ - if (SetAccountDomain(NULL, DomainSid) != STATUS_SUCCESS) - { - FatalError("SetAccountDomain() failed!"); - RtlFreeSid(DomainSid); - return 0; - } - /* Append the Admin-RID */ - AppendRidToSid(&AdminSid, DomainSid, DOMAIN_USER_RID_ADMIN); + AppendRidToSid(&AdminSid, AccountDomainInfo->DomainSid, DOMAIN_USER_RID_ADMIN); + + LsaFreeMemory(AccountDomainInfo);
CreateTempDir(L"TEMP"); CreateTempDir(L"TMP"); @@ -964,13 +930,11 @@ { FatalError("SamCreateUser() failed!"); RtlFreeSid(AdminSid); - RtlFreeSid(DomainSid); return 0; } }
RtlFreeSid(AdminSid); - RtlFreeSid(DomainSid);
if (!CreateShortcuts()) {
Modified: trunk/reactos/dll/win32/syssetup/security.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/syssetup/security... ============================================================================== --- trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/syssetup/security.c [iso-8859-1] Wed May 30 22:53:37 2012 @@ -26,6 +26,8 @@ LSA_HANDLE PolicyHandle; NTSTATUS Status;
+ DPRINT1("SYSSETUP: SetAccountDomain\n"); + memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
@@ -80,6 +82,38 @@
if (OrigInfo != NULL) LsaFreeMemory(OrigInfo); + + LsaClose(PolicyHandle); + + return Status; +} + + +NTSTATUS +GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo) +{ + LSA_OBJECT_ATTRIBUTES ObjectAttributes; + LSA_HANDLE PolicyHandle; + NTSTATUS Status; + + DPRINT1("SYSSETUP: GetAccountDomain\n"); + + memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); + ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); + + Status = LsaOpenPolicy(NULL, + &ObjectAttributes, + POLICY_TRUST_ADMIN, + &PolicyHandle); + if (Status != STATUS_SUCCESS) + { + DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); + return Status; + } + + Status = LsaQueryInformationPolicy(PolicyHandle, + PolicyAccountDomainInformation, + (PVOID *)AccountDomainInfo);
LsaClose(PolicyHandle);
-
ekohl@svn.reactos.org