[ekohl] 58053: [SAMSRV] Enable the use of generic access rights by mapping them to object specific right. - Ros-diffs

30 Dec 2012

Author: ekohl
Date: Sun Dec 30 13:00:02 2012
New Revision: 58053
URL: http://svn.reactos.org/svn/reactos?rev=58053&view=rev
Log:
[SAMSRV]
Enable the use of generic access rights by mapping them to object specific right.
Modified:
    trunk/reactos/dll/win32/samsrv/samrpc.c
Modified: trunk/reactos/dll/win32/samsrv/samrpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/samsrv/samrpc.c?r...
==============================================================================

--- trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/samsrv/samrpc.c [iso-8859-1] Sun Dec 30 13:00:02 2012
@@ -17,6 +17,46 @@
static SID_IDENTIFIER_AUTHORITY NtSidAuthority = {SECURITY_NT_AUTHORITY};
+static GENERIC_MAPPING ServerMapping =
+{
+    SAM_SERVER_READ,
+    SAM_SERVER_WRITE,
+    SAM_SERVER_EXECUTE,
+    SAM_SERVER_ALL_ACCESS
+};
+
+static GENERIC_MAPPING DomainMapping =
+{
+    DOMAIN_READ,
+    DOMAIN_WRITE,
+    DOMAIN_EXECUTE,
+    DOMAIN_ALL_ACCESS
+};
+
+static GENERIC_MAPPING AliasMapping =
+{
+    ALIAS_READ,
+    ALIAS_WRITE,
+    ALIAS_EXECUTE,
+    ALIAS_ALL_ACCESS
+};
+
+static GENERIC_MAPPING GroupMapping =
+{
+    GROUP_READ,
+    GROUP_WRITE,
+    GROUP_EXECUTE,
+    GROUP_ALL_ACCESS
+};
+
+static GENERIC_MAPPING UserMapping =
+{
+    USER_READ,
+    USER_WRITE,
+    USER_EXECUTE,
+    USER_ALL_ACCESS
+};
+
/* FUNCTIONS *****************************************************************/
@@ -68,9 +108,11 @@
     HeapFree(GetProcessHeap(), 0, ptr);
 }
+
 void __RPC_USER SAMPR_HANDLE_rundown(SAMPR_HANDLE hHandle)
 {
 }
+
/* Function 0 */
 NTSTATUS
@@ -85,6 +127,11 @@
     TRACE("SamrConnect(%p %p %lx)\n",
           ServerName, ServerHandle, DesiredAccess);
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &ServerMapping);
+
+    /* Open the Server Object */
     Status = SampOpenDbObject(NULL,
                               NULL,
                               L"SAM",
@@ -100,6 +147,7 @@
     return Status;
 }
+
 /* Function 1 */
 NTSTATUS
 NTAPI
@@ -125,6 +173,7 @@
     return Status;
 }
+
 /* Function 2 */
 NTSTATUS
 NTAPI
@@ -136,6 +185,7 @@
     return STATUS_NOT_IMPLEMENTED;
 }
+
 /* Function 3 */
 NTSTATUS
 NTAPI
@@ -146,6 +196,7 @@
     UNIMPLEMENTED;
     return STATUS_NOT_IMPLEMENTED;
 }
+
/* Function 4 */
 NTSTATUS
@@ -486,6 +537,10 @@
     TRACE("SamrOpenDomain(%p %lx %p %p)\n",
           ServerHandle, DesiredAccess, DomainId, DomainHandle);
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &DomainMapping);
+
     /* Validate the server handle */
     Status = SampValidateDbObject(ServerHandle,
                                   SamDbServerObject,
@@ -1652,6 +1707,10 @@
TRACE("SamrCreateGroupInDomain(%p %p %lx %p %p)\n",
           DomainHandle, Name, DesiredAccess, GroupHandle, RelativeId);
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &GroupMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
@@ -2018,6 +2077,10 @@
         UserHandle == NULL ||
         RelativeId == NULL)
         return STATUS_INVALID_PARAMETER;
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &UserMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
@@ -2472,6 +2535,10 @@
TRACE("SamrCreateAliasInDomain(%p %p %lx %p %p)\n",
           DomainHandle, AccountName, DesiredAccess, AliasHandle, RelativeId);
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &AliasMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
@@ -3452,6 +3519,10 @@
     TRACE("SamrOpenGroup(%p %lx %lx %p)\n",
           DomainHandle, DesiredAccess, GroupId, GroupHandle);
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &GroupMapping);
+
     /* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
                                   SamDbDomainObject,
@@ -3899,6 +3970,10 @@
TRACE("SamrOpenAlias(%p %lx %lx %p)\n",
           DomainHandle, DesiredAccess, AliasId, AliasHandle);
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &AliasMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
@@ -4564,6 +4639,10 @@
TRACE("SamrOpenUser(%p %lx %lx %p)\n",
           DomainHandle, DesiredAccess, UserId, UserHandle);
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &UserMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,
@@ -6100,6 +6179,7 @@
     return Status;
 }
+
 /* Function 38 */
 NTSTATUS
 NTAPI
@@ -6284,6 +6364,10 @@
         AccountType != USER_SERVER_TRUST_ACCOUNT &&
         AccountType != USER_TEMP_DUPLICATE_ACCOUNT)
         return STATUS_INVALID_PARAMETER;
+
+    /* Map generic access rights */
+    RtlMapGenericMask(&DesiredAccess,
+                      &UserMapping);
/* Validate the domain handle */
     Status = SampValidateDbObject(DomainHandle,

    