3cc497387584779e7cd9dc8add26c4b34e7bfb01
[reactos.git] / reactos / dll / win32 / lsasrv / lookup.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lookup.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9 #include "lsasrv.h"
10
11 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
12
13 typedef wchar_t *PSAMPR_SERVER_NAME;
14 typedef void *SAMPR_HANDLE;
15
16 typedef struct _SAMPR_RETURNED_USTRING_ARRAY
17 {
18 unsigned long Count;
19 PRPC_UNICODE_STRING Element;
20 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY;
21
22 typedef struct _SAMPR_ULONG_ARRAY
23 {
24 unsigned long Count;
25 unsigned long *Element;
26 } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
27
28
29 VOID
30 NTAPI
31 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr);
32
33 VOID
34 NTAPI
35 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr);
36
37 NTSTATUS
38 NTAPI
39 SamrConnect(IN PSAMPR_SERVER_NAME ServerName,
40 OUT SAMPR_HANDLE *ServerHandle,
41 IN ACCESS_MASK DesiredAccess);
42
43 NTSTATUS
44 NTAPI
45 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle);
46
47 NTSTATUS
48 NTAPI
49 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle,
50 IN ACCESS_MASK DesiredAccess,
51 IN PRPC_SID DomainId,
52 OUT SAMPR_HANDLE *DomainHandle);
53
54 NTSTATUS
55 NTAPI
56 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle,
57 IN ULONG Count,
58 IN ULONG *RelativeIds,
59 OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
60 OUT PSAMPR_ULONG_ARRAY Use);
61
62 NTSTATUS
63 NTAPI
64 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
65 IN ULONG Count,
66 IN RPC_UNICODE_STRING Names[],
67 OUT PSAMPR_ULONG_ARRAY RelativeIds,
68 OUT PSAMPR_ULONG_ARRAY Use);
69
70
71 typedef struct _WELL_KNOWN_SID
72 {
73 LIST_ENTRY ListEntry;
74 PSID Sid;
75 UNICODE_STRING AccountName;
76 UNICODE_STRING DomainName;
77 SID_NAME_USE Use;
78 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
79
80
81 LIST_ENTRY WellKnownSidListHead;
82
83 #if 0
84 typedef struct _AccountSid
85 {
86 WELL_KNOWN_SID_TYPE type;
87 LPCWSTR account;
88 LPCWSTR domain;
89 SID_NAME_USE name_use;
90 } AccountSid;
91
92 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
93 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
94 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
95 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
96 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
97 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
98 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
99 static const WCHAR Blank[] = { 0 };
100 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
101 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
102 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
103 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
104 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
105 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
106 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
107 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
108 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
109 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
110 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
111 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
112 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
113 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
114 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
115 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
116 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
117 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
118 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
119 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
120 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
121 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
122 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
123 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
124 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
125 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
126 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
127 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
128 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
129 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
130 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
131 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
132 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
133 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
134 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
135 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
136 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
137 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
138 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
139 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
140 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
141 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
142 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
143 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
144 static const WCHAR SELF[] = { 'S','E','L','F',0 };
145 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
146 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
147 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
148 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
149 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
150 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
151
152 static const AccountSid ACCOUNT_SIDS[] = {
153 // { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
154 // { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
155 // { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
156 // { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
157 // { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
158 // { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
159 // { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
160 // { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
161 // { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
162 // { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
163 // { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
164 // { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
165 // { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
166 // { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
167 // { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
168 // { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
169 // { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
170 // { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
171 // { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
172 // { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
173 // { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
174 // { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
175 // { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
176 // { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
177 // { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
178 // { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
179 // { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
180 // { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
181 // { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
182 // { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
183 // { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
184 // { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
185 // { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
186 // { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
187 // { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
188 // { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
189 // { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
190 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
191 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
192 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
193 // { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
194 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
195 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
196 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
197 };
198 #endif
199
200
201 BOOLEAN
202 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
203 UCHAR SubAuthorityCount,
204 PULONG SubAuthorities,
205 PWSTR AccountName,
206 PWSTR DomainName,
207 SID_NAME_USE Use)
208 {
209 PWELL_KNOWN_SID SidEntry;
210 PULONG p;
211 ULONG i;
212
213 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
214 if (SidEntry == NULL)
215 return FALSE;
216
217 InitializeListHead(&SidEntry->ListEntry);
218
219 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
220 0,
221 RtlLengthRequiredSid(SubAuthorityCount));
222 if (SidEntry->Sid == NULL)
223 {
224 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
225 return FALSE;
226 }
227
228 RtlInitializeSid(SidEntry->Sid,
229 IdentifierAuthority,
230 SubAuthorityCount);
231
232 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
233 {
234 p = RtlSubAuthoritySid(SidEntry->Sid, i);
235 *p = SubAuthorities[i];
236 }
237
238 RtlInitUnicodeString(&SidEntry->AccountName,
239 AccountName);
240
241 RtlInitUnicodeString(&SidEntry->DomainName,
242 DomainName);
243
244 SidEntry->Use = Use;
245
246 InsertTailList(&WellKnownSidListHead,
247 &SidEntry->ListEntry);
248
249 return TRUE;
250 }
251
252
253 NTSTATUS
254 LsapInitSids(VOID)
255 {
256 ULONG SubAuthorities[8];
257
258 InitializeListHead(&WellKnownSidListHead);
259
260 /* NT Authority */
261 LsapCreateSid(&NtAuthority,
262 0,
263 NULL,
264 L"NT AUTHORITY",
265 L"NT AUTHORITY",
266 SidTypeDomain);
267
268 /* Null Sid */
269 SubAuthorities[0] = SECURITY_NULL_RID;
270 LsapCreateSid(&NullSidAuthority,
271 1,
272 SubAuthorities,
273 L"NULL SID",
274 L"",
275 SidTypeWellKnownGroup);
276
277 /* World Sid */
278 SubAuthorities[0] = SECURITY_WORLD_RID;
279 LsapCreateSid(&WorldSidAuthority,
280 1,
281 SubAuthorities,
282 L"Everyone",
283 L"",
284 SidTypeWellKnownGroup);
285
286 /* Local Sid */
287 SubAuthorities[0] = SECURITY_LOCAL_RID;
288 LsapCreateSid(&LocalSidAuthority,
289 1,
290 SubAuthorities,
291 L"LOCAL",
292 L"",
293 SidTypeWellKnownGroup);
294
295 /* Creator Owner Sid */
296 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
297 LsapCreateSid(&CreatorSidAuthority,
298 1,
299 SubAuthorities,
300 L"CREATOR OWNER",
301 L"",
302 SidTypeWellKnownGroup);
303
304 /* Creator Group Sid */
305 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
306 LsapCreateSid(&CreatorSidAuthority,
307 1,
308 SubAuthorities,
309 L"CREATOR GROUP",
310 L"",
311 SidTypeWellKnownGroup);
312
313 /* Creator Owner Server Sid */
314 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
315 LsapCreateSid(&CreatorSidAuthority,
316 1,
317 SubAuthorities,
318 L"CREATOR OWNER SERVER",
319 L"",
320 SidTypeWellKnownGroup);
321
322 /* Creator Group Server Sid */
323 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
324 LsapCreateSid(&CreatorSidAuthority,
325 1,
326 SubAuthorities,
327 L"CREATOR GROUP SERVER",
328 L"",
329 SidTypeWellKnownGroup);
330
331 /* Dialup Sid */
332 SubAuthorities[0] = SECURITY_DIALUP_RID;
333 LsapCreateSid(&NtAuthority,
334 1,
335 SubAuthorities,
336 L"DIALUP",
337 L"NT AUTHORITY",
338 SidTypeWellKnownGroup);
339
340 /* Network Sid */
341 SubAuthorities[0] = SECURITY_NETWORK_RID;
342 LsapCreateSid(&NtAuthority,
343 1,
344 SubAuthorities,
345 L"NETWORK",
346 L"NT AUTHORITY",
347 SidTypeWellKnownGroup);
348
349 /* Batch Sid*/
350 SubAuthorities[0] = SECURITY_BATCH_RID;
351 LsapCreateSid(&NtAuthority,
352 1,
353 SubAuthorities,
354 L"BATCH",
355 L"NT AUTHORITY",
356 SidTypeWellKnownGroup);
357
358 /* Interactive Sid */
359 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
360 LsapCreateSid(&NtAuthority,
361 1,
362 SubAuthorities,
363 L"INTERACTIVE",
364 L"NT AUTHORITY",
365 SidTypeWellKnownGroup);
366
367 /* Service Sid */
368 SubAuthorities[0] = SECURITY_SERVICE_RID;
369 LsapCreateSid(&NtAuthority,
370 1,
371 SubAuthorities,
372 L"SERVICE",
373 L"NT AUTHORITY",
374 SidTypeWellKnownGroup);
375
376 /* Anonymous Logon Sid */
377 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
378 LsapCreateSid(&NtAuthority,
379 1,
380 SubAuthorities,
381 L"ANONYMOUS LOGON",
382 L"NT AUTHORITY",
383 SidTypeWellKnownGroup);
384
385 /* Proxy Sid */
386 SubAuthorities[0] = SECURITY_PROXY_RID;
387 LsapCreateSid(&NtAuthority,
388 1,
389 SubAuthorities,
390 L"PROXY",
391 L"NT AUTHORITY",
392 SidTypeWellKnownGroup);
393
394 /* Enterprise Controllers Sid */
395 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
396 LsapCreateSid(&NtAuthority,
397 1,
398 SubAuthorities,
399 L"ENTERPRISE DOMAIN CONTROLLERS",
400 L"NT AUTHORITY",
401 SidTypeWellKnownGroup);
402
403 /* Principal Self Sid */
404 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
405 LsapCreateSid(&NtAuthority,
406 1,
407 SubAuthorities,
408 L"SELF",
409 L"NT AUTHORITY",
410 SidTypeWellKnownGroup);
411
412 /* Authenticated Users Sid */
413 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
414 LsapCreateSid(&NtAuthority,
415 1,
416 SubAuthorities,
417 L"Authenticated Users",
418 L"NT AUTHORITY",
419 SidTypeWellKnownGroup);
420
421 /* Restricted Code Sid */
422 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
423 LsapCreateSid(&NtAuthority,
424 1,
425 SubAuthorities,
426 L"RESTRICTED",
427 L"NT AUTHORITY",
428 SidTypeWellKnownGroup);
429
430 /* Terminal Server Sid */
431 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
432 LsapCreateSid(&NtAuthority,
433 1,
434 SubAuthorities,
435 L"TERMINAL SERVER USER",
436 L"NT AUTHORITY",
437 SidTypeWellKnownGroup);
438
439 /* Remote Logon Sid */
440 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
441 LsapCreateSid(&NtAuthority,
442 1,
443 SubAuthorities,
444 L"REMOTE INTERACTIVE LOGON",
445 L"NT AUTHORITY",
446 SidTypeWellKnownGroup);
447
448 /* This Organization Sid */
449 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
450 LsapCreateSid(&NtAuthority,
451 1,
452 SubAuthorities,
453 L"This Organization",
454 L"NT AUTHORITY",
455 SidTypeWellKnownGroup);
456
457 /* Local System Sid */
458 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
459 LsapCreateSid(&NtAuthority,
460 1,
461 SubAuthorities,
462 L"SYSTEM",
463 L"NT AUTHORITY",
464 SidTypeWellKnownGroup);
465
466 /* Local Service Sid */
467 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
468 LsapCreateSid(&NtAuthority,
469 1,
470 SubAuthorities,
471 L"LOCAL SERVICE",
472 L"NT AUTHORITY",
473 SidTypeWellKnownGroup);
474
475 LsapCreateSid(&NtAuthority,
476 1,
477 SubAuthorities,
478 L"LOCALSERVICE",
479 L"NT AUTHORITY",
480 SidTypeWellKnownGroup);
481
482 /* Network Service Sid */
483 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
484 LsapCreateSid(&NtAuthority,
485 1,
486 SubAuthorities,
487 L"NETWORK SERVICE",
488 L"NT AUTHORITY",
489 SidTypeWellKnownGroup);
490
491 LsapCreateSid(&NtAuthority,
492 1,
493 SubAuthorities,
494 L"NETWORKSERVICE",
495 L"NT AUTHORITY",
496 SidTypeWellKnownGroup);
497
498 /* Builtin Domain Sid */
499 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
500 LsapCreateSid(&NtAuthority,
501 1,
502 SubAuthorities,
503 L"BUILTIN",
504 L"BUILTIN",
505 SidTypeDomain);
506
507 /* Administrators Alias Sid */
508 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
509 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
510 LsapCreateSid(&NtAuthority,
511 2,
512 SubAuthorities,
513 L"Administrators",
514 L"BUILTIN",
515 SidTypeAlias);
516
517 /* Users Alias Sid */
518 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
519 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
520 LsapCreateSid(&NtAuthority,
521 2,
522 SubAuthorities,
523 L"Users",
524 L"BUILTIN",
525 SidTypeAlias);
526
527 /* Guests Alias Sid */
528 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
529 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
530 LsapCreateSid(&NtAuthority,
531 2,
532 SubAuthorities,
533 L"Guests",
534 L"BUILTIN",
535 SidTypeAlias);
536
537 /* Power User Alias Sid */
538 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
539 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
540 LsapCreateSid(&NtAuthority,
541 2,
542 SubAuthorities,
543 L"Power User",
544 L"BUILTIN",
545 SidTypeAlias);
546
547 /* Account Operators Alias Sid */
548 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
549 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
550 LsapCreateSid(&NtAuthority,
551 2,
552 SubAuthorities,
553 L"Account Operators",
554 L"BUILTIN",
555 SidTypeAlias);
556
557 /* System Operators Alias Sid */
558 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
559 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
560 LsapCreateSid(&NtAuthority,
561 2,
562 SubAuthorities,
563 L"Server Operators",
564 L"BUILTIN",
565 SidTypeAlias);
566
567 /* Print Operators Alias Sid */
568 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
569 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
570 LsapCreateSid(&NtAuthority,
571 2,
572 SubAuthorities,
573 L"Print Operators",
574 L"BUILTIN",
575 SidTypeAlias);
576
577 /* Backup Operators Alias Sid */
578 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
579 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
580 LsapCreateSid(&NtAuthority,
581 2,
582 SubAuthorities,
583 L"Backup Operators",
584 L"BUILTIN",
585 SidTypeAlias);
586
587 /* Replicators Alias Sid */
588 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
589 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
590 LsapCreateSid(&NtAuthority,
591 2,
592 SubAuthorities,
593 L"Replicators",
594 L"BUILTIN",
595 SidTypeAlias);
596
597 #if 0
598 /* RAS Servers Alias Sid */
599 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
600 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
601 LsapCreateSid(&NtAuthority,
602 2,
603 SubAuthorities,
604 L"Backup Operators",
605 L"BUILTIN",
606 SidTypeAlias);
607 #endif
608
609 /* Pre-Windows 2000 Compatible Access Alias Sid */
610 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
611 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
612 LsapCreateSid(&NtAuthority,
613 2,
614 SubAuthorities,
615 L"Pre-Windows 2000 Compatible Access",
616 L"BUILTIN",
617 SidTypeAlias);
618
619 /* Remote Desktop Users Alias Sid */
620 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
621 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
622 LsapCreateSid(&NtAuthority,
623 2,
624 SubAuthorities,
625 L"Remote Desktop Users",
626 L"BUILTIN",
627 SidTypeAlias);
628
629 /* Network Configuration Operators Alias Sid */
630 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
631 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
632 LsapCreateSid(&NtAuthority,
633 2,
634 SubAuthorities,
635 L"Network Configuration Operators",
636 L"BUILTIN",
637 SidTypeAlias);
638
639 /* FIXME: Add more well known sids */
640
641 return STATUS_SUCCESS;
642 }
643
644
645 PWELL_KNOWN_SID
646 LsapLookupWellKnownSid(PSID Sid)
647 {
648 PLIST_ENTRY ListEntry;
649 PWELL_KNOWN_SID Ptr;
650
651 ListEntry = WellKnownSidListHead.Flink;
652 while (ListEntry != &WellKnownSidListHead)
653 {
654 Ptr = CONTAINING_RECORD(ListEntry,
655 WELL_KNOWN_SID,
656 ListEntry);
657 if (RtlEqualSid(Sid, Ptr->Sid))
658 {
659 return Ptr;
660 }
661
662 ListEntry = ListEntry->Flink;
663 }
664
665 return NULL;
666 }
667
668
669 PWELL_KNOWN_SID
670 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName)
671 {
672 PLIST_ENTRY ListEntry;
673 PWELL_KNOWN_SID Ptr;
674
675 ListEntry = WellKnownSidListHead.Flink;
676 while (ListEntry != &WellKnownSidListHead)
677 {
678 Ptr = CONTAINING_RECORD(ListEntry,
679 WELL_KNOWN_SID,
680 ListEntry);
681 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE))
682 {
683 return Ptr;
684 }
685
686 ListEntry = ListEntry->Flink;
687 }
688
689 return NULL;
690 }
691
692
693 PWELL_KNOWN_SID
694 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName,
695 PUNICODE_STRING DomainName)
696 {
697 PLIST_ENTRY ListEntry;
698 PWELL_KNOWN_SID Ptr;
699
700 ListEntry = WellKnownSidListHead.Flink;
701 while (ListEntry != &WellKnownSidListHead)
702 {
703 Ptr = CONTAINING_RECORD(ListEntry,
704 WELL_KNOWN_SID,
705 ListEntry);
706 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) &&
707 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE))
708 {
709 return Ptr;
710 }
711
712 ListEntry = ListEntry->Flink;
713 }
714
715 return NULL;
716 }
717
718
719 static
720 NTSTATUS
721 LsapSplitNames(DWORD Count,
722 PRPC_UNICODE_STRING Names,
723 PRPC_UNICODE_STRING *DomainNames,
724 PRPC_UNICODE_STRING *AccountNames)
725 {
726 PRPC_UNICODE_STRING DomainsBuffer = NULL;
727 PRPC_UNICODE_STRING AccountsBuffer = NULL;
728 ULONG DomainLength;
729 ULONG AccountLength;
730 ULONG i;
731 LPWSTR Ptr;
732 NTSTATUS Status = STATUS_SUCCESS;
733
734 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
735 if (DomainsBuffer == NULL)
736 {
737 Status = STATUS_INSUFFICIENT_RESOURCES;
738 goto done;
739 }
740
741 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
742 if (AccountsBuffer == NULL)
743 {
744 Status = STATUS_INSUFFICIENT_RESOURCES;
745 goto done;
746 }
747
748 for (i = 0; i < Count; i++)
749 {
750 //TRACE("Name: %wZ\n", &Names[i]);
751
752 Ptr = wcschr(Names[i].Buffer, L'\\');
753 if (Ptr == NULL)
754 {
755 AccountLength = Names[i].Length / sizeof(WCHAR);
756
757 AccountsBuffer[i].Length = Names[i].Length;
758 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
759 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
760 if (AccountsBuffer[i].Buffer == NULL)
761 {
762 Status = STATUS_INSUFFICIENT_RESOURCES;
763 goto done;
764 }
765
766 CopyMemory(AccountsBuffer[i].Buffer,
767 Names[i].Buffer,
768 AccountsBuffer[i].Length);
769 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
770
771 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
772 }
773 else
774 {
775 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer);
776 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1;
777 //TRACE("DomainLength: %u\n", DomainLength);
778 //TRACE("AccountLength: %u\n", AccountLength);
779
780 if (DomainLength > 0)
781 {
782 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR);
783 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR);
784 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength);
785 if (DomainsBuffer[i].Buffer == NULL)
786 {
787 Status = STATUS_INSUFFICIENT_RESOURCES;
788 goto done;
789 }
790
791 CopyMemory(DomainsBuffer[i].Buffer,
792 Names[i].Buffer,
793 DomainsBuffer[i].Length);
794 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL;
795
796 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]);
797 }
798
799 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR);
800 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
801 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
802 if (AccountsBuffer[i].Buffer == NULL)
803 {
804 Status = STATUS_INSUFFICIENT_RESOURCES;
805 goto done;
806 }
807
808 CopyMemory(AccountsBuffer[i].Buffer,
809 &(Names[i].Buffer[DomainLength + 1]),
810 AccountsBuffer[i].Length);
811 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
812
813 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
814 }
815 }
816
817 done:
818 if (!NT_SUCCESS(Status))
819 {
820 if (AccountsBuffer != NULL)
821 {
822 for (i = 0; i < Count; i++)
823 {
824 if (AccountsBuffer[i].Buffer != NULL)
825 MIDL_user_free(AccountsBuffer[i].Buffer);
826 }
827
828 MIDL_user_free(AccountsBuffer);
829 }
830
831 if (DomainsBuffer != NULL)
832 {
833 for (i = 0; i < Count; i++)
834 {
835 if (DomainsBuffer[i].Buffer != NULL)
836 MIDL_user_free(DomainsBuffer[i].Buffer);
837 }
838
839 MIDL_user_free(DomainsBuffer);
840 }
841 }
842 else
843 {
844 *DomainNames = DomainsBuffer;
845 *AccountNames = AccountsBuffer;
846 }
847
848 return Status;
849 }
850
851
852 static NTSTATUS
853 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
854 PUNICODE_STRING Name,
855 PSID Sid,
856 PULONG Index)
857 {
858 ULONG i;
859
860 i = 0;
861 while (i < ReferencedDomains->Entries &&
862 ReferencedDomains->Domains[i].Sid != NULL)
863 {
864 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid))
865 {
866 *Index = i;
867 return STATUS_SUCCESS;
868 }
869
870 i++;
871 }
872
873 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid));
874 if (ReferencedDomains->Domains[i].Sid == NULL)
875 return STATUS_INSUFFICIENT_RESOURCES;
876
877 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid);
878
879 ReferencedDomains->Domains[i].Name.Length = Name->Length;
880 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength;
881 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength);
882 if (ReferencedDomains->Domains[i].Sid == NULL)
883 {
884 MIDL_user_free(ReferencedDomains->Domains[i].Sid);
885 ReferencedDomains->Domains[i].Sid = NULL;
886 return STATUS_INSUFFICIENT_RESOURCES;
887 }
888
889 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer,
890 Name->Buffer,
891 Name->MaximumLength);
892
893 ReferencedDomains->Entries++;
894 *Index = i;
895
896 return STATUS_SUCCESS;
897 }
898
899
900 static BOOLEAN
901 LsapIsPrefixSid(IN PSID PrefixSid,
902 IN PSID Sid)
903 {
904 PISID Sid1 = PrefixSid, Sid2 = Sid;
905 ULONG i;
906
907 if (Sid1->Revision != Sid2->Revision)
908 return FALSE;
909
910 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) ||
911 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) ||
912 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) ||
913 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) ||
914 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) ||
915 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5]))
916 return FALSE;
917
918 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount)
919 return FALSE;
920
921 if (Sid1->SubAuthorityCount == 0)
922 return TRUE;
923
924 for (i = 0; i < Sid1->SubAuthorityCount; i++)
925 {
926 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i])
927 return FALSE;
928 }
929
930 return TRUE;
931 }
932
933
934 ULONG
935 LsapGetRelativeIdFromSid(PSID Sid_)
936 {
937 PISID Sid = Sid_;
938
939 if (Sid->SubAuthorityCount != 0)
940 return Sid->SubAuthority[Sid->SubAuthorityCount - 1];
941
942 return 0;
943 }
944
945
946 static PSID
947 CreateSidFromSidAndRid(PSID SrcSid,
948 ULONG RelativeId)
949 {
950 UCHAR RidCount;
951 PSID DstSid;
952 ULONG i;
953 ULONG DstSidSize;
954 PULONG p, q;
955
956 RidCount = *RtlSubAuthorityCountSid(SrcSid);
957 if (RidCount >= 8)
958 return NULL;
959
960 DstSidSize = RtlLengthRequiredSid(RidCount + 1);
961
962 DstSid = MIDL_user_allocate(DstSidSize);
963 if (DstSid == NULL)
964 return NULL;
965
966 RtlInitializeSid(DstSid,
967 RtlIdentifierAuthoritySid(SrcSid),
968 RidCount + 1);
969
970 for (i = 0; i < (ULONG)RidCount; i++)
971 {
972 p = RtlSubAuthoritySid(SrcSid, i);
973 q = RtlSubAuthoritySid(DstSid, i);
974 *q = *p;
975 }
976
977 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
978 *q = RelativeId;
979
980 return DstSid;
981 }
982
983
984 static PSID
985 CreateDomainSidFromAccountSid(PSID AccountSid)
986 {
987 UCHAR RidCount;
988 PSID DomainSid;
989 ULONG i;
990 ULONG DstSidSize;
991 PULONG p, q;
992
993 RidCount = *RtlSubAuthorityCountSid(AccountSid);
994 if (RidCount > 0)
995 RidCount--;
996
997 DstSidSize = RtlLengthRequiredSid(RidCount);
998
999 DomainSid = MIDL_user_allocate(DstSidSize);
1000 if (DomainSid == NULL)
1001 return NULL;
1002
1003 RtlInitializeSid(DomainSid,
1004 RtlIdentifierAuthoritySid(AccountSid),
1005 RidCount);
1006
1007 for (i = 0; i < (ULONG)RidCount; i++)
1008 {
1009 p = RtlSubAuthoritySid(AccountSid, i);
1010 q = RtlSubAuthoritySid(DomainSid, i);
1011 *q = *p;
1012 }
1013
1014 return DomainSid;
1015 }
1016
1017
1018 static PSID
1019 LsapCopySid(PSID SrcSid)
1020 {
1021 UCHAR RidCount;
1022 PSID DstSid;
1023 ULONG i;
1024 ULONG DstSidSize;
1025 PULONG p, q;
1026
1027 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1028 DstSidSize = RtlLengthRequiredSid(RidCount);
1029
1030 DstSid = MIDL_user_allocate(DstSidSize);
1031 if (DstSid == NULL)
1032 return NULL;
1033
1034 RtlInitializeSid(DstSid,
1035 RtlIdentifierAuthoritySid(SrcSid),
1036 RidCount);
1037
1038 for (i = 0; i < (ULONG)RidCount; i++)
1039 {
1040 p = RtlSubAuthoritySid(SrcSid, i);
1041 q = RtlSubAuthoritySid(DstSid, i);
1042 *q = *p;
1043 }
1044
1045 return DstSid;
1046 }
1047
1048
1049 static
1050 NTSTATUS
1051 LsapLookupIsolatedNames(DWORD Count,
1052 PRPC_UNICODE_STRING DomainNames,
1053 PRPC_UNICODE_STRING AccountNames,
1054 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1055 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1056 PULONG Mapped)
1057 {
1058 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1059 PWELL_KNOWN_SID ptr, ptr2;
1060 PSID DomainSid;
1061 ULONG DomainIndex;
1062 ULONG i;
1063 NTSTATUS Status = STATUS_SUCCESS;
1064
1065 for (i = 0; i < Count; i++)
1066 {
1067 /* Ignore names which were already mapped */
1068 if (SidsBuffer[i].Use != SidTypeUnknown)
1069 continue;
1070
1071 /* Ignore fully qualified account names */
1072 if (DomainNames[i].Length != 0)
1073 continue;
1074
1075 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1076
1077 /* Look-up all well-known names */
1078 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]);
1079 if (ptr != NULL)
1080 {
1081 SidsBuffer[i].Use = ptr->Use;
1082 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1083 if (SidsBuffer[i].Sid == NULL)
1084 {
1085 Status = STATUS_INSUFFICIENT_RESOURCES;
1086 goto done;
1087 }
1088
1089 SidsBuffer[i].DomainIndex = -1;
1090 SidsBuffer[i].Flags = 0;
1091
1092 if (ptr->Use == SidTypeDomain)
1093 {
1094 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1095 &ptr->AccountName,
1096 ptr->Sid,
1097 &DomainIndex);
1098 if (!NT_SUCCESS(Status))
1099 goto done;
1100
1101 SidsBuffer[i].DomainIndex = DomainIndex;
1102 }
1103 else
1104 {
1105 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1106 if (ptr2 != NULL)
1107 {
1108 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1109 &ptr2->AccountName,
1110 ptr2->Sid,
1111 &DomainIndex);
1112 if (!NT_SUCCESS(Status))
1113 goto done;
1114
1115 SidsBuffer[i].DomainIndex = DomainIndex;
1116 }
1117 else
1118 {
1119 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1120 if (DomainSid == NULL)
1121 {
1122 Status = STATUS_INSUFFICIENT_RESOURCES;
1123 goto done;
1124 }
1125
1126 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1127 &EmptyDomainName,
1128 DomainSid,
1129 &DomainIndex);
1130
1131 if (DomainSid != NULL)
1132 {
1133 MIDL_user_free(DomainSid);
1134 DomainSid = NULL;
1135 }
1136
1137 if (!NT_SUCCESS(Status))
1138 goto done;
1139
1140 SidsBuffer[i].DomainIndex = DomainIndex;
1141 }
1142 }
1143
1144 (*Mapped)++;
1145 continue;
1146 }
1147
1148 /* Look-up the built-in domain */
1149 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE))
1150 {
1151 SidsBuffer[i].Use = SidTypeDomain;
1152 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid);
1153 if (SidsBuffer[i].Sid == NULL)
1154 {
1155 Status = STATUS_INSUFFICIENT_RESOURCES;
1156 goto done;
1157 }
1158
1159 SidsBuffer[i].DomainIndex = -1;
1160 SidsBuffer[i].Flags = 0;
1161
1162 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1163 &BuiltinDomainName,
1164 BuiltinDomainSid,
1165 &DomainIndex);
1166 if (!NT_SUCCESS(Status))
1167 goto done;
1168
1169 SidsBuffer[i].DomainIndex = DomainIndex;
1170
1171 (*Mapped)++;
1172 continue;
1173 }
1174
1175 /* Look-up the account domain */
1176 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
1177 {
1178 SidsBuffer[i].Use = SidTypeDomain;
1179 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid);
1180 if (SidsBuffer[i].Sid == NULL)
1181 {
1182 Status = STATUS_INSUFFICIENT_RESOURCES;
1183 goto done;
1184 }
1185 SidsBuffer[i].DomainIndex = -1;
1186 SidsBuffer[i].Flags = 0;
1187
1188 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1189 &AccountDomainName,
1190 AccountDomainSid,
1191 &DomainIndex);
1192 if (!NT_SUCCESS(Status))
1193 goto done;
1194
1195 SidsBuffer[i].DomainIndex = DomainIndex;
1196
1197 (*Mapped)++;
1198 continue;
1199 }
1200
1201 /* FIXME: Look-up the primary domain */
1202
1203 /* FIXME: Look-up the trusted domains */
1204
1205 }
1206
1207 done:
1208
1209 return Status;
1210 }
1211
1212
1213 static
1214 NTSTATUS
1215 LsapLookupIsolatedBuiltinNames(DWORD Count,
1216 PRPC_UNICODE_STRING DomainNames,
1217 PRPC_UNICODE_STRING AccountNames,
1218 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1219 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1220 PULONG Mapped)
1221 {
1222 SAMPR_HANDLE ServerHandle = NULL;
1223 SAMPR_HANDLE DomainHandle = NULL;
1224 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1225 SAMPR_ULONG_ARRAY Use = {0, NULL};
1226 ULONG DomainIndex;
1227 ULONG i;
1228 NTSTATUS Status = STATUS_SUCCESS;
1229
1230 Status = SamrConnect(NULL,
1231 &ServerHandle,
1232 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1233 if (!NT_SUCCESS(Status))
1234 {
1235 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1236 goto done;
1237 }
1238
1239 Status = SamrOpenDomain(ServerHandle,
1240 DOMAIN_LOOKUP,
1241 BuiltinDomainSid,
1242 &DomainHandle);
1243 if (!NT_SUCCESS(Status))
1244 {
1245 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1246 goto done;
1247 }
1248
1249 for (i = 0; i < Count; i++)
1250 {
1251 /* Ignore names which were already mapped */
1252 if (SidsBuffer[i].Use != SidTypeUnknown)
1253 continue;
1254
1255 /* Ignore fully qualified account names */
1256 if (DomainNames[i].Length != 0)
1257 continue;
1258
1259 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1260
1261 Status = SamrLookupNamesInDomain(DomainHandle,
1262 1,
1263 &AccountNames[i],
1264 &RelativeIds,
1265 &Use);
1266 if (NT_SUCCESS(Status))
1267 {
1268 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1269
1270 SidsBuffer[i].Use = Use.Element[0];
1271 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1272 RelativeIds.Element[0]);
1273 if (SidsBuffer[i].Sid == NULL)
1274 {
1275 Status = STATUS_INSUFFICIENT_RESOURCES;
1276 goto done;
1277 }
1278
1279 SidsBuffer[i].DomainIndex = -1;
1280 SidsBuffer[i].Flags = 0;
1281
1282 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1283 &BuiltinDomainName,
1284 BuiltinDomainSid,
1285 &DomainIndex);
1286 if (!NT_SUCCESS(Status))
1287 goto done;
1288
1289 SidsBuffer[i].DomainIndex = DomainIndex;
1290
1291 (*Mapped)++;
1292 }
1293
1294 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1295 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1296 }
1297
1298 done:
1299 if (DomainHandle != NULL)
1300 SamrCloseHandle(&DomainHandle);
1301
1302 if (ServerHandle != NULL)
1303 SamrCloseHandle(&ServerHandle);
1304
1305 return Status;
1306 }
1307
1308
1309 static
1310 NTSTATUS
1311 LsapLookupIsolatedAccountNames(DWORD Count,
1312 PRPC_UNICODE_STRING DomainNames,
1313 PRPC_UNICODE_STRING AccountNames,
1314 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1315 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1316 PULONG Mapped)
1317 {
1318 SAMPR_HANDLE ServerHandle = NULL;
1319 SAMPR_HANDLE DomainHandle = NULL;
1320 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1321 SAMPR_ULONG_ARRAY Use = {0, NULL};
1322 ULONG DomainIndex;
1323 ULONG i;
1324 NTSTATUS Status = STATUS_SUCCESS;
1325
1326 TRACE("()\n");
1327
1328 Status = SamrConnect(NULL,
1329 &ServerHandle,
1330 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1331 if (!NT_SUCCESS(Status))
1332 {
1333 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1334 goto done;
1335 }
1336
1337 Status = SamrOpenDomain(ServerHandle,
1338 DOMAIN_LOOKUP,
1339 AccountDomainSid,
1340 &DomainHandle);
1341 if (!NT_SUCCESS(Status))
1342 {
1343 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1344 goto done;
1345 }
1346
1347 for (i = 0; i < Count; i++)
1348 {
1349 /* Ignore names which were already mapped */
1350 if (SidsBuffer[i].Use != SidTypeUnknown)
1351 continue;
1352
1353 /* Ignore fully qualified account names */
1354 if (DomainNames[i].Length != 0)
1355 continue;
1356
1357 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1358
1359 Status = SamrLookupNamesInDomain(DomainHandle,
1360 1,
1361 &AccountNames[i],
1362 &RelativeIds,
1363 &Use);
1364 if (NT_SUCCESS(Status))
1365 {
1366 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1367
1368 SidsBuffer[i].Use = Use.Element[0];
1369 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1370 RelativeIds.Element[0]);
1371 if (SidsBuffer[i].Sid == NULL)
1372 {
1373 Status = STATUS_INSUFFICIENT_RESOURCES;
1374 goto done;
1375 }
1376
1377 SidsBuffer[i].DomainIndex = -1;
1378 SidsBuffer[i].Flags = 0;
1379
1380 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1381 &AccountDomainName,
1382 AccountDomainSid,
1383 &DomainIndex);
1384 if (!NT_SUCCESS(Status))
1385 goto done;
1386
1387 SidsBuffer[i].DomainIndex = DomainIndex;
1388
1389 (*Mapped)++;
1390 }
1391
1392 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1393 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1394 }
1395
1396 done:
1397 if (DomainHandle != NULL)
1398 SamrCloseHandle(&DomainHandle);
1399
1400 if (ServerHandle != NULL)
1401 SamrCloseHandle(&ServerHandle);
1402
1403 return Status;
1404 }
1405
1406
1407 static
1408 NTSTATUS
1409 LsapLookupFullyQualifiedWellKnownNames(DWORD Count,
1410 PRPC_UNICODE_STRING DomainNames,
1411 PRPC_UNICODE_STRING AccountNames,
1412 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1413 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1414 PULONG Mapped)
1415 {
1416 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1417 PWELL_KNOWN_SID ptr, ptr2;
1418 PSID DomainSid;
1419 ULONG DomainIndex;
1420 ULONG i;
1421 NTSTATUS Status = STATUS_SUCCESS;
1422
1423 for (i = 0; i < Count; i++)
1424 {
1425 /* Ignore names which were already mapped */
1426 if (SidsBuffer[i].Use != SidTypeUnknown)
1427 continue;
1428
1429 /* Ignore isolated account names */
1430 if (DomainNames[i].Length == 0)
1431 continue;
1432
1433 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1434
1435 /* Look-up all well-known names */
1436 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i],
1437 (PUNICODE_STRING)&DomainNames[i]);
1438 if (ptr != NULL)
1439 {
1440 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName);
1441
1442 SidsBuffer[i].Use = ptr->Use;
1443 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1444 if (SidsBuffer[i].Sid == NULL)
1445 {
1446 Status = STATUS_INSUFFICIENT_RESOURCES;
1447 goto done;
1448 }
1449
1450 SidsBuffer[i].DomainIndex = -1;
1451 SidsBuffer[i].Flags = 0;
1452
1453 if (ptr->Use == SidTypeDomain)
1454 {
1455 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1456 &ptr->AccountName,
1457 ptr->Sid,
1458 &DomainIndex);
1459 if (!NT_SUCCESS(Status))
1460 goto done;
1461
1462 SidsBuffer[i].DomainIndex = DomainIndex;
1463 }
1464 else
1465 {
1466 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1467 if (ptr2 != NULL)
1468 {
1469 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1470 &ptr2->AccountName,
1471 ptr2->Sid,
1472 &DomainIndex);
1473 if (!NT_SUCCESS(Status))
1474 goto done;
1475
1476 SidsBuffer[i].DomainIndex = DomainIndex;
1477 }
1478 else
1479 {
1480 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1481 if (DomainSid == NULL)
1482 {
1483 Status = STATUS_INSUFFICIENT_RESOURCES;
1484 goto done;
1485 }
1486
1487 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1488 &EmptyDomainName,
1489 DomainSid,
1490 &DomainIndex);
1491
1492 if (DomainSid != NULL)
1493 {
1494 MIDL_user_free(DomainSid);
1495 DomainSid = NULL;
1496 }
1497
1498 if (!NT_SUCCESS(Status))
1499 goto done;
1500
1501 SidsBuffer[i].DomainIndex = DomainIndex;
1502 }
1503 }
1504
1505 (*Mapped)++;
1506 continue;
1507 }
1508 }
1509
1510 done:
1511 return Status;
1512 }
1513
1514
1515 static
1516 NTSTATUS
1517 LsapLookupBuiltinNames(DWORD Count,
1518 PRPC_UNICODE_STRING DomainNames,
1519 PRPC_UNICODE_STRING AccountNames,
1520 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1521 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1522 PULONG Mapped)
1523 {
1524 SAMPR_HANDLE ServerHandle = NULL;
1525 SAMPR_HANDLE DomainHandle = NULL;
1526 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1527 SAMPR_ULONG_ARRAY Use = {0, NULL};
1528 ULONG DomainIndex;
1529 ULONG i;
1530 NTSTATUS Status = STATUS_SUCCESS;
1531
1532 Status = SamrConnect(NULL,
1533 &ServerHandle,
1534 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1535 if (!NT_SUCCESS(Status))
1536 {
1537 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1538 goto done;
1539 }
1540
1541 Status = SamrOpenDomain(ServerHandle,
1542 DOMAIN_LOOKUP,
1543 BuiltinDomainSid,
1544 &DomainHandle);
1545 if (!NT_SUCCESS(Status))
1546 {
1547 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1548 goto done;
1549 }
1550
1551 for (i = 0; i < Count; i++)
1552 {
1553 /* Ignore names which were already mapped */
1554 if (SidsBuffer[i].Use != SidTypeUnknown)
1555 continue;
1556
1557 /* Ignore isolated account names */
1558 if (DomainNames[i].Length == 0)
1559 continue;
1560
1561 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE))
1562 continue;
1563
1564 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1565
1566 Status = SamrLookupNamesInDomain(DomainHandle,
1567 1,
1568 &AccountNames[i],
1569 &RelativeIds,
1570 &Use);
1571 if (NT_SUCCESS(Status))
1572 {
1573 SidsBuffer[i].Use = Use.Element[0];
1574 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1575 RelativeIds.Element[0]);
1576 if (SidsBuffer[i].Sid == NULL)
1577 {
1578 Status = STATUS_INSUFFICIENT_RESOURCES;
1579 goto done;
1580 }
1581
1582 SidsBuffer[i].DomainIndex = -1;
1583 SidsBuffer[i].Flags = 0;
1584
1585 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1586 &BuiltinDomainName,
1587 BuiltinDomainSid,
1588 &DomainIndex);
1589 if (!NT_SUCCESS(Status))
1590 goto done;
1591
1592 SidsBuffer[i].DomainIndex = DomainIndex;
1593
1594 (*Mapped)++;
1595 }
1596
1597 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1598 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1599 }
1600
1601 done:
1602 if (DomainHandle != NULL)
1603 SamrCloseHandle(&DomainHandle);
1604
1605 if (ServerHandle != NULL)
1606 SamrCloseHandle(&ServerHandle);
1607
1608 return Status;
1609 }
1610
1611
1612 static
1613 NTSTATUS
1614 LsapLookupAccountNames(DWORD Count,
1615 PRPC_UNICODE_STRING DomainNames,
1616 PRPC_UNICODE_STRING AccountNames,
1617 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1618 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1619 PULONG Mapped)
1620 {
1621 SAMPR_HANDLE ServerHandle = NULL;
1622 SAMPR_HANDLE DomainHandle = NULL;
1623 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1624 SAMPR_ULONG_ARRAY Use = {0, NULL};
1625 ULONG DomainIndex;
1626 ULONG i;
1627 NTSTATUS Status = STATUS_SUCCESS;
1628
1629 Status = SamrConnect(NULL,
1630 &ServerHandle,
1631 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1632 if (!NT_SUCCESS(Status))
1633 {
1634 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1635 goto done;
1636 }
1637
1638 Status = SamrOpenDomain(ServerHandle,
1639 DOMAIN_LOOKUP,
1640 AccountDomainSid,
1641 &DomainHandle);
1642 if (!NT_SUCCESS(Status))
1643 {
1644 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1645 goto done;
1646 }
1647
1648 for (i = 0; i < Count; i++)
1649 {
1650 /* Ignore names which were already mapped */
1651 if (SidsBuffer[i].Use != SidTypeUnknown)
1652 continue;
1653
1654 /* Ignore isolated account names */
1655 if (DomainNames[i].Length == 0)
1656 continue;
1657
1658 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE))
1659 continue;
1660
1661 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1662
1663 Status = SamrLookupNamesInDomain(DomainHandle,
1664 1,
1665 &AccountNames[i],
1666 &RelativeIds,
1667 &Use);
1668 if (NT_SUCCESS(Status))
1669 {
1670 SidsBuffer[i].Use = Use.Element[0];
1671 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1672 RelativeIds.Element[0]);
1673 if (SidsBuffer[i].Sid == NULL)
1674 {
1675 Status = STATUS_INSUFFICIENT_RESOURCES;
1676 goto done;
1677 }
1678
1679 SidsBuffer[i].DomainIndex = -1;
1680 SidsBuffer[i].Flags = 0;
1681
1682 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1683 &AccountDomainName,
1684 AccountDomainSid,
1685 &DomainIndex);
1686 if (!NT_SUCCESS(Status))
1687 goto done;
1688
1689 SidsBuffer[i].DomainIndex = DomainIndex;
1690
1691 (*Mapped)++;
1692 }
1693
1694 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1695 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1696 }
1697
1698 done:
1699 if (DomainHandle != NULL)
1700 SamrCloseHandle(&DomainHandle);
1701
1702 if (ServerHandle != NULL)
1703 SamrCloseHandle(&ServerHandle);
1704
1705 return Status;
1706 }
1707
1708
1709 NTSTATUS
1710 LsapLookupNames(DWORD Count,
1711 PRPC_UNICODE_STRING Names,
1712 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1713 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1714 LSAP_LOOKUP_LEVEL LookupLevel,
1715 DWORD *MappedCount,
1716 DWORD LookupOptions,
1717 DWORD ClientRevision)
1718 {
1719 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
1720 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL;
1721 PRPC_UNICODE_STRING DomainNames = NULL;
1722 PRPC_UNICODE_STRING AccountNames = NULL;
1723 ULONG SidsBufferLength;
1724 ULONG i;
1725 ULONG Mapped = 0;
1726 NTSTATUS Status = STATUS_SUCCESS;
1727
1728 //TRACE("()\n");
1729
1730 TranslatedSids->Entries = 0;
1731 TranslatedSids->Sids = NULL;
1732 *ReferencedDomains = NULL;
1733
1734 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2);
1735 SidsBuffer = MIDL_user_allocate(SidsBufferLength);
1736 if (SidsBuffer == NULL)
1737 {
1738 //TRACE("\n");
1739 Status = STATUS_INSUFFICIENT_RESOURCES;
1740 goto done;
1741 }
1742
1743 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
1744 if (DomainsBuffer == NULL)
1745 {
1746 //TRACE("\n");
1747 Status = STATUS_INSUFFICIENT_RESOURCES;
1748 goto done;
1749 }
1750
1751 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION));
1752 if (DomainsBuffer->Domains == NULL)
1753 {
1754 //TRACE("\n");
1755 Status = STATUS_INSUFFICIENT_RESOURCES;
1756 goto done;
1757 }
1758 DomainsBuffer->Entries = 0;
1759 DomainsBuffer->MaxEntries = Count;
1760
1761 for (i = 0; i < Count; i++)
1762 {
1763 SidsBuffer[i].Use = SidTypeUnknown;
1764 SidsBuffer[i].Sid = NULL;
1765 SidsBuffer[i].DomainIndex = -1;
1766 SidsBuffer[i].Flags = 0;
1767 }
1768
1769 Status = LsapSplitNames(Count,
1770 Names,
1771 &DomainNames,
1772 &AccountNames);
1773 if (!NT_SUCCESS(Status))
1774 {
1775 TRACE("LsapSplitNames failed! (Status %lx)\n", Status);
1776 goto done;
1777 }
1778
1779
1780 Status = LsapLookupIsolatedNames(Count,
1781 DomainNames,
1782 AccountNames,
1783 DomainsBuffer,
1784 SidsBuffer,
1785 &Mapped);
1786 if (!NT_SUCCESS(Status) &&
1787 Status != STATUS_NONE_MAPPED &&
1788 Status != STATUS_SOME_NOT_MAPPED)
1789 {
1790 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
1791 goto done;
1792 }
1793
1794 if (Mapped == Count)
1795 goto done;
1796
1797
1798 Status = LsapLookupIsolatedBuiltinNames(Count,
1799 DomainNames,
1800 AccountNames,
1801 DomainsBuffer,
1802 SidsBuffer,
1803 &Mapped);
1804 if (!NT_SUCCESS(Status) &&
1805 Status != STATUS_NONE_MAPPED &&
1806 Status != STATUS_SOME_NOT_MAPPED)
1807 {
1808 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
1809 goto done;
1810 }
1811
1812 if (Mapped == Count)
1813 goto done;
1814
1815
1816 Status = LsapLookupIsolatedAccountNames(Count,
1817 DomainNames,
1818 AccountNames,
1819 DomainsBuffer,
1820 SidsBuffer,
1821 &Mapped);
1822 if (!NT_SUCCESS(Status) &&
1823 Status != STATUS_NONE_MAPPED &&
1824 Status != STATUS_SOME_NOT_MAPPED)
1825 {
1826 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
1827 goto done;
1828 }
1829
1830 if (Mapped == Count)
1831 goto done;
1832
1833 Status = LsapLookupFullyQualifiedWellKnownNames(Count,
1834 DomainNames,
1835 AccountNames,
1836 DomainsBuffer,
1837 SidsBuffer,
1838 &Mapped);
1839 if (!NT_SUCCESS(Status) &&
1840 Status != STATUS_NONE_MAPPED &&
1841 Status != STATUS_SOME_NOT_MAPPED)
1842 {
1843 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status);
1844 goto done;
1845 }
1846
1847 if (Mapped == Count)
1848 goto done;
1849
1850 Status = LsapLookupBuiltinNames(Count,
1851 DomainNames,
1852 AccountNames,
1853 DomainsBuffer,
1854 SidsBuffer,
1855 &Mapped);
1856 if (!NT_SUCCESS(Status) &&
1857 Status != STATUS_NONE_MAPPED &&
1858 Status != STATUS_SOME_NOT_MAPPED)
1859 {
1860 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
1861 goto done;
1862 }
1863
1864 if (Mapped == Count)
1865 goto done;
1866
1867
1868 Status = LsapLookupAccountNames(Count,
1869 DomainNames,
1870 AccountNames,
1871 DomainsBuffer,
1872 SidsBuffer,
1873 &Mapped);
1874 if (!NT_SUCCESS(Status) &&
1875 Status != STATUS_NONE_MAPPED &&
1876 Status != STATUS_SOME_NOT_MAPPED)
1877 {
1878 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
1879 goto done;
1880 }
1881
1882 if (Mapped == Count)
1883 goto done;
1884
1885 done:
1886 // TRACE("done: Status %lx\n", Status);
1887
1888 if (DomainNames != NULL)
1889 {
1890 //TRACE("Free DomainNames\n");
1891 for (i = 0; i < Count; i++)
1892 {
1893 if (DomainNames[i].Buffer != NULL)
1894 MIDL_user_free(DomainNames[i].Buffer);
1895 }
1896
1897 MIDL_user_free(DomainNames);
1898 }
1899
1900 if (AccountNames != NULL)
1901 {
1902 //TRACE("Free AccountNames\n");
1903 for (i = 0; i < Count; i++)
1904 {
1905 //TRACE("i: %lu\n", i);
1906 if (AccountNames[i].Buffer != NULL)
1907 {
1908 MIDL_user_free(AccountNames[i].Buffer);
1909 }
1910 }
1911
1912 MIDL_user_free(AccountNames);
1913 }
1914
1915 if (!NT_SUCCESS(Status))
1916 {
1917 //TRACE("Failure!\n");
1918
1919 //TRACE("Free DomainsBuffer\n");
1920 if (DomainsBuffer != NULL)
1921 {
1922 if (DomainsBuffer->Domains != NULL)
1923 MIDL_user_free(DomainsBuffer->Domains);
1924
1925 MIDL_user_free(DomainsBuffer);
1926 }
1927
1928 //TRACE("Free SidsBuffer\n");
1929 if (SidsBuffer != NULL)
1930 MIDL_user_free(SidsBuffer);
1931 }
1932 else
1933 {
1934 //TRACE("Success!\n");
1935
1936 *ReferencedDomains = DomainsBuffer;
1937 TranslatedSids->Entries = Count;
1938 TranslatedSids->Sids = SidsBuffer;
1939 *MappedCount = Mapped;
1940
1941 if (Mapped == 0)
1942 Status = STATUS_NONE_MAPPED;
1943 else if (Mapped < Count)
1944 Status = STATUS_SOME_NOT_MAPPED;
1945 }
1946
1947 // TRACE("done: Status %lx\n", Status);
1948
1949 return Status;
1950 }
1951
1952
1953 static NTSTATUS
1954 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1955 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
1956 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1957 PULONG Mapped)
1958 {
1959 PWELL_KNOWN_SID ptr, ptr2;
1960 LPWSTR SidString = NULL;
1961 ULONG DomainIndex;
1962 ULONG i;
1963 NTSTATUS Status = STATUS_SUCCESS;
1964
1965 for (i = 0; i < SidEnumBuffer->Entries; i++)
1966 {
1967 /* Ignore SIDs which are already mapped */
1968 if (NamesBuffer[i].Use != SidTypeUnknown)
1969 continue;
1970
1971 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
1972 TRACE("Mapping SID: %S\n", SidString);
1973 LocalFree(SidString);
1974 SidString = NULL;
1975
1976 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
1977 if (ptr != NULL)
1978 {
1979 NamesBuffer[i].Use = ptr->Use;
1980 NamesBuffer[i].Flags = 0;
1981
1982 NamesBuffer[i].Name.Length = ptr->AccountName.Length;
1983 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength;
1984 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength);
1985 if (NamesBuffer[i].Name.Buffer == NULL)
1986 {
1987 Status = STATUS_INSUFFICIENT_RESOURCES;
1988 goto done;
1989 }
1990
1991 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength);
1992
1993 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1994 if (ptr2 != NULL)
1995 {
1996 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1997 &ptr2->AccountName,
1998 ptr2->Sid,
1999 &DomainIndex);
2000 if (!NT_SUCCESS(Status))
2001 goto done;
2002
2003 NamesBuffer[i].DomainIndex = DomainIndex;
2004 }
2005
2006 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2007
2008 (*Mapped)++;
2009 }
2010 }
2011
2012 done:
2013 return Status;
2014 }
2015
2016
2017 static NTSTATUS
2018 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2019 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2020 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2021 PULONG Mapped)
2022 {
2023 SAMPR_HANDLE ServerHandle = NULL;
2024 SAMPR_HANDLE DomainHandle = NULL;
2025 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2026 SAMPR_ULONG_ARRAY Use = {0, NULL};
2027 LPWSTR SidString = NULL;
2028 ULONG DomainIndex;
2029 ULONG RelativeIds[1];
2030 ULONG i;
2031 NTSTATUS Status = STATUS_SUCCESS;
2032
2033 Status = SamrConnect(NULL,
2034 &ServerHandle,
2035 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2036 if (!NT_SUCCESS(Status))
2037 {
2038 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2039 goto done;
2040 }
2041
2042 Status = SamrOpenDomain(ServerHandle,
2043 DOMAIN_LOOKUP,
2044 BuiltinDomainSid,
2045 &DomainHandle);
2046 if (!NT_SUCCESS(Status))
2047 {
2048 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2049 goto done;
2050 }
2051
2052 for (i = 0; i < SidEnumBuffer->Entries; i++)
2053 {
2054 /* Ignore SIDs which are already mapped */
2055 if (NamesBuffer[i].Use != SidTypeUnknown)
2056 continue;
2057
2058 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2059 TRACE("Mapping SID: %S\n", SidString);
2060 LocalFree(SidString);
2061 SidString = NULL;
2062
2063 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2064 {
2065 TRACE("Found builtin domain!\n");
2066
2067 NamesBuffer[i].Use = SidTypeDomain;
2068 NamesBuffer[i].Flags = 0;
2069
2070 NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
2071 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
2072 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength);
2073 if (NamesBuffer[i].Name.Buffer == NULL)
2074 {
2075 Status = STATUS_INSUFFICIENT_RESOURCES;
2076 goto done;
2077 }
2078
2079 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength);
2080
2081 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2082 &BuiltinDomainName,
2083 BuiltinDomainSid,
2084 &DomainIndex);
2085 if (!NT_SUCCESS(Status))
2086 goto done;
2087
2088 NamesBuffer[i].DomainIndex = DomainIndex;
2089
2090 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2091
2092 (*Mapped)++;
2093 }
2094 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2095 {
2096 TRACE("Found builtin domain account!\n");
2097
2098 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2099
2100 Status = SamrLookupIdsInDomain(DomainHandle,
2101 1,
2102 RelativeIds,
2103 &Names,
2104 &Use);
2105 if (NT_SUCCESS(Status))
2106 {
2107 NamesBuffer[i].Use = Use.Element[0];
2108 NamesBuffer[i].Flags = 0;
2109
2110 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2111 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2112 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2113 if (NamesBuffer[i].Name.Buffer == NULL)
2114 {
2115 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2116 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2117
2118 Status = STATUS_INSUFFICIENT_RESOURCES;
2119 goto done;
2120 }
2121
2122 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2123 Names.Element[0].Buffer,
2124 Names.Element[0].MaximumLength);
2125
2126 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2127 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2128
2129 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2130 &BuiltinDomainName,
2131 BuiltinDomainSid,
2132 &DomainIndex);
2133 if (!NT_SUCCESS(Status))
2134 goto done;
2135
2136 NamesBuffer[i].DomainIndex = DomainIndex;
2137
2138 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2139
2140 (*Mapped)++;
2141 }
2142 }
2143 }
2144
2145 done:
2146 if (DomainHandle != NULL)
2147 SamrCloseHandle(&DomainHandle);
2148
2149 if (ServerHandle != NULL)
2150 SamrCloseHandle(&ServerHandle);
2151
2152 return Status;
2153 }
2154
2155
2156 static NTSTATUS
2157 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2158 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2159 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2160 PULONG Mapped)
2161 {
2162 SAMPR_HANDLE ServerHandle = NULL;
2163 SAMPR_HANDLE DomainHandle = NULL;
2164 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2165 SAMPR_ULONG_ARRAY Use = {0, NULL};
2166 LPWSTR SidString = NULL;
2167 ULONG DomainIndex;
2168 ULONG RelativeIds[1];
2169 ULONG i;
2170 NTSTATUS Status = STATUS_SUCCESS;
2171
2172 Status = SamrConnect(NULL,
2173 &ServerHandle,
2174 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2175 if (!NT_SUCCESS(Status))
2176 {
2177 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2178 goto done;
2179 }
2180
2181 Status = SamrOpenDomain(ServerHandle,
2182 DOMAIN_LOOKUP,
2183 AccountDomainSid,
2184 &DomainHandle);
2185 if (!NT_SUCCESS(Status))
2186 {
2187 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2188 goto done;
2189 }
2190
2191 for (i = 0; i < SidEnumBuffer->Entries; i++)
2192 {
2193 /* Ignore SIDs which are already mapped */
2194 if (NamesBuffer[i].Use != SidTypeUnknown)
2195 continue;
2196
2197 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2198 TRACE("Mapping SID: %S\n", SidString);
2199 LocalFree(SidString);
2200 SidString = NULL;
2201
2202 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2203 {
2204 TRACE("Found account domain!\n");
2205
2206 NamesBuffer[i].Use = SidTypeDomain;
2207 NamesBuffer[i].Flags = 0;
2208
2209 NamesBuffer[i].Name.Length = AccountDomainName.Length;
2210 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
2211 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength);
2212 if (NamesBuffer[i].Name.Buffer == NULL)
2213 {
2214 Status = STATUS_INSUFFICIENT_RESOURCES;
2215 goto done;
2216 }
2217
2218 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength);
2219
2220 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2221 &AccountDomainName,
2222 AccountDomainSid,
2223 &DomainIndex);
2224 if (!NT_SUCCESS(Status))
2225 goto done;
2226
2227 NamesBuffer[i].DomainIndex = DomainIndex;
2228
2229 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2230
2231 (*Mapped)++;
2232 }
2233 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2234 {
2235 TRACE("Found account domain account!\n");
2236
2237 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2238
2239 Status = SamrLookupIdsInDomain(DomainHandle,
2240 1,
2241 RelativeIds,
2242 &Names,
2243 &Use);
2244 if (NT_SUCCESS(Status))
2245 {
2246 NamesBuffer[i].Use = Use.Element[0];
2247 NamesBuffer[i].Flags = 0;
2248
2249 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2250 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2251 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2252 if (NamesBuffer[i].Name.Buffer == NULL)
2253 {
2254 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2255 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2256
2257 Status = STATUS_INSUFFICIENT_RESOURCES;
2258 goto done;
2259 }
2260
2261 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2262 Names.Element[0].Buffer,
2263 Names.Element[0].MaximumLength);
2264
2265 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2266 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2267
2268 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2269 &AccountDomainName,
2270 AccountDomainSid,
2271 &DomainIndex);
2272 if (!NT_SUCCESS(Status))
2273 goto done;
2274
2275 NamesBuffer[i].DomainIndex = DomainIndex;
2276
2277 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2278
2279 (*Mapped)++;
2280 }
2281 }
2282 }
2283
2284 done:
2285 if (DomainHandle != NULL)
2286 SamrCloseHandle(&DomainHandle);
2287
2288 if (ServerHandle != NULL)
2289 SamrCloseHandle(&ServerHandle);
2290
2291 return Status;
2292 }
2293
2294
2295 NTSTATUS
2296 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2297 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
2298 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
2299 LSAP_LOOKUP_LEVEL LookupLevel,
2300 DWORD *MappedCount,
2301 DWORD LookupOptions,
2302 DWORD ClientRevision)
2303 {
2304 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
2305 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL;
2306 ULONG NamesBufferLength;
2307 ULONG i;
2308 ULONG Mapped = 0;
2309 NTSTATUS Status = STATUS_SUCCESS;
2310
2311 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX);
2312 NamesBuffer = MIDL_user_allocate(NamesBufferLength);
2313 if (NamesBuffer == NULL)
2314 {
2315 Status = STATUS_INSUFFICIENT_RESOURCES;
2316 goto done;
2317 }
2318
2319 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
2320 if (DomainsBuffer == NULL)
2321 {
2322 Status = STATUS_INSUFFICIENT_RESOURCES;
2323 goto done;
2324 }
2325
2326 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
2327 if (DomainsBuffer->Domains == NULL)
2328 {
2329 Status = STATUS_INSUFFICIENT_RESOURCES;
2330 goto done;
2331 }
2332
2333 DomainsBuffer->Entries = 0;
2334 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
2335
2336 /* Initialize all name entries */
2337 for (i = 0; i < SidEnumBuffer->Entries; i++)
2338 {
2339 NamesBuffer[i].Use = SidTypeUnknown;
2340 NamesBuffer[i].Name.Length = 0;
2341 NamesBuffer[i].Name.MaximumLength = 0;
2342 NamesBuffer[i].Name.Buffer = NULL;
2343 NamesBuffer[i].DomainIndex = -1;
2344 NamesBuffer[i].Flags = 0;
2345 }
2346
2347 /* Look-up well-known SIDs */
2348 Status = LsapLookupWellKnownSids(SidEnumBuffer,
2349 NamesBuffer,
2350 DomainsBuffer,
2351 &Mapped);
2352 if (!NT_SUCCESS(Status) &&
2353 Status != STATUS_NONE_MAPPED &&
2354 Status != STATUS_SOME_NOT_MAPPED)
2355 goto done;
2356
2357 if (Mapped == SidEnumBuffer->Entries)
2358 goto done;
2359
2360 /* Look-up builtin domain SIDs */
2361 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
2362 NamesBuffer,
2363 DomainsBuffer,
2364 &Mapped);
2365 if (!NT_SUCCESS(Status) &&
2366 Status != STATUS_NONE_MAPPED &&
2367 Status != STATUS_SOME_NOT_MAPPED)
2368 goto done;
2369
2370 if (Mapped == SidEnumBuffer->Entries)
2371 goto done;
2372
2373 /* Look-up account domain SIDs */
2374 Status = LsapLookupAccountDomainSids(SidEnumBuffer,
2375 NamesBuffer,
2376 DomainsBuffer,
2377 &Mapped);
2378 if (!NT_SUCCESS(Status) &&
2379 Status != STATUS_NONE_MAPPED &&
2380 Status != STATUS_SOME_NOT_MAPPED)
2381 goto done;
2382
2383 if (Mapped == SidEnumBuffer->Entries)
2384 goto done;
2385
2386 done:
2387 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);
2388
2389 if (!NT_SUCCESS(Status))
2390 {
2391 if (DomainsBuffer != NULL)
2392 {
2393 if (DomainsBuffer->Domains != NULL)
2394 MIDL_user_free(DomainsBuffer->Domains);
2395
2396 MIDL_user_free(DomainsBuffer);
2397 }
2398
2399 if (NamesBuffer != NULL)
2400 MIDL_user_free(NamesBuffer);
2401 }
2402 else
2403 {
2404 *ReferencedDomains = DomainsBuffer;
2405 TranslatedNames->Entries = SidEnumBuffer->Entries;
2406 TranslatedNames->Names = NamesBuffer;
2407 *MappedCount = Mapped;
2408
2409 if (Mapped == 0)
2410 Status = STATUS_NONE_MAPPED;
2411 else if (Mapped < SidEnumBuffer->Entries)
2412 Status = STATUS_SOME_NOT_MAPPED;
2413 }
2414
2415 return Status;
2416 }
2417
2418 /* EOF */