[LSASRV]
[reactos.git] / reactos / dll / win32 / lsasrv / lookup.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lookup.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9 #include "lsasrv.h"
10
11 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
12
13 typedef wchar_t *PSAMPR_SERVER_NAME;
14 typedef void *SAMPR_HANDLE;
15
16 typedef struct _SAMPR_RETURNED_USTRING_ARRAY
17 {
18 unsigned long Count;
19 PRPC_UNICODE_STRING Element;
20 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY;
21
22 typedef struct _SAMPR_ULONG_ARRAY
23 {
24 unsigned long Count;
25 unsigned long *Element;
26 } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
27
28
29 VOID
30 NTAPI
31 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr);
32
33 VOID
34 NTAPI
35 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr);
36
37 NTSTATUS
38 NTAPI
39 SamrConnect(IN PSAMPR_SERVER_NAME ServerName,
40 OUT SAMPR_HANDLE *ServerHandle,
41 IN ACCESS_MASK DesiredAccess);
42
43 NTSTATUS
44 NTAPI
45 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle);
46
47 NTSTATUS
48 NTAPI
49 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle,
50 IN ACCESS_MASK DesiredAccess,
51 IN PRPC_SID DomainId,
52 OUT SAMPR_HANDLE *DomainHandle);
53
54 NTSTATUS
55 NTAPI
56 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle,
57 IN ULONG Count,
58 IN ULONG *RelativeIds,
59 OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
60 OUT PSAMPR_ULONG_ARRAY Use);
61
62 NTSTATUS
63 NTAPI
64 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
65 IN ULONG Count,
66 IN RPC_UNICODE_STRING Names[],
67 OUT PSAMPR_ULONG_ARRAY RelativeIds,
68 OUT PSAMPR_ULONG_ARRAY Use);
69
70
71 typedef struct _WELL_KNOWN_SID
72 {
73 LIST_ENTRY ListEntry;
74 PSID Sid;
75 UNICODE_STRING AccountName;
76 UNICODE_STRING DomainName;
77 SID_NAME_USE Use;
78 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
79
80
81 LIST_ENTRY WellKnownSidListHead;
82
83 #if 0
84 typedef struct _AccountSid
85 {
86 WELL_KNOWN_SID_TYPE type;
87 LPCWSTR account;
88 LPCWSTR domain;
89 SID_NAME_USE name_use;
90 } AccountSid;
91
92 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
93 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
94 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
95 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
96 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
97 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
98 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
99 static const WCHAR Blank[] = { 0 };
100 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
101 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
102 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
103 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
104 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
105 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
106 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
107 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
108 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
109 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
110 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
111 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
112 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
113 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
114 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
115 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
116 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
117 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
118 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
119 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
120 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
121 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
122 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
123 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
124 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
125 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
126 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
127 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
128 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
129 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
130 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
131 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
132 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
133 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
134 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
135 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
136 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
137 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
138 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
139 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
140 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
141 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
142 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
143 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
144 static const WCHAR SELF[] = { 'S','E','L','F',0 };
145 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
146 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
147 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
148 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
149 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
150 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
151
152 static const AccountSid ACCOUNT_SIDS[] = {
153 // { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
154 // { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
155 // { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
156 // { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
157 // { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
158 // { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
159 // { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
160 // { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
161 // { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
162 // { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
163 // { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
164 // { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
165 // { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
166 // { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
167 // { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
168 // { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
169 // { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
170 // { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
171 // { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
172 // { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
173 // { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
174 // { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
175 // { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
176 // { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
177 // { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
178 // { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
179 // { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
180 // { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
181 // { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
182 // { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
183 // { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
184 // { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
185 // { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
186 // { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
187 // { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
188 // { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
189 // { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
190 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
191 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
192 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
193 // { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
194 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
195 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
196 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
197 };
198 #endif
199
200
201 BOOLEAN
202 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
203 UCHAR SubAuthorityCount,
204 PULONG SubAuthorities,
205 PWSTR AccountName,
206 PWSTR DomainName,
207 SID_NAME_USE Use)
208 {
209 PWELL_KNOWN_SID SidEntry;
210 PULONG p;
211 ULONG i;
212
213 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
214 if (SidEntry == NULL)
215 return FALSE;
216
217 InitializeListHead(&SidEntry->ListEntry);
218
219 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
220 0,
221 RtlLengthRequiredSid(SubAuthorityCount));
222 if (SidEntry->Sid == NULL)
223 {
224 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
225 return FALSE;
226 }
227
228 RtlInitializeSid(SidEntry->Sid,
229 IdentifierAuthority,
230 SubAuthorityCount);
231
232 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
233 {
234 p = RtlSubAuthoritySid(SidEntry->Sid, i);
235 *p = SubAuthorities[i];
236 }
237
238 // RtlInitUnicodeString(&SidEntry->AccountName,
239 // AccountName);
240 SidEntry->AccountName.Length = wcslen(AccountName) * sizeof(WCHAR);
241 SidEntry->AccountName.MaximumLength = SidEntry->AccountName.Length + sizeof(WCHAR);
242 SidEntry->AccountName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
243 SidEntry->AccountName.MaximumLength);
244 if (SidEntry->AccountName.Buffer == NULL)
245 {
246 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
247 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
248 return FALSE;
249 }
250
251 wcscpy(SidEntry->AccountName.Buffer,
252 AccountName);
253
254 // RtlInitUnicodeString(&SidEntry->DomainName,
255 // DomainName);
256 SidEntry->DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
257 SidEntry->DomainName.MaximumLength = SidEntry->DomainName.Length + sizeof(WCHAR);
258 SidEntry->DomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
259 SidEntry->DomainName.MaximumLength);
260 if (SidEntry->DomainName.Buffer == NULL)
261 {
262 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->AccountName.Buffer);
263 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
264 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
265 return FALSE;
266 }
267
268 wcscpy(SidEntry->DomainName.Buffer,
269 DomainName);
270
271 SidEntry->Use = Use;
272
273 InsertTailList(&WellKnownSidListHead,
274 &SidEntry->ListEntry);
275
276 return TRUE;
277 }
278
279
280 NTSTATUS
281 LsapInitSids(VOID)
282 {
283 WCHAR szAccountName[80];
284 WCHAR szDomainName[80];
285 ULONG SubAuthorities[8];
286 HINSTANCE hInstance;
287
288 InitializeListHead(&WellKnownSidListHead);
289
290 hInstance = GetModuleHandleW(L"lsasrv.dll");
291
292 /* NT Authority */
293
294 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szAccountName, 80);
295 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
296 LsapCreateSid(&NtAuthority,
297 0,
298 NULL,
299 szAccountName,
300 szDomainName,
301 SidTypeDomain);
302
303 /* Null Sid */
304 LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
305
306 SubAuthorities[0] = SECURITY_NULL_RID;
307 LsapCreateSid(&NullSidAuthority,
308 1,
309 SubAuthorities,
310 szAccountName,
311 L"",
312 SidTypeWellKnownGroup);
313
314 /* World Sid */
315 LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
316
317 SubAuthorities[0] = SECURITY_WORLD_RID;
318 LsapCreateSid(&WorldSidAuthority,
319 1,
320 SubAuthorities,
321 szAccountName,
322 L"",
323 SidTypeWellKnownGroup);
324
325 /* Local Sid */
326 LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
327
328 SubAuthorities[0] = SECURITY_LOCAL_RID;
329 LsapCreateSid(&LocalSidAuthority,
330 1,
331 SubAuthorities,
332 szAccountName,
333 L"",
334 SidTypeWellKnownGroup);
335
336 /* Creator Owner Sid */
337 LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
338
339 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
340 LsapCreateSid(&CreatorSidAuthority,
341 1,
342 SubAuthorities,
343 szAccountName,
344 L"",
345 SidTypeWellKnownGroup);
346
347 /* Creator Group Sid */
348 LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
349
350 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
351 LsapCreateSid(&CreatorSidAuthority,
352 1,
353 SubAuthorities,
354 szAccountName,
355 L"",
356 SidTypeWellKnownGroup);
357
358 /* Creator Owner Server Sid */
359 LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
360
361 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
362 LsapCreateSid(&CreatorSidAuthority,
363 1,
364 SubAuthorities,
365 szAccountName,
366 L"",
367 SidTypeWellKnownGroup);
368
369 /* Creator Group Server Sid */
370 LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
371
372 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
373 LsapCreateSid(&CreatorSidAuthority,
374 1,
375 SubAuthorities,
376 szAccountName,
377 L"",
378 SidTypeWellKnownGroup);
379
380 /* Dialup Sid */
381 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
382 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
383
384 SubAuthorities[0] = SECURITY_DIALUP_RID;
385 LsapCreateSid(&NtAuthority,
386 1,
387 SubAuthorities,
388 szAccountName,
389 szDomainName,
390 SidTypeWellKnownGroup);
391
392 /* Network Sid */
393 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
394
395 SubAuthorities[0] = SECURITY_NETWORK_RID;
396 LsapCreateSid(&NtAuthority,
397 1,
398 SubAuthorities,
399 szAccountName,
400 szDomainName,
401 SidTypeWellKnownGroup);
402
403 /* Batch Sid*/
404 LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
405
406 SubAuthorities[0] = SECURITY_BATCH_RID;
407 LsapCreateSid(&NtAuthority,
408 1,
409 SubAuthorities,
410 szAccountName,
411 szDomainName,
412 SidTypeWellKnownGroup);
413
414 /* Interactive Sid */
415 LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
416
417 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
418 LsapCreateSid(&NtAuthority,
419 1,
420 SubAuthorities,
421 szAccountName,
422 szDomainName,
423 SidTypeWellKnownGroup);
424
425 /* Service Sid */
426 LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
427
428 SubAuthorities[0] = SECURITY_SERVICE_RID;
429 LsapCreateSid(&NtAuthority,
430 1,
431 SubAuthorities,
432 szAccountName,
433 szDomainName,
434 SidTypeWellKnownGroup);
435
436 /* Anonymous Logon Sid */
437 LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
438
439 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
440 LsapCreateSid(&NtAuthority,
441 1,
442 SubAuthorities,
443 szAccountName,
444 szDomainName,
445 SidTypeWellKnownGroup);
446
447 /* Proxy Sid */
448 LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
449
450 SubAuthorities[0] = SECURITY_PROXY_RID;
451 LsapCreateSid(&NtAuthority,
452 1,
453 SubAuthorities,
454 szAccountName,
455 szDomainName,
456 SidTypeWellKnownGroup);
457
458 /* Enterprise Controllers Sid */
459 LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
460
461 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
462 LsapCreateSid(&NtAuthority,
463 1,
464 SubAuthorities,
465 szAccountName,
466 szDomainName,
467 SidTypeWellKnownGroup);
468
469 /* Principal Self Sid */
470 LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
471
472 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
473 LsapCreateSid(&NtAuthority,
474 1,
475 SubAuthorities,
476 szAccountName,
477 szDomainName,
478 SidTypeWellKnownGroup);
479
480 /* Authenticated Users Sid */
481 LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
482
483 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
484 LsapCreateSid(&NtAuthority,
485 1,
486 SubAuthorities,
487 szAccountName,
488 szDomainName,
489 SidTypeWellKnownGroup);
490
491 /* Restricted Code Sid */
492 LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
493
494 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
495 LsapCreateSid(&NtAuthority,
496 1,
497 SubAuthorities,
498 szAccountName,
499 szDomainName,
500 SidTypeWellKnownGroup);
501
502 /* Terminal Server Sid */
503 LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
504
505 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
506 LsapCreateSid(&NtAuthority,
507 1,
508 SubAuthorities,
509 szAccountName,
510 szDomainName,
511 SidTypeWellKnownGroup);
512
513 /* Remote Logon Sid */
514 LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
515
516 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
517 LsapCreateSid(&NtAuthority,
518 1,
519 SubAuthorities,
520 szAccountName,
521 szDomainName,
522 SidTypeWellKnownGroup);
523
524 /* This Organization Sid */
525 LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
526
527 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
528 LsapCreateSid(&NtAuthority,
529 1,
530 SubAuthorities,
531 szAccountName,
532 szDomainName,
533 SidTypeWellKnownGroup);
534
535 /* Local System Sid */
536 LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
537
538 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
539 LsapCreateSid(&NtAuthority,
540 1,
541 SubAuthorities,
542 szAccountName,
543 szDomainName,
544 SidTypeWellKnownGroup);
545
546 /* Local Service Sid */
547 LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
548
549 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
550 LsapCreateSid(&NtAuthority,
551 1,
552 SubAuthorities,
553 szAccountName,
554 szDomainName,
555 SidTypeWellKnownGroup);
556
557 LsapCreateSid(&NtAuthority,
558 1,
559 SubAuthorities,
560 L"LOCALSERVICE",
561 L"NT AUTHORITY",
562 SidTypeWellKnownGroup);
563
564 /* Network Service Sid */
565 LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
566
567 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
568 LsapCreateSid(&NtAuthority,
569 1,
570 SubAuthorities,
571 szAccountName,
572 szDomainName,
573 SidTypeWellKnownGroup);
574
575 LsapCreateSid(&NtAuthority,
576 1,
577 SubAuthorities,
578 L"NETWORKSERVICE",
579 L"NT AUTHORITY",
580 SidTypeWellKnownGroup);
581
582 /* Builtin Domain Sid */
583 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
584 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szDomainName, 80);
585
586 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
587 LsapCreateSid(&NtAuthority,
588 1,
589 SubAuthorities,
590 szAccountName,
591 szDomainName,
592 SidTypeDomain);
593
594 /* Administrators Alias Sid */
595 LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
596
597 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
598 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
599 LsapCreateSid(&NtAuthority,
600 2,
601 SubAuthorities,
602 szAccountName,
603 szDomainName,
604 SidTypeAlias);
605
606 /* Users Alias Sid */
607 LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
608
609 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
610 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
611 LsapCreateSid(&NtAuthority,
612 2,
613 SubAuthorities,
614 szAccountName,
615 szDomainName,
616 SidTypeAlias);
617
618 /* Guests Alias Sid */
619 LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
620
621 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
622 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
623 LsapCreateSid(&NtAuthority,
624 2,
625 SubAuthorities,
626 szAccountName,
627 szDomainName,
628 SidTypeAlias);
629
630 /* Power User Alias Sid */
631 LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
632
633 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
634 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
635 LsapCreateSid(&NtAuthority,
636 2,
637 SubAuthorities,
638 szAccountName,
639 szDomainName,
640 SidTypeAlias);
641
642 /* Account Operators Alias Sid */
643 LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
644
645 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
646 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
647 LsapCreateSid(&NtAuthority,
648 2,
649 SubAuthorities,
650 szAccountName,
651 szDomainName,
652 SidTypeAlias);
653
654 /* System Operators Alias Sid */
655 LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
656
657 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
658 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
659 LsapCreateSid(&NtAuthority,
660 2,
661 SubAuthorities,
662 szAccountName,
663 szDomainName,
664 SidTypeAlias);
665
666 /* Print Operators Alias Sid */
667 LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
668
669 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
670 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
671 LsapCreateSid(&NtAuthority,
672 2,
673 SubAuthorities,
674 szAccountName,
675 szDomainName,
676 SidTypeAlias);
677
678 /* Backup Operators Alias Sid */
679 LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
680
681 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
682 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
683 LsapCreateSid(&NtAuthority,
684 2,
685 SubAuthorities,
686 szAccountName,
687 szDomainName,
688 SidTypeAlias);
689
690 /* Replicators Alias Sid */
691 LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
692
693 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
694 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
695 LsapCreateSid(&NtAuthority,
696 2,
697 SubAuthorities,
698 szAccountName,
699 szDomainName,
700 SidTypeAlias);
701
702 /* RAS Servers Alias Sid */
703 LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
704
705 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
706 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
707 LsapCreateSid(&NtAuthority,
708 2,
709 SubAuthorities,
710 szAccountName,
711 szDomainName,
712 SidTypeAlias);
713
714 /* Pre-Windows 2000 Compatible Access Alias Sid */
715 LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
716
717 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
718 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
719 LsapCreateSid(&NtAuthority,
720 2,
721 SubAuthorities,
722 szAccountName,
723 szDomainName,
724 SidTypeAlias);
725
726 /* Remote Desktop Users Alias Sid */
727 LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
728
729 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
730 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
731 LsapCreateSid(&NtAuthority,
732 2,
733 SubAuthorities,
734 szAccountName,
735 szDomainName,
736 SidTypeAlias);
737
738 /* Network Configuration Operators Alias Sid */
739 LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
740
741 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
742 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
743 LsapCreateSid(&NtAuthority,
744 2,
745 SubAuthorities,
746 szAccountName,
747 szDomainName,
748 SidTypeAlias);
749
750 /* FIXME: Add more well known sids */
751
752 return STATUS_SUCCESS;
753 }
754
755
756 PWELL_KNOWN_SID
757 LsapLookupWellKnownSid(PSID Sid)
758 {
759 PLIST_ENTRY ListEntry;
760 PWELL_KNOWN_SID Ptr;
761
762 ListEntry = WellKnownSidListHead.Flink;
763 while (ListEntry != &WellKnownSidListHead)
764 {
765 Ptr = CONTAINING_RECORD(ListEntry,
766 WELL_KNOWN_SID,
767 ListEntry);
768 if (RtlEqualSid(Sid, Ptr->Sid))
769 {
770 return Ptr;
771 }
772
773 ListEntry = ListEntry->Flink;
774 }
775
776 return NULL;
777 }
778
779
780 PWELL_KNOWN_SID
781 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName)
782 {
783 PLIST_ENTRY ListEntry;
784 PWELL_KNOWN_SID Ptr;
785
786 ListEntry = WellKnownSidListHead.Flink;
787 while (ListEntry != &WellKnownSidListHead)
788 {
789 Ptr = CONTAINING_RECORD(ListEntry,
790 WELL_KNOWN_SID,
791 ListEntry);
792 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE))
793 {
794 return Ptr;
795 }
796
797 ListEntry = ListEntry->Flink;
798 }
799
800 return NULL;
801 }
802
803
804 PWELL_KNOWN_SID
805 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName,
806 PUNICODE_STRING DomainName)
807 {
808 PLIST_ENTRY ListEntry;
809 PWELL_KNOWN_SID Ptr;
810
811 ListEntry = WellKnownSidListHead.Flink;
812 while (ListEntry != &WellKnownSidListHead)
813 {
814 Ptr = CONTAINING_RECORD(ListEntry,
815 WELL_KNOWN_SID,
816 ListEntry);
817 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) &&
818 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE))
819 {
820 return Ptr;
821 }
822
823 ListEntry = ListEntry->Flink;
824 }
825
826 return NULL;
827 }
828
829
830 static
831 NTSTATUS
832 LsapSplitNames(DWORD Count,
833 PRPC_UNICODE_STRING Names,
834 PRPC_UNICODE_STRING *DomainNames,
835 PRPC_UNICODE_STRING *AccountNames)
836 {
837 PRPC_UNICODE_STRING DomainsBuffer = NULL;
838 PRPC_UNICODE_STRING AccountsBuffer = NULL;
839 ULONG DomainLength;
840 ULONG AccountLength;
841 ULONG i;
842 LPWSTR Ptr;
843 NTSTATUS Status = STATUS_SUCCESS;
844
845 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
846 if (DomainsBuffer == NULL)
847 {
848 Status = STATUS_INSUFFICIENT_RESOURCES;
849 goto done;
850 }
851
852 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
853 if (AccountsBuffer == NULL)
854 {
855 Status = STATUS_INSUFFICIENT_RESOURCES;
856 goto done;
857 }
858
859 for (i = 0; i < Count; i++)
860 {
861 //TRACE("Name: %wZ\n", &Names[i]);
862
863 Ptr = wcschr(Names[i].Buffer, L'\\');
864 if (Ptr == NULL)
865 {
866 AccountLength = Names[i].Length / sizeof(WCHAR);
867
868 AccountsBuffer[i].Length = Names[i].Length;
869 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
870 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
871 if (AccountsBuffer[i].Buffer == NULL)
872 {
873 Status = STATUS_INSUFFICIENT_RESOURCES;
874 goto done;
875 }
876
877 CopyMemory(AccountsBuffer[i].Buffer,
878 Names[i].Buffer,
879 AccountsBuffer[i].Length);
880 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
881
882 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
883 }
884 else
885 {
886 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer);
887 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1;
888 //TRACE("DomainLength: %u\n", DomainLength);
889 //TRACE("AccountLength: %u\n", AccountLength);
890
891 if (DomainLength > 0)
892 {
893 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR);
894 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR);
895 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength);
896 if (DomainsBuffer[i].Buffer == NULL)
897 {
898 Status = STATUS_INSUFFICIENT_RESOURCES;
899 goto done;
900 }
901
902 CopyMemory(DomainsBuffer[i].Buffer,
903 Names[i].Buffer,
904 DomainsBuffer[i].Length);
905 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL;
906
907 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]);
908 }
909
910 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR);
911 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
912 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
913 if (AccountsBuffer[i].Buffer == NULL)
914 {
915 Status = STATUS_INSUFFICIENT_RESOURCES;
916 goto done;
917 }
918
919 CopyMemory(AccountsBuffer[i].Buffer,
920 &(Names[i].Buffer[DomainLength + 1]),
921 AccountsBuffer[i].Length);
922 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
923
924 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
925 }
926 }
927
928 done:
929 if (!NT_SUCCESS(Status))
930 {
931 if (AccountsBuffer != NULL)
932 {
933 for (i = 0; i < Count; i++)
934 {
935 if (AccountsBuffer[i].Buffer != NULL)
936 MIDL_user_free(AccountsBuffer[i].Buffer);
937 }
938
939 MIDL_user_free(AccountsBuffer);
940 }
941
942 if (DomainsBuffer != NULL)
943 {
944 for (i = 0; i < Count; i++)
945 {
946 if (DomainsBuffer[i].Buffer != NULL)
947 MIDL_user_free(DomainsBuffer[i].Buffer);
948 }
949
950 MIDL_user_free(DomainsBuffer);
951 }
952 }
953 else
954 {
955 *DomainNames = DomainsBuffer;
956 *AccountNames = AccountsBuffer;
957 }
958
959 return Status;
960 }
961
962
963 static NTSTATUS
964 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
965 PUNICODE_STRING Name,
966 PSID Sid,
967 PULONG Index)
968 {
969 ULONG i;
970
971 i = 0;
972 while (i < ReferencedDomains->Entries &&
973 ReferencedDomains->Domains[i].Sid != NULL)
974 {
975 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid))
976 {
977 *Index = i;
978 return STATUS_SUCCESS;
979 }
980
981 i++;
982 }
983
984 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid));
985 if (ReferencedDomains->Domains[i].Sid == NULL)
986 return STATUS_INSUFFICIENT_RESOURCES;
987
988 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid);
989
990 ReferencedDomains->Domains[i].Name.Length = Name->Length;
991 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength;
992 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength);
993 if (ReferencedDomains->Domains[i].Sid == NULL)
994 {
995 MIDL_user_free(ReferencedDomains->Domains[i].Sid);
996 ReferencedDomains->Domains[i].Sid = NULL;
997 return STATUS_INSUFFICIENT_RESOURCES;
998 }
999
1000 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer,
1001 Name->Buffer,
1002 Name->MaximumLength);
1003
1004 ReferencedDomains->Entries++;
1005 *Index = i;
1006
1007 return STATUS_SUCCESS;
1008 }
1009
1010
1011 static BOOLEAN
1012 LsapIsPrefixSid(IN PSID PrefixSid,
1013 IN PSID Sid)
1014 {
1015 PISID Sid1 = PrefixSid, Sid2 = Sid;
1016 ULONG i;
1017
1018 if (Sid1->Revision != Sid2->Revision)
1019 return FALSE;
1020
1021 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) ||
1022 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) ||
1023 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) ||
1024 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) ||
1025 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) ||
1026 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5]))
1027 return FALSE;
1028
1029 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount)
1030 return FALSE;
1031
1032 if (Sid1->SubAuthorityCount == 0)
1033 return TRUE;
1034
1035 for (i = 0; i < Sid1->SubAuthorityCount; i++)
1036 {
1037 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i])
1038 return FALSE;
1039 }
1040
1041 return TRUE;
1042 }
1043
1044
1045 ULONG
1046 LsapGetRelativeIdFromSid(PSID Sid_)
1047 {
1048 PISID Sid = Sid_;
1049
1050 if (Sid->SubAuthorityCount != 0)
1051 return Sid->SubAuthority[Sid->SubAuthorityCount - 1];
1052
1053 return 0;
1054 }
1055
1056
1057 static PSID
1058 CreateSidFromSidAndRid(PSID SrcSid,
1059 ULONG RelativeId)
1060 {
1061 UCHAR RidCount;
1062 PSID DstSid;
1063 ULONG i;
1064 ULONG DstSidSize;
1065 PULONG p, q;
1066
1067 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1068 if (RidCount >= 8)
1069 return NULL;
1070
1071 DstSidSize = RtlLengthRequiredSid(RidCount + 1);
1072
1073 DstSid = MIDL_user_allocate(DstSidSize);
1074 if (DstSid == NULL)
1075 return NULL;
1076
1077 RtlInitializeSid(DstSid,
1078 RtlIdentifierAuthoritySid(SrcSid),
1079 RidCount + 1);
1080
1081 for (i = 0; i < (ULONG)RidCount; i++)
1082 {
1083 p = RtlSubAuthoritySid(SrcSid, i);
1084 q = RtlSubAuthoritySid(DstSid, i);
1085 *q = *p;
1086 }
1087
1088 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
1089 *q = RelativeId;
1090
1091 return DstSid;
1092 }
1093
1094
1095 static PSID
1096 CreateDomainSidFromAccountSid(PSID AccountSid)
1097 {
1098 UCHAR RidCount;
1099 PSID DomainSid;
1100 ULONG i;
1101 ULONG DstSidSize;
1102 PULONG p, q;
1103
1104 RidCount = *RtlSubAuthorityCountSid(AccountSid);
1105 if (RidCount > 0)
1106 RidCount--;
1107
1108 DstSidSize = RtlLengthRequiredSid(RidCount);
1109
1110 DomainSid = MIDL_user_allocate(DstSidSize);
1111 if (DomainSid == NULL)
1112 return NULL;
1113
1114 RtlInitializeSid(DomainSid,
1115 RtlIdentifierAuthoritySid(AccountSid),
1116 RidCount);
1117
1118 for (i = 0; i < (ULONG)RidCount; i++)
1119 {
1120 p = RtlSubAuthoritySid(AccountSid, i);
1121 q = RtlSubAuthoritySid(DomainSid, i);
1122 *q = *p;
1123 }
1124
1125 return DomainSid;
1126 }
1127
1128
1129 static PSID
1130 LsapCopySid(PSID SrcSid)
1131 {
1132 UCHAR RidCount;
1133 PSID DstSid;
1134 ULONG i;
1135 ULONG DstSidSize;
1136 PULONG p, q;
1137
1138 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1139 DstSidSize = RtlLengthRequiredSid(RidCount);
1140
1141 DstSid = MIDL_user_allocate(DstSidSize);
1142 if (DstSid == NULL)
1143 return NULL;
1144
1145 RtlInitializeSid(DstSid,
1146 RtlIdentifierAuthoritySid(SrcSid),
1147 RidCount);
1148
1149 for (i = 0; i < (ULONG)RidCount; i++)
1150 {
1151 p = RtlSubAuthoritySid(SrcSid, i);
1152 q = RtlSubAuthoritySid(DstSid, i);
1153 *q = *p;
1154 }
1155
1156 return DstSid;
1157 }
1158
1159
1160 static
1161 NTSTATUS
1162 LsapLookupIsolatedNames(DWORD Count,
1163 PRPC_UNICODE_STRING DomainNames,
1164 PRPC_UNICODE_STRING AccountNames,
1165 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1166 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1167 PULONG Mapped)
1168 {
1169 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1170 PWELL_KNOWN_SID ptr, ptr2;
1171 PSID DomainSid;
1172 ULONG DomainIndex;
1173 ULONG i;
1174 NTSTATUS Status = STATUS_SUCCESS;
1175
1176 for (i = 0; i < Count; i++)
1177 {
1178 /* Ignore names which were already mapped */
1179 if (SidsBuffer[i].Use != SidTypeUnknown)
1180 continue;
1181
1182 /* Ignore fully qualified account names */
1183 if (DomainNames[i].Length != 0)
1184 continue;
1185
1186 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1187
1188 /* Look-up all well-known names */
1189 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]);
1190 if (ptr != NULL)
1191 {
1192 SidsBuffer[i].Use = ptr->Use;
1193 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1194 if (SidsBuffer[i].Sid == NULL)
1195 {
1196 Status = STATUS_INSUFFICIENT_RESOURCES;
1197 goto done;
1198 }
1199
1200 SidsBuffer[i].DomainIndex = -1;
1201 SidsBuffer[i].Flags = 0;
1202
1203 if (ptr->Use == SidTypeDomain)
1204 {
1205 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1206 &ptr->AccountName,
1207 ptr->Sid,
1208 &DomainIndex);
1209 if (!NT_SUCCESS(Status))
1210 goto done;
1211
1212 SidsBuffer[i].DomainIndex = DomainIndex;
1213 }
1214 else
1215 {
1216 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1217 if (ptr2 != NULL)
1218 {
1219 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1220 &ptr2->AccountName,
1221 ptr2->Sid,
1222 &DomainIndex);
1223 if (!NT_SUCCESS(Status))
1224 goto done;
1225
1226 SidsBuffer[i].DomainIndex = DomainIndex;
1227 }
1228 else
1229 {
1230 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1231 if (DomainSid == NULL)
1232 {
1233 Status = STATUS_INSUFFICIENT_RESOURCES;
1234 goto done;
1235 }
1236
1237 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1238 &EmptyDomainName,
1239 DomainSid,
1240 &DomainIndex);
1241
1242 if (DomainSid != NULL)
1243 {
1244 MIDL_user_free(DomainSid);
1245 DomainSid = NULL;
1246 }
1247
1248 if (!NT_SUCCESS(Status))
1249 goto done;
1250
1251 SidsBuffer[i].DomainIndex = DomainIndex;
1252 }
1253 }
1254
1255 (*Mapped)++;
1256 continue;
1257 }
1258
1259 /* Look-up the built-in domain */
1260 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE))
1261 {
1262 SidsBuffer[i].Use = SidTypeDomain;
1263 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid);
1264 if (SidsBuffer[i].Sid == NULL)
1265 {
1266 Status = STATUS_INSUFFICIENT_RESOURCES;
1267 goto done;
1268 }
1269
1270 SidsBuffer[i].DomainIndex = -1;
1271 SidsBuffer[i].Flags = 0;
1272
1273 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1274 &BuiltinDomainName,
1275 BuiltinDomainSid,
1276 &DomainIndex);
1277 if (!NT_SUCCESS(Status))
1278 goto done;
1279
1280 SidsBuffer[i].DomainIndex = DomainIndex;
1281
1282 (*Mapped)++;
1283 continue;
1284 }
1285
1286 /* Look-up the account domain */
1287 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
1288 {
1289 SidsBuffer[i].Use = SidTypeDomain;
1290 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid);
1291 if (SidsBuffer[i].Sid == NULL)
1292 {
1293 Status = STATUS_INSUFFICIENT_RESOURCES;
1294 goto done;
1295 }
1296 SidsBuffer[i].DomainIndex = -1;
1297 SidsBuffer[i].Flags = 0;
1298
1299 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1300 &AccountDomainName,
1301 AccountDomainSid,
1302 &DomainIndex);
1303 if (!NT_SUCCESS(Status))
1304 goto done;
1305
1306 SidsBuffer[i].DomainIndex = DomainIndex;
1307
1308 (*Mapped)++;
1309 continue;
1310 }
1311
1312 /* FIXME: Look-up the primary domain */
1313
1314 /* FIXME: Look-up the trusted domains */
1315
1316 }
1317
1318 done:
1319
1320 return Status;
1321 }
1322
1323
1324 static
1325 NTSTATUS
1326 LsapLookupIsolatedBuiltinNames(DWORD Count,
1327 PRPC_UNICODE_STRING DomainNames,
1328 PRPC_UNICODE_STRING AccountNames,
1329 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1330 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1331 PULONG Mapped)
1332 {
1333 SAMPR_HANDLE ServerHandle = NULL;
1334 SAMPR_HANDLE DomainHandle = NULL;
1335 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1336 SAMPR_ULONG_ARRAY Use = {0, NULL};
1337 ULONG DomainIndex;
1338 ULONG i;
1339 NTSTATUS Status = STATUS_SUCCESS;
1340
1341 Status = SamrConnect(NULL,
1342 &ServerHandle,
1343 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1344 if (!NT_SUCCESS(Status))
1345 {
1346 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1347 goto done;
1348 }
1349
1350 Status = SamrOpenDomain(ServerHandle,
1351 DOMAIN_LOOKUP,
1352 BuiltinDomainSid,
1353 &DomainHandle);
1354 if (!NT_SUCCESS(Status))
1355 {
1356 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1357 goto done;
1358 }
1359
1360 for (i = 0; i < Count; i++)
1361 {
1362 /* Ignore names which were already mapped */
1363 if (SidsBuffer[i].Use != SidTypeUnknown)
1364 continue;
1365
1366 /* Ignore fully qualified account names */
1367 if (DomainNames[i].Length != 0)
1368 continue;
1369
1370 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1371
1372 Status = SamrLookupNamesInDomain(DomainHandle,
1373 1,
1374 &AccountNames[i],
1375 &RelativeIds,
1376 &Use);
1377 if (NT_SUCCESS(Status))
1378 {
1379 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1380
1381 SidsBuffer[i].Use = Use.Element[0];
1382 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1383 RelativeIds.Element[0]);
1384 if (SidsBuffer[i].Sid == NULL)
1385 {
1386 Status = STATUS_INSUFFICIENT_RESOURCES;
1387 goto done;
1388 }
1389
1390 SidsBuffer[i].DomainIndex = -1;
1391 SidsBuffer[i].Flags = 0;
1392
1393 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1394 &BuiltinDomainName,
1395 BuiltinDomainSid,
1396 &DomainIndex);
1397 if (!NT_SUCCESS(Status))
1398 goto done;
1399
1400 SidsBuffer[i].DomainIndex = DomainIndex;
1401
1402 (*Mapped)++;
1403 }
1404
1405 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1406 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1407 }
1408
1409 done:
1410 if (DomainHandle != NULL)
1411 SamrCloseHandle(&DomainHandle);
1412
1413 if (ServerHandle != NULL)
1414 SamrCloseHandle(&ServerHandle);
1415
1416 return Status;
1417 }
1418
1419
1420 static
1421 NTSTATUS
1422 LsapLookupIsolatedAccountNames(DWORD Count,
1423 PRPC_UNICODE_STRING DomainNames,
1424 PRPC_UNICODE_STRING AccountNames,
1425 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1426 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1427 PULONG Mapped)
1428 {
1429 SAMPR_HANDLE ServerHandle = NULL;
1430 SAMPR_HANDLE DomainHandle = NULL;
1431 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1432 SAMPR_ULONG_ARRAY Use = {0, NULL};
1433 ULONG DomainIndex;
1434 ULONG i;
1435 NTSTATUS Status = STATUS_SUCCESS;
1436
1437 TRACE("()\n");
1438
1439 Status = SamrConnect(NULL,
1440 &ServerHandle,
1441 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1442 if (!NT_SUCCESS(Status))
1443 {
1444 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1445 goto done;
1446 }
1447
1448 Status = SamrOpenDomain(ServerHandle,
1449 DOMAIN_LOOKUP,
1450 AccountDomainSid,
1451 &DomainHandle);
1452 if (!NT_SUCCESS(Status))
1453 {
1454 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1455 goto done;
1456 }
1457
1458 for (i = 0; i < Count; i++)
1459 {
1460 /* Ignore names which were already mapped */
1461 if (SidsBuffer[i].Use != SidTypeUnknown)
1462 continue;
1463
1464 /* Ignore fully qualified account names */
1465 if (DomainNames[i].Length != 0)
1466 continue;
1467
1468 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1469
1470 Status = SamrLookupNamesInDomain(DomainHandle,
1471 1,
1472 &AccountNames[i],
1473 &RelativeIds,
1474 &Use);
1475 if (NT_SUCCESS(Status))
1476 {
1477 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1478
1479 SidsBuffer[i].Use = Use.Element[0];
1480 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1481 RelativeIds.Element[0]);
1482 if (SidsBuffer[i].Sid == NULL)
1483 {
1484 Status = STATUS_INSUFFICIENT_RESOURCES;
1485 goto done;
1486 }
1487
1488 SidsBuffer[i].DomainIndex = -1;
1489 SidsBuffer[i].Flags = 0;
1490
1491 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1492 &AccountDomainName,
1493 AccountDomainSid,
1494 &DomainIndex);
1495 if (!NT_SUCCESS(Status))
1496 goto done;
1497
1498 SidsBuffer[i].DomainIndex = DomainIndex;
1499
1500 (*Mapped)++;
1501 }
1502
1503 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1504 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1505 }
1506
1507 done:
1508 if (DomainHandle != NULL)
1509 SamrCloseHandle(&DomainHandle);
1510
1511 if (ServerHandle != NULL)
1512 SamrCloseHandle(&ServerHandle);
1513
1514 return Status;
1515 }
1516
1517
1518 static
1519 NTSTATUS
1520 LsapLookupFullyQualifiedWellKnownNames(DWORD Count,
1521 PRPC_UNICODE_STRING DomainNames,
1522 PRPC_UNICODE_STRING AccountNames,
1523 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1524 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1525 PULONG Mapped)
1526 {
1527 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1528 PWELL_KNOWN_SID ptr, ptr2;
1529 PSID DomainSid;
1530 ULONG DomainIndex;
1531 ULONG i;
1532 NTSTATUS Status = STATUS_SUCCESS;
1533
1534 for (i = 0; i < Count; i++)
1535 {
1536 /* Ignore names which were already mapped */
1537 if (SidsBuffer[i].Use != SidTypeUnknown)
1538 continue;
1539
1540 /* Ignore isolated account names */
1541 if (DomainNames[i].Length == 0)
1542 continue;
1543
1544 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1545
1546 /* Look-up all well-known names */
1547 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i],
1548 (PUNICODE_STRING)&DomainNames[i]);
1549 if (ptr != NULL)
1550 {
1551 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName);
1552
1553 SidsBuffer[i].Use = ptr->Use;
1554 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1555 if (SidsBuffer[i].Sid == NULL)
1556 {
1557 Status = STATUS_INSUFFICIENT_RESOURCES;
1558 goto done;
1559 }
1560
1561 SidsBuffer[i].DomainIndex = -1;
1562 SidsBuffer[i].Flags = 0;
1563
1564 if (ptr->Use == SidTypeDomain)
1565 {
1566 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1567 &ptr->AccountName,
1568 ptr->Sid,
1569 &DomainIndex);
1570 if (!NT_SUCCESS(Status))
1571 goto done;
1572
1573 SidsBuffer[i].DomainIndex = DomainIndex;
1574 }
1575 else
1576 {
1577 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1578 if (ptr2 != NULL)
1579 {
1580 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1581 &ptr2->AccountName,
1582 ptr2->Sid,
1583 &DomainIndex);
1584 if (!NT_SUCCESS(Status))
1585 goto done;
1586
1587 SidsBuffer[i].DomainIndex = DomainIndex;
1588 }
1589 else
1590 {
1591 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1592 if (DomainSid == NULL)
1593 {
1594 Status = STATUS_INSUFFICIENT_RESOURCES;
1595 goto done;
1596 }
1597
1598 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1599 &EmptyDomainName,
1600 DomainSid,
1601 &DomainIndex);
1602
1603 if (DomainSid != NULL)
1604 {
1605 MIDL_user_free(DomainSid);
1606 DomainSid = NULL;
1607 }
1608
1609 if (!NT_SUCCESS(Status))
1610 goto done;
1611
1612 SidsBuffer[i].DomainIndex = DomainIndex;
1613 }
1614 }
1615
1616 (*Mapped)++;
1617 continue;
1618 }
1619 }
1620
1621 done:
1622 return Status;
1623 }
1624
1625
1626 static
1627 NTSTATUS
1628 LsapLookupBuiltinNames(DWORD Count,
1629 PRPC_UNICODE_STRING DomainNames,
1630 PRPC_UNICODE_STRING AccountNames,
1631 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1632 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1633 PULONG Mapped)
1634 {
1635 SAMPR_HANDLE ServerHandle = NULL;
1636 SAMPR_HANDLE DomainHandle = NULL;
1637 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1638 SAMPR_ULONG_ARRAY Use = {0, NULL};
1639 ULONG DomainIndex;
1640 ULONG i;
1641 NTSTATUS Status = STATUS_SUCCESS;
1642
1643 Status = SamrConnect(NULL,
1644 &ServerHandle,
1645 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1646 if (!NT_SUCCESS(Status))
1647 {
1648 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1649 goto done;
1650 }
1651
1652 Status = SamrOpenDomain(ServerHandle,
1653 DOMAIN_LOOKUP,
1654 BuiltinDomainSid,
1655 &DomainHandle);
1656 if (!NT_SUCCESS(Status))
1657 {
1658 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1659 goto done;
1660 }
1661
1662 for (i = 0; i < Count; i++)
1663 {
1664 /* Ignore names which were already mapped */
1665 if (SidsBuffer[i].Use != SidTypeUnknown)
1666 continue;
1667
1668 /* Ignore isolated account names */
1669 if (DomainNames[i].Length == 0)
1670 continue;
1671
1672 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE))
1673 continue;
1674
1675 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1676
1677 Status = SamrLookupNamesInDomain(DomainHandle,
1678 1,
1679 &AccountNames[i],
1680 &RelativeIds,
1681 &Use);
1682 if (NT_SUCCESS(Status))
1683 {
1684 SidsBuffer[i].Use = Use.Element[0];
1685 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1686 RelativeIds.Element[0]);
1687 if (SidsBuffer[i].Sid == NULL)
1688 {
1689 Status = STATUS_INSUFFICIENT_RESOURCES;
1690 goto done;
1691 }
1692
1693 SidsBuffer[i].DomainIndex = -1;
1694 SidsBuffer[i].Flags = 0;
1695
1696 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1697 &BuiltinDomainName,
1698 BuiltinDomainSid,
1699 &DomainIndex);
1700 if (!NT_SUCCESS(Status))
1701 goto done;
1702
1703 SidsBuffer[i].DomainIndex = DomainIndex;
1704
1705 (*Mapped)++;
1706 }
1707
1708 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1709 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1710 }
1711
1712 done:
1713 if (DomainHandle != NULL)
1714 SamrCloseHandle(&DomainHandle);
1715
1716 if (ServerHandle != NULL)
1717 SamrCloseHandle(&ServerHandle);
1718
1719 return Status;
1720 }
1721
1722
1723 static
1724 NTSTATUS
1725 LsapLookupAccountNames(DWORD Count,
1726 PRPC_UNICODE_STRING DomainNames,
1727 PRPC_UNICODE_STRING AccountNames,
1728 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1729 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1730 PULONG Mapped)
1731 {
1732 SAMPR_HANDLE ServerHandle = NULL;
1733 SAMPR_HANDLE DomainHandle = NULL;
1734 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1735 SAMPR_ULONG_ARRAY Use = {0, NULL};
1736 ULONG DomainIndex;
1737 ULONG i;
1738 NTSTATUS Status = STATUS_SUCCESS;
1739
1740 Status = SamrConnect(NULL,
1741 &ServerHandle,
1742 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1743 if (!NT_SUCCESS(Status))
1744 {
1745 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1746 goto done;
1747 }
1748
1749 Status = SamrOpenDomain(ServerHandle,
1750 DOMAIN_LOOKUP,
1751 AccountDomainSid,
1752 &DomainHandle);
1753 if (!NT_SUCCESS(Status))
1754 {
1755 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1756 goto done;
1757 }
1758
1759 for (i = 0; i < Count; i++)
1760 {
1761 /* Ignore names which were already mapped */
1762 if (SidsBuffer[i].Use != SidTypeUnknown)
1763 continue;
1764
1765 /* Ignore isolated account names */
1766 if (DomainNames[i].Length == 0)
1767 continue;
1768
1769 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE))
1770 continue;
1771
1772 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1773
1774 Status = SamrLookupNamesInDomain(DomainHandle,
1775 1,
1776 &AccountNames[i],
1777 &RelativeIds,
1778 &Use);
1779 if (NT_SUCCESS(Status))
1780 {
1781 SidsBuffer[i].Use = Use.Element[0];
1782 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1783 RelativeIds.Element[0]);
1784 if (SidsBuffer[i].Sid == NULL)
1785 {
1786 Status = STATUS_INSUFFICIENT_RESOURCES;
1787 goto done;
1788 }
1789
1790 SidsBuffer[i].DomainIndex = -1;
1791 SidsBuffer[i].Flags = 0;
1792
1793 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1794 &AccountDomainName,
1795 AccountDomainSid,
1796 &DomainIndex);
1797 if (!NT_SUCCESS(Status))
1798 goto done;
1799
1800 SidsBuffer[i].DomainIndex = DomainIndex;
1801
1802 (*Mapped)++;
1803 }
1804
1805 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1806 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1807 }
1808
1809 done:
1810 if (DomainHandle != NULL)
1811 SamrCloseHandle(&DomainHandle);
1812
1813 if (ServerHandle != NULL)
1814 SamrCloseHandle(&ServerHandle);
1815
1816 return Status;
1817 }
1818
1819
1820 NTSTATUS
1821 LsapLookupNames(DWORD Count,
1822 PRPC_UNICODE_STRING Names,
1823 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1824 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1825 LSAP_LOOKUP_LEVEL LookupLevel,
1826 DWORD *MappedCount,
1827 DWORD LookupOptions,
1828 DWORD ClientRevision)
1829 {
1830 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
1831 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL;
1832 PRPC_UNICODE_STRING DomainNames = NULL;
1833 PRPC_UNICODE_STRING AccountNames = NULL;
1834 ULONG SidsBufferLength;
1835 ULONG i;
1836 ULONG Mapped = 0;
1837 NTSTATUS Status = STATUS_SUCCESS;
1838
1839 //TRACE("()\n");
1840
1841 TranslatedSids->Entries = 0;
1842 TranslatedSids->Sids = NULL;
1843 *ReferencedDomains = NULL;
1844
1845 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2);
1846 SidsBuffer = MIDL_user_allocate(SidsBufferLength);
1847 if (SidsBuffer == NULL)
1848 {
1849 //TRACE("\n");
1850 Status = STATUS_INSUFFICIENT_RESOURCES;
1851 goto done;
1852 }
1853
1854 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
1855 if (DomainsBuffer == NULL)
1856 {
1857 //TRACE("\n");
1858 Status = STATUS_INSUFFICIENT_RESOURCES;
1859 goto done;
1860 }
1861
1862 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION));
1863 if (DomainsBuffer->Domains == NULL)
1864 {
1865 //TRACE("\n");
1866 Status = STATUS_INSUFFICIENT_RESOURCES;
1867 goto done;
1868 }
1869 DomainsBuffer->Entries = 0;
1870 DomainsBuffer->MaxEntries = Count;
1871
1872 for (i = 0; i < Count; i++)
1873 {
1874 SidsBuffer[i].Use = SidTypeUnknown;
1875 SidsBuffer[i].Sid = NULL;
1876 SidsBuffer[i].DomainIndex = -1;
1877 SidsBuffer[i].Flags = 0;
1878 }
1879
1880 Status = LsapSplitNames(Count,
1881 Names,
1882 &DomainNames,
1883 &AccountNames);
1884 if (!NT_SUCCESS(Status))
1885 {
1886 TRACE("LsapSplitNames failed! (Status %lx)\n", Status);
1887 goto done;
1888 }
1889
1890
1891 Status = LsapLookupIsolatedNames(Count,
1892 DomainNames,
1893 AccountNames,
1894 DomainsBuffer,
1895 SidsBuffer,
1896 &Mapped);
1897 if (!NT_SUCCESS(Status) &&
1898 Status != STATUS_NONE_MAPPED &&
1899 Status != STATUS_SOME_NOT_MAPPED)
1900 {
1901 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
1902 goto done;
1903 }
1904
1905 if (Mapped == Count)
1906 goto done;
1907
1908
1909 Status = LsapLookupIsolatedBuiltinNames(Count,
1910 DomainNames,
1911 AccountNames,
1912 DomainsBuffer,
1913 SidsBuffer,
1914 &Mapped);
1915 if (!NT_SUCCESS(Status) &&
1916 Status != STATUS_NONE_MAPPED &&
1917 Status != STATUS_SOME_NOT_MAPPED)
1918 {
1919 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
1920 goto done;
1921 }
1922
1923 if (Mapped == Count)
1924 goto done;
1925
1926
1927 Status = LsapLookupIsolatedAccountNames(Count,
1928 DomainNames,
1929 AccountNames,
1930 DomainsBuffer,
1931 SidsBuffer,
1932 &Mapped);
1933 if (!NT_SUCCESS(Status) &&
1934 Status != STATUS_NONE_MAPPED &&
1935 Status != STATUS_SOME_NOT_MAPPED)
1936 {
1937 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
1938 goto done;
1939 }
1940
1941 if (Mapped == Count)
1942 goto done;
1943
1944 Status = LsapLookupFullyQualifiedWellKnownNames(Count,
1945 DomainNames,
1946 AccountNames,
1947 DomainsBuffer,
1948 SidsBuffer,
1949 &Mapped);
1950 if (!NT_SUCCESS(Status) &&
1951 Status != STATUS_NONE_MAPPED &&
1952 Status != STATUS_SOME_NOT_MAPPED)
1953 {
1954 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status);
1955 goto done;
1956 }
1957
1958 if (Mapped == Count)
1959 goto done;
1960
1961 Status = LsapLookupBuiltinNames(Count,
1962 DomainNames,
1963 AccountNames,
1964 DomainsBuffer,
1965 SidsBuffer,
1966 &Mapped);
1967 if (!NT_SUCCESS(Status) &&
1968 Status != STATUS_NONE_MAPPED &&
1969 Status != STATUS_SOME_NOT_MAPPED)
1970 {
1971 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
1972 goto done;
1973 }
1974
1975 if (Mapped == Count)
1976 goto done;
1977
1978
1979 Status = LsapLookupAccountNames(Count,
1980 DomainNames,
1981 AccountNames,
1982 DomainsBuffer,
1983 SidsBuffer,
1984 &Mapped);
1985 if (!NT_SUCCESS(Status) &&
1986 Status != STATUS_NONE_MAPPED &&
1987 Status != STATUS_SOME_NOT_MAPPED)
1988 {
1989 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
1990 goto done;
1991 }
1992
1993 if (Mapped == Count)
1994 goto done;
1995
1996 done:
1997 // TRACE("done: Status %lx\n", Status);
1998
1999 if (DomainNames != NULL)
2000 {
2001 //TRACE("Free DomainNames\n");
2002 for (i = 0; i < Count; i++)
2003 {
2004 if (DomainNames[i].Buffer != NULL)
2005 MIDL_user_free(DomainNames[i].Buffer);
2006 }
2007
2008 MIDL_user_free(DomainNames);
2009 }
2010
2011 if (AccountNames != NULL)
2012 {
2013 //TRACE("Free AccountNames\n");
2014 for (i = 0; i < Count; i++)
2015 {
2016 //TRACE("i: %lu\n", i);
2017 if (AccountNames[i].Buffer != NULL)
2018 {
2019 MIDL_user_free(AccountNames[i].Buffer);
2020 }
2021 }
2022
2023 MIDL_user_free(AccountNames);
2024 }
2025
2026 if (!NT_SUCCESS(Status))
2027 {
2028 //TRACE("Failure!\n");
2029
2030 //TRACE("Free DomainsBuffer\n");
2031 if (DomainsBuffer != NULL)
2032 {
2033 if (DomainsBuffer->Domains != NULL)
2034 MIDL_user_free(DomainsBuffer->Domains);
2035
2036 MIDL_user_free(DomainsBuffer);
2037 }
2038
2039 //TRACE("Free SidsBuffer\n");
2040 if (SidsBuffer != NULL)
2041 MIDL_user_free(SidsBuffer);
2042 }
2043 else
2044 {
2045 //TRACE("Success!\n");
2046
2047 *ReferencedDomains = DomainsBuffer;
2048 TranslatedSids->Entries = Count;
2049 TranslatedSids->Sids = SidsBuffer;
2050 *MappedCount = Mapped;
2051
2052 if (Mapped == 0)
2053 Status = STATUS_NONE_MAPPED;
2054 else if (Mapped < Count)
2055 Status = STATUS_SOME_NOT_MAPPED;
2056 }
2057
2058 // TRACE("done: Status %lx\n", Status);
2059
2060 return Status;
2061 }
2062
2063
2064 static NTSTATUS
2065 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2066 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2067 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2068 PULONG Mapped)
2069 {
2070 PWELL_KNOWN_SID ptr, ptr2;
2071 LPWSTR SidString = NULL;
2072 ULONG DomainIndex;
2073 ULONG i;
2074 NTSTATUS Status = STATUS_SUCCESS;
2075
2076 for (i = 0; i < SidEnumBuffer->Entries; i++)
2077 {
2078 /* Ignore SIDs which are already mapped */
2079 if (NamesBuffer[i].Use != SidTypeUnknown)
2080 continue;
2081
2082 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2083 TRACE("Mapping SID: %S\n", SidString);
2084 LocalFree(SidString);
2085 SidString = NULL;
2086
2087 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
2088 if (ptr != NULL)
2089 {
2090 NamesBuffer[i].Use = ptr->Use;
2091 NamesBuffer[i].Flags = 0;
2092
2093 NamesBuffer[i].Name.Length = ptr->AccountName.Length;
2094 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength;
2095 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength);
2096 if (NamesBuffer[i].Name.Buffer == NULL)
2097 {
2098 Status = STATUS_INSUFFICIENT_RESOURCES;
2099 goto done;
2100 }
2101
2102 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength);
2103
2104 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
2105 if (ptr2 != NULL)
2106 {
2107 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2108 &ptr2->AccountName,
2109 ptr2->Sid,
2110 &DomainIndex);
2111 if (!NT_SUCCESS(Status))
2112 goto done;
2113
2114 NamesBuffer[i].DomainIndex = DomainIndex;
2115 }
2116
2117 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2118
2119 (*Mapped)++;
2120 }
2121 }
2122
2123 done:
2124 return Status;
2125 }
2126
2127
2128 static NTSTATUS
2129 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2130 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2131 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2132 PULONG Mapped)
2133 {
2134 SAMPR_HANDLE ServerHandle = NULL;
2135 SAMPR_HANDLE DomainHandle = NULL;
2136 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2137 SAMPR_ULONG_ARRAY Use = {0, NULL};
2138 LPWSTR SidString = NULL;
2139 ULONG DomainIndex;
2140 ULONG RelativeIds[1];
2141 ULONG i;
2142 NTSTATUS Status = STATUS_SUCCESS;
2143
2144 Status = SamrConnect(NULL,
2145 &ServerHandle,
2146 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2147 if (!NT_SUCCESS(Status))
2148 {
2149 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2150 goto done;
2151 }
2152
2153 Status = SamrOpenDomain(ServerHandle,
2154 DOMAIN_LOOKUP,
2155 BuiltinDomainSid,
2156 &DomainHandle);
2157 if (!NT_SUCCESS(Status))
2158 {
2159 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2160 goto done;
2161 }
2162
2163 for (i = 0; i < SidEnumBuffer->Entries; i++)
2164 {
2165 /* Ignore SIDs which are already mapped */
2166 if (NamesBuffer[i].Use != SidTypeUnknown)
2167 continue;
2168
2169 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2170 TRACE("Mapping SID: %S\n", SidString);
2171 LocalFree(SidString);
2172 SidString = NULL;
2173
2174 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2175 {
2176 TRACE("Found builtin domain!\n");
2177
2178 NamesBuffer[i].Use = SidTypeDomain;
2179 NamesBuffer[i].Flags = 0;
2180
2181 NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
2182 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
2183 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength);
2184 if (NamesBuffer[i].Name.Buffer == NULL)
2185 {
2186 Status = STATUS_INSUFFICIENT_RESOURCES;
2187 goto done;
2188 }
2189
2190 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength);
2191
2192 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2193 &BuiltinDomainName,
2194 BuiltinDomainSid,
2195 &DomainIndex);
2196 if (!NT_SUCCESS(Status))
2197 goto done;
2198
2199 NamesBuffer[i].DomainIndex = DomainIndex;
2200
2201 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2202
2203 (*Mapped)++;
2204 }
2205 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2206 {
2207 TRACE("Found builtin domain account!\n");
2208
2209 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2210
2211 Status = SamrLookupIdsInDomain(DomainHandle,
2212 1,
2213 RelativeIds,
2214 &Names,
2215 &Use);
2216 if (NT_SUCCESS(Status))
2217 {
2218 NamesBuffer[i].Use = Use.Element[0];
2219 NamesBuffer[i].Flags = 0;
2220
2221 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2222 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2223 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2224 if (NamesBuffer[i].Name.Buffer == NULL)
2225 {
2226 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2227 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2228
2229 Status = STATUS_INSUFFICIENT_RESOURCES;
2230 goto done;
2231 }
2232
2233 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2234 Names.Element[0].Buffer,
2235 Names.Element[0].MaximumLength);
2236
2237 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2238 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2239
2240 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2241 &BuiltinDomainName,
2242 BuiltinDomainSid,
2243 &DomainIndex);
2244 if (!NT_SUCCESS(Status))
2245 goto done;
2246
2247 NamesBuffer[i].DomainIndex = DomainIndex;
2248
2249 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2250
2251 (*Mapped)++;
2252 }
2253 }
2254 }
2255
2256 done:
2257 if (DomainHandle != NULL)
2258 SamrCloseHandle(&DomainHandle);
2259
2260 if (ServerHandle != NULL)
2261 SamrCloseHandle(&ServerHandle);
2262
2263 return Status;
2264 }
2265
2266
2267 static NTSTATUS
2268 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2269 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2270 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2271 PULONG Mapped)
2272 {
2273 SAMPR_HANDLE ServerHandle = NULL;
2274 SAMPR_HANDLE DomainHandle = NULL;
2275 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2276 SAMPR_ULONG_ARRAY Use = {0, NULL};
2277 LPWSTR SidString = NULL;
2278 ULONG DomainIndex;
2279 ULONG RelativeIds[1];
2280 ULONG i;
2281 NTSTATUS Status = STATUS_SUCCESS;
2282
2283 Status = SamrConnect(NULL,
2284 &ServerHandle,
2285 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2286 if (!NT_SUCCESS(Status))
2287 {
2288 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2289 goto done;
2290 }
2291
2292 Status = SamrOpenDomain(ServerHandle,
2293 DOMAIN_LOOKUP,
2294 AccountDomainSid,
2295 &DomainHandle);
2296 if (!NT_SUCCESS(Status))
2297 {
2298 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2299 goto done;
2300 }
2301
2302 for (i = 0; i < SidEnumBuffer->Entries; i++)
2303 {
2304 /* Ignore SIDs which are already mapped */
2305 if (NamesBuffer[i].Use != SidTypeUnknown)
2306 continue;
2307
2308 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2309 TRACE("Mapping SID: %S\n", SidString);
2310 LocalFree(SidString);
2311 SidString = NULL;
2312
2313 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2314 {
2315 TRACE("Found account domain!\n");
2316
2317 NamesBuffer[i].Use = SidTypeDomain;
2318 NamesBuffer[i].Flags = 0;
2319
2320 NamesBuffer[i].Name.Length = AccountDomainName.Length;
2321 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
2322 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength);
2323 if (NamesBuffer[i].Name.Buffer == NULL)
2324 {
2325 Status = STATUS_INSUFFICIENT_RESOURCES;
2326 goto done;
2327 }
2328
2329 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength);
2330
2331 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2332 &AccountDomainName,
2333 AccountDomainSid,
2334 &DomainIndex);
2335 if (!NT_SUCCESS(Status))
2336 goto done;
2337
2338 NamesBuffer[i].DomainIndex = DomainIndex;
2339
2340 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2341
2342 (*Mapped)++;
2343 }
2344 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2345 {
2346 TRACE("Found account domain account!\n");
2347
2348 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2349
2350 Status = SamrLookupIdsInDomain(DomainHandle,
2351 1,
2352 RelativeIds,
2353 &Names,
2354 &Use);
2355 if (NT_SUCCESS(Status))
2356 {
2357 NamesBuffer[i].Use = Use.Element[0];
2358 NamesBuffer[i].Flags = 0;
2359
2360 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2361 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2362 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2363 if (NamesBuffer[i].Name.Buffer == NULL)
2364 {
2365 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2366 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2367
2368 Status = STATUS_INSUFFICIENT_RESOURCES;
2369 goto done;
2370 }
2371
2372 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2373 Names.Element[0].Buffer,
2374 Names.Element[0].MaximumLength);
2375
2376 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2377 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2378
2379 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2380 &AccountDomainName,
2381 AccountDomainSid,
2382 &DomainIndex);
2383 if (!NT_SUCCESS(Status))
2384 goto done;
2385
2386 NamesBuffer[i].DomainIndex = DomainIndex;
2387
2388 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2389
2390 (*Mapped)++;
2391 }
2392 }
2393 }
2394
2395 done:
2396 if (DomainHandle != NULL)
2397 SamrCloseHandle(&DomainHandle);
2398
2399 if (ServerHandle != NULL)
2400 SamrCloseHandle(&ServerHandle);
2401
2402 return Status;
2403 }
2404
2405
2406 NTSTATUS
2407 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2408 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
2409 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
2410 LSAP_LOOKUP_LEVEL LookupLevel,
2411 DWORD *MappedCount,
2412 DWORD LookupOptions,
2413 DWORD ClientRevision)
2414 {
2415 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
2416 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL;
2417 ULONG NamesBufferLength;
2418 ULONG i;
2419 ULONG Mapped = 0;
2420 NTSTATUS Status = STATUS_SUCCESS;
2421
2422 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX);
2423 NamesBuffer = MIDL_user_allocate(NamesBufferLength);
2424 if (NamesBuffer == NULL)
2425 {
2426 Status = STATUS_INSUFFICIENT_RESOURCES;
2427 goto done;
2428 }
2429
2430 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
2431 if (DomainsBuffer == NULL)
2432 {
2433 Status = STATUS_INSUFFICIENT_RESOURCES;
2434 goto done;
2435 }
2436
2437 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
2438 if (DomainsBuffer->Domains == NULL)
2439 {
2440 Status = STATUS_INSUFFICIENT_RESOURCES;
2441 goto done;
2442 }
2443
2444 DomainsBuffer->Entries = 0;
2445 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
2446
2447 /* Initialize all name entries */
2448 for (i = 0; i < SidEnumBuffer->Entries; i++)
2449 {
2450 NamesBuffer[i].Use = SidTypeUnknown;
2451 NamesBuffer[i].Name.Length = 0;
2452 NamesBuffer[i].Name.MaximumLength = 0;
2453 NamesBuffer[i].Name.Buffer = NULL;
2454 NamesBuffer[i].DomainIndex = -1;
2455 NamesBuffer[i].Flags = 0;
2456 }
2457
2458 /* Look-up well-known SIDs */
2459 Status = LsapLookupWellKnownSids(SidEnumBuffer,
2460 NamesBuffer,
2461 DomainsBuffer,
2462 &Mapped);
2463 if (!NT_SUCCESS(Status) &&
2464 Status != STATUS_NONE_MAPPED &&
2465 Status != STATUS_SOME_NOT_MAPPED)
2466 goto done;
2467
2468 if (Mapped == SidEnumBuffer->Entries)
2469 goto done;
2470
2471 /* Look-up builtin domain SIDs */
2472 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
2473 NamesBuffer,
2474 DomainsBuffer,
2475 &Mapped);
2476 if (!NT_SUCCESS(Status) &&
2477 Status != STATUS_NONE_MAPPED &&
2478 Status != STATUS_SOME_NOT_MAPPED)
2479 goto done;
2480
2481 if (Mapped == SidEnumBuffer->Entries)
2482 goto done;
2483
2484 /* Look-up account domain SIDs */
2485 Status = LsapLookupAccountDomainSids(SidEnumBuffer,
2486 NamesBuffer,
2487 DomainsBuffer,
2488 &Mapped);
2489 if (!NT_SUCCESS(Status) &&
2490 Status != STATUS_NONE_MAPPED &&
2491 Status != STATUS_SOME_NOT_MAPPED)
2492 goto done;
2493
2494 if (Mapped == SidEnumBuffer->Entries)
2495 goto done;
2496
2497 done:
2498 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);
2499
2500 if (!NT_SUCCESS(Status))
2501 {
2502 if (DomainsBuffer != NULL)
2503 {
2504 if (DomainsBuffer->Domains != NULL)
2505 MIDL_user_free(DomainsBuffer->Domains);
2506
2507 MIDL_user_free(DomainsBuffer);
2508 }
2509
2510 if (NamesBuffer != NULL)
2511 MIDL_user_free(NamesBuffer);
2512 }
2513 else
2514 {
2515 *ReferencedDomains = DomainsBuffer;
2516 TranslatedNames->Entries = SidEnumBuffer->Entries;
2517 TranslatedNames->Names = NamesBuffer;
2518 *MappedCount = Mapped;
2519
2520 if (Mapped == 0)
2521 Status = STATUS_NONE_MAPPED;
2522 else if (Mapped < SidEnumBuffer->Entries)
2523 Status = STATUS_SOME_NOT_MAPPED;
2524 }
2525
2526 return Status;
2527 }
2528
2529 /* EOF */