e1368393b6cc9ae602178a004d075e89572e7d81
[reactos.git] / reactos / dll / win32 / lsasrv / lookup.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lookup.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10 #include "lsasrv.h"
11
12 #include "resources.h"
13
14 /* GLOBALS *****************************************************************/
15
16 typedef wchar_t *PSAMPR_SERVER_NAME;
17 typedef void *SAMPR_HANDLE;
18
19 typedef struct _SAMPR_RETURNED_USTRING_ARRAY
20 {
21 unsigned long Count;
22 PRPC_UNICODE_STRING Element;
23 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY;
24
25 typedef struct _SAMPR_ULONG_ARRAY
26 {
27 unsigned long Count;
28 unsigned long *Element;
29 } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
30
31
32 VOID
33 NTAPI
34 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr);
35
36 VOID
37 NTAPI
38 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr);
39
40 NTSTATUS
41 NTAPI
42 SamrConnect(IN PSAMPR_SERVER_NAME ServerName,
43 OUT SAMPR_HANDLE *ServerHandle,
44 IN ACCESS_MASK DesiredAccess);
45
46 NTSTATUS
47 NTAPI
48 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle);
49
50 NTSTATUS
51 NTAPI
52 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle,
53 IN ACCESS_MASK DesiredAccess,
54 IN PRPC_SID DomainId,
55 OUT SAMPR_HANDLE *DomainHandle);
56
57 NTSTATUS
58 NTAPI
59 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle,
60 IN ULONG Count,
61 IN ULONG *RelativeIds,
62 OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
63 OUT PSAMPR_ULONG_ARRAY Use);
64
65 NTSTATUS
66 NTAPI
67 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
68 IN ULONG Count,
69 IN RPC_UNICODE_STRING Names[],
70 OUT PSAMPR_ULONG_ARRAY RelativeIds,
71 OUT PSAMPR_ULONG_ARRAY Use);
72
73
74 typedef struct _WELL_KNOWN_SID
75 {
76 LIST_ENTRY ListEntry;
77 PSID Sid;
78 UNICODE_STRING AccountName;
79 UNICODE_STRING DomainName;
80 SID_NAME_USE Use;
81 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
82
83
84 LIST_ENTRY WellKnownSidListHead;
85 PSID LsapWorldSid = NULL;
86 PSID LsapNetworkSid = NULL;
87 PSID LsapBatchSid = NULL;
88 PSID LsapInteractiveSid = NULL;
89 PSID LsapServiceSid = NULL;
90 PSID LsapLocalSystemSid = NULL;
91 PSID LsapAdministratorsSid = NULL;
92
93
94 /* FUNCTIONS ***************************************************************/
95
96 BOOLEAN
97 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
98 UCHAR SubAuthorityCount,
99 PULONG SubAuthorities,
100 PWSTR AccountName,
101 PWSTR DomainName,
102 SID_NAME_USE Use,
103 PSID *SidPtr)
104 {
105 PWELL_KNOWN_SID SidEntry;
106 PULONG p;
107 ULONG i;
108
109 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
110 if (SidEntry == NULL)
111 return FALSE;
112
113 InitializeListHead(&SidEntry->ListEntry);
114
115 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
116 0,
117 RtlLengthRequiredSid(SubAuthorityCount));
118 if (SidEntry->Sid == NULL)
119 {
120 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
121 return FALSE;
122 }
123
124 RtlInitializeSid(SidEntry->Sid,
125 IdentifierAuthority,
126 SubAuthorityCount);
127
128 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
129 {
130 p = RtlSubAuthoritySid(SidEntry->Sid, i);
131 *p = SubAuthorities[i];
132 }
133
134 // RtlInitUnicodeString(&SidEntry->AccountName,
135 // AccountName);
136 SidEntry->AccountName.Length = wcslen(AccountName) * sizeof(WCHAR);
137 SidEntry->AccountName.MaximumLength = SidEntry->AccountName.Length + sizeof(WCHAR);
138 SidEntry->AccountName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
139 SidEntry->AccountName.MaximumLength);
140 if (SidEntry->AccountName.Buffer == NULL)
141 {
142 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
143 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
144 return FALSE;
145 }
146
147 wcscpy(SidEntry->AccountName.Buffer,
148 AccountName);
149
150 // RtlInitUnicodeString(&SidEntry->DomainName,
151 // DomainName);
152 SidEntry->DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
153 SidEntry->DomainName.MaximumLength = SidEntry->DomainName.Length + sizeof(WCHAR);
154 SidEntry->DomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
155 SidEntry->DomainName.MaximumLength);
156 if (SidEntry->DomainName.Buffer == NULL)
157 {
158 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->AccountName.Buffer);
159 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
160 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
161 return FALSE;
162 }
163
164 wcscpy(SidEntry->DomainName.Buffer,
165 DomainName);
166
167 SidEntry->Use = Use;
168
169 InsertTailList(&WellKnownSidListHead,
170 &SidEntry->ListEntry);
171
172 if (SidPtr != NULL)
173 *SidPtr = SidEntry->Sid;
174
175 return TRUE;
176 }
177
178
179 NTSTATUS
180 LsapInitSids(VOID)
181 {
182 WCHAR szAccountName[80];
183 WCHAR szDomainName[80];
184 ULONG SubAuthorities[8];
185 HINSTANCE hInstance;
186
187 InitializeListHead(&WellKnownSidListHead);
188
189 hInstance = GetModuleHandleW(NULL);
190
191 /* NT Authority */
192
193 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szAccountName, ARRAYSIZE(szAccountName));
194 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, ARRAYSIZE(szDomainName));
195 LsapCreateSid(&NtAuthority,
196 0,
197 NULL,
198 szAccountName,
199 szDomainName,
200 SidTypeDomain,
201 NULL);
202
203 /* Null Sid */
204 LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, ARRAYSIZE(szAccountName));
205
206 SubAuthorities[0] = SECURITY_NULL_RID;
207 LsapCreateSid(&NullSidAuthority,
208 1,
209 SubAuthorities,
210 szAccountName,
211 L"",
212 SidTypeWellKnownGroup,
213 NULL);
214
215 /* World Sid */
216 LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, ARRAYSIZE(szAccountName));
217
218 SubAuthorities[0] = SECURITY_WORLD_RID;
219 LsapCreateSid(&WorldSidAuthority,
220 1,
221 SubAuthorities,
222 szAccountName,
223 L"",
224 SidTypeWellKnownGroup,
225 &LsapWorldSid);
226
227 /* Local Sid */
228 LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, ARRAYSIZE(szAccountName));
229
230 SubAuthorities[0] = SECURITY_LOCAL_RID;
231 LsapCreateSid(&LocalSidAuthority,
232 1,
233 SubAuthorities,
234 szAccountName,
235 L"",
236 SidTypeWellKnownGroup,
237 NULL);
238
239 /* Creator Owner Sid */
240 LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, ARRAYSIZE(szAccountName));
241
242 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
243 LsapCreateSid(&CreatorSidAuthority,
244 1,
245 SubAuthorities,
246 szAccountName,
247 L"",
248 SidTypeWellKnownGroup,
249 NULL);
250
251 /* Creator Group Sid */
252 LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, ARRAYSIZE(szAccountName));
253
254 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
255 LsapCreateSid(&CreatorSidAuthority,
256 1,
257 SubAuthorities,
258 szAccountName,
259 L"",
260 SidTypeWellKnownGroup,
261 NULL);
262
263 /* Creator Owner Server Sid */
264 LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName));
265
266 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
267 LsapCreateSid(&CreatorSidAuthority,
268 1,
269 SubAuthorities,
270 szAccountName,
271 L"",
272 SidTypeWellKnownGroup,
273 NULL);
274
275 /* Creator Group Server Sid */
276 LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName));
277
278 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
279 LsapCreateSid(&CreatorSidAuthority,
280 1,
281 SubAuthorities,
282 szAccountName,
283 L"",
284 SidTypeWellKnownGroup,
285 NULL);
286
287 /* Dialup Sid */
288 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, ARRAYSIZE(szAccountName));
289 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, ARRAYSIZE(szDomainName));
290
291 SubAuthorities[0] = SECURITY_DIALUP_RID;
292 LsapCreateSid(&NtAuthority,
293 1,
294 SubAuthorities,
295 szAccountName,
296 szDomainName,
297 SidTypeWellKnownGroup,
298 NULL);
299
300 /* Network Sid */
301 LsapLoadString(hInstance, IDS_NETWORK_RID, szAccountName, ARRAYSIZE(szAccountName));
302
303 SubAuthorities[0] = SECURITY_NETWORK_RID;
304 LsapCreateSid(&NtAuthority,
305 1,
306 SubAuthorities,
307 szAccountName,
308 szDomainName,
309 SidTypeWellKnownGroup,
310 &LsapNetworkSid);
311
312 /* Batch Sid*/
313 LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, ARRAYSIZE(szAccountName));
314
315 SubAuthorities[0] = SECURITY_BATCH_RID;
316 LsapCreateSid(&NtAuthority,
317 1,
318 SubAuthorities,
319 szAccountName,
320 szDomainName,
321 SidTypeWellKnownGroup,
322 &LsapBatchSid);
323
324 /* Interactive Sid */
325 LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, ARRAYSIZE(szAccountName));
326
327 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
328 LsapCreateSid(&NtAuthority,
329 1,
330 SubAuthorities,
331 szAccountName,
332 szDomainName,
333 SidTypeWellKnownGroup,
334 &LsapInteractiveSid);
335
336 /* Service Sid */
337 LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName));
338
339 SubAuthorities[0] = SECURITY_SERVICE_RID;
340 LsapCreateSid(&NtAuthority,
341 1,
342 SubAuthorities,
343 szAccountName,
344 szDomainName,
345 SidTypeWellKnownGroup,
346 &LsapServiceSid);
347
348 /* Anonymous Logon Sid */
349 LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, ARRAYSIZE(szAccountName));
350
351 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
352 LsapCreateSid(&NtAuthority,
353 1,
354 SubAuthorities,
355 szAccountName,
356 szDomainName,
357 SidTypeWellKnownGroup,
358 NULL);
359
360 /* Proxy Sid */
361 LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, ARRAYSIZE(szAccountName));
362
363 SubAuthorities[0] = SECURITY_PROXY_RID;
364 LsapCreateSid(&NtAuthority,
365 1,
366 SubAuthorities,
367 szAccountName,
368 szDomainName,
369 SidTypeWellKnownGroup,
370 NULL);
371
372 /* Enterprise Controllers Sid */
373 LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, ARRAYSIZE(szAccountName));
374
375 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
376 LsapCreateSid(&NtAuthority,
377 1,
378 SubAuthorities,
379 szAccountName,
380 szDomainName,
381 SidTypeWellKnownGroup,
382 NULL);
383
384 /* Principal Self Sid */
385 LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, ARRAYSIZE(szAccountName));
386
387 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
388 LsapCreateSid(&NtAuthority,
389 1,
390 SubAuthorities,
391 szAccountName,
392 szDomainName,
393 SidTypeWellKnownGroup,
394 NULL);
395
396 /* Authenticated Users Sid */
397 LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, ARRAYSIZE(szAccountName));
398
399 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
400 LsapCreateSid(&NtAuthority,
401 1,
402 SubAuthorities,
403 szAccountName,
404 szDomainName,
405 SidTypeWellKnownGroup,
406 NULL);
407
408 /* Restricted Code Sid */
409 LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, ARRAYSIZE(szAccountName));
410
411 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
412 LsapCreateSid(&NtAuthority,
413 1,
414 SubAuthorities,
415 szAccountName,
416 szDomainName,
417 SidTypeWellKnownGroup,
418 NULL);
419
420 /* Terminal Server Sid */
421 LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName));
422
423 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
424 LsapCreateSid(&NtAuthority,
425 1,
426 SubAuthorities,
427 szAccountName,
428 szDomainName,
429 SidTypeWellKnownGroup,
430 NULL);
431
432 /* Remote Logon Sid */
433 LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, ARRAYSIZE(szAccountName));
434
435 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
436 LsapCreateSid(&NtAuthority,
437 1,
438 SubAuthorities,
439 szAccountName,
440 szDomainName,
441 SidTypeWellKnownGroup,
442 NULL);
443
444 /* This Organization Sid */
445 LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, ARRAYSIZE(szAccountName));
446
447 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
448 LsapCreateSid(&NtAuthority,
449 1,
450 SubAuthorities,
451 szAccountName,
452 szDomainName,
453 SidTypeWellKnownGroup,
454 NULL);
455
456 /* Local System Sid */
457 LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, ARRAYSIZE(szAccountName));
458
459 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
460 LsapCreateSid(&NtAuthority,
461 1,
462 SubAuthorities,
463 szAccountName,
464 szDomainName,
465 SidTypeWellKnownGroup,
466 &LsapLocalSystemSid);
467
468 /* Local Service Sid */
469 LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName));
470
471 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
472 LsapCreateSid(&NtAuthority,
473 1,
474 SubAuthorities,
475 szAccountName,
476 szDomainName,
477 SidTypeWellKnownGroup,
478 NULL);
479
480 LsapCreateSid(&NtAuthority,
481 1,
482 SubAuthorities,
483 L"LOCALSERVICE",
484 L"NT AUTHORITY",
485 SidTypeWellKnownGroup,
486 NULL);
487
488 /* Network Service Sid */
489 LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName));
490
491 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
492 LsapCreateSid(&NtAuthority,
493 1,
494 SubAuthorities,
495 szAccountName,
496 szDomainName,
497 SidTypeWellKnownGroup,
498 NULL);
499
500 LsapCreateSid(&NtAuthority,
501 1,
502 SubAuthorities,
503 L"NETWORKSERVICE",
504 L"NT AUTHORITY",
505 SidTypeWellKnownGroup,
506 NULL);
507
508 /* Builtin Domain Sid */
509 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, ARRAYSIZE(szAccountName));
510 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szDomainName, ARRAYSIZE(szDomainName));
511
512 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
513 LsapCreateSid(&NtAuthority,
514 1,
515 SubAuthorities,
516 szAccountName,
517 szDomainName,
518 SidTypeDomain,
519 NULL);
520
521 /* Administrators Alias Sid */
522 LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, ARRAYSIZE(szAccountName));
523
524 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
525 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
526 LsapCreateSid(&NtAuthority,
527 2,
528 SubAuthorities,
529 szAccountName,
530 szDomainName,
531 SidTypeAlias,
532 &LsapAdministratorsSid);
533
534 /* Users Alias Sid */
535 LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, ARRAYSIZE(szAccountName));
536
537 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
538 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
539 LsapCreateSid(&NtAuthority,
540 2,
541 SubAuthorities,
542 szAccountName,
543 szDomainName,
544 SidTypeAlias,
545 NULL);
546
547 /* Guests Alias Sid */
548 LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, ARRAYSIZE(szAccountName));
549
550 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
551 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
552 LsapCreateSid(&NtAuthority,
553 2,
554 SubAuthorities,
555 szAccountName,
556 szDomainName,
557 SidTypeAlias,
558 NULL);
559
560 /* Power User Alias Sid */
561 LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, ARRAYSIZE(szAccountName));
562
563 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
564 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
565 LsapCreateSid(&NtAuthority,
566 2,
567 SubAuthorities,
568 szAccountName,
569 szDomainName,
570 SidTypeAlias,
571 NULL);
572
573 /* Account Operators Alias Sid */
574 LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, ARRAYSIZE(szAccountName));
575
576 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
577 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
578 LsapCreateSid(&NtAuthority,
579 2,
580 SubAuthorities,
581 szAccountName,
582 szDomainName,
583 SidTypeAlias,
584 NULL);
585
586 /* System Operators Alias Sid */
587 LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, ARRAYSIZE(szAccountName));
588
589 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
590 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
591 LsapCreateSid(&NtAuthority,
592 2,
593 SubAuthorities,
594 szAccountName,
595 szDomainName,
596 SidTypeAlias,
597 NULL);
598
599 /* Print Operators Alias Sid */
600 LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, ARRAYSIZE(szAccountName));
601
602 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
603 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
604 LsapCreateSid(&NtAuthority,
605 2,
606 SubAuthorities,
607 szAccountName,
608 szDomainName,
609 SidTypeAlias,
610 NULL);
611
612 /* Backup Operators Alias Sid */
613 LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, ARRAYSIZE(szAccountName));
614
615 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
616 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
617 LsapCreateSid(&NtAuthority,
618 2,
619 SubAuthorities,
620 szAccountName,
621 szDomainName,
622 SidTypeAlias,
623 NULL);
624
625 /* Replicators Alias Sid */
626 LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, ARRAYSIZE(szAccountName));
627
628 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
629 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
630 LsapCreateSid(&NtAuthority,
631 2,
632 SubAuthorities,
633 szAccountName,
634 szDomainName,
635 SidTypeAlias,
636 NULL);
637
638 /* RAS Servers Alias Sid */
639 LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, ARRAYSIZE(szAccountName));
640
641 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
642 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
643 LsapCreateSid(&NtAuthority,
644 2,
645 SubAuthorities,
646 szAccountName,
647 szDomainName,
648 SidTypeAlias,
649 NULL);
650
651 /* Pre-Windows 2000 Compatible Access Alias Sid */
652 LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, ARRAYSIZE(szAccountName));
653
654 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
655 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
656 LsapCreateSid(&NtAuthority,
657 2,
658 SubAuthorities,
659 szAccountName,
660 szDomainName,
661 SidTypeAlias,
662 NULL);
663
664 /* Remote Desktop Users Alias Sid */
665 LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, ARRAYSIZE(szAccountName));
666
667 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
668 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
669 LsapCreateSid(&NtAuthority,
670 2,
671 SubAuthorities,
672 szAccountName,
673 szDomainName,
674 SidTypeAlias,
675 NULL);
676
677 /* Network Configuration Operators Alias Sid */
678 LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, ARRAYSIZE(szAccountName));
679
680 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
681 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
682 LsapCreateSid(&NtAuthority,
683 2,
684 SubAuthorities,
685 szAccountName,
686 szDomainName,
687 SidTypeAlias,
688 NULL);
689
690 /* FIXME: Add more well known sids */
691
692 return STATUS_SUCCESS;
693 }
694
695
696 PWELL_KNOWN_SID
697 LsapLookupWellKnownSid(PSID Sid)
698 {
699 PLIST_ENTRY ListEntry;
700 PWELL_KNOWN_SID Ptr;
701
702 ListEntry = WellKnownSidListHead.Flink;
703 while (ListEntry != &WellKnownSidListHead)
704 {
705 Ptr = CONTAINING_RECORD(ListEntry,
706 WELL_KNOWN_SID,
707 ListEntry);
708 if (RtlEqualSid(Sid, Ptr->Sid))
709 {
710 return Ptr;
711 }
712
713 ListEntry = ListEntry->Flink;
714 }
715
716 return NULL;
717 }
718
719
720 PWELL_KNOWN_SID
721 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName)
722 {
723 PLIST_ENTRY ListEntry;
724 PWELL_KNOWN_SID Ptr;
725
726 ListEntry = WellKnownSidListHead.Flink;
727 while (ListEntry != &WellKnownSidListHead)
728 {
729 Ptr = CONTAINING_RECORD(ListEntry,
730 WELL_KNOWN_SID,
731 ListEntry);
732 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE))
733 {
734 return Ptr;
735 }
736
737 ListEntry = ListEntry->Flink;
738 }
739
740 return NULL;
741 }
742
743
744 PWELL_KNOWN_SID
745 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName,
746 PUNICODE_STRING DomainName)
747 {
748 PLIST_ENTRY ListEntry;
749 PWELL_KNOWN_SID Ptr;
750
751 ListEntry = WellKnownSidListHead.Flink;
752 while (ListEntry != &WellKnownSidListHead)
753 {
754 Ptr = CONTAINING_RECORD(ListEntry,
755 WELL_KNOWN_SID,
756 ListEntry);
757 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) &&
758 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE))
759 {
760 return Ptr;
761 }
762
763 ListEntry = ListEntry->Flink;
764 }
765
766 return NULL;
767 }
768
769
770 static
771 NTSTATUS
772 LsapSplitNames(DWORD Count,
773 PRPC_UNICODE_STRING Names,
774 PRPC_UNICODE_STRING *DomainNames,
775 PRPC_UNICODE_STRING *AccountNames)
776 {
777 PRPC_UNICODE_STRING DomainsBuffer = NULL;
778 PRPC_UNICODE_STRING AccountsBuffer = NULL;
779 ULONG DomainLength;
780 ULONG AccountLength;
781 ULONG i;
782 LPWSTR Ptr;
783 NTSTATUS Status = STATUS_SUCCESS;
784
785 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
786 if (DomainsBuffer == NULL)
787 {
788 Status = STATUS_INSUFFICIENT_RESOURCES;
789 goto done;
790 }
791
792 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
793 if (AccountsBuffer == NULL)
794 {
795 Status = STATUS_INSUFFICIENT_RESOURCES;
796 goto done;
797 }
798
799 for (i = 0; i < Count; i++)
800 {
801 //TRACE("Name: %wZ\n", &Names[i]);
802
803 Ptr = wcschr(Names[i].Buffer, L'\\');
804 if (Ptr == NULL)
805 {
806 AccountLength = Names[i].Length / sizeof(WCHAR);
807
808 AccountsBuffer[i].Length = Names[i].Length;
809 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
810 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
811 if (AccountsBuffer[i].Buffer == NULL)
812 {
813 Status = STATUS_INSUFFICIENT_RESOURCES;
814 goto done;
815 }
816
817 CopyMemory(AccountsBuffer[i].Buffer,
818 Names[i].Buffer,
819 AccountsBuffer[i].Length);
820 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
821
822 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
823 }
824 else
825 {
826 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer);
827 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1;
828 //TRACE("DomainLength: %u\n", DomainLength);
829 //TRACE("AccountLength: %u\n", AccountLength);
830
831 if (DomainLength > 0)
832 {
833 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR);
834 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR);
835 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength);
836 if (DomainsBuffer[i].Buffer == NULL)
837 {
838 Status = STATUS_INSUFFICIENT_RESOURCES;
839 goto done;
840 }
841
842 CopyMemory(DomainsBuffer[i].Buffer,
843 Names[i].Buffer,
844 DomainsBuffer[i].Length);
845 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL;
846
847 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]);
848 }
849
850 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR);
851 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
852 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
853 if (AccountsBuffer[i].Buffer == NULL)
854 {
855 Status = STATUS_INSUFFICIENT_RESOURCES;
856 goto done;
857 }
858
859 CopyMemory(AccountsBuffer[i].Buffer,
860 &(Names[i].Buffer[DomainLength + 1]),
861 AccountsBuffer[i].Length);
862 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
863
864 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
865 }
866 }
867
868 done:
869 if (!NT_SUCCESS(Status))
870 {
871 if (AccountsBuffer != NULL)
872 {
873 for (i = 0; i < Count; i++)
874 {
875 if (AccountsBuffer[i].Buffer != NULL)
876 MIDL_user_free(AccountsBuffer[i].Buffer);
877 }
878
879 MIDL_user_free(AccountsBuffer);
880 }
881
882 if (DomainsBuffer != NULL)
883 {
884 for (i = 0; i < Count; i++)
885 {
886 if (DomainsBuffer[i].Buffer != NULL)
887 MIDL_user_free(DomainsBuffer[i].Buffer);
888 }
889
890 MIDL_user_free(DomainsBuffer);
891 }
892 }
893 else
894 {
895 *DomainNames = DomainsBuffer;
896 *AccountNames = AccountsBuffer;
897 }
898
899 return Status;
900 }
901
902
903 static NTSTATUS
904 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
905 PUNICODE_STRING Name,
906 PSID Sid,
907 PULONG Index)
908 {
909 ULONG i;
910
911 i = 0;
912 while (i < ReferencedDomains->Entries &&
913 ReferencedDomains->Domains[i].Sid != NULL)
914 {
915 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid))
916 {
917 *Index = i;
918 return STATUS_SUCCESS;
919 }
920
921 i++;
922 }
923
924 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid));
925 if (ReferencedDomains->Domains[i].Sid == NULL)
926 return STATUS_INSUFFICIENT_RESOURCES;
927
928 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid);
929
930 ReferencedDomains->Domains[i].Name.Length = Name->Length;
931 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength;
932 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength);
933 if (ReferencedDomains->Domains[i].Name.Buffer == NULL)
934 {
935 MIDL_user_free(ReferencedDomains->Domains[i].Sid);
936 ReferencedDomains->Domains[i].Sid = NULL;
937 return STATUS_INSUFFICIENT_RESOURCES;
938 }
939
940 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer,
941 Name->Buffer,
942 Name->MaximumLength);
943
944 ReferencedDomains->Entries++;
945 *Index = i;
946
947 return STATUS_SUCCESS;
948 }
949
950
951 static BOOLEAN
952 LsapIsPrefixSid(IN PSID PrefixSid,
953 IN PSID Sid)
954 {
955 PISID Sid1 = PrefixSid, Sid2 = Sid;
956 ULONG i;
957
958 if (Sid1->Revision != Sid2->Revision)
959 return FALSE;
960
961 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) ||
962 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) ||
963 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) ||
964 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) ||
965 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) ||
966 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5]))
967 return FALSE;
968
969 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount)
970 return FALSE;
971
972 if (Sid1->SubAuthorityCount == 0)
973 return TRUE;
974
975 for (i = 0; i < Sid1->SubAuthorityCount; i++)
976 {
977 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i])
978 return FALSE;
979 }
980
981 return TRUE;
982 }
983
984
985 ULONG
986 LsapGetRelativeIdFromSid(PSID Sid_)
987 {
988 PISID Sid = Sid_;
989
990 if (Sid->SubAuthorityCount != 0)
991 return Sid->SubAuthority[Sid->SubAuthorityCount - 1];
992
993 return 0;
994 }
995
996
997 static PSID
998 CreateSidFromSidAndRid(PSID SrcSid,
999 ULONG RelativeId)
1000 {
1001 UCHAR RidCount;
1002 PSID DstSid;
1003 ULONG i;
1004 ULONG DstSidSize;
1005 PULONG p, q;
1006
1007 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1008 if (RidCount >= 8)
1009 return NULL;
1010
1011 DstSidSize = RtlLengthRequiredSid(RidCount + 1);
1012
1013 DstSid = MIDL_user_allocate(DstSidSize);
1014 if (DstSid == NULL)
1015 return NULL;
1016
1017 RtlInitializeSid(DstSid,
1018 RtlIdentifierAuthoritySid(SrcSid),
1019 RidCount + 1);
1020
1021 for (i = 0; i < (ULONG)RidCount; i++)
1022 {
1023 p = RtlSubAuthoritySid(SrcSid, i);
1024 q = RtlSubAuthoritySid(DstSid, i);
1025 *q = *p;
1026 }
1027
1028 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
1029 *q = RelativeId;
1030
1031 return DstSid;
1032 }
1033
1034
1035 static PSID
1036 CreateDomainSidFromAccountSid(PSID AccountSid)
1037 {
1038 UCHAR RidCount;
1039 PSID DomainSid;
1040 ULONG i;
1041 ULONG DstSidSize;
1042 PULONG p, q;
1043
1044 RidCount = *RtlSubAuthorityCountSid(AccountSid);
1045 if (RidCount > 0)
1046 RidCount--;
1047
1048 DstSidSize = RtlLengthRequiredSid(RidCount);
1049
1050 DomainSid = MIDL_user_allocate(DstSidSize);
1051 if (DomainSid == NULL)
1052 return NULL;
1053
1054 RtlInitializeSid(DomainSid,
1055 RtlIdentifierAuthoritySid(AccountSid),
1056 RidCount);
1057
1058 for (i = 0; i < (ULONG)RidCount; i++)
1059 {
1060 p = RtlSubAuthoritySid(AccountSid, i);
1061 q = RtlSubAuthoritySid(DomainSid, i);
1062 *q = *p;
1063 }
1064
1065 return DomainSid;
1066 }
1067
1068
1069 static PSID
1070 LsapCopySid(PSID SrcSid)
1071 {
1072 UCHAR RidCount;
1073 PSID DstSid;
1074 ULONG i;
1075 ULONG DstSidSize;
1076 PULONG p, q;
1077
1078 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1079 DstSidSize = RtlLengthRequiredSid(RidCount);
1080
1081 DstSid = MIDL_user_allocate(DstSidSize);
1082 if (DstSid == NULL)
1083 return NULL;
1084
1085 RtlInitializeSid(DstSid,
1086 RtlIdentifierAuthoritySid(SrcSid),
1087 RidCount);
1088
1089 for (i = 0; i < (ULONG)RidCount; i++)
1090 {
1091 p = RtlSubAuthoritySid(SrcSid, i);
1092 q = RtlSubAuthoritySid(DstSid, i);
1093 *q = *p;
1094 }
1095
1096 return DstSid;
1097 }
1098
1099
1100 static
1101 NTSTATUS
1102 LsapLookupIsolatedNames(DWORD Count,
1103 PRPC_UNICODE_STRING DomainNames,
1104 PRPC_UNICODE_STRING AccountNames,
1105 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1106 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1107 PULONG Mapped)
1108 {
1109 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1110 PWELL_KNOWN_SID ptr, ptr2;
1111 PSID DomainSid;
1112 ULONG DomainIndex;
1113 ULONG i;
1114 NTSTATUS Status = STATUS_SUCCESS;
1115
1116 for (i = 0; i < Count; i++)
1117 {
1118 /* Ignore names which were already mapped */
1119 if (SidsBuffer[i].Use != SidTypeUnknown)
1120 continue;
1121
1122 /* Ignore fully qualified account names */
1123 if (DomainNames[i].Length != 0)
1124 continue;
1125
1126 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1127
1128 /* Look-up all well-known names */
1129 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]);
1130 if (ptr != NULL)
1131 {
1132 SidsBuffer[i].Use = ptr->Use;
1133 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1134 if (SidsBuffer[i].Sid == NULL)
1135 {
1136 Status = STATUS_INSUFFICIENT_RESOURCES;
1137 goto done;
1138 }
1139
1140 SidsBuffer[i].DomainIndex = -1;
1141 SidsBuffer[i].Flags = 0;
1142
1143 if (ptr->Use == SidTypeDomain)
1144 {
1145 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1146 &ptr->AccountName,
1147 ptr->Sid,
1148 &DomainIndex);
1149 if (!NT_SUCCESS(Status))
1150 goto done;
1151
1152 SidsBuffer[i].DomainIndex = DomainIndex;
1153 }
1154 else
1155 {
1156 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1157 if (ptr2 != NULL)
1158 {
1159 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1160 &ptr2->AccountName,
1161 ptr2->Sid,
1162 &DomainIndex);
1163 if (!NT_SUCCESS(Status))
1164 goto done;
1165
1166 SidsBuffer[i].DomainIndex = DomainIndex;
1167 }
1168 else
1169 {
1170 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1171 if (DomainSid == NULL)
1172 {
1173 Status = STATUS_INSUFFICIENT_RESOURCES;
1174 goto done;
1175 }
1176
1177 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1178 &EmptyDomainName,
1179 DomainSid,
1180 &DomainIndex);
1181
1182 if (DomainSid != NULL)
1183 {
1184 MIDL_user_free(DomainSid);
1185 DomainSid = NULL;
1186 }
1187
1188 if (!NT_SUCCESS(Status))
1189 goto done;
1190
1191 SidsBuffer[i].DomainIndex = DomainIndex;
1192 }
1193 }
1194
1195 (*Mapped)++;
1196 continue;
1197 }
1198
1199 /* Look-up the built-in domain */
1200 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE))
1201 {
1202 SidsBuffer[i].Use = SidTypeDomain;
1203 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid);
1204 if (SidsBuffer[i].Sid == NULL)
1205 {
1206 Status = STATUS_INSUFFICIENT_RESOURCES;
1207 goto done;
1208 }
1209
1210 SidsBuffer[i].DomainIndex = -1;
1211 SidsBuffer[i].Flags = 0;
1212
1213 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1214 &BuiltinDomainName,
1215 BuiltinDomainSid,
1216 &DomainIndex);
1217 if (!NT_SUCCESS(Status))
1218 goto done;
1219
1220 SidsBuffer[i].DomainIndex = DomainIndex;
1221
1222 (*Mapped)++;
1223 continue;
1224 }
1225
1226 /* Look-up the account domain */
1227 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
1228 {
1229 SidsBuffer[i].Use = SidTypeDomain;
1230 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid);
1231 if (SidsBuffer[i].Sid == NULL)
1232 {
1233 Status = STATUS_INSUFFICIENT_RESOURCES;
1234 goto done;
1235 }
1236 SidsBuffer[i].DomainIndex = -1;
1237 SidsBuffer[i].Flags = 0;
1238
1239 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1240 &AccountDomainName,
1241 AccountDomainSid,
1242 &DomainIndex);
1243 if (!NT_SUCCESS(Status))
1244 goto done;
1245
1246 SidsBuffer[i].DomainIndex = DomainIndex;
1247
1248 (*Mapped)++;
1249 continue;
1250 }
1251
1252 /* FIXME: Look-up the primary domain */
1253
1254 /* FIXME: Look-up the trusted domains */
1255
1256 }
1257
1258 done:
1259
1260 return Status;
1261 }
1262
1263
1264 static
1265 NTSTATUS
1266 LsapLookupIsolatedBuiltinNames(DWORD Count,
1267 PRPC_UNICODE_STRING DomainNames,
1268 PRPC_UNICODE_STRING AccountNames,
1269 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1270 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1271 PULONG Mapped)
1272 {
1273 SAMPR_HANDLE ServerHandle = NULL;
1274 SAMPR_HANDLE DomainHandle = NULL;
1275 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1276 SAMPR_ULONG_ARRAY Use = {0, NULL};
1277 ULONG DomainIndex;
1278 ULONG i;
1279 NTSTATUS Status = STATUS_SUCCESS;
1280
1281 Status = SamrConnect(NULL,
1282 &ServerHandle,
1283 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1284 if (!NT_SUCCESS(Status))
1285 {
1286 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1287 goto done;
1288 }
1289
1290 Status = SamrOpenDomain(ServerHandle,
1291 DOMAIN_LOOKUP,
1292 BuiltinDomainSid,
1293 &DomainHandle);
1294 if (!NT_SUCCESS(Status))
1295 {
1296 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1297 goto done;
1298 }
1299
1300 for (i = 0; i < Count; i++)
1301 {
1302 /* Ignore names which were already mapped */
1303 if (SidsBuffer[i].Use != SidTypeUnknown)
1304 continue;
1305
1306 /* Ignore fully qualified account names */
1307 if (DomainNames[i].Length != 0)
1308 continue;
1309
1310 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1311
1312 Status = SamrLookupNamesInDomain(DomainHandle,
1313 1,
1314 &AccountNames[i],
1315 &RelativeIds,
1316 &Use);
1317 if (NT_SUCCESS(Status))
1318 {
1319 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1320
1321 SidsBuffer[i].Use = Use.Element[0];
1322 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1323 RelativeIds.Element[0]);
1324 if (SidsBuffer[i].Sid == NULL)
1325 {
1326 Status = STATUS_INSUFFICIENT_RESOURCES;
1327 goto done;
1328 }
1329
1330 SidsBuffer[i].DomainIndex = -1;
1331 SidsBuffer[i].Flags = 0;
1332
1333 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1334 &BuiltinDomainName,
1335 BuiltinDomainSid,
1336 &DomainIndex);
1337 if (!NT_SUCCESS(Status))
1338 goto done;
1339
1340 SidsBuffer[i].DomainIndex = DomainIndex;
1341
1342 (*Mapped)++;
1343 }
1344
1345 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1346 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1347 }
1348
1349 done:
1350 if (DomainHandle != NULL)
1351 SamrCloseHandle(&DomainHandle);
1352
1353 if (ServerHandle != NULL)
1354 SamrCloseHandle(&ServerHandle);
1355
1356 return Status;
1357 }
1358
1359
1360 static
1361 NTSTATUS
1362 LsapLookupIsolatedAccountNames(DWORD Count,
1363 PRPC_UNICODE_STRING DomainNames,
1364 PRPC_UNICODE_STRING AccountNames,
1365 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1366 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1367 PULONG Mapped)
1368 {
1369 SAMPR_HANDLE ServerHandle = NULL;
1370 SAMPR_HANDLE DomainHandle = NULL;
1371 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1372 SAMPR_ULONG_ARRAY Use = {0, NULL};
1373 ULONG DomainIndex;
1374 ULONG i;
1375 NTSTATUS Status = STATUS_SUCCESS;
1376
1377 TRACE("()\n");
1378
1379 Status = SamrConnect(NULL,
1380 &ServerHandle,
1381 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1382 if (!NT_SUCCESS(Status))
1383 {
1384 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1385 goto done;
1386 }
1387
1388 Status = SamrOpenDomain(ServerHandle,
1389 DOMAIN_LOOKUP,
1390 AccountDomainSid,
1391 &DomainHandle);
1392 if (!NT_SUCCESS(Status))
1393 {
1394 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1395 goto done;
1396 }
1397
1398 for (i = 0; i < Count; i++)
1399 {
1400 /* Ignore names which were already mapped */
1401 if (SidsBuffer[i].Use != SidTypeUnknown)
1402 continue;
1403
1404 /* Ignore fully qualified account names */
1405 if (DomainNames[i].Length != 0)
1406 continue;
1407
1408 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1409
1410 Status = SamrLookupNamesInDomain(DomainHandle,
1411 1,
1412 &AccountNames[i],
1413 &RelativeIds,
1414 &Use);
1415 if (NT_SUCCESS(Status))
1416 {
1417 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1418
1419 SidsBuffer[i].Use = Use.Element[0];
1420 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1421 RelativeIds.Element[0]);
1422 if (SidsBuffer[i].Sid == NULL)
1423 {
1424 Status = STATUS_INSUFFICIENT_RESOURCES;
1425 goto done;
1426 }
1427
1428 SidsBuffer[i].DomainIndex = -1;
1429 SidsBuffer[i].Flags = 0;
1430
1431 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1432 &AccountDomainName,
1433 AccountDomainSid,
1434 &DomainIndex);
1435 if (!NT_SUCCESS(Status))
1436 goto done;
1437
1438 SidsBuffer[i].DomainIndex = DomainIndex;
1439
1440 (*Mapped)++;
1441 }
1442
1443 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1444 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1445 }
1446
1447 done:
1448 if (DomainHandle != NULL)
1449 SamrCloseHandle(&DomainHandle);
1450
1451 if (ServerHandle != NULL)
1452 SamrCloseHandle(&ServerHandle);
1453
1454 return Status;
1455 }
1456
1457
1458 static
1459 NTSTATUS
1460 LsapLookupFullyQualifiedWellKnownNames(DWORD Count,
1461 PRPC_UNICODE_STRING DomainNames,
1462 PRPC_UNICODE_STRING AccountNames,
1463 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1464 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1465 PULONG Mapped)
1466 {
1467 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1468 PWELL_KNOWN_SID ptr, ptr2;
1469 PSID DomainSid;
1470 ULONG DomainIndex;
1471 ULONG i;
1472 NTSTATUS Status = STATUS_SUCCESS;
1473
1474 for (i = 0; i < Count; i++)
1475 {
1476 /* Ignore names which were already mapped */
1477 if (SidsBuffer[i].Use != SidTypeUnknown)
1478 continue;
1479
1480 /* Ignore isolated account names */
1481 if (DomainNames[i].Length == 0)
1482 continue;
1483
1484 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1485
1486 /* Look-up all well-known names */
1487 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i],
1488 (PUNICODE_STRING)&DomainNames[i]);
1489 if (ptr != NULL)
1490 {
1491 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName);
1492
1493 SidsBuffer[i].Use = ptr->Use;
1494 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1495 if (SidsBuffer[i].Sid == NULL)
1496 {
1497 Status = STATUS_INSUFFICIENT_RESOURCES;
1498 goto done;
1499 }
1500
1501 SidsBuffer[i].DomainIndex = -1;
1502 SidsBuffer[i].Flags = 0;
1503
1504 if (ptr->Use == SidTypeDomain)
1505 {
1506 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1507 &ptr->AccountName,
1508 ptr->Sid,
1509 &DomainIndex);
1510 if (!NT_SUCCESS(Status))
1511 goto done;
1512
1513 SidsBuffer[i].DomainIndex = DomainIndex;
1514 }
1515 else
1516 {
1517 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1518 if (ptr2 != NULL)
1519 {
1520 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1521 &ptr2->AccountName,
1522 ptr2->Sid,
1523 &DomainIndex);
1524 if (!NT_SUCCESS(Status))
1525 goto done;
1526
1527 SidsBuffer[i].DomainIndex = DomainIndex;
1528 }
1529 else
1530 {
1531 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1532 if (DomainSid == NULL)
1533 {
1534 Status = STATUS_INSUFFICIENT_RESOURCES;
1535 goto done;
1536 }
1537
1538 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1539 &EmptyDomainName,
1540 DomainSid,
1541 &DomainIndex);
1542
1543 if (DomainSid != NULL)
1544 {
1545 MIDL_user_free(DomainSid);
1546 DomainSid = NULL;
1547 }
1548
1549 if (!NT_SUCCESS(Status))
1550 goto done;
1551
1552 SidsBuffer[i].DomainIndex = DomainIndex;
1553 }
1554 }
1555
1556 (*Mapped)++;
1557 continue;
1558 }
1559 }
1560
1561 done:
1562 return Status;
1563 }
1564
1565
1566 static
1567 NTSTATUS
1568 LsapLookupBuiltinNames(DWORD Count,
1569 PRPC_UNICODE_STRING DomainNames,
1570 PRPC_UNICODE_STRING AccountNames,
1571 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1572 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1573 PULONG Mapped)
1574 {
1575 SAMPR_HANDLE ServerHandle = NULL;
1576 SAMPR_HANDLE DomainHandle = NULL;
1577 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1578 SAMPR_ULONG_ARRAY Use = {0, NULL};
1579 ULONG DomainIndex;
1580 ULONG i;
1581 NTSTATUS Status = STATUS_SUCCESS;
1582
1583 Status = SamrConnect(NULL,
1584 &ServerHandle,
1585 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1586 if (!NT_SUCCESS(Status))
1587 {
1588 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1589 goto done;
1590 }
1591
1592 Status = SamrOpenDomain(ServerHandle,
1593 DOMAIN_LOOKUP,
1594 BuiltinDomainSid,
1595 &DomainHandle);
1596 if (!NT_SUCCESS(Status))
1597 {
1598 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1599 goto done;
1600 }
1601
1602 for (i = 0; i < Count; i++)
1603 {
1604 /* Ignore names which were already mapped */
1605 if (SidsBuffer[i].Use != SidTypeUnknown)
1606 continue;
1607
1608 /* Ignore isolated account names */
1609 if (DomainNames[i].Length == 0)
1610 continue;
1611
1612 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE))
1613 continue;
1614
1615 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1616
1617 Status = SamrLookupNamesInDomain(DomainHandle,
1618 1,
1619 &AccountNames[i],
1620 &RelativeIds,
1621 &Use);
1622 if (NT_SUCCESS(Status))
1623 {
1624 SidsBuffer[i].Use = Use.Element[0];
1625 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1626 RelativeIds.Element[0]);
1627 if (SidsBuffer[i].Sid == NULL)
1628 {
1629 Status = STATUS_INSUFFICIENT_RESOURCES;
1630 goto done;
1631 }
1632
1633 SidsBuffer[i].DomainIndex = -1;
1634 SidsBuffer[i].Flags = 0;
1635
1636 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1637 &BuiltinDomainName,
1638 BuiltinDomainSid,
1639 &DomainIndex);
1640 if (!NT_SUCCESS(Status))
1641 goto done;
1642
1643 SidsBuffer[i].DomainIndex = DomainIndex;
1644
1645 (*Mapped)++;
1646 }
1647
1648 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1649 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1650 }
1651
1652 done:
1653 if (DomainHandle != NULL)
1654 SamrCloseHandle(&DomainHandle);
1655
1656 if (ServerHandle != NULL)
1657 SamrCloseHandle(&ServerHandle);
1658
1659 return Status;
1660 }
1661
1662
1663 static
1664 NTSTATUS
1665 LsapLookupAccountNames(DWORD Count,
1666 PRPC_UNICODE_STRING DomainNames,
1667 PRPC_UNICODE_STRING AccountNames,
1668 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1669 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1670 PULONG Mapped)
1671 {
1672 SAMPR_HANDLE ServerHandle = NULL;
1673 SAMPR_HANDLE DomainHandle = NULL;
1674 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1675 SAMPR_ULONG_ARRAY Use = {0, NULL};
1676 ULONG DomainIndex;
1677 ULONG i;
1678 NTSTATUS Status = STATUS_SUCCESS;
1679
1680 Status = SamrConnect(NULL,
1681 &ServerHandle,
1682 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1683 if (!NT_SUCCESS(Status))
1684 {
1685 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1686 goto done;
1687 }
1688
1689 Status = SamrOpenDomain(ServerHandle,
1690 DOMAIN_LOOKUP,
1691 AccountDomainSid,
1692 &DomainHandle);
1693 if (!NT_SUCCESS(Status))
1694 {
1695 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1696 goto done;
1697 }
1698
1699 for (i = 0; i < Count; i++)
1700 {
1701 /* Ignore names which were already mapped */
1702 if (SidsBuffer[i].Use != SidTypeUnknown)
1703 continue;
1704
1705 /* Ignore isolated account names */
1706 if (DomainNames[i].Length == 0)
1707 continue;
1708
1709 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE))
1710 continue;
1711
1712 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1713
1714 Status = SamrLookupNamesInDomain(DomainHandle,
1715 1,
1716 &AccountNames[i],
1717 &RelativeIds,
1718 &Use);
1719 if (NT_SUCCESS(Status))
1720 {
1721 SidsBuffer[i].Use = Use.Element[0];
1722 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1723 RelativeIds.Element[0]);
1724 if (SidsBuffer[i].Sid == NULL)
1725 {
1726 Status = STATUS_INSUFFICIENT_RESOURCES;
1727 goto done;
1728 }
1729
1730 SidsBuffer[i].DomainIndex = -1;
1731 SidsBuffer[i].Flags = 0;
1732
1733 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1734 &AccountDomainName,
1735 AccountDomainSid,
1736 &DomainIndex);
1737 if (!NT_SUCCESS(Status))
1738 goto done;
1739
1740 SidsBuffer[i].DomainIndex = DomainIndex;
1741
1742 (*Mapped)++;
1743 }
1744
1745 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1746 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1747 }
1748
1749 done:
1750 if (DomainHandle != NULL)
1751 SamrCloseHandle(&DomainHandle);
1752
1753 if (ServerHandle != NULL)
1754 SamrCloseHandle(&ServerHandle);
1755
1756 return Status;
1757 }
1758
1759
1760 NTSTATUS
1761 LsapLookupNames(DWORD Count,
1762 PRPC_UNICODE_STRING Names,
1763 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1764 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1765 LSAP_LOOKUP_LEVEL LookupLevel,
1766 DWORD *MappedCount,
1767 DWORD LookupOptions,
1768 DWORD ClientRevision)
1769 {
1770 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
1771 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL;
1772 PRPC_UNICODE_STRING DomainNames = NULL;
1773 PRPC_UNICODE_STRING AccountNames = NULL;
1774 ULONG SidsBufferLength;
1775 ULONG i;
1776 ULONG Mapped = 0;
1777 NTSTATUS Status = STATUS_SUCCESS;
1778
1779 //TRACE("()\n");
1780
1781 TranslatedSids->Entries = 0;
1782 TranslatedSids->Sids = NULL;
1783 *ReferencedDomains = NULL;
1784
1785 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2);
1786 SidsBuffer = MIDL_user_allocate(SidsBufferLength);
1787 if (SidsBuffer == NULL)
1788 {
1789 //TRACE("\n");
1790 Status = STATUS_INSUFFICIENT_RESOURCES;
1791 goto done;
1792 }
1793
1794 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
1795 if (DomainsBuffer == NULL)
1796 {
1797 //TRACE("\n");
1798 Status = STATUS_INSUFFICIENT_RESOURCES;
1799 goto done;
1800 }
1801
1802 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION));
1803 if (DomainsBuffer->Domains == NULL)
1804 {
1805 //TRACE("\n");
1806 Status = STATUS_INSUFFICIENT_RESOURCES;
1807 goto done;
1808 }
1809 DomainsBuffer->Entries = 0;
1810 DomainsBuffer->MaxEntries = Count;
1811
1812 for (i = 0; i < Count; i++)
1813 {
1814 SidsBuffer[i].Use = SidTypeUnknown;
1815 SidsBuffer[i].Sid = NULL;
1816 SidsBuffer[i].DomainIndex = -1;
1817 SidsBuffer[i].Flags = 0;
1818 }
1819
1820 Status = LsapSplitNames(Count,
1821 Names,
1822 &DomainNames,
1823 &AccountNames);
1824 if (!NT_SUCCESS(Status))
1825 {
1826 TRACE("LsapSplitNames failed! (Status %lx)\n", Status);
1827 goto done;
1828 }
1829
1830
1831 Status = LsapLookupIsolatedNames(Count,
1832 DomainNames,
1833 AccountNames,
1834 DomainsBuffer,
1835 SidsBuffer,
1836 &Mapped);
1837 if (!NT_SUCCESS(Status) &&
1838 Status != STATUS_NONE_MAPPED &&
1839 Status != STATUS_SOME_NOT_MAPPED)
1840 {
1841 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
1842 goto done;
1843 }
1844
1845 if (Mapped == Count)
1846 goto done;
1847
1848
1849 Status = LsapLookupIsolatedBuiltinNames(Count,
1850 DomainNames,
1851 AccountNames,
1852 DomainsBuffer,
1853 SidsBuffer,
1854 &Mapped);
1855 if (!NT_SUCCESS(Status) &&
1856 Status != STATUS_NONE_MAPPED &&
1857 Status != STATUS_SOME_NOT_MAPPED)
1858 {
1859 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
1860 goto done;
1861 }
1862
1863 if (Mapped == Count)
1864 goto done;
1865
1866
1867 Status = LsapLookupIsolatedAccountNames(Count,
1868 DomainNames,
1869 AccountNames,
1870 DomainsBuffer,
1871 SidsBuffer,
1872 &Mapped);
1873 if (!NT_SUCCESS(Status) &&
1874 Status != STATUS_NONE_MAPPED &&
1875 Status != STATUS_SOME_NOT_MAPPED)
1876 {
1877 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
1878 goto done;
1879 }
1880
1881 if (Mapped == Count)
1882 goto done;
1883
1884 Status = LsapLookupFullyQualifiedWellKnownNames(Count,
1885 DomainNames,
1886 AccountNames,
1887 DomainsBuffer,
1888 SidsBuffer,
1889 &Mapped);
1890 if (!NT_SUCCESS(Status) &&
1891 Status != STATUS_NONE_MAPPED &&
1892 Status != STATUS_SOME_NOT_MAPPED)
1893 {
1894 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status);
1895 goto done;
1896 }
1897
1898 if (Mapped == Count)
1899 goto done;
1900
1901 Status = LsapLookupBuiltinNames(Count,
1902 DomainNames,
1903 AccountNames,
1904 DomainsBuffer,
1905 SidsBuffer,
1906 &Mapped);
1907 if (!NT_SUCCESS(Status) &&
1908 Status != STATUS_NONE_MAPPED &&
1909 Status != STATUS_SOME_NOT_MAPPED)
1910 {
1911 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
1912 goto done;
1913 }
1914
1915 if (Mapped == Count)
1916 goto done;
1917
1918
1919 Status = LsapLookupAccountNames(Count,
1920 DomainNames,
1921 AccountNames,
1922 DomainsBuffer,
1923 SidsBuffer,
1924 &Mapped);
1925 if (!NT_SUCCESS(Status) &&
1926 Status != STATUS_NONE_MAPPED &&
1927 Status != STATUS_SOME_NOT_MAPPED)
1928 {
1929 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
1930 goto done;
1931 }
1932
1933 if (Mapped == Count)
1934 goto done;
1935
1936 done:
1937 // TRACE("done: Status %lx\n", Status);
1938
1939 if (DomainNames != NULL)
1940 {
1941 //TRACE("Free DomainNames\n");
1942 for (i = 0; i < Count; i++)
1943 {
1944 if (DomainNames[i].Buffer != NULL)
1945 MIDL_user_free(DomainNames[i].Buffer);
1946 }
1947
1948 MIDL_user_free(DomainNames);
1949 }
1950
1951 if (AccountNames != NULL)
1952 {
1953 //TRACE("Free AccountNames\n");
1954 for (i = 0; i < Count; i++)
1955 {
1956 //TRACE("i: %lu\n", i);
1957 if (AccountNames[i].Buffer != NULL)
1958 {
1959 MIDL_user_free(AccountNames[i].Buffer);
1960 }
1961 }
1962
1963 MIDL_user_free(AccountNames);
1964 }
1965
1966 if (!NT_SUCCESS(Status))
1967 {
1968 //TRACE("Failure!\n");
1969
1970 //TRACE("Free DomainsBuffer\n");
1971 if (DomainsBuffer != NULL)
1972 {
1973 if (DomainsBuffer->Domains != NULL)
1974 MIDL_user_free(DomainsBuffer->Domains);
1975
1976 MIDL_user_free(DomainsBuffer);
1977 }
1978
1979 //TRACE("Free SidsBuffer\n");
1980 if (SidsBuffer != NULL)
1981 MIDL_user_free(SidsBuffer);
1982 }
1983 else
1984 {
1985 //TRACE("Success!\n");
1986
1987 *ReferencedDomains = DomainsBuffer;
1988 TranslatedSids->Entries = Count;
1989 TranslatedSids->Sids = SidsBuffer;
1990 *MappedCount = Mapped;
1991
1992 if (Mapped == 0)
1993 Status = STATUS_NONE_MAPPED;
1994 else if (Mapped < Count)
1995 Status = STATUS_SOME_NOT_MAPPED;
1996 }
1997
1998 // TRACE("done: Status %lx\n", Status);
1999
2000 return Status;
2001 }
2002
2003
2004 static NTSTATUS
2005 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2006 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2007 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2008 PULONG Mapped)
2009 {
2010 PWELL_KNOWN_SID ptr, ptr2;
2011 LPWSTR SidString = NULL;
2012 ULONG DomainIndex;
2013 ULONG i;
2014 NTSTATUS Status = STATUS_SUCCESS;
2015
2016 for (i = 0; i < SidEnumBuffer->Entries; i++)
2017 {
2018 /* Ignore SIDs which are already mapped */
2019 if (NamesBuffer[i].Use != SidTypeUnknown)
2020 continue;
2021
2022 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2023 TRACE("Mapping SID: %S\n", SidString);
2024 LocalFree(SidString);
2025 SidString = NULL;
2026
2027 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
2028 if (ptr != NULL)
2029 {
2030 NamesBuffer[i].Use = ptr->Use;
2031 NamesBuffer[i].Flags = 0;
2032
2033 NamesBuffer[i].Name.Length = ptr->AccountName.Length;
2034 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength;
2035 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength);
2036 if (NamesBuffer[i].Name.Buffer == NULL)
2037 {
2038 Status = STATUS_INSUFFICIENT_RESOURCES;
2039 goto done;
2040 }
2041
2042 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength);
2043
2044 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
2045 if (ptr2 != NULL)
2046 {
2047 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2048 &ptr2->AccountName,
2049 ptr2->Sid,
2050 &DomainIndex);
2051 if (!NT_SUCCESS(Status))
2052 goto done;
2053
2054 NamesBuffer[i].DomainIndex = DomainIndex;
2055 }
2056
2057 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2058
2059 (*Mapped)++;
2060 }
2061 }
2062
2063 done:
2064 return Status;
2065 }
2066
2067
2068 static NTSTATUS
2069 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2070 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2071 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2072 PULONG Mapped)
2073 {
2074 SAMPR_HANDLE ServerHandle = NULL;
2075 SAMPR_HANDLE DomainHandle = NULL;
2076 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2077 SAMPR_ULONG_ARRAY Use = {0, NULL};
2078 LPWSTR SidString = NULL;
2079 ULONG DomainIndex;
2080 ULONG RelativeIds[1];
2081 ULONG i;
2082 NTSTATUS Status = STATUS_SUCCESS;
2083
2084 Status = SamrConnect(NULL,
2085 &ServerHandle,
2086 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2087 if (!NT_SUCCESS(Status))
2088 {
2089 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2090 goto done;
2091 }
2092
2093 Status = SamrOpenDomain(ServerHandle,
2094 DOMAIN_LOOKUP,
2095 BuiltinDomainSid,
2096 &DomainHandle);
2097 if (!NT_SUCCESS(Status))
2098 {
2099 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2100 goto done;
2101 }
2102
2103 for (i = 0; i < SidEnumBuffer->Entries; i++)
2104 {
2105 /* Ignore SIDs which are already mapped */
2106 if (NamesBuffer[i].Use != SidTypeUnknown)
2107 continue;
2108
2109 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2110 TRACE("Mapping SID: %S\n", SidString);
2111 LocalFree(SidString);
2112 SidString = NULL;
2113
2114 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2115 {
2116 TRACE("Found builtin domain!\n");
2117
2118 NamesBuffer[i].Use = SidTypeDomain;
2119 NamesBuffer[i].Flags = 0;
2120
2121 NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
2122 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
2123 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength);
2124 if (NamesBuffer[i].Name.Buffer == NULL)
2125 {
2126 Status = STATUS_INSUFFICIENT_RESOURCES;
2127 goto done;
2128 }
2129
2130 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength);
2131
2132 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2133 &BuiltinDomainName,
2134 BuiltinDomainSid,
2135 &DomainIndex);
2136 if (!NT_SUCCESS(Status))
2137 goto done;
2138
2139 NamesBuffer[i].DomainIndex = DomainIndex;
2140
2141 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2142
2143 (*Mapped)++;
2144 }
2145 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2146 {
2147 TRACE("Found builtin domain account!\n");
2148
2149 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2150
2151 Status = SamrLookupIdsInDomain(DomainHandle,
2152 1,
2153 RelativeIds,
2154 &Names,
2155 &Use);
2156 if (NT_SUCCESS(Status))
2157 {
2158 NamesBuffer[i].Use = Use.Element[0];
2159 NamesBuffer[i].Flags = 0;
2160
2161 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2162 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2163 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2164 if (NamesBuffer[i].Name.Buffer == NULL)
2165 {
2166 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2167 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2168
2169 Status = STATUS_INSUFFICIENT_RESOURCES;
2170 goto done;
2171 }
2172
2173 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2174 Names.Element[0].Buffer,
2175 Names.Element[0].MaximumLength);
2176
2177 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2178 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2179
2180 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2181 &BuiltinDomainName,
2182 BuiltinDomainSid,
2183 &DomainIndex);
2184 if (!NT_SUCCESS(Status))
2185 goto done;
2186
2187 NamesBuffer[i].DomainIndex = DomainIndex;
2188
2189 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2190
2191 (*Mapped)++;
2192 }
2193 }
2194 }
2195
2196 done:
2197 if (DomainHandle != NULL)
2198 SamrCloseHandle(&DomainHandle);
2199
2200 if (ServerHandle != NULL)
2201 SamrCloseHandle(&ServerHandle);
2202
2203 return Status;
2204 }
2205
2206
2207 static NTSTATUS
2208 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2209 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2210 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2211 PULONG Mapped)
2212 {
2213 SAMPR_HANDLE ServerHandle = NULL;
2214 SAMPR_HANDLE DomainHandle = NULL;
2215 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2216 SAMPR_ULONG_ARRAY Use = {0, NULL};
2217 LPWSTR SidString = NULL;
2218 ULONG DomainIndex;
2219 ULONG RelativeIds[1];
2220 ULONG i;
2221 NTSTATUS Status = STATUS_SUCCESS;
2222
2223 Status = SamrConnect(NULL,
2224 &ServerHandle,
2225 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2226 if (!NT_SUCCESS(Status))
2227 {
2228 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2229 goto done;
2230 }
2231
2232 Status = SamrOpenDomain(ServerHandle,
2233 DOMAIN_LOOKUP,
2234 AccountDomainSid,
2235 &DomainHandle);
2236 if (!NT_SUCCESS(Status))
2237 {
2238 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2239 goto done;
2240 }
2241
2242 for (i = 0; i < SidEnumBuffer->Entries; i++)
2243 {
2244 /* Ignore SIDs which are already mapped */
2245 if (NamesBuffer[i].Use != SidTypeUnknown)
2246 continue;
2247
2248 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2249 TRACE("Mapping SID: %S\n", SidString);
2250 LocalFree(SidString);
2251 SidString = NULL;
2252
2253 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2254 {
2255 TRACE("Found account domain!\n");
2256
2257 NamesBuffer[i].Use = SidTypeDomain;
2258 NamesBuffer[i].Flags = 0;
2259
2260 NamesBuffer[i].Name.Length = AccountDomainName.Length;
2261 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
2262 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength);
2263 if (NamesBuffer[i].Name.Buffer == NULL)
2264 {
2265 Status = STATUS_INSUFFICIENT_RESOURCES;
2266 goto done;
2267 }
2268
2269 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength);
2270
2271 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2272 &AccountDomainName,
2273 AccountDomainSid,
2274 &DomainIndex);
2275 if (!NT_SUCCESS(Status))
2276 goto done;
2277
2278 NamesBuffer[i].DomainIndex = DomainIndex;
2279
2280 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2281
2282 (*Mapped)++;
2283 }
2284 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2285 {
2286 TRACE("Found account domain account!\n");
2287
2288 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2289
2290 Status = SamrLookupIdsInDomain(DomainHandle,
2291 1,
2292 RelativeIds,
2293 &Names,
2294 &Use);
2295 if (NT_SUCCESS(Status))
2296 {
2297 NamesBuffer[i].Use = Use.Element[0];
2298 NamesBuffer[i].Flags = 0;
2299
2300 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2301 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2302 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2303 if (NamesBuffer[i].Name.Buffer == NULL)
2304 {
2305 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2306 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2307
2308 Status = STATUS_INSUFFICIENT_RESOURCES;
2309 goto done;
2310 }
2311
2312 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2313 Names.Element[0].Buffer,
2314 Names.Element[0].MaximumLength);
2315
2316 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2317 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2318
2319 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2320 &AccountDomainName,
2321 AccountDomainSid,
2322 &DomainIndex);
2323 if (!NT_SUCCESS(Status))
2324 goto done;
2325
2326 NamesBuffer[i].DomainIndex = DomainIndex;
2327
2328 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2329
2330 (*Mapped)++;
2331 }
2332 }
2333 }
2334
2335 done:
2336 if (DomainHandle != NULL)
2337 SamrCloseHandle(&DomainHandle);
2338
2339 if (ServerHandle != NULL)
2340 SamrCloseHandle(&ServerHandle);
2341
2342 return Status;
2343 }
2344
2345
2346 NTSTATUS
2347 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2348 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
2349 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
2350 LSAP_LOOKUP_LEVEL LookupLevel,
2351 DWORD *MappedCount,
2352 DWORD LookupOptions,
2353 DWORD ClientRevision)
2354 {
2355 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
2356 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL;
2357 ULONG NamesBufferLength;
2358 ULONG i;
2359 ULONG Mapped = 0;
2360 NTSTATUS Status = STATUS_SUCCESS;
2361
2362 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX);
2363 NamesBuffer = MIDL_user_allocate(NamesBufferLength);
2364 if (NamesBuffer == NULL)
2365 {
2366 Status = STATUS_INSUFFICIENT_RESOURCES;
2367 goto done;
2368 }
2369
2370 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
2371 if (DomainsBuffer == NULL)
2372 {
2373 Status = STATUS_INSUFFICIENT_RESOURCES;
2374 goto done;
2375 }
2376
2377 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
2378 if (DomainsBuffer->Domains == NULL)
2379 {
2380 Status = STATUS_INSUFFICIENT_RESOURCES;
2381 goto done;
2382 }
2383
2384 DomainsBuffer->Entries = 0;
2385 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
2386
2387 /* Initialize all name entries */
2388 for (i = 0; i < SidEnumBuffer->Entries; i++)
2389 {
2390 NamesBuffer[i].Use = SidTypeUnknown;
2391 NamesBuffer[i].Name.Length = 0;
2392 NamesBuffer[i].Name.MaximumLength = 0;
2393 NamesBuffer[i].Name.Buffer = NULL;
2394 NamesBuffer[i].DomainIndex = -1;
2395 NamesBuffer[i].Flags = 0;
2396 }
2397
2398 /* Look-up well-known SIDs */
2399 Status = LsapLookupWellKnownSids(SidEnumBuffer,
2400 NamesBuffer,
2401 DomainsBuffer,
2402 &Mapped);
2403 if (!NT_SUCCESS(Status) &&
2404 Status != STATUS_NONE_MAPPED &&
2405 Status != STATUS_SOME_NOT_MAPPED)
2406 goto done;
2407
2408 if (Mapped == SidEnumBuffer->Entries)
2409 goto done;
2410
2411 /* Look-up builtin domain SIDs */
2412 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
2413 NamesBuffer,
2414 DomainsBuffer,
2415 &Mapped);
2416 if (!NT_SUCCESS(Status) &&
2417 Status != STATUS_NONE_MAPPED &&
2418 Status != STATUS_SOME_NOT_MAPPED)
2419 goto done;
2420
2421 if (Mapped == SidEnumBuffer->Entries)
2422 goto done;
2423
2424 /* Look-up account domain SIDs */
2425 Status = LsapLookupAccountDomainSids(SidEnumBuffer,
2426 NamesBuffer,
2427 DomainsBuffer,
2428 &Mapped);
2429 if (!NT_SUCCESS(Status) &&
2430 Status != STATUS_NONE_MAPPED &&
2431 Status != STATUS_SOME_NOT_MAPPED)
2432 goto done;
2433
2434 if (Mapped == SidEnumBuffer->Entries)
2435 goto done;
2436
2437 done:
2438 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);
2439
2440 if (!NT_SUCCESS(Status))
2441 {
2442 if (DomainsBuffer != NULL)
2443 {
2444 if (DomainsBuffer->Domains != NULL)
2445 MIDL_user_free(DomainsBuffer->Domains);
2446
2447 MIDL_user_free(DomainsBuffer);
2448 }
2449
2450 if (NamesBuffer != NULL)
2451 MIDL_user_free(NamesBuffer);
2452 }
2453 else
2454 {
2455 *ReferencedDomains = DomainsBuffer;
2456 TranslatedNames->Entries = SidEnumBuffer->Entries;
2457 TranslatedNames->Names = NamesBuffer;
2458 *MappedCount = Mapped;
2459
2460 if (Mapped == 0)
2461 Status = STATUS_NONE_MAPPED;
2462 else if (Mapped < SidEnumBuffer->Entries)
2463 Status = STATUS_SOME_NOT_MAPPED;
2464 }
2465
2466 return Status;
2467 }
2468
2469 /* EOF */