projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[LSASRV][MSV1_0]
[reactos.git] / reactos / dll / win32 / lsasrv / lookup.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lookup.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10 #include "lsasrv.h"
11
12 /* GLOBALS *****************************************************************/
13
14 typedef wchar_t *PSAMPR_SERVER_NAME;
15 typedef void *SAMPR_HANDLE;
16
17 typedef struct _SAMPR_RETURNED_USTRING_ARRAY
18 {
19 unsigned long Count;
20 PRPC_UNICODE_STRING Element;
21 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY;
22
23 typedef struct _SAMPR_ULONG_ARRAY
24 {
25 unsigned long Count;
26 unsigned long *Element;
27 } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
28
29
30 VOID
31 NTAPI
32 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr);
33
34 VOID
35 NTAPI
36 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr);
37
38 NTSTATUS
39 NTAPI
40 SamrConnect(IN PSAMPR_SERVER_NAME ServerName,
41 OUT SAMPR_HANDLE *ServerHandle,
42 IN ACCESS_MASK DesiredAccess);
43
44 NTSTATUS
45 NTAPI
46 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle);
47
48 NTSTATUS
49 NTAPI
50 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle,
51 IN ACCESS_MASK DesiredAccess,
52 IN PRPC_SID DomainId,
53 OUT SAMPR_HANDLE *DomainHandle);
54
55 NTSTATUS
56 NTAPI
57 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle,
58 IN ULONG Count,
59 IN ULONG *RelativeIds,
60 OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
61 OUT PSAMPR_ULONG_ARRAY Use);
62
63 NTSTATUS
64 NTAPI
65 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
66 IN ULONG Count,
67 IN RPC_UNICODE_STRING Names[],
68 OUT PSAMPR_ULONG_ARRAY RelativeIds,
69 OUT PSAMPR_ULONG_ARRAY Use);
70
71
72 typedef struct _WELL_KNOWN_SID
73 {
74 LIST_ENTRY ListEntry;
75 PSID Sid;
76 UNICODE_STRING AccountName;
77 UNICODE_STRING DomainName;
78 SID_NAME_USE Use;
79 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
80
81
82 LIST_ENTRY WellKnownSidListHead;
83 PSID LsapWorldSid = NULL;
84 PSID LsapNetworkSid = NULL;
85 PSID LsapBatchSid = NULL;
86 PSID LsapInteractiveSid = NULL;
87 PSID LsapServiceSid = NULL;
88 PSID LsapLocalSystemSid = NULL;
89 PSID LsapAdministratorsSid = NULL;
90
91
92 /* FUNCTIONS ***************************************************************/
93
94 BOOLEAN
95 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
96 UCHAR SubAuthorityCount,
97 PULONG SubAuthorities,
98 PWSTR AccountName,
99 PWSTR DomainName,
100 SID_NAME_USE Use,
101 PSID *SidPtr)
102 {
103 PWELL_KNOWN_SID SidEntry;
104 PULONG p;
105 ULONG i;
106
107 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
108 if (SidEntry == NULL)
109 return FALSE;
110
111 InitializeListHead(&SidEntry->ListEntry);
112
113 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
114 0,
115 RtlLengthRequiredSid(SubAuthorityCount));
116 if (SidEntry->Sid == NULL)
117 {
118 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
119 return FALSE;
120 }
121
122 RtlInitializeSid(SidEntry->Sid,
123 IdentifierAuthority,
124 SubAuthorityCount);
125
126 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
127 {
128 p = RtlSubAuthoritySid(SidEntry->Sid, i);
129 *p = SubAuthorities[i];
130 }
131
132 // RtlInitUnicodeString(&SidEntry->AccountName,
133 // AccountName);
134 SidEntry->AccountName.Length = wcslen(AccountName) * sizeof(WCHAR);
135 SidEntry->AccountName.MaximumLength = SidEntry->AccountName.Length + sizeof(WCHAR);
136 SidEntry->AccountName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
137 SidEntry->AccountName.MaximumLength);
138 if (SidEntry->AccountName.Buffer == NULL)
139 {
140 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
141 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
142 return FALSE;
143 }
144
145 wcscpy(SidEntry->AccountName.Buffer,
146 AccountName);
147
148 // RtlInitUnicodeString(&SidEntry->DomainName,
149 // DomainName);
150 SidEntry->DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
151 SidEntry->DomainName.MaximumLength = SidEntry->DomainName.Length + sizeof(WCHAR);
152 SidEntry->DomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
153 SidEntry->DomainName.MaximumLength);
154 if (SidEntry->DomainName.Buffer == NULL)
155 {
156 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->AccountName.Buffer);
157 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
158 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
159 return FALSE;
160 }
161
162 wcscpy(SidEntry->DomainName.Buffer,
163 DomainName);
164
165 SidEntry->Use = Use;
166
167 InsertTailList(&WellKnownSidListHead,
168 &SidEntry->ListEntry);
169
170 if (SidPtr != NULL)
171 *SidPtr = SidEntry->Sid;
172
173 return TRUE;
174 }
175
176
177 NTSTATUS
178 LsapInitSids(VOID)
179 {
180 WCHAR szAccountName[80];
181 WCHAR szDomainName[80];
182 ULONG SubAuthorities[8];
183 HINSTANCE hInstance;
184
185 InitializeListHead(&WellKnownSidListHead);
186
187 hInstance = GetModuleHandleW(L"lsasrv.dll");
188
189 /* NT Authority */
190
191 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szAccountName, 80);
192 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
193 LsapCreateSid(&NtAuthority,
194 0,
195 NULL,
196 szAccountName,
197 szDomainName,
198 SidTypeDomain,
199 NULL);
200
201 /* Null Sid */
202 LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
203
204 SubAuthorities[0] = SECURITY_NULL_RID;
205 LsapCreateSid(&NullSidAuthority,
206 1,
207 SubAuthorities,
208 szAccountName,
209 L"",
210 SidTypeWellKnownGroup,
211 NULL);
212
213 /* World Sid */
214 LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
215
216 SubAuthorities[0] = SECURITY_WORLD_RID;
217 LsapCreateSid(&WorldSidAuthority,
218 1,
219 SubAuthorities,
220 szAccountName,
221 L"",
222 SidTypeWellKnownGroup,
223 &LsapWorldSid);
224
225 /* Local Sid */
226 LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
227
228 SubAuthorities[0] = SECURITY_LOCAL_RID;
229 LsapCreateSid(&LocalSidAuthority,
230 1,
231 SubAuthorities,
232 szAccountName,
233 L"",
234 SidTypeWellKnownGroup,
235 NULL);
236
237 /* Creator Owner Sid */
238 LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
239
240 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
241 LsapCreateSid(&CreatorSidAuthority,
242 1,
243 SubAuthorities,
244 szAccountName,
245 L"",
246 SidTypeWellKnownGroup,
247 NULL);
248
249 /* Creator Group Sid */
250 LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
251
252 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
253 LsapCreateSid(&CreatorSidAuthority,
254 1,
255 SubAuthorities,
256 szAccountName,
257 L"",
258 SidTypeWellKnownGroup,
259 NULL);
260
261 /* Creator Owner Server Sid */
262 LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
263
264 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
265 LsapCreateSid(&CreatorSidAuthority,
266 1,
267 SubAuthorities,
268 szAccountName,
269 L"",
270 SidTypeWellKnownGroup,
271 NULL);
272
273 /* Creator Group Server Sid */
274 LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
275
276 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
277 LsapCreateSid(&CreatorSidAuthority,
278 1,
279 SubAuthorities,
280 szAccountName,
281 L"",
282 SidTypeWellKnownGroup,
283 NULL);
284
285 /* Dialup Sid */
286 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
287 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
288
289 SubAuthorities[0] = SECURITY_DIALUP_RID;
290 LsapCreateSid(&NtAuthority,
291 1,
292 SubAuthorities,
293 szAccountName,
294 szDomainName,
295 SidTypeWellKnownGroup,
296 NULL);
297
298 /* Network Sid */
299 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
300
301 SubAuthorities[0] = SECURITY_NETWORK_RID;
302 LsapCreateSid(&NtAuthority,
303 1,
304 SubAuthorities,
305 szAccountName,
306 szDomainName,
307 SidTypeWellKnownGroup,
308 &LsapNetworkSid);
309
310 /* Batch Sid*/
311 LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
312
313 SubAuthorities[0] = SECURITY_BATCH_RID;
314 LsapCreateSid(&NtAuthority,
315 1,
316 SubAuthorities,
317 szAccountName,
318 szDomainName,
319 SidTypeWellKnownGroup,
320 &LsapBatchSid);
321
322 /* Interactive Sid */
323 LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
324
325 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
326 LsapCreateSid(&NtAuthority,
327 1,
328 SubAuthorities,
329 szAccountName,
330 szDomainName,
331 SidTypeWellKnownGroup,
332 &LsapInteractiveSid);
333
334 /* Service Sid */
335 LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
336
337 SubAuthorities[0] = SECURITY_SERVICE_RID;
338 LsapCreateSid(&NtAuthority,
339 1,
340 SubAuthorities,
341 szAccountName,
342 szDomainName,
343 SidTypeWellKnownGroup,
344 &LsapServiceSid);
345
346 /* Anonymous Logon Sid */
347 LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
348
349 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
350 LsapCreateSid(&NtAuthority,
351 1,
352 SubAuthorities,
353 szAccountName,
354 szDomainName,
355 SidTypeWellKnownGroup,
356 NULL);
357
358 /* Proxy Sid */
359 LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
360
361 SubAuthorities[0] = SECURITY_PROXY_RID;
362 LsapCreateSid(&NtAuthority,
363 1,
364 SubAuthorities,
365 szAccountName,
366 szDomainName,
367 SidTypeWellKnownGroup,
368 NULL);
369
370 /* Enterprise Controllers Sid */
371 LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
372
373 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
374 LsapCreateSid(&NtAuthority,
375 1,
376 SubAuthorities,
377 szAccountName,
378 szDomainName,
379 SidTypeWellKnownGroup,
380 NULL);
381
382 /* Principal Self Sid */
383 LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
384
385 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
386 LsapCreateSid(&NtAuthority,
387 1,
388 SubAuthorities,
389 szAccountName,
390 szDomainName,
391 SidTypeWellKnownGroup,
392 NULL);
393
394 /* Authenticated Users Sid */
395 LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
396
397 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
398 LsapCreateSid(&NtAuthority,
399 1,
400 SubAuthorities,
401 szAccountName,
402 szDomainName,
403 SidTypeWellKnownGroup,
404 NULL);
405
406 /* Restricted Code Sid */
407 LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
408
409 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
410 LsapCreateSid(&NtAuthority,
411 1,
412 SubAuthorities,
413 szAccountName,
414 szDomainName,
415 SidTypeWellKnownGroup,
416 NULL);
417
418 /* Terminal Server Sid */
419 LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
420
421 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
422 LsapCreateSid(&NtAuthority,
423 1,
424 SubAuthorities,
425 szAccountName,
426 szDomainName,
427 SidTypeWellKnownGroup,
428 NULL);
429
430 /* Remote Logon Sid */
431 LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
432
433 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
434 LsapCreateSid(&NtAuthority,
435 1,
436 SubAuthorities,
437 szAccountName,
438 szDomainName,
439 SidTypeWellKnownGroup,
440 NULL);
441
442 /* This Organization Sid */
443 LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
444
445 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
446 LsapCreateSid(&NtAuthority,
447 1,
448 SubAuthorities,
449 szAccountName,
450 szDomainName,
451 SidTypeWellKnownGroup,
452 NULL);
453
454 /* Local System Sid */
455 LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
456
457 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
458 LsapCreateSid(&NtAuthority,
459 1,
460 SubAuthorities,
461 szAccountName,
462 szDomainName,
463 SidTypeWellKnownGroup,
464 &LsapLocalSystemSid);
465
466 /* Local Service Sid */
467 LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
468
469 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
470 LsapCreateSid(&NtAuthority,
471 1,
472 SubAuthorities,
473 szAccountName,
474 szDomainName,
475 SidTypeWellKnownGroup,
476 NULL);
477
478 LsapCreateSid(&NtAuthority,
479 1,
480 SubAuthorities,
481 L"LOCALSERVICE",
482 L"NT AUTHORITY",
483 SidTypeWellKnownGroup,
484 NULL);
485
486 /* Network Service Sid */
487 LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
488
489 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
490 LsapCreateSid(&NtAuthority,
491 1,
492 SubAuthorities,
493 szAccountName,
494 szDomainName,
495 SidTypeWellKnownGroup,
496 NULL);
497
498 LsapCreateSid(&NtAuthority,
499 1,
500 SubAuthorities,
501 L"NETWORKSERVICE",
502 L"NT AUTHORITY",
503 SidTypeWellKnownGroup,
504 NULL);
505
506 /* Builtin Domain Sid */
507 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
508 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szDomainName, 80);
509
510 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
511 LsapCreateSid(&NtAuthority,
512 1,
513 SubAuthorities,
514 szAccountName,
515 szDomainName,
516 SidTypeDomain,
517 NULL);
518
519 /* Administrators Alias Sid */
520 LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
521
522 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
523 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
524 LsapCreateSid(&NtAuthority,
525 2,
526 SubAuthorities,
527 szAccountName,
528 szDomainName,
529 SidTypeAlias,
530 &LsapAdministratorsSid);
531
532 /* Users Alias Sid */
533 LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
534
535 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
536 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
537 LsapCreateSid(&NtAuthority,
538 2,
539 SubAuthorities,
540 szAccountName,
541 szDomainName,
542 SidTypeAlias,
543 NULL);
544
545 /* Guests Alias Sid */
546 LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
547
548 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
549 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
550 LsapCreateSid(&NtAuthority,
551 2,
552 SubAuthorities,
553 szAccountName,
554 szDomainName,
555 SidTypeAlias,
556 NULL);
557
558 /* Power User Alias Sid */
559 LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
560
561 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
562 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
563 LsapCreateSid(&NtAuthority,
564 2,
565 SubAuthorities,
566 szAccountName,
567 szDomainName,
568 SidTypeAlias,
569 NULL);
570
571 /* Account Operators Alias Sid */
572 LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
573
574 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
575 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
576 LsapCreateSid(&NtAuthority,
577 2,
578 SubAuthorities,
579 szAccountName,
580 szDomainName,
581 SidTypeAlias,
582 NULL);
583
584 /* System Operators Alias Sid */
585 LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
586
587 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
588 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
589 LsapCreateSid(&NtAuthority,
590 2,
591 SubAuthorities,
592 szAccountName,
593 szDomainName,
594 SidTypeAlias,
595 NULL);
596
597 /* Print Operators Alias Sid */
598 LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
599
600 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
601 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
602 LsapCreateSid(&NtAuthority,
603 2,
604 SubAuthorities,
605 szAccountName,
606 szDomainName,
607 SidTypeAlias,
608 NULL);
609
610 /* Backup Operators Alias Sid */
611 LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
612
613 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
614 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
615 LsapCreateSid(&NtAuthority,
616 2,
617 SubAuthorities,
618 szAccountName,
619 szDomainName,
620 SidTypeAlias,
621 NULL);
622
623 /* Replicators Alias Sid */
624 LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
625
626 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
627 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
628 LsapCreateSid(&NtAuthority,
629 2,
630 SubAuthorities,
631 szAccountName,
632 szDomainName,
633 SidTypeAlias,
634 NULL);
635
636 /* RAS Servers Alias Sid */
637 LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
638
639 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
640 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
641 LsapCreateSid(&NtAuthority,
642 2,
643 SubAuthorities,
644 szAccountName,
645 szDomainName,
646 SidTypeAlias,
647 NULL);
648
649 /* Pre-Windows 2000 Compatible Access Alias Sid */
650 LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
651
652 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
653 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
654 LsapCreateSid(&NtAuthority,
655 2,
656 SubAuthorities,
657 szAccountName,
658 szDomainName,
659 SidTypeAlias,
660 NULL);
661
662 /* Remote Desktop Users Alias Sid */
663 LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
664
665 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
666 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
667 LsapCreateSid(&NtAuthority,
668 2,
669 SubAuthorities,
670 szAccountName,
671 szDomainName,
672 SidTypeAlias,
673 NULL);
674
675 /* Network Configuration Operators Alias Sid */
676 LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
677
678 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
679 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
680 LsapCreateSid(&NtAuthority,
681 2,
682 SubAuthorities,
683 szAccountName,
684 szDomainName,
685 SidTypeAlias,
686 NULL);
687
688 /* FIXME: Add more well known sids */
689
690 return STATUS_SUCCESS;
691 }
692
693
694 PWELL_KNOWN_SID
695 LsapLookupWellKnownSid(PSID Sid)
696 {
697 PLIST_ENTRY ListEntry;
698 PWELL_KNOWN_SID Ptr;
699
700 ListEntry = WellKnownSidListHead.Flink;
701 while (ListEntry != &WellKnownSidListHead)
702 {
703 Ptr = CONTAINING_RECORD(ListEntry,
704 WELL_KNOWN_SID,
705 ListEntry);
706 if (RtlEqualSid(Sid, Ptr->Sid))
707 {
708 return Ptr;
709 }
710
711 ListEntry = ListEntry->Flink;
712 }
713
714 return NULL;
715 }
716
717
718 PWELL_KNOWN_SID
719 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName)
720 {
721 PLIST_ENTRY ListEntry;
722 PWELL_KNOWN_SID Ptr;
723
724 ListEntry = WellKnownSidListHead.Flink;
725 while (ListEntry != &WellKnownSidListHead)
726 {
727 Ptr = CONTAINING_RECORD(ListEntry,
728 WELL_KNOWN_SID,
729 ListEntry);
730 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE))
731 {
732 return Ptr;
733 }
734
735 ListEntry = ListEntry->Flink;
736 }
737
738 return NULL;
739 }
740
741
742 PWELL_KNOWN_SID
743 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName,
744 PUNICODE_STRING DomainName)
745 {
746 PLIST_ENTRY ListEntry;
747 PWELL_KNOWN_SID Ptr;
748
749 ListEntry = WellKnownSidListHead.Flink;
750 while (ListEntry != &WellKnownSidListHead)
751 {
752 Ptr = CONTAINING_RECORD(ListEntry,
753 WELL_KNOWN_SID,
754 ListEntry);
755 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) &&
756 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE))
757 {
758 return Ptr;
759 }
760
761 ListEntry = ListEntry->Flink;
762 }
763
764 return NULL;
765 }
766
767
768 static
769 NTSTATUS
770 LsapSplitNames(DWORD Count,
771 PRPC_UNICODE_STRING Names,
772 PRPC_UNICODE_STRING *DomainNames,
773 PRPC_UNICODE_STRING *AccountNames)
774 {
775 PRPC_UNICODE_STRING DomainsBuffer = NULL;
776 PRPC_UNICODE_STRING AccountsBuffer = NULL;
777 ULONG DomainLength;
778 ULONG AccountLength;
779 ULONG i;
780 LPWSTR Ptr;
781 NTSTATUS Status = STATUS_SUCCESS;
782
783 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
784 if (DomainsBuffer == NULL)
785 {
786 Status = STATUS_INSUFFICIENT_RESOURCES;
787 goto done;
788 }
789
790 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
791 if (AccountsBuffer == NULL)
792 {
793 Status = STATUS_INSUFFICIENT_RESOURCES;
794 goto done;
795 }
796
797 for (i = 0; i < Count; i++)
798 {
799 //TRACE("Name: %wZ\n", &Names[i]);
800
801 Ptr = wcschr(Names[i].Buffer, L'\\');
802 if (Ptr == NULL)
803 {
804 AccountLength = Names[i].Length / sizeof(WCHAR);
805
806 AccountsBuffer[i].Length = Names[i].Length;
807 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
808 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
809 if (AccountsBuffer[i].Buffer == NULL)
810 {
811 Status = STATUS_INSUFFICIENT_RESOURCES;
812 goto done;
813 }
814
815 CopyMemory(AccountsBuffer[i].Buffer,
816 Names[i].Buffer,
817 AccountsBuffer[i].Length);
818 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
819
820 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
821 }
822 else
823 {
824 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer);
825 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1;
826 //TRACE("DomainLength: %u\n", DomainLength);
827 //TRACE("AccountLength: %u\n", AccountLength);
828
829 if (DomainLength > 0)
830 {
831 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR);
832 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR);
833 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength);
834 if (DomainsBuffer[i].Buffer == NULL)
835 {
836 Status = STATUS_INSUFFICIENT_RESOURCES;
837 goto done;
838 }
839
840 CopyMemory(DomainsBuffer[i].Buffer,
841 Names[i].Buffer,
842 DomainsBuffer[i].Length);
843 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL;
844
845 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]);
846 }
847
848 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR);
849 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
850 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
851 if (AccountsBuffer[i].Buffer == NULL)
852 {
853 Status = STATUS_INSUFFICIENT_RESOURCES;
854 goto done;
855 }
856
857 CopyMemory(AccountsBuffer[i].Buffer,
858 &(Names[i].Buffer[DomainLength + 1]),
859 AccountsBuffer[i].Length);
860 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
861
862 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
863 }
864 }
865
866 done:
867 if (!NT_SUCCESS(Status))
868 {
869 if (AccountsBuffer != NULL)
870 {
871 for (i = 0; i < Count; i++)
872 {
873 if (AccountsBuffer[i].Buffer != NULL)
874 MIDL_user_free(AccountsBuffer[i].Buffer);
875 }
876
877 MIDL_user_free(AccountsBuffer);
878 }
879
880 if (DomainsBuffer != NULL)
881 {
882 for (i = 0; i < Count; i++)
883 {
884 if (DomainsBuffer[i].Buffer != NULL)
885 MIDL_user_free(DomainsBuffer[i].Buffer);
886 }
887
888 MIDL_user_free(DomainsBuffer);
889 }
890 }
891 else
892 {
893 *DomainNames = DomainsBuffer;
894 *AccountNames = AccountsBuffer;
895 }
896
897 return Status;
898 }
899
900
901 static NTSTATUS
902 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
903 PUNICODE_STRING Name,
904 PSID Sid,
905 PULONG Index)
906 {
907 ULONG i;
908
909 i = 0;
910 while (i < ReferencedDomains->Entries &&
911 ReferencedDomains->Domains[i].Sid != NULL)
912 {
913 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid))
914 {
915 *Index = i;
916 return STATUS_SUCCESS;
917 }
918
919 i++;
920 }
921
922 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid));
923 if (ReferencedDomains->Domains[i].Sid == NULL)
924 return STATUS_INSUFFICIENT_RESOURCES;
925
926 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid);
927
928 ReferencedDomains->Domains[i].Name.Length = Name->Length;
929 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength;
930 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength);
931 if (ReferencedDomains->Domains[i].Sid == NULL)
932 {
933 MIDL_user_free(ReferencedDomains->Domains[i].Sid);
934 ReferencedDomains->Domains[i].Sid = NULL;
935 return STATUS_INSUFFICIENT_RESOURCES;
936 }
937
938 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer,
939 Name->Buffer,
940 Name->MaximumLength);
941
942 ReferencedDomains->Entries++;
943 *Index = i;
944
945 return STATUS_SUCCESS;
946 }
947
948
949 static BOOLEAN
950 LsapIsPrefixSid(IN PSID PrefixSid,
951 IN PSID Sid)
952 {
953 PISID Sid1 = PrefixSid, Sid2 = Sid;
954 ULONG i;
955
956 if (Sid1->Revision != Sid2->Revision)
957 return FALSE;
958
959 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) ||
960 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) ||
961 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) ||
962 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) ||
963 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) ||
964 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5]))
965 return FALSE;
966
967 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount)
968 return FALSE;
969
970 if (Sid1->SubAuthorityCount == 0)
971 return TRUE;
972
973 for (i = 0; i < Sid1->SubAuthorityCount; i++)
974 {
975 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i])
976 return FALSE;
977 }
978
979 return TRUE;
980 }
981
982
983 ULONG
984 LsapGetRelativeIdFromSid(PSID Sid_)
985 {
986 PISID Sid = Sid_;
987
988 if (Sid->SubAuthorityCount != 0)
989 return Sid->SubAuthority[Sid->SubAuthorityCount - 1];
990
991 return 0;
992 }
993
994
995 static PSID
996 CreateSidFromSidAndRid(PSID SrcSid,
997 ULONG RelativeId)
998 {
999 UCHAR RidCount;
1000 PSID DstSid;
1001 ULONG i;
1002 ULONG DstSidSize;
1003 PULONG p, q;
1004
1005 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1006 if (RidCount >= 8)
1007 return NULL;
1008
1009 DstSidSize = RtlLengthRequiredSid(RidCount + 1);
1010
1011 DstSid = MIDL_user_allocate(DstSidSize);
1012 if (DstSid == NULL)
1013 return NULL;
1014
1015 RtlInitializeSid(DstSid,
1016 RtlIdentifierAuthoritySid(SrcSid),
1017 RidCount + 1);
1018
1019 for (i = 0; i < (ULONG)RidCount; i++)
1020 {
1021 p = RtlSubAuthoritySid(SrcSid, i);
1022 q = RtlSubAuthoritySid(DstSid, i);
1023 *q = *p;
1024 }
1025
1026 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
1027 *q = RelativeId;
1028
1029 return DstSid;
1030 }
1031
1032
1033 static PSID
1034 CreateDomainSidFromAccountSid(PSID AccountSid)
1035 {
1036 UCHAR RidCount;
1037 PSID DomainSid;
1038 ULONG i;
1039 ULONG DstSidSize;
1040 PULONG p, q;
1041
1042 RidCount = *RtlSubAuthorityCountSid(AccountSid);
1043 if (RidCount > 0)
1044 RidCount--;
1045
1046 DstSidSize = RtlLengthRequiredSid(RidCount);
1047
1048 DomainSid = MIDL_user_allocate(DstSidSize);
1049 if (DomainSid == NULL)
1050 return NULL;
1051
1052 RtlInitializeSid(DomainSid,
1053 RtlIdentifierAuthoritySid(AccountSid),
1054 RidCount);
1055
1056 for (i = 0; i < (ULONG)RidCount; i++)
1057 {
1058 p = RtlSubAuthoritySid(AccountSid, i);
1059 q = RtlSubAuthoritySid(DomainSid, i);
1060 *q = *p;
1061 }
1062
1063 return DomainSid;
1064 }
1065
1066
1067 static PSID
1068 LsapCopySid(PSID SrcSid)
1069 {
1070 UCHAR RidCount;
1071 PSID DstSid;
1072 ULONG i;
1073 ULONG DstSidSize;
1074 PULONG p, q;
1075
1076 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1077 DstSidSize = RtlLengthRequiredSid(RidCount);
1078
1079 DstSid = MIDL_user_allocate(DstSidSize);
1080 if (DstSid == NULL)
1081 return NULL;
1082
1083 RtlInitializeSid(DstSid,
1084 RtlIdentifierAuthoritySid(SrcSid),
1085 RidCount);
1086
1087 for (i = 0; i < (ULONG)RidCount; i++)
1088 {
1089 p = RtlSubAuthoritySid(SrcSid, i);
1090 q = RtlSubAuthoritySid(DstSid, i);
1091 *q = *p;
1092 }
1093
1094 return DstSid;
1095 }
1096
1097
1098 static
1099 NTSTATUS
1100 LsapLookupIsolatedNames(DWORD Count,
1101 PRPC_UNICODE_STRING DomainNames,
1102 PRPC_UNICODE_STRING AccountNames,
1103 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1104 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1105 PULONG Mapped)
1106 {
1107 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1108 PWELL_KNOWN_SID ptr, ptr2;
1109 PSID DomainSid;
1110 ULONG DomainIndex;
1111 ULONG i;
1112 NTSTATUS Status = STATUS_SUCCESS;
1113
1114 for (i = 0; i < Count; i++)
1115 {
1116 /* Ignore names which were already mapped */
1117 if (SidsBuffer[i].Use != SidTypeUnknown)
1118 continue;
1119
1120 /* Ignore fully qualified account names */
1121 if (DomainNames[i].Length != 0)
1122 continue;
1123
1124 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1125
1126 /* Look-up all well-known names */
1127 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]);
1128 if (ptr != NULL)
1129 {
1130 SidsBuffer[i].Use = ptr->Use;
1131 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1132 if (SidsBuffer[i].Sid == NULL)
1133 {
1134 Status = STATUS_INSUFFICIENT_RESOURCES;
1135 goto done;
1136 }
1137
1138 SidsBuffer[i].DomainIndex = -1;
1139 SidsBuffer[i].Flags = 0;
1140
1141 if (ptr->Use == SidTypeDomain)
1142 {
1143 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1144 &ptr->AccountName,
1145 ptr->Sid,
1146 &DomainIndex);
1147 if (!NT_SUCCESS(Status))
1148 goto done;
1149
1150 SidsBuffer[i].DomainIndex = DomainIndex;
1151 }
1152 else
1153 {
1154 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1155 if (ptr2 != NULL)
1156 {
1157 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1158 &ptr2->AccountName,
1159 ptr2->Sid,
1160 &DomainIndex);
1161 if (!NT_SUCCESS(Status))
1162 goto done;
1163
1164 SidsBuffer[i].DomainIndex = DomainIndex;
1165 }
1166 else
1167 {
1168 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1169 if (DomainSid == NULL)
1170 {
1171 Status = STATUS_INSUFFICIENT_RESOURCES;
1172 goto done;
1173 }
1174
1175 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1176 &EmptyDomainName,
1177 DomainSid,
1178 &DomainIndex);
1179
1180 if (DomainSid != NULL)
1181 {
1182 MIDL_user_free(DomainSid);
1183 DomainSid = NULL;
1184 }
1185
1186 if (!NT_SUCCESS(Status))
1187 goto done;
1188
1189 SidsBuffer[i].DomainIndex = DomainIndex;
1190 }
1191 }
1192
1193 (*Mapped)++;
1194 continue;
1195 }
1196
1197 /* Look-up the built-in domain */
1198 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE))
1199 {
1200 SidsBuffer[i].Use = SidTypeDomain;
1201 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid);
1202 if (SidsBuffer[i].Sid == NULL)
1203 {
1204 Status = STATUS_INSUFFICIENT_RESOURCES;
1205 goto done;
1206 }
1207
1208 SidsBuffer[i].DomainIndex = -1;
1209 SidsBuffer[i].Flags = 0;
1210
1211 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1212 &BuiltinDomainName,
1213 BuiltinDomainSid,
1214 &DomainIndex);
1215 if (!NT_SUCCESS(Status))
1216 goto done;
1217
1218 SidsBuffer[i].DomainIndex = DomainIndex;
1219
1220 (*Mapped)++;
1221 continue;
1222 }
1223
1224 /* Look-up the account domain */
1225 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
1226 {
1227 SidsBuffer[i].Use = SidTypeDomain;
1228 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid);
1229 if (SidsBuffer[i].Sid == NULL)
1230 {
1231 Status = STATUS_INSUFFICIENT_RESOURCES;
1232 goto done;
1233 }
1234 SidsBuffer[i].DomainIndex = -1;
1235 SidsBuffer[i].Flags = 0;
1236
1237 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1238 &AccountDomainName,
1239 AccountDomainSid,
1240 &DomainIndex);
1241 if (!NT_SUCCESS(Status))
1242 goto done;
1243
1244 SidsBuffer[i].DomainIndex = DomainIndex;
1245
1246 (*Mapped)++;
1247 continue;
1248 }
1249
1250 /* FIXME: Look-up the primary domain */
1251
1252 /* FIXME: Look-up the trusted domains */
1253
1254 }
1255
1256 done:
1257
1258 return Status;
1259 }
1260
1261
1262 static
1263 NTSTATUS
1264 LsapLookupIsolatedBuiltinNames(DWORD Count,
1265 PRPC_UNICODE_STRING DomainNames,
1266 PRPC_UNICODE_STRING AccountNames,
1267 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1268 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1269 PULONG Mapped)
1270 {
1271 SAMPR_HANDLE ServerHandle = NULL;
1272 SAMPR_HANDLE DomainHandle = NULL;
1273 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1274 SAMPR_ULONG_ARRAY Use = {0, NULL};
1275 ULONG DomainIndex;
1276 ULONG i;
1277 NTSTATUS Status = STATUS_SUCCESS;
1278
1279 Status = SamrConnect(NULL,
1280 &ServerHandle,
1281 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1282 if (!NT_SUCCESS(Status))
1283 {
1284 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1285 goto done;
1286 }
1287
1288 Status = SamrOpenDomain(ServerHandle,
1289 DOMAIN_LOOKUP,
1290 BuiltinDomainSid,
1291 &DomainHandle);
1292 if (!NT_SUCCESS(Status))
1293 {
1294 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1295 goto done;
1296 }
1297
1298 for (i = 0; i < Count; i++)
1299 {
1300 /* Ignore names which were already mapped */
1301 if (SidsBuffer[i].Use != SidTypeUnknown)
1302 continue;
1303
1304 /* Ignore fully qualified account names */
1305 if (DomainNames[i].Length != 0)
1306 continue;
1307
1308 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1309
1310 Status = SamrLookupNamesInDomain(DomainHandle,
1311 1,
1312 &AccountNames[i],
1313 &RelativeIds,
1314 &Use);
1315 if (NT_SUCCESS(Status))
1316 {
1317 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1318
1319 SidsBuffer[i].Use = Use.Element[0];
1320 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1321 RelativeIds.Element[0]);
1322 if (SidsBuffer[i].Sid == NULL)
1323 {
1324 Status = STATUS_INSUFFICIENT_RESOURCES;
1325 goto done;
1326 }
1327
1328 SidsBuffer[i].DomainIndex = -1;
1329 SidsBuffer[i].Flags = 0;
1330
1331 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1332 &BuiltinDomainName,
1333 BuiltinDomainSid,
1334 &DomainIndex);
1335 if (!NT_SUCCESS(Status))
1336 goto done;
1337
1338 SidsBuffer[i].DomainIndex = DomainIndex;
1339
1340 (*Mapped)++;
1341 }
1342
1343 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1344 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1345 }
1346
1347 done:
1348 if (DomainHandle != NULL)
1349 SamrCloseHandle(&DomainHandle);
1350
1351 if (ServerHandle != NULL)
1352 SamrCloseHandle(&ServerHandle);
1353
1354 return Status;
1355 }
1356
1357
1358 static
1359 NTSTATUS
1360 LsapLookupIsolatedAccountNames(DWORD Count,
1361 PRPC_UNICODE_STRING DomainNames,
1362 PRPC_UNICODE_STRING AccountNames,
1363 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1364 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1365 PULONG Mapped)
1366 {
1367 SAMPR_HANDLE ServerHandle = NULL;
1368 SAMPR_HANDLE DomainHandle = NULL;
1369 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1370 SAMPR_ULONG_ARRAY Use = {0, NULL};
1371 ULONG DomainIndex;
1372 ULONG i;
1373 NTSTATUS Status = STATUS_SUCCESS;
1374
1375 TRACE("()\n");
1376
1377 Status = SamrConnect(NULL,
1378 &ServerHandle,
1379 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1380 if (!NT_SUCCESS(Status))
1381 {
1382 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1383 goto done;
1384 }
1385
1386 Status = SamrOpenDomain(ServerHandle,
1387 DOMAIN_LOOKUP,
1388 AccountDomainSid,
1389 &DomainHandle);
1390 if (!NT_SUCCESS(Status))
1391 {
1392 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1393 goto done;
1394 }
1395
1396 for (i = 0; i < Count; i++)
1397 {
1398 /* Ignore names which were already mapped */
1399 if (SidsBuffer[i].Use != SidTypeUnknown)
1400 continue;
1401
1402 /* Ignore fully qualified account names */
1403 if (DomainNames[i].Length != 0)
1404 continue;
1405
1406 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1407
1408 Status = SamrLookupNamesInDomain(DomainHandle,
1409 1,
1410 &AccountNames[i],
1411 &RelativeIds,
1412 &Use);
1413 if (NT_SUCCESS(Status))
1414 {
1415 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1416
1417 SidsBuffer[i].Use = Use.Element[0];
1418 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1419 RelativeIds.Element[0]);
1420 if (SidsBuffer[i].Sid == NULL)
1421 {
1422 Status = STATUS_INSUFFICIENT_RESOURCES;
1423 goto done;
1424 }
1425
1426 SidsBuffer[i].DomainIndex = -1;
1427 SidsBuffer[i].Flags = 0;
1428
1429 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1430 &AccountDomainName,
1431 AccountDomainSid,
1432 &DomainIndex);
1433 if (!NT_SUCCESS(Status))
1434 goto done;
1435
1436 SidsBuffer[i].DomainIndex = DomainIndex;
1437
1438 (*Mapped)++;
1439 }
1440
1441 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1442 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1443 }
1444
1445 done:
1446 if (DomainHandle != NULL)
1447 SamrCloseHandle(&DomainHandle);
1448
1449 if (ServerHandle != NULL)
1450 SamrCloseHandle(&ServerHandle);
1451
1452 return Status;
1453 }
1454
1455
1456 static
1457 NTSTATUS
1458 LsapLookupFullyQualifiedWellKnownNames(DWORD Count,
1459 PRPC_UNICODE_STRING DomainNames,
1460 PRPC_UNICODE_STRING AccountNames,
1461 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1462 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1463 PULONG Mapped)
1464 {
1465 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1466 PWELL_KNOWN_SID ptr, ptr2;
1467 PSID DomainSid;
1468 ULONG DomainIndex;
1469 ULONG i;
1470 NTSTATUS Status = STATUS_SUCCESS;
1471
1472 for (i = 0; i < Count; i++)
1473 {
1474 /* Ignore names which were already mapped */
1475 if (SidsBuffer[i].Use != SidTypeUnknown)
1476 continue;
1477
1478 /* Ignore isolated account names */
1479 if (DomainNames[i].Length == 0)
1480 continue;
1481
1482 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1483
1484 /* Look-up all well-known names */
1485 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i],
1486 (PUNICODE_STRING)&DomainNames[i]);
1487 if (ptr != NULL)
1488 {
1489 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName);
1490
1491 SidsBuffer[i].Use = ptr->Use;
1492 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1493 if (SidsBuffer[i].Sid == NULL)
1494 {
1495 Status = STATUS_INSUFFICIENT_RESOURCES;
1496 goto done;
1497 }
1498
1499 SidsBuffer[i].DomainIndex = -1;
1500 SidsBuffer[i].Flags = 0;
1501
1502 if (ptr->Use == SidTypeDomain)
1503 {
1504 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1505 &ptr->AccountName,
1506 ptr->Sid,
1507 &DomainIndex);
1508 if (!NT_SUCCESS(Status))
1509 goto done;
1510
1511 SidsBuffer[i].DomainIndex = DomainIndex;
1512 }
1513 else
1514 {
1515 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1516 if (ptr2 != NULL)
1517 {
1518 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1519 &ptr2->AccountName,
1520 ptr2->Sid,
1521 &DomainIndex);
1522 if (!NT_SUCCESS(Status))
1523 goto done;
1524
1525 SidsBuffer[i].DomainIndex = DomainIndex;
1526 }
1527 else
1528 {
1529 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1530 if (DomainSid == NULL)
1531 {
1532 Status = STATUS_INSUFFICIENT_RESOURCES;
1533 goto done;
1534 }
1535
1536 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1537 &EmptyDomainName,
1538 DomainSid,
1539 &DomainIndex);
1540
1541 if (DomainSid != NULL)
1542 {
1543 MIDL_user_free(DomainSid);
1544 DomainSid = NULL;
1545 }
1546
1547 if (!NT_SUCCESS(Status))
1548 goto done;
1549
1550 SidsBuffer[i].DomainIndex = DomainIndex;
1551 }
1552 }
1553
1554 (*Mapped)++;
1555 continue;
1556 }
1557 }
1558
1559 done:
1560 return Status;
1561 }
1562
1563
1564 static
1565 NTSTATUS
1566 LsapLookupBuiltinNames(DWORD Count,
1567 PRPC_UNICODE_STRING DomainNames,
1568 PRPC_UNICODE_STRING AccountNames,
1569 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1570 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1571 PULONG Mapped)
1572 {
1573 SAMPR_HANDLE ServerHandle = NULL;
1574 SAMPR_HANDLE DomainHandle = NULL;
1575 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1576 SAMPR_ULONG_ARRAY Use = {0, NULL};
1577 ULONG DomainIndex;
1578 ULONG i;
1579 NTSTATUS Status = STATUS_SUCCESS;
1580
1581 Status = SamrConnect(NULL,
1582 &ServerHandle,
1583 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1584 if (!NT_SUCCESS(Status))
1585 {
1586 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1587 goto done;
1588 }
1589
1590 Status = SamrOpenDomain(ServerHandle,
1591 DOMAIN_LOOKUP,
1592 BuiltinDomainSid,
1593 &DomainHandle);
1594 if (!NT_SUCCESS(Status))
1595 {
1596 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1597 goto done;
1598 }
1599
1600 for (i = 0; i < Count; i++)
1601 {
1602 /* Ignore names which were already mapped */
1603 if (SidsBuffer[i].Use != SidTypeUnknown)
1604 continue;
1605
1606 /* Ignore isolated account names */
1607 if (DomainNames[i].Length == 0)
1608 continue;
1609
1610 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE))
1611 continue;
1612
1613 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1614
1615 Status = SamrLookupNamesInDomain(DomainHandle,
1616 1,
1617 &AccountNames[i],
1618 &RelativeIds,
1619 &Use);
1620 if (NT_SUCCESS(Status))
1621 {
1622 SidsBuffer[i].Use = Use.Element[0];
1623 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1624 RelativeIds.Element[0]);
1625 if (SidsBuffer[i].Sid == NULL)
1626 {
1627 Status = STATUS_INSUFFICIENT_RESOURCES;
1628 goto done;
1629 }
1630
1631 SidsBuffer[i].DomainIndex = -1;
1632 SidsBuffer[i].Flags = 0;
1633
1634 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1635 &BuiltinDomainName,
1636 BuiltinDomainSid,
1637 &DomainIndex);
1638 if (!NT_SUCCESS(Status))
1639 goto done;
1640
1641 SidsBuffer[i].DomainIndex = DomainIndex;
1642
1643 (*Mapped)++;
1644 }
1645
1646 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1647 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1648 }
1649
1650 done:
1651 if (DomainHandle != NULL)
1652 SamrCloseHandle(&DomainHandle);
1653
1654 if (ServerHandle != NULL)
1655 SamrCloseHandle(&ServerHandle);
1656
1657 return Status;
1658 }
1659
1660
1661 static
1662 NTSTATUS
1663 LsapLookupAccountNames(DWORD Count,
1664 PRPC_UNICODE_STRING DomainNames,
1665 PRPC_UNICODE_STRING AccountNames,
1666 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1667 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1668 PULONG Mapped)
1669 {
1670 SAMPR_HANDLE ServerHandle = NULL;
1671 SAMPR_HANDLE DomainHandle = NULL;
1672 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1673 SAMPR_ULONG_ARRAY Use = {0, NULL};
1674 ULONG DomainIndex;
1675 ULONG i;
1676 NTSTATUS Status = STATUS_SUCCESS;
1677
1678 Status = SamrConnect(NULL,
1679 &ServerHandle,
1680 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1681 if (!NT_SUCCESS(Status))
1682 {
1683 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1684 goto done;
1685 }
1686
1687 Status = SamrOpenDomain(ServerHandle,
1688 DOMAIN_LOOKUP,
1689 AccountDomainSid,
1690 &DomainHandle);
1691 if (!NT_SUCCESS(Status))
1692 {
1693 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1694 goto done;
1695 }
1696
1697 for (i = 0; i < Count; i++)
1698 {
1699 /* Ignore names which were already mapped */
1700 if (SidsBuffer[i].Use != SidTypeUnknown)
1701 continue;
1702
1703 /* Ignore isolated account names */
1704 if (DomainNames[i].Length == 0)
1705 continue;
1706
1707 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE))
1708 continue;
1709
1710 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1711
1712 Status = SamrLookupNamesInDomain(DomainHandle,
1713 1,
1714 &AccountNames[i],
1715 &RelativeIds,
1716 &Use);
1717 if (NT_SUCCESS(Status))
1718 {
1719 SidsBuffer[i].Use = Use.Element[0];
1720 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1721 RelativeIds.Element[0]);
1722 if (SidsBuffer[i].Sid == NULL)
1723 {
1724 Status = STATUS_INSUFFICIENT_RESOURCES;
1725 goto done;
1726 }
1727
1728 SidsBuffer[i].DomainIndex = -1;
1729 SidsBuffer[i].Flags = 0;
1730
1731 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1732 &AccountDomainName,
1733 AccountDomainSid,
1734 &DomainIndex);
1735 if (!NT_SUCCESS(Status))
1736 goto done;
1737
1738 SidsBuffer[i].DomainIndex = DomainIndex;
1739
1740 (*Mapped)++;
1741 }
1742
1743 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1744 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1745 }
1746
1747 done:
1748 if (DomainHandle != NULL)
1749 SamrCloseHandle(&DomainHandle);
1750
1751 if (ServerHandle != NULL)
1752 SamrCloseHandle(&ServerHandle);
1753
1754 return Status;
1755 }
1756
1757
1758 NTSTATUS
1759 LsapLookupNames(DWORD Count,
1760 PRPC_UNICODE_STRING Names,
1761 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1762 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1763 LSAP_LOOKUP_LEVEL LookupLevel,
1764 DWORD *MappedCount,
1765 DWORD LookupOptions,
1766 DWORD ClientRevision)
1767 {
1768 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
1769 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL;
1770 PRPC_UNICODE_STRING DomainNames = NULL;
1771 PRPC_UNICODE_STRING AccountNames = NULL;
1772 ULONG SidsBufferLength;
1773 ULONG i;
1774 ULONG Mapped = 0;
1775 NTSTATUS Status = STATUS_SUCCESS;
1776
1777 //TRACE("()\n");
1778
1779 TranslatedSids->Entries = 0;
1780 TranslatedSids->Sids = NULL;
1781 *ReferencedDomains = NULL;
1782
1783 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2);
1784 SidsBuffer = MIDL_user_allocate(SidsBufferLength);
1785 if (SidsBuffer == NULL)
1786 {
1787 //TRACE("\n");
1788 Status = STATUS_INSUFFICIENT_RESOURCES;
1789 goto done;
1790 }
1791
1792 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
1793 if (DomainsBuffer == NULL)
1794 {
1795 //TRACE("\n");
1796 Status = STATUS_INSUFFICIENT_RESOURCES;
1797 goto done;
1798 }
1799
1800 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION));
1801 if (DomainsBuffer->Domains == NULL)
1802 {
1803 //TRACE("\n");
1804 Status = STATUS_INSUFFICIENT_RESOURCES;
1805 goto done;
1806 }
1807 DomainsBuffer->Entries = 0;
1808 DomainsBuffer->MaxEntries = Count;
1809
1810 for (i = 0; i < Count; i++)
1811 {
1812 SidsBuffer[i].Use = SidTypeUnknown;
1813 SidsBuffer[i].Sid = NULL;
1814 SidsBuffer[i].DomainIndex = -1;
1815 SidsBuffer[i].Flags = 0;
1816 }
1817
1818 Status = LsapSplitNames(Count,
1819 Names,
1820 &DomainNames,
1821 &AccountNames);
1822 if (!NT_SUCCESS(Status))
1823 {
1824 TRACE("LsapSplitNames failed! (Status %lx)\n", Status);
1825 goto done;
1826 }
1827
1828
1829 Status = LsapLookupIsolatedNames(Count,
1830 DomainNames,
1831 AccountNames,
1832 DomainsBuffer,
1833 SidsBuffer,
1834 &Mapped);
1835 if (!NT_SUCCESS(Status) &&
1836 Status != STATUS_NONE_MAPPED &&
1837 Status != STATUS_SOME_NOT_MAPPED)
1838 {
1839 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
1840 goto done;
1841 }
1842
1843 if (Mapped == Count)
1844 goto done;
1845
1846
1847 Status = LsapLookupIsolatedBuiltinNames(Count,
1848 DomainNames,
1849 AccountNames,
1850 DomainsBuffer,
1851 SidsBuffer,
1852 &Mapped);
1853 if (!NT_SUCCESS(Status) &&
1854 Status != STATUS_NONE_MAPPED &&
1855 Status != STATUS_SOME_NOT_MAPPED)
1856 {
1857 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
1858 goto done;
1859 }
1860
1861 if (Mapped == Count)
1862 goto done;
1863
1864
1865 Status = LsapLookupIsolatedAccountNames(Count,
1866 DomainNames,
1867 AccountNames,
1868 DomainsBuffer,
1869 SidsBuffer,
1870 &Mapped);
1871 if (!NT_SUCCESS(Status) &&
1872 Status != STATUS_NONE_MAPPED &&
1873 Status != STATUS_SOME_NOT_MAPPED)
1874 {
1875 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
1876 goto done;
1877 }
1878
1879 if (Mapped == Count)
1880 goto done;
1881
1882 Status = LsapLookupFullyQualifiedWellKnownNames(Count,
1883 DomainNames,
1884 AccountNames,
1885 DomainsBuffer,
1886 SidsBuffer,
1887 &Mapped);
1888 if (!NT_SUCCESS(Status) &&
1889 Status != STATUS_NONE_MAPPED &&
1890 Status != STATUS_SOME_NOT_MAPPED)
1891 {
1892 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status);
1893 goto done;
1894 }
1895
1896 if (Mapped == Count)
1897 goto done;
1898
1899 Status = LsapLookupBuiltinNames(Count,
1900 DomainNames,
1901 AccountNames,
1902 DomainsBuffer,
1903 SidsBuffer,
1904 &Mapped);
1905 if (!NT_SUCCESS(Status) &&
1906 Status != STATUS_NONE_MAPPED &&
1907 Status != STATUS_SOME_NOT_MAPPED)
1908 {
1909 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
1910 goto done;
1911 }
1912
1913 if (Mapped == Count)
1914 goto done;
1915
1916
1917 Status = LsapLookupAccountNames(Count,
1918 DomainNames,
1919 AccountNames,
1920 DomainsBuffer,
1921 SidsBuffer,
1922 &Mapped);
1923 if (!NT_SUCCESS(Status) &&
1924 Status != STATUS_NONE_MAPPED &&
1925 Status != STATUS_SOME_NOT_MAPPED)
1926 {
1927 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
1928 goto done;
1929 }
1930
1931 if (Mapped == Count)
1932 goto done;
1933
1934 done:
1935 // TRACE("done: Status %lx\n", Status);
1936
1937 if (DomainNames != NULL)
1938 {
1939 //TRACE("Free DomainNames\n");
1940 for (i = 0; i < Count; i++)
1941 {
1942 if (DomainNames[i].Buffer != NULL)
1943 MIDL_user_free(DomainNames[i].Buffer);
1944 }
1945
1946 MIDL_user_free(DomainNames);
1947 }
1948
1949 if (AccountNames != NULL)
1950 {
1951 //TRACE("Free AccountNames\n");
1952 for (i = 0; i < Count; i++)
1953 {
1954 //TRACE("i: %lu\n", i);
1955 if (AccountNames[i].Buffer != NULL)
1956 {
1957 MIDL_user_free(AccountNames[i].Buffer);
1958 }
1959 }
1960
1961 MIDL_user_free(AccountNames);
1962 }
1963
1964 if (!NT_SUCCESS(Status))
1965 {
1966 //TRACE("Failure!\n");
1967
1968 //TRACE("Free DomainsBuffer\n");
1969 if (DomainsBuffer != NULL)
1970 {
1971 if (DomainsBuffer->Domains != NULL)
1972 MIDL_user_free(DomainsBuffer->Domains);
1973
1974 MIDL_user_free(DomainsBuffer);
1975 }
1976
1977 //TRACE("Free SidsBuffer\n");
1978 if (SidsBuffer != NULL)
1979 MIDL_user_free(SidsBuffer);
1980 }
1981 else
1982 {
1983 //TRACE("Success!\n");
1984
1985 *ReferencedDomains = DomainsBuffer;
1986 TranslatedSids->Entries = Count;
1987 TranslatedSids->Sids = SidsBuffer;
1988 *MappedCount = Mapped;
1989
1990 if (Mapped == 0)
1991 Status = STATUS_NONE_MAPPED;
1992 else if (Mapped < Count)
1993 Status = STATUS_SOME_NOT_MAPPED;
1994 }
1995
1996 // TRACE("done: Status %lx\n", Status);
1997
1998 return Status;
1999 }
2000
2001
2002 static NTSTATUS
2003 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2004 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2005 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2006 PULONG Mapped)
2007 {
2008 PWELL_KNOWN_SID ptr, ptr2;
2009 LPWSTR SidString = NULL;
2010 ULONG DomainIndex;
2011 ULONG i;
2012 NTSTATUS Status = STATUS_SUCCESS;
2013
2014 for (i = 0; i < SidEnumBuffer->Entries; i++)
2015 {
2016 /* Ignore SIDs which are already mapped */
2017 if (NamesBuffer[i].Use != SidTypeUnknown)
2018 continue;
2019
2020 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2021 TRACE("Mapping SID: %S\n", SidString);
2022 LocalFree(SidString);
2023 SidString = NULL;
2024
2025 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
2026 if (ptr != NULL)
2027 {
2028 NamesBuffer[i].Use = ptr->Use;
2029 NamesBuffer[i].Flags = 0;
2030
2031 NamesBuffer[i].Name.Length = ptr->AccountName.Length;
2032 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength;
2033 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength);
2034 if (NamesBuffer[i].Name.Buffer == NULL)
2035 {
2036 Status = STATUS_INSUFFICIENT_RESOURCES;
2037 goto done;
2038 }
2039
2040 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength);
2041
2042 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
2043 if (ptr2 != NULL)
2044 {
2045 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2046 &ptr2->AccountName,
2047 ptr2->Sid,
2048 &DomainIndex);
2049 if (!NT_SUCCESS(Status))
2050 goto done;
2051
2052 NamesBuffer[i].DomainIndex = DomainIndex;
2053 }
2054
2055 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2056
2057 (*Mapped)++;
2058 }
2059 }
2060
2061 done:
2062 return Status;
2063 }
2064
2065
2066 static NTSTATUS
2067 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2068 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2069 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2070 PULONG Mapped)
2071 {
2072 SAMPR_HANDLE ServerHandle = NULL;
2073 SAMPR_HANDLE DomainHandle = NULL;
2074 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2075 SAMPR_ULONG_ARRAY Use = {0, NULL};
2076 LPWSTR SidString = NULL;
2077 ULONG DomainIndex;
2078 ULONG RelativeIds[1];
2079 ULONG i;
2080 NTSTATUS Status = STATUS_SUCCESS;
2081
2082 Status = SamrConnect(NULL,
2083 &ServerHandle,
2084 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2085 if (!NT_SUCCESS(Status))
2086 {
2087 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2088 goto done;
2089 }
2090
2091 Status = SamrOpenDomain(ServerHandle,
2092 DOMAIN_LOOKUP,
2093 BuiltinDomainSid,
2094 &DomainHandle);
2095 if (!NT_SUCCESS(Status))
2096 {
2097 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2098 goto done;
2099 }
2100
2101 for (i = 0; i < SidEnumBuffer->Entries; i++)
2102 {
2103 /* Ignore SIDs which are already mapped */
2104 if (NamesBuffer[i].Use != SidTypeUnknown)
2105 continue;
2106
2107 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2108 TRACE("Mapping SID: %S\n", SidString);
2109 LocalFree(SidString);
2110 SidString = NULL;
2111
2112 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2113 {
2114 TRACE("Found builtin domain!\n");
2115
2116 NamesBuffer[i].Use = SidTypeDomain;
2117 NamesBuffer[i].Flags = 0;
2118
2119 NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
2120 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
2121 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength);
2122 if (NamesBuffer[i].Name.Buffer == NULL)
2123 {
2124 Status = STATUS_INSUFFICIENT_RESOURCES;
2125 goto done;
2126 }
2127
2128 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength);
2129
2130 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2131 &BuiltinDomainName,
2132 BuiltinDomainSid,
2133 &DomainIndex);
2134 if (!NT_SUCCESS(Status))
2135 goto done;
2136
2137 NamesBuffer[i].DomainIndex = DomainIndex;
2138
2139 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2140
2141 (*Mapped)++;
2142 }
2143 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2144 {
2145 TRACE("Found builtin domain account!\n");
2146
2147 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2148
2149 Status = SamrLookupIdsInDomain(DomainHandle,
2150 1,
2151 RelativeIds,
2152 &Names,
2153 &Use);
2154 if (NT_SUCCESS(Status))
2155 {
2156 NamesBuffer[i].Use = Use.Element[0];
2157 NamesBuffer[i].Flags = 0;
2158
2159 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2160 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2161 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2162 if (NamesBuffer[i].Name.Buffer == NULL)
2163 {
2164 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2165 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2166
2167 Status = STATUS_INSUFFICIENT_RESOURCES;
2168 goto done;
2169 }
2170
2171 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2172 Names.Element[0].Buffer,
2173 Names.Element[0].MaximumLength);
2174
2175 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2176 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2177
2178 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2179 &BuiltinDomainName,
2180 BuiltinDomainSid,
2181 &DomainIndex);
2182 if (!NT_SUCCESS(Status))
2183 goto done;
2184
2185 NamesBuffer[i].DomainIndex = DomainIndex;
2186
2187 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2188
2189 (*Mapped)++;
2190 }
2191 }
2192 }
2193
2194 done:
2195 if (DomainHandle != NULL)
2196 SamrCloseHandle(&DomainHandle);
2197
2198 if (ServerHandle != NULL)
2199 SamrCloseHandle(&ServerHandle);
2200
2201 return Status;
2202 }
2203
2204
2205 static NTSTATUS
2206 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2207 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2208 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2209 PULONG Mapped)
2210 {
2211 SAMPR_HANDLE ServerHandle = NULL;
2212 SAMPR_HANDLE DomainHandle = NULL;
2213 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2214 SAMPR_ULONG_ARRAY Use = {0, NULL};
2215 LPWSTR SidString = NULL;
2216 ULONG DomainIndex;
2217 ULONG RelativeIds[1];
2218 ULONG i;
2219 NTSTATUS Status = STATUS_SUCCESS;
2220
2221 Status = SamrConnect(NULL,
2222 &ServerHandle,
2223 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2224 if (!NT_SUCCESS(Status))
2225 {
2226 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2227 goto done;
2228 }
2229
2230 Status = SamrOpenDomain(ServerHandle,
2231 DOMAIN_LOOKUP,
2232 AccountDomainSid,
2233 &DomainHandle);
2234 if (!NT_SUCCESS(Status))
2235 {
2236 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2237 goto done;
2238 }
2239
2240 for (i = 0; i < SidEnumBuffer->Entries; i++)
2241 {
2242 /* Ignore SIDs which are already mapped */
2243 if (NamesBuffer[i].Use != SidTypeUnknown)
2244 continue;
2245
2246 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2247 TRACE("Mapping SID: %S\n", SidString);
2248 LocalFree(SidString);
2249 SidString = NULL;
2250
2251 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2252 {
2253 TRACE("Found account domain!\n");
2254
2255 NamesBuffer[i].Use = SidTypeDomain;
2256 NamesBuffer[i].Flags = 0;
2257
2258 NamesBuffer[i].Name.Length = AccountDomainName.Length;
2259 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
2260 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength);
2261 if (NamesBuffer[i].Name.Buffer == NULL)
2262 {
2263 Status = STATUS_INSUFFICIENT_RESOURCES;
2264 goto done;
2265 }
2266
2267 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength);
2268
2269 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2270 &AccountDomainName,
2271 AccountDomainSid,
2272 &DomainIndex);
2273 if (!NT_SUCCESS(Status))
2274 goto done;
2275
2276 NamesBuffer[i].DomainIndex = DomainIndex;
2277
2278 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2279
2280 (*Mapped)++;
2281 }
2282 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2283 {
2284 TRACE("Found account domain account!\n");
2285
2286 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2287
2288 Status = SamrLookupIdsInDomain(DomainHandle,
2289 1,
2290 RelativeIds,
2291 &Names,
2292 &Use);
2293 if (NT_SUCCESS(Status))
2294 {
2295 NamesBuffer[i].Use = Use.Element[0];
2296 NamesBuffer[i].Flags = 0;
2297
2298 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2299 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2300 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2301 if (NamesBuffer[i].Name.Buffer == NULL)
2302 {
2303 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2304 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2305
2306 Status = STATUS_INSUFFICIENT_RESOURCES;
2307 goto done;
2308 }
2309
2310 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2311 Names.Element[0].Buffer,
2312 Names.Element[0].MaximumLength);
2313
2314 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2315 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2316
2317 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2318 &AccountDomainName,
2319 AccountDomainSid,
2320 &DomainIndex);
2321 if (!NT_SUCCESS(Status))
2322 goto done;
2323
2324 NamesBuffer[i].DomainIndex = DomainIndex;
2325
2326 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2327
2328 (*Mapped)++;
2329 }
2330 }
2331 }
2332
2333 done:
2334 if (DomainHandle != NULL)
2335 SamrCloseHandle(&DomainHandle);
2336
2337 if (ServerHandle != NULL)
2338 SamrCloseHandle(&ServerHandle);
2339
2340 return Status;
2341 }
2342
2343
2344 NTSTATUS
2345 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2346 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
2347 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
2348 LSAP_LOOKUP_LEVEL LookupLevel,
2349 DWORD *MappedCount,
2350 DWORD LookupOptions,
2351 DWORD ClientRevision)
2352 {
2353 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
2354 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL;
2355 ULONG NamesBufferLength;
2356 ULONG i;
2357 ULONG Mapped = 0;
2358 NTSTATUS Status = STATUS_SUCCESS;
2359
2360 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX);
2361 NamesBuffer = MIDL_user_allocate(NamesBufferLength);
2362 if (NamesBuffer == NULL)
2363 {
2364 Status = STATUS_INSUFFICIENT_RESOURCES;
2365 goto done;
2366 }
2367
2368 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
2369 if (DomainsBuffer == NULL)
2370 {
2371 Status = STATUS_INSUFFICIENT_RESOURCES;
2372 goto done;
2373 }
2374
2375 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
2376 if (DomainsBuffer->Domains == NULL)
2377 {
2378 Status = STATUS_INSUFFICIENT_RESOURCES;
2379 goto done;
2380 }
2381
2382 DomainsBuffer->Entries = 0;
2383 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
2384
2385 /* Initialize all name entries */
2386 for (i = 0; i < SidEnumBuffer->Entries; i++)
2387 {
2388 NamesBuffer[i].Use = SidTypeUnknown;
2389 NamesBuffer[i].Name.Length = 0;
2390 NamesBuffer[i].Name.MaximumLength = 0;
2391 NamesBuffer[i].Name.Buffer = NULL;
2392 NamesBuffer[i].DomainIndex = -1;
2393 NamesBuffer[i].Flags = 0;
2394 }
2395
2396 /* Look-up well-known SIDs */
2397 Status = LsapLookupWellKnownSids(SidEnumBuffer,
2398 NamesBuffer,
2399 DomainsBuffer,
2400 &Mapped);
2401 if (!NT_SUCCESS(Status) &&
2402 Status != STATUS_NONE_MAPPED &&
2403 Status != STATUS_SOME_NOT_MAPPED)
2404 goto done;
2405
2406 if (Mapped == SidEnumBuffer->Entries)
2407 goto done;
2408
2409 /* Look-up builtin domain SIDs */
2410 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
2411 NamesBuffer,
2412 DomainsBuffer,
2413 &Mapped);
2414 if (!NT_SUCCESS(Status) &&
2415 Status != STATUS_NONE_MAPPED &&
2416 Status != STATUS_SOME_NOT_MAPPED)
2417 goto done;
2418
2419 if (Mapped == SidEnumBuffer->Entries)
2420 goto done;
2421
2422 /* Look-up account domain SIDs */
2423 Status = LsapLookupAccountDomainSids(SidEnumBuffer,
2424 NamesBuffer,
2425 DomainsBuffer,
2426 &Mapped);
2427 if (!NT_SUCCESS(Status) &&
2428 Status != STATUS_NONE_MAPPED &&
2429 Status != STATUS_SOME_NOT_MAPPED)
2430 goto done;
2431
2432 if (Mapped == SidEnumBuffer->Entries)
2433 goto done;
2434
2435 done:
2436 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);
2437
2438 if (!NT_SUCCESS(Status))
2439 {
2440 if (DomainsBuffer != NULL)
2441 {
2442 if (DomainsBuffer->Domains != NULL)
2443 MIDL_user_free(DomainsBuffer->Domains);
2444
2445 MIDL_user_free(DomainsBuffer);
2446 }
2447
2448 if (NamesBuffer != NULL)
2449 MIDL_user_free(NamesBuffer);
2450 }
2451 else
2452 {
2453 *ReferencedDomains = DomainsBuffer;
2454 TranslatedNames->Entries = SidEnumBuffer->Entries;
2455 TranslatedNames->Names = NamesBuffer;
2456 *MappedCount = Mapped;
2457
2458 if (Mapped == 0)
2459 Status = STATUS_NONE_MAPPED;
2460 else if (Mapped < SidEnumBuffer->Entries)
2461 Status = STATUS_SOME_NOT_MAPPED;
2462 }
2463
2464 return Status;
2465 }
2466
2467 /* EOF */
A free Windows-compatible Operating System