projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[LSASRV]
[reactos.git] / reactos / dll / win32 / lsasrv / lookup.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lookup.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10 /* INCLUDES ****************************************************************/
11
12 #include "lsasrv.h"
13
14 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
15
16
17 /* GLOBALS *****************************************************************/
18
19 typedef wchar_t *PSAMPR_SERVER_NAME;
20 typedef void *SAMPR_HANDLE;
21
22 typedef struct _SAMPR_RETURNED_USTRING_ARRAY
23 {
24 unsigned long Count;
25 PRPC_UNICODE_STRING Element;
26 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY;
27
28 typedef struct _SAMPR_ULONG_ARRAY
29 {
30 unsigned long Count;
31 unsigned long *Element;
32 } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
33
34
35 VOID
36 NTAPI
37 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr);
38
39 VOID
40 NTAPI
41 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr);
42
43 NTSTATUS
44 NTAPI
45 SamrConnect(IN PSAMPR_SERVER_NAME ServerName,
46 OUT SAMPR_HANDLE *ServerHandle,
47 IN ACCESS_MASK DesiredAccess);
48
49 NTSTATUS
50 NTAPI
51 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle);
52
53 NTSTATUS
54 NTAPI
55 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle,
56 IN ACCESS_MASK DesiredAccess,
57 IN PRPC_SID DomainId,
58 OUT SAMPR_HANDLE *DomainHandle);
59
60 NTSTATUS
61 NTAPI
62 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle,
63 IN ULONG Count,
64 IN ULONG *RelativeIds,
65 OUT PSAMPR_RETURNED_USTRING_ARRAY Names,
66 OUT PSAMPR_ULONG_ARRAY Use);
67
68 NTSTATUS
69 NTAPI
70 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle,
71 IN ULONG Count,
72 IN RPC_UNICODE_STRING Names[],
73 OUT PSAMPR_ULONG_ARRAY RelativeIds,
74 OUT PSAMPR_ULONG_ARRAY Use);
75
76
77 typedef struct _WELL_KNOWN_SID
78 {
79 LIST_ENTRY ListEntry;
80 PSID Sid;
81 UNICODE_STRING AccountName;
82 UNICODE_STRING DomainName;
83 SID_NAME_USE Use;
84 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
85
86
87 LIST_ENTRY WellKnownSidListHead;
88
89
90 /* FUNCTIONS ***************************************************************/
91
92 BOOLEAN
93 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
94 UCHAR SubAuthorityCount,
95 PULONG SubAuthorities,
96 PWSTR AccountName,
97 PWSTR DomainName,
98 SID_NAME_USE Use)
99 {
100 PWELL_KNOWN_SID SidEntry;
101 PULONG p;
102 ULONG i;
103
104 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID));
105 if (SidEntry == NULL)
106 return FALSE;
107
108 InitializeListHead(&SidEntry->ListEntry);
109
110 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
111 0,
112 RtlLengthRequiredSid(SubAuthorityCount));
113 if (SidEntry->Sid == NULL)
114 {
115 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
116 return FALSE;
117 }
118
119 RtlInitializeSid(SidEntry->Sid,
120 IdentifierAuthority,
121 SubAuthorityCount);
122
123 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
124 {
125 p = RtlSubAuthoritySid(SidEntry->Sid, i);
126 *p = SubAuthorities[i];
127 }
128
129 // RtlInitUnicodeString(&SidEntry->AccountName,
130 // AccountName);
131 SidEntry->AccountName.Length = wcslen(AccountName) * sizeof(WCHAR);
132 SidEntry->AccountName.MaximumLength = SidEntry->AccountName.Length + sizeof(WCHAR);
133 SidEntry->AccountName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
134 SidEntry->AccountName.MaximumLength);
135 if (SidEntry->AccountName.Buffer == NULL)
136 {
137 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
138 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
139 return FALSE;
140 }
141
142 wcscpy(SidEntry->AccountName.Buffer,
143 AccountName);
144
145 // RtlInitUnicodeString(&SidEntry->DomainName,
146 // DomainName);
147 SidEntry->DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
148 SidEntry->DomainName.MaximumLength = SidEntry->DomainName.Length + sizeof(WCHAR);
149 SidEntry->DomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0,
150 SidEntry->DomainName.MaximumLength);
151 if (SidEntry->DomainName.Buffer == NULL)
152 {
153 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->AccountName.Buffer);
154 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid);
155 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
156 return FALSE;
157 }
158
159 wcscpy(SidEntry->DomainName.Buffer,
160 DomainName);
161
162 SidEntry->Use = Use;
163
164 InsertTailList(&WellKnownSidListHead,
165 &SidEntry->ListEntry);
166
167 return TRUE;
168 }
169
170
171 NTSTATUS
172 LsapInitSids(VOID)
173 {
174 WCHAR szAccountName[80];
175 WCHAR szDomainName[80];
176 ULONG SubAuthorities[8];
177 HINSTANCE hInstance;
178
179 InitializeListHead(&WellKnownSidListHead);
180
181 hInstance = GetModuleHandleW(L"lsasrv.dll");
182
183 /* NT Authority */
184
185 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szAccountName, 80);
186 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
187 LsapCreateSid(&NtAuthority,
188 0,
189 NULL,
190 szAccountName,
191 szDomainName,
192 SidTypeDomain);
193
194 /* Null Sid */
195 LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
196
197 SubAuthorities[0] = SECURITY_NULL_RID;
198 LsapCreateSid(&NullSidAuthority,
199 1,
200 SubAuthorities,
201 szAccountName,
202 L"",
203 SidTypeWellKnownGroup);
204
205 /* World Sid */
206 LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
207
208 SubAuthorities[0] = SECURITY_WORLD_RID;
209 LsapCreateSid(&WorldSidAuthority,
210 1,
211 SubAuthorities,
212 szAccountName,
213 L"",
214 SidTypeWellKnownGroup);
215
216 /* Local Sid */
217 LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
218
219 SubAuthorities[0] = SECURITY_LOCAL_RID;
220 LsapCreateSid(&LocalSidAuthority,
221 1,
222 SubAuthorities,
223 szAccountName,
224 L"",
225 SidTypeWellKnownGroup);
226
227 /* Creator Owner Sid */
228 LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
229
230 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
231 LsapCreateSid(&CreatorSidAuthority,
232 1,
233 SubAuthorities,
234 szAccountName,
235 L"",
236 SidTypeWellKnownGroup);
237
238 /* Creator Group Sid */
239 LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
240
241 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
242 LsapCreateSid(&CreatorSidAuthority,
243 1,
244 SubAuthorities,
245 szAccountName,
246 L"",
247 SidTypeWellKnownGroup);
248
249 /* Creator Owner Server Sid */
250 LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
251
252 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
253 LsapCreateSid(&CreatorSidAuthority,
254 1,
255 SubAuthorities,
256 szAccountName,
257 L"",
258 SidTypeWellKnownGroup);
259
260 /* Creator Group Server Sid */
261 LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
262
263 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
264 LsapCreateSid(&CreatorSidAuthority,
265 1,
266 SubAuthorities,
267 szAccountName,
268 L"",
269 SidTypeWellKnownGroup);
270
271 /* Dialup Sid */
272 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
273 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, 80);
274
275 SubAuthorities[0] = SECURITY_DIALUP_RID;
276 LsapCreateSid(&NtAuthority,
277 1,
278 SubAuthorities,
279 szAccountName,
280 szDomainName,
281 SidTypeWellKnownGroup);
282
283 /* Network Sid */
284 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
285
286 SubAuthorities[0] = SECURITY_NETWORK_RID;
287 LsapCreateSid(&NtAuthority,
288 1,
289 SubAuthorities,
290 szAccountName,
291 szDomainName,
292 SidTypeWellKnownGroup);
293
294 /* Batch Sid*/
295 LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
296
297 SubAuthorities[0] = SECURITY_BATCH_RID;
298 LsapCreateSid(&NtAuthority,
299 1,
300 SubAuthorities,
301 szAccountName,
302 szDomainName,
303 SidTypeWellKnownGroup);
304
305 /* Interactive Sid */
306 LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
307
308 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
309 LsapCreateSid(&NtAuthority,
310 1,
311 SubAuthorities,
312 szAccountName,
313 szDomainName,
314 SidTypeWellKnownGroup);
315
316 /* Service Sid */
317 LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
318
319 SubAuthorities[0] = SECURITY_SERVICE_RID;
320 LsapCreateSid(&NtAuthority,
321 1,
322 SubAuthorities,
323 szAccountName,
324 szDomainName,
325 SidTypeWellKnownGroup);
326
327 /* Anonymous Logon Sid */
328 LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
329
330 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
331 LsapCreateSid(&NtAuthority,
332 1,
333 SubAuthorities,
334 szAccountName,
335 szDomainName,
336 SidTypeWellKnownGroup);
337
338 /* Proxy Sid */
339 LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
340
341 SubAuthorities[0] = SECURITY_PROXY_RID;
342 LsapCreateSid(&NtAuthority,
343 1,
344 SubAuthorities,
345 szAccountName,
346 szDomainName,
347 SidTypeWellKnownGroup);
348
349 /* Enterprise Controllers Sid */
350 LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
351
352 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
353 LsapCreateSid(&NtAuthority,
354 1,
355 SubAuthorities,
356 szAccountName,
357 szDomainName,
358 SidTypeWellKnownGroup);
359
360 /* Principal Self Sid */
361 LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
362
363 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
364 LsapCreateSid(&NtAuthority,
365 1,
366 SubAuthorities,
367 szAccountName,
368 szDomainName,
369 SidTypeWellKnownGroup);
370
371 /* Authenticated Users Sid */
372 LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
373
374 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
375 LsapCreateSid(&NtAuthority,
376 1,
377 SubAuthorities,
378 szAccountName,
379 szDomainName,
380 SidTypeWellKnownGroup);
381
382 /* Restricted Code Sid */
383 LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
384
385 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
386 LsapCreateSid(&NtAuthority,
387 1,
388 SubAuthorities,
389 szAccountName,
390 szDomainName,
391 SidTypeWellKnownGroup);
392
393 /* Terminal Server Sid */
394 LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
395
396 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
397 LsapCreateSid(&NtAuthority,
398 1,
399 SubAuthorities,
400 szAccountName,
401 szDomainName,
402 SidTypeWellKnownGroup);
403
404 /* Remote Logon Sid */
405 LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
406
407 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
408 LsapCreateSid(&NtAuthority,
409 1,
410 SubAuthorities,
411 szAccountName,
412 szDomainName,
413 SidTypeWellKnownGroup);
414
415 /* This Organization Sid */
416 LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
417
418 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
419 LsapCreateSid(&NtAuthority,
420 1,
421 SubAuthorities,
422 szAccountName,
423 szDomainName,
424 SidTypeWellKnownGroup);
425
426 /* Local System Sid */
427 LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
428
429 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
430 LsapCreateSid(&NtAuthority,
431 1,
432 SubAuthorities,
433 szAccountName,
434 szDomainName,
435 SidTypeWellKnownGroup);
436
437 /* Local Service Sid */
438 LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
439
440 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
441 LsapCreateSid(&NtAuthority,
442 1,
443 SubAuthorities,
444 szAccountName,
445 szDomainName,
446 SidTypeWellKnownGroup);
447
448 LsapCreateSid(&NtAuthority,
449 1,
450 SubAuthorities,
451 L"LOCALSERVICE",
452 L"NT AUTHORITY",
453 SidTypeWellKnownGroup);
454
455 /* Network Service Sid */
456 LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
457
458 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
459 LsapCreateSid(&NtAuthority,
460 1,
461 SubAuthorities,
462 szAccountName,
463 szDomainName,
464 SidTypeWellKnownGroup);
465
466 LsapCreateSid(&NtAuthority,
467 1,
468 SubAuthorities,
469 L"NETWORKSERVICE",
470 L"NT AUTHORITY",
471 SidTypeWellKnownGroup);
472
473 /* Builtin Domain Sid */
474 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
475 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szDomainName, 80);
476
477 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
478 LsapCreateSid(&NtAuthority,
479 1,
480 SubAuthorities,
481 szAccountName,
482 szDomainName,
483 SidTypeDomain);
484
485 /* Administrators Alias Sid */
486 LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
487
488 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
489 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
490 LsapCreateSid(&NtAuthority,
491 2,
492 SubAuthorities,
493 szAccountName,
494 szDomainName,
495 SidTypeAlias);
496
497 /* Users Alias Sid */
498 LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
499
500 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
501 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
502 LsapCreateSid(&NtAuthority,
503 2,
504 SubAuthorities,
505 szAccountName,
506 szDomainName,
507 SidTypeAlias);
508
509 /* Guests Alias Sid */
510 LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
511
512 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
513 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
514 LsapCreateSid(&NtAuthority,
515 2,
516 SubAuthorities,
517 szAccountName,
518 szDomainName,
519 SidTypeAlias);
520
521 /* Power User Alias Sid */
522 LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
523
524 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
525 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
526 LsapCreateSid(&NtAuthority,
527 2,
528 SubAuthorities,
529 szAccountName,
530 szDomainName,
531 SidTypeAlias);
532
533 /* Account Operators Alias Sid */
534 LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
535
536 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
537 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
538 LsapCreateSid(&NtAuthority,
539 2,
540 SubAuthorities,
541 szAccountName,
542 szDomainName,
543 SidTypeAlias);
544
545 /* System Operators Alias Sid */
546 LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
547
548 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
549 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
550 LsapCreateSid(&NtAuthority,
551 2,
552 SubAuthorities,
553 szAccountName,
554 szDomainName,
555 SidTypeAlias);
556
557 /* Print Operators Alias Sid */
558 LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
559
560 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
561 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
562 LsapCreateSid(&NtAuthority,
563 2,
564 SubAuthorities,
565 szAccountName,
566 szDomainName,
567 SidTypeAlias);
568
569 /* Backup Operators Alias Sid */
570 LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
571
572 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
573 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
574 LsapCreateSid(&NtAuthority,
575 2,
576 SubAuthorities,
577 szAccountName,
578 szDomainName,
579 SidTypeAlias);
580
581 /* Replicators Alias Sid */
582 LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
583
584 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
585 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
586 LsapCreateSid(&NtAuthority,
587 2,
588 SubAuthorities,
589 szAccountName,
590 szDomainName,
591 SidTypeAlias);
592
593 /* RAS Servers Alias Sid */
594 LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
595
596 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
597 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
598 LsapCreateSid(&NtAuthority,
599 2,
600 SubAuthorities,
601 szAccountName,
602 szDomainName,
603 SidTypeAlias);
604
605 /* Pre-Windows 2000 Compatible Access Alias Sid */
606 LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
607
608 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
609 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
610 LsapCreateSid(&NtAuthority,
611 2,
612 SubAuthorities,
613 szAccountName,
614 szDomainName,
615 SidTypeAlias);
616
617 /* Remote Desktop Users Alias Sid */
618 LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
619
620 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
621 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
622 LsapCreateSid(&NtAuthority,
623 2,
624 SubAuthorities,
625 szAccountName,
626 szDomainName,
627 SidTypeAlias);
628
629 /* Network Configuration Operators Alias Sid */
630 LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
631
632 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
633 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
634 LsapCreateSid(&NtAuthority,
635 2,
636 SubAuthorities,
637 szAccountName,
638 szDomainName,
639 SidTypeAlias);
640
641 /* FIXME: Add more well known sids */
642
643 return STATUS_SUCCESS;
644 }
645
646
647 PWELL_KNOWN_SID
648 LsapLookupWellKnownSid(PSID Sid)
649 {
650 PLIST_ENTRY ListEntry;
651 PWELL_KNOWN_SID Ptr;
652
653 ListEntry = WellKnownSidListHead.Flink;
654 while (ListEntry != &WellKnownSidListHead)
655 {
656 Ptr = CONTAINING_RECORD(ListEntry,
657 WELL_KNOWN_SID,
658 ListEntry);
659 if (RtlEqualSid(Sid, Ptr->Sid))
660 {
661 return Ptr;
662 }
663
664 ListEntry = ListEntry->Flink;
665 }
666
667 return NULL;
668 }
669
670
671 PWELL_KNOWN_SID
672 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName)
673 {
674 PLIST_ENTRY ListEntry;
675 PWELL_KNOWN_SID Ptr;
676
677 ListEntry = WellKnownSidListHead.Flink;
678 while (ListEntry != &WellKnownSidListHead)
679 {
680 Ptr = CONTAINING_RECORD(ListEntry,
681 WELL_KNOWN_SID,
682 ListEntry);
683 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE))
684 {
685 return Ptr;
686 }
687
688 ListEntry = ListEntry->Flink;
689 }
690
691 return NULL;
692 }
693
694
695 PWELL_KNOWN_SID
696 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName,
697 PUNICODE_STRING DomainName)
698 {
699 PLIST_ENTRY ListEntry;
700 PWELL_KNOWN_SID Ptr;
701
702 ListEntry = WellKnownSidListHead.Flink;
703 while (ListEntry != &WellKnownSidListHead)
704 {
705 Ptr = CONTAINING_RECORD(ListEntry,
706 WELL_KNOWN_SID,
707 ListEntry);
708 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) &&
709 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE))
710 {
711 return Ptr;
712 }
713
714 ListEntry = ListEntry->Flink;
715 }
716
717 return NULL;
718 }
719
720
721 static
722 NTSTATUS
723 LsapSplitNames(DWORD Count,
724 PRPC_UNICODE_STRING Names,
725 PRPC_UNICODE_STRING *DomainNames,
726 PRPC_UNICODE_STRING *AccountNames)
727 {
728 PRPC_UNICODE_STRING DomainsBuffer = NULL;
729 PRPC_UNICODE_STRING AccountsBuffer = NULL;
730 ULONG DomainLength;
731 ULONG AccountLength;
732 ULONG i;
733 LPWSTR Ptr;
734 NTSTATUS Status = STATUS_SUCCESS;
735
736 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
737 if (DomainsBuffer == NULL)
738 {
739 Status = STATUS_INSUFFICIENT_RESOURCES;
740 goto done;
741 }
742
743 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING));
744 if (AccountsBuffer == NULL)
745 {
746 Status = STATUS_INSUFFICIENT_RESOURCES;
747 goto done;
748 }
749
750 for (i = 0; i < Count; i++)
751 {
752 //TRACE("Name: %wZ\n", &Names[i]);
753
754 Ptr = wcschr(Names[i].Buffer, L'\\');
755 if (Ptr == NULL)
756 {
757 AccountLength = Names[i].Length / sizeof(WCHAR);
758
759 AccountsBuffer[i].Length = Names[i].Length;
760 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
761 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
762 if (AccountsBuffer[i].Buffer == NULL)
763 {
764 Status = STATUS_INSUFFICIENT_RESOURCES;
765 goto done;
766 }
767
768 CopyMemory(AccountsBuffer[i].Buffer,
769 Names[i].Buffer,
770 AccountsBuffer[i].Length);
771 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
772
773 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
774 }
775 else
776 {
777 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer);
778 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1;
779 //TRACE("DomainLength: %u\n", DomainLength);
780 //TRACE("AccountLength: %u\n", AccountLength);
781
782 if (DomainLength > 0)
783 {
784 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR);
785 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR);
786 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength);
787 if (DomainsBuffer[i].Buffer == NULL)
788 {
789 Status = STATUS_INSUFFICIENT_RESOURCES;
790 goto done;
791 }
792
793 CopyMemory(DomainsBuffer[i].Buffer,
794 Names[i].Buffer,
795 DomainsBuffer[i].Length);
796 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL;
797
798 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]);
799 }
800
801 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR);
802 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR);
803 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength);
804 if (AccountsBuffer[i].Buffer == NULL)
805 {
806 Status = STATUS_INSUFFICIENT_RESOURCES;
807 goto done;
808 }
809
810 CopyMemory(AccountsBuffer[i].Buffer,
811 &(Names[i].Buffer[DomainLength + 1]),
812 AccountsBuffer[i].Length);
813 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL;
814
815 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]);
816 }
817 }
818
819 done:
820 if (!NT_SUCCESS(Status))
821 {
822 if (AccountsBuffer != NULL)
823 {
824 for (i = 0; i < Count; i++)
825 {
826 if (AccountsBuffer[i].Buffer != NULL)
827 MIDL_user_free(AccountsBuffer[i].Buffer);
828 }
829
830 MIDL_user_free(AccountsBuffer);
831 }
832
833 if (DomainsBuffer != NULL)
834 {
835 for (i = 0; i < Count; i++)
836 {
837 if (DomainsBuffer[i].Buffer != NULL)
838 MIDL_user_free(DomainsBuffer[i].Buffer);
839 }
840
841 MIDL_user_free(DomainsBuffer);
842 }
843 }
844 else
845 {
846 *DomainNames = DomainsBuffer;
847 *AccountNames = AccountsBuffer;
848 }
849
850 return Status;
851 }
852
853
854 static NTSTATUS
855 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
856 PUNICODE_STRING Name,
857 PSID Sid,
858 PULONG Index)
859 {
860 ULONG i;
861
862 i = 0;
863 while (i < ReferencedDomains->Entries &&
864 ReferencedDomains->Domains[i].Sid != NULL)
865 {
866 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid))
867 {
868 *Index = i;
869 return STATUS_SUCCESS;
870 }
871
872 i++;
873 }
874
875 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid));
876 if (ReferencedDomains->Domains[i].Sid == NULL)
877 return STATUS_INSUFFICIENT_RESOURCES;
878
879 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid);
880
881 ReferencedDomains->Domains[i].Name.Length = Name->Length;
882 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength;
883 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength);
884 if (ReferencedDomains->Domains[i].Sid == NULL)
885 {
886 MIDL_user_free(ReferencedDomains->Domains[i].Sid);
887 ReferencedDomains->Domains[i].Sid = NULL;
888 return STATUS_INSUFFICIENT_RESOURCES;
889 }
890
891 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer,
892 Name->Buffer,
893 Name->MaximumLength);
894
895 ReferencedDomains->Entries++;
896 *Index = i;
897
898 return STATUS_SUCCESS;
899 }
900
901
902 static BOOLEAN
903 LsapIsPrefixSid(IN PSID PrefixSid,
904 IN PSID Sid)
905 {
906 PISID Sid1 = PrefixSid, Sid2 = Sid;
907 ULONG i;
908
909 if (Sid1->Revision != Sid2->Revision)
910 return FALSE;
911
912 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) ||
913 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) ||
914 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) ||
915 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) ||
916 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) ||
917 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5]))
918 return FALSE;
919
920 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount)
921 return FALSE;
922
923 if (Sid1->SubAuthorityCount == 0)
924 return TRUE;
925
926 for (i = 0; i < Sid1->SubAuthorityCount; i++)
927 {
928 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i])
929 return FALSE;
930 }
931
932 return TRUE;
933 }
934
935
936 ULONG
937 LsapGetRelativeIdFromSid(PSID Sid_)
938 {
939 PISID Sid = Sid_;
940
941 if (Sid->SubAuthorityCount != 0)
942 return Sid->SubAuthority[Sid->SubAuthorityCount - 1];
943
944 return 0;
945 }
946
947
948 static PSID
949 CreateSidFromSidAndRid(PSID SrcSid,
950 ULONG RelativeId)
951 {
952 UCHAR RidCount;
953 PSID DstSid;
954 ULONG i;
955 ULONG DstSidSize;
956 PULONG p, q;
957
958 RidCount = *RtlSubAuthorityCountSid(SrcSid);
959 if (RidCount >= 8)
960 return NULL;
961
962 DstSidSize = RtlLengthRequiredSid(RidCount + 1);
963
964 DstSid = MIDL_user_allocate(DstSidSize);
965 if (DstSid == NULL)
966 return NULL;
967
968 RtlInitializeSid(DstSid,
969 RtlIdentifierAuthoritySid(SrcSid),
970 RidCount + 1);
971
972 for (i = 0; i < (ULONG)RidCount; i++)
973 {
974 p = RtlSubAuthoritySid(SrcSid, i);
975 q = RtlSubAuthoritySid(DstSid, i);
976 *q = *p;
977 }
978
979 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount);
980 *q = RelativeId;
981
982 return DstSid;
983 }
984
985
986 static PSID
987 CreateDomainSidFromAccountSid(PSID AccountSid)
988 {
989 UCHAR RidCount;
990 PSID DomainSid;
991 ULONG i;
992 ULONG DstSidSize;
993 PULONG p, q;
994
995 RidCount = *RtlSubAuthorityCountSid(AccountSid);
996 if (RidCount > 0)
997 RidCount--;
998
999 DstSidSize = RtlLengthRequiredSid(RidCount);
1000
1001 DomainSid = MIDL_user_allocate(DstSidSize);
1002 if (DomainSid == NULL)
1003 return NULL;
1004
1005 RtlInitializeSid(DomainSid,
1006 RtlIdentifierAuthoritySid(AccountSid),
1007 RidCount);
1008
1009 for (i = 0; i < (ULONG)RidCount; i++)
1010 {
1011 p = RtlSubAuthoritySid(AccountSid, i);
1012 q = RtlSubAuthoritySid(DomainSid, i);
1013 *q = *p;
1014 }
1015
1016 return DomainSid;
1017 }
1018
1019
1020 static PSID
1021 LsapCopySid(PSID SrcSid)
1022 {
1023 UCHAR RidCount;
1024 PSID DstSid;
1025 ULONG i;
1026 ULONG DstSidSize;
1027 PULONG p, q;
1028
1029 RidCount = *RtlSubAuthorityCountSid(SrcSid);
1030 DstSidSize = RtlLengthRequiredSid(RidCount);
1031
1032 DstSid = MIDL_user_allocate(DstSidSize);
1033 if (DstSid == NULL)
1034 return NULL;
1035
1036 RtlInitializeSid(DstSid,
1037 RtlIdentifierAuthoritySid(SrcSid),
1038 RidCount);
1039
1040 for (i = 0; i < (ULONG)RidCount; i++)
1041 {
1042 p = RtlSubAuthoritySid(SrcSid, i);
1043 q = RtlSubAuthoritySid(DstSid, i);
1044 *q = *p;
1045 }
1046
1047 return DstSid;
1048 }
1049
1050
1051 static
1052 NTSTATUS
1053 LsapLookupIsolatedNames(DWORD Count,
1054 PRPC_UNICODE_STRING DomainNames,
1055 PRPC_UNICODE_STRING AccountNames,
1056 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1057 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1058 PULONG Mapped)
1059 {
1060 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1061 PWELL_KNOWN_SID ptr, ptr2;
1062 PSID DomainSid;
1063 ULONG DomainIndex;
1064 ULONG i;
1065 NTSTATUS Status = STATUS_SUCCESS;
1066
1067 for (i = 0; i < Count; i++)
1068 {
1069 /* Ignore names which were already mapped */
1070 if (SidsBuffer[i].Use != SidTypeUnknown)
1071 continue;
1072
1073 /* Ignore fully qualified account names */
1074 if (DomainNames[i].Length != 0)
1075 continue;
1076
1077 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1078
1079 /* Look-up all well-known names */
1080 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]);
1081 if (ptr != NULL)
1082 {
1083 SidsBuffer[i].Use = ptr->Use;
1084 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1085 if (SidsBuffer[i].Sid == NULL)
1086 {
1087 Status = STATUS_INSUFFICIENT_RESOURCES;
1088 goto done;
1089 }
1090
1091 SidsBuffer[i].DomainIndex = -1;
1092 SidsBuffer[i].Flags = 0;
1093
1094 if (ptr->Use == SidTypeDomain)
1095 {
1096 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1097 &ptr->AccountName,
1098 ptr->Sid,
1099 &DomainIndex);
1100 if (!NT_SUCCESS(Status))
1101 goto done;
1102
1103 SidsBuffer[i].DomainIndex = DomainIndex;
1104 }
1105 else
1106 {
1107 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1108 if (ptr2 != NULL)
1109 {
1110 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1111 &ptr2->AccountName,
1112 ptr2->Sid,
1113 &DomainIndex);
1114 if (!NT_SUCCESS(Status))
1115 goto done;
1116
1117 SidsBuffer[i].DomainIndex = DomainIndex;
1118 }
1119 else
1120 {
1121 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1122 if (DomainSid == NULL)
1123 {
1124 Status = STATUS_INSUFFICIENT_RESOURCES;
1125 goto done;
1126 }
1127
1128 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1129 &EmptyDomainName,
1130 DomainSid,
1131 &DomainIndex);
1132
1133 if (DomainSid != NULL)
1134 {
1135 MIDL_user_free(DomainSid);
1136 DomainSid = NULL;
1137 }
1138
1139 if (!NT_SUCCESS(Status))
1140 goto done;
1141
1142 SidsBuffer[i].DomainIndex = DomainIndex;
1143 }
1144 }
1145
1146 (*Mapped)++;
1147 continue;
1148 }
1149
1150 /* Look-up the built-in domain */
1151 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE))
1152 {
1153 SidsBuffer[i].Use = SidTypeDomain;
1154 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid);
1155 if (SidsBuffer[i].Sid == NULL)
1156 {
1157 Status = STATUS_INSUFFICIENT_RESOURCES;
1158 goto done;
1159 }
1160
1161 SidsBuffer[i].DomainIndex = -1;
1162 SidsBuffer[i].Flags = 0;
1163
1164 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1165 &BuiltinDomainName,
1166 BuiltinDomainSid,
1167 &DomainIndex);
1168 if (!NT_SUCCESS(Status))
1169 goto done;
1170
1171 SidsBuffer[i].DomainIndex = DomainIndex;
1172
1173 (*Mapped)++;
1174 continue;
1175 }
1176
1177 /* Look-up the account domain */
1178 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
1179 {
1180 SidsBuffer[i].Use = SidTypeDomain;
1181 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid);
1182 if (SidsBuffer[i].Sid == NULL)
1183 {
1184 Status = STATUS_INSUFFICIENT_RESOURCES;
1185 goto done;
1186 }
1187 SidsBuffer[i].DomainIndex = -1;
1188 SidsBuffer[i].Flags = 0;
1189
1190 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1191 &AccountDomainName,
1192 AccountDomainSid,
1193 &DomainIndex);
1194 if (!NT_SUCCESS(Status))
1195 goto done;
1196
1197 SidsBuffer[i].DomainIndex = DomainIndex;
1198
1199 (*Mapped)++;
1200 continue;
1201 }
1202
1203 /* FIXME: Look-up the primary domain */
1204
1205 /* FIXME: Look-up the trusted domains */
1206
1207 }
1208
1209 done:
1210
1211 return Status;
1212 }
1213
1214
1215 static
1216 NTSTATUS
1217 LsapLookupIsolatedBuiltinNames(DWORD Count,
1218 PRPC_UNICODE_STRING DomainNames,
1219 PRPC_UNICODE_STRING AccountNames,
1220 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1221 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1222 PULONG Mapped)
1223 {
1224 SAMPR_HANDLE ServerHandle = NULL;
1225 SAMPR_HANDLE DomainHandle = NULL;
1226 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1227 SAMPR_ULONG_ARRAY Use = {0, NULL};
1228 ULONG DomainIndex;
1229 ULONG i;
1230 NTSTATUS Status = STATUS_SUCCESS;
1231
1232 Status = SamrConnect(NULL,
1233 &ServerHandle,
1234 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1235 if (!NT_SUCCESS(Status))
1236 {
1237 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1238 goto done;
1239 }
1240
1241 Status = SamrOpenDomain(ServerHandle,
1242 DOMAIN_LOOKUP,
1243 BuiltinDomainSid,
1244 &DomainHandle);
1245 if (!NT_SUCCESS(Status))
1246 {
1247 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1248 goto done;
1249 }
1250
1251 for (i = 0; i < Count; i++)
1252 {
1253 /* Ignore names which were already mapped */
1254 if (SidsBuffer[i].Use != SidTypeUnknown)
1255 continue;
1256
1257 /* Ignore fully qualified account names */
1258 if (DomainNames[i].Length != 0)
1259 continue;
1260
1261 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1262
1263 Status = SamrLookupNamesInDomain(DomainHandle,
1264 1,
1265 &AccountNames[i],
1266 &RelativeIds,
1267 &Use);
1268 if (NT_SUCCESS(Status))
1269 {
1270 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1271
1272 SidsBuffer[i].Use = Use.Element[0];
1273 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1274 RelativeIds.Element[0]);
1275 if (SidsBuffer[i].Sid == NULL)
1276 {
1277 Status = STATUS_INSUFFICIENT_RESOURCES;
1278 goto done;
1279 }
1280
1281 SidsBuffer[i].DomainIndex = -1;
1282 SidsBuffer[i].Flags = 0;
1283
1284 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1285 &BuiltinDomainName,
1286 BuiltinDomainSid,
1287 &DomainIndex);
1288 if (!NT_SUCCESS(Status))
1289 goto done;
1290
1291 SidsBuffer[i].DomainIndex = DomainIndex;
1292
1293 (*Mapped)++;
1294 }
1295
1296 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1297 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1298 }
1299
1300 done:
1301 if (DomainHandle != NULL)
1302 SamrCloseHandle(&DomainHandle);
1303
1304 if (ServerHandle != NULL)
1305 SamrCloseHandle(&ServerHandle);
1306
1307 return Status;
1308 }
1309
1310
1311 static
1312 NTSTATUS
1313 LsapLookupIsolatedAccountNames(DWORD Count,
1314 PRPC_UNICODE_STRING DomainNames,
1315 PRPC_UNICODE_STRING AccountNames,
1316 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1317 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1318 PULONG Mapped)
1319 {
1320 SAMPR_HANDLE ServerHandle = NULL;
1321 SAMPR_HANDLE DomainHandle = NULL;
1322 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1323 SAMPR_ULONG_ARRAY Use = {0, NULL};
1324 ULONG DomainIndex;
1325 ULONG i;
1326 NTSTATUS Status = STATUS_SUCCESS;
1327
1328 TRACE("()\n");
1329
1330 Status = SamrConnect(NULL,
1331 &ServerHandle,
1332 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1333 if (!NT_SUCCESS(Status))
1334 {
1335 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1336 goto done;
1337 }
1338
1339 Status = SamrOpenDomain(ServerHandle,
1340 DOMAIN_LOOKUP,
1341 AccountDomainSid,
1342 &DomainHandle);
1343 if (!NT_SUCCESS(Status))
1344 {
1345 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1346 goto done;
1347 }
1348
1349 for (i = 0; i < Count; i++)
1350 {
1351 /* Ignore names which were already mapped */
1352 if (SidsBuffer[i].Use != SidTypeUnknown)
1353 continue;
1354
1355 /* Ignore fully qualified account names */
1356 if (DomainNames[i].Length != 0)
1357 continue;
1358
1359 TRACE("Mapping name: %wZ\n", &AccountNames[i]);
1360
1361 Status = SamrLookupNamesInDomain(DomainHandle,
1362 1,
1363 &AccountNames[i],
1364 &RelativeIds,
1365 &Use);
1366 if (NT_SUCCESS(Status))
1367 {
1368 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]);
1369
1370 SidsBuffer[i].Use = Use.Element[0];
1371 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1372 RelativeIds.Element[0]);
1373 if (SidsBuffer[i].Sid == NULL)
1374 {
1375 Status = STATUS_INSUFFICIENT_RESOURCES;
1376 goto done;
1377 }
1378
1379 SidsBuffer[i].DomainIndex = -1;
1380 SidsBuffer[i].Flags = 0;
1381
1382 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1383 &AccountDomainName,
1384 AccountDomainSid,
1385 &DomainIndex);
1386 if (!NT_SUCCESS(Status))
1387 goto done;
1388
1389 SidsBuffer[i].DomainIndex = DomainIndex;
1390
1391 (*Mapped)++;
1392 }
1393
1394 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1395 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1396 }
1397
1398 done:
1399 if (DomainHandle != NULL)
1400 SamrCloseHandle(&DomainHandle);
1401
1402 if (ServerHandle != NULL)
1403 SamrCloseHandle(&ServerHandle);
1404
1405 return Status;
1406 }
1407
1408
1409 static
1410 NTSTATUS
1411 LsapLookupFullyQualifiedWellKnownNames(DWORD Count,
1412 PRPC_UNICODE_STRING DomainNames,
1413 PRPC_UNICODE_STRING AccountNames,
1414 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1415 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1416 PULONG Mapped)
1417 {
1418 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L"");
1419 PWELL_KNOWN_SID ptr, ptr2;
1420 PSID DomainSid;
1421 ULONG DomainIndex;
1422 ULONG i;
1423 NTSTATUS Status = STATUS_SUCCESS;
1424
1425 for (i = 0; i < Count; i++)
1426 {
1427 /* Ignore names which were already mapped */
1428 if (SidsBuffer[i].Use != SidTypeUnknown)
1429 continue;
1430
1431 /* Ignore isolated account names */
1432 if (DomainNames[i].Length == 0)
1433 continue;
1434
1435 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1436
1437 /* Look-up all well-known names */
1438 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i],
1439 (PUNICODE_STRING)&DomainNames[i]);
1440 if (ptr != NULL)
1441 {
1442 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName);
1443
1444 SidsBuffer[i].Use = ptr->Use;
1445 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid);
1446 if (SidsBuffer[i].Sid == NULL)
1447 {
1448 Status = STATUS_INSUFFICIENT_RESOURCES;
1449 goto done;
1450 }
1451
1452 SidsBuffer[i].DomainIndex = -1;
1453 SidsBuffer[i].Flags = 0;
1454
1455 if (ptr->Use == SidTypeDomain)
1456 {
1457 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1458 &ptr->AccountName,
1459 ptr->Sid,
1460 &DomainIndex);
1461 if (!NT_SUCCESS(Status))
1462 goto done;
1463
1464 SidsBuffer[i].DomainIndex = DomainIndex;
1465 }
1466 else
1467 {
1468 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1469 if (ptr2 != NULL)
1470 {
1471 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1472 &ptr2->AccountName,
1473 ptr2->Sid,
1474 &DomainIndex);
1475 if (!NT_SUCCESS(Status))
1476 goto done;
1477
1478 SidsBuffer[i].DomainIndex = DomainIndex;
1479 }
1480 else
1481 {
1482 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid);
1483 if (DomainSid == NULL)
1484 {
1485 Status = STATUS_INSUFFICIENT_RESOURCES;
1486 goto done;
1487 }
1488
1489 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1490 &EmptyDomainName,
1491 DomainSid,
1492 &DomainIndex);
1493
1494 if (DomainSid != NULL)
1495 {
1496 MIDL_user_free(DomainSid);
1497 DomainSid = NULL;
1498 }
1499
1500 if (!NT_SUCCESS(Status))
1501 goto done;
1502
1503 SidsBuffer[i].DomainIndex = DomainIndex;
1504 }
1505 }
1506
1507 (*Mapped)++;
1508 continue;
1509 }
1510 }
1511
1512 done:
1513 return Status;
1514 }
1515
1516
1517 static
1518 NTSTATUS
1519 LsapLookupBuiltinNames(DWORD Count,
1520 PRPC_UNICODE_STRING DomainNames,
1521 PRPC_UNICODE_STRING AccountNames,
1522 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1523 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1524 PULONG Mapped)
1525 {
1526 SAMPR_HANDLE ServerHandle = NULL;
1527 SAMPR_HANDLE DomainHandle = NULL;
1528 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1529 SAMPR_ULONG_ARRAY Use = {0, NULL};
1530 ULONG DomainIndex;
1531 ULONG i;
1532 NTSTATUS Status = STATUS_SUCCESS;
1533
1534 Status = SamrConnect(NULL,
1535 &ServerHandle,
1536 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1537 if (!NT_SUCCESS(Status))
1538 {
1539 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1540 goto done;
1541 }
1542
1543 Status = SamrOpenDomain(ServerHandle,
1544 DOMAIN_LOOKUP,
1545 BuiltinDomainSid,
1546 &DomainHandle);
1547 if (!NT_SUCCESS(Status))
1548 {
1549 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1550 goto done;
1551 }
1552
1553 for (i = 0; i < Count; i++)
1554 {
1555 /* Ignore names which were already mapped */
1556 if (SidsBuffer[i].Use != SidTypeUnknown)
1557 continue;
1558
1559 /* Ignore isolated account names */
1560 if (DomainNames[i].Length == 0)
1561 continue;
1562
1563 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE))
1564 continue;
1565
1566 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1567
1568 Status = SamrLookupNamesInDomain(DomainHandle,
1569 1,
1570 &AccountNames[i],
1571 &RelativeIds,
1572 &Use);
1573 if (NT_SUCCESS(Status))
1574 {
1575 SidsBuffer[i].Use = Use.Element[0];
1576 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid,
1577 RelativeIds.Element[0]);
1578 if (SidsBuffer[i].Sid == NULL)
1579 {
1580 Status = STATUS_INSUFFICIENT_RESOURCES;
1581 goto done;
1582 }
1583
1584 SidsBuffer[i].DomainIndex = -1;
1585 SidsBuffer[i].Flags = 0;
1586
1587 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1588 &BuiltinDomainName,
1589 BuiltinDomainSid,
1590 &DomainIndex);
1591 if (!NT_SUCCESS(Status))
1592 goto done;
1593
1594 SidsBuffer[i].DomainIndex = DomainIndex;
1595
1596 (*Mapped)++;
1597 }
1598
1599 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1600 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1601 }
1602
1603 done:
1604 if (DomainHandle != NULL)
1605 SamrCloseHandle(&DomainHandle);
1606
1607 if (ServerHandle != NULL)
1608 SamrCloseHandle(&ServerHandle);
1609
1610 return Status;
1611 }
1612
1613
1614 static
1615 NTSTATUS
1616 LsapLookupAccountNames(DWORD Count,
1617 PRPC_UNICODE_STRING DomainNames,
1618 PRPC_UNICODE_STRING AccountNames,
1619 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1620 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
1621 PULONG Mapped)
1622 {
1623 SAMPR_HANDLE ServerHandle = NULL;
1624 SAMPR_HANDLE DomainHandle = NULL;
1625 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1626 SAMPR_ULONG_ARRAY Use = {0, NULL};
1627 ULONG DomainIndex;
1628 ULONG i;
1629 NTSTATUS Status = STATUS_SUCCESS;
1630
1631 Status = SamrConnect(NULL,
1632 &ServerHandle,
1633 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
1634 if (!NT_SUCCESS(Status))
1635 {
1636 TRACE("SamrConnect failed (Status %08lx)\n", Status);
1637 goto done;
1638 }
1639
1640 Status = SamrOpenDomain(ServerHandle,
1641 DOMAIN_LOOKUP,
1642 AccountDomainSid,
1643 &DomainHandle);
1644 if (!NT_SUCCESS(Status))
1645 {
1646 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
1647 goto done;
1648 }
1649
1650 for (i = 0; i < Count; i++)
1651 {
1652 /* Ignore names which were already mapped */
1653 if (SidsBuffer[i].Use != SidTypeUnknown)
1654 continue;
1655
1656 /* Ignore isolated account names */
1657 if (DomainNames[i].Length == 0)
1658 continue;
1659
1660 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE))
1661 continue;
1662
1663 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]);
1664
1665 Status = SamrLookupNamesInDomain(DomainHandle,
1666 1,
1667 &AccountNames[i],
1668 &RelativeIds,
1669 &Use);
1670 if (NT_SUCCESS(Status))
1671 {
1672 SidsBuffer[i].Use = Use.Element[0];
1673 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid,
1674 RelativeIds.Element[0]);
1675 if (SidsBuffer[i].Sid == NULL)
1676 {
1677 Status = STATUS_INSUFFICIENT_RESOURCES;
1678 goto done;
1679 }
1680
1681 SidsBuffer[i].DomainIndex = -1;
1682 SidsBuffer[i].Flags = 0;
1683
1684 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1685 &AccountDomainName,
1686 AccountDomainSid,
1687 &DomainIndex);
1688 if (!NT_SUCCESS(Status))
1689 goto done;
1690
1691 SidsBuffer[i].DomainIndex = DomainIndex;
1692
1693 (*Mapped)++;
1694 }
1695
1696 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1697 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1698 }
1699
1700 done:
1701 if (DomainHandle != NULL)
1702 SamrCloseHandle(&DomainHandle);
1703
1704 if (ServerHandle != NULL)
1705 SamrCloseHandle(&ServerHandle);
1706
1707 return Status;
1708 }
1709
1710
1711 NTSTATUS
1712 LsapLookupNames(DWORD Count,
1713 PRPC_UNICODE_STRING Names,
1714 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1715 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
1716 LSAP_LOOKUP_LEVEL LookupLevel,
1717 DWORD *MappedCount,
1718 DWORD LookupOptions,
1719 DWORD ClientRevision)
1720 {
1721 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
1722 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL;
1723 PRPC_UNICODE_STRING DomainNames = NULL;
1724 PRPC_UNICODE_STRING AccountNames = NULL;
1725 ULONG SidsBufferLength;
1726 ULONG i;
1727 ULONG Mapped = 0;
1728 NTSTATUS Status = STATUS_SUCCESS;
1729
1730 //TRACE("()\n");
1731
1732 TranslatedSids->Entries = 0;
1733 TranslatedSids->Sids = NULL;
1734 *ReferencedDomains = NULL;
1735
1736 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2);
1737 SidsBuffer = MIDL_user_allocate(SidsBufferLength);
1738 if (SidsBuffer == NULL)
1739 {
1740 //TRACE("\n");
1741 Status = STATUS_INSUFFICIENT_RESOURCES;
1742 goto done;
1743 }
1744
1745 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
1746 if (DomainsBuffer == NULL)
1747 {
1748 //TRACE("\n");
1749 Status = STATUS_INSUFFICIENT_RESOURCES;
1750 goto done;
1751 }
1752
1753 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION));
1754 if (DomainsBuffer->Domains == NULL)
1755 {
1756 //TRACE("\n");
1757 Status = STATUS_INSUFFICIENT_RESOURCES;
1758 goto done;
1759 }
1760 DomainsBuffer->Entries = 0;
1761 DomainsBuffer->MaxEntries = Count;
1762
1763 for (i = 0; i < Count; i++)
1764 {
1765 SidsBuffer[i].Use = SidTypeUnknown;
1766 SidsBuffer[i].Sid = NULL;
1767 SidsBuffer[i].DomainIndex = -1;
1768 SidsBuffer[i].Flags = 0;
1769 }
1770
1771 Status = LsapSplitNames(Count,
1772 Names,
1773 &DomainNames,
1774 &AccountNames);
1775 if (!NT_SUCCESS(Status))
1776 {
1777 TRACE("LsapSplitNames failed! (Status %lx)\n", Status);
1778 goto done;
1779 }
1780
1781
1782 Status = LsapLookupIsolatedNames(Count,
1783 DomainNames,
1784 AccountNames,
1785 DomainsBuffer,
1786 SidsBuffer,
1787 &Mapped);
1788 if (!NT_SUCCESS(Status) &&
1789 Status != STATUS_NONE_MAPPED &&
1790 Status != STATUS_SOME_NOT_MAPPED)
1791 {
1792 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status);
1793 goto done;
1794 }
1795
1796 if (Mapped == Count)
1797 goto done;
1798
1799
1800 Status = LsapLookupIsolatedBuiltinNames(Count,
1801 DomainNames,
1802 AccountNames,
1803 DomainsBuffer,
1804 SidsBuffer,
1805 &Mapped);
1806 if (!NT_SUCCESS(Status) &&
1807 Status != STATUS_NONE_MAPPED &&
1808 Status != STATUS_SOME_NOT_MAPPED)
1809 {
1810 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status);
1811 goto done;
1812 }
1813
1814 if (Mapped == Count)
1815 goto done;
1816
1817
1818 Status = LsapLookupIsolatedAccountNames(Count,
1819 DomainNames,
1820 AccountNames,
1821 DomainsBuffer,
1822 SidsBuffer,
1823 &Mapped);
1824 if (!NT_SUCCESS(Status) &&
1825 Status != STATUS_NONE_MAPPED &&
1826 Status != STATUS_SOME_NOT_MAPPED)
1827 {
1828 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status);
1829 goto done;
1830 }
1831
1832 if (Mapped == Count)
1833 goto done;
1834
1835 Status = LsapLookupFullyQualifiedWellKnownNames(Count,
1836 DomainNames,
1837 AccountNames,
1838 DomainsBuffer,
1839 SidsBuffer,
1840 &Mapped);
1841 if (!NT_SUCCESS(Status) &&
1842 Status != STATUS_NONE_MAPPED &&
1843 Status != STATUS_SOME_NOT_MAPPED)
1844 {
1845 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status);
1846 goto done;
1847 }
1848
1849 if (Mapped == Count)
1850 goto done;
1851
1852 Status = LsapLookupBuiltinNames(Count,
1853 DomainNames,
1854 AccountNames,
1855 DomainsBuffer,
1856 SidsBuffer,
1857 &Mapped);
1858 if (!NT_SUCCESS(Status) &&
1859 Status != STATUS_NONE_MAPPED &&
1860 Status != STATUS_SOME_NOT_MAPPED)
1861 {
1862 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status);
1863 goto done;
1864 }
1865
1866 if (Mapped == Count)
1867 goto done;
1868
1869
1870 Status = LsapLookupAccountNames(Count,
1871 DomainNames,
1872 AccountNames,
1873 DomainsBuffer,
1874 SidsBuffer,
1875 &Mapped);
1876 if (!NT_SUCCESS(Status) &&
1877 Status != STATUS_NONE_MAPPED &&
1878 Status != STATUS_SOME_NOT_MAPPED)
1879 {
1880 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status);
1881 goto done;
1882 }
1883
1884 if (Mapped == Count)
1885 goto done;
1886
1887 done:
1888 // TRACE("done: Status %lx\n", Status);
1889
1890 if (DomainNames != NULL)
1891 {
1892 //TRACE("Free DomainNames\n");
1893 for (i = 0; i < Count; i++)
1894 {
1895 if (DomainNames[i].Buffer != NULL)
1896 MIDL_user_free(DomainNames[i].Buffer);
1897 }
1898
1899 MIDL_user_free(DomainNames);
1900 }
1901
1902 if (AccountNames != NULL)
1903 {
1904 //TRACE("Free AccountNames\n");
1905 for (i = 0; i < Count; i++)
1906 {
1907 //TRACE("i: %lu\n", i);
1908 if (AccountNames[i].Buffer != NULL)
1909 {
1910 MIDL_user_free(AccountNames[i].Buffer);
1911 }
1912 }
1913
1914 MIDL_user_free(AccountNames);
1915 }
1916
1917 if (!NT_SUCCESS(Status))
1918 {
1919 //TRACE("Failure!\n");
1920
1921 //TRACE("Free DomainsBuffer\n");
1922 if (DomainsBuffer != NULL)
1923 {
1924 if (DomainsBuffer->Domains != NULL)
1925 MIDL_user_free(DomainsBuffer->Domains);
1926
1927 MIDL_user_free(DomainsBuffer);
1928 }
1929
1930 //TRACE("Free SidsBuffer\n");
1931 if (SidsBuffer != NULL)
1932 MIDL_user_free(SidsBuffer);
1933 }
1934 else
1935 {
1936 //TRACE("Success!\n");
1937
1938 *ReferencedDomains = DomainsBuffer;
1939 TranslatedSids->Entries = Count;
1940 TranslatedSids->Sids = SidsBuffer;
1941 *MappedCount = Mapped;
1942
1943 if (Mapped == 0)
1944 Status = STATUS_NONE_MAPPED;
1945 else if (Mapped < Count)
1946 Status = STATUS_SOME_NOT_MAPPED;
1947 }
1948
1949 // TRACE("done: Status %lx\n", Status);
1950
1951 return Status;
1952 }
1953
1954
1955 static NTSTATUS
1956 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1957 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
1958 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
1959 PULONG Mapped)
1960 {
1961 PWELL_KNOWN_SID ptr, ptr2;
1962 LPWSTR SidString = NULL;
1963 ULONG DomainIndex;
1964 ULONG i;
1965 NTSTATUS Status = STATUS_SUCCESS;
1966
1967 for (i = 0; i < SidEnumBuffer->Entries; i++)
1968 {
1969 /* Ignore SIDs which are already mapped */
1970 if (NamesBuffer[i].Use != SidTypeUnknown)
1971 continue;
1972
1973 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
1974 TRACE("Mapping SID: %S\n", SidString);
1975 LocalFree(SidString);
1976 SidString = NULL;
1977
1978 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid);
1979 if (ptr != NULL)
1980 {
1981 NamesBuffer[i].Use = ptr->Use;
1982 NamesBuffer[i].Flags = 0;
1983
1984 NamesBuffer[i].Name.Length = ptr->AccountName.Length;
1985 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength;
1986 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength);
1987 if (NamesBuffer[i].Name.Buffer == NULL)
1988 {
1989 Status = STATUS_INSUFFICIENT_RESOURCES;
1990 goto done;
1991 }
1992
1993 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength);
1994
1995 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName);
1996 if (ptr2 != NULL)
1997 {
1998 Status = LsapAddDomainToDomainsList(DomainsBuffer,
1999 &ptr2->AccountName,
2000 ptr2->Sid,
2001 &DomainIndex);
2002 if (!NT_SUCCESS(Status))
2003 goto done;
2004
2005 NamesBuffer[i].DomainIndex = DomainIndex;
2006 }
2007
2008 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2009
2010 (*Mapped)++;
2011 }
2012 }
2013
2014 done:
2015 return Status;
2016 }
2017
2018
2019 static NTSTATUS
2020 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2021 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2022 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2023 PULONG Mapped)
2024 {
2025 SAMPR_HANDLE ServerHandle = NULL;
2026 SAMPR_HANDLE DomainHandle = NULL;
2027 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2028 SAMPR_ULONG_ARRAY Use = {0, NULL};
2029 LPWSTR SidString = NULL;
2030 ULONG DomainIndex;
2031 ULONG RelativeIds[1];
2032 ULONG i;
2033 NTSTATUS Status = STATUS_SUCCESS;
2034
2035 Status = SamrConnect(NULL,
2036 &ServerHandle,
2037 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2038 if (!NT_SUCCESS(Status))
2039 {
2040 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2041 goto done;
2042 }
2043
2044 Status = SamrOpenDomain(ServerHandle,
2045 DOMAIN_LOOKUP,
2046 BuiltinDomainSid,
2047 &DomainHandle);
2048 if (!NT_SUCCESS(Status))
2049 {
2050 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2051 goto done;
2052 }
2053
2054 for (i = 0; i < SidEnumBuffer->Entries; i++)
2055 {
2056 /* Ignore SIDs which are already mapped */
2057 if (NamesBuffer[i].Use != SidTypeUnknown)
2058 continue;
2059
2060 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2061 TRACE("Mapping SID: %S\n", SidString);
2062 LocalFree(SidString);
2063 SidString = NULL;
2064
2065 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2066 {
2067 TRACE("Found builtin domain!\n");
2068
2069 NamesBuffer[i].Use = SidTypeDomain;
2070 NamesBuffer[i].Flags = 0;
2071
2072 NamesBuffer[i].Name.Length = BuiltinDomainName.Length;
2073 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength;
2074 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength);
2075 if (NamesBuffer[i].Name.Buffer == NULL)
2076 {
2077 Status = STATUS_INSUFFICIENT_RESOURCES;
2078 goto done;
2079 }
2080
2081 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength);
2082
2083 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2084 &BuiltinDomainName,
2085 BuiltinDomainSid,
2086 &DomainIndex);
2087 if (!NT_SUCCESS(Status))
2088 goto done;
2089
2090 NamesBuffer[i].DomainIndex = DomainIndex;
2091
2092 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2093
2094 (*Mapped)++;
2095 }
2096 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2097 {
2098 TRACE("Found builtin domain account!\n");
2099
2100 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2101
2102 Status = SamrLookupIdsInDomain(DomainHandle,
2103 1,
2104 RelativeIds,
2105 &Names,
2106 &Use);
2107 if (NT_SUCCESS(Status))
2108 {
2109 NamesBuffer[i].Use = Use.Element[0];
2110 NamesBuffer[i].Flags = 0;
2111
2112 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2113 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2114 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2115 if (NamesBuffer[i].Name.Buffer == NULL)
2116 {
2117 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2118 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2119
2120 Status = STATUS_INSUFFICIENT_RESOURCES;
2121 goto done;
2122 }
2123
2124 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2125 Names.Element[0].Buffer,
2126 Names.Element[0].MaximumLength);
2127
2128 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2129 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2130
2131 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2132 &BuiltinDomainName,
2133 BuiltinDomainSid,
2134 &DomainIndex);
2135 if (!NT_SUCCESS(Status))
2136 goto done;
2137
2138 NamesBuffer[i].DomainIndex = DomainIndex;
2139
2140 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2141
2142 (*Mapped)++;
2143 }
2144 }
2145 }
2146
2147 done:
2148 if (DomainHandle != NULL)
2149 SamrCloseHandle(&DomainHandle);
2150
2151 if (ServerHandle != NULL)
2152 SamrCloseHandle(&ServerHandle);
2153
2154 return Status;
2155 }
2156
2157
2158 static NTSTATUS
2159 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2160 PLSAPR_TRANSLATED_NAME_EX NamesBuffer,
2161 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
2162 PULONG Mapped)
2163 {
2164 SAMPR_HANDLE ServerHandle = NULL;
2165 SAMPR_HANDLE DomainHandle = NULL;
2166 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL};
2167 SAMPR_ULONG_ARRAY Use = {0, NULL};
2168 LPWSTR SidString = NULL;
2169 ULONG DomainIndex;
2170 ULONG RelativeIds[1];
2171 ULONG i;
2172 NTSTATUS Status = STATUS_SUCCESS;
2173
2174 Status = SamrConnect(NULL,
2175 &ServerHandle,
2176 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN);
2177 if (!NT_SUCCESS(Status))
2178 {
2179 TRACE("SamrConnect failed (Status %08lx)\n", Status);
2180 goto done;
2181 }
2182
2183 Status = SamrOpenDomain(ServerHandle,
2184 DOMAIN_LOOKUP,
2185 AccountDomainSid,
2186 &DomainHandle);
2187 if (!NT_SUCCESS(Status))
2188 {
2189 TRACE("SamOpenDomain failed (Status %08lx)\n", Status);
2190 goto done;
2191 }
2192
2193 for (i = 0; i < SidEnumBuffer->Entries; i++)
2194 {
2195 /* Ignore SIDs which are already mapped */
2196 if (NamesBuffer[i].Use != SidTypeUnknown)
2197 continue;
2198
2199 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString);
2200 TRACE("Mapping SID: %S\n", SidString);
2201 LocalFree(SidString);
2202 SidString = NULL;
2203
2204 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2205 {
2206 TRACE("Found account domain!\n");
2207
2208 NamesBuffer[i].Use = SidTypeDomain;
2209 NamesBuffer[i].Flags = 0;
2210
2211 NamesBuffer[i].Name.Length = AccountDomainName.Length;
2212 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength;
2213 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength);
2214 if (NamesBuffer[i].Name.Buffer == NULL)
2215 {
2216 Status = STATUS_INSUFFICIENT_RESOURCES;
2217 goto done;
2218 }
2219
2220 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength);
2221
2222 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2223 &AccountDomainName,
2224 AccountDomainSid,
2225 &DomainIndex);
2226 if (!NT_SUCCESS(Status))
2227 goto done;
2228
2229 NamesBuffer[i].DomainIndex = DomainIndex;
2230
2231 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2232
2233 (*Mapped)++;
2234 }
2235 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid))
2236 {
2237 TRACE("Found account domain account!\n");
2238
2239 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid);
2240
2241 Status = SamrLookupIdsInDomain(DomainHandle,
2242 1,
2243 RelativeIds,
2244 &Names,
2245 &Use);
2246 if (NT_SUCCESS(Status))
2247 {
2248 NamesBuffer[i].Use = Use.Element[0];
2249 NamesBuffer[i].Flags = 0;
2250
2251 NamesBuffer[i].Name.Length = Names.Element[0].Length;
2252 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength;
2253 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength);
2254 if (NamesBuffer[i].Name.Buffer == NULL)
2255 {
2256 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2257 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2258
2259 Status = STATUS_INSUFFICIENT_RESOURCES;
2260 goto done;
2261 }
2262
2263 RtlCopyMemory(NamesBuffer[i].Name.Buffer,
2264 Names.Element[0].Buffer,
2265 Names.Element[0].MaximumLength);
2266
2267 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names);
2268 SamIFree_SAMPR_ULONG_ARRAY(&Use);
2269
2270 Status = LsapAddDomainToDomainsList(DomainsBuffer,
2271 &AccountDomainName,
2272 AccountDomainSid,
2273 &DomainIndex);
2274 if (!NT_SUCCESS(Status))
2275 goto done;
2276
2277 NamesBuffer[i].DomainIndex = DomainIndex;
2278
2279 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name);
2280
2281 (*Mapped)++;
2282 }
2283 }
2284 }
2285
2286 done:
2287 if (DomainHandle != NULL)
2288 SamrCloseHandle(&DomainHandle);
2289
2290 if (ServerHandle != NULL)
2291 SamrCloseHandle(&ServerHandle);
2292
2293 return Status;
2294 }
2295
2296
2297 NTSTATUS
2298 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
2299 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
2300 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
2301 LSAP_LOOKUP_LEVEL LookupLevel,
2302 DWORD *MappedCount,
2303 DWORD LookupOptions,
2304 DWORD ClientRevision)
2305 {
2306 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL;
2307 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL;
2308 ULONG NamesBufferLength;
2309 ULONG i;
2310 ULONG Mapped = 0;
2311 NTSTATUS Status = STATUS_SUCCESS;
2312
2313 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX);
2314 NamesBuffer = MIDL_user_allocate(NamesBufferLength);
2315 if (NamesBuffer == NULL)
2316 {
2317 Status = STATUS_INSUFFICIENT_RESOURCES;
2318 goto done;
2319 }
2320
2321 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST));
2322 if (DomainsBuffer == NULL)
2323 {
2324 Status = STATUS_INSUFFICIENT_RESOURCES;
2325 goto done;
2326 }
2327
2328 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION));
2329 if (DomainsBuffer->Domains == NULL)
2330 {
2331 Status = STATUS_INSUFFICIENT_RESOURCES;
2332 goto done;
2333 }
2334
2335 DomainsBuffer->Entries = 0;
2336 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries;
2337
2338 /* Initialize all name entries */
2339 for (i = 0; i < SidEnumBuffer->Entries; i++)
2340 {
2341 NamesBuffer[i].Use = SidTypeUnknown;
2342 NamesBuffer[i].Name.Length = 0;
2343 NamesBuffer[i].Name.MaximumLength = 0;
2344 NamesBuffer[i].Name.Buffer = NULL;
2345 NamesBuffer[i].DomainIndex = -1;
2346 NamesBuffer[i].Flags = 0;
2347 }
2348
2349 /* Look-up well-known SIDs */
2350 Status = LsapLookupWellKnownSids(SidEnumBuffer,
2351 NamesBuffer,
2352 DomainsBuffer,
2353 &Mapped);
2354 if (!NT_SUCCESS(Status) &&
2355 Status != STATUS_NONE_MAPPED &&
2356 Status != STATUS_SOME_NOT_MAPPED)
2357 goto done;
2358
2359 if (Mapped == SidEnumBuffer->Entries)
2360 goto done;
2361
2362 /* Look-up builtin domain SIDs */
2363 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer,
2364 NamesBuffer,
2365 DomainsBuffer,
2366 &Mapped);
2367 if (!NT_SUCCESS(Status) &&
2368 Status != STATUS_NONE_MAPPED &&
2369 Status != STATUS_SOME_NOT_MAPPED)
2370 goto done;
2371
2372 if (Mapped == SidEnumBuffer->Entries)
2373 goto done;
2374
2375 /* Look-up account domain SIDs */
2376 Status = LsapLookupAccountDomainSids(SidEnumBuffer,
2377 NamesBuffer,
2378 DomainsBuffer,
2379 &Mapped);
2380 if (!NT_SUCCESS(Status) &&
2381 Status != STATUS_NONE_MAPPED &&
2382 Status != STATUS_SOME_NOT_MAPPED)
2383 goto done;
2384
2385 if (Mapped == SidEnumBuffer->Entries)
2386 goto done;
2387
2388 done:
2389 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped);
2390
2391 if (!NT_SUCCESS(Status))
2392 {
2393 if (DomainsBuffer != NULL)
2394 {
2395 if (DomainsBuffer->Domains != NULL)
2396 MIDL_user_free(DomainsBuffer->Domains);
2397
2398 MIDL_user_free(DomainsBuffer);
2399 }
2400
2401 if (NamesBuffer != NULL)
2402 MIDL_user_free(NamesBuffer);
2403 }
2404 else
2405 {
2406 *ReferencedDomains = DomainsBuffer;
2407 TranslatedNames->Entries = SidEnumBuffer->Entries;
2408 TranslatedNames->Names = NamesBuffer;
2409 *MappedCount = Mapped;
2410
2411 if (Mapped == 0)
2412 Status = STATUS_NONE_MAPPED;
2413 else if (Mapped < SidEnumBuffer->Entries)
2414 Status = STATUS_SOME_NOT_MAPPED;
2415 }
2416
2417 return Status;
2418 }
2419
2420 /* EOF */
A free Windows-compatible Operating System