projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[YAROTOWS] Reintegrate the branch. For a brighter future.
[reactos.git] / reactos / dll / win32 / lsasrv / sids.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/sids.c
5 * PURPOSE: Sid / Name lookup functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9 #include "lsasrv.h"
10
11 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
12
13
14 typedef struct _WELL_KNOWN_SID
15 {
16 LIST_ENTRY ListEntry;
17 PSID Sid;
18 UNICODE_STRING Name;
19 UNICODE_STRING Domain;
20 SID_NAME_USE NameUse;
21 } WELL_KNOWN_SID, *PWELL_KNOWN_SID;
22
23
24 static SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
25 static SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
26 static SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
27 static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
28 static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
29
30 LIST_ENTRY WellKnownSidListHead;
31
32
33
34 #if 0
35 typedef struct _AccountSid
36 {
37 WELL_KNOWN_SID_TYPE type;
38 LPCWSTR account;
39 LPCWSTR domain;
40 SID_NAME_USE name_use;
41 } AccountSid;
42
43 static const WCHAR Account_Operators[] = { 'A','c','c','o','u','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
44 static const WCHAR Administrator[] = {'A','d','m','i','n','i','s','t','r','a','t','o','r',0 };
45 static const WCHAR Administrators[] = { 'A','d','m','i','n','i','s','t','r','a','t','o','r','s',0 };
46 static const WCHAR ANONYMOUS_LOGON[] = { 'A','N','O','N','Y','M','O','U','S',' ','L','O','G','O','N',0 };
47 static const WCHAR Authenticated_Users[] = { 'A','u','t','h','e','n','t','i','c','a','t','e','d',' ','U','s','e','r','s',0 };
48 static const WCHAR Backup_Operators[] = { 'B','a','c','k','u','p',' ','O','p','e','r','a','t','o','r','s',0 };
49 static const WCHAR BATCH[] = { 'B','A','T','C','H',0 };
50 static const WCHAR Blank[] = { 0 };
51 static const WCHAR BUILTIN[] = { 'B','U','I','L','T','I','N',0 };
52 static const WCHAR Cert_Publishers[] = { 'C','e','r','t',' ','P','u','b','l','i','s','h','e','r','s',0 };
53 static const WCHAR CREATOR_GROUP[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',0 };
54 static const WCHAR CREATOR_GROUP_SERVER[] = { 'C','R','E','A','T','O','R',' ','G','R','O','U','P',' ','S','E','R','V','E','R',0 };
55 static const WCHAR CREATOR_OWNER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',0 };
56 static const WCHAR CREATOR_OWNER_SERVER[] = { 'C','R','E','A','T','O','R',' ','O','W','N','E','R',' ','S','E','R','V','E','R',0 };
57 static const WCHAR DIALUP[] = { 'D','I','A','L','U','P',0 };
58 static const WCHAR Digest_Authentication[] = { 'D','i','g','e','s','t',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
59 static const WCHAR DOMAIN[] = {'D','O','M','A','I','N',0};
60 static const WCHAR Domain_Admins[] = { 'D','o','m','a','i','n',' ','A','d','m','i','n','s',0 };
61 static const WCHAR Domain_Computers[] = { 'D','o','m','a','i','n',' ','C','o','m','p','u','t','e','r','s',0 };
62 static const WCHAR Domain_Controllers[] = { 'D','o','m','a','i','n',' ','C','o','n','t','r','o','l','l','e','r','s',0 };
63 static const WCHAR Domain_Guests[] = { 'D','o','m','a','i','n',' ','G','u','e','s','t','s',0 };
64 static const WCHAR Domain_Users[] = { 'D','o','m','a','i','n',' ','U','s','e','r','s',0 };
65 static const WCHAR Enterprise_Admins[] = { 'E','n','t','e','r','p','r','i','s','e',' ','A','d','m','i','n','s',0 };
66 static const WCHAR ENTERPRISE_DOMAIN_CONTROLLERS[] = { 'E','N','T','E','R','P','R','I','S','E',' ','D','O','M','A','I','N',' ','C','O','N','T','R','O','L','L','E','R','S',0 };
67 static const WCHAR Everyone[] = { 'E','v','e','r','y','o','n','e',0 };
68 static const WCHAR Group_Policy_Creator_Owners[] = { 'G','r','o','u','p',' ','P','o','l','i','c','y',' ','C','r','e','a','t','o','r',' ','O','w','n','e','r','s',0 };
69 static const WCHAR Guest[] = { 'G','u','e','s','t',0 };
70 static const WCHAR Guests[] = { 'G','u','e','s','t','s',0 };
71 static const WCHAR INTERACTIVE[] = { 'I','N','T','E','R','A','C','T','I','V','E',0 };
72 static const WCHAR LOCAL[] = { 'L','O','C','A','L',0 };
73 static const WCHAR LOCAL_SERVICE[] = { 'L','O','C','A','L',' ','S','E','R','V','I','C','E',0 };
74 static const WCHAR NETWORK[] = { 'N','E','T','W','O','R','K',0 };
75 static const WCHAR Network_Configuration_Operators[] = { 'N','e','t','w','o','r','k',' ','C','o','n','f','i','g','u','r','a','t','i','o','n',' ','O','p','e','r','a','t','o','r','s',0 };
76 static const WCHAR NETWORK_SERVICE[] = { 'N','E','T','W','O','R','K',' ','S','E','R','V','I','C','E',0 };
77 static const WCHAR NT_AUTHORITY[] = { 'N','T',' ','A','U','T','H','O','R','I','T','Y',0 };
78 static const WCHAR NT_Pseudo_Domain[] = { 'N','T',' ','P','s','e','u','d','o',' ','D','o','m','a','i','n',0 };
79 static const WCHAR NTML_Authentication[] = { 'N','T','M','L',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
80 static const WCHAR NULL_SID[] = { 'N','U','L','L',' ','S','I','D',0 };
81 static const WCHAR Other_Organization[] = { 'O','t','h','e','r',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
82 static const WCHAR Performance_Log_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','L','o','g',' ','U','s','e','r','s',0 };
83 static const WCHAR Performance_Monitor_Users[] = { 'P','e','r','f','o','r','m','a','n','c','e',' ','M','o','n','i','t','o','r',' ','U','s','e','r','s',0 };
84 static const WCHAR Power_Users[] = { 'P','o','w','e','r',' ','U','s','e','r','s',0 };
85 static const WCHAR Pre_Windows_2000_Compatible_Access[] = { 'P','r','e','-','W','i','n','d','o','w','s',' ','2','0','0','0',' ','C','o','m','p','a','t','i','b','l','e',' ','A','c','c','e','s','s',0 };
86 static const WCHAR Print_Operators[] = { 'P','r','i','n','t',' ','O','p','e','r','a','t','o','r','s',0 };
87 static const WCHAR PROXY[] = { 'P','R','O','X','Y',0 };
88 static const WCHAR RAS_and_IAS_Servers[] = { 'R','A','S',' ','a','n','d',' ','I','A','S',' ','S','e','r','v','e','r','s',0 };
89 static const WCHAR Remote_Desktop_Users[] = { 'R','e','m','o','t','e',' ','D','e','s','k','t','o','p',' ','U','s','e','r','s',0 };
90 static const WCHAR REMOTE_INTERACTIVE_LOGON[] = { 'R','E','M','O','T','E',' ','I','N','T','E','R','A','C','T','I','V','E',' ','L','O','G','O','N',0 };
91 static const WCHAR Replicators[] = { 'R','e','p','l','i','c','a','t','o','r','s',0 };
92 static const WCHAR RESTRICTED[] = { 'R','E','S','T','R','I','C','T','E','D',0 };
93 static const WCHAR SChannel_Authentication[] = { 'S','C','h','a','n','n','e','l',' ','A','u','t','h','e','n','t','i','c','a','t','i','o','n',0 };
94 static const WCHAR Schema_Admins[] = { 'S','c','h','e','m','a',' ','A','d','m','i','n','s',0 };
95 static const WCHAR SELF[] = { 'S','E','L','F',0 };
96 static const WCHAR Server_Operators[] = { 'S','e','r','v','e','r',' ','O','p','e','r','a','t','o','r','s',0 };
97 static const WCHAR SERVICE[] = { 'S','E','R','V','I','C','E',0 };
98 static const WCHAR SYSTEM[] = { 'S','Y','S','T','E','M',0 };
99 static const WCHAR TERMINAL_SERVER_USER[] = { 'T','E','R','M','I','N','A','L',' ','S','E','R','V','E','R',' ','U','S','E','R',0 };
100 static const WCHAR This_Organization[] = { 'T','h','i','s',' ','O','r','g','a','n','i','z','a','t','i','o','n',0 };
101 static const WCHAR Users[] = { 'U','s','e','r','s',0 };
102
103 static const AccountSid ACCOUNT_SIDS[] = {
104 // { WinNullSid, NULL_SID, Blank, SidTypeWellKnownGroup },
105 // { WinWorldSid, Everyone, Blank, SidTypeWellKnownGroup },
106 // { WinLocalSid, LOCAL, Blank, SidTypeWellKnownGroup },
107 // { WinCreatorOwnerSid, CREATOR_OWNER, Blank, SidTypeWellKnownGroup },
108 // { WinCreatorGroupSid, CREATOR_GROUP, Blank, SidTypeWellKnownGroup },
109 // { WinCreatorOwnerServerSid, CREATOR_OWNER_SERVER, Blank, SidTypeWellKnownGroup },
110 // { WinCreatorGroupServerSid, CREATOR_GROUP_SERVER, Blank, SidTypeWellKnownGroup },
111 // { WinNtAuthoritySid, NT_Pseudo_Domain, NT_Pseudo_Domain, SidTypeDomain },
112 // { WinDialupSid, DIALUP, NT_AUTHORITY, SidTypeWellKnownGroup },
113 // { WinNetworkSid, NETWORK, NT_AUTHORITY, SidTypeWellKnownGroup },
114 // { WinBatchSid, BATCH, NT_AUTHORITY, SidTypeWellKnownGroup },
115 // { WinInteractiveSid, INTERACTIVE, NT_AUTHORITY, SidTypeWellKnownGroup },
116 // { WinServiceSid, SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
117 // { WinAnonymousSid, ANONYMOUS_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
118 // { WinProxySid, PROXY, NT_AUTHORITY, SidTypeWellKnownGroup },
119 // { WinEnterpriseControllersSid, ENTERPRISE_DOMAIN_CONTROLLERS, NT_AUTHORITY, SidTypeWellKnownGroup },
120 // { WinSelfSid, SELF, NT_AUTHORITY, SidTypeWellKnownGroup },
121 // { WinAuthenticatedUserSid, Authenticated_Users, NT_AUTHORITY, SidTypeWellKnownGroup },
122 // { WinRestrictedCodeSid, RESTRICTED, NT_AUTHORITY, SidTypeWellKnownGroup },
123 // { WinTerminalServerSid, TERMINAL_SERVER_USER, NT_AUTHORITY, SidTypeWellKnownGroup },
124 // { WinRemoteLogonIdSid, REMOTE_INTERACTIVE_LOGON, NT_AUTHORITY, SidTypeWellKnownGroup },
125 // { WinLocalSystemSid, SYSTEM, NT_AUTHORITY, SidTypeWellKnownGroup },
126 // { WinLocalServiceSid, LOCAL_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
127 // { WinNetworkServiceSid, NETWORK_SERVICE, NT_AUTHORITY, SidTypeWellKnownGroup },
128 // { WinBuiltinDomainSid, BUILTIN, BUILTIN, SidTypeDomain },
129 // { WinBuiltinAdministratorsSid, Administrators, BUILTIN, SidTypeAlias },
130 // { WinBuiltinUsersSid, Users, BUILTIN, SidTypeAlias },
131 // { WinBuiltinGuestsSid, Guests, BUILTIN, SidTypeAlias },
132 // { WinBuiltinPowerUsersSid, Power_Users, BUILTIN, SidTypeAlias },
133 // { WinBuiltinAccountOperatorsSid, Account_Operators, BUILTIN, SidTypeAlias },
134 // { WinBuiltinSystemOperatorsSid, Server_Operators, BUILTIN, SidTypeAlias },
135 // { WinBuiltinPrintOperatorsSid, Print_Operators, BUILTIN, SidTypeAlias },
136 // { WinBuiltinBackupOperatorsSid, Backup_Operators, BUILTIN, SidTypeAlias },
137 // { WinBuiltinReplicatorSid, Replicators, BUILTIN, SidTypeAlias },
138 // { WinBuiltinPreWindows2000CompatibleAccessSid, Pre_Windows_2000_Compatible_Access, BUILTIN, SidTypeAlias },
139 // { WinBuiltinRemoteDesktopUsersSid, Remote_Desktop_Users, BUILTIN, SidTypeAlias },
140 // { WinBuiltinNetworkConfigurationOperatorsSid, Network_Configuration_Operators, BUILTIN, SidTypeAlias },
141 { WinNTLMAuthenticationSid, NTML_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
142 { WinDigestAuthenticationSid, Digest_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
143 { WinSChannelAuthenticationSid, SChannel_Authentication, NT_AUTHORITY, SidTypeWellKnownGroup },
144 // { WinThisOrganizationSid, This_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
145 { WinOtherOrganizationSid, Other_Organization, NT_AUTHORITY, SidTypeWellKnownGroup },
146 { WinBuiltinPerfMonitoringUsersSid, Performance_Monitor_Users, BUILTIN, SidTypeAlias },
147 { WinBuiltinPerfLoggingUsersSid, Performance_Log_Users, BUILTIN, SidTypeAlias },
148 };
149 #endif
150
151
152 BOOLEAN
153 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
154 UCHAR SubAuthorityCount,
155 PULONG SubAuthorities,
156 PWSTR Name,
157 PWSTR Domain,
158 SID_NAME_USE NameUse)
159 {
160 PWELL_KNOWN_SID SidEntry;
161 PULONG p;
162 ULONG i;
163
164 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), 0, sizeof(WELL_KNOWN_SID));
165 if (SidEntry == NULL)
166 return FALSE;
167
168 InitializeListHead(&SidEntry->ListEntry);
169
170 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(),
171 0,
172 RtlLengthRequiredSid(SubAuthorityCount));
173 if (SidEntry->Sid == NULL)
174 {
175 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry);
176 return FALSE;
177 }
178
179 RtlInitializeSid(SidEntry->Sid,
180 IdentifierAuthority,
181 SubAuthorityCount);
182
183 for (i = 0; i < (ULONG)SubAuthorityCount; i++)
184 {
185 p = RtlSubAuthoritySid(SidEntry->Sid, i);
186 *p = SubAuthorities[i];
187 }
188
189 RtlInitUnicodeString(&SidEntry->Name,
190 Name);
191
192 RtlInitUnicodeString(&SidEntry->Domain,
193 Domain);
194
195 SidEntry->NameUse = NameUse;
196
197 InsertTailList(&WellKnownSidListHead,
198 &SidEntry->ListEntry);
199
200 return TRUE;
201 }
202
203
204 NTSTATUS
205 LsapInitSids(VOID)
206 {
207 ULONG SubAuthorities[5];
208
209 InitializeListHead(&WellKnownSidListHead);
210
211 /* Null Sid */
212 SubAuthorities[0] = SECURITY_NULL_RID;
213 LsapCreateSid(&NullSidAuthority,
214 1,
215 SubAuthorities,
216 L"NULL SID",
217 L"",
218 SidTypeWellKnownGroup);
219
220 /* World Sid */
221 SubAuthorities[0] = SECURITY_WORLD_RID;
222 LsapCreateSid(&WorldSidAuthority,
223 1,
224 SubAuthorities,
225 L"Everyone",
226 L"",
227 SidTypeWellKnownGroup);
228
229 /* Local Sid */
230 SubAuthorities[0] = SECURITY_LOCAL_RID;
231 LsapCreateSid(&LocalSidAuthority,
232 1,
233 SubAuthorities,
234 L"LOCAL",
235 L"",
236 SidTypeWellKnownGroup);
237
238 /* Creator Owner Sid */
239 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID;
240 LsapCreateSid(&CreatorSidAuthority,
241 1,
242 SubAuthorities,
243 L"CREATOR OWNER",
244 L"",
245 SidTypeWellKnownGroup);
246
247 /* Creator Group Sid */
248 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID;
249 LsapCreateSid(&CreatorSidAuthority,
250 1,
251 SubAuthorities,
252 L"CREATOR GROUP",
253 L"",
254 SidTypeWellKnownGroup);
255
256 /* Creator Owner Server Sid */
257 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID;
258 LsapCreateSid(&CreatorSidAuthority,
259 1,
260 SubAuthorities,
261 L"CREATOR OWNER SERVER",
262 L"",
263 SidTypeWellKnownGroup);
264
265 /* Creator Group Server Sid */
266 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID;
267 LsapCreateSid(&CreatorSidAuthority,
268 1,
269 SubAuthorities,
270 L"CREATOR GROUP SERVER",
271 L"",
272 SidTypeWellKnownGroup);
273
274 /* NT Domain Sid */
275 LsapCreateSid(&NtAuthority,
276 0,
277 NULL,
278 L"NT Pseudo Domain",
279 L"NT Pseudo Domain",
280 SidTypeDomain);
281
282 /* Dialup Sid */
283 SubAuthorities[0] = SECURITY_DIALUP_RID;
284 LsapCreateSid(&NtAuthority,
285 1,
286 SubAuthorities,
287 L"DIALUP",
288 L"NT AUTHORITY",
289 SidTypeWellKnownGroup);
290
291 /* Network Sid */
292 SubAuthorities[0] = SECURITY_NETWORK_RID;
293 LsapCreateSid(&NtAuthority,
294 1,
295 SubAuthorities,
296 L"NETWORK",
297 L"NT AUTHORITY",
298 SidTypeWellKnownGroup);
299
300 /* Batch Sid*/
301 SubAuthorities[0] = SECURITY_BATCH_RID;
302 LsapCreateSid(&NtAuthority,
303 1,
304 SubAuthorities,
305 L"BATCH",
306 L"NT AUTHORITY",
307 SidTypeWellKnownGroup);
308
309 /* Interactive Sid */
310 SubAuthorities[0] = SECURITY_INTERACTIVE_RID;
311 LsapCreateSid(&NtAuthority,
312 1,
313 SubAuthorities,
314 L"INTERACTIVE",
315 L"NT AUTHORITY",
316 SidTypeWellKnownGroup);
317
318 /* Service Sid */
319 SubAuthorities[0] = SECURITY_SERVICE_RID;
320 LsapCreateSid(&NtAuthority,
321 1,
322 SubAuthorities,
323 L"SERVICE",
324 L"NT AUTHORITY",
325 SidTypeWellKnownGroup);
326
327 /* Anonymous Logon Sid */
328 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID;
329 LsapCreateSid(&NtAuthority,
330 1,
331 SubAuthorities,
332 L"ANONYMOUS LOGON",
333 L"NT AUTHORITY",
334 SidTypeWellKnownGroup);
335
336 /* Proxy Sid */
337 SubAuthorities[0] = SECURITY_PROXY_RID;
338 LsapCreateSid(&NtAuthority,
339 1,
340 SubAuthorities,
341 L"PROXY",
342 L"NT AUTHORITY",
343 SidTypeWellKnownGroup);
344
345 /* Enterprise Controllers Sid */
346 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID;
347 LsapCreateSid(&NtAuthority,
348 1,
349 SubAuthorities,
350 L"ENTERPRISE DOMAIN CONTROLLERS",
351 L"NT AUTHORITY",
352 SidTypeWellKnownGroup);
353
354 /* Principal Self Sid */
355 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID;
356 LsapCreateSid(&NtAuthority,
357 1,
358 SubAuthorities,
359 L"SELF",
360 L"NT AUTHORITY",
361 SidTypeWellKnownGroup);
362
363 /* Authenticated Users Sid */
364 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID;
365 LsapCreateSid(&NtAuthority,
366 1,
367 SubAuthorities,
368 L"Authenticated Users",
369 L"NT AUTHORITY",
370 SidTypeWellKnownGroup);
371
372 /* Restricted Code Sid */
373 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID;
374 LsapCreateSid(&NtAuthority,
375 1,
376 SubAuthorities,
377 L"RESTRICTED",
378 L"NT AUTHORITY",
379 SidTypeWellKnownGroup);
380
381 /* Terminal Server Sid */
382 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID;
383 LsapCreateSid(&NtAuthority,
384 1,
385 SubAuthorities,
386 L"TERMINAL SERVER USER",
387 L"NT AUTHORITY",
388 SidTypeWellKnownGroup);
389
390 /* Remote Logon Sid */
391 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID;
392 LsapCreateSid(&NtAuthority,
393 1,
394 SubAuthorities,
395 L"REMOTE INTERACTIVE LOGON",
396 L"NT AUTHORITY",
397 SidTypeWellKnownGroup);
398
399 /* This Organization Sid */
400 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID;
401 LsapCreateSid(&NtAuthority,
402 1,
403 SubAuthorities,
404 L"This Organization",
405 L"NT AUTHORITY",
406 SidTypeWellKnownGroup);
407
408 /* Local System Sid */
409 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID;
410 LsapCreateSid(&NtAuthority,
411 1,
412 SubAuthorities,
413 L"SYSTEM",
414 L"NT AUTHORITY",
415 SidTypeWellKnownGroup);
416
417 /* Local Service Sid */
418 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID;
419 LsapCreateSid(&NtAuthority,
420 1,
421 SubAuthorities,
422 L"LOCAL SERVICE",
423 L"NT AUTHORITY",
424 SidTypeWellKnownGroup);
425
426 /* Network Service Sid */
427 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID;
428 LsapCreateSid(&NtAuthority,
429 1,
430 SubAuthorities,
431 L"NETWORK SERVICE",
432 L"NT AUTHORITY",
433 SidTypeWellKnownGroup);
434
435 /* Builtin Domain Sid */
436 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
437 LsapCreateSid(&NtAuthority,
438 1,
439 SubAuthorities,
440 L"BUILTIN",
441 L"BUILTIN",
442 SidTypeDomain);
443
444 /* Administrators Alias Sid */
445 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
446 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS;
447 LsapCreateSid(&NtAuthority,
448 2,
449 SubAuthorities,
450 L"Administrators",
451 L"BUILTIN",
452 SidTypeAlias);
453
454 /* Users Alias Sid */
455 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
456 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS;
457 LsapCreateSid(&NtAuthority,
458 2,
459 SubAuthorities,
460 L"Users",
461 L"BUILTIN",
462 SidTypeAlias);
463
464 /* Guests Alias Sid */
465 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
466 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS;
467 LsapCreateSid(&NtAuthority,
468 2,
469 SubAuthorities,
470 L"Guests",
471 L"BUILTIN",
472 SidTypeAlias);
473
474 /* Power User Alias Sid */
475 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
476 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS;
477 LsapCreateSid(&NtAuthority,
478 2,
479 SubAuthorities,
480 L"Power User",
481 L"BUILTIN",
482 SidTypeAlias);
483
484 /* Account Operators Alias Sid */
485 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
486 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS;
487 LsapCreateSid(&NtAuthority,
488 2,
489 SubAuthorities,
490 L"Account Operators",
491 L"BUILTIN",
492 SidTypeAlias);
493
494 /* System Operators Alias Sid */
495 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
496 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS;
497 LsapCreateSid(&NtAuthority,
498 2,
499 SubAuthorities,
500 L"Server Operators",
501 L"BUILTIN",
502 SidTypeAlias);
503
504 /* Print Operators Alias Sid */
505 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
506 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS;
507 LsapCreateSid(&NtAuthority,
508 2,
509 SubAuthorities,
510 L"Print Operators",
511 L"BUILTIN",
512 SidTypeAlias);
513
514 /* Backup Operators Alias Sid */
515 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
516 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS;
517 LsapCreateSid(&NtAuthority,
518 2,
519 SubAuthorities,
520 L"Backup Operators",
521 L"BUILTIN",
522 SidTypeAlias);
523
524 /* Replicators Alias Sid */
525 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
526 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR;
527 LsapCreateSid(&NtAuthority,
528 2,
529 SubAuthorities,
530 L"Replicators",
531 L"BUILTIN",
532 SidTypeAlias);
533
534 #if 0
535 /* RAS Servers Alias Sid */
536 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
537 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS;
538 LsapCreateSid(&NtAuthority,
539 2,
540 SubAuthorities,
541 L"Backup Operators",
542 L"BUILTIN",
543 SidTypeAlias);
544 #endif
545
546 /* Pre-Windows 2000 Compatible Access Alias Sid */
547 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
548 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS;
549 LsapCreateSid(&NtAuthority,
550 2,
551 SubAuthorities,
552 L"Pre-Windows 2000 Compatible Access",
553 L"BUILTIN",
554 SidTypeAlias);
555
556 /* Remote Desktop Users Alias Sid */
557 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
558 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS;
559 LsapCreateSid(&NtAuthority,
560 2,
561 SubAuthorities,
562 L"Remote Desktop Users",
563 L"BUILTIN",
564 SidTypeAlias);
565
566 /* Network Configuration Operators Alias Sid */
567 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID;
568 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS;
569 LsapCreateSid(&NtAuthority,
570 2,
571 SubAuthorities,
572 L"Network Configuration Operators",
573 L"BUILTIN",
574 SidTypeAlias);
575
576 /* FIXME: Add more well known sids */
577
578 return STATUS_SUCCESS;
579 }
580
581
582 PWELL_KNOWN_SID
583 LsapLookupWellKnownSid(PSID Sid)
584 {
585 PLIST_ENTRY ListEntry;
586 PWELL_KNOWN_SID Ptr;
587
588 ListEntry = WellKnownSidListHead.Flink;
589 while (ListEntry != &WellKnownSidListHead)
590 {
591 Ptr = CONTAINING_RECORD(ListEntry,
592 WELL_KNOWN_SID,
593 ListEntry);
594 if (RtlEqualSid(Sid, Ptr->Sid))
595 {
596 return Ptr;
597 }
598
599 ListEntry = ListEntry->Flink;
600 }
601
602 return NULL;
603 }
604
605
606 NTSTATUS
607 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
608 PLSAPR_TRANSLATED_NAME OutputNames)
609 {
610 static const UNICODE_STRING UserName = RTL_CONSTANT_STRING(L"Administrator");
611 PWELL_KNOWN_SID ptr;
612 ULONG Mapped = 0;
613 ULONG i;
614 NTSTATUS Status;
615
616 PSID *Sids = (PSID *) SidEnumBuffer->SidInfo;
617
618 TRACE("LsapLookupSids(%p, %p)\n", SidEnumBuffer, OutputNames);
619 TRACE("SidEnumBuffer->Entries: %lu\n", SidEnumBuffer->Entries);
620 TRACE("SidEnumBuffer->SidInfo: %p\n", SidEnumBuffer->SidInfo);
621
622 for (i = 0; i < SidEnumBuffer->Entries; i++)
623 {
624 TRACE("i: %lu\n", i);
625 ptr = LsapLookupWellKnownSid(Sids[i]);
626 if (ptr != NULL)
627 {
628 OutputNames[i].Use = ptr->NameUse;
629
630 OutputNames[i].DomainIndex = i; /* Fixme */
631
632 OutputNames[i].Name.Buffer = MIDL_user_allocate(ptr->Name.MaximumLength);
633 OutputNames[i].Name.Length = ptr->Name.Length;
634 OutputNames[i].Name.MaximumLength = ptr->Name.MaximumLength;
635 RtlCopyMemory(OutputNames[i].Name.Buffer, ptr->Name.Buffer, ptr->Name.MaximumLength);
636
637 Mapped++;
638 }
639 else
640 {
641 OutputNames[i].Use = SidTypeWellKnownGroup;
642 OutputNames[i].DomainIndex = i;
643 OutputNames[i].Name.Buffer = MIDL_user_allocate(UserName.MaximumLength);
644 OutputNames[i].Name.Length = UserName.Length;
645 OutputNames[i].Name.MaximumLength = UserName.MaximumLength;
646 RtlCopyMemory(OutputNames[i].Name.Buffer, UserName.Buffer, UserName.MaximumLength);
647
648 Mapped++;
649 }
650 }
651
652 if (Mapped == 0)
653 Status = STATUS_NONE_MAPPED;
654 else if (Mapped < SidEnumBuffer->Entries)
655 Status = STATUS_SOME_NOT_MAPPED;
656 else
657 Status = STATUS_SUCCESS;
658
659 return Status;
660 }
661
662 /* EOF */
A free Windows-compatible Operating System