[LSASRV][MSV1_0]
authorEric Kohl <eric.kohl@reactos.org>
Wed, 25 Dec 2013 13:24:42 +0000 (13:24 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Wed, 25 Dec 2013 13:24:42 +0000 (13:24 +0000)
- Move the creation of the default DACL from msv1_0 to lsasrv. Create the default DACL only if the selected authentication package does not provide one.

svn path=/trunk/; revision=61401

reactos/dll/win32/lsasrv/authpackage.c
reactos/dll/win32/lsasrv/lookup.c
reactos/dll/win32/lsasrv/lsasrv.h
reactos/dll/win32/msv1_0/msv1_0.c

index 884ae5e..6eea470 100644 (file)
@@ -547,9 +547,9 @@ LsapCopyLocalGroups(
     PTOKEN_GROUPS LocalGroups = NULL;
     ULONG SidHeaderLength = 0;
     PSID SidHeader = NULL;
-    PSID Sid;
+    PSID SrcSid, DstSid;
     ULONG SidLength;
-    ULONG CopiedSids = 0;
+    ULONG AllocatedSids = 0;
     ULONG i;
     NTSTATUS Status;
 
@@ -585,8 +585,10 @@ LsapCopyLocalGroups(
 
     for (i = 0; i < ClientGroupsCount; i++)
     {
+        SrcSid = LocalGroups->Groups[i].Sid;
+
         Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
-                                     LocalGroups->Groups[i].Sid,
+                                     SrcSid,
                                      SidHeader,
                                      SidHeaderLength,
                                      NULL);
@@ -596,28 +598,28 @@ LsapCopyLocalGroups(
         SidLength = RtlLengthSid(SidHeader);
         TRACE("Sid %lu: Length %lu\n", i, SidLength);
 
-        Sid = RtlAllocateHeap(RtlGetProcessHeap(),
-                              HEAP_ZERO_MEMORY,
-                              SidLength);
-        if (SidHeader == NULL)
+        DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
+                                 HEAP_ZERO_MEMORY,
+                                 SidLength);
+        if (DstSid == NULL)
         {
             Status = STATUS_INSUFFICIENT_RESOURCES;
             goto done;
         }
 
         Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
-                                     LocalGroups->Groups[i].Sid,
-                                     Sid,
+                                     SrcSid,
+                                     DstSid,
                                      SidLength,
                                      NULL);
         if (!NT_SUCCESS(Status))
         {
-            RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
+            RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
             goto done;
         }
 
-        LocalGroups->Groups[i].Sid = Sid;
-        CopiedSids++;
+        LocalGroups->Groups[i].Sid = DstSid;
+        AllocatedSids++;
     }
 
     *TokenGroups = LocalGroups;
@@ -630,7 +632,7 @@ done:
     {
         if (LocalGroups != NULL)
         {
-            for (i = 0; i < CopiedSids; i++)
+            for (i = 0; i < AllocatedSids; i++)
                 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
 
             RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
@@ -641,6 +643,52 @@ done:
 }
 
 
+static
+NTSTATUS
+LsapAddTokenDefaultDacl(
+    IN PVOID TokenInformation,
+    IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+    PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+    PACL Dacl = NULL;
+    ULONG Length;
+
+    if (TokenInformationType == LsaTokenInformationV1)
+    {
+        TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+        if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
+            return STATUS_SUCCESS;
+
+        Length = sizeof(ACL) +
+                 (2 * sizeof(ACCESS_ALLOWED_ACE)) +
+                 RtlLengthSid(TokenInfo1->Owner.Owner) +
+                 RtlLengthSid(LsapLocalSystemSid);
+
+        Dacl = DispatchTable.AllocateLsaHeap(Length);
+        if (Dacl == NULL)
+            return STATUS_INSUFFICIENT_RESOURCES;
+
+        RtlCreateAcl(Dacl, Length, ACL_REVISION);
+
+        RtlAddAccessAllowedAce(Dacl,
+                               ACL_REVISION,
+                               GENERIC_ALL,
+                               TokenInfo1->Owner.Owner);
+
+        /* SID: S-1-5-18 */
+        RtlAddAccessAllowedAce(Dacl,
+                               ACL_REVISION,
+                               GENERIC_ALL,
+                               LsapLocalSystemSid);
+
+        TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
+    }
+
+    return STATUS_SUCCESS;
+}
+
+
 NTSTATUS
 LsapLogonUser(PLSA_API_MSG RequestMsg,
               PLSAP_LOGON_CONTEXT LogonContext)
@@ -669,7 +717,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
     Package = LsapGetAuthenticationPackage(PackageId);
     if (Package == NULL)
     {
-        TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
+        ERR("LsapGetAuthenticationPackage() failed to find a package\n");
         return STATUS_NO_SUCH_PACKAGE;
     }
 
@@ -681,7 +729,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
                                         RequestMsg->LogonUser.Request.AuthenticationInformationLength);
         if (LocalAuthInfo == NULL)
         {
-            TRACE("RtlAllocateHeap() failed\n");
+            ERR("RtlAllocateHeap() failed\n");
             return STATUS_INSUFFICIENT_RESOURCES;
         }
 
@@ -693,7 +741,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
                                      NULL);
         if (!NT_SUCCESS(Status))
         {
-            TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
+            ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
             RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
             return Status;
         }
@@ -706,7 +754,10 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
                                      RequestMsg->LogonUser.Request.LocalGroupsCount,
                                      &LocalGroups);
         if (!NT_SUCCESS(Status))
+        {
+            ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
             goto done;
+        }
 
         TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
     }
@@ -766,7 +817,16 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
 
     if (!NT_SUCCESS(Status))
     {
-        TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
+        ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }
+
+
+    Status = LsapAddTokenDefaultDacl(TokenInformation,
+                                     TokenInformationType);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
         goto done;
     }
 
@@ -802,7 +862,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
                                &RequestMsg->LogonUser.Request.SourceContext);
         if (!NT_SUCCESS(Status))
         {
-            TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status);
+            ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
             goto done;
         }
     }
@@ -823,7 +883,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
                                DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
     if (!NT_SUCCESS(Status))
     {
-        TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
         goto done;
     }
 
@@ -832,7 +892,7 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
     Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId);
     if (!NT_SUCCESS(Status))
     {
-        TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
+        ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
         goto done;
     }
 
@@ -847,7 +907,10 @@ done:
     if (LocalGroups != NULL)
     {
         for (i = 0; i < LocalGroups->GroupCount; i++)
-            RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
+        {
+            if (LocalGroups->Groups[i].Sid != NULL)
+                RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
+        }
 
         RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
     }
index a05529e..d7f6f2f 100644 (file)
@@ -80,6 +80,7 @@ typedef struct _WELL_KNOWN_SID
 
 
 LIST_ENTRY WellKnownSidListHead;
+PSID LsapLocalSystemSid = NULL;
 
 
 /* FUNCTIONS ***************************************************************/
@@ -90,7 +91,8 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
               PULONG SubAuthorities,
               PWSTR AccountName,
               PWSTR DomainName,
-              SID_NAME_USE Use)
+              SID_NAME_USE Use,
+              PSID *SidPtr)
 {
     PWELL_KNOWN_SID SidEntry;
     PULONG p;
@@ -159,6 +161,9 @@ LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority,
     InsertTailList(&WellKnownSidListHead,
                    &SidEntry->ListEntry);
 
+    if (SidPtr != NULL)
+        *SidPtr = SidEntry->Sid;
+
     return TRUE;
 }
 
@@ -184,7 +189,8 @@ LsapInitSids(VOID)
                   NULL,
                   szAccountName,
                   szDomainName,
-                  SidTypeDomain);
+                  SidTypeDomain,
+                  NULL);
 
     /* Null Sid */
     LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, 80);
@@ -195,7 +201,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* World Sid */
     LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, 80);
@@ -206,7 +213,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Local Sid */
     LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
@@ -217,7 +225,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Creator Owner Sid */
     LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, 80);
@@ -228,7 +237,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Creator Group Sid */
     LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, 80);
@@ -239,7 +249,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Creator Owner Server Sid */
     LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, 80);
@@ -250,7 +261,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Creator Group Server Sid */
     LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, 80);
@@ -261,7 +273,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   L"",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Dialup Sid */
     LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@@ -273,7 +286,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Network Sid */
     LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, 80);
@@ -284,7 +298,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Batch Sid*/
     LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
@@ -295,7 +310,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Interactive Sid */
     LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
@@ -306,7 +322,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Service Sid */
     LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
@@ -317,7 +334,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Anonymous Logon Sid */
     LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
@@ -328,7 +346,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Proxy Sid */
     LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, 80);
@@ -339,7 +358,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Enterprise Controllers Sid */
     LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, 80);
@@ -350,7 +370,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Principal Self Sid */
     LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, 80);
@@ -361,7 +382,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Authenticated Users Sid */
     LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, 80);
@@ -372,7 +394,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Restricted Code Sid */
     LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, 80);
@@ -383,7 +406,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Terminal Server Sid */
     LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, 80);
@@ -394,7 +418,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Remote Logon Sid */
     LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, 80);
@@ -405,7 +430,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* This Organization Sid */
     LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, 80);
@@ -416,7 +442,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Local System Sid */
     LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, 80);
@@ -427,7 +454,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  &LsapLocalSystemSid);
 
     /* Local Service Sid */
     LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, 80);
@@ -438,14 +466,16 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     LsapCreateSid(&NtAuthority,
                   1,
                   SubAuthorities,
                   L"LOCALSERVICE",
                   L"NT AUTHORITY",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Network Service Sid */
     LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, 80);
@@ -456,14 +486,16 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     LsapCreateSid(&NtAuthority,
                   1,
                   SubAuthorities,
                   L"NETWORKSERVICE",
                   L"NT AUTHORITY",
-                  SidTypeWellKnownGroup);
+                  SidTypeWellKnownGroup,
+                  NULL);
 
     /* Builtin Domain Sid */
     LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, 80);
@@ -475,7 +507,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeDomain);
+                  SidTypeDomain,
+                  NULL);
 
     /* Administrators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, 80);
@@ -487,7 +520,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Users Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
@@ -499,7 +533,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Guests Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, 80);
@@ -511,7 +546,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Power User Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, 80);
@@ -523,7 +559,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Account Operators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, 80);
@@ -535,7 +572,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* System Operators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, 80);
@@ -547,7 +585,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Print Operators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, 80);
@@ -559,7 +598,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Backup Operators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, 80);
@@ -571,7 +611,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Replicators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, 80);
@@ -583,7 +624,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* RAS Servers Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, 80);
@@ -595,7 +637,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Pre-Windows 2000 Compatible Access Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, 80);
@@ -607,7 +650,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Remote Desktop Users Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, 80);
@@ -619,7 +663,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* Network Configuration Operators Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, 80);
@@ -631,7 +676,8 @@ LsapInitSids(VOID)
                   SubAuthorities,
                   szAccountName,
                   szDomainName,
-                  SidTypeAlias);
+                  SidTypeAlias,
+                  NULL);
 
     /* FIXME: Add more well known sids */
 
index 0e94eb1..16c7b3c 100644 (file)
@@ -91,6 +91,9 @@ extern UNICODE_STRING BuiltinDomainName;
 extern PSID AccountDomainSid;
 extern UNICODE_STRING AccountDomainName;
 
+extern PSID LsapLocalSystemSid;
+
+
 /* authpackage.c */
 NTSTATUS
 LsapInitAuthPackages(VOID);
index 90a43d3..921aa6f 100644 (file)
@@ -571,66 +571,6 @@ BuildTokenOwner(PTOKEN_OWNER Owner,
 }
 
 
-static
-NTSTATUS
-BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
-                      PSID OwnerSid)
-{
-    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
-    PSID LocalSystemSid = NULL;
-    PACL Dacl = NULL;
-    NTSTATUS Status = STATUS_SUCCESS;
-
-    RtlAllocateAndInitializeSid(&SystemAuthority,
-                                1,
-                                SECURITY_LOCAL_SYSTEM_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                SECURITY_NULL_RID,
-                                &LocalSystemSid);
-
-    Dacl = DispatchTable.AllocateLsaHeap(1024);
-    if (Dacl == NULL)
-    {
-        Status = STATUS_INSUFFICIENT_RESOURCES;
-        goto done;
-    }
-
-    Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
-    RtlAddAccessAllowedAce(Dacl,
-                           ACL_REVISION,
-                           GENERIC_ALL,
-                           OwnerSid);
-
-    /* SID: S-1-5-18 */
-    RtlAddAccessAllowedAce(Dacl,
-                           ACL_REVISION,
-                           GENERIC_ALL,
-                           LocalSystemSid);
-
-    DefaultDacl->DefaultDacl = Dacl;
-
-done:
-    if (!NT_SUCCESS(Status))
-    {
-        if (Dacl != NULL)
-            DispatchTable.FreeLsaHeap(Dacl);
-    }
-
-    if (LocalSystemSid != NULL)
-        RtlFreeSid(LocalSystemSid);
-
-    return Status;
-}
-
-
 static
 NTSTATUS
 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@@ -683,11 +623,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
     if (!NT_SUCCESS(Status))
         goto done;
 
-    Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
-                                   OwnerSid);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
     *TokenInformation = Buffer;
 
 done: