- Store the names and SIDs of the built-in and account domains in global vaiables.
- Move the lookup code for isolated names to a separate function.
svn path=/trunk/; revision=57511
static HANDLE SecurityKeyHandle = NULL;
+SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
+SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
+
+PSID BuiltinDomainSid = NULL;
+PSID AccountDomainSid = NULL;
+UNICODE_STRING BuiltinDomainName = {0, 0, NULL};
+UNICODE_STRING AccountDomainName = {0, 0, NULL};
+
/* FUNCTIONS ***************************************************************/
static NTSTATUS
LsapCreateRandomDomainSid(OUT PSID *Sid)
{
- SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
LARGE_INTEGER SystemTime;
PULONG Seed;
NtQuerySystemTime(&SystemTime);
Seed = &SystemTime.u.LowPart;
- return RtlAllocateAndInitializeSid(&SystemAuthority,
+ return RtlAllocateAndInitializeSid(&NtAuthority,
4,
SECURITY_NT_NON_UNIQUE,
RtlUniform(Seed),
}
+static NTSTATUS
+LsapGetDomainInfo(VOID)
+{
+ PLSA_DB_OBJECT PolicyObject = NULL;
+ PUNICODE_STRING DomainName = NULL;
+ ULONG AttributeSize;
+ LPWSTR SidString = NULL;
+ NTSTATUS Status;
+
+ /* Get the built-in domain SID and name */
+ Status = RtlAllocateAndInitializeSid(&NtAuthority,
+ 1,
+ SECURITY_BUILTIN_DOMAIN_RID,
+ 0, 0, 0, 0, 0, 0, 0,
+ &BuiltinDomainSid);
+ if (!NT_SUCCESS(Status))
+ return Status;
+
+ /**/
+ RtlInitUnicodeString(&BuiltinDomainName,
+ L"BUILTIN");
+
+ /* Open the 'Policy' object */
+ Status = LsapOpenDbObject(NULL,
+ NULL,
+ L"Policy",
+ LsaDbPolicyObject,
+ 0,
+ &PolicyObject);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ /* Get the account domain SID */
+ AttributeSize = 0;
+ Status = LsapGetObjectAttribute(PolicyObject,
+ L"PolAcDmS",
+ NULL,
+ &AttributeSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (AttributeSize > 0)
+ {
+ AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AttributeSize);
+ if (AccountDomainSid == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ Status = LsapGetObjectAttribute(PolicyObject,
+ L"PolAcDmS",
+ AccountDomainSid,
+ &AttributeSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
+
+ /* Get the account domain name */
+ AttributeSize = 0;
+ Status = LsapGetObjectAttribute(PolicyObject,
+ L"PolAcDmN",
+ NULL,
+ &AttributeSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (AttributeSize > 0)
+ {
+ DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AttributeSize);
+ if (DomainName == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ Status = LsapGetObjectAttribute(PolicyObject,
+ L"PolAcDmN",
+ DomainName,
+ &AttributeSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
+
+ AccountDomainName.Length = DomainName->Length;
+ AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
+ AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AccountDomainName.MaximumLength);
+ if (AccountDomainName.Buffer == NULL)
+ {
+ ERR("Failed to allocate the account domain name buffer\n");
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ RtlCopyMemory(AccountDomainName.Buffer,
+ DomainName->Buffer,
+ DomainName->Length);
+ }
+
+ ConvertSidToStringSidW(BuiltinDomainSid, &SidString);
+ TRACE("Builtin Domain SID: %S\n", SidString);
+ LocalFree(SidString);
+ SidString = NULL;
+
+ TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
+
+ ConvertSidToStringSidW(AccountDomainSid, &SidString);
+ TRACE("Account Domain SID: %S\n", SidString);
+ LocalFree(SidString);
+ SidString = NULL;
+
+ TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
+
+done:
+ if (DomainName != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
+
+ if (PolicyObject != NULL)
+ LsapCloseDbObject(PolicyObject);
+
+ return Status;
+}
+
+
NTSTATUS
LsapInitDatabase(VOID)
{
}
}
+ Status = LsapGetDomainInfo();
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
+ return Status;
+ }
+
TRACE("LsapInitDatabase() done\n");
return STATUS_SUCCESS;
} LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA;
+extern SID_IDENTIFIER_AUTHORITY NullSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY CreatorSidAuthority;
+extern SID_IDENTIFIER_AUTHORITY NtAuthority;
+
+extern PSID BuiltinDomainSid;
+extern UNICODE_STRING BuiltinDomainName;
+extern PSID AccountDomainSid;
+extern UNICODE_STRING AccountDomainName;
+
+
/* authport.c */
NTSTATUS
StartAuthenticationPort(VOID);
} WELL_KNOWN_SID, *PWELL_KNOWN_SID;
-static SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY};
-static SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
-
LIST_ENTRY WellKnownSidListHead;
-
-
#if 0
typedef struct _AccountSid
{
}
+static
+NTSTATUS
+LsapLookupIsolatedNames(DWORD Count,
+ PRPC_UNICODE_STRING DomainNames,
+ PRPC_UNICODE_STRING AccountNames,
+ PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer,
+ PLSAPR_TRANSLATED_SID_EX2 SidsBuffer,
+ PULONG Mapped)
+{
+ PWELL_KNOWN_SID ptr, ptr2;
+ ULONG DomainIndex;
+ ULONG i;
+ NTSTATUS Status = STATUS_SUCCESS;
+ LPWSTR SidString = NULL;
+
+ for (i = 0; i < Count; i++)
+ {
+ /* Ignore names which were already mapped */
+ if (SidsBuffer[i].Use != SidTypeUnknown)
+ continue;
+
+ /* Ignore fully qualified account names */
+ if (DomainNames[i].Length != 0)
+ continue;
+
+ /* Look-up all well-known names */
+ ptr = LsapLookupWellKnownName((PUNICODE_STRING)&AccountNames[i]);
+ if (ptr != NULL)
+ {
+ SidsBuffer[i].Use = ptr->Use;
+ SidsBuffer[i].Sid = ptr->Sid;
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ if (ptr->Use == SidTypeDomain)
+ {
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &ptr->Name,
+ ptr->Sid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+ }
+ else
+ {
+ ptr2= LsapLookupWellKnownName(&ptr->Domain);
+ if (ptr2 != NULL)
+ {
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &ptr2->Name,
+ ptr2->Sid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+ }
+ }
+
+ (*Mapped)++;
+ continue;
+ }
+
+ /* FIXME: Look-up the built-in domain */
+
+ ConvertSidToStringSidW(AccountDomainSid, &SidString);
+ TRACE("Account Domain SID: %S\n", SidString);
+ LocalFree(SidString);
+ SidString = NULL;
+
+ TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
+
+ /* Look-up the account domain */
+ if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE))
+ {
+ SidsBuffer[i].Use = SidTypeDomain;
+ SidsBuffer[i].Sid = AccountDomainSid;
+ SidsBuffer[i].DomainIndex = -1;
+ SidsBuffer[i].Flags = 0;
+
+ Status = LsapAddDomainToDomainsList(DomainsBuffer,
+ &AccountDomainName,
+ AccountDomainSid,
+ &DomainIndex);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SidsBuffer[i].DomainIndex = DomainIndex;
+
+ (*Mapped)++;
+ continue;
+ }
+
+ /* FIXME: Look-up the primary domain */
+
+ /* FIXME: Look-up the trusted domains */
+
+ /* FIXME: Look-up accounts in the built-in domain */
+
+ /* FIXME: Look-up accounts in the account domain */
+
+ /* FIXME: Look-up accounts in the primary domain */
+
+ /* FIXME: Look-up accounts in the trusted domains */
+ }
+
+done:
+ return Status;
+}
+
+
NTSTATUS
LsapLookupNames(DWORD Count,
PRPC_UNICODE_STRING Names,
PRPC_UNICODE_STRING DomainNames = NULL;
PRPC_UNICODE_STRING AccountNames = NULL;
ULONG SidsBufferLength;
- ULONG DomainIndex;
+// ULONG DomainIndex;
ULONG i;
ULONG Mapped = 0;
NTSTATUS Status = STATUS_SUCCESS;
- PWELL_KNOWN_SID ptr, ptr2;
+// PWELL_KNOWN_SID ptr, ptr2;
//TRACE("()\n");
goto done;
}
+ Status = LsapLookupIsolatedNames(Count,
+ DomainNames,
+ AccountNames,
+ DomainsBuffer,
+ SidsBuffer,
+ &Mapped);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (Mapped == Count)
+ goto done;
+
+
+#if 0
for (i = 0; i < Count; i++)
{
//TRACE("Name: %wZ\n", &Names[i]);
Mapped++;
continue;
}
-
-
-
}
+#endif
done:
// TRACE("done: Status %lx\n", Status);
projects / reactos.git / commitdiff