return STATUS_SUCCESS;
}
+static
+NTSTATUS
+LsapAddDefaultGroups(
+ IN PVOID TokenInformation,
+ IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
+ IN SECURITY_LOGON_TYPE LogonType)
+{
+ PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+ PTOKEN_GROUPS Groups;
+ ULONG i, Length;
+ PSID SrcSid;
+
+ if (TokenInformationType == LsaTokenInformationV1)
+ {
+ TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+ if (TokenInfo1->Groups != NULL)
+ {
+ Length = sizeof(TOKEN_GROUPS) +
+ (TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
+
+ Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
+ if (Groups == NULL)
+ {
+ ERR("Group buffer allocation failed!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ Groups->GroupCount = TokenInfo1->Groups->GroupCount;
+
+ for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
+ {
+ Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
+ Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
+ }
+
+ RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
+
+ TokenInfo1->Groups = Groups;
+
+ }
+ else
+ {
+ Length = sizeof(TOKEN_GROUPS) +
+ (2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
+
+ Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
+ if (Groups == NULL)
+ {
+ ERR("Group buffer allocation failed!\n");
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ TokenInfo1->Groups = Groups;
+ }
+
+ /* Append the World SID (aka Everyone) */
+ Length = RtlLengthSid(LsapWorldSid);
+ Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ Length);
+ if (Groups->Groups[Groups->GroupCount].Sid == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
+ LsapWorldSid,
+ Length);
+
+ Groups->Groups[Groups->GroupCount].Attributes =
+ SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+
+ Groups->GroupCount++;
+
+ /* Append the logon type SID */
+ switch (LogonType)
+ {
+ case Interactive:
+ SrcSid = LsapInteractiveSid;
+ break;
+
+ case Network:
+ SrcSid = LsapNetworkSid;
+ break;
+
+ case Batch:
+ SrcSid = LsapBatchSid;
+ break;
+
+ case Service:
+ SrcSid = LsapServiceSid;
+ break;
+
+ default:
+ FIXME("LogonType %d is not supported!\n", LogonType);
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ Length = RtlLengthSid(SrcSid);
+ Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ Length);
+ if (Groups->Groups[Groups->GroupCount].Sid == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
+ SrcSid,
+ Length);
+
+ Groups->Groups[Groups->GroupCount].Attributes =
+ SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
+
+ Groups->GroupCount++;
+ }
+ else
+ {
+ FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
+ return STATUS_NOT_IMPLEMENTED;
+ }
+
+ return STATUS_SUCCESS;
+}
+
static
NTSTATUS
HANDLE TokenHandle = NULL;
ULONG i;
ULONG PackageId;
+ SECURITY_LOGON_TYPE LogonType;
NTSTATUS Status;
TRACE("(%p %p)\n", RequestMsg, LogonContext);
PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
+ LogonType = RequestMsg->LogonUser.Request.LogonType;
/* Get the right authentication package */
Package = LsapGetAuthenticationPackage(PackageId);
}
}
+ Status = LsapAddDefaultGroups(TokenInformation,
+ TokenInformationType,
+ LogonType);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
Status = LsapSetTokenOwner(TokenInformation,
TokenInformationType);
if (!NT_SUCCESS(Status))
LIST_ENTRY WellKnownSidListHead;
+PSID LsapWorldSid = NULL;
+PSID LsapNetworkSid = NULL;
+PSID LsapBatchSid = NULL;
+PSID LsapInteractiveSid = NULL;
+PSID LsapServiceSid = NULL;
PSID LsapLocalSystemSid = NULL;
PSID LsapAdministratorsSid = NULL;
szAccountName,
L"",
SidTypeWellKnownGroup,
- NULL);
+ &LsapWorldSid);
/* Local Sid */
LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, 80);
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
- NULL);
+ &LsapNetworkSid);
/* Batch Sid*/
LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, 80);
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
- NULL);
+ &LsapBatchSid);
/* Interactive Sid */
LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, 80);
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
- NULL);
+ &LsapInteractiveSid);
/* Service Sid */
LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, 80);
szAccountName,
szDomainName,
SidTypeWellKnownGroup,
- NULL);
+ &LsapServiceSid);
/* Anonymous Logon Sid */
LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, 80);
OUT PTOKEN_GROUPS *Groups,
OUT PSID *PrimaryGroupSid)
{
- SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PTOKEN_GROUPS TokenGroups;
-#define MAX_GROUPS 6
+#define MAX_GROUPS 4
DWORD GroupCount = 0;
PSID Sid;
NTSTATUS Status = STATUS_SUCCESS;
*PrimaryGroupSid = Sid;
GroupCount++;
- /* Member of 'Everyone' */
- RtlAllocateAndInitializeSid(&WorldAuthority,
- 1,
- SECURITY_WORLD_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
#if 1
/* Member of 'Administrators' */
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
GroupCount++;
- /* Member of 'Interactive users' */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_INTERACTIVE_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
/* Member of 'Authenticated users' */
RtlAllocateAndInitializeSid(&SystemAuthority,