}
+static
+NTSTATUS
+LsapSetTokenOwner(
+ IN PVOID TokenInformation,
+ IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+ PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+ PSID OwnerSid = NULL;
+ ULONG i, Length;
+
+ if (TokenInformationType == LsaTokenInformationV1)
+ {
+ TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+ if (TokenInfo1->Owner.Owner != NULL)
+ return STATUS_SUCCESS;
+
+ OwnerSid = TokenInfo1->User.User.Sid;
+ for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
+ {
+ if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
+ {
+ OwnerSid = LsapAdministratorsSid;
+ break;
+ }
+ }
+
+ Length = RtlLengthSid(OwnerSid);
+ TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
+ if (TokenInfo1->Owner.Owner == NULL)
+ return STATUS_INSUFFICIENT_RESOURCES;
+
+ RtlCopyMemory(TokenInfo1->Owner.Owner,
+ OwnerSid,
+ Length);
+ }
+
+ return STATUS_SUCCESS;
+}
+
+
static
NTSTATUS
LsapAddTokenDefaultDacl(
goto done;
}
+ Status = LsapSetTokenOwner(TokenInformation,
+ TokenInformationType);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
Status = LsapAddTokenDefaultDacl(TokenInformation,
TokenInformationType);
LIST_ENTRY WellKnownSidListHead;
PSID LsapLocalSystemSid = NULL;
+PSID LsapAdministratorsSid = NULL;
/* FUNCTIONS ***************************************************************/
szAccountName,
szDomainName,
SidTypeAlias,
- NULL);
+ &LsapAdministratorsSid);
/* Users Alias Sid */
LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
BuildTokenGroups(IN PSID AccountDomainSid,
IN PLUID LogonId,
OUT PTOKEN_GROUPS *Groups,
- OUT PSID *PrimaryGroupSid,
- OUT PSID *OwnerSid)
+ OUT PSID *PrimaryGroupSid)
{
SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
TokenGroups->Groups[GroupCount].Attributes =
SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
GroupCount++;
- *OwnerSid = Sid;
/* Member of 'Local users */
RtlAllocateAndInitializeSid(&LocalAuthority,
}
-static
-NTSTATUS
-BuildTokenOwner(PTOKEN_OWNER Owner,
- PSID OwnerSid)
-{
- ULONG RidCount;
- ULONG Size;
-
- RidCount = *RtlSubAuthorityCountSid(OwnerSid);
- Size = RtlLengthRequiredSid(RidCount);
-
- Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
- if (Owner->Owner == NULL)
- {
- return STATUS_INSUFFICIENT_RESOURCES;
- }
-
- RtlCopyMemory(Owner->Owner,
- OwnerSid,
- Size);
-
- return STATUS_SUCCESS;
-}
-
-
static
NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
PLUID LogonId)
{
PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
- PSID OwnerSid = NULL;
PSID PrimaryGroupSid = NULL;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
Status = BuildTokenGroups((PSID)AccountDomainSid,
LogonId,
&Buffer->Groups,
- &PrimaryGroupSid,
- &OwnerSid);
+ &PrimaryGroupSid);
if (!NT_SUCCESS(Status))
goto done;
if (!NT_SUCCESS(Status))
goto done;
- Status = BuildTokenOwner(&Buffer->Owner,
- OwnerSid);
- if (!NT_SUCCESS(Status))
- goto done;
-
*TokenInformation = Buffer;
done:
if (Buffer->Privileges != NULL)
DispatchTable.FreeLsaHeap(Buffer->Privileges);
- if (Buffer->Owner.Owner != NULL)
- DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
-
if (Buffer->DefaultDacl.DefaultDacl != NULL)
DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);