[][LSASRV][MSV1_0]
authorEric Kohl <eric.kohl@reactos.org>
Wed, 25 Dec 2013 18:15:53 +0000 (18:15 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Wed, 25 Dec 2013 18:15:53 +0000 (18:15 +0000)
- Move the creation of the token owner SID from msv1_0 to lsasrv.
- If the user is a member of the administrators group, the adminstrators group becomes the owner of the token. Otheriwse, the user is the owner of the token.

svn path=/trunk/; revision=61415

reactos/dll/win32/lsasrv/authpackage.c
reactos/dll/win32/lsasrv/lookup.c
reactos/dll/win32/lsasrv/lsasrv.h
reactos/dll/win32/msv1_0/msv1_0.c

index 6eea470..c649d78 100644 (file)
@@ -643,6 +643,47 @@ done:
 }
 
 
+static
+NTSTATUS
+LsapSetTokenOwner(
+    IN PVOID TokenInformation,
+    IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
+{
+    PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
+    PSID OwnerSid = NULL;
+    ULONG i, Length;
+
+    if (TokenInformationType == LsaTokenInformationV1)
+    {
+        TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
+
+        if (TokenInfo1->Owner.Owner != NULL)
+            return STATUS_SUCCESS;
+
+        OwnerSid = TokenInfo1->User.User.Sid;
+        for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
+        {
+            if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
+            {
+                OwnerSid = LsapAdministratorsSid;
+                break;
+            }
+        }
+
+        Length = RtlLengthSid(OwnerSid);
+        TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
+        if (TokenInfo1->Owner.Owner == NULL)
+            return STATUS_INSUFFICIENT_RESOURCES;
+
+        RtlCopyMemory(TokenInfo1->Owner.Owner,
+                      OwnerSid,
+                      Length);
+    }
+
+    return STATUS_SUCCESS;
+}
+
+
 static
 NTSTATUS
 LsapAddTokenDefaultDacl(
@@ -821,6 +862,13 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
         goto done;
     }
 
+    Status = LsapSetTokenOwner(TokenInformation,
+                               TokenInformationType);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }
 
     Status = LsapAddTokenDefaultDacl(TokenInformation,
                                      TokenInformationType);
index d7f6f2f..937594d 100644 (file)
@@ -81,6 +81,7 @@ typedef struct _WELL_KNOWN_SID
 
 LIST_ENTRY WellKnownSidListHead;
 PSID LsapLocalSystemSid = NULL;
+PSID LsapAdministratorsSid = NULL;
 
 
 /* FUNCTIONS ***************************************************************/
@@ -521,7 +522,7 @@ LsapInitSids(VOID)
                   szAccountName,
                   szDomainName,
                   SidTypeAlias,
-                  NULL);
+                  &LsapAdministratorsSid);
 
     /* Users Alias Sid */
     LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, 80);
index 16c7b3c..50a449e 100644 (file)
@@ -92,6 +92,7 @@ extern PSID AccountDomainSid;
 extern UNICODE_STRING AccountDomainName;
 
 extern PSID LsapLocalSystemSid;
+extern PSID LsapAdministratorsSid;
 
 
 /* authpackage.c */
index 921aa6f..7b15284 100644 (file)
@@ -271,8 +271,7 @@ NTSTATUS
 BuildTokenGroups(IN PSID AccountDomainSid,
                  IN PLUID LogonId,
                  OUT PTOKEN_GROUPS *Groups,
-                 OUT PSID *PrimaryGroupSid,
-                 OUT PSID *OwnerSid)
+                 OUT PSID *PrimaryGroupSid)
 {
     SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
     SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
@@ -374,7 +373,6 @@ BuildTokenGroups(IN PSID AccountDomainSid,
     TokenGroups->Groups[GroupCount].Attributes =
         SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
     GroupCount++;
-    *OwnerSid = Sid;
 
     /* Member of 'Local users */
     RtlAllocateAndInitializeSid(&LocalAuthority,
@@ -546,31 +544,6 @@ done:
 }
 
 
-static
-NTSTATUS
-BuildTokenOwner(PTOKEN_OWNER Owner,
-                PSID OwnerSid)
-{
-    ULONG RidCount;
-    ULONG Size;
-
-    RidCount = *RtlSubAuthorityCountSid(OwnerSid);
-    Size = RtlLengthRequiredSid(RidCount);
-
-    Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
-    if (Owner->Owner == NULL)
-    {
-        return STATUS_INSUFFICIENT_RESOURCES;
-    }
-
-    RtlCopyMemory(Owner->Owner,
-                  OwnerSid,
-                  Size);
-
-    return STATUS_SUCCESS;
-}
-
-
 static
 NTSTATUS
 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
@@ -579,7 +552,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
                             PLUID LogonId)
 {
     PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
-    PSID OwnerSid = NULL;
     PSID PrimaryGroupSid = NULL;
     ULONG i;
     NTSTATUS Status = STATUS_SUCCESS;
@@ -604,8 +576,7 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
     Status = BuildTokenGroups((PSID)AccountDomainSid,
                               LogonId,
                               &Buffer->Groups,
-                              &PrimaryGroupSid,
-                              &OwnerSid);
+                              &PrimaryGroupSid);
     if (!NT_SUCCESS(Status))
         goto done;
 
@@ -618,11 +589,6 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
     if (!NT_SUCCESS(Status))
         goto done;
 
-    Status = BuildTokenOwner(&Buffer->Owner,
-                             OwnerSid);
-    if (!NT_SUCCESS(Status))
-        goto done;
-
     *TokenInformation = Buffer;
 
 done:
@@ -650,9 +616,6 @@ done:
             if (Buffer->Privileges != NULL)
                 DispatchTable.FreeLsaHeap(Buffer->Privileges);
 
-            if (Buffer->Owner.Owner != NULL)
-                DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
-
             if (Buffer->DefaultDacl.DefaultDacl != NULL)
                 DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);