[LSASRV][SYSSETUP]
authorEric Kohl <eric.kohl@reactos.org>
Wed, 30 May 2012 22:53:37 +0000 (22:53 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Wed, 30 May 2012 22:53:37 +0000 (22:53 +0000)
Move the creation of the random account domain SID from syssetup.dll to lsasrv.dll. This change is required because the account domain SID must be stored in the LSA database before the SAM database initializes. Syssetup.dll created the account domain SID much too late.

svn path=/trunk/; revision=56678

reactos/dll/win32/lsasrv/database.c
reactos/dll/win32/lsasrv/lsasrv.h
reactos/dll/win32/syssetup/globals.h
reactos/dll/win32/syssetup/install.c
reactos/dll/win32/syssetup/security.c

index c7b770c..faa85ba 100644 (file)
@@ -199,12 +199,42 @@ Done:
 }
 
 
+static NTSTATUS
+LsapCreateRandomDomainSid(OUT PSID *Sid)
+{
+    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
+    LARGE_INTEGER SystemTime;
+    PULONG Seed;
+
+    NtQuerySystemTime(&SystemTime);
+    Seed = &SystemTime.u.LowPart;
+
+    return RtlAllocateAndInitializeSid(&SystemAuthority,
+                                       4,
+                                       SECURITY_NT_NON_UNIQUE,
+                                       RtlUniform(Seed),
+                                       RtlUniform(Seed),
+                                       RtlUniform(Seed),
+                                       SECURITY_NULL_RID,
+                                       SECURITY_NULL_RID,
+                                       SECURITY_NULL_RID,
+                                       SECURITY_NULL_RID,
+                                       Sid);
+}
+
+
 static NTSTATUS
 LsapCreateDatabaseObjects(VOID)
 {
-    PLSA_DB_OBJECT PolicyObject;
+    PLSA_DB_OBJECT PolicyObject = NULL;
+    PSID AccountDomainSid = NULL;
     NTSTATUS Status;
 
+    /* Create a random domain SID */
+    Status = LsapCreateRandomDomainSid(&AccountDomainSid);
+    if (!NT_SUCCESS(Status))
+        return Status;
+
     /* Open the 'Policy' object */
     Status = LsapOpenDbObject(NULL,
                               L"Policy",
@@ -212,7 +242,7 @@ LsapCreateDatabaseObjects(VOID)
                               0,
                               &PolicyObject);
     if (!NT_SUCCESS(Status))
-        return Status;
+        goto done;
 
     LsapSetObjectAttribute(PolicyObject,
                            L"PolPrDmN",
@@ -231,13 +261,17 @@ LsapCreateDatabaseObjects(VOID)
 
     LsapSetObjectAttribute(PolicyObject,
                            L"PolAcDmS",
-                           NULL,
-                           0);
+                           AccountDomainSid,
+                           RtlLengthSid(AccountDomainSid));
 
-    /* Close the 'Policy' object */
-    LsapCloseDbObject(PolicyObject);
+done:
+    if (PolicyObject != NULL)
+        LsapCloseDbObject(PolicyObject);
 
-    return STATUS_SUCCESS;
+    if (AccountDomainSid != NULL)
+        RtlFreeSid(AccountDomainSid);
+
+    return Status;
 }
 
 
index 79f7ed4..7442977 100644 (file)
@@ -11,6 +11,7 @@
 #include <windows.h>
 #define NTOS_MODE_USER
 #include <ndk/cmfuncs.h>
+#include <ndk/kefuncs.h>
 #include <ndk/lpctypes.h>
 #include <ndk/lpcfuncs.h>
 #include <ndk/obfuncs.h>
index 385b5c8..483a6d4 100644 (file)
@@ -64,6 +64,7 @@ extern SETUPDATA SetupData;
 /* security.c */
 NTSTATUS SetAccountDomain(LPCWSTR DomainName,
                           PSID DomainSid);
+NTSTATUS GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo);
 VOID InstallSecurity(VOID);
 
 /* wizard.c */
index 1e61125..01b99dd 100644 (file)
@@ -36,9 +36,6 @@ CMP_WaitNoPendingInstallEvents(DWORD dwTimeout);
 
 /* GLOBALS ******************************************************************/
 
-PSID DomainSid = NULL;
-PSID AdminSid = NULL;
-
 HINF hSysSetupInf = INVALID_HANDLE_VALUE;
 
 /* FUNCTIONS ****************************************************************/
@@ -227,33 +224,6 @@ CreateShortcutFolder(int csidl, UINT nID, LPTSTR pszName, int cchNameLen)
     return CreateDirectory(szPath, NULL) || GetLastError()==ERROR_ALREADY_EXISTS;
 }
 
-static BOOL
-CreateRandomSid(
-    OUT PSID *Sid)
-{
-    SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
-    LARGE_INTEGER SystemTime;
-    PULONG Seed;
-    NTSTATUS Status;
-
-    NtQuerySystemTime(&SystemTime);
-    Seed = &SystemTime.u.LowPart;
-
-    Status = RtlAllocateAndInitializeSid(
-        &SystemAuthority,
-        4,
-        SECURITY_NT_NON_UNIQUE,
-        RtlUniform(Seed),
-        RtlUniform(Seed),
-        RtlUniform(Seed),
-        SECURITY_NULL_RID,
-        SECURITY_NULL_RID,
-        SECURITY_NULL_RID,
-        SECURITY_NULL_RID,
-        Sid);
-    return NT_SUCCESS(Status);
-}
-
 static VOID
 AppendRidToSid(
     OUT PSID *Dst,
@@ -878,6 +848,8 @@ SetSetupType(DWORD dwSetupType)
 DWORD WINAPI
 InstallReactOS(HINSTANCE hInstance)
 {
+    PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL;
+    PSID AdminSid = NULL;
     TCHAR szBuffer[MAX_PATH];
     DWORD LastError;
     HANDLE token;
@@ -893,23 +865,17 @@ InstallReactOS(HINSTANCE hInstance)
         return 0;
     }
 
-    /* Create the semi-random Domain-SID */
-    if (!CreateRandomSid(&DomainSid))
+    /* Get account domain information */
+    if (GetAccountDomainInfo(&AccountDomainInfo) != STATUS_SUCCESS)
     {
-        FatalError("Domain-SID creation failed!");
-        return 0;
-    }
-
-    /* Set the Domain SID (aka Computer SID) */
-    if (SetAccountDomain(NULL, DomainSid) != STATUS_SUCCESS)
-    {
-        FatalError("SetAccountDomain() failed!");
-        RtlFreeSid(DomainSid);
+        FatalError("GetAccountDomainInfo() failed!");
         return 0;
     }
 
     /* Append the Admin-RID */
-    AppendRidToSid(&AdminSid, DomainSid, DOMAIN_USER_RID_ADMIN);
+    AppendRidToSid(&AdminSid, AccountDomainInfo->DomainSid, DOMAIN_USER_RID_ADMIN);
+
+    LsaFreeMemory(AccountDomainInfo);
 
     CreateTempDir(L"TEMP");
     CreateTempDir(L"TMP");
@@ -964,13 +930,11 @@ InstallReactOS(HINSTANCE hInstance)
         {
             FatalError("SamCreateUser() failed!");
             RtlFreeSid(AdminSid);
-            RtlFreeSid(DomainSid);
             return 0;
         }
     }
 
     RtlFreeSid(AdminSid);
-    RtlFreeSid(DomainSid);
 
     if (!CreateShortcuts())
     {
index ecf892d..3d822fb 100644 (file)
@@ -26,6 +26,8 @@ SetAccountDomain(LPCWSTR DomainName,
     LSA_HANDLE PolicyHandle;
     NTSTATUS Status;
 
+    DPRINT1("SYSSETUP: SetAccountDomain\n");
+
     memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
     ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
 
@@ -87,6 +89,38 @@ SetAccountDomain(LPCWSTR DomainName,
 }
 
 
+NTSTATUS
+GetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo)
+{
+    LSA_OBJECT_ATTRIBUTES ObjectAttributes;
+    LSA_HANDLE PolicyHandle;
+    NTSTATUS Status;
+
+    DPRINT1("SYSSETUP: GetAccountDomain\n");
+
+    memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
+    ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
+
+    Status = LsaOpenPolicy(NULL,
+                           &ObjectAttributes,
+                           POLICY_TRUST_ADMIN,
+                           &PolicyHandle);
+    if (Status != STATUS_SUCCESS)
+    {
+        DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
+        return Status;
+    }
+
+    Status = LsaQueryInformationPolicy(PolicyHandle,
+                                       PolicyAccountDomainInformation,
+                                       (PVOID *)AccountDomainInfo);
+
+    LsaClose(PolicyHandle);
+
+    return Status;
+}
+
+
 static
 VOID
 InstallBuiltinAccounts(VOID)