From a2896cf4adc38c53a8115391b5e9ef1bc9d038e8 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Thu, 26 Dec 2013 19:20:33 +0000 Subject: [PATCH] [LSASRV][MSV1_0] - Add local group SIDs to the token groups list (LocalSID and LogonSID). - Remove these SIDs from the hard-coded list. svn path=/trunk/; revision=61433 --- reactos/dll/win32/lsasrv/authpackage.c | 97 ++++++++++++++++++++++++++ reactos/dll/win32/msv1_0/msv1_0.c | 37 +--------- 2 files changed, 98 insertions(+), 36 deletions(-) diff --git a/reactos/dll/win32/lsasrv/authpackage.c b/reactos/dll/win32/lsasrv/authpackage.c index c649d78aa2a..4e5f2ad4f6b 100644 --- a/reactos/dll/win32/lsasrv/authpackage.c +++ b/reactos/dll/win32/lsasrv/authpackage.c @@ -643,6 +643,90 @@ done: } +static +NTSTATUS +LsapAddLocalGroups( + IN PVOID TokenInformation, + IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, + IN PTOKEN_GROUPS LocalGroups) +{ + PLSA_TOKEN_INFORMATION_V1 TokenInfo1; + PTOKEN_GROUPS Groups; + ULONG Length; + ULONG i; + ULONG j; + + if (LocalGroups == NULL || LocalGroups->GroupCount == 0) + return STATUS_SUCCESS; + + if (TokenInformationType == LsaTokenInformationV1) + { + TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation; + + if (TokenInfo1->Groups != NULL) + { + Length = sizeof(TOKEN_GROUPS) + + (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount; + + for (i = 0; i < TokenInfo1->Groups->GroupCount; i++) + { + Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid; + Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes; + } + + for (j = 0; j < LocalGroups->GroupCount; i++, j++) + { + Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid; + Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes; + LocalGroups->Groups[j].Sid = NULL; + } + + RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups); + + TokenInfo1->Groups = Groups; + } + else + { + Length = sizeof(TOKEN_GROUPS) + + (LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES); + + Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length); + if (Groups == NULL) + { + ERR("Group buffer allocation failed!\n"); + return STATUS_INSUFFICIENT_RESOURCES; + } + + Groups->GroupCount = LocalGroups->GroupCount; + + for (i = 0; i < LocalGroups->GroupCount; i++) + { + Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid; + Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes; + } + + TokenInfo1->Groups = Groups; + } + } + else + { + FIXME("TokenInformationType %d is not supported!\n", TokenInformationType); + return STATUS_NOT_IMPLEMENTED; + } + + return STATUS_SUCCESS; +} + + static NTSTATUS LsapSetTokenOwner( @@ -862,6 +946,19 @@ LsapLogonUser(PLSA_API_MSG RequestMsg, goto done; } + if (LocalGroups->GroupCount > 0) + { + /* Add local groups to the token information */ + Status = LsapAddLocalGroups(TokenInformation, + TokenInformationType, + LocalGroups); + if (!NT_SUCCESS(Status)) + { + ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status); + goto done; + } + } + Status = LsapSetTokenOwner(TokenInformation, TokenInformationType); if (!NT_SUCCESS(Status)) diff --git a/reactos/dll/win32/msv1_0/msv1_0.c b/reactos/dll/win32/msv1_0/msv1_0.c index 7b152843bc4..c8b1970a7b8 100644 --- a/reactos/dll/win32/msv1_0/msv1_0.c +++ b/reactos/dll/win32/msv1_0/msv1_0.c @@ -274,10 +274,9 @@ BuildTokenGroups(IN PSID AccountDomainSid, OUT PSID *PrimaryGroupSid) { SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; - SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; PTOKEN_GROUPS TokenGroups; -#define MAX_GROUPS 8 +#define MAX_GROUPS 6 DWORD GroupCount = 0; PSID Sid; NTSTATUS Status = STATUS_SUCCESS; @@ -357,40 +356,6 @@ BuildTokenGroups(IN PSID AccountDomainSid, SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; GroupCount++; - /* Logon SID */ - RtlAllocateAndInitializeSid(&SystemAuthority, - SECURITY_LOGON_IDS_RID_COUNT, - SECURITY_LOGON_IDS_RID, - LogonId->HighPart, - LogonId->LowPart, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID; - GroupCount++; - - /* Member of 'Local users */ - RtlAllocateAndInitializeSid(&LocalAuthority, - 1, - SECURITY_LOCAL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - /* Member of 'Interactive users' */ RtlAllocateAndInitializeSid(&SystemAuthority, 1, -- 2.17.1