From e32637bc50d473b974656d3ca9eae6484e43edf9 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sat, 10 Jul 2004 21:15:26 +0000 Subject: [PATCH] Fix default DACL of the logon token. svn path=/trunk/; revision=10067 --- reactos/lib/advapi32/misc/logon.c | 94 ++++++++++++++++++++++--------- 1 file changed, 66 insertions(+), 28 deletions(-) diff --git a/reactos/lib/advapi32/misc/logon.c b/reactos/lib/advapi32/misc/logon.c index 9059f09038e..6935632a9d2 100644 --- a/reactos/lib/advapi32/misc/logon.c +++ b/reactos/lib/advapi32/misc/logon.c @@ -1,4 +1,4 @@ -/* $Id: logon.c,v 1.8 2004/07/10 13:12:24 ekohl Exp $ +/* $Id: logon.c,v 1.9 2004/07/10 21:15:26 ekohl Exp $ * * COPYRIGHT: See COPYING in the top level directory * PROJECT: ReactOS system libraries @@ -579,7 +579,8 @@ LogonUserW (LPWSTR lpszUsername, PSID UserSid = NULL; PSID PrimaryGroupSid = NULL; PSID OwnerSid = NULL; - ACL Dacl; + PSID LocalSystemSid; + PACL Dacl; NTSTATUS Status; SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; unsigned i; @@ -626,7 +627,7 @@ LogonUserW (LPWSTR lpszUsername, &OwnerSid); if (NULL == TokenGroups) { - RtlFreeSid (UserSid); + RtlFreeSid(UserSid); SetLastError(ERROR_OUTOFMEMORY); return FALSE; } @@ -639,7 +640,7 @@ LogonUserW (LPWSTR lpszUsername, if (NULL == TokenPrivileges) { FreeGroupSids(TokenGroups); - RtlFreeSid (UserSid); + RtlFreeSid(UserSid); SetLastError(ERROR_OUTOFMEMORY); return FALSE; } @@ -661,48 +662,85 @@ LogonUserW (LPWSTR lpszUsername, TokenOwner.Owner = OwnerSid; TokenPrimaryGroup.PrimaryGroup = PrimaryGroupSid; -// TokenPrimaryGroup.PrimaryGroup = UserSid; - Status = RtlCreateAcl (&Dacl, sizeof(ACL), ACL_REVISION); + + Dacl = RtlAllocateHeap(GetProcessHeap(), 0, 1024); + if (Dacl == NULL) + { + FreeGroupSids(TokenGroups); + RtlFreeSid(UserSid); + SetLastError(ERROR_OUTOFMEMORY); + return FALSE; + } + + Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION); if (!NT_SUCCESS(Status)) { + RtlFreeHeap(GetProcessHeap(), 0, Dacl); FreeGroupSids(TokenGroups); RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges); - RtlFreeSid (UserSid); + RtlFreeSid(UserSid); return FALSE; } - TokenDefaultDacl.DefaultDacl = &Dacl; + RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_ALL, + OwnerSid); - memcpy (TokenSource.SourceName, - "**ANON**", - 8); - Status = NtAllocateLocallyUniqueId (&TokenSource.SourceIdentifier); + RtlAllocateAndInitializeSid(&SystemAuthority, + 1, + SECURITY_LOCAL_SYSTEM_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + &LocalSystemSid); + + /* SID: S-1-5-18 */ + RtlAddAccessAllowedAce(Dacl, + ACL_REVISION, + GENERIC_ALL, + LocalSystemSid); + + RtlFreeSid(LocalSystemSid); + + TokenDefaultDacl.DefaultDacl = Dacl; + + memcpy(TokenSource.SourceName, + "User32 ", + 8); + Status = NtAllocateLocallyUniqueId(&TokenSource.SourceIdentifier); if (!NT_SUCCESS(Status)) { + RtlFreeHeap(GetProcessHeap(), 0, Dacl); FreeGroupSids(TokenGroups); RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges); - RtlFreeSid (UserSid); + RtlFreeSid(UserSid); return FALSE; } - Status = NtCreateToken (phToken, - TOKEN_ALL_ACCESS, - &ObjectAttributes, - TokenPrimary, - &AuthenticationId, - &ExpirationTime, - &TokenUser, - TokenGroups, - TokenPrivileges, - &TokenOwner, - &TokenPrimaryGroup, - &TokenDefaultDacl, - &TokenSource); - + Status = NtCreateToken(phToken, + TOKEN_ALL_ACCESS, + &ObjectAttributes, + TokenPrimary, + &AuthenticationId, + &ExpirationTime, + &TokenUser, + TokenGroups, + TokenPrivileges, + &TokenOwner, + &TokenPrimaryGroup, + &TokenDefaultDacl, + &TokenSource); + + RtlFreeHeap(GetProcessHeap(), 0, Dacl); FreeGroupSids(TokenGroups); RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges); - RtlFreeSid (UserSid); + RtlFreeSid(UserSid); return NT_SUCCESS(Status); } -- 2.17.1