1 /* 2 * COPYRIGHT: See COPYING in the top level directory 3 * PROJECT: Local Security Authority (LSA) Server 4 * FILE: reactos/dll/win32/lsasrv/lookup.c 5 * PURPOSE: Sid / Name lookup functions 6 * 7 * PROGRAMMERS: Eric Kohl 8 */ 9 10 #include "lsasrv.h" 11 12 #include "resources.h" 13 14 /* GLOBALS *****************************************************************/ 15 16 typedef wchar_t *PSAMPR_SERVER_NAME; 17 typedef void *SAMPR_HANDLE; 18 19 typedef struct _SAMPR_RETURNED_USTRING_ARRAY 20 { 21 unsigned long Count; 22 PRPC_UNICODE_STRING Element; 23 } SAMPR_RETURNED_USTRING_ARRAY, *PSAMPR_RETURNED_USTRING_ARRAY; 24 25 VOID 26 NTAPI 27 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(PSAMPR_RETURNED_USTRING_ARRAY Ptr); 28 29 VOID 30 NTAPI 31 SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr); 32 33 NTSTATUS 34 NTAPI 35 SamrConnect(IN PSAMPR_SERVER_NAME ServerName, 36 OUT SAMPR_HANDLE *ServerHandle, 37 IN ACCESS_MASK DesiredAccess); 38 39 NTSTATUS 40 NTAPI 41 SamrCloseHandle(IN OUT SAMPR_HANDLE *SamHandle); 42 43 NTSTATUS 44 NTAPI 45 SamrOpenDomain(IN SAMPR_HANDLE ServerHandle, 46 IN ACCESS_MASK DesiredAccess, 47 IN PRPC_SID DomainId, 48 OUT SAMPR_HANDLE *DomainHandle); 49 50 NTSTATUS 51 NTAPI 52 SamrLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle, 53 IN ULONG Count, 54 IN ULONG *RelativeIds, 55 OUT PSAMPR_RETURNED_USTRING_ARRAY Names, 56 OUT PSAMPR_ULONG_ARRAY Use); 57 58 NTSTATUS 59 NTAPI 60 SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, 61 IN ULONG Count, 62 IN RPC_UNICODE_STRING Names[], 63 OUT PSAMPR_ULONG_ARRAY RelativeIds, 64 OUT PSAMPR_ULONG_ARRAY Use); 65 66 67 typedef struct _WELL_KNOWN_SID 68 { 69 LIST_ENTRY ListEntry; 70 PSID Sid; 71 UNICODE_STRING AccountName; 72 UNICODE_STRING DomainName; 73 SID_NAME_USE Use; 74 } WELL_KNOWN_SID, *PWELL_KNOWN_SID; 75 76 77 LIST_ENTRY WellKnownSidListHead; 78 PSID LsapWorldSid = NULL; 79 PSID LsapNetworkSid = NULL; 80 PSID LsapBatchSid = NULL; 81 PSID LsapInteractiveSid = NULL; 82 PSID LsapServiceSid = NULL; 83 PSID LsapLocalSystemSid = NULL; 84 PSID LsapAdministratorsSid = NULL; 85 86 87 /* FUNCTIONS ***************************************************************/ 88 89 BOOLEAN 90 LsapCreateSid(PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, 91 UCHAR SubAuthorityCount, 92 PULONG SubAuthorities, 93 PWSTR AccountName, 94 PWSTR DomainName, 95 SID_NAME_USE Use, 96 PSID *SidPtr) 97 { 98 PWELL_KNOWN_SID SidEntry; 99 SIZE_T AccountNameLength, DomainNameLength; 100 PULONG p; 101 ULONG i; 102 103 AccountNameLength = wcslen(AccountName); 104 DomainNameLength = wcslen(DomainName); 105 if ((AccountNameLength > UNICODE_STRING_MAX_CHARS) || 106 (DomainNameLength > UNICODE_STRING_MAX_CHARS)) 107 { 108 return FALSE; 109 } 110 111 SidEntry = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(WELL_KNOWN_SID)); 112 if (SidEntry == NULL) 113 return FALSE; 114 115 InitializeListHead(&SidEntry->ListEntry); 116 117 SidEntry->Sid = RtlAllocateHeap(RtlGetProcessHeap(), 118 0, 119 RtlLengthRequiredSid(SubAuthorityCount)); 120 if (SidEntry->Sid == NULL) 121 { 122 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry); 123 return FALSE; 124 } 125 126 RtlInitializeSid(SidEntry->Sid, 127 IdentifierAuthority, 128 SubAuthorityCount); 129 130 for (i = 0; i < (ULONG)SubAuthorityCount; i++) 131 { 132 p = RtlSubAuthoritySid(SidEntry->Sid, i); 133 *p = SubAuthorities[i]; 134 } 135 136 // RtlInitUnicodeString(&SidEntry->AccountName, 137 // AccountName); 138 SidEntry->AccountName.Length = (USHORT)AccountNameLength * sizeof(WCHAR); 139 SidEntry->AccountName.MaximumLength = SidEntry->AccountName.Length + sizeof(WCHAR); 140 SidEntry->AccountName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, 141 SidEntry->AccountName.MaximumLength); 142 if (SidEntry->AccountName.Buffer == NULL) 143 { 144 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid); 145 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry); 146 return FALSE; 147 } 148 149 wcscpy(SidEntry->AccountName.Buffer, 150 AccountName); 151 152 // RtlInitUnicodeString(&SidEntry->DomainName, 153 // DomainName); 154 SidEntry->DomainName.Length = (USHORT)DomainNameLength * sizeof(WCHAR); 155 SidEntry->DomainName.MaximumLength = SidEntry->DomainName.Length + sizeof(WCHAR); 156 SidEntry->DomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, 157 SidEntry->DomainName.MaximumLength); 158 if (SidEntry->DomainName.Buffer == NULL) 159 { 160 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->AccountName.Buffer); 161 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry->Sid); 162 RtlFreeHeap(RtlGetProcessHeap(), 0, SidEntry); 163 return FALSE; 164 } 165 166 wcscpy(SidEntry->DomainName.Buffer, 167 DomainName); 168 169 SidEntry->Use = Use; 170 171 InsertTailList(&WellKnownSidListHead, 172 &SidEntry->ListEntry); 173 174 if (SidPtr != NULL) 175 *SidPtr = SidEntry->Sid; 176 177 return TRUE; 178 } 179 180 181 NTSTATUS 182 LsapInitSids(VOID) 183 { 184 WCHAR szAccountName[80]; 185 WCHAR szDomainName[80]; 186 ULONG SubAuthorities[8]; 187 HINSTANCE hInstance; 188 189 InitializeListHead(&WellKnownSidListHead); 190 191 hInstance = GetModuleHandleW(L"lsasrv.dll"); 192 193 /* NT Authority */ 194 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szAccountName, ARRAYSIZE(szAccountName)); 195 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, ARRAYSIZE(szDomainName)); 196 LsapCreateSid(&NtAuthority, 197 0, 198 NULL, 199 szAccountName, 200 szDomainName, 201 SidTypeDomain, 202 NULL); 203 204 /* Null Sid */ 205 LsapLoadString(hInstance, IDS_NULL_RID, szAccountName, ARRAYSIZE(szAccountName)); 206 207 SubAuthorities[0] = SECURITY_NULL_RID; 208 LsapCreateSid(&NullSidAuthority, 209 1, 210 SubAuthorities, 211 szAccountName, 212 L"", 213 SidTypeWellKnownGroup, 214 NULL); 215 216 /* World Sid */ 217 LsapLoadString(hInstance, IDS_WORLD_RID, szAccountName, ARRAYSIZE(szAccountName)); 218 219 SubAuthorities[0] = SECURITY_WORLD_RID; 220 LsapCreateSid(&WorldSidAuthority, 221 1, 222 SubAuthorities, 223 szAccountName, 224 L"", 225 SidTypeWellKnownGroup, 226 &LsapWorldSid); 227 228 /* Local Sid */ 229 LsapLoadString(hInstance, IDS_LOCAL_RID, szAccountName, ARRAYSIZE(szAccountName)); 230 231 SubAuthorities[0] = SECURITY_LOCAL_RID; 232 LsapCreateSid(&LocalSidAuthority, 233 1, 234 SubAuthorities, 235 szAccountName, 236 L"", 237 SidTypeWellKnownGroup, 238 NULL); 239 240 /* Creator Owner Sid */ 241 LsapLoadString(hInstance, IDS_CREATOR_OWNER_RID, szAccountName, ARRAYSIZE(szAccountName)); 242 243 SubAuthorities[0] = SECURITY_CREATOR_OWNER_RID; 244 LsapCreateSid(&CreatorSidAuthority, 245 1, 246 SubAuthorities, 247 szAccountName, 248 L"", 249 SidTypeWellKnownGroup, 250 NULL); 251 252 /* Creator Group Sid */ 253 LsapLoadString(hInstance, IDS_CREATOR_GROUP_RID, szAccountName, ARRAYSIZE(szAccountName)); 254 255 SubAuthorities[0] = SECURITY_CREATOR_GROUP_RID; 256 LsapCreateSid(&CreatorSidAuthority, 257 1, 258 SubAuthorities, 259 szAccountName, 260 L"", 261 SidTypeWellKnownGroup, 262 NULL); 263 264 /* Creator Owner Server Sid */ 265 LsapLoadString(hInstance, IDS_CREATOR_OWNER_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName)); 266 267 SubAuthorities[0] = SECURITY_CREATOR_OWNER_SERVER_RID; 268 LsapCreateSid(&CreatorSidAuthority, 269 1, 270 SubAuthorities, 271 szAccountName, 272 L"", 273 SidTypeWellKnownGroup, 274 NULL); 275 276 /* Creator Group Server Sid */ 277 LsapLoadString(hInstance, IDS_CREATOR_GROUP_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName)); 278 279 SubAuthorities[0] = SECURITY_CREATOR_GROUP_SERVER_RID; 280 LsapCreateSid(&CreatorSidAuthority, 281 1, 282 SubAuthorities, 283 szAccountName, 284 L"", 285 SidTypeWellKnownGroup, 286 NULL); 287 288 /* Dialup Sid */ 289 LsapLoadString(hInstance, IDS_DIALUP_RID, szAccountName, ARRAYSIZE(szAccountName)); 290 LsapLoadString(hInstance, IDS_NT_AUTHORITY, szDomainName, ARRAYSIZE(szDomainName)); 291 292 SubAuthorities[0] = SECURITY_DIALUP_RID; 293 LsapCreateSid(&NtAuthority, 294 1, 295 SubAuthorities, 296 szAccountName, 297 szDomainName, 298 SidTypeWellKnownGroup, 299 NULL); 300 301 /* Network Sid */ 302 LsapLoadString(hInstance, IDS_NETWORK_RID, szAccountName, ARRAYSIZE(szAccountName)); 303 304 SubAuthorities[0] = SECURITY_NETWORK_RID; 305 LsapCreateSid(&NtAuthority, 306 1, 307 SubAuthorities, 308 szAccountName, 309 szDomainName, 310 SidTypeWellKnownGroup, 311 &LsapNetworkSid); 312 313 /* Batch Sid*/ 314 LsapLoadString(hInstance, IDS_BATCH_RID, szAccountName, ARRAYSIZE(szAccountName)); 315 316 SubAuthorities[0] = SECURITY_BATCH_RID; 317 LsapCreateSid(&NtAuthority, 318 1, 319 SubAuthorities, 320 szAccountName, 321 szDomainName, 322 SidTypeWellKnownGroup, 323 &LsapBatchSid); 324 325 /* Interactive Sid */ 326 LsapLoadString(hInstance, IDS_INTERACTIVE_RID, szAccountName, ARRAYSIZE(szAccountName)); 327 328 SubAuthorities[0] = SECURITY_INTERACTIVE_RID; 329 LsapCreateSid(&NtAuthority, 330 1, 331 SubAuthorities, 332 szAccountName, 333 szDomainName, 334 SidTypeWellKnownGroup, 335 &LsapInteractiveSid); 336 337 /* Service Sid */ 338 LsapLoadString(hInstance, IDS_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName)); 339 340 SubAuthorities[0] = SECURITY_SERVICE_RID; 341 LsapCreateSid(&NtAuthority, 342 1, 343 SubAuthorities, 344 szAccountName, 345 szDomainName, 346 SidTypeWellKnownGroup, 347 &LsapServiceSid); 348 349 /* Anonymous Logon Sid */ 350 LsapLoadString(hInstance, IDS_ANONYMOUS_LOGON_RID, szAccountName, ARRAYSIZE(szAccountName)); 351 352 SubAuthorities[0] = SECURITY_ANONYMOUS_LOGON_RID; 353 LsapCreateSid(&NtAuthority, 354 1, 355 SubAuthorities, 356 szAccountName, 357 szDomainName, 358 SidTypeWellKnownGroup, 359 NULL); 360 361 /* Proxy Sid */ 362 LsapLoadString(hInstance, IDS_PROXY_RID, szAccountName, ARRAYSIZE(szAccountName)); 363 364 SubAuthorities[0] = SECURITY_PROXY_RID; 365 LsapCreateSid(&NtAuthority, 366 1, 367 SubAuthorities, 368 szAccountName, 369 szDomainName, 370 SidTypeWellKnownGroup, 371 NULL); 372 373 /* Enterprise Controllers Sid */ 374 LsapLoadString(hInstance, IDS_ENTERPRISE_CONTROLLERS_RID, szAccountName, ARRAYSIZE(szAccountName)); 375 376 SubAuthorities[0] = SECURITY_ENTERPRISE_CONTROLLERS_RID; 377 LsapCreateSid(&NtAuthority, 378 1, 379 SubAuthorities, 380 szAccountName, 381 szDomainName, 382 SidTypeWellKnownGroup, 383 NULL); 384 385 /* Principal Self Sid */ 386 LsapLoadString(hInstance, IDS_PRINCIPAL_SELF_RID, szAccountName, ARRAYSIZE(szAccountName)); 387 388 SubAuthorities[0] = SECURITY_PRINCIPAL_SELF_RID; 389 LsapCreateSid(&NtAuthority, 390 1, 391 SubAuthorities, 392 szAccountName, 393 szDomainName, 394 SidTypeWellKnownGroup, 395 NULL); 396 397 /* Authenticated Users Sid */ 398 LsapLoadString(hInstance, IDS_AUTHENTICATED_USER_RID, szAccountName, ARRAYSIZE(szAccountName)); 399 400 SubAuthorities[0] = SECURITY_AUTHENTICATED_USER_RID; 401 LsapCreateSid(&NtAuthority, 402 1, 403 SubAuthorities, 404 szAccountName, 405 szDomainName, 406 SidTypeWellKnownGroup, 407 NULL); 408 409 /* Restricted Code Sid */ 410 LsapLoadString(hInstance, IDS_RESTRICTED_CODE_RID, szAccountName, ARRAYSIZE(szAccountName)); 411 412 SubAuthorities[0] = SECURITY_RESTRICTED_CODE_RID; 413 LsapCreateSid(&NtAuthority, 414 1, 415 SubAuthorities, 416 szAccountName, 417 szDomainName, 418 SidTypeWellKnownGroup, 419 NULL); 420 421 /* Terminal Server Sid */ 422 LsapLoadString(hInstance, IDS_TERMINAL_SERVER_RID, szAccountName, ARRAYSIZE(szAccountName)); 423 424 SubAuthorities[0] = SECURITY_TERMINAL_SERVER_RID; 425 LsapCreateSid(&NtAuthority, 426 1, 427 SubAuthorities, 428 szAccountName, 429 szDomainName, 430 SidTypeWellKnownGroup, 431 NULL); 432 433 /* Remote Logon Sid */ 434 LsapLoadString(hInstance, IDS_REMOTE_LOGON_RID, szAccountName, ARRAYSIZE(szAccountName)); 435 436 SubAuthorities[0] = SECURITY_REMOTE_LOGON_RID; 437 LsapCreateSid(&NtAuthority, 438 1, 439 SubAuthorities, 440 szAccountName, 441 szDomainName, 442 SidTypeWellKnownGroup, 443 NULL); 444 445 /* This Organization Sid */ 446 LsapLoadString(hInstance, IDS_THIS_ORGANIZATION_RID, szAccountName, ARRAYSIZE(szAccountName)); 447 448 SubAuthorities[0] = SECURITY_THIS_ORGANIZATION_RID; 449 LsapCreateSid(&NtAuthority, 450 1, 451 SubAuthorities, 452 szAccountName, 453 szDomainName, 454 SidTypeWellKnownGroup, 455 NULL); 456 457 /* Local System Sid */ 458 LsapLoadString(hInstance, IDS_LOCAL_SYSTEM_RID, szAccountName, ARRAYSIZE(szAccountName)); 459 460 SubAuthorities[0] = SECURITY_LOCAL_SYSTEM_RID; 461 LsapCreateSid(&NtAuthority, 462 1, 463 SubAuthorities, 464 szAccountName, 465 szDomainName, 466 SidTypeWellKnownGroup, 467 &LsapLocalSystemSid); 468 469 /* Local Service Sid */ 470 LsapLoadString(hInstance, IDS_LOCAL_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName)); 471 472 SubAuthorities[0] = SECURITY_LOCAL_SERVICE_RID; 473 LsapCreateSid(&NtAuthority, 474 1, 475 SubAuthorities, 476 szAccountName, 477 szDomainName, 478 SidTypeWellKnownGroup, 479 NULL); 480 481 LsapCreateSid(&NtAuthority, 482 1, 483 SubAuthorities, 484 L"LOCALSERVICE", 485 L"NT AUTHORITY", 486 SidTypeWellKnownGroup, 487 NULL); 488 489 /* Network Service Sid */ 490 LsapLoadString(hInstance, IDS_NETWORK_SERVICE_RID, szAccountName, ARRAYSIZE(szAccountName)); 491 492 SubAuthorities[0] = SECURITY_NETWORK_SERVICE_RID; 493 LsapCreateSid(&NtAuthority, 494 1, 495 SubAuthorities, 496 szAccountName, 497 szDomainName, 498 SidTypeWellKnownGroup, 499 NULL); 500 501 LsapCreateSid(&NtAuthority, 502 1, 503 SubAuthorities, 504 L"NETWORKSERVICE", 505 L"NT AUTHORITY", 506 SidTypeWellKnownGroup, 507 NULL); 508 509 /* Builtin Domain Sid */ 510 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szAccountName, ARRAYSIZE(szAccountName)); 511 LsapLoadString(hInstance, IDS_BUILTIN_DOMAIN_RID, szDomainName, ARRAYSIZE(szDomainName)); 512 513 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 514 LsapCreateSid(&NtAuthority, 515 1, 516 SubAuthorities, 517 szAccountName, 518 szDomainName, 519 SidTypeDomain, 520 NULL); 521 522 /* Administrators Alias Sid */ 523 LsapLoadString(hInstance, IDS_ALIAS_RID_ADMINS, szAccountName, ARRAYSIZE(szAccountName)); 524 525 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 526 SubAuthorities[1] = DOMAIN_ALIAS_RID_ADMINS; 527 LsapCreateSid(&NtAuthority, 528 2, 529 SubAuthorities, 530 szAccountName, 531 szDomainName, 532 SidTypeAlias, 533 &LsapAdministratorsSid); 534 535 /* Users Alias Sid */ 536 LsapLoadString(hInstance, IDS_ALIAS_RID_USERS, szAccountName, ARRAYSIZE(szAccountName)); 537 538 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 539 SubAuthorities[1] = DOMAIN_ALIAS_RID_USERS; 540 LsapCreateSid(&NtAuthority, 541 2, 542 SubAuthorities, 543 szAccountName, 544 szDomainName, 545 SidTypeAlias, 546 NULL); 547 548 /* Guests Alias Sid */ 549 LsapLoadString(hInstance, IDS_ALIAS_RID_GUESTS, szAccountName, ARRAYSIZE(szAccountName)); 550 551 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 552 SubAuthorities[1] = DOMAIN_ALIAS_RID_GUESTS; 553 LsapCreateSid(&NtAuthority, 554 2, 555 SubAuthorities, 556 szAccountName, 557 szDomainName, 558 SidTypeAlias, 559 NULL); 560 561 /* Power User Alias Sid */ 562 LsapLoadString(hInstance, IDS_ALIAS_RID_POWER_USERS, szAccountName, ARRAYSIZE(szAccountName)); 563 564 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 565 SubAuthorities[1] = DOMAIN_ALIAS_RID_POWER_USERS; 566 LsapCreateSid(&NtAuthority, 567 2, 568 SubAuthorities, 569 szAccountName, 570 szDomainName, 571 SidTypeAlias, 572 NULL); 573 574 /* Account Operators Alias Sid */ 575 LsapLoadString(hInstance, IDS_ALIAS_RID_ACCOUNT_OPS, szAccountName, ARRAYSIZE(szAccountName)); 576 577 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 578 SubAuthorities[1] = DOMAIN_ALIAS_RID_ACCOUNT_OPS; 579 LsapCreateSid(&NtAuthority, 580 2, 581 SubAuthorities, 582 szAccountName, 583 szDomainName, 584 SidTypeAlias, 585 NULL); 586 587 /* System Operators Alias Sid */ 588 LsapLoadString(hInstance, IDS_ALIAS_RID_SYSTEM_OPS, szAccountName, ARRAYSIZE(szAccountName)); 589 590 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 591 SubAuthorities[1] = DOMAIN_ALIAS_RID_SYSTEM_OPS; 592 LsapCreateSid(&NtAuthority, 593 2, 594 SubAuthorities, 595 szAccountName, 596 szDomainName, 597 SidTypeAlias, 598 NULL); 599 600 /* Print Operators Alias Sid */ 601 LsapLoadString(hInstance, IDS_ALIAS_RID_PRINT_OPS, szAccountName, ARRAYSIZE(szAccountName)); 602 603 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 604 SubAuthorities[1] = DOMAIN_ALIAS_RID_PRINT_OPS; 605 LsapCreateSid(&NtAuthority, 606 2, 607 SubAuthorities, 608 szAccountName, 609 szDomainName, 610 SidTypeAlias, 611 NULL); 612 613 /* Backup Operators Alias Sid */ 614 LsapLoadString(hInstance, IDS_ALIAS_RID_BACKUP_OPS, szAccountName, ARRAYSIZE(szAccountName)); 615 616 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 617 SubAuthorities[1] = DOMAIN_ALIAS_RID_BACKUP_OPS; 618 LsapCreateSid(&NtAuthority, 619 2, 620 SubAuthorities, 621 szAccountName, 622 szDomainName, 623 SidTypeAlias, 624 NULL); 625 626 /* Replicators Alias Sid */ 627 LsapLoadString(hInstance, IDS_ALIAS_RID_REPLICATOR, szAccountName, ARRAYSIZE(szAccountName)); 628 629 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 630 SubAuthorities[1] = DOMAIN_ALIAS_RID_REPLICATOR; 631 LsapCreateSid(&NtAuthority, 632 2, 633 SubAuthorities, 634 szAccountName, 635 szDomainName, 636 SidTypeAlias, 637 NULL); 638 639 /* RAS Servers Alias Sid */ 640 LsapLoadString(hInstance, IDS_ALIAS_RID_RAS_SERVERS, szAccountName, ARRAYSIZE(szAccountName)); 641 642 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 643 SubAuthorities[1] = DOMAIN_ALIAS_RID_RAS_SERVERS; 644 LsapCreateSid(&NtAuthority, 645 2, 646 SubAuthorities, 647 szAccountName, 648 szDomainName, 649 SidTypeAlias, 650 NULL); 651 652 /* Pre-Windows 2000 Compatible Access Alias Sid */ 653 LsapLoadString(hInstance, IDS_ALIAS_RID_PREW2KCOMPACCESS, szAccountName, ARRAYSIZE(szAccountName)); 654 655 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 656 SubAuthorities[1] = DOMAIN_ALIAS_RID_PREW2KCOMPACCESS; 657 LsapCreateSid(&NtAuthority, 658 2, 659 SubAuthorities, 660 szAccountName, 661 szDomainName, 662 SidTypeAlias, 663 NULL); 664 665 /* Remote Desktop Users Alias Sid */ 666 LsapLoadString(hInstance, IDS_ALIAS_RID_REMOTE_DESKTOP_USERS, szAccountName, ARRAYSIZE(szAccountName)); 667 668 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 669 SubAuthorities[1] = DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS; 670 LsapCreateSid(&NtAuthority, 671 2, 672 SubAuthorities, 673 szAccountName, 674 szDomainName, 675 SidTypeAlias, 676 NULL); 677 678 /* Network Configuration Operators Alias Sid */ 679 LsapLoadString(hInstance, IDS_ALIAS_RID_NETWORK_CONFIGURATION_OPS, szAccountName, ARRAYSIZE(szAccountName)); 680 681 SubAuthorities[0] = SECURITY_BUILTIN_DOMAIN_RID; 682 SubAuthorities[1] = DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS; 683 LsapCreateSid(&NtAuthority, 684 2, 685 SubAuthorities, 686 szAccountName, 687 szDomainName, 688 SidTypeAlias, 689 NULL); 690 691 /* FIXME: Add more well known sids */ 692 693 return STATUS_SUCCESS; 694 } 695 696 697 PWELL_KNOWN_SID 698 LsapLookupWellKnownSid(PSID Sid) 699 { 700 PLIST_ENTRY ListEntry; 701 PWELL_KNOWN_SID Ptr; 702 703 ListEntry = WellKnownSidListHead.Flink; 704 while (ListEntry != &WellKnownSidListHead) 705 { 706 Ptr = CONTAINING_RECORD(ListEntry, 707 WELL_KNOWN_SID, 708 ListEntry); 709 if (RtlEqualSid(Sid, Ptr->Sid)) 710 { 711 return Ptr; 712 } 713 714 ListEntry = ListEntry->Flink; 715 } 716 717 return NULL; 718 } 719 720 721 PWELL_KNOWN_SID 722 LsapLookupIsolatedWellKnownName(PUNICODE_STRING AccountName) 723 { 724 PLIST_ENTRY ListEntry; 725 PWELL_KNOWN_SID Ptr; 726 727 ListEntry = WellKnownSidListHead.Flink; 728 while (ListEntry != &WellKnownSidListHead) 729 { 730 Ptr = CONTAINING_RECORD(ListEntry, 731 WELL_KNOWN_SID, 732 ListEntry); 733 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE)) 734 { 735 return Ptr; 736 } 737 738 ListEntry = ListEntry->Flink; 739 } 740 741 return NULL; 742 } 743 744 745 PWELL_KNOWN_SID 746 LsapLookupFullyQualifiedWellKnownName(PUNICODE_STRING AccountName, 747 PUNICODE_STRING DomainName) 748 { 749 PLIST_ENTRY ListEntry; 750 PWELL_KNOWN_SID Ptr; 751 752 ListEntry = WellKnownSidListHead.Flink; 753 while (ListEntry != &WellKnownSidListHead) 754 { 755 Ptr = CONTAINING_RECORD(ListEntry, 756 WELL_KNOWN_SID, 757 ListEntry); 758 if (RtlEqualUnicodeString(AccountName, &Ptr->AccountName, TRUE) && 759 RtlEqualUnicodeString(DomainName, &Ptr->DomainName, TRUE)) 760 { 761 return Ptr; 762 } 763 764 ListEntry = ListEntry->Flink; 765 } 766 767 return NULL; 768 } 769 770 771 static 772 NTSTATUS 773 LsapSplitNames(DWORD Count, 774 PRPC_UNICODE_STRING Names, 775 PRPC_UNICODE_STRING *DomainNames, 776 PRPC_UNICODE_STRING *AccountNames) 777 { 778 PRPC_UNICODE_STRING DomainsBuffer = NULL; 779 PRPC_UNICODE_STRING AccountsBuffer = NULL; 780 ULONG DomainLength; 781 ULONG AccountLength; 782 ULONG i; 783 LPWSTR Ptr; 784 NTSTATUS Status = STATUS_SUCCESS; 785 786 DomainsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING)); 787 if (DomainsBuffer == NULL) 788 { 789 Status = STATUS_INSUFFICIENT_RESOURCES; 790 goto done; 791 } 792 793 AccountsBuffer = MIDL_user_allocate(Count * sizeof(RPC_UNICODE_STRING)); 794 if (AccountsBuffer == NULL) 795 { 796 Status = STATUS_INSUFFICIENT_RESOURCES; 797 goto done; 798 } 799 800 for (i = 0; i < Count; i++) 801 { 802 //TRACE("Name: %wZ\n", &Names[i]); 803 804 Ptr = wcschr(Names[i].Buffer, L'\\'); 805 if (Ptr == NULL) 806 { 807 AccountLength = Names[i].Length / sizeof(WCHAR); 808 809 AccountsBuffer[i].Length = Names[i].Length; 810 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR); 811 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength); 812 if (AccountsBuffer[i].Buffer == NULL) 813 { 814 Status = STATUS_INSUFFICIENT_RESOURCES; 815 goto done; 816 } 817 818 CopyMemory(AccountsBuffer[i].Buffer, 819 Names[i].Buffer, 820 AccountsBuffer[i].Length); 821 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL; 822 823 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]); 824 } 825 else 826 { 827 DomainLength = (ULONG)(ULONG_PTR)(Ptr - Names[i].Buffer); 828 AccountLength = (Names[i].Length / sizeof(WCHAR)) - DomainLength - 1; 829 //TRACE("DomainLength: %u\n", DomainLength); 830 //TRACE("AccountLength: %u\n", AccountLength); 831 832 if (DomainLength > 0) 833 { 834 DomainsBuffer[i].Length = (USHORT)DomainLength * sizeof(WCHAR); 835 DomainsBuffer[i].MaximumLength = DomainsBuffer[i].Length + sizeof(WCHAR); 836 DomainsBuffer[i].Buffer = MIDL_user_allocate(DomainsBuffer[i].MaximumLength); 837 if (DomainsBuffer[i].Buffer == NULL) 838 { 839 Status = STATUS_INSUFFICIENT_RESOURCES; 840 goto done; 841 } 842 843 CopyMemory(DomainsBuffer[i].Buffer, 844 Names[i].Buffer, 845 DomainsBuffer[i].Length); 846 DomainsBuffer[i].Buffer[DomainLength] = UNICODE_NULL; 847 848 //TRACE("Domain name: %wZ\n", &DomainsBuffer[i]); 849 } 850 851 AccountsBuffer[i].Length = (USHORT)AccountLength * sizeof(WCHAR); 852 AccountsBuffer[i].MaximumLength = AccountsBuffer[i].Length + sizeof(WCHAR); 853 AccountsBuffer[i].Buffer = MIDL_user_allocate(AccountsBuffer[i].MaximumLength); 854 if (AccountsBuffer[i].Buffer == NULL) 855 { 856 Status = STATUS_INSUFFICIENT_RESOURCES; 857 goto done; 858 } 859 860 CopyMemory(AccountsBuffer[i].Buffer, 861 &(Names[i].Buffer[DomainLength + 1]), 862 AccountsBuffer[i].Length); 863 AccountsBuffer[i].Buffer[AccountLength] = UNICODE_NULL; 864 865 //TRACE("Account name: %wZ\n", &AccountsBuffer[i]); 866 } 867 } 868 869 done: 870 if (!NT_SUCCESS(Status)) 871 { 872 if (AccountsBuffer != NULL) 873 { 874 for (i = 0; i < Count; i++) 875 { 876 if (AccountsBuffer[i].Buffer != NULL) 877 MIDL_user_free(AccountsBuffer[i].Buffer); 878 } 879 880 MIDL_user_free(AccountsBuffer); 881 } 882 883 if (DomainsBuffer != NULL) 884 { 885 for (i = 0; i < Count; i++) 886 { 887 if (DomainsBuffer[i].Buffer != NULL) 888 MIDL_user_free(DomainsBuffer[i].Buffer); 889 } 890 891 MIDL_user_free(DomainsBuffer); 892 } 893 } 894 else 895 { 896 *DomainNames = DomainsBuffer; 897 *AccountNames = AccountsBuffer; 898 } 899 900 return Status; 901 } 902 903 904 static NTSTATUS 905 LsapAddDomainToDomainsList(PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, 906 PUNICODE_STRING Name, 907 PSID Sid, 908 PULONG Index) 909 { 910 ULONG i; 911 912 i = 0; 913 while (i < ReferencedDomains->Entries && 914 ReferencedDomains->Domains[i].Sid != NULL) 915 { 916 if (RtlEqualSid(Sid, ReferencedDomains->Domains[i].Sid)) 917 { 918 *Index = i; 919 return STATUS_SUCCESS; 920 } 921 922 i++; 923 } 924 925 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(Sid)); 926 if (ReferencedDomains->Domains[i].Sid == NULL) 927 return STATUS_INSUFFICIENT_RESOURCES; 928 929 RtlCopySid(RtlLengthSid(Sid), ReferencedDomains->Domains[i].Sid, Sid); 930 931 ReferencedDomains->Domains[i].Name.Length = Name->Length; 932 ReferencedDomains->Domains[i].Name.MaximumLength = Name->MaximumLength; 933 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(Name->MaximumLength); 934 if (ReferencedDomains->Domains[i].Name.Buffer == NULL) 935 { 936 MIDL_user_free(ReferencedDomains->Domains[i].Sid); 937 ReferencedDomains->Domains[i].Sid = NULL; 938 return STATUS_INSUFFICIENT_RESOURCES; 939 } 940 941 RtlCopyMemory(ReferencedDomains->Domains[i].Name.Buffer, 942 Name->Buffer, 943 Name->MaximumLength); 944 945 ReferencedDomains->Entries++; 946 *Index = i; 947 948 return STATUS_SUCCESS; 949 } 950 951 952 static NTSTATUS 953 LsapAddAuthorityToDomainsList( 954 PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains, 955 PSID Sid, 956 PULONG Index) 957 { 958 SID AuthoritySid; 959 ULONG i; 960 961 RtlInitializeSid(&AuthoritySid, 962 RtlIdentifierAuthoritySid(Sid), 963 0); 964 965 i = 0; 966 while (i < ReferencedDomains->Entries && 967 ReferencedDomains->Domains[i].Sid != NULL) 968 { 969 if (RtlEqualSid(&AuthoritySid, ReferencedDomains->Domains[i].Sid)) 970 { 971 *Index = i; 972 return STATUS_SUCCESS; 973 } 974 975 i++; 976 } 977 978 ReferencedDomains->Domains[i].Sid = MIDL_user_allocate(RtlLengthSid(&AuthoritySid)); 979 if (ReferencedDomains->Domains[i].Sid == NULL) 980 return STATUS_INSUFFICIENT_RESOURCES; 981 982 RtlCopySid(RtlLengthSid(&AuthoritySid), ReferencedDomains->Domains[i].Sid, &AuthoritySid); 983 984 ReferencedDomains->Domains[i].Name.Length = 0; 985 ReferencedDomains->Domains[i].Name.MaximumLength = sizeof(WCHAR); 986 ReferencedDomains->Domains[i].Name.Buffer = MIDL_user_allocate(sizeof(WCHAR)); 987 if (ReferencedDomains->Domains[i].Name.Buffer == NULL) 988 { 989 MIDL_user_free(ReferencedDomains->Domains[i].Sid); 990 ReferencedDomains->Domains[i].Sid = NULL; 991 return STATUS_INSUFFICIENT_RESOURCES; 992 } 993 994 ReferencedDomains->Domains[i].Name.Buffer[0] = UNICODE_NULL; 995 996 ReferencedDomains->Entries++; 997 *Index = i; 998 999 return STATUS_SUCCESS; 1000 } 1001 1002 1003 static BOOLEAN 1004 LsapIsPrefixSid(IN PSID PrefixSid, 1005 IN PSID Sid) 1006 { 1007 PISID Sid1 = PrefixSid, Sid2 = Sid; 1008 ULONG i; 1009 1010 if (Sid1->Revision != Sid2->Revision) 1011 return FALSE; 1012 1013 if ((Sid1->IdentifierAuthority.Value[0] != Sid2->IdentifierAuthority.Value[0]) || 1014 (Sid1->IdentifierAuthority.Value[1] != Sid2->IdentifierAuthority.Value[1]) || 1015 (Sid1->IdentifierAuthority.Value[2] != Sid2->IdentifierAuthority.Value[2]) || 1016 (Sid1->IdentifierAuthority.Value[3] != Sid2->IdentifierAuthority.Value[3]) || 1017 (Sid1->IdentifierAuthority.Value[4] != Sid2->IdentifierAuthority.Value[4]) || 1018 (Sid1->IdentifierAuthority.Value[5] != Sid2->IdentifierAuthority.Value[5])) 1019 return FALSE; 1020 1021 if (Sid1->SubAuthorityCount >= Sid2->SubAuthorityCount) 1022 return FALSE; 1023 1024 if (Sid1->SubAuthorityCount == 0) 1025 return TRUE; 1026 1027 for (i = 0; i < Sid1->SubAuthorityCount; i++) 1028 { 1029 if (Sid1->SubAuthority[i] != Sid2->SubAuthority[i]) 1030 return FALSE; 1031 } 1032 1033 return TRUE; 1034 } 1035 1036 1037 ULONG 1038 LsapGetRelativeIdFromSid(PSID Sid_) 1039 { 1040 PISID Sid = Sid_; 1041 1042 if (Sid->SubAuthorityCount != 0) 1043 return Sid->SubAuthority[Sid->SubAuthorityCount - 1]; 1044 1045 return 0; 1046 } 1047 1048 1049 static PSID 1050 CreateSidFromSidAndRid(PSID SrcSid, 1051 ULONG RelativeId) 1052 { 1053 UCHAR RidCount; 1054 PSID DstSid; 1055 ULONG i; 1056 ULONG DstSidSize; 1057 PULONG p, q; 1058 1059 RidCount = *RtlSubAuthorityCountSid(SrcSid); 1060 if (RidCount >= 8) 1061 return NULL; 1062 1063 DstSidSize = RtlLengthRequiredSid(RidCount + 1); 1064 1065 DstSid = MIDL_user_allocate(DstSidSize); 1066 if (DstSid == NULL) 1067 return NULL; 1068 1069 RtlInitializeSid(DstSid, 1070 RtlIdentifierAuthoritySid(SrcSid), 1071 RidCount + 1); 1072 1073 for (i = 0; i < (ULONG)RidCount; i++) 1074 { 1075 p = RtlSubAuthoritySid(SrcSid, i); 1076 q = RtlSubAuthoritySid(DstSid, i); 1077 *q = *p; 1078 } 1079 1080 q = RtlSubAuthoritySid(DstSid, (ULONG)RidCount); 1081 *q = RelativeId; 1082 1083 return DstSid; 1084 } 1085 1086 1087 static PSID 1088 CreateDomainSidFromAccountSid(PSID AccountSid) 1089 { 1090 UCHAR RidCount; 1091 PSID DomainSid; 1092 ULONG i; 1093 ULONG DstSidSize; 1094 PULONG p, q; 1095 1096 RidCount = *RtlSubAuthorityCountSid(AccountSid); 1097 if (RidCount > 0) 1098 RidCount--; 1099 1100 DstSidSize = RtlLengthRequiredSid(RidCount); 1101 1102 DomainSid = MIDL_user_allocate(DstSidSize); 1103 if (DomainSid == NULL) 1104 return NULL; 1105 1106 RtlInitializeSid(DomainSid, 1107 RtlIdentifierAuthoritySid(AccountSid), 1108 RidCount); 1109 1110 for (i = 0; i < (ULONG)RidCount; i++) 1111 { 1112 p = RtlSubAuthoritySid(AccountSid, i); 1113 q = RtlSubAuthoritySid(DomainSid, i); 1114 *q = *p; 1115 } 1116 1117 return DomainSid; 1118 } 1119 1120 1121 static PSID 1122 LsapCopySid(PSID SrcSid) 1123 { 1124 UCHAR RidCount; 1125 PSID DstSid; 1126 ULONG i; 1127 ULONG DstSidSize; 1128 PULONG p, q; 1129 1130 RidCount = *RtlSubAuthorityCountSid(SrcSid); 1131 DstSidSize = RtlLengthRequiredSid(RidCount); 1132 1133 DstSid = MIDL_user_allocate(DstSidSize); 1134 if (DstSid == NULL) 1135 return NULL; 1136 1137 RtlInitializeSid(DstSid, 1138 RtlIdentifierAuthoritySid(SrcSid), 1139 RidCount); 1140 1141 for (i = 0; i < (ULONG)RidCount; i++) 1142 { 1143 p = RtlSubAuthoritySid(SrcSid, i); 1144 q = RtlSubAuthoritySid(DstSid, i); 1145 *q = *p; 1146 } 1147 1148 return DstSid; 1149 } 1150 1151 1152 static 1153 NTSTATUS 1154 LsapLookupIsolatedNames(DWORD Count, 1155 PRPC_UNICODE_STRING DomainNames, 1156 PRPC_UNICODE_STRING AccountNames, 1157 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1158 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1159 PULONG Mapped) 1160 { 1161 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L""); 1162 PWELL_KNOWN_SID ptr, ptr2; 1163 PSID DomainSid; 1164 ULONG DomainIndex; 1165 ULONG i; 1166 NTSTATUS Status = STATUS_SUCCESS; 1167 1168 for (i = 0; i < Count; i++) 1169 { 1170 /* Ignore names which were already mapped */ 1171 if (SidsBuffer[i].Use != SidTypeUnknown) 1172 continue; 1173 1174 /* Ignore fully qualified account names */ 1175 if (DomainNames[i].Length != 0) 1176 continue; 1177 1178 TRACE("Mapping name: %wZ\n", &AccountNames[i]); 1179 1180 /* Look-up all well-known names */ 1181 ptr = LsapLookupIsolatedWellKnownName((PUNICODE_STRING)&AccountNames[i]); 1182 if (ptr != NULL) 1183 { 1184 SidsBuffer[i].Use = ptr->Use; 1185 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid); 1186 if (SidsBuffer[i].Sid == NULL) 1187 { 1188 Status = STATUS_INSUFFICIENT_RESOURCES; 1189 goto done; 1190 } 1191 1192 SidsBuffer[i].DomainIndex = -1; 1193 SidsBuffer[i].Flags = 0; 1194 1195 if (ptr->Use == SidTypeDomain) 1196 { 1197 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1198 &ptr->AccountName, 1199 ptr->Sid, 1200 &DomainIndex); 1201 if (!NT_SUCCESS(Status)) 1202 goto done; 1203 1204 SidsBuffer[i].DomainIndex = DomainIndex; 1205 } 1206 else 1207 { 1208 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName); 1209 if (ptr2 != NULL) 1210 { 1211 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1212 &ptr2->AccountName, 1213 ptr2->Sid, 1214 &DomainIndex); 1215 if (!NT_SUCCESS(Status)) 1216 goto done; 1217 1218 SidsBuffer[i].DomainIndex = DomainIndex; 1219 } 1220 else 1221 { 1222 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid); 1223 if (DomainSid == NULL) 1224 { 1225 Status = STATUS_INSUFFICIENT_RESOURCES; 1226 goto done; 1227 } 1228 1229 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1230 &EmptyDomainName, 1231 DomainSid, 1232 &DomainIndex); 1233 1234 if (DomainSid != NULL) 1235 { 1236 MIDL_user_free(DomainSid); 1237 DomainSid = NULL; 1238 } 1239 1240 if (!NT_SUCCESS(Status)) 1241 goto done; 1242 1243 SidsBuffer[i].DomainIndex = DomainIndex; 1244 } 1245 } 1246 1247 (*Mapped)++; 1248 continue; 1249 } 1250 1251 /* Look-up the built-in domain */ 1252 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &BuiltinDomainName, TRUE)) 1253 { 1254 SidsBuffer[i].Use = SidTypeDomain; 1255 SidsBuffer[i].Sid = LsapCopySid(BuiltinDomainSid); 1256 if (SidsBuffer[i].Sid == NULL) 1257 { 1258 Status = STATUS_INSUFFICIENT_RESOURCES; 1259 goto done; 1260 } 1261 1262 SidsBuffer[i].DomainIndex = -1; 1263 SidsBuffer[i].Flags = 0; 1264 1265 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1266 &BuiltinDomainName, 1267 BuiltinDomainSid, 1268 &DomainIndex); 1269 if (!NT_SUCCESS(Status)) 1270 goto done; 1271 1272 SidsBuffer[i].DomainIndex = DomainIndex; 1273 1274 (*Mapped)++; 1275 continue; 1276 } 1277 1278 /* Look-up the account domain */ 1279 if (RtlEqualUnicodeString((PUNICODE_STRING)&AccountNames[i], &AccountDomainName, TRUE)) 1280 { 1281 SidsBuffer[i].Use = SidTypeDomain; 1282 SidsBuffer[i].Sid = LsapCopySid(AccountDomainSid); 1283 if (SidsBuffer[i].Sid == NULL) 1284 { 1285 Status = STATUS_INSUFFICIENT_RESOURCES; 1286 goto done; 1287 } 1288 SidsBuffer[i].DomainIndex = -1; 1289 SidsBuffer[i].Flags = 0; 1290 1291 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1292 &AccountDomainName, 1293 AccountDomainSid, 1294 &DomainIndex); 1295 if (!NT_SUCCESS(Status)) 1296 goto done; 1297 1298 SidsBuffer[i].DomainIndex = DomainIndex; 1299 1300 (*Mapped)++; 1301 continue; 1302 } 1303 1304 /* FIXME: Look-up the primary domain */ 1305 1306 /* FIXME: Look-up the trusted domains */ 1307 1308 } 1309 1310 done: 1311 1312 return Status; 1313 } 1314 1315 1316 static 1317 NTSTATUS 1318 LsapLookupIsolatedBuiltinNames(DWORD Count, 1319 PRPC_UNICODE_STRING DomainNames, 1320 PRPC_UNICODE_STRING AccountNames, 1321 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1322 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1323 PULONG Mapped) 1324 { 1325 SAMPR_HANDLE ServerHandle = NULL; 1326 SAMPR_HANDLE DomainHandle = NULL; 1327 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL}; 1328 SAMPR_ULONG_ARRAY Use = {0, NULL}; 1329 ULONG DomainIndex; 1330 ULONG i; 1331 NTSTATUS Status = STATUS_SUCCESS; 1332 1333 Status = SamrConnect(NULL, 1334 &ServerHandle, 1335 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 1336 if (!NT_SUCCESS(Status)) 1337 { 1338 TRACE("SamrConnect failed (Status %08lx)\n", Status); 1339 goto done; 1340 } 1341 1342 Status = SamrOpenDomain(ServerHandle, 1343 DOMAIN_LOOKUP, 1344 BuiltinDomainSid, 1345 &DomainHandle); 1346 if (!NT_SUCCESS(Status)) 1347 { 1348 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 1349 goto done; 1350 } 1351 1352 for (i = 0; i < Count; i++) 1353 { 1354 /* Ignore names which were already mapped */ 1355 if (SidsBuffer[i].Use != SidTypeUnknown) 1356 continue; 1357 1358 /* Ignore fully qualified account names */ 1359 if (DomainNames[i].Length != 0) 1360 continue; 1361 1362 TRACE("Mapping name: %wZ\n", &AccountNames[i]); 1363 1364 Status = SamrLookupNamesInDomain(DomainHandle, 1365 1, 1366 &AccountNames[i], 1367 &RelativeIds, 1368 &Use); 1369 if (NT_SUCCESS(Status)) 1370 { 1371 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]); 1372 1373 SidsBuffer[i].Use = Use.Element[0]; 1374 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid, 1375 RelativeIds.Element[0]); 1376 if (SidsBuffer[i].Sid == NULL) 1377 { 1378 Status = STATUS_INSUFFICIENT_RESOURCES; 1379 goto done; 1380 } 1381 1382 SidsBuffer[i].DomainIndex = -1; 1383 SidsBuffer[i].Flags = 0; 1384 1385 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1386 &BuiltinDomainName, 1387 BuiltinDomainSid, 1388 &DomainIndex); 1389 if (!NT_SUCCESS(Status)) 1390 goto done; 1391 1392 SidsBuffer[i].DomainIndex = DomainIndex; 1393 1394 (*Mapped)++; 1395 } 1396 1397 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds); 1398 SamIFree_SAMPR_ULONG_ARRAY(&Use); 1399 } 1400 1401 done: 1402 if (DomainHandle != NULL) 1403 SamrCloseHandle(&DomainHandle); 1404 1405 if (ServerHandle != NULL) 1406 SamrCloseHandle(&ServerHandle); 1407 1408 return Status; 1409 } 1410 1411 1412 static 1413 NTSTATUS 1414 LsapLookupIsolatedAccountNames(DWORD Count, 1415 PRPC_UNICODE_STRING DomainNames, 1416 PRPC_UNICODE_STRING AccountNames, 1417 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1418 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1419 PULONG Mapped) 1420 { 1421 SAMPR_HANDLE ServerHandle = NULL; 1422 SAMPR_HANDLE DomainHandle = NULL; 1423 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL}; 1424 SAMPR_ULONG_ARRAY Use = {0, NULL}; 1425 ULONG DomainIndex; 1426 ULONG i; 1427 NTSTATUS Status = STATUS_SUCCESS; 1428 1429 TRACE("()\n"); 1430 1431 Status = SamrConnect(NULL, 1432 &ServerHandle, 1433 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 1434 if (!NT_SUCCESS(Status)) 1435 { 1436 TRACE("SamrConnect failed (Status %08lx)\n", Status); 1437 goto done; 1438 } 1439 1440 Status = SamrOpenDomain(ServerHandle, 1441 DOMAIN_LOOKUP, 1442 AccountDomainSid, 1443 &DomainHandle); 1444 if (!NT_SUCCESS(Status)) 1445 { 1446 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 1447 goto done; 1448 } 1449 1450 for (i = 0; i < Count; i++) 1451 { 1452 /* Ignore names which were already mapped */ 1453 if (SidsBuffer[i].Use != SidTypeUnknown) 1454 continue; 1455 1456 /* Ignore fully qualified account names */ 1457 if (DomainNames[i].Length != 0) 1458 continue; 1459 1460 TRACE("Mapping name: %wZ\n", &AccountNames[i]); 1461 1462 Status = SamrLookupNamesInDomain(DomainHandle, 1463 1, 1464 &AccountNames[i], 1465 &RelativeIds, 1466 &Use); 1467 if (NT_SUCCESS(Status)) 1468 { 1469 TRACE("Found relative ID: %lu\n", RelativeIds.Element[0]); 1470 1471 SidsBuffer[i].Use = Use.Element[0]; 1472 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid, 1473 RelativeIds.Element[0]); 1474 if (SidsBuffer[i].Sid == NULL) 1475 { 1476 Status = STATUS_INSUFFICIENT_RESOURCES; 1477 goto done; 1478 } 1479 1480 SidsBuffer[i].DomainIndex = -1; 1481 SidsBuffer[i].Flags = 0; 1482 1483 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1484 &AccountDomainName, 1485 AccountDomainSid, 1486 &DomainIndex); 1487 if (!NT_SUCCESS(Status)) 1488 goto done; 1489 1490 SidsBuffer[i].DomainIndex = DomainIndex; 1491 1492 (*Mapped)++; 1493 } 1494 1495 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds); 1496 SamIFree_SAMPR_ULONG_ARRAY(&Use); 1497 } 1498 1499 done: 1500 if (DomainHandle != NULL) 1501 SamrCloseHandle(&DomainHandle); 1502 1503 if (ServerHandle != NULL) 1504 SamrCloseHandle(&ServerHandle); 1505 1506 return Status; 1507 } 1508 1509 1510 static 1511 NTSTATUS 1512 LsapLookupFullyQualifiedWellKnownNames(DWORD Count, 1513 PRPC_UNICODE_STRING DomainNames, 1514 PRPC_UNICODE_STRING AccountNames, 1515 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1516 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1517 PULONG Mapped) 1518 { 1519 UNICODE_STRING EmptyDomainName = RTL_CONSTANT_STRING(L""); 1520 PWELL_KNOWN_SID ptr, ptr2; 1521 PSID DomainSid; 1522 ULONG DomainIndex; 1523 ULONG i; 1524 NTSTATUS Status = STATUS_SUCCESS; 1525 1526 for (i = 0; i < Count; i++) 1527 { 1528 /* Ignore names which were already mapped */ 1529 if (SidsBuffer[i].Use != SidTypeUnknown) 1530 continue; 1531 1532 /* Ignore isolated account names */ 1533 if (DomainNames[i].Length == 0) 1534 continue; 1535 1536 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]); 1537 1538 /* Look-up all well-known names */ 1539 ptr = LsapLookupFullyQualifiedWellKnownName((PUNICODE_STRING)&AccountNames[i], 1540 (PUNICODE_STRING)&DomainNames[i]); 1541 if (ptr != NULL) 1542 { 1543 TRACE("Found it! (%wZ\\%wZ)\n", &ptr->DomainName, &ptr->AccountName); 1544 1545 SidsBuffer[i].Use = ptr->Use; 1546 SidsBuffer[i].Sid = LsapCopySid(ptr->Sid); 1547 if (SidsBuffer[i].Sid == NULL) 1548 { 1549 Status = STATUS_INSUFFICIENT_RESOURCES; 1550 goto done; 1551 } 1552 1553 SidsBuffer[i].DomainIndex = -1; 1554 SidsBuffer[i].Flags = 0; 1555 1556 if (ptr->Use == SidTypeDomain) 1557 { 1558 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1559 &ptr->AccountName, 1560 ptr->Sid, 1561 &DomainIndex); 1562 if (!NT_SUCCESS(Status)) 1563 goto done; 1564 1565 SidsBuffer[i].DomainIndex = DomainIndex; 1566 } 1567 else 1568 { 1569 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName); 1570 if (ptr2 != NULL) 1571 { 1572 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1573 &ptr2->AccountName, 1574 ptr2->Sid, 1575 &DomainIndex); 1576 if (!NT_SUCCESS(Status)) 1577 goto done; 1578 1579 SidsBuffer[i].DomainIndex = DomainIndex; 1580 } 1581 else 1582 { 1583 DomainSid = CreateDomainSidFromAccountSid(ptr->Sid); 1584 if (DomainSid == NULL) 1585 { 1586 Status = STATUS_INSUFFICIENT_RESOURCES; 1587 goto done; 1588 } 1589 1590 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1591 &EmptyDomainName, 1592 DomainSid, 1593 &DomainIndex); 1594 1595 if (DomainSid != NULL) 1596 { 1597 MIDL_user_free(DomainSid); 1598 DomainSid = NULL; 1599 } 1600 1601 if (!NT_SUCCESS(Status)) 1602 goto done; 1603 1604 SidsBuffer[i].DomainIndex = DomainIndex; 1605 } 1606 } 1607 1608 (*Mapped)++; 1609 continue; 1610 } 1611 } 1612 1613 done: 1614 return Status; 1615 } 1616 1617 1618 static 1619 NTSTATUS 1620 LsapLookupBuiltinNames(DWORD Count, 1621 PRPC_UNICODE_STRING DomainNames, 1622 PRPC_UNICODE_STRING AccountNames, 1623 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1624 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1625 PULONG Mapped) 1626 { 1627 SAMPR_HANDLE ServerHandle = NULL; 1628 SAMPR_HANDLE DomainHandle = NULL; 1629 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL}; 1630 SAMPR_ULONG_ARRAY Use = {0, NULL}; 1631 ULONG DomainIndex; 1632 ULONG i; 1633 NTSTATUS Status = STATUS_SUCCESS; 1634 1635 Status = SamrConnect(NULL, 1636 &ServerHandle, 1637 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 1638 if (!NT_SUCCESS(Status)) 1639 { 1640 TRACE("SamrConnect failed (Status %08lx)\n", Status); 1641 goto done; 1642 } 1643 1644 Status = SamrOpenDomain(ServerHandle, 1645 DOMAIN_LOOKUP, 1646 BuiltinDomainSid, 1647 &DomainHandle); 1648 if (!NT_SUCCESS(Status)) 1649 { 1650 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 1651 goto done; 1652 } 1653 1654 for (i = 0; i < Count; i++) 1655 { 1656 /* Ignore names which were already mapped */ 1657 if (SidsBuffer[i].Use != SidTypeUnknown) 1658 continue; 1659 1660 /* Ignore isolated account names */ 1661 if (DomainNames[i].Length == 0) 1662 continue; 1663 1664 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &BuiltinDomainName, TRUE)) 1665 continue; 1666 1667 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]); 1668 1669 Status = SamrLookupNamesInDomain(DomainHandle, 1670 1, 1671 &AccountNames[i], 1672 &RelativeIds, 1673 &Use); 1674 if (NT_SUCCESS(Status)) 1675 { 1676 SidsBuffer[i].Use = Use.Element[0]; 1677 SidsBuffer[i].Sid = CreateSidFromSidAndRid(BuiltinDomainSid, 1678 RelativeIds.Element[0]); 1679 if (SidsBuffer[i].Sid == NULL) 1680 { 1681 Status = STATUS_INSUFFICIENT_RESOURCES; 1682 goto done; 1683 } 1684 1685 SidsBuffer[i].DomainIndex = -1; 1686 SidsBuffer[i].Flags = 0; 1687 1688 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1689 &BuiltinDomainName, 1690 BuiltinDomainSid, 1691 &DomainIndex); 1692 if (!NT_SUCCESS(Status)) 1693 goto done; 1694 1695 SidsBuffer[i].DomainIndex = DomainIndex; 1696 1697 (*Mapped)++; 1698 } 1699 1700 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds); 1701 SamIFree_SAMPR_ULONG_ARRAY(&Use); 1702 } 1703 1704 done: 1705 if (DomainHandle != NULL) 1706 SamrCloseHandle(&DomainHandle); 1707 1708 if (ServerHandle != NULL) 1709 SamrCloseHandle(&ServerHandle); 1710 1711 return Status; 1712 } 1713 1714 1715 static 1716 NTSTATUS 1717 LsapLookupAccountNames(DWORD Count, 1718 PRPC_UNICODE_STRING DomainNames, 1719 PRPC_UNICODE_STRING AccountNames, 1720 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 1721 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer, 1722 PULONG Mapped) 1723 { 1724 SAMPR_HANDLE ServerHandle = NULL; 1725 SAMPR_HANDLE DomainHandle = NULL; 1726 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL}; 1727 SAMPR_ULONG_ARRAY Use = {0, NULL}; 1728 ULONG DomainIndex; 1729 ULONG i; 1730 NTSTATUS Status = STATUS_SUCCESS; 1731 1732 Status = SamrConnect(NULL, 1733 &ServerHandle, 1734 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 1735 if (!NT_SUCCESS(Status)) 1736 { 1737 TRACE("SamrConnect failed (Status %08lx)\n", Status); 1738 goto done; 1739 } 1740 1741 Status = SamrOpenDomain(ServerHandle, 1742 DOMAIN_LOOKUP, 1743 AccountDomainSid, 1744 &DomainHandle); 1745 if (!NT_SUCCESS(Status)) 1746 { 1747 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 1748 goto done; 1749 } 1750 1751 for (i = 0; i < Count; i++) 1752 { 1753 /* Ignore names which were already mapped */ 1754 if (SidsBuffer[i].Use != SidTypeUnknown) 1755 continue; 1756 1757 /* Ignore isolated account names */ 1758 if (DomainNames[i].Length == 0) 1759 continue; 1760 1761 if (!RtlEqualUnicodeString((PUNICODE_STRING)&DomainNames[i], &AccountDomainName, TRUE)) 1762 continue; 1763 1764 TRACE("Mapping name: %wZ\\%wZ\n", &DomainNames[i], &AccountNames[i]); 1765 1766 Status = SamrLookupNamesInDomain(DomainHandle, 1767 1, 1768 &AccountNames[i], 1769 &RelativeIds, 1770 &Use); 1771 if (NT_SUCCESS(Status)) 1772 { 1773 SidsBuffer[i].Use = Use.Element[0]; 1774 SidsBuffer[i].Sid = CreateSidFromSidAndRid(AccountDomainSid, 1775 RelativeIds.Element[0]); 1776 if (SidsBuffer[i].Sid == NULL) 1777 { 1778 Status = STATUS_INSUFFICIENT_RESOURCES; 1779 goto done; 1780 } 1781 1782 SidsBuffer[i].DomainIndex = -1; 1783 SidsBuffer[i].Flags = 0; 1784 1785 Status = LsapAddDomainToDomainsList(DomainsBuffer, 1786 &AccountDomainName, 1787 AccountDomainSid, 1788 &DomainIndex); 1789 if (!NT_SUCCESS(Status)) 1790 goto done; 1791 1792 SidsBuffer[i].DomainIndex = DomainIndex; 1793 1794 (*Mapped)++; 1795 } 1796 1797 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds); 1798 SamIFree_SAMPR_ULONG_ARRAY(&Use); 1799 } 1800 1801 done: 1802 if (DomainHandle != NULL) 1803 SamrCloseHandle(&DomainHandle); 1804 1805 if (ServerHandle != NULL) 1806 SamrCloseHandle(&ServerHandle); 1807 1808 return Status; 1809 } 1810 1811 1812 NTSTATUS 1813 LsapLookupNames(DWORD Count, 1814 PRPC_UNICODE_STRING Names, 1815 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, 1816 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, 1817 LSAP_LOOKUP_LEVEL LookupLevel, 1818 DWORD *MappedCount, 1819 DWORD LookupOptions, 1820 DWORD ClientRevision) 1821 { 1822 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL; 1823 PLSAPR_TRANSLATED_SID_EX2 SidsBuffer = NULL; 1824 PRPC_UNICODE_STRING DomainNames = NULL; 1825 PRPC_UNICODE_STRING AccountNames = NULL; 1826 ULONG SidsBufferLength; 1827 ULONG i; 1828 ULONG Mapped = 0; 1829 NTSTATUS Status = STATUS_SUCCESS; 1830 1831 //TRACE("()\n"); 1832 1833 TranslatedSids->Entries = 0; 1834 TranslatedSids->Sids = NULL; 1835 *ReferencedDomains = NULL; 1836 1837 SidsBufferLength = Count * sizeof(LSAPR_TRANSLATED_SID_EX2); 1838 SidsBuffer = MIDL_user_allocate(SidsBufferLength); 1839 if (SidsBuffer == NULL) 1840 { 1841 //TRACE("\n"); 1842 Status = STATUS_INSUFFICIENT_RESOURCES; 1843 goto done; 1844 } 1845 1846 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST)); 1847 if (DomainsBuffer == NULL) 1848 { 1849 //TRACE("\n"); 1850 Status = STATUS_INSUFFICIENT_RESOURCES; 1851 goto done; 1852 } 1853 1854 DomainsBuffer->Domains = MIDL_user_allocate(Count * sizeof(LSA_TRUST_INFORMATION)); 1855 if (DomainsBuffer->Domains == NULL) 1856 { 1857 //TRACE("\n"); 1858 Status = STATUS_INSUFFICIENT_RESOURCES; 1859 goto done; 1860 } 1861 DomainsBuffer->Entries = 0; 1862 DomainsBuffer->MaxEntries = Count; 1863 1864 for (i = 0; i < Count; i++) 1865 { 1866 SidsBuffer[i].Use = SidTypeUnknown; 1867 SidsBuffer[i].Sid = NULL; 1868 SidsBuffer[i].DomainIndex = -1; 1869 SidsBuffer[i].Flags = 0; 1870 } 1871 1872 Status = LsapSplitNames(Count, 1873 Names, 1874 &DomainNames, 1875 &AccountNames); 1876 if (!NT_SUCCESS(Status)) 1877 { 1878 TRACE("LsapSplitNames failed! (Status %lx)\n", Status); 1879 goto done; 1880 } 1881 1882 1883 Status = LsapLookupIsolatedNames(Count, 1884 DomainNames, 1885 AccountNames, 1886 DomainsBuffer, 1887 SidsBuffer, 1888 &Mapped); 1889 if (!NT_SUCCESS(Status) && 1890 Status != STATUS_NONE_MAPPED && 1891 Status != STATUS_SOME_NOT_MAPPED) 1892 { 1893 TRACE("LsapLookupIsolatedNames failed! (Status %lx)\n", Status); 1894 goto done; 1895 } 1896 1897 if (Mapped == Count) 1898 goto done; 1899 1900 1901 Status = LsapLookupIsolatedBuiltinNames(Count, 1902 DomainNames, 1903 AccountNames, 1904 DomainsBuffer, 1905 SidsBuffer, 1906 &Mapped); 1907 if (!NT_SUCCESS(Status) && 1908 Status != STATUS_NONE_MAPPED && 1909 Status != STATUS_SOME_NOT_MAPPED) 1910 { 1911 TRACE("LsapLookupIsolatedBuiltinNames failed! (Status %lx)\n", Status); 1912 goto done; 1913 } 1914 1915 if (Mapped == Count) 1916 goto done; 1917 1918 1919 Status = LsapLookupIsolatedAccountNames(Count, 1920 DomainNames, 1921 AccountNames, 1922 DomainsBuffer, 1923 SidsBuffer, 1924 &Mapped); 1925 if (!NT_SUCCESS(Status) && 1926 Status != STATUS_NONE_MAPPED && 1927 Status != STATUS_SOME_NOT_MAPPED) 1928 { 1929 TRACE("LsapLookupIsolatedAccountNames failed! (Status %lx)\n", Status); 1930 goto done; 1931 } 1932 1933 if (Mapped == Count) 1934 goto done; 1935 1936 Status = LsapLookupFullyQualifiedWellKnownNames(Count, 1937 DomainNames, 1938 AccountNames, 1939 DomainsBuffer, 1940 SidsBuffer, 1941 &Mapped); 1942 if (!NT_SUCCESS(Status) && 1943 Status != STATUS_NONE_MAPPED && 1944 Status != STATUS_SOME_NOT_MAPPED) 1945 { 1946 TRACE("LsapLookupFullyQualifiedWellKnownNames failed! (Status %lx)\n", Status); 1947 goto done; 1948 } 1949 1950 if (Mapped == Count) 1951 goto done; 1952 1953 Status = LsapLookupBuiltinNames(Count, 1954 DomainNames, 1955 AccountNames, 1956 DomainsBuffer, 1957 SidsBuffer, 1958 &Mapped); 1959 if (!NT_SUCCESS(Status) && 1960 Status != STATUS_NONE_MAPPED && 1961 Status != STATUS_SOME_NOT_MAPPED) 1962 { 1963 TRACE("LsapLookupBuiltinNames failed! (Status %lx)\n", Status); 1964 goto done; 1965 } 1966 1967 if (Mapped == Count) 1968 goto done; 1969 1970 1971 Status = LsapLookupAccountNames(Count, 1972 DomainNames, 1973 AccountNames, 1974 DomainsBuffer, 1975 SidsBuffer, 1976 &Mapped); 1977 if (!NT_SUCCESS(Status) && 1978 Status != STATUS_NONE_MAPPED && 1979 Status != STATUS_SOME_NOT_MAPPED) 1980 { 1981 TRACE("LsapLookupAccountNames failed! (Status %lx)\n", Status); 1982 goto done; 1983 } 1984 1985 if (Mapped == Count) 1986 goto done; 1987 1988 done: 1989 // TRACE("done: Status %lx\n", Status); 1990 1991 if (DomainNames != NULL) 1992 { 1993 //TRACE("Free DomainNames\n"); 1994 for (i = 0; i < Count; i++) 1995 { 1996 if (DomainNames[i].Buffer != NULL) 1997 MIDL_user_free(DomainNames[i].Buffer); 1998 } 1999 2000 MIDL_user_free(DomainNames); 2001 } 2002 2003 if (AccountNames != NULL) 2004 { 2005 //TRACE("Free AccountNames\n"); 2006 for (i = 0; i < Count; i++) 2007 { 2008 //TRACE("i: %lu\n", i); 2009 if (AccountNames[i].Buffer != NULL) 2010 { 2011 MIDL_user_free(AccountNames[i].Buffer); 2012 } 2013 } 2014 2015 MIDL_user_free(AccountNames); 2016 } 2017 2018 if (!NT_SUCCESS(Status)) 2019 { 2020 //TRACE("Failure!\n"); 2021 2022 //TRACE("Free DomainsBuffer\n"); 2023 if (DomainsBuffer != NULL) 2024 { 2025 if (DomainsBuffer->Domains != NULL) 2026 MIDL_user_free(DomainsBuffer->Domains); 2027 2028 MIDL_user_free(DomainsBuffer); 2029 } 2030 2031 //TRACE("Free SidsBuffer\n"); 2032 if (SidsBuffer != NULL) 2033 MIDL_user_free(SidsBuffer); 2034 } 2035 else 2036 { 2037 //TRACE("Success!\n"); 2038 2039 *ReferencedDomains = DomainsBuffer; 2040 TranslatedSids->Entries = Count; 2041 TranslatedSids->Sids = SidsBuffer; 2042 *MappedCount = Mapped; 2043 2044 if (Mapped == 0) 2045 Status = STATUS_NONE_MAPPED; 2046 else if (Mapped < Count) 2047 Status = STATUS_SOME_NOT_MAPPED; 2048 } 2049 2050 // TRACE("done: Status %lx\n", Status); 2051 2052 return Status; 2053 } 2054 2055 2056 static NTSTATUS 2057 LsapLookupWellKnownSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, 2058 PLSAPR_TRANSLATED_NAME_EX NamesBuffer, 2059 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 2060 PULONG Mapped) 2061 { 2062 PWELL_KNOWN_SID ptr, ptr2; 2063 LPWSTR SidString = NULL; 2064 ULONG DomainIndex; 2065 ULONG i; 2066 NTSTATUS Status = STATUS_SUCCESS; 2067 2068 for (i = 0; i < SidEnumBuffer->Entries; i++) 2069 { 2070 /* Ignore SIDs which are already mapped */ 2071 if (NamesBuffer[i].Use != SidTypeUnknown) 2072 continue; 2073 2074 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString); 2075 TRACE("Mapping SID: %S\n", SidString); 2076 LocalFree(SidString); 2077 SidString = NULL; 2078 2079 ptr = LsapLookupWellKnownSid(SidEnumBuffer->SidInfo[i].Sid); 2080 if (ptr != NULL) 2081 { 2082 NamesBuffer[i].Use = ptr->Use; 2083 NamesBuffer[i].Flags = 0; 2084 2085 NamesBuffer[i].Name.Length = ptr->AccountName.Length; 2086 NamesBuffer[i].Name.MaximumLength = ptr->AccountName.MaximumLength; 2087 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(ptr->AccountName.MaximumLength); 2088 if (NamesBuffer[i].Name.Buffer == NULL) 2089 { 2090 Status = STATUS_INSUFFICIENT_RESOURCES; 2091 goto done; 2092 } 2093 2094 RtlCopyMemory(NamesBuffer[i].Name.Buffer, ptr->AccountName.Buffer, ptr->AccountName.MaximumLength); 2095 2096 if (ptr->DomainName.Length == 0) 2097 { 2098 Status = LsapAddAuthorityToDomainsList(DomainsBuffer, 2099 SidEnumBuffer->SidInfo[i].Sid, 2100 &DomainIndex); 2101 if (!NT_SUCCESS(Status)) 2102 goto done; 2103 2104 NamesBuffer[i].DomainIndex = DomainIndex; 2105 } 2106 else 2107 { 2108 ptr2= LsapLookupIsolatedWellKnownName(&ptr->DomainName); 2109 if (ptr2 != NULL) 2110 { 2111 Status = LsapAddDomainToDomainsList(DomainsBuffer, 2112 &ptr2->AccountName, 2113 ptr2->Sid, 2114 &DomainIndex); 2115 if (!NT_SUCCESS(Status)) 2116 goto done; 2117 2118 NamesBuffer[i].DomainIndex = DomainIndex; 2119 } 2120 } 2121 2122 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name); 2123 2124 (*Mapped)++; 2125 } 2126 } 2127 2128 done: 2129 return Status; 2130 } 2131 2132 2133 static NTSTATUS 2134 LsapLookupBuiltinDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, 2135 PLSAPR_TRANSLATED_NAME_EX NamesBuffer, 2136 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 2137 PULONG Mapped) 2138 { 2139 SAMPR_HANDLE ServerHandle = NULL; 2140 SAMPR_HANDLE DomainHandle = NULL; 2141 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL}; 2142 SAMPR_ULONG_ARRAY Use = {0, NULL}; 2143 LPWSTR SidString = NULL; 2144 ULONG DomainIndex; 2145 ULONG RelativeIds[1]; 2146 ULONG i; 2147 NTSTATUS Status = STATUS_SUCCESS; 2148 2149 Status = SamrConnect(NULL, 2150 &ServerHandle, 2151 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 2152 if (!NT_SUCCESS(Status)) 2153 { 2154 TRACE("SamrConnect failed (Status %08lx)\n", Status); 2155 goto done; 2156 } 2157 2158 Status = SamrOpenDomain(ServerHandle, 2159 DOMAIN_LOOKUP, 2160 BuiltinDomainSid, 2161 &DomainHandle); 2162 if (!NT_SUCCESS(Status)) 2163 { 2164 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 2165 goto done; 2166 } 2167 2168 for (i = 0; i < SidEnumBuffer->Entries; i++) 2169 { 2170 /* Ignore SIDs which are already mapped */ 2171 if (NamesBuffer[i].Use != SidTypeUnknown) 2172 continue; 2173 2174 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString); 2175 TRACE("Mapping SID: %S\n", SidString); 2176 LocalFree(SidString); 2177 SidString = NULL; 2178 2179 if (RtlEqualSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid)) 2180 { 2181 TRACE("Found builtin domain!\n"); 2182 2183 NamesBuffer[i].Use = SidTypeDomain; 2184 NamesBuffer[i].Flags = 0; 2185 2186 NamesBuffer[i].Name.Length = BuiltinDomainName.Length; 2187 NamesBuffer[i].Name.MaximumLength = BuiltinDomainName.MaximumLength; 2188 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(BuiltinDomainName.MaximumLength); 2189 if (NamesBuffer[i].Name.Buffer == NULL) 2190 { 2191 Status = STATUS_INSUFFICIENT_RESOURCES; 2192 goto done; 2193 } 2194 2195 RtlCopyMemory(NamesBuffer[i].Name.Buffer, BuiltinDomainName.Buffer, BuiltinDomainName.MaximumLength); 2196 2197 Status = LsapAddDomainToDomainsList(DomainsBuffer, 2198 &BuiltinDomainName, 2199 BuiltinDomainSid, 2200 &DomainIndex); 2201 if (!NT_SUCCESS(Status)) 2202 goto done; 2203 2204 NamesBuffer[i].DomainIndex = DomainIndex; 2205 2206 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name); 2207 2208 (*Mapped)++; 2209 } 2210 else if (LsapIsPrefixSid(BuiltinDomainSid, SidEnumBuffer->SidInfo[i].Sid)) 2211 { 2212 TRACE("Found builtin domain account!\n"); 2213 2214 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid); 2215 2216 Status = SamrLookupIdsInDomain(DomainHandle, 2217 1, 2218 RelativeIds, 2219 &Names, 2220 &Use); 2221 if (NT_SUCCESS(Status)) 2222 { 2223 NamesBuffer[i].Use = Use.Element[0]; 2224 NamesBuffer[i].Flags = 0; 2225 2226 NamesBuffer[i].Name.Length = Names.Element[0].Length; 2227 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength; 2228 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength); 2229 if (NamesBuffer[i].Name.Buffer == NULL) 2230 { 2231 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names); 2232 SamIFree_SAMPR_ULONG_ARRAY(&Use); 2233 2234 Status = STATUS_INSUFFICIENT_RESOURCES; 2235 goto done; 2236 } 2237 2238 RtlCopyMemory(NamesBuffer[i].Name.Buffer, 2239 Names.Element[0].Buffer, 2240 Names.Element[0].MaximumLength); 2241 2242 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names); 2243 SamIFree_SAMPR_ULONG_ARRAY(&Use); 2244 2245 Status = LsapAddDomainToDomainsList(DomainsBuffer, 2246 &BuiltinDomainName, 2247 BuiltinDomainSid, 2248 &DomainIndex); 2249 if (!NT_SUCCESS(Status)) 2250 goto done; 2251 2252 NamesBuffer[i].DomainIndex = DomainIndex; 2253 2254 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name); 2255 2256 (*Mapped)++; 2257 } 2258 } 2259 } 2260 2261 done: 2262 if (DomainHandle != NULL) 2263 SamrCloseHandle(&DomainHandle); 2264 2265 if (ServerHandle != NULL) 2266 SamrCloseHandle(&ServerHandle); 2267 2268 return Status; 2269 } 2270 2271 2272 static NTSTATUS 2273 LsapLookupAccountDomainSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, 2274 PLSAPR_TRANSLATED_NAME_EX NamesBuffer, 2275 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer, 2276 PULONG Mapped) 2277 { 2278 SAMPR_HANDLE ServerHandle = NULL; 2279 SAMPR_HANDLE DomainHandle = NULL; 2280 SAMPR_RETURNED_USTRING_ARRAY Names = {0, NULL}; 2281 SAMPR_ULONG_ARRAY Use = {0, NULL}; 2282 LPWSTR SidString = NULL; 2283 ULONG DomainIndex; 2284 ULONG RelativeIds[1]; 2285 ULONG i; 2286 NTSTATUS Status = STATUS_SUCCESS; 2287 2288 Status = SamrConnect(NULL, 2289 &ServerHandle, 2290 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN); 2291 if (!NT_SUCCESS(Status)) 2292 { 2293 TRACE("SamrConnect failed (Status %08lx)\n", Status); 2294 goto done; 2295 } 2296 2297 Status = SamrOpenDomain(ServerHandle, 2298 DOMAIN_LOOKUP, 2299 AccountDomainSid, 2300 &DomainHandle); 2301 if (!NT_SUCCESS(Status)) 2302 { 2303 TRACE("SamOpenDomain failed (Status %08lx)\n", Status); 2304 goto done; 2305 } 2306 2307 for (i = 0; i < SidEnumBuffer->Entries; i++) 2308 { 2309 /* Ignore SIDs which are already mapped */ 2310 if (NamesBuffer[i].Use != SidTypeUnknown) 2311 continue; 2312 2313 ConvertSidToStringSidW(SidEnumBuffer->SidInfo[i].Sid, &SidString); 2314 TRACE("Mapping SID: %S\n", SidString); 2315 LocalFree(SidString); 2316 SidString = NULL; 2317 2318 if (RtlEqualSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid)) 2319 { 2320 TRACE("Found account domain!\n"); 2321 2322 NamesBuffer[i].Use = SidTypeDomain; 2323 NamesBuffer[i].Flags = 0; 2324 2325 NamesBuffer[i].Name.Length = AccountDomainName.Length; 2326 NamesBuffer[i].Name.MaximumLength = AccountDomainName.MaximumLength; 2327 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(AccountDomainName.MaximumLength); 2328 if (NamesBuffer[i].Name.Buffer == NULL) 2329 { 2330 Status = STATUS_INSUFFICIENT_RESOURCES; 2331 goto done; 2332 } 2333 2334 RtlCopyMemory(NamesBuffer[i].Name.Buffer, AccountDomainName.Buffer, AccountDomainName.MaximumLength); 2335 2336 Status = LsapAddDomainToDomainsList(DomainsBuffer, 2337 &AccountDomainName, 2338 AccountDomainSid, 2339 &DomainIndex); 2340 if (!NT_SUCCESS(Status)) 2341 goto done; 2342 2343 NamesBuffer[i].DomainIndex = DomainIndex; 2344 2345 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name); 2346 2347 (*Mapped)++; 2348 } 2349 else if (LsapIsPrefixSid(AccountDomainSid, SidEnumBuffer->SidInfo[i].Sid)) 2350 { 2351 TRACE("Found account domain account!\n"); 2352 2353 RelativeIds[0] = LsapGetRelativeIdFromSid(SidEnumBuffer->SidInfo[i].Sid); 2354 2355 Status = SamrLookupIdsInDomain(DomainHandle, 2356 1, 2357 RelativeIds, 2358 &Names, 2359 &Use); 2360 if (NT_SUCCESS(Status)) 2361 { 2362 NamesBuffer[i].Use = Use.Element[0]; 2363 NamesBuffer[i].Flags = 0; 2364 2365 NamesBuffer[i].Name.Length = Names.Element[0].Length; 2366 NamesBuffer[i].Name.MaximumLength = Names.Element[0].MaximumLength; 2367 NamesBuffer[i].Name.Buffer = MIDL_user_allocate(Names.Element[0].MaximumLength); 2368 if (NamesBuffer[i].Name.Buffer == NULL) 2369 { 2370 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names); 2371 SamIFree_SAMPR_ULONG_ARRAY(&Use); 2372 2373 Status = STATUS_INSUFFICIENT_RESOURCES; 2374 goto done; 2375 } 2376 2377 RtlCopyMemory(NamesBuffer[i].Name.Buffer, 2378 Names.Element[0].Buffer, 2379 Names.Element[0].MaximumLength); 2380 2381 SamIFree_SAMPR_RETURNED_USTRING_ARRAY(&Names); 2382 SamIFree_SAMPR_ULONG_ARRAY(&Use); 2383 2384 Status = LsapAddDomainToDomainsList(DomainsBuffer, 2385 &AccountDomainName, 2386 AccountDomainSid, 2387 &DomainIndex); 2388 if (!NT_SUCCESS(Status)) 2389 goto done; 2390 2391 NamesBuffer[i].DomainIndex = DomainIndex; 2392 2393 TRACE("Mapped to: %wZ\n", &NamesBuffer[i].Name); 2394 2395 (*Mapped)++; 2396 } 2397 } 2398 } 2399 2400 done: 2401 if (DomainHandle != NULL) 2402 SamrCloseHandle(&DomainHandle); 2403 2404 if (ServerHandle != NULL) 2405 SamrCloseHandle(&ServerHandle); 2406 2407 return Status; 2408 } 2409 2410 2411 NTSTATUS 2412 LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, 2413 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, 2414 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, 2415 LSAP_LOOKUP_LEVEL LookupLevel, 2416 DWORD *MappedCount, 2417 DWORD LookupOptions, 2418 DWORD ClientRevision) 2419 { 2420 PLSAPR_REFERENCED_DOMAIN_LIST DomainsBuffer = NULL; 2421 PLSAPR_TRANSLATED_NAME_EX NamesBuffer = NULL; 2422 ULONG NamesBufferLength; 2423 ULONG i; 2424 ULONG Mapped = 0; 2425 NTSTATUS Status = STATUS_SUCCESS; 2426 2427 NamesBufferLength = SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME_EX); 2428 NamesBuffer = MIDL_user_allocate(NamesBufferLength); 2429 if (NamesBuffer == NULL) 2430 { 2431 Status = STATUS_INSUFFICIENT_RESOURCES; 2432 goto done; 2433 } 2434 2435 DomainsBuffer = MIDL_user_allocate(sizeof(LSAPR_REFERENCED_DOMAIN_LIST)); 2436 if (DomainsBuffer == NULL) 2437 { 2438 Status = STATUS_INSUFFICIENT_RESOURCES; 2439 goto done; 2440 } 2441 2442 DomainsBuffer->Domains = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSA_TRUST_INFORMATION)); 2443 if (DomainsBuffer->Domains == NULL) 2444 { 2445 Status = STATUS_INSUFFICIENT_RESOURCES; 2446 goto done; 2447 } 2448 2449 DomainsBuffer->Entries = 0; 2450 DomainsBuffer->MaxEntries = SidEnumBuffer->Entries; 2451 2452 /* Initialize all name entries */ 2453 for (i = 0; i < SidEnumBuffer->Entries; i++) 2454 { 2455 NamesBuffer[i].Use = SidTypeUnknown; 2456 NamesBuffer[i].Name.Length = 0; 2457 NamesBuffer[i].Name.MaximumLength = 0; 2458 NamesBuffer[i].Name.Buffer = NULL; 2459 NamesBuffer[i].DomainIndex = -1; 2460 NamesBuffer[i].Flags = 0; 2461 } 2462 2463 /* Look-up well-known SIDs */ 2464 Status = LsapLookupWellKnownSids(SidEnumBuffer, 2465 NamesBuffer, 2466 DomainsBuffer, 2467 &Mapped); 2468 if (!NT_SUCCESS(Status) && 2469 Status != STATUS_NONE_MAPPED && 2470 Status != STATUS_SOME_NOT_MAPPED) 2471 goto done; 2472 2473 if (Mapped == SidEnumBuffer->Entries) 2474 goto done; 2475 2476 /* Look-up builtin domain SIDs */ 2477 Status = LsapLookupBuiltinDomainSids(SidEnumBuffer, 2478 NamesBuffer, 2479 DomainsBuffer, 2480 &Mapped); 2481 if (!NT_SUCCESS(Status) && 2482 Status != STATUS_NONE_MAPPED && 2483 Status != STATUS_SOME_NOT_MAPPED) 2484 goto done; 2485 2486 if (Mapped == SidEnumBuffer->Entries) 2487 goto done; 2488 2489 /* Look-up account domain SIDs */ 2490 Status = LsapLookupAccountDomainSids(SidEnumBuffer, 2491 NamesBuffer, 2492 DomainsBuffer, 2493 &Mapped); 2494 if (!NT_SUCCESS(Status) && 2495 Status != STATUS_NONE_MAPPED && 2496 Status != STATUS_SOME_NOT_MAPPED) 2497 goto done; 2498 2499 if (Mapped == SidEnumBuffer->Entries) 2500 goto done; 2501 2502 done: 2503 TRACE("done Status: %lx Mapped: %lu\n", Status, Mapped); 2504 2505 if (!NT_SUCCESS(Status)) 2506 { 2507 if (DomainsBuffer != NULL) 2508 { 2509 if (DomainsBuffer->Domains != NULL) 2510 MIDL_user_free(DomainsBuffer->Domains); 2511 2512 MIDL_user_free(DomainsBuffer); 2513 } 2514 2515 if (NamesBuffer != NULL) 2516 MIDL_user_free(NamesBuffer); 2517 } 2518 else 2519 { 2520 *ReferencedDomains = DomainsBuffer; 2521 TranslatedNames->Entries = SidEnumBuffer->Entries; 2522 TranslatedNames->Names = NamesBuffer; 2523 *MappedCount = Mapped; 2524 2525 if (Mapped == 0) 2526 Status = STATUS_NONE_MAPPED; 2527 else if (Mapped < SidEnumBuffer->Entries) 2528 Status = STATUS_SOME_NOT_MAPPED; 2529 } 2530 2531 return Status; 2532 } 2533 2534 /* EOF */ 2535