ReactOS 0.4.15-dev-6679-g945ee4b
Classes | Macros | Typedefs | Enumerations | Functions | Variables
samsrv.h File Reference
#include <stdio.h>
#include <stdlib.h>
#include <windef.h>
#include <winbase.h>
#include <winreg.h>
#include <ndk/ketypes.h>
#include <ndk/kefuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/rtlfuncs.h>
#include <ddk/ntsam.h>
#include <sddl.h>
#include <sam_s.h>
#include <wine/debug.h>
Include dependency graph for samsrv.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _SAM_DB_OBJECT
 
struct  _SAM_ALIAS_FIXED_DATA
 
struct  _SAM_DOMAIN_FIXED_DATA
 
struct  _SAM_GROUP_FIXED_DATA
 
struct  _SAM_USER_FIXED_DATA
 

Macros

#define WIN32_NO_STATUS
 
#define _INC_WINDOWS
 
#define COM_NO_WINDOWS_H
 
#define NTOS_MODE_USER
 
#define SAMP_DB_SIGNATURE   0x87654321
 

Typedefs

typedef enum _SAM_DB_OBJECT_TYPE SAM_DB_OBJECT_TYPE
 
typedef struct _SAM_DB_OBJECT SAM_DB_OBJECT
 
typedef struct _SAM_DB_OBJECTPSAM_DB_OBJECT
 
typedef struct _SAM_ALIAS_FIXED_DATA SAM_ALIAS_FIXED_DATA
 
typedef struct _SAM_ALIAS_FIXED_DATAPSAM_ALIAS_FIXED_DATA
 
typedef struct _SAM_DOMAIN_FIXED_DATA SAM_DOMAIN_FIXED_DATA
 
typedef struct _SAM_DOMAIN_FIXED_DATAPSAM_DOMAIN_FIXED_DATA
 
typedef struct _SAM_GROUP_FIXED_DATA SAM_GROUP_FIXED_DATA
 
typedef struct _SAM_GROUP_FIXED_DATAPSAM_GROUP_FIXED_DATA
 
typedef struct _SAM_USER_FIXED_DATA SAM_USER_FIXED_DATA
 
typedef struct _SAM_USER_FIXED_DATAPSAM_USER_FIXED_DATA
 

Enumerations

enum  _SAM_DB_OBJECT_TYPE {
  SamDbIgnoreObject , SamDbServerObject , SamDbDomainObject , SamDbAliasObject ,
  SamDbGroupObject , SamDbUserObject
}
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (samsrv)
 
NTSTATUS SampOpenAliasObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG AliasId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *AliasObject)
 
NTSTATUS SampAddMemberToAlias (IN PSAM_DB_OBJECT AliasObject, IN PRPC_SID MemberId)
 
NTSTATUS NTAPI SampRemoveMemberFromAlias (IN PSAM_DB_OBJECT AliasObject, IN PRPC_SID MemberId)
 
NTSTATUS SampGetMembersInAlias (IN PSAM_DB_OBJECT AliasObject, OUT PULONG MemberCount, OUT PSAMPR_SID_INFORMATION *MemberArray)
 
NTSTATUS SampRemoveAllMembersFromAlias (IN PSAM_DB_OBJECT AliasObject)
 
NTSTATUS SampInitDatabase (VOID)
 
NTSTATUS SampCreateDbObject (IN PSAM_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN ULONG RelativeId, IN SAM_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampOpenDbObject (IN PSAM_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN ULONG RelativeId, IN SAM_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampValidateDbObject (SAMPR_HANDLE Handle, SAM_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampCloseDbObject (PSAM_DB_OBJECT DbObject)
 
NTSTATUS SampDeleteAccountDbObject (PSAM_DB_OBJECT DbObject)
 
NTSTATUS SampSetObjectAttribute (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, LPVOID AttributeData, ULONG AttributeSize)
 
NTSTATUS SampGetObjectAttribute (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
 
NTSTATUS SampGetObjectAttributeString (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PRPC_UNICODE_STRING String)
 
NTSTATUS SampSetObjectAttributeString (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PRPC_UNICODE_STRING String)
 
NTSTATUS SampInitializeDisplayCache (VOID)
 
NTSTATUS SampShutdownDisplayCache (VOID)
 
NTSTATUS SampFillDisplayCache (_In_ PSAM_DB_OBJECT DomainObject, _In_ DOMAIN_DISPLAY_INFORMATION DisplayInformationClass)
 
NTSTATUS SampSetAccountNameInDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpContainerName, IN LPCWSTR lpAccountName, IN ULONG ulRelativeId)
 
NTSTATUS SampRemoveAccountNameFromDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpContainerName, IN LPCWSTR lpAccountName)
 
NTSTATUS SampCheckAccountNameInDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpAccountName)
 
NTSTATUS SampRemoveMemberFromAllAliases (IN PSAM_DB_OBJECT DomainObject, IN PRPC_SID MemberSid)
 
NTSTATUS SampCreateAccountSid (IN PSAM_DB_OBJECT DomainObject, IN ULONG ulRelativeId, IN OUT PSID *AccountSid)
 
NTSTATUS SampOpenGroupObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG GroupId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *GroupObject)
 
NTSTATUS SampAddMemberToGroup (IN PSAM_DB_OBJECT GroupObject, IN ULONG MemberId)
 
NTSTATUS SampRemoveMemberFromGroup (IN PSAM_DB_OBJECT GroupObject, IN ULONG MemberId)
 
NTSTATUS SampRegCloseKey (IN OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegCreateKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegDeleteKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
 
NTSTATUS SampRegEnumerateSubKey (IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
 
NTSTATUS SampRegOpenKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegQueryKeyInfo (IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG ValueCount)
 
NTSTATUS SampRegDeleteValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName)
 
NTSTATUS SampRegEnumerateValue (IN HANDLE KeyHandle, IN ULONG Index, OUT LPWSTR Name, IN OUT PULONG NameLength, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
 
NTSTATUS SampRegQueryValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName, OUT PULONG Type OPTIONAL, OUT LPVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
 
NTSTATUS SampRegSetValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName, IN ULONG Type, IN LPVOID Data, IN ULONG DataLength)
 
VOID SampStartRpcServer (VOID)
 
NTSTATUS SampCreateServerSD (OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
 
NTSTATUS SampCreateBuiltinDomainSD (OUT PSECURITY_DESCRIPTOR *DomainSd, OUT PULONG Size)
 
NTSTATUS SampCreateAccountDomainSD (OUT PSECURITY_DESCRIPTOR *DomainSd, OUT PULONG Size)
 
NTSTATUS SampCreateAliasSD (OUT PSECURITY_DESCRIPTOR *AliasSd, OUT PULONG Size)
 
NTSTATUS SampCreateGroupSD (OUT PSECURITY_DESCRIPTOR *GroupSd, OUT PULONG Size)
 
NTSTATUS SampCreateUserSD (IN PSID UserSid, OUT PSECURITY_DESCRIPTOR *UserSd, OUT PULONG Size)
 
BOOL SampInitializeSAM (VOID)
 
NTSTATUS SampOpenUserObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *UserObject)
 
NTSTATUS SampAddGroupMembershipToUser (IN PSAM_DB_OBJECT UserObject, IN ULONG GroupId, IN ULONG Attributes)
 
NTSTATUS SampRemoveGroupMembershipFromUser (IN PSAM_DB_OBJECT UserObject, IN ULONG GroupId)
 
NTSTATUS SampGetUserGroupAttributes (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ULONG GroupId, OUT PULONG GroupAttributes)
 
NTSTATUS SampSetUserGroupAttributes (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ULONG GroupId, IN ULONG GroupAttributes)
 
NTSTATUS SampRemoveUserFromAllGroups (IN PSAM_DB_OBJECT UserObject)
 
NTSTATUS SampRemoveUserFromAllAliases (IN PSAM_DB_OBJECT UserObject)
 
NTSTATUS SampSetUserPassword (IN PSAM_DB_OBJECT UserObject, IN PENCRYPTED_NT_OWF_PASSWORD NtPassword, IN BOOLEAN NtPasswordPresent, IN PENCRYPTED_LM_OWF_PASSWORD LmPassword, IN BOOLEAN LmPasswordPresent)
 
NTSTATUS SampGetLogonHoursAttribute (IN PSAM_DB_OBJECT UserObject, IN OUT PSAMPR_LOGON_HOURS LogonHours)
 
NTSTATUS SampSetLogonHoursAttribute (IN PSAM_DB_OBJECT UserObject, IN PSAMPR_LOGON_HOURS LogonHours)
 
INT SampLoadString (HINSTANCE hInstance, UINT uId, LPWSTR lpBuffer, INT nBufferMax)
 
BOOL SampIsSetupRunning (VOID)
 
PSID AppendRidToSid (PSID SrcSid, ULONG Rid)
 
NTSTATUS SampGetRidFromSid (IN PSID Sid, OUT PULONG Rid)
 
NTSTATUS SampCheckAccountName (IN PRPC_UNICODE_STRING AccountName, IN USHORT MaxLength)
 
NTSTATUS WINAPI SystemFunction006 (LPCSTR password, LPSTR hash)
 
NTSTATUS WINAPI SystemFunction007 (PUNICODE_STRING string, LPBYTE hash)
 
NTSTATUS WINAPI SystemFunction013 (const BYTE *in, const BYTE *key, LPBYTE out)
 

Variables

PGENERIC_MAPPING pServerMapping
 
ENCRYPTED_NT_OWF_PASSWORD EmptyNtHash
 
ENCRYPTED_LM_OWF_PASSWORD EmptyLmHash
 
RTL_RESOURCE SampResource
 
NT_PRODUCT_TYPE SampProductType
 

Macro Definition Documentation

◆ _INC_WINDOWS

#define _INC_WINDOWS

Definition at line 17 of file samsrv.h.

◆ COM_NO_WINDOWS_H

#define COM_NO_WINDOWS_H

Definition at line 18 of file samsrv.h.

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 23 of file samsrv.h.

◆ SAMP_DB_SIGNATURE

#define SAMP_DB_SIGNATURE   0x87654321

Definition at line 59 of file samsrv.h.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 16 of file samsrv.h.

Typedef Documentation

◆ PSAM_ALIAS_FIXED_DATA

typedef struct _SAM_ALIAS_FIXED_DATA * PSAM_ALIAS_FIXED_DATA

◆ PSAM_DB_OBJECT

typedef struct _SAM_DB_OBJECT * PSAM_DB_OBJECT

◆ PSAM_DOMAIN_FIXED_DATA

typedef struct _SAM_DOMAIN_FIXED_DATA * PSAM_DOMAIN_FIXED_DATA

◆ PSAM_GROUP_FIXED_DATA

typedef struct _SAM_GROUP_FIXED_DATA * PSAM_GROUP_FIXED_DATA

◆ PSAM_USER_FIXED_DATA

typedef struct _SAM_USER_FIXED_DATA * PSAM_USER_FIXED_DATA

◆ SAM_ALIAS_FIXED_DATA

typedef struct _SAM_ALIAS_FIXED_DATA SAM_ALIAS_FIXED_DATA

◆ SAM_DB_OBJECT

typedef struct _SAM_DB_OBJECT SAM_DB_OBJECT

◆ SAM_DB_OBJECT_TYPE

typedef enum _SAM_DB_OBJECT_TYPE SAM_DB_OBJECT_TYPE

◆ SAM_DOMAIN_FIXED_DATA

typedef struct _SAM_DOMAIN_FIXED_DATA SAM_DOMAIN_FIXED_DATA

◆ SAM_GROUP_FIXED_DATA

typedef struct _SAM_GROUP_FIXED_DATA SAM_GROUP_FIXED_DATA

◆ SAM_USER_FIXED_DATA

typedef struct _SAM_USER_FIXED_DATA SAM_USER_FIXED_DATA

Enumeration Type Documentation

◆ _SAM_DB_OBJECT_TYPE

enum _SAM_DB_OBJECT_TYPE
Enumerator
SamDbIgnoreObject 
SamDbServerObject 
SamDbDomainObject 
SamDbAliasObject 
SamDbGroupObject 
SamDbUserObject 

Definition at line 35 of file samsrv.h.

36{
37 SamDbIgnoreObject,
38 SamDbServerObject,
39 SamDbDomainObject,
40 SamDbAliasObject,
41 SamDbGroupObject,
42 SamDbUserObject
43} SAM_DB_OBJECT_TYPE;
SAM_DB_OBJECT_TYPE
enum _SAM_DB_OBJECT_TYPE SAM_DB_OBJECT_TYPE
SamDbGroupObject
@ SamDbGroupObject
Definition: samsrv.h:41
SamDbUserObject
@ SamDbUserObject
Definition: samsrv.h:42
SamDbIgnoreObject
@ SamDbIgnoreObject
Definition: samsrv.h:37
SamDbAliasObject
@ SamDbAliasObject
Definition: samsrv.h:40
SamDbServerObject
@ SamDbServerObject
Definition: samsrv.h:38
SamDbDomainObject
@ SamDbDomainObject
Definition: samsrv.h:39

Function Documentation

◆ AppendRidToSid()

PSID AppendRidToSid ( PSID  SrcSid,
ULONG  Rid 
)

Definition at line 103 of file utils.c.

105{
106 ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0};
107 UCHAR RidCount;
108 PSID DstSid;
109 ULONG i;
110
111 RidCount = *RtlSubAuthorityCountSid(SrcSid);
112 if (RidCount >= 8)
113 return NULL;
114
115 for (i = 0; i < RidCount; i++)
116 Rids[i] = *RtlSubAuthoritySid(SrcSid, i);
117
118 Rids[RidCount] = Rid;
119 RidCount++;
120
121 RtlAllocateAndInitializeSid(RtlIdentifierAuthoritySid(SrcSid),
122 RidCount,
123 Rids[0],
124 Rids[1],
125 Rids[2],
126 Rids[3],
127 Rids[4],
128 Rids[5],
129 Rids[6],
130 Rids[7],
131 &DstSid);
132
133 return DstSid;
134}
NULL
#define NULL
Definition: types.h:112
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
RtlIdentifierAuthoritySid
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
RtlSubAuthorityCountSid
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
_SID
Definition: ms-dtyp.idl:198
ULONG
uint32_t ULONG
Definition: typedefs.h:59
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181

◆ SampAddGroupMembershipToUser()

NTSTATUS SampAddGroupMembershipToUser ( IN PSAM_DB_OBJECT  UserObject,
IN ULONG  GroupId,
IN ULONG  Attributes 
)

Definition at line 39 of file user.c.

42{
43 PGROUP_MEMBERSHIP GroupsBuffer = NULL;
44 ULONG GroupsCount = 0;
45 ULONG Length = 0;
46 ULONG i;
47 NTSTATUS Status;
48
49 TRACE("(%p %lu %lx)\n",
50 UserObject, GroupId, Attributes);
51
52 Status = SampGetObjectAttribute(UserObject,
53 L"Groups",
54 NULL,
55 NULL,
56 &Length);
57 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
58 goto done;
59
60 GroupsBuffer = midl_user_allocate(Length + sizeof(GROUP_MEMBERSHIP));
61 if (GroupsBuffer == NULL)
62 {
63 Status = STATUS_INSUFFICIENT_RESOURCES;
64 goto done;
65 }
66
67 if (Status != STATUS_OBJECT_NAME_NOT_FOUND)
68 {
69 Status = SampGetObjectAttribute(UserObject,
70 L"Groups",
71 NULL,
72 GroupsBuffer,
73 &Length);
74 if (!NT_SUCCESS(Status))
75 goto done;
76
77 GroupsCount = Length / sizeof(GROUP_MEMBERSHIP);
78 }
79
80 for (i = 0; i < GroupsCount; i++)
81 {
82 if (GroupsBuffer[i].RelativeId == GroupId)
83 {
84 Status = STATUS_MEMBER_IN_GROUP;
85 goto done;
86 }
87 }
88
89 GroupsBuffer[GroupsCount].RelativeId = GroupId;
90 GroupsBuffer[GroupsCount].Attributes = Attributes;
91 Length += sizeof(GROUP_MEMBERSHIP);
92
93 Status = SampSetObjectAttribute(UserObject,
94 L"Groups",
95 REG_BINARY,
96 GroupsBuffer,
97 Length);
98
99done:
100 if (GroupsBuffer != NULL)
101 midl_user_free(GroupsBuffer);
102
103 return Status;
104}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SampGetObjectAttribute
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:516
SampSetObjectAttribute
NTSTATUS SampSetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:501
Status
Status
Definition: gdiplustypes.h:25
REG_BINARY
#define REG_BINARY
Definition: nt_native.h:1496
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:102
GROUP_MEMBERSHIP
struct _GROUP_MEMBERSHIP GROUP_MEMBERSHIP
STATUS_MEMBER_IN_GROUP
#define STATUS_MEMBER_IN_GROUP
Definition: ntstatus.h:339
L
#define L(x)
Definition: ntvdm.h:50
midl_user_free
#define midl_user_free
Definition: rpc.h:45
midl_user_allocate
#define midl_user_allocate
Definition: rpc.h:44
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
_GROUP_MEMBERSHIP
Definition: ntsam.h:495
_GROUP_MEMBERSHIP::RelativeId
ULONG RelativeId
Definition: ntsam.h:496
_GROUP_MEMBERSHIP::Attributes
ULONG Attributes
Definition: ntsam.h:497
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
STATUS_OBJECT_NAME_NOT_FOUND
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
Attributes
_Must_inspect_result_ _In_ WDFDMAENABLER _In_ _In_opt_ PWDF_OBJECT_ATTRIBUTES Attributes
Definition: wdfcommonbuffer.h:97

Referenced by SamrAddMemberToGroup().

◆ SampAddMemberToAlias()

NTSTATUS SampAddMemberToAlias ( IN PSAM_DB_OBJECT  AliasObject,
IN PRPC_SID  MemberId 
)

Definition at line 39 of file alias.c.

41{
42 LPWSTR MemberIdString = NULL;
43 HANDLE MembersKeyHandle = NULL;
44 HANDLE MemberKeyHandle = NULL;
45 ULONG MemberIdLength;
46 NTSTATUS Status;
47
48 TRACE("(%p %p)\n",
49 AliasObject, MemberId);
50
51 ConvertSidToStringSidW(MemberId, &MemberIdString);
52 TRACE("Member SID: %S\n", MemberIdString);
53
54 MemberIdLength = RtlLengthSid(MemberId);
55
56 Status = SampRegCreateKey(AliasObject->KeyHandle,
57 L"Members",
58 KEY_WRITE,
59 &MembersKeyHandle);
60 if (!NT_SUCCESS(Status))
61 {
62 TRACE("SampRegCreateKey failed with status 0x%08lx\n", Status);
63 goto done;
64 }
65
66 Status = SampRegSetValue(MembersKeyHandle,
67 MemberIdString,
68 REG_BINARY,
69 MemberId,
70 MemberIdLength);
71 if (!NT_SUCCESS(Status))
72 {
73 TRACE("SampRegSetValue failed with status 0x%08lx\n", Status);
74 goto done;
75 }
76
77 Status = SampRegCreateKey(AliasObject->MembersKeyHandle,
78 MemberIdString,
79 KEY_WRITE,
80 &MemberKeyHandle);
81 if (!NT_SUCCESS(Status))
82 {
83 TRACE("SampRegCreateKey failed with status 0x%08lx\n", Status);
84 goto done;
85 }
86
87 Status = SampRegSetValue(MemberKeyHandle,
88 AliasObject->Name,
89 REG_BINARY,
90 MemberId,
91 MemberIdLength);
92 if (!NT_SUCCESS(Status))
93 {
94 TRACE("SampRegSetValue failed with status 0x%08lx\n", Status);
95 goto done;
96 }
97
98done:
99 SampRegCloseKey(&MemberKeyHandle);
100 SampRegCloseKey(&MembersKeyHandle);
101
102 if (MemberIdString != NULL)
103 LocalFree(MemberIdString);
104
105 return Status;
106}
ConvertSidToStringSidW
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3585
SampRegCloseKey
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
SampRegSetValue
NTSTATUS SampRegSetValue(HANDLE KeyHandle, LPCWSTR ValueName, ULONG Type, LPVOID Data, ULONG DataLength)
Definition: registry.c:402
SampRegCreateKey
NTSTATUS SampRegCreateKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:42
LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
KEY_WRITE
#define KEY_WRITE
Definition: nt_native.h:1031
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by SamrAddMemberToAlias().

◆ SampAddMemberToGroup()

NTSTATUS SampAddMemberToGroup ( IN PSAM_DB_OBJECT  GroupObject,
IN ULONG  MemberId 
)

Definition at line 39 of file group.c.

41{
42 PULONG MembersBuffer = NULL;
43 ULONG MembersCount = 0;
44 ULONG Length = 0;
45 ULONG i;
46 NTSTATUS Status;
47
48 Status = SampGetObjectAttribute(GroupObject,
49 L"Members",
50 NULL,
51 NULL,
52 &Length);
53 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
54 goto done;
55
56 MembersBuffer = midl_user_allocate(Length + sizeof(ULONG));
57 if (MembersBuffer == NULL)
58 {
59 Status = STATUS_INSUFFICIENT_RESOURCES;
60 goto done;
61 }
62
63 if (Status != STATUS_OBJECT_NAME_NOT_FOUND)
64 {
65 Status = SampGetObjectAttribute(GroupObject,
66 L"Members",
67 NULL,
68 MembersBuffer,
69 &Length);
70 if (!NT_SUCCESS(Status))
71 goto done;
72
73 MembersCount = Length / sizeof(ULONG);
74 }
75
76 for (i = 0; i < MembersCount; i++)
77 {
78 if (MembersBuffer[i] == MemberId)
79 {
80 Status = STATUS_MEMBER_IN_GROUP;
81 goto done;
82 }
83 }
84
85 MembersBuffer[MembersCount] = MemberId;
86 Length += sizeof(ULONG);
87
88 Status = SampSetObjectAttribute(GroupObject,
89 L"Members",
90 REG_BINARY,
91 MembersBuffer,
92 Length);
93
94done:
95 if (MembersBuffer != NULL)
96 midl_user_free(MembersBuffer);
97
98 return Status;
99}
PULONG
uint32_t * PULONG
Definition: typedefs.h:59

Referenced by SamrAddMemberToGroup().

◆ SampCheckAccountName()

NTSTATUS SampCheckAccountName ( IN PRPC_UNICODE_STRING  AccountName,
IN USHORT  MaxLength 
)

Definition at line 154 of file utils.c.

156{
157 if (AccountName->Length > MaxLength * sizeof(WCHAR))
158 return STATUS_INVALID_ACCOUNT_NAME;
159
160 return STATUS_SUCCESS;
161}
STATUS_INVALID_ACCOUNT_NAME
#define STATUS_INVALID_ACCOUNT_NAME
Definition: ntstatus.h:334
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by SampSetAliasName(), SampSetGroupName(), SampSetUserName(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCheckAccountNameInDomain()

NTSTATUS SampCheckAccountNameInDomain ( IN PSAM_DB_OBJECT  DomainObject,
IN LPCWSTR  lpAccountName 
)

Definition at line 96 of file domain.c.

98{
99 HANDLE AccountKey = NULL;
100 HANDLE NamesKey = NULL;
101 NTSTATUS Status;
102
103 TRACE("SampCheckAccountNameInDomain()\n");
104
105 Status = SampRegOpenKey(DomainObject->KeyHandle,
106 L"Aliases",
107 KEY_READ,
108 &AccountKey);
109 if (NT_SUCCESS(Status))
110 {
111 Status = SampRegOpenKey(AccountKey,
112 L"Names",
113 KEY_READ,
114 &NamesKey);
115 if (NT_SUCCESS(Status))
116 {
117 Status = SampRegQueryValue(NamesKey,
118 lpAccountName,
119 NULL,
120 NULL,
121 NULL);
122 if (Status == STATUS_SUCCESS)
123 {
124 SampRegCloseKey(&NamesKey);
125 Status = STATUS_ALIAS_EXISTS;
126 }
127 else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
128 Status = STATUS_SUCCESS;
129 }
130
131 SampRegCloseKey(&AccountKey);
132 }
133
134 if (!NT_SUCCESS(Status))
135 {
136 TRACE("Checking for alias account failed (Status 0x%08lx)\n", Status);
137 return Status;
138 }
139
140 Status = SampRegOpenKey(DomainObject->KeyHandle,
141 L"Groups",
142 KEY_READ,
143 &AccountKey);
144 if (NT_SUCCESS(Status))
145 {
146 Status = SampRegOpenKey(AccountKey,
147 L"Names",
148 KEY_READ,
149 &NamesKey);
150 if (NT_SUCCESS(Status))
151 {
152 Status = SampRegQueryValue(NamesKey,
153 lpAccountName,
154 NULL,
155 NULL,
156 NULL);
157 if (Status == STATUS_SUCCESS)
158 {
159 SampRegCloseKey(&NamesKey);
160 Status = STATUS_GROUP_EXISTS;
161 }
162 else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
163 Status = STATUS_SUCCESS;
164 }
165
166 SampRegCloseKey(&AccountKey);
167 }
168
169 if (!NT_SUCCESS(Status))
170 {
171 TRACE("Checking for group account failed (Status 0x%08lx)\n", Status);
172 return Status;
173 }
174
175 Status = SampRegOpenKey(DomainObject->KeyHandle,
176 L"Users",
177 KEY_READ,
178 &AccountKey);
179 if (NT_SUCCESS(Status))
180 {
181 Status = SampRegOpenKey(AccountKey,
182 L"Names",
183 KEY_READ,
184 &NamesKey);
185 if (NT_SUCCESS(Status))
186 {
187 Status = SampRegQueryValue(NamesKey,
188 lpAccountName,
189 NULL,
190 NULL,
191 NULL);
192 if (Status == STATUS_SUCCESS)
193 {
194 SampRegCloseKey(&NamesKey);
195 Status = STATUS_USER_EXISTS;
196 }
197 else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
198 Status = STATUS_SUCCESS;
199 }
200
201 SampRegCloseKey(&AccountKey);
202 }
203
204 if (!NT_SUCCESS(Status))
205 {
206 TRACE("Checking for user account failed (Status 0x%08lx)\n", Status);
207 }
208
209 return Status;
210}
SampRegQueryValue
NTSTATUS SampRegQueryValue(IN HANDLE KeyHandle, IN LPCWSTR ValueName, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:332
SampRegOpenKey
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
KEY_READ
#define KEY_READ
Definition: nt_native.h:1023
STATUS_ALIAS_EXISTS
#define STATUS_ALIAS_EXISTS
Definition: ntstatus.h:576
STATUS_USER_EXISTS
#define STATUS_USER_EXISTS
Definition: ntstatus.h:335
STATUS_GROUP_EXISTS
#define STATUS_GROUP_EXISTS
Definition: ntstatus.h:337
lpAccountName
_In_ LPCSTR lpAccountName
Definition: winbase.h:2731

Referenced by SampSetAliasName(), SampSetGroupName(), SampSetUserName(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCloseDbObject()

NTSTATUS SampCloseDbObject ( PSAM_DB_OBJECT  DbObject)

Definition at line 346 of file database.c.

347{
348 NTSTATUS Status = STATUS_SUCCESS;
349
350 DbObject->RefCount--;
351
352 if (DbObject->RefCount > 0)
353 return STATUS_SUCCESS;
354
355 SampRegCloseKey(&DbObject->KeyHandle);
356 SampRegCloseKey(&DbObject->MembersKeyHandle);
357
358 if (DbObject->Name != NULL)
359 RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject->Name);
360
361 RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
362
363 return Status;
364}
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
_SAM_DB_OBJECT::Name
LPWSTR Name
Definition: samsrv.h:51
_SAM_DB_OBJECT::KeyHandle
HANDLE KeyHandle
Definition: samsrv.h:52
_SAM_DB_OBJECT::RefCount
ULONG RefCount
Definition: samsrv.h:49
_SAM_DB_OBJECT::MembersKeyHandle
HANDLE MembersKeyHandle
Definition: samsrv.h:53

Referenced by SampFillUserDisplayCache(), SampGetUserGroupAttributes(), SampRemoveUserFromAllGroups(), SampSetUserGroupAttributes(), SamrAddMemberToGroup(), SamrCloseHandle(), SamrGetDomainPasswordInformation(), and SamrRemoveMemberFromGroup().

◆ SampCreateAccountDomainSD()

NTSTATUS SampCreateAccountDomainSD ( OUT PSECURITY_DESCRIPTOR DomainSd,
OUT PULONG  Size 
)

Definition at line 545 of file security.c.

547{
548 PSECURITY_DESCRIPTOR AbsSD = NULL;
549 PSECURITY_DESCRIPTOR RelSD = NULL;
550 PSID EveryoneSid = NULL;
551 PSID AnonymousSid = NULL;
552 PSID AdministratorsSid = NULL;
553 PSID UsersSid = NULL;
554 PSID GuestsSid = NULL;
555 PACL Dacl = NULL;
556 PACL Sacl = NULL;
557 ULONG DaclSize;
558 ULONG SaclSize;
559 ULONG RelSDSize = 0;
560 NTSTATUS Status = STATUS_SUCCESS;
561
562
563 /* Create the Everyone SID */
564 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
565 1,
566 SECURITY_WORLD_RID,
567 0,
568 0,
569 0,
570 0,
571 0,
572 0,
573 0,
574 &EveryoneSid);
575 ASSERT(NT_SUCCESS(Status));
576 if (!NT_SUCCESS(Status))
577 goto done;
578
579 /* Create the Anonymous SID */
580 Status = RtlAllocateAndInitializeSid(&NtAuthority,
581 1,
582 SECURITY_ANONYMOUS_LOGON_RID,
583 0,
584 0,
585 0,
586 0,
587 0,
588 0,
589 0,
590 &AnonymousSid);
591 ASSERT(NT_SUCCESS(Status));
592 if (!NT_SUCCESS(Status))
593 goto done;
594
595 /* Create the Administrators SID */
596 Status = RtlAllocateAndInitializeSid(&NtAuthority,
597 2,
598 SECURITY_BUILTIN_DOMAIN_RID,
599 DOMAIN_ALIAS_RID_ADMINS,
600 0,
601 0,
602 0,
603 0,
604 0,
605 0,
606 &AdministratorsSid);
607 ASSERT(NT_SUCCESS(Status));
608 if (!NT_SUCCESS(Status))
609 goto done;
610
611 /* Create the Users SID */
612 Status = RtlAllocateAndInitializeSid(&NtAuthority,
613 2,
614 SECURITY_BUILTIN_DOMAIN_RID,
615 DOMAIN_ALIAS_RID_USERS,
616 0,
617 0,
618 0,
619 0,
620 0,
621 0,
622 &UsersSid);
623 ASSERT(NT_SUCCESS(Status));
624 if (!NT_SUCCESS(Status))
625 goto done;
626
627 /* Create the Guests SID */
628 Status = RtlAllocateAndInitializeSid(&NtAuthority,
629 2,
630 SECURITY_BUILTIN_DOMAIN_RID,
631 DOMAIN_ALIAS_RID_GUESTS,
632 0,
633 0,
634 0,
635 0,
636 0,
637 0,
638 &GuestsSid);
639 ASSERT(NT_SUCCESS(Status));
640 if (!NT_SUCCESS(Status))
641 goto done;
642
643
644 /* Allocate a buffer for the absolute SD */
645 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
646 HEAP_ZERO_MEMORY,
647 sizeof(SECURITY_DESCRIPTOR));
648 if (AbsSD == NULL)
649 {
650 Status = STATUS_INSUFFICIENT_RESOURCES;
651 ASSERT(Status == STATUS_SUCCESS);
652 goto done;
653 }
654
655 /* Create the absolute SD */
656 Status = RtlCreateSecurityDescriptor(AbsSD,
657 SECURITY_DESCRIPTOR_REVISION);
658 ASSERT(NT_SUCCESS(Status));
659 if (!NT_SUCCESS(Status))
660 goto done;
661
662 /* allocate and create the DACL */
663 DaclSize = sizeof(ACL) +
664 4 * sizeof(ACE) +
665 RtlLengthSid(EveryoneSid) +
666 RtlLengthSid(AdministratorsSid) +
667 RtlLengthSid(UsersSid) +
668 RtlLengthSid(GuestsSid);
669
670 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
671 HEAP_ZERO_MEMORY,
672 DaclSize);
673 if (Dacl == NULL)
674 {
675 Status = STATUS_INSUFFICIENT_RESOURCES;
676 ASSERT(Status == STATUS_SUCCESS);
677 goto done;
678 }
679
680 Status = RtlCreateAcl(Dacl,
681 DaclSize,
682 ACL_REVISION);
683 ASSERT(NT_SUCCESS(Status));
684 if (!NT_SUCCESS(Status))
685 goto done;
686
687 Status = RtlAddAccessAllowedAce(Dacl,
688 ACL_REVISION,
689 DOMAIN_READ | DOMAIN_EXECUTE,
690 EveryoneSid);
691 ASSERT(NT_SUCCESS(Status));
692 if (!NT_SUCCESS(Status))
693 goto done;
694
695 Status = RtlAddAccessAllowedAce(Dacl,
696 ACL_REVISION,
697 DOMAIN_READ | DOMAIN_EXECUTE,
698 UsersSid);
699 ASSERT(NT_SUCCESS(Status));
700 if (!NT_SUCCESS(Status))
701 goto done;
702
703 Status = RtlAddAccessAllowedAce(Dacl,
704 ACL_REVISION,
705 DOMAIN_ALL_ACCESS & ~DOMAIN_CREATE_GROUP,
706 AdministratorsSid);
707 ASSERT(Status == STATUS_SUCCESS);
708 if (!NT_SUCCESS(Status))
709 goto done;
710
711 Status = RtlAddAccessAllowedAce(Dacl,
712 ACL_REVISION,
713 DOMAIN_READ | DOMAIN_EXECUTE | DOMAIN_CREATE_USER | DOMAIN_CREATE_ALIAS,
714 GuestsSid);
715 ASSERT(Status == STATUS_SUCCESS);
716 if (!NT_SUCCESS(Status))
717 goto done;
718
719 /* Set the DACL */
720 Status = RtlSetDaclSecurityDescriptor(AbsSD,
721 TRUE,
722 Dacl,
723 FALSE);
724 ASSERT(Status == STATUS_SUCCESS);
725 if (!NT_SUCCESS(Status))
726 goto done;
727
728 /* allocate and create the SACL */
729 SaclSize = sizeof(ACL) +
730 2 * sizeof(ACE) +
731 RtlLengthSid(EveryoneSid) +
732 RtlLengthSid(AnonymousSid);
733
734 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
735 HEAP_ZERO_MEMORY,
736 DaclSize);
737 if (Sacl == NULL)
738 {
739 Status = STATUS_INSUFFICIENT_RESOURCES;
740 ASSERT(Status == STATUS_SUCCESS);
741 goto done;
742 }
743
744 Status = RtlCreateAcl(Sacl,
745 SaclSize,
746 ACL_REVISION);
747 ASSERT(Status == STATUS_SUCCESS);
748 if (!NT_SUCCESS(Status))
749 goto done;
750
751 Status = RtlAddAuditAccessAce(Sacl,
752 ACL_REVISION,
753 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
754 SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_INITIALIZE |
755 SAM_SERVER_SHUTDOWN,
756 EveryoneSid,
757 TRUE,
758 TRUE);
759 ASSERT(Status == STATUS_SUCCESS);
760 if (!NT_SUCCESS(Status))
761 goto done;
762
763 Status = RtlAddAuditAccessAce(Sacl,
764 ACL_REVISION,
765 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
766 AnonymousSid,
767 TRUE,
768 TRUE);
769 ASSERT(Status == STATUS_SUCCESS);
770 if (!NT_SUCCESS(Status))
771 goto done;
772
773 /* Set the SACL */
774 Status = RtlSetSaclSecurityDescriptor(AbsSD,
775 TRUE,
776 Sacl,
777 FALSE);
778 ASSERT(Status == STATUS_SUCCESS);
779 if (!NT_SUCCESS(Status))
780 goto done;
781
782 /* Set the owner SID */
783 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
784 AdministratorsSid,
785 FALSE);
786 ASSERT(Status == STATUS_SUCCESS);
787 if (!NT_SUCCESS(Status))
788 goto done;
789
790 /* Set the group SID */
791 Status = RtlSetGroupSecurityDescriptor(AbsSD,
792 AdministratorsSid,
793 FALSE);
794 ASSERT(Status == STATUS_SUCCESS);
795 if (!NT_SUCCESS(Status))
796 goto done;
797
798 /* Get the reqired buffer size for the self-relative SD */
799 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
800 NULL,
801 &RelSDSize);
802 if (Status != STATUS_BUFFER_TOO_SMALL)
803 goto done;
804
805 /* Allocate a buffer for the self-relative SD */
806 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
807 HEAP_ZERO_MEMORY,
808 RelSDSize);
809 if (RelSD == NULL)
810 {
811 Status = STATUS_INSUFFICIENT_RESOURCES;
812 ASSERT(Status == STATUS_SUCCESS);
813 goto done;
814 }
815
816 /* Convert the absolute SD to self-relative format */
817 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
818 RelSD,
819 &RelSDSize);
820 if (Status == STATUS_BUFFER_TOO_SMALL)
821 {
822 ASSERT(Status == STATUS_SUCCESS);
823 goto done;
824 }
825
826 *ServerSd = RelSD;
827 *Size = RelSDSize;
828
829done:
830 if (!NT_SUCCESS(Status))
831 {
832 if (RelSD != NULL)
833 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
834 }
835
836 if (EveryoneSid != NULL)
837 RtlFreeSid(EveryoneSid);
838
839 if (AnonymousSid != NULL)
840 RtlFreeSid(AnonymousSid);
841
842 if (AdministratorsSid != NULL)
843 RtlFreeSid(AdministratorsSid);
844
845 if (Dacl != NULL)
846 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
847
848 if (Sacl != NULL)
849 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
850
851 if (AbsSD != NULL)
852 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
853
854 return Status;
855}
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
TRUE
#define TRUE
Definition: types.h:120
FALSE
#define FALSE
Definition: types.h:117
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
WorldAuthority
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
NtAuthority
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
RtlSetOwnerSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
RtlSetDaclSecurityDescriptor
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
ASSERT
#define ASSERT(a)
Definition: mode.c:44
ACL
struct _ACL ACL
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1593
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
RtlAddAuditAccessAce
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
SaclSize
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1596
RtlCreateSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
Sacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1595
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
DaclSize
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1594
SPECIFIC_RIGHTS_ALL
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
WRITE_DAC
#define WRITE_DAC
Definition: nt_native.h:59
ACCESS_SYSTEM_SECURITY
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
STANDARD_RIGHTS_ALL
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
DELETE
#define DELETE
Definition: nt_native.h:57
RtlSetGroupSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
RtlSetSaclSecurityDescriptor
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
RtlAbsoluteToSelfRelativeSD
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
DOMAIN_ALL_ACCESS
#define DOMAIN_ALL_ACCESS
Definition: ntsam.h:62
SAM_SERVER_SHUTDOWN
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
DOMAIN_CREATE_GROUP
#define DOMAIN_CREATE_GROUP
Definition: ntsam.h:38
DOMAIN_CREATE_ALIAS
#define DOMAIN_CREATE_ALIAS
Definition: ntsam.h:39
DOMAIN_EXECUTE
#define DOMAIN_EXECUTE
Definition: ntsam.h:57
DOMAIN_CREATE_USER
#define DOMAIN_CREATE_USER
Definition: ntsam.h:37
DOMAIN_READ
#define DOMAIN_READ
Definition: ntsam.h:45
SAM_SERVER_CREATE_DOMAIN
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
SAM_SERVER_INITIALIZE
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
STATUS_BUFFER_TOO_SMALL
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
_ACE
Definition: rtltypes.h:993
_ACL
Definition: ms-dtyp.idl:293
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301
Size
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
SECURITY_ANONYMOUS_LOGON_RID
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:563
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:653
DOMAIN_ALIAS_RID_GUESTS
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:654
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:581
SECURITY_WORLD_RID
#define SECURITY_WORLD_RID
Definition: setypes.h:541
SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
DOMAIN_ALIAS_RID_ADMINS
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:652

Referenced by SampSetupCreateDomain().

◆ SampCreateAccountSid()

NTSTATUS SampCreateAccountSid ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  ulRelativeId,
IN OUT PSID AccountSid 
)

Definition at line 303 of file domain.c.

306{
307 PSID DomainSid = NULL;
308 ULONG Length = 0;
309 NTSTATUS Status;
310
311 Status = SampGetObjectAttribute(DomainObject,
312 L"SID",
313 NULL,
314 NULL,
315 &Length);
316 if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
317 {
318 TRACE("Status 0x%08lx\n", Status);
319 goto done;
320 }
321
322 TRACE("Length: %lu\n", Length);
323
324 DomainSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
325 if (DomainSid == NULL)
326 {
327 Status = STATUS_INSUFFICIENT_RESOURCES;
328 goto done;
329 }
330
331 Status = SampGetObjectAttribute(DomainObject,
332 L"SID",
333 NULL,
334 DomainSid,
335 &Length);
336 if (!NT_SUCCESS(Status))
337 {
338 TRACE("Status 0x%08lx\n", Status);
339 goto done;
340 }
341
342 *AccountSid = AppendRidToSid(DomainSid,
343 ulRelativeId);
344
345done:
346 if (DomainSid != NULL)
347 RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
348
349 return Status;
350}
AppendRidToSid
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:280
STATUS_BUFFER_OVERFLOW
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66

Referenced by SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCreateAliasSD()

NTSTATUS SampCreateAliasSD ( OUT PSECURITY_DESCRIPTOR AliasSd,
OUT PULONG  Size 
)

Definition at line 859 of file security.c.

861{
862 PSECURITY_DESCRIPTOR AbsSD = NULL;
863 PSECURITY_DESCRIPTOR RelSD = NULL;
864 PSID EveryoneSid = NULL;
865 PSID AnonymousSid = NULL;
866 PSID AdministratorsSid = NULL;
867 PSID AccountOperatorsSid = NULL;
868 PACL Dacl = NULL;
869 PACL Sacl = NULL;
870 ULONG DaclSize;
871 ULONG SaclSize;
872 ULONG RelSDSize = 0;
873 NTSTATUS Status = STATUS_SUCCESS;
874
875
876 /* Create the Everyone SID */
877 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
878 1,
879 SECURITY_WORLD_RID,
880 0,
881 0,
882 0,
883 0,
884 0,
885 0,
886 0,
887 &EveryoneSid);
888 ASSERT(NT_SUCCESS(Status));
889 if (!NT_SUCCESS(Status))
890 goto done;
891
892 /* Create the Anonymous SID */
893 Status = RtlAllocateAndInitializeSid(&NtAuthority,
894 1,
895 SECURITY_ANONYMOUS_LOGON_RID,
896 0,
897 0,
898 0,
899 0,
900 0,
901 0,
902 0,
903 &AnonymousSid);
904 ASSERT(NT_SUCCESS(Status));
905 if (!NT_SUCCESS(Status))
906 goto done;
907
908 /* Create the Administrators SID */
909 Status = RtlAllocateAndInitializeSid(&NtAuthority,
910 2,
911 SECURITY_BUILTIN_DOMAIN_RID,
912 DOMAIN_ALIAS_RID_ADMINS,
913 0,
914 0,
915 0,
916 0,
917 0,
918 0,
919 &AdministratorsSid);
920 ASSERT(NT_SUCCESS(Status));
921 if (!NT_SUCCESS(Status))
922 goto done;
923
924 /* Create the Account Operators SID */
925 Status = RtlAllocateAndInitializeSid(&NtAuthority,
926 2,
927 SECURITY_BUILTIN_DOMAIN_RID,
928 DOMAIN_ALIAS_RID_ACCOUNT_OPS,
929 0,
930 0,
931 0,
932 0,
933 0,
934 0,
935 &AccountOperatorsSid);
936 ASSERT(NT_SUCCESS(Status));
937 if (!NT_SUCCESS(Status))
938 goto done;
939
940 /* Allocate a buffer for the absolute SD */
941 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
942 HEAP_ZERO_MEMORY,
943 sizeof(SECURITY_DESCRIPTOR));
944 if (AbsSD == NULL)
945 {
946 Status = STATUS_INSUFFICIENT_RESOURCES;
947 ASSERT(Status == STATUS_SUCCESS);
948 goto done;
949 }
950
951 /* Create the absolute SD */
952 Status = RtlCreateSecurityDescriptor(AbsSD,
953 SECURITY_DESCRIPTOR_REVISION);
954 ASSERT(NT_SUCCESS(Status));
955 if (!NT_SUCCESS(Status))
956 goto done;
957
958 /* allocate and create the DACL */
959 DaclSize = sizeof(ACL) +
960 3 * sizeof(ACE) +
961 RtlLengthSid(EveryoneSid) +
962 RtlLengthSid(AdministratorsSid) +
963 RtlLengthSid(AccountOperatorsSid);
964
965 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
966 HEAP_ZERO_MEMORY,
967 DaclSize);
968 if (Dacl == NULL)
969 {
970 Status = STATUS_INSUFFICIENT_RESOURCES;
971 ASSERT(Status == STATUS_SUCCESS);
972 goto done;
973 }
974
975 Status = RtlCreateAcl(Dacl,
976 DaclSize,
977 ACL_REVISION);
978 ASSERT(NT_SUCCESS(Status));
979 if (!NT_SUCCESS(Status))
980 goto done;
981
982 Status = RtlAddAccessAllowedAce(Dacl,
983 ACL_REVISION,
984 READ_CONTROL | ALIAS_READ_INFORMATION | ALIAS_LIST_MEMBERS,
985 EveryoneSid);
986 ASSERT(NT_SUCCESS(Status));
987 if (!NT_SUCCESS(Status))
988 goto done;
989
990 Status = RtlAddAccessAllowedAce(Dacl,
991 ACL_REVISION,
992 ALIAS_ALL_ACCESS,
993 AdministratorsSid);
994 ASSERT(Status == STATUS_SUCCESS);
995 if (!NT_SUCCESS(Status))
996 goto done;
997
998 Status = RtlAddAccessAllowedAce(Dacl,
999 ACL_REVISION,
1000 ALIAS_ALL_ACCESS,
1001 AccountOperatorsSid);
1002 ASSERT(Status == STATUS_SUCCESS);
1003 if (!NT_SUCCESS(Status))
1004 goto done;
1005
1006 /* Set the DACL */
1007 Status = RtlSetDaclSecurityDescriptor(AbsSD,
1008 TRUE,
1009 Dacl,
1010 FALSE);
1011 ASSERT(Status == STATUS_SUCCESS);
1012 if (!NT_SUCCESS(Status))
1013 goto done;
1014
1015 /* allocate and create the SACL */
1016 SaclSize = sizeof(ACL) +
1017 2 * sizeof(ACE) +
1018 RtlLengthSid(EveryoneSid) +
1019 RtlLengthSid(AnonymousSid);
1020
1021 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1022 HEAP_ZERO_MEMORY,
1023 DaclSize);
1024 if (Sacl == NULL)
1025 {
1026 Status = STATUS_INSUFFICIENT_RESOURCES;
1027 ASSERT(Status == STATUS_SUCCESS);
1028 goto done;
1029 }
1030
1031 Status = RtlCreateAcl(Sacl,
1032 SaclSize,
1033 ACL_REVISION);
1034 ASSERT(Status == STATUS_SUCCESS);
1035 if (!NT_SUCCESS(Status))
1036 goto done;
1037
1038 Status = RtlAddAuditAccessAce(Sacl,
1039 ACL_REVISION,
1040 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
1041 ALIAS_WRITE_ACCOUNT | ALIAS_REMOVE_MEMBER |
1042 ALIAS_ADD_MEMBER,
1043 EveryoneSid,
1044 TRUE,
1045 TRUE);
1046 ASSERT(Status == STATUS_SUCCESS);
1047 if (!NT_SUCCESS(Status))
1048 goto done;
1049
1050 Status = RtlAddAuditAccessAce(Sacl,
1051 ACL_REVISION,
1052 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
1053 AnonymousSid,
1054 TRUE,
1055 TRUE);
1056 ASSERT(Status == STATUS_SUCCESS);
1057 if (!NT_SUCCESS(Status))
1058 goto done;
1059
1060 /* Set the SACL */
1061 Status = RtlSetSaclSecurityDescriptor(AbsSD,
1062 TRUE,
1063 Sacl,
1064 FALSE);
1065 ASSERT(Status == STATUS_SUCCESS);
1066 if (!NT_SUCCESS(Status))
1067 goto done;
1068
1069 /* Set the owner SID */
1070 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
1071 AdministratorsSid,
1072 FALSE);
1073 ASSERT(Status == STATUS_SUCCESS);
1074 if (!NT_SUCCESS(Status))
1075 goto done;
1076
1077 /* Set the group SID */
1078 Status = RtlSetGroupSecurityDescriptor(AbsSD,
1079 AdministratorsSid,
1080 FALSE);
1081 ASSERT(Status == STATUS_SUCCESS);
1082 if (!NT_SUCCESS(Status))
1083 goto done;
1084
1085 /* Get the reqired buffer size for the self-relative SD */
1086 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1087 NULL,
1088 &RelSDSize);
1089 if (Status != STATUS_BUFFER_TOO_SMALL)
1090 goto done;
1091
1092 /* Allocate a buffer for the self-relative SD */
1093 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1094 HEAP_ZERO_MEMORY,
1095 RelSDSize);
1096 if (RelSD == NULL)
1097 {
1098 Status = STATUS_INSUFFICIENT_RESOURCES;
1099 ASSERT(Status == STATUS_SUCCESS);
1100 goto done;
1101 }
1102
1103 /* Convert the absolute SD to self-relative format */
1104 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1105 RelSD,
1106 &RelSDSize);
1107 if (Status == STATUS_BUFFER_TOO_SMALL)
1108 {
1109 ASSERT(Status == STATUS_SUCCESS);
1110 goto done;
1111 }
1112
1113 *AliasSd = RelSD;
1114 *Size = RelSDSize;
1115
1116done:
1117 if (!NT_SUCCESS(Status))
1118 {
1119 if (RelSD != NULL)
1120 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1121 }
1122
1123 if (EveryoneSid != NULL)
1124 RtlFreeSid(EveryoneSid);
1125
1126 if (AnonymousSid != NULL)
1127 RtlFreeSid(AnonymousSid);
1128
1129 if (AdministratorsSid != NULL)
1130 RtlFreeSid(AdministratorsSid);
1131
1132 if (Dacl != NULL)
1133 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1134
1135 if (Sacl != NULL)
1136 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1137
1138 if (AbsSD != NULL)
1139 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1140
1141 return Status;
1142}
READ_CONTROL
#define READ_CONTROL
Definition: nt_native.h:58
ALIAS_WRITE_ACCOUNT
#define ALIAS_WRITE_ACCOUNT
Definition: ntsam.h:13
ALIAS_LIST_MEMBERS
#define ALIAS_LIST_MEMBERS
Definition: ntsam.h:11
ALIAS_READ_INFORMATION
#define ALIAS_READ_INFORMATION
Definition: ntsam.h:12
ALIAS_REMOVE_MEMBER
#define ALIAS_REMOVE_MEMBER
Definition: ntsam.h:10
ALIAS_ALL_ACCESS
#define ALIAS_ALL_ACCESS
Definition: ntsam.h:26
ALIAS_ADD_MEMBER
#define ALIAS_ADD_MEMBER
Definition: ntsam.h:9
DOMAIN_ALIAS_RID_ACCOUNT_OPS
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:657

Referenced by SampSetupCreateAliasAccount(), and SamrCreateAliasInDomain().

◆ SampCreateBuiltinDomainSD()

NTSTATUS SampCreateBuiltinDomainSD ( OUT PSECURITY_DESCRIPTOR DomainSd,
OUT PULONG  Size 
)

Definition at line 283 of file security.c.

285{
286 PSECURITY_DESCRIPTOR AbsSD = NULL;
287 PSECURITY_DESCRIPTOR RelSD = NULL;
288 PSID EveryoneSid = NULL;
289 PSID AnonymousSid = NULL;
290 PSID AdministratorsSid = NULL;
291 PACL Dacl = NULL;
292 PACL Sacl = NULL;
293 ULONG DaclSize;
294 ULONG SaclSize;
295 ULONG RelSDSize = 0;
296 NTSTATUS Status = STATUS_SUCCESS;
297
298
299 /* Create the Everyone SID */
300 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
301 1,
302 SECURITY_WORLD_RID,
303 0,
304 0,
305 0,
306 0,
307 0,
308 0,
309 0,
310 &EveryoneSid);
311 ASSERT(NT_SUCCESS(Status));
312 if (!NT_SUCCESS(Status))
313 goto done;
314
315 /* Create the Anonymous SID */
316 Status = RtlAllocateAndInitializeSid(&NtAuthority,
317 1,
318 SECURITY_ANONYMOUS_LOGON_RID,
319 0,
320 0,
321 0,
322 0,
323 0,
324 0,
325 0,
326 &AnonymousSid);
327 ASSERT(NT_SUCCESS(Status));
328 if (!NT_SUCCESS(Status))
329 goto done;
330
331 /* Create the Administrators SID */
332 Status = RtlAllocateAndInitializeSid(&NtAuthority,
333 2,
334 SECURITY_BUILTIN_DOMAIN_RID,
335 DOMAIN_ALIAS_RID_ADMINS,
336 0,
337 0,
338 0,
339 0,
340 0,
341 0,
342 &AdministratorsSid);
343 ASSERT(NT_SUCCESS(Status));
344 if (!NT_SUCCESS(Status))
345 goto done;
346
347
348 /* Allocate a buffer for the absolute SD */
349 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
350 HEAP_ZERO_MEMORY,
351 sizeof(SECURITY_DESCRIPTOR));
352 if (AbsSD == NULL)
353 {
354 Status = STATUS_INSUFFICIENT_RESOURCES;
355 ASSERT(Status == STATUS_SUCCESS);
356 goto done;
357 }
358
359 /* Create the absolute SD */
360 Status = RtlCreateSecurityDescriptor(AbsSD,
361 SECURITY_DESCRIPTOR_REVISION);
362 ASSERT(NT_SUCCESS(Status));
363 if (!NT_SUCCESS(Status))
364 goto done;
365
366 /* allocate and create the DACL */
367 DaclSize = sizeof(ACL) +
368 2 * sizeof(ACE) +
369 RtlLengthSid(EveryoneSid) +
370 RtlLengthSid(AdministratorsSid);
371
372 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
373 HEAP_ZERO_MEMORY,
374 DaclSize);
375 if (Dacl == NULL)
376 {
377 Status = STATUS_INSUFFICIENT_RESOURCES;
378 ASSERT(Status == STATUS_SUCCESS);
379 goto done;
380 }
381
382 Status = RtlCreateAcl(Dacl,
383 DaclSize,
384 ACL_REVISION);
385 ASSERT(NT_SUCCESS(Status));
386 if (!NT_SUCCESS(Status))
387 goto done;
388
389 Status = RtlAddAccessAllowedAce(Dacl,
390 ACL_REVISION,
391 DOMAIN_READ | DOMAIN_EXECUTE,
392 EveryoneSid);
393 ASSERT(NT_SUCCESS(Status));
394 if (!NT_SUCCESS(Status))
395 goto done;
396
397 Status = RtlAddAccessAllowedAce(Dacl,
398 ACL_REVISION,
399 SAM_SERVER_ALL_ACCESS,
400 AdministratorsSid);
401 ASSERT(Status == STATUS_SUCCESS);
402 if (!NT_SUCCESS(Status))
403 goto done;
404
405 /* Set the DACL */
406 Status = RtlSetDaclSecurityDescriptor(AbsSD,
407 TRUE,
408 Dacl,
409 FALSE);
410 ASSERT(Status == STATUS_SUCCESS);
411 if (!NT_SUCCESS(Status))
412 goto done;
413
414 /* allocate and create the SACL */
415 SaclSize = sizeof(ACL) +
416 2 * sizeof(ACE) +
417 RtlLengthSid(EveryoneSid) +
418 RtlLengthSid(AnonymousSid);
419
420 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
421 HEAP_ZERO_MEMORY,
422 DaclSize);
423 if (Sacl == NULL)
424 {
425 Status = STATUS_INSUFFICIENT_RESOURCES;
426 ASSERT(Status == STATUS_SUCCESS);
427 goto done;
428 }
429
430 Status = RtlCreateAcl(Sacl,
431 SaclSize,
432 ACL_REVISION);
433 ASSERT(Status == STATUS_SUCCESS);
434 if (!NT_SUCCESS(Status))
435 goto done;
436
437 Status = RtlAddAuditAccessAce(Sacl,
438 ACL_REVISION,
439 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
440 SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_INITIALIZE |
441 SAM_SERVER_SHUTDOWN,
442 EveryoneSid,
443 TRUE,
444 TRUE);
445 ASSERT(Status == STATUS_SUCCESS);
446 if (!NT_SUCCESS(Status))
447 goto done;
448
449 Status = RtlAddAuditAccessAce(Sacl,
450 ACL_REVISION,
451 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
452 AnonymousSid,
453 TRUE,
454 TRUE);
455 ASSERT(Status == STATUS_SUCCESS);
456 if (!NT_SUCCESS(Status))
457 goto done;
458
459 /* Set the SACL */
460 Status = RtlSetSaclSecurityDescriptor(AbsSD,
461 TRUE,
462 Sacl,
463 FALSE);
464 ASSERT(Status == STATUS_SUCCESS);
465 if (!NT_SUCCESS(Status))
466 goto done;
467
468 /* Set the owner SID */
469 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
470 AdministratorsSid,
471 FALSE);
472 ASSERT(Status == STATUS_SUCCESS);
473 if (!NT_SUCCESS(Status))
474 goto done;
475
476 /* Set the group SID */
477 Status = RtlSetGroupSecurityDescriptor(AbsSD,
478 AdministratorsSid,
479 FALSE);
480 ASSERT(Status == STATUS_SUCCESS);
481 if (!NT_SUCCESS(Status))
482 goto done;
483
484 /* Get the reqired buffer size for the self-relative SD */
485 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
486 NULL,
487 &RelSDSize);
488 if (Status != STATUS_BUFFER_TOO_SMALL)
489 goto done;
490
491 /* Allocate a buffer for the self-relative SD */
492 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
493 HEAP_ZERO_MEMORY,
494 RelSDSize);
495 if (RelSD == NULL)
496 {
497 Status = STATUS_INSUFFICIENT_RESOURCES;
498 ASSERT(Status == STATUS_SUCCESS);
499 goto done;
500 }
501
502 /* Convert the absolute SD to self-relative format */
503 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
504 RelSD,
505 &RelSDSize);
506 if (Status == STATUS_BUFFER_TOO_SMALL)
507 {
508 ASSERT(Status == STATUS_SUCCESS);
509 goto done;
510 }
511
512 *ServerSd = RelSD;
513 *Size = RelSDSize;
514
515done:
516 if (!NT_SUCCESS(Status))
517 {
518 if (RelSD != NULL)
519 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
520 }
521
522 if (EveryoneSid != NULL)
523 RtlFreeSid(EveryoneSid);
524
525 if (AnonymousSid != NULL)
526 RtlFreeSid(AnonymousSid);
527
528 if (AdministratorsSid != NULL)
529 RtlFreeSid(AdministratorsSid);
530
531 if (Dacl != NULL)
532 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
533
534 if (Sacl != NULL)
535 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
536
537 if (AbsSD != NULL)
538 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
539
540 return Status;
541}
SAM_SERVER_ALL_ACCESS
#define SAM_SERVER_ALL_ACCESS
Definition: ntsam.h:118

Referenced by SampSetupCreateDomain().

◆ SampCreateDbObject()

NTSTATUS SampCreateDbObject ( IN PSAM_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN ULONG  RelativeId,
IN SAM_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT DbObject 
)

Definition at line 44 of file database.c.

51{
52 PSAM_DB_OBJECT NewObject = NULL;
53 HANDLE ParentKeyHandle;
54 HANDLE ContainerKeyHandle = NULL;
55 HANDLE ObjectKeyHandle = NULL;
56 HANDLE MembersKeyHandle = NULL;
57 NTSTATUS Status;
58
59 if (DbObject == NULL)
60 return STATUS_INVALID_PARAMETER;
61
62 *DbObject = NULL;
63
64 if (ParentObject == NULL)
65 ParentKeyHandle = SamKeyHandle;
66 else
67 ParentKeyHandle = ParentObject->KeyHandle;
68
69 if (ContainerName != NULL)
70 {
71 /* Open the container key */
72 Status = SampRegOpenKey(ParentKeyHandle,
73 ContainerName,
74 KEY_ALL_ACCESS,
75 &ContainerKeyHandle);
76 if (!NT_SUCCESS(Status))
77 {
78 goto done;
79 }
80
81 /* Create the object key */
82 Status = SampRegCreateKey(ContainerKeyHandle,
83 ObjectName,
84 KEY_ALL_ACCESS,
85 &ObjectKeyHandle);
86 if (!NT_SUCCESS(Status))
87 {
88 goto done;
89 }
90
91 if (ObjectType == SamDbAliasObject)
92 {
93 /* Create the object key */
94 Status = SampRegCreateKey(ContainerKeyHandle,
95 L"Members",
96 KEY_ALL_ACCESS,
97 &MembersKeyHandle);
98 if (!NT_SUCCESS(Status))
99 {
100 goto done;
101 }
102 }
103 }
104 else
105 {
106 /* Create the object key */
107 Status = SampRegCreateKey(ParentKeyHandle,
108 ObjectName,
109 KEY_ALL_ACCESS,
110 &ObjectKeyHandle);
111 if (!NT_SUCCESS(Status))
112 {
113 goto done;
114 }
115 }
116
117 NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
118 HEAP_ZERO_MEMORY,
119 sizeof(SAM_DB_OBJECT));
120 if (NewObject == NULL)
121 {
122 Status = STATUS_INSUFFICIENT_RESOURCES;
123 goto done;
124 }
125
126 NewObject->Name = RtlAllocateHeap(RtlGetProcessHeap(),
127 0,
128 (wcslen(ObjectName) + 1) * sizeof(WCHAR));
129 if (NewObject->Name == NULL)
130 {
131 Status = STATUS_INSUFFICIENT_RESOURCES;
132 goto done;
133 }
134
135 wcscpy(NewObject->Name, ObjectName);
136
137 NewObject->Signature = SAMP_DB_SIGNATURE;
138 NewObject->RefCount = 1;
139 NewObject->ObjectType = ObjectType;
140 NewObject->Access = DesiredAccess;
141 NewObject->KeyHandle = ObjectKeyHandle;
142 NewObject->MembersKeyHandle = MembersKeyHandle;
143 NewObject->RelativeId = RelativeId;
144 NewObject->ParentObject = ParentObject;
145
146 if (ParentObject != NULL)
147 NewObject->Trusted = ParentObject->Trusted;
148
149 *DbObject = NewObject;
150
151done:
152 if (!NT_SUCCESS(Status))
153 {
154 if (NewObject != NULL)
155 {
156 if (NewObject->Name != NULL)
157 RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject->Name);
158
159 RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject);
160 }
161
162 SampRegCloseKey(&MembersKeyHandle);
163 SampRegCloseKey(&ObjectKeyHandle);
164 }
165
166 SampRegCloseKey(&ContainerKeyHandle);
167
168 return Status;
169}
SamKeyHandle
static HANDLE SamKeyHandle
Definition: database.c:15
SAMP_DB_SIGNATURE
#define SAMP_DB_SIGNATURE
Definition: samsrv.h:59
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
ObjectType
ObjectType
Definition: metafile.c:81
KEY_ALL_ACCESS
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
wcscpy
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
_SAM_DB_OBJECT
Definition: samsrv.h:46
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658
ObjectName
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:64
NewObject
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:74

Referenced by SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCreateGroupSD()

NTSTATUS SampCreateGroupSD ( OUT PSECURITY_DESCRIPTOR GroupSd,
OUT PULONG  Size 
)

Definition at line 1146 of file security.c.

1148{
1149 PSECURITY_DESCRIPTOR AbsSD = NULL;
1150 PSECURITY_DESCRIPTOR RelSD = NULL;
1151 PSID EveryoneSid = NULL;
1152 PSID AnonymousSid = NULL;
1153 PSID AdministratorsSid = NULL;
1154 PSID AccountOperatorsSid = NULL;
1155 PACL Dacl = NULL;
1156 PACL Sacl = NULL;
1157 ULONG DaclSize;
1158 ULONG SaclSize;
1159 ULONG RelSDSize = 0;
1160 NTSTATUS Status = STATUS_SUCCESS;
1161
1162
1163 /* Create the Everyone SID */
1164 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
1165 1,
1166 SECURITY_WORLD_RID,
1167 0,
1168 0,
1169 0,
1170 0,
1171 0,
1172 0,
1173 0,
1174 &EveryoneSid);
1175 ASSERT(NT_SUCCESS(Status));
1176 if (!NT_SUCCESS(Status))
1177 goto done;
1178
1179 /* Create the Anonymous SID */
1180 Status = RtlAllocateAndInitializeSid(&NtAuthority,
1181 1,
1182 SECURITY_ANONYMOUS_LOGON_RID,
1183 0,
1184 0,
1185 0,
1186 0,
1187 0,
1188 0,
1189 0,
1190 &AnonymousSid);
1191 ASSERT(NT_SUCCESS(Status));
1192 if (!NT_SUCCESS(Status))
1193 goto done;
1194
1195 /* Create the Administrators SID */
1196 Status = RtlAllocateAndInitializeSid(&NtAuthority,
1197 2,
1198 SECURITY_BUILTIN_DOMAIN_RID,
1199 DOMAIN_ALIAS_RID_ADMINS,
1200 0,
1201 0,
1202 0,
1203 0,
1204 0,
1205 0,
1206 &AdministratorsSid);
1207 ASSERT(NT_SUCCESS(Status));
1208 if (!NT_SUCCESS(Status))
1209 goto done;
1210
1211 /* Create the Account Operators SID */
1212 Status = RtlAllocateAndInitializeSid(&NtAuthority,
1213 2,
1214 SECURITY_BUILTIN_DOMAIN_RID,
1215 DOMAIN_ALIAS_RID_ACCOUNT_OPS,
1216 0,
1217 0,
1218 0,
1219 0,
1220 0,
1221 0,
1222 &AccountOperatorsSid);
1223 ASSERT(NT_SUCCESS(Status));
1224 if (!NT_SUCCESS(Status))
1225 goto done;
1226
1227 /* Allocate a buffer for the absolute SD */
1228 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1229 HEAP_ZERO_MEMORY,
1230 sizeof(SECURITY_DESCRIPTOR));
1231 if (AbsSD == NULL)
1232 {
1233 Status = STATUS_INSUFFICIENT_RESOURCES;
1234 ASSERT(Status == STATUS_SUCCESS);
1235 goto done;
1236 }
1237
1238 /* Create the absolute SD */
1239 Status = RtlCreateSecurityDescriptor(AbsSD,
1240 SECURITY_DESCRIPTOR_REVISION);
1241 ASSERT(NT_SUCCESS(Status));
1242 if (!NT_SUCCESS(Status))
1243 goto done;
1244
1245 /* allocate and create the DACL */
1246 DaclSize = sizeof(ACL) +
1247 3 * sizeof(ACE) +
1248 RtlLengthSid(EveryoneSid) +
1249 RtlLengthSid(AdministratorsSid) +
1250 RtlLengthSid(AccountOperatorsSid);
1251
1252 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1253 HEAP_ZERO_MEMORY,
1254 DaclSize);
1255 if (Dacl == NULL)
1256 {
1257 Status = STATUS_INSUFFICIENT_RESOURCES;
1258 ASSERT(Status == STATUS_SUCCESS);
1259 goto done;
1260 }
1261
1262 Status = RtlCreateAcl(Dacl,
1263 DaclSize,
1264 ACL_REVISION);
1265 ASSERT(NT_SUCCESS(Status));
1266 if (!NT_SUCCESS(Status))
1267 goto done;
1268
1269 Status = RtlAddAccessAllowedAce(Dacl,
1270 ACL_REVISION,
1271 READ_CONTROL | GROUP_LIST_MEMBERS | GROUP_READ_INFORMATION,
1272 EveryoneSid);
1273 ASSERT(NT_SUCCESS(Status));
1274 if (!NT_SUCCESS(Status))
1275 goto done;
1276
1277 Status = RtlAddAccessAllowedAce(Dacl,
1278 ACL_REVISION,
1279 GROUP_ALL_ACCESS,
1280 AdministratorsSid);
1281 ASSERT(Status == STATUS_SUCCESS);
1282 if (!NT_SUCCESS(Status))
1283 goto done;
1284
1285 Status = RtlAddAccessAllowedAce(Dacl,
1286 ACL_REVISION,
1287 GROUP_ALL_ACCESS,
1288 AccountOperatorsSid);
1289 ASSERT(Status == STATUS_SUCCESS);
1290 if (!NT_SUCCESS(Status))
1291 goto done;
1292
1293 /* Set the DACL */
1294 Status = RtlSetDaclSecurityDescriptor(AbsSD,
1295 TRUE,
1296 Dacl,
1297 FALSE);
1298 ASSERT(Status == STATUS_SUCCESS);
1299 if (!NT_SUCCESS(Status))
1300 goto done;
1301
1302 /* allocate and create the SACL */
1303 SaclSize = sizeof(ACL) +
1304 2 * sizeof(ACE) +
1305 RtlLengthSid(EveryoneSid) +
1306 RtlLengthSid(AnonymousSid);
1307
1308 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1309 HEAP_ZERO_MEMORY,
1310 DaclSize);
1311 if (Sacl == NULL)
1312 {
1313 Status = STATUS_INSUFFICIENT_RESOURCES;
1314 ASSERT(Status == STATUS_SUCCESS);
1315 goto done;
1316 }
1317
1318 Status = RtlCreateAcl(Sacl,
1319 SaclSize,
1320 ACL_REVISION);
1321 ASSERT(Status == STATUS_SUCCESS);
1322 if (!NT_SUCCESS(Status))
1323 goto done;
1324
1325 Status = RtlAddAuditAccessAce(Sacl,
1326 ACL_REVISION,
1327 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
1328 GROUP_REMOVE_MEMBER | GROUP_ADD_MEMBER |
1329 GROUP_WRITE_ACCOUNT,
1330 EveryoneSid,
1331 TRUE,
1332 TRUE);
1333 ASSERT(Status == STATUS_SUCCESS);
1334 if (!NT_SUCCESS(Status))
1335 goto done;
1336
1337 Status = RtlAddAuditAccessAce(Sacl,
1338 ACL_REVISION,
1339 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
1340 AnonymousSid,
1341 TRUE,
1342 TRUE);
1343 ASSERT(Status == STATUS_SUCCESS);
1344 if (!NT_SUCCESS(Status))
1345 goto done;
1346
1347 /* Set the SACL */
1348 Status = RtlSetSaclSecurityDescriptor(AbsSD,
1349 TRUE,
1350 Sacl,
1351 FALSE);
1352 ASSERT(Status == STATUS_SUCCESS);
1353 if (!NT_SUCCESS(Status))
1354 goto done;
1355
1356 /* Set the owner SID */
1357 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
1358 AdministratorsSid,
1359 FALSE);
1360 ASSERT(Status == STATUS_SUCCESS);
1361 if (!NT_SUCCESS(Status))
1362 goto done;
1363
1364 /* Set the group SID */
1365 Status = RtlSetGroupSecurityDescriptor(AbsSD,
1366 AdministratorsSid,
1367 FALSE);
1368 ASSERT(Status == STATUS_SUCCESS);
1369 if (!NT_SUCCESS(Status))
1370 goto done;
1371
1372 /* Get the reqired buffer size for the self-relative SD */
1373 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1374 NULL,
1375 &RelSDSize);
1376 if (Status != STATUS_BUFFER_TOO_SMALL)
1377 goto done;
1378
1379 /* Allocate a buffer for the self-relative SD */
1380 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1381 HEAP_ZERO_MEMORY,
1382 RelSDSize);
1383 if (RelSD == NULL)
1384 {
1385 Status = STATUS_INSUFFICIENT_RESOURCES;
1386 ASSERT(Status == STATUS_SUCCESS);
1387 goto done;
1388 }
1389
1390 /* Convert the absolute SD to self-relative format */
1391 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1392 RelSD,
1393 &RelSDSize);
1394 if (Status == STATUS_BUFFER_TOO_SMALL)
1395 {
1396 ASSERT(Status == STATUS_SUCCESS);
1397 goto done;
1398 }
1399
1400 *GroupSd = RelSD;
1401 *Size = RelSDSize;
1402
1403done:
1404 if (!NT_SUCCESS(Status))
1405 {
1406 if (RelSD != NULL)
1407 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1408 }
1409
1410 if (EveryoneSid != NULL)
1411 RtlFreeSid(EveryoneSid);
1412
1413 if (AnonymousSid != NULL)
1414 RtlFreeSid(AnonymousSid);
1415
1416 if (AdministratorsSid != NULL)
1417 RtlFreeSid(AdministratorsSid);
1418
1419 if (Dacl != NULL)
1420 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1421
1422 if (Sacl != NULL)
1423 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1424
1425 if (AbsSD != NULL)
1426 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1427
1428 return Status;
1429}
GROUP_ALL_ACCESS
#define GROUP_ALL_ACCESS
Definition: ntsam.h:92
GROUP_READ_INFORMATION
#define GROUP_READ_INFORMATION
Definition: ntsam.h:75
GROUP_ADD_MEMBER
#define GROUP_ADD_MEMBER
Definition: ntsam.h:77
GROUP_LIST_MEMBERS
#define GROUP_LIST_MEMBERS
Definition: ntsam.h:79
GROUP_WRITE_ACCOUNT
#define GROUP_WRITE_ACCOUNT
Definition: ntsam.h:76
GROUP_REMOVE_MEMBER
#define GROUP_REMOVE_MEMBER
Definition: ntsam.h:78

Referenced by SampSetupCreateGroupAccount(), and SamrCreateGroupInDomain().

◆ SampCreateServerSD()

NTSTATUS SampCreateServerSD ( OUT PSECURITY_DESCRIPTOR ServerSd,
OUT PULONG  Size 
)

Definition at line 21 of file security.c.

23{
24 PSECURITY_DESCRIPTOR AbsSD = NULL;
25 PSECURITY_DESCRIPTOR RelSD = NULL;
26 PSID EveryoneSid = NULL;
27 PSID AnonymousSid = NULL;
28 PSID AdministratorsSid = NULL;
29 PACL Dacl = NULL;
30 PACL Sacl = NULL;
31 ULONG DaclSize;
32 ULONG SaclSize;
33 ULONG RelSDSize = 0;
34 NTSTATUS Status = STATUS_SUCCESS;
35
36
37 /* Create the Everyone SID */
38 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
39 1,
40 SECURITY_WORLD_RID,
41 0,
42 0,
43 0,
44 0,
45 0,
46 0,
47 0,
48 &EveryoneSid);
49 ASSERT(NT_SUCCESS(Status));
50 if (!NT_SUCCESS(Status))
51 goto done;
52
53 /* Create the Anonymous SID */
54 Status = RtlAllocateAndInitializeSid(&NtAuthority,
55 1,
56 SECURITY_ANONYMOUS_LOGON_RID,
57 0,
58 0,
59 0,
60 0,
61 0,
62 0,
63 0,
64 &AnonymousSid);
65 ASSERT(NT_SUCCESS(Status));
66 if (!NT_SUCCESS(Status))
67 goto done;
68
69 /* Create the Administrators SID */
70 Status = RtlAllocateAndInitializeSid(&NtAuthority,
71 2,
72 SECURITY_BUILTIN_DOMAIN_RID,
73 DOMAIN_ALIAS_RID_ADMINS,
74 0,
75 0,
76 0,
77 0,
78 0,
79 0,
80 &AdministratorsSid);
81 ASSERT(NT_SUCCESS(Status));
82 if (!NT_SUCCESS(Status))
83 goto done;
84
85
86 /* Allocate a buffer for the absolute SD */
87 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
88 HEAP_ZERO_MEMORY,
89 sizeof(SECURITY_DESCRIPTOR));
90 if (AbsSD == NULL)
91 {
92 Status = STATUS_INSUFFICIENT_RESOURCES;
93 ASSERT(Status == STATUS_SUCCESS);
94 goto done;
95 }
96
97 /* Create the absolute SD */
98 Status = RtlCreateSecurityDescriptor(AbsSD,
99 SECURITY_DESCRIPTOR_REVISION);
100 ASSERT(NT_SUCCESS(Status));
101 if (!NT_SUCCESS(Status))
102 goto done;
103
104 /* allocate and create the DACL */
105 DaclSize = sizeof(ACL) +
106 2 * sizeof(ACE) +
107 RtlLengthSid(EveryoneSid) +
108 RtlLengthSid(AdministratorsSid);
109
110 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
111 HEAP_ZERO_MEMORY,
112 DaclSize);
113 if (Dacl == NULL)
114 {
115 Status = STATUS_INSUFFICIENT_RESOURCES;
116 ASSERT(Status == STATUS_SUCCESS);
117 goto done;
118 }
119
120 Status = RtlCreateAcl(Dacl,
121 DaclSize,
122 ACL_REVISION);
123 ASSERT(NT_SUCCESS(Status));
124 if (!NT_SUCCESS(Status))
125 goto done;
126
127 Status = RtlAddAccessAllowedAce(Dacl,
128 ACL_REVISION,
129 SAM_SERVER_READ | SAM_SERVER_EXECUTE,
130 EveryoneSid);
131 ASSERT(NT_SUCCESS(Status));
132 if (!NT_SUCCESS(Status))
133 goto done;
134
135 Status = RtlAddAccessAllowedAce(Dacl,
136 ACL_REVISION,
137 SAM_SERVER_ALL_ACCESS,
138 AdministratorsSid);
139 ASSERT(Status == STATUS_SUCCESS);
140 if (!NT_SUCCESS(Status))
141 goto done;
142
143 /* Set the DACL */
144 Status = RtlSetDaclSecurityDescriptor(AbsSD,
145 TRUE,
146 Dacl,
147 FALSE);
148 ASSERT(Status == STATUS_SUCCESS);
149 if (!NT_SUCCESS(Status))
150 goto done;
151
152 /* allocate and create the SACL */
153 SaclSize = sizeof(ACL) +
154 2 * sizeof(ACE) +
155 RtlLengthSid(EveryoneSid) +
156 RtlLengthSid(AnonymousSid);
157
158 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
159 HEAP_ZERO_MEMORY,
160 DaclSize);
161 if (Sacl == NULL)
162 {
163 Status = STATUS_INSUFFICIENT_RESOURCES;
164 ASSERT(Status == STATUS_SUCCESS);
165 goto done;
166 }
167
168 Status = RtlCreateAcl(Sacl,
169 SaclSize,
170 ACL_REVISION);
171 ASSERT(Status == STATUS_SUCCESS);
172 if (!NT_SUCCESS(Status))
173 goto done;
174
175 Status = RtlAddAuditAccessAce(Sacl,
176 ACL_REVISION,
177 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
178 SAM_SERVER_CREATE_DOMAIN | SAM_SERVER_INITIALIZE |
179 SAM_SERVER_SHUTDOWN,
180 EveryoneSid,
181 TRUE,
182 TRUE);
183 ASSERT(Status == STATUS_SUCCESS);
184 if (!NT_SUCCESS(Status))
185 goto done;
186
187 Status = RtlAddAuditAccessAce(Sacl,
188 ACL_REVISION,
189 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
190 AnonymousSid,
191 TRUE,
192 TRUE);
193 ASSERT(Status == STATUS_SUCCESS);
194 if (!NT_SUCCESS(Status))
195 goto done;
196
197 /* Set the SACL */
198 Status = RtlSetSaclSecurityDescriptor(AbsSD,
199 TRUE,
200 Sacl,
201 FALSE);
202 ASSERT(Status == STATUS_SUCCESS);
203 if (!NT_SUCCESS(Status))
204 goto done;
205
206 /* Set the owner SID */
207 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
208 AdministratorsSid,
209 FALSE);
210 ASSERT(Status == STATUS_SUCCESS);
211 if (!NT_SUCCESS(Status))
212 goto done;
213
214 /* Set the group SID */
215 Status = RtlSetGroupSecurityDescriptor(AbsSD,
216 AdministratorsSid,
217 FALSE);
218 ASSERT(Status == STATUS_SUCCESS);
219 if (!NT_SUCCESS(Status))
220 goto done;
221
222 /* Get the reqired buffer size for the self-relative SD */
223 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
224 NULL,
225 &RelSDSize);
226 if (Status != STATUS_BUFFER_TOO_SMALL)
227 goto done;
228
229 /* Allocate a buffer for the self-relative SD */
230 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
231 HEAP_ZERO_MEMORY,
232 RelSDSize);
233 if (RelSD == NULL)
234 {
235 Status = STATUS_INSUFFICIENT_RESOURCES;
236 ASSERT(Status == STATUS_SUCCESS);
237 goto done;
238 }
239
240 /* Convert the absolute SD to self-relative format */
241 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
242 RelSD,
243 &RelSDSize);
244 if (Status == STATUS_BUFFER_TOO_SMALL)
245 {
246 ASSERT(Status == STATUS_SUCCESS);
247 goto done;
248 }
249
250 *ServerSd = RelSD;
251 *Size = RelSDSize;
252
253done:
254 if (!NT_SUCCESS(Status))
255 {
256 if (RelSD != NULL)
257 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
258 }
259
260 if (EveryoneSid != NULL)
261 RtlFreeSid(EveryoneSid);
262
263 if (AnonymousSid != NULL)
264 RtlFreeSid(AnonymousSid);
265
266 if (AdministratorsSid != NULL)
267 RtlFreeSid(AdministratorsSid);
268
269 if (Dacl != NULL)
270 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
271
272 if (Sacl != NULL)
273 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
274
275 if (AbsSD != NULL)
276 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
277
278 return Status;
279}
SAM_SERVER_READ
#define SAM_SERVER_READ
Definition: ntsam.h:106
SAM_SERVER_EXECUTE
#define SAM_SERVER_EXECUTE
Definition: ntsam.h:114

Referenced by SampSetupCreateServer().

◆ SampCreateUserSD()

NTSTATUS SampCreateUserSD ( IN PSID  UserSid,
OUT PSECURITY_DESCRIPTOR UserSd,
OUT PULONG  Size 
)

Definition at line 1433 of file security.c.

1436{
1437 PSECURITY_DESCRIPTOR AbsSD = NULL;
1438 PSECURITY_DESCRIPTOR RelSD = NULL;
1439 PSID EveryoneSid = NULL;
1440 PSID AnonymousSid = NULL;
1441 PSID AdministratorsSid = NULL;
1442 PACL Dacl = NULL;
1443 PACL Sacl = NULL;
1444 ULONG DaclSize;
1445 ULONG SaclSize;
1446 ULONG RelSDSize = 0;
1447 NTSTATUS Status = STATUS_SUCCESS;
1448
1449
1450 /* Create the Everyone SID */
1451 Status = RtlAllocateAndInitializeSid(&WorldAuthority,
1452 1,
1453 SECURITY_WORLD_RID,
1454 0,
1455 0,
1456 0,
1457 0,
1458 0,
1459 0,
1460 0,
1461 &EveryoneSid);
1462 ASSERT(NT_SUCCESS(Status));
1463 if (!NT_SUCCESS(Status))
1464 goto done;
1465
1466 /* Create the Anonymous SID */
1467 Status = RtlAllocateAndInitializeSid(&NtAuthority,
1468 1,
1469 SECURITY_ANONYMOUS_LOGON_RID,
1470 0,
1471 0,
1472 0,
1473 0,
1474 0,
1475 0,
1476 0,
1477 &AnonymousSid);
1478 ASSERT(NT_SUCCESS(Status));
1479 if (!NT_SUCCESS(Status))
1480 goto done;
1481
1482 /* Create the Administrators SID */
1483 Status = RtlAllocateAndInitializeSid(&NtAuthority,
1484 2,
1485 SECURITY_BUILTIN_DOMAIN_RID,
1486 DOMAIN_ALIAS_RID_ADMINS,
1487 0,
1488 0,
1489 0,
1490 0,
1491 0,
1492 0,
1493 &AdministratorsSid);
1494 ASSERT(NT_SUCCESS(Status));
1495 if (!NT_SUCCESS(Status))
1496 goto done;
1497
1498 /* Allocate a buffer for the absolute SD */
1499 AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1500 HEAP_ZERO_MEMORY,
1501 sizeof(SECURITY_DESCRIPTOR));
1502 if (AbsSD == NULL)
1503 {
1504 Status = STATUS_INSUFFICIENT_RESOURCES;
1505 ASSERT(Status == STATUS_SUCCESS);
1506 goto done;
1507 }
1508
1509 /* Create the absolute SD */
1510 Status = RtlCreateSecurityDescriptor(AbsSD,
1511 SECURITY_DESCRIPTOR_REVISION);
1512 ASSERT(NT_SUCCESS(Status));
1513 if (!NT_SUCCESS(Status))
1514 goto done;
1515
1516 /* allocate and create the DACL */
1517 DaclSize = sizeof(ACL) +
1518 3 * sizeof(ACE) +
1519 RtlLengthSid(EveryoneSid) +
1520 RtlLengthSid(AdministratorsSid) +
1521 RtlLengthSid(UserSid);
1522
1523 Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1524 HEAP_ZERO_MEMORY,
1525 DaclSize);
1526 if (Dacl == NULL)
1527 {
1528 Status = STATUS_INSUFFICIENT_RESOURCES;
1529 ASSERT(Status == STATUS_SUCCESS);
1530 goto done;
1531 }
1532
1533 Status = RtlCreateAcl(Dacl,
1534 DaclSize,
1535 ACL_REVISION);
1536 ASSERT(NT_SUCCESS(Status));
1537 if (!NT_SUCCESS(Status))
1538 goto done;
1539
1540 Status = RtlAddAccessAllowedAce(Dacl,
1541 ACL_REVISION,
1542 READ_CONTROL | USER_READ_GROUP_INFORMATION | USER_LIST_GROUPS |
1543 USER_CHANGE_PASSWORD | USER_READ_ACCOUNT | USER_READ_LOGON |
1544 USER_READ_PREFERENCES | USER_READ_GENERAL,
1545 EveryoneSid);
1546 ASSERT(NT_SUCCESS(Status));
1547 if (!NT_SUCCESS(Status))
1548 goto done;
1549
1550 Status = RtlAddAccessAllowedAce(Dacl,
1551 ACL_REVISION,
1552 USER_ALL_ACCESS,
1553 AdministratorsSid);
1554 ASSERT(Status == STATUS_SUCCESS);
1555 if (!NT_SUCCESS(Status))
1556 goto done;
1557
1558 Status = RtlAddAccessAllowedAce(Dacl,
1559 ACL_REVISION,
1560 READ_CONTROL | USER_CHANGE_PASSWORD | USER_WRITE_PREFERENCES,
1561 UserSid);
1562 ASSERT(Status == STATUS_SUCCESS);
1563 if (!NT_SUCCESS(Status))
1564 goto done;
1565
1566 /* Set the DACL */
1567 Status = RtlSetDaclSecurityDescriptor(AbsSD,
1568 TRUE,
1569 Dacl,
1570 FALSE);
1571 ASSERT(Status == STATUS_SUCCESS);
1572 if (!NT_SUCCESS(Status))
1573 goto done;
1574
1575 /* allocate and create the SACL */
1576 SaclSize = sizeof(ACL) +
1577 2 * sizeof(ACE) +
1578 RtlLengthSid(EveryoneSid) +
1579 RtlLengthSid(AnonymousSid);
1580
1581 Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1582 HEAP_ZERO_MEMORY,
1583 DaclSize);
1584 if (Sacl == NULL)
1585 {
1586 Status = STATUS_INSUFFICIENT_RESOURCES;
1587 ASSERT(Status == STATUS_SUCCESS);
1588 goto done;
1589 }
1590
1591 Status = RtlCreateAcl(Sacl,
1592 SaclSize,
1593 ACL_REVISION);
1594 ASSERT(Status == STATUS_SUCCESS);
1595 if (!NT_SUCCESS(Status))
1596 goto done;
1597
1598 Status = RtlAddAuditAccessAce(Sacl,
1599 ACL_REVISION,
1600 ACCESS_SYSTEM_SECURITY | WRITE_DAC | DELETE |
1601 USER_CHANGE_PASSWORD | USER_WRITE_PREFERENCES,
1602 EveryoneSid,
1603 TRUE,
1604 TRUE);
1605 ASSERT(Status == STATUS_SUCCESS);
1606 if (!NT_SUCCESS(Status))
1607 goto done;
1608
1609 Status = RtlAddAuditAccessAce(Sacl,
1610 ACL_REVISION,
1611 STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
1612 AnonymousSid,
1613 TRUE,
1614 TRUE);
1615 ASSERT(Status == STATUS_SUCCESS);
1616 if (!NT_SUCCESS(Status))
1617 goto done;
1618
1619 /* Set the SACL */
1620 Status = RtlSetSaclSecurityDescriptor(AbsSD,
1621 TRUE,
1622 Sacl,
1623 FALSE);
1624 ASSERT(Status == STATUS_SUCCESS);
1625 if (!NT_SUCCESS(Status))
1626 goto done;
1627
1628 /* Set the owner SID */
1629 Status = RtlSetOwnerSecurityDescriptor(AbsSD,
1630 AdministratorsSid,
1631 FALSE);
1632 ASSERT(Status == STATUS_SUCCESS);
1633 if (!NT_SUCCESS(Status))
1634 goto done;
1635
1636 /* Set the group SID */
1637 Status = RtlSetGroupSecurityDescriptor(AbsSD,
1638 AdministratorsSid,
1639 FALSE);
1640 ASSERT(Status == STATUS_SUCCESS);
1641 if (!NT_SUCCESS(Status))
1642 goto done;
1643
1644 /* Get the reqired buffer size for the self-relative SD */
1645 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1646 NULL,
1647 &RelSDSize);
1648 if (Status != STATUS_BUFFER_TOO_SMALL)
1649 goto done;
1650
1651 /* Allocate a buffer for the self-relative SD */
1652 RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1653 HEAP_ZERO_MEMORY,
1654 RelSDSize);
1655 if (RelSD == NULL)
1656 {
1657 Status = STATUS_INSUFFICIENT_RESOURCES;
1658 ASSERT(Status == STATUS_SUCCESS);
1659 goto done;
1660 }
1661
1662 /* Convert the absolute SD to self-relative format */
1663 Status = RtlAbsoluteToSelfRelativeSD(AbsSD,
1664 RelSD,
1665 &RelSDSize);
1666 if (Status == STATUS_BUFFER_TOO_SMALL)
1667 {
1668 ASSERT(Status == STATUS_SUCCESS);
1669 goto done;
1670 }
1671
1672 *UserSd = RelSD;
1673 *Size = RelSDSize;
1674
1675done:
1676 if (!NT_SUCCESS(Status))
1677 {
1678 if (RelSD != NULL)
1679 RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1680 }
1681
1682 if (EveryoneSid != NULL)
1683 RtlFreeSid(EveryoneSid);
1684
1685 if (AnonymousSid != NULL)
1686 RtlFreeSid(AnonymousSid);
1687
1688 if (AdministratorsSid != NULL)
1689 RtlFreeSid(AdministratorsSid);
1690
1691 if (Dacl != NULL)
1692 RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1693
1694 if (Sacl != NULL)
1695 RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1696
1697 if (AbsSD != NULL)
1698 RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1699
1700 return Status;
1701}
USER_READ_GENERAL
#define USER_READ_GENERAL
Definition: ntsam.h:126
USER_READ_LOGON
#define USER_READ_LOGON
Definition: ntsam.h:129
USER_READ_PREFERENCES
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
USER_READ_ACCOUNT
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
USER_LIST_GROUPS
#define USER_LIST_GROUPS
Definition: ntsam.h:134
USER_WRITE_PREFERENCES
#define USER_WRITE_PREFERENCES
Definition: ntsam.h:128
USER_ALL_ACCESS
#define USER_ALL_ACCESS
Definition: ntsam.h:153
USER_CHANGE_PASSWORD
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132
USER_READ_GROUP_INFORMATION
#define USER_READ_GROUP_INFORMATION
Definition: ntsam.h:135

Referenced by SampSetupCreateUserAccount(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampDeleteAccountDbObject()

NTSTATUS SampDeleteAccountDbObject ( PSAM_DB_OBJECT  DbObject)

Definition at line 368 of file database.c.

369{
370 LPCWSTR ContainerName;
371 LPWSTR AccountName = NULL;
372 HANDLE ContainerKey = NULL;
373 HANDLE NamesKey = NULL;
374 ULONG Length = 0;
375 NTSTATUS Status = STATUS_SUCCESS;
376
377 TRACE("(%p)\n", DbObject);
378
379 /* Server and Domain objects cannot be deleted */
380 switch (DbObject->ObjectType)
381 {
382 case SamDbAliasObject:
383 ContainerName = L"Aliases";
384 break;
385
386 case SamDbGroupObject:
387 ContainerName = L"Groups";
388 break;
389
390 case SamDbUserObject:
391 ContainerName = L"Users";
392 break;
393
394 default:
395 return STATUS_INVALID_PARAMETER;
396 }
397
398 /* Get the account name */
399 Status = SampGetObjectAttribute(DbObject,
400 L"Name",
401 NULL,
402 NULL,
403 &Length);
404 if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
405 {
406 TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
407 goto done;
408 }
409
410 AccountName = RtlAllocateHeap(RtlGetProcessHeap(),
411 HEAP_ZERO_MEMORY,
412 Length);
413 if (AccountName == NULL)
414 {
415 Status = STATUS_INSUFFICIENT_RESOURCES;
416 goto done;
417 }
418
419 Status = SampGetObjectAttribute(DbObject,
420 L"Name",
421 NULL,
422 (PVOID)AccountName,
423 &Length);
424 if (!NT_SUCCESS(Status))
425 {
426 TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
427 goto done;
428 }
429
430 SampRegCloseKey(&DbObject->KeyHandle);
431
432 if (DbObject->ObjectType == SamDbAliasObject)
433 {
434 SampRegCloseKey(&DbObject->MembersKeyHandle);
435
436 SampRegDeleteKey(DbObject->KeyHandle,
437 L"Members");
438 }
439
440 /* Open the domain container key */
441 Status = SampRegOpenKey(DbObject->ParentObject->KeyHandle,
442 ContainerName,
443 DELETE | KEY_SET_VALUE,
444 &ContainerKey);
445 if (!NT_SUCCESS(Status))
446 {
447 TRACE("SampRegOpenKey failed (Status 0x%08lx)\n", Status);
448 goto done;
449 }
450
451 /* Open the Names key */
452 Status = SampRegOpenKey(ContainerKey,
453 L"Names",
454 KEY_SET_VALUE,
455 &NamesKey);
456 if (!NT_SUCCESS(Status))
457 {
458 TRACE("SampRegOpenKey failed (Status 0x%08lx)\n", Status);
459 goto done;
460 }
461
462 /* Remove the account from the Names key */
463 Status = SampRegDeleteValue(NamesKey,
464 AccountName);
465 if (!NT_SUCCESS(Status))
466 {
467 TRACE("SampRegDeleteValue failed (Status 0x%08lx)\n", Status);
468 goto done;
469 }
470
471 /* Remove the account key from the container */
472 Status = SampRegDeleteKey(ContainerKey,
473 DbObject->Name);
474 if (!NT_SUCCESS(Status))
475 {
476 TRACE("SampRegDeleteKey failed (Status 0x%08lx)\n", Status);
477 goto done;
478 }
479
480 /* Release the database object name */
481 if (DbObject->Name != NULL)
482 RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject->Name);
483
484 /* Release the database object */
485 RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
486
487 Status = STATUS_SUCCESS;
488
489done:
490 SampRegCloseKey(&NamesKey);
491 SampRegCloseKey(&ContainerKey);
492
493 if (AccountName != NULL)
494 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountName);
495
496 return Status;
497}
SampRegDeleteKey
NTSTATUS SampRegDeleteKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:71
SampRegDeleteValue
NTSTATUS SampRegDeleteValue(IN HANDLE KeyHandle, IN LPCWSTR ValueName)
Definition: registry.c:212
KEY_SET_VALUE
#define KEY_SET_VALUE
Definition: nt_native.h:1017
_SAM_DB_OBJECT::ObjectType
SAM_DB_OBJECT_TYPE ObjectType
Definition: samsrv.h:48
_SAM_DB_OBJECT::ParentObject
struct _SAM_DB_OBJECT * ParentObject
Definition: samsrv.h:56
LPCWSTR
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185

Referenced by SamrDeleteAlias(), SamrDeleteGroup(), and SamrDeleteUser().

◆ SampFillDisplayCache()

NTSTATUS SampFillDisplayCache ( _In_ PSAM_DB_OBJECT  DomainObject,
_In_ DOMAIN_DISPLAY_INFORMATION  DisplayInformationClass 
)

Definition at line 172 of file display.c.

175{
176 NTSTATUS Status;
177
178 TRACE("SampFillDisplayCache()\n");
179
180 switch (DisplayInformationClass)
181 {
182 case DomainDisplayUser:
183 Status = SampFillUserDisplayCache(DomainObject);
184 break;
185/*
186 case DomainDisplayMachine:
187 Status = SampFillMachineDisplayCache(DomainObject);
188 break;
189
190 case DomainDisplayGroup:
191 Status = SampFillGroupDisplayCache(DomainObject);
192 break;
193*/
194 default:
195 Status = STATUS_INVALID_INFO_CLASS;
196 break;
197 }
198
199 return Status;
200}
SampFillUserDisplayCache
static NTSTATUS SampFillUserDisplayCache(_In_ PSAM_DB_OBJECT DomainObject)
Definition: display.c:36
DomainDisplayUser
@ DomainDisplayUser
Definition: ntsam.h:303
STATUS_INVALID_INFO_CLASS
#define STATUS_INVALID_INFO_CLASS
Definition: ntstatus.h:240

Referenced by SamrQueryDisplayInformation3().

◆ SampGetLogonHoursAttribute()

NTSTATUS SampGetLogonHoursAttribute ( IN PSAM_DB_OBJECT  UserObject,
IN OUT PSAMPR_LOGON_HOURS  LogonHours 
)

Definition at line 619 of file user.c.

621{
622 PUCHAR RawBuffer = NULL;
623 ULONG Length = 0;
624 ULONG BufferLength = 0;
625 NTSTATUS Status;
626
627 Status = SampGetObjectAttribute(UserObject,
628 L"LogonHours",
629 NULL,
630 NULL,
631 &Length);
632 if (Status != STATUS_BUFFER_OVERFLOW)
633 {
634 TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
635 return Status;
636 }
637
638 Status = STATUS_SUCCESS;
639
640 if (Length == 0)
641 {
642 LogonHours->UnitsPerWeek = 0;
643 LogonHours->LogonHours = NULL;
644 }
645 else
646 {
647 RawBuffer = midl_user_allocate(Length);
648 if (RawBuffer == NULL)
649 {
650 Status = STATUS_INSUFFICIENT_RESOURCES;
651 goto done;
652 }
653
654 Status = SampGetObjectAttribute(UserObject,
655 L"LogonHours",
656 NULL,
657 (PVOID)RawBuffer,
658 &Length);
659 if (!NT_SUCCESS(Status))
660 goto done;
661
662 LogonHours->UnitsPerWeek = *((PUSHORT)RawBuffer);
663
664 BufferLength = (((ULONG)LogonHours->UnitsPerWeek) + 7) / 8;
665
666 LogonHours->LogonHours = midl_user_allocate(BufferLength);
667 if (LogonHours->LogonHours == NULL)
668 {
669 TRACE("Failed to allocate LogonHours buffer!\n");
670 Status = STATUS_INSUFFICIENT_RESOURCES;
671 goto done;
672 }
673
674 memcpy(LogonHours->LogonHours,
675 &(RawBuffer[2]),
676 BufferLength);
677 }
678
679done:
680
681 if (RawBuffer != NULL)
682 midl_user_free(RawBuffer);
683
684 return Status;
685}
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
PUSHORT
uint16_t * PUSHORT
Definition: typedefs.h:56
PUCHAR
unsigned char * PUCHAR
Definition: typedefs.h:53
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3771

Referenced by SampQueryUserAccount(), SampQueryUserAll(), SampQueryUserLogon(), and SampQueryUserLogonHours().

◆ SampGetMembersInAlias()

NTSTATUS SampGetMembersInAlias ( IN PSAM_DB_OBJECT  AliasObject,
OUT PULONG  MemberCount,
OUT PSAMPR_SID_INFORMATION MemberArray 
)

Definition at line 218 of file alias.c.

221{
222 HANDLE MembersKeyHandle = NULL;
223 PSAMPR_SID_INFORMATION Members = NULL;
224 ULONG Count = 0;
225 ULONG DataLength;
226 ULONG Index;
227 NTSTATUS Status;
228
229 /* Open the members key of the alias object */
230 Status = SampRegOpenKey(AliasObject->KeyHandle,
231 L"Members",
232 KEY_READ,
233 &MembersKeyHandle);
234 if (!NT_SUCCESS(Status))
235 {
236 ERR("SampRegOpenKey failed with status 0x%08lx\n", Status);
237 goto done;
238 }
239
240 /* Get the number of members */
241 Status = SampRegQueryKeyInfo(MembersKeyHandle,
242 NULL,
243 &Count);
244 if (!NT_SUCCESS(Status))
245 {
246 ERR("SampRegQueryKeyInfo failed with status 0x%08lx\n", Status);
247 goto done;
248 }
249
250 /* Allocate the member array */
251 Members = midl_user_allocate(Count * sizeof(SAMPR_SID_INFORMATION));
252 if (Members == NULL)
253 {
254 Status = STATUS_INSUFFICIENT_RESOURCES;
255 goto done;
256 }
257
258 /* Enumerate the members */
259 Index = 0;
260 while (TRUE)
261 {
262 /* Get the size of the next SID */
263 DataLength = 0;
264 Status = SampRegEnumerateValue(MembersKeyHandle,
265 Index,
266 NULL,
267 NULL,
268 NULL,
269 NULL,
270 &DataLength);
271 if (!NT_SUCCESS(Status))
272 {
273 if (Status == STATUS_NO_MORE_ENTRIES)
274 Status = STATUS_SUCCESS;
275 break;
276 }
277
278 /* Allocate a buffer for the SID */
279 Members[Index].SidPointer = midl_user_allocate(DataLength);
280 if (Members[Index].SidPointer == NULL)
281 {
282 Status = STATUS_INSUFFICIENT_RESOURCES;
283 goto done;
284 }
285
286 /* Read the SID into the buffer */
287 Status = SampRegEnumerateValue(MembersKeyHandle,
288 Index,
289 NULL,
290 NULL,
291 NULL,
292 (PVOID)Members[Index].SidPointer,
293 &DataLength);
294 if (!NT_SUCCESS(Status))
295 {
296 goto done;
297 }
298
299 Index++;
300 }
301
302 if (NT_SUCCESS(Status))
303 {
304 *MemberCount = Count;
305 *MemberArray = Members;
306 }
307
308done:
309 return Status;
310}
ERR
#define ERR(fmt,...)
Definition: debug.h:110
DataLength
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1444
SampRegEnumerateValue
NTSTATUS SampRegEnumerateValue(IN HANDLE KeyHandle, IN ULONG Index, OUT LPWSTR Name, IN OUT PULONG NameLength, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:226
SampRegQueryKeyInfo
NTSTATUS SampRegQueryKeyInfo(IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG ValueCount)
Definition: registry.c:181
Count
int Count
Definition: noreturn.cpp:7
STATUS_NO_MORE_ENTRIES
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
_SAMPR_SID_INFORMATION
Definition: authpackage.c:116
_SAMPR_SID_INFORMATION::SidPointer
PRPC_SID SidPointer
Definition: authpackage.c:117
Index
_In_ WDFCOLLECTION _In_ ULONG Index
Definition: wdfcollection.h:182

Referenced by SampRemoveAllMembersFromAlias(), and SamrGetMembersInAlias().

◆ SampGetObjectAttribute()

NTSTATUS SampGetObjectAttribute ( PSAM_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
PULONG  AttributeType,
LPVOID  AttributeData,
PULONG  AttributeSize 
)

Definition at line 516 of file database.c.

521{
522 return SampRegQueryValue(DbObject->KeyHandle,
523 AttributeName,
524 AttributeType,
525 AttributeData,
526 AttributeSize);
527}
AttributeData
@ AttributeData
Definition: ntfs.h:168

Referenced by SampAddGroupMembershipToUser(), SampAddMemberToGroup(), SampCreateAccountSid(), SampDeleteAccountDbObject(), SampFillUserDisplayCache(), SampGetLogonHoursAttribute(), SampGetObjectAttributeString(), SampGetUserGroupAttributes(), SampQueryDomainGeneral(), SampQueryDomainGeneral2(), SampQueryDomainLockout(), SampQueryDomainLogoff(), SampQueryDomainModified(), SampQueryDomainModified2(), SampQueryDomainPassword(), SampQueryDomainServerRole(), SampQueryDomainState(), SampQueryGroupAttribute(), SampQueryGroupGeneral(), SampQueryUserAccount(), SampQueryUserAll(), SampQueryUserControl(), SampQueryUserExpires(), SampQueryUserGeneral(), SampQueryUserInternal1(), SampQueryUserInternal2(), SampQueryUserLogon(), SampQueryUserPreferences(), SampQueryUserPrimaryGroup(), SampRemoveGroupMembershipFromUser(), SampRemoveMemberFromGroup(), SampRemoveUserFromAllGroups(), SampSetDomainLockout(), SampSetDomainLogoff(), SampSetDomainPassword(), SampSetDomainServerRole(), SampSetDomainState(), SampSetGroupAttribute(), SampSetUserAll(), SampSetUserControl(), SampSetUserExpires(), SampSetUserGeneral(), SampSetUserGroupAttributes(), SampSetUserInternal1(), SampSetUserInternal2(), SampSetUserPassword(), SampSetUserPreferences(), SampSetUserPrimaryGroup(), SamrChangePasswordUser(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), SamrCreateUserInDomain(), SamrDeleteGroup(), SamrGetDomainPasswordInformation(), SamrGetGroupsForUser(), SamrGetMembersInGroup(), SamrGetUserDomainPasswordInformation(), SamrQuerySecurityObject(), and SamrSetSecurityObject().

◆ SampGetObjectAttributeString()

NTSTATUS SampGetObjectAttributeString ( PSAM_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
PRPC_UNICODE_STRING  String 
)

Definition at line 531 of file database.c.

534{
535 ULONG Length = 0;
536 NTSTATUS Status;
537
538 Status = SampGetObjectAttribute(DbObject,
539 AttributeName,
540 NULL,
541 NULL,
542 &Length);
543 if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
544 {
545 TRACE("Status 0x%08lx\n", Status);
546 goto done;
547 }
548
549 if (Length == 0)
550 {
551 String->Length = 0;
552 String->MaximumLength = 0;
553 String->Buffer = NULL;
554
555 Status = STATUS_SUCCESS;
556 goto done;
557 }
558
559 String->Length = (USHORT)(Length - sizeof(WCHAR));
560 String->MaximumLength = (USHORT)Length;
561 String->Buffer = midl_user_allocate(Length);
562 if (String->Buffer == NULL)
563 {
564 Status = STATUS_INSUFFICIENT_RESOURCES;
565 goto done;
566 }
567
568 TRACE("Length: %lu\n", Length);
569 Status = SampGetObjectAttribute(DbObject,
570 AttributeName,
571 NULL,
572 (PVOID)String->Buffer,
573 &Length);
574 if (!NT_SUCCESS(Status))
575 {
576 TRACE("Status 0x%08lx\n", Status);
577 goto done;
578 }
579
580done:
581 if (!NT_SUCCESS(Status))
582 {
583 if (String->Buffer != NULL)
584 {
585 midl_user_free(String->Buffer);
586 String->Buffer = NULL;
587 }
588 }
589
590 return Status;
591}
USHORT
unsigned short USHORT
Definition: pedump.c:61
String
_Must_inspect_result_ _In_ WDFDEVICE _In_ WDFSTRING String
Definition: wdfdevice.h:2433

Referenced by SampQueryAliasAdminComment(), SampQueryAliasGeneral(), SampQueryAliasName(), SampQueryDomainGeneral(), SampQueryDomainGeneral2(), SampQueryDomainName(), SampQueryDomainOem(), SampQueryDomainReplication(), SampQueryGroupAdminComment(), SampQueryGroupGeneral(), SampQueryGroupName(), SampQueryUserAccount(), SampQueryUserAccountName(), SampQueryUserAdminComment(), SampQueryUserAll(), SampQueryUserFullName(), SampQueryUserGeneral(), SampQueryUserHome(), SampQueryUserLogon(), SampQueryUserName(), SampQueryUserParameters(), SampQueryUserPreferences(), SampQueryUserProfile(), SampQueryUserScript(), SampQueryUserWorkStations(), SampSetAliasName(), SampSetGroupName(), and SampSetUserName().

◆ SampGetRidFromSid()

NTSTATUS SampGetRidFromSid ( IN PSID  Sid,
OUT PULONG  Rid 
)

Definition at line 138 of file utils.c.

140{
141 UCHAR RidCount;
142
143 RidCount = *RtlSubAuthorityCountSid(Sid);
144 if (RidCount < 1)
145 return STATUS_INVALID_SID;
146
147 *Rid = *RtlSubAuthoritySid(Sid, RidCount - 1);
148
149 return STATUS_SUCCESS;
150}
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
STATUS_INVALID_SID
#define STATUS_INVALID_SID
Definition: ntstatus.h:356

Referenced by SamrRemoveMemberFromForeignDomain().

◆ SampGetUserGroupAttributes()

NTSTATUS SampGetUserGroupAttributes ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  UserId,
IN ULONG  GroupId,
OUT PULONG  GroupAttributes 
)

Definition at line 183 of file user.c.

187{
188 PSAM_DB_OBJECT UserObject = NULL;
189 PGROUP_MEMBERSHIP GroupsBuffer = NULL;
190 ULONG Length = 0;
191 ULONG i;
192 NTSTATUS Status;
193
194 Status = SampOpenUserObject(DomainObject,
195 UserId,
196 0,
197 &UserObject);
198 if (!NT_SUCCESS(Status))
199 {
200 return Status;
201 }
202
203 SampGetObjectAttribute(UserObject,
204 L"Groups",
205 NULL,
206 NULL,
207 &Length);
208
209 if (Length == 0)
210 return STATUS_UNSUCCESSFUL; /* FIXME */
211
212 GroupsBuffer = midl_user_allocate(Length);
213 if (GroupsBuffer == NULL)
214 {
215 Status = STATUS_INSUFFICIENT_RESOURCES;
216 goto done;
217 }
218
219 Status = SampGetObjectAttribute(UserObject,
220 L"Groups",
221 NULL,
222 GroupsBuffer,
223 &Length);
224 if (!NT_SUCCESS(Status))
225 goto done;
226
227 for (i = 0; i < (Length / sizeof(GROUP_MEMBERSHIP)); i++)
228 {
229 if (GroupsBuffer[i].RelativeId == GroupId)
230 {
231 *GroupAttributes = GroupsBuffer[i].Attributes;
232 goto done;
233 }
234 }
235
236done:
237 if (GroupsBuffer != NULL)
238 midl_user_free(GroupsBuffer);
239
240 if (UserObject != NULL)
241 SampCloseDbObject(UserObject);
242
243 return Status;
244}
SampCloseDbObject
NTSTATUS SampCloseDbObject(PSAM_DB_OBJECT DbObject)
Definition: database.c:346
SampOpenUserObject
NTSTATUS SampOpenUserObject(IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *UserObject)
Definition: user.c:14
STATUS_UNSUCCESSFUL
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132

Referenced by SamrGetMembersInGroup().

◆ SampInitDatabase()

NTSTATUS SampInitDatabase ( VOID  )

Definition at line 21 of file database.c.

22{
23 NTSTATUS Status;
24
25 TRACE("SampInitDatabase()\n");
26
27 Status = SampRegOpenKey(NULL,
28 L"\\Registry\\Machine\\SAM",
29 KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS,
30 &SamKeyHandle);
31 if (!NT_SUCCESS(Status))
32 {
33 ERR("Failed to open the SAM key (Status: 0x%08lx)\n", Status);
34 return Status;
35 }
36
37 TRACE("SampInitDatabase() done\n");
38
39 return STATUS_SUCCESS;
40}
KEY_CREATE_SUB_KEY
#define KEY_CREATE_SUB_KEY
Definition: nt_native.h:1018
KEY_ENUMERATE_SUB_KEYS
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019

Referenced by SamIInitialize().

◆ SampInitializeDisplayCache()

NTSTATUS SampInitializeDisplayCache ( VOID  )

Definition at line 143 of file display.c.

144{
145 TRACE("SampInitializeDisplayCache()\n");
146
147 InitializeListHead(&UserListHead);
148 UserListFilled = FALSE;
149 UserListCount = 0;
150
151// InitializeListHead(&MachineListHead);
152// MachineListFilled = FALSE;
153// MachineListCount = 0;
154
155// InitializeListHead(&GroupListHead);
156// GroupListFilled = FALSE;
157// GroupListCount = 0;
158
159 return STATUS_SUCCESS;
160}
UserListFilled
static BOOLEAN UserListFilled
Definition: display.c:24
UserListHead
static LIST_ENTRY UserListHead
Definition: display.c:23
UserListCount
static ULONG UserListCount
Definition: display.c:25
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944

Referenced by SamIInitialize().

◆ SampInitializeSAM()

BOOL SampInitializeSAM ( VOID  )

Definition at line 888 of file setup.c.

889{
890 PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL;
891 HANDLE hSamKey = NULL;
892 HANDLE hServerKey = NULL;
893 HANDLE hBuiltinDomainKey = NULL;
894 HANDLE hAccountDomainKey = NULL;
895 PSID pBuiltinSid = NULL;
896 PSID pInteractiveSid = NULL;
897 PSID pAuthenticatedUserSid = NULL;
898 BOOL bResult = TRUE;
899 PSID pSid;
900 HINSTANCE hInstance;
901 WCHAR szComment[256];
902 WCHAR szName[80];
903 NTSTATUS Status;
904
905 TRACE("SampInitializeSAM() called\n");
906
907 hInstance = GetModuleHandleW(L"samsrv.dll");
908
909 /* Open the SAM key */
910 Status = SampRegOpenKey(NULL,
911 L"\\Registry\\Machine\\SAM",
912 KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS,
913 &hSamKey);
914 if (!NT_SUCCESS(Status))
915 {
916 ERR("Failed to open the SAM key (Status: 0x%08lx)\n", Status);
917 return FALSE;
918 }
919
920 /* Create the SAM Server object */
921 Status = SampSetupCreateServer(hSamKey,
922 &hServerKey);
923 if (!NT_SUCCESS(Status))
924 {
925 bResult = FALSE;
926 goto done;
927 }
928
929 /* Create and initialize the Builtin Domain SID */
930 pBuiltinSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
931 if (pBuiltinSid == NULL)
932 {
933 ERR("Failed to allocate the Builtin Domain SID\n");
934 bResult = FALSE;
935 goto done;
936 }
937
938 RtlInitializeSid(pBuiltinSid, &SecurityNtAuthority, 1);
939 *(RtlSubAuthoritySid(pBuiltinSid, 0)) = SECURITY_BUILTIN_DOMAIN_RID;
940
941 /* Create and initialize the Interactive SID */
942 pInteractiveSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
943 if (pInteractiveSid == NULL)
944 {
945 ERR("Failed to allocate the Interactive SID\n");
946 bResult = FALSE;
947 goto done;
948 }
949
950 RtlInitializeSid(pInteractiveSid, &SecurityNtAuthority, 1);
951 *(RtlSubAuthoritySid(pInteractiveSid, 0)) = SECURITY_INTERACTIVE_RID;
952
953 /* Create and initialize the Authenticated User SID */
954 pAuthenticatedUserSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
955 if (pAuthenticatedUserSid == NULL)
956 {
957 ERR("Failed to allocate the Authenticated User SID\n");
958 bResult = FALSE;
959 goto done;
960 }
961
962 RtlInitializeSid(pAuthenticatedUserSid, &SecurityNtAuthority, 1);
963 *(RtlSubAuthoritySid(pAuthenticatedUserSid, 0)) = SECURITY_AUTHENTICATED_USER_RID;
964
965 /* Get account domain information */
966 Status = SampGetAccountDomainInfo(&AccountDomainInfo);
967 if (!NT_SUCCESS(Status))
968 {
969 ERR("SampGetAccountDomainInfo failed (Status %08lx)\n", Status);
970 bResult = FALSE;
971 goto done;
972 }
973
974 SampLoadString(hInstance, IDS_DOMAIN_BUILTIN_NAME, szName, 80);
975
976 /* Create the Builtin domain */
977 Status = SampSetupCreateDomain(hServerKey,
978 L"Builtin",
979 szName,
980 pBuiltinSid,
981 TRUE,
982 &hBuiltinDomainKey);
983 if (!NT_SUCCESS(Status))
984 {
985 bResult = FALSE;
986 goto done;
987 }
988
989 /* Create the Administrators alias */
990 SampLoadString(hInstance, IDS_ALIAS_ADMINISTRATORS_NAME, szName, 80);
991 SampLoadString(hInstance, IDS_ALIAS_ADMINISTRATORS_COMMENT, szComment, 256);
992
993 SampSetupCreateAliasAccount(hBuiltinDomainKey,
994 szName,
995 szComment,
996 DOMAIN_ALIAS_RID_ADMINS);
997
998 /* Create the Users alias */
999 SampLoadString(hInstance, IDS_ALIAS_USERS_NAME, szName, 80);
1000 SampLoadString(hInstance, IDS_ALIAS_USERS_COMMENT, szComment, 256);
1001
1002 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1003 szName,
1004 szComment,
1005 DOMAIN_ALIAS_RID_USERS);
1006
1007 /* Create the Guests alias */
1008 SampLoadString(hInstance, IDS_ALIAS_GUESTS_NAME, szName, 80);
1009 SampLoadString(hInstance, IDS_ALIAS_GUESTS_COMMENT, szComment, 256);
1010
1011 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1012 szName,
1013 szComment,
1014 DOMAIN_ALIAS_RID_GUESTS);
1015
1016 /* Create the Power Users alias */
1017 SampLoadString(hInstance, IDS_ALIAS_POWER_USERS_NAME, szName, 80);
1018 SampLoadString(hInstance, IDS_ALIAS_POWER_USERS_COMMENT, szComment, 256);
1019
1020 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1021 szName,
1022 szComment,
1023 DOMAIN_ALIAS_RID_POWER_USERS);
1024
1025 if (SampProductType != NtProductWinNt)
1026 {
1027 /* Create the Print Operators alias (Server only) */
1028 SampLoadString(hInstance, IDS_ALIAS_PRINT_OPS_NAME, szName, 80);
1029 SampLoadString(hInstance, IDS_ALIAS_PRINT_OPS_COMMENT, szComment, 256);
1030
1031 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1032 szName,
1033 szComment,
1034 DOMAIN_ALIAS_RID_PRINT_OPS);
1035 }
1036
1037 /* Create the Backup Operators alias */
1038 SampLoadString(hInstance, IDS_ALIAS_BACKUP_OPS_NAME, szName, 80);
1039 SampLoadString(hInstance, IDS_ALIAS_BACKUP_OPS_COMMENT, szComment, 256);
1040
1041 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1042 szName,
1043 szComment,
1044 DOMAIN_ALIAS_RID_BACKUP_OPS);
1045
1046 /* Create the Replicator alias */
1047 SampLoadString(hInstance, IDS_ALIAS_REPLICATOR_NAME, szName, 80);
1048 SampLoadString(hInstance, IDS_ALIAS_REPLICATOR_COMMENT, szComment, 256);
1049
1050 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1051 szName,
1052 szComment,
1053 DOMAIN_ALIAS_RID_REPLICATOR);
1054
1055 /* Create the Remote Desktop Users alias */
1056 SampLoadString(hInstance, IDS_ALIAS_REMOTE_DESKTOP_USERS_NAME, szName, 80);
1057 SampLoadString(hInstance, IDS_ALIAS_REMOTE_DESKTOP_USERS_COMMENT, szComment, 256);
1058
1059 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1060 szName,
1061 szComment,
1062 DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS);
1063
1064 /* Create the Network Configuration Operators alias */
1065 SampLoadString(hInstance, IDS_ALIAS_NETWORK_CONFIGURATION_OPS_NAME, szName, 80);
1066 SampLoadString(hInstance, IDS_ALIAS_NETWORK_CONFIGURATION_OPS_COMMENT, szComment, 256);
1067
1068 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1069 szName,
1070 szComment,
1071 DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS);
1072
1073 if (SampProductType != NtProductWinNt)
1074 {
1075 /* Create the Performance Monitor Users alias (Server only) */
1076 SampLoadString(hInstance, IDS_ALIAS_MONITORING_USERS_NAME, szName, 80);
1077 SampLoadString(hInstance, IDS_ALIAS_MONITORING_USERS_COMMENT, szComment, 256);
1078
1079 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1080 szName,
1081 szComment,
1082 DOMAIN_ALIAS_RID_MONITORING_USERS);
1083
1084 /* Create the Performance Log Users alias (Server only) */
1085 SampLoadString(hInstance, IDS_ALIAS_LOGGING_USERS_NAME, szName, 80);
1086 SampLoadString(hInstance, IDS_ALIAS_LOGGING_USERS_COMMENT, szComment, 256);
1087
1088 SampSetupCreateAliasAccount(hBuiltinDomainKey,
1089 szName,
1090 szComment,
1091 DOMAIN_ALIAS_RID_LOGGING_USERS);
1092 }
1093
1094 /* Add the Administrator user to the Administrators alias */
1095 pSid = AppendRidToSid(AccountDomainInfo->DomainSid,
1096 DOMAIN_USER_RID_ADMIN);
1097 if (pSid != NULL)
1098 {
1099 SampSetupAddMemberToAlias(hBuiltinDomainKey,
1100 DOMAIN_ALIAS_RID_ADMINS,
1101 pSid);
1102
1103 RtlFreeHeap(RtlGetProcessHeap(), 0, pSid);
1104 }
1105
1106 /* Add the Guest user to the Guests alias */
1107 pSid = AppendRidToSid(AccountDomainInfo->DomainSid,
1108 DOMAIN_USER_RID_GUEST);
1109 if (pSid != NULL)
1110 {
1111 SampSetupAddMemberToAlias(hBuiltinDomainKey,
1112 DOMAIN_ALIAS_RID_GUESTS,
1113 pSid);
1114
1115 RtlFreeHeap(RtlGetProcessHeap(), 0, pSid);
1116 }
1117
1118 /* Add the Interactive SID to the Users alias */
1119 SampSetupAddMemberToAlias(hBuiltinDomainKey,
1120 DOMAIN_ALIAS_RID_USERS,
1121 pInteractiveSid);
1122
1123 /* Add the Authenticated User SID to the Users alias */
1124 SampSetupAddMemberToAlias(hBuiltinDomainKey,
1125 DOMAIN_ALIAS_RID_USERS,
1126 pAuthenticatedUserSid);
1127
1128 /* Create the Account domain */
1129 Status = SampSetupCreateDomain(hServerKey,
1130 L"Account",
1131 L"",
1132 AccountDomainInfo->DomainSid,
1133 FALSE,
1134 &hAccountDomainKey);
1135 if (!NT_SUCCESS(Status))
1136 {
1137 bResult = FALSE;
1138 goto done;
1139 }
1140
1141 /* Create the None group */
1142 SampLoadString(hInstance, IDS_GROUP_NONE_NAME, szName, 80);
1143 SampLoadString(hInstance, IDS_GROUP_NONE_COMMENT, szComment, 256);
1144
1145 SampSetupCreateGroupAccount(hAccountDomainKey,
1146 szName,
1147 szComment,
1148 DOMAIN_GROUP_RID_USERS);
1149
1150 /* Create the Administrator user */
1151 SampLoadString(hInstance, IDS_USER_ADMINISTRATOR_NAME, szName, 80);
1152 SampLoadString(hInstance, IDS_USER_ADMINISTRATOR_COMMENT, szComment, 256);
1153
1154 SampSetupCreateUserAccount(hAccountDomainKey,
1155 szName,
1156 szComment,
1157 AccountDomainInfo->DomainSid,
1158 DOMAIN_USER_RID_ADMIN,
1159 USER_DONT_EXPIRE_PASSWORD | USER_NORMAL_ACCOUNT);
1160
1161 /* Add the Adminitrator user to the Administrators alias */
1162 SampSetupAddMemberToGroup(hAccountDomainKey,
1163 DOMAIN_GROUP_RID_USERS,
1164 DOMAIN_USER_RID_ADMIN);
1165
1166 /* Create the Guest user */
1167 SampLoadString(hInstance, IDS_USER_GUEST_NAME, szName, 80);
1168 SampLoadString(hInstance, IDS_USER_GUEST_COMMENT, szComment, 256);
1169
1170 SampSetupCreateUserAccount(hAccountDomainKey,
1171 szName,
1172 szComment,
1173 AccountDomainInfo->DomainSid,
1174 DOMAIN_USER_RID_GUEST,
1175 USER_ACCOUNT_DISABLED | USER_DONT_EXPIRE_PASSWORD | USER_NORMAL_ACCOUNT);
1176
1177 /* Add the Guest user to the Guests alias */
1178 SampSetupAddMemberToGroup(hAccountDomainKey,
1179 DOMAIN_GROUP_RID_USERS,
1180 DOMAIN_USER_RID_GUEST);
1181
1182done:
1183 if (AccountDomainInfo)
1184 LsaFreeMemory(AccountDomainInfo);
1185
1186 if (pAuthenticatedUserSid)
1187 RtlFreeHeap(RtlGetProcessHeap(), 0, pAuthenticatedUserSid);
1188
1189 if (pInteractiveSid)
1190 RtlFreeHeap(RtlGetProcessHeap(), 0, pInteractiveSid);
1191
1192 if (pBuiltinSid)
1193 RtlFreeHeap(RtlGetProcessHeap(), 0, pBuiltinSid);
1194
1195 SampRegCloseKey(&hAccountDomainKey);
1196 SampRegCloseKey(&hBuiltinDomainKey);
1197 SampRegCloseKey(&hServerKey);
1198 SampRegCloseKey(&hSamKey);
1199
1200 TRACE("SampInitializeSAM() done\n");
1201
1202 return bResult;
1203}
pAuthenticatedUserSid
static PSID pAuthenticatedUserSid
Definition: security.c:19
hInstance
HINSTANCE hInstance
Definition: charmap.c:19
LsaFreeMemory
NTSTATUS WINAPI LsaFreeMemory(IN PVOID Buffer)
Definition: lsa.c:701
GetModuleHandleW
HMODULE WINAPI GetModuleHandleW(LPCWSTR lpModuleName)
Definition: loader.c:838
IDS_ALIAS_REPLICATOR_COMMENT
#define IDS_ALIAS_REPLICATOR_COMMENT
Definition: resources.h:29
IDS_ALIAS_ADMINISTRATORS_COMMENT
#define IDS_ALIAS_ADMINISTRATORS_COMMENT
Definition: resources.h:17
IDS_ALIAS_USERS_COMMENT
#define IDS_ALIAS_USERS_COMMENT
Definition: resources.h:23
IDS_ALIAS_BACKUP_OPS_COMMENT
#define IDS_ALIAS_BACKUP_OPS_COMMENT
Definition: resources.h:27
IDS_ALIAS_REPLICATOR_NAME
#define IDS_ALIAS_REPLICATOR_NAME
Definition: resources.h:28
IDS_ALIAS_NETWORK_CONFIGURATION_OPS_NAME
#define IDS_ALIAS_NETWORK_CONFIGURATION_OPS_NAME
Definition: resources.h:32
IDS_ALIAS_POWER_USERS_NAME
#define IDS_ALIAS_POWER_USERS_NAME
Definition: resources.h:20
IDS_ALIAS_USERS_NAME
#define IDS_ALIAS_USERS_NAME
Definition: resources.h:22
IDS_ALIAS_LOGGING_USERS_COMMENT
#define IDS_ALIAS_LOGGING_USERS_COMMENT
Definition: resources.h:37
IDS_ALIAS_ADMINISTRATORS_NAME
#define IDS_ALIAS_ADMINISTRATORS_NAME
Definition: resources.h:16
IDS_ALIAS_LOGGING_USERS_NAME
#define IDS_ALIAS_LOGGING_USERS_NAME
Definition: resources.h:36
IDS_ALIAS_PRINT_OPS_NAME
#define IDS_ALIAS_PRINT_OPS_NAME
Definition: resources.h:24
IDS_USER_ADMINISTRATOR_NAME
#define IDS_USER_ADMINISTRATOR_NAME
Definition: resources.h:39
IDS_ALIAS_GUESTS_COMMENT
#define IDS_ALIAS_GUESTS_COMMENT
Definition: resources.h:19
IDS_USER_GUEST_COMMENT
#define IDS_USER_GUEST_COMMENT
Definition: resources.h:42
IDS_ALIAS_MONITORING_USERS_NAME
#define IDS_ALIAS_MONITORING_USERS_NAME
Definition: resources.h:34
IDS_ALIAS_BACKUP_OPS_NAME
#define IDS_ALIAS_BACKUP_OPS_NAME
Definition: resources.h:26
IDS_ALIAS_POWER_USERS_COMMENT
#define IDS_ALIAS_POWER_USERS_COMMENT
Definition: resources.h:21
IDS_ALIAS_PRINT_OPS_COMMENT
#define IDS_ALIAS_PRINT_OPS_COMMENT
Definition: resources.h:25
IDS_USER_ADMINISTRATOR_COMMENT
#define IDS_USER_ADMINISTRATOR_COMMENT
Definition: resources.h:40
IDS_ALIAS_NETWORK_CONFIGURATION_OPS_COMMENT
#define IDS_ALIAS_NETWORK_CONFIGURATION_OPS_COMMENT
Definition: resources.h:33
IDS_GROUP_NONE_COMMENT
#define IDS_GROUP_NONE_COMMENT
Definition: resources.h:14
IDS_ALIAS_GUESTS_NAME
#define IDS_ALIAS_GUESTS_NAME
Definition: resources.h:18
IDS_ALIAS_MONITORING_USERS_COMMENT
#define IDS_ALIAS_MONITORING_USERS_COMMENT
Definition: resources.h:35
IDS_ALIAS_REMOTE_DESKTOP_USERS_COMMENT
#define IDS_ALIAS_REMOTE_DESKTOP_USERS_COMMENT
Definition: resources.h:31
IDS_USER_GUEST_NAME
#define IDS_USER_GUEST_NAME
Definition: resources.h:41
IDS_ALIAS_REMOTE_DESKTOP_USERS_NAME
#define IDS_ALIAS_REMOTE_DESKTOP_USERS_NAME
Definition: resources.h:30
IDS_DOMAIN_BUILTIN_NAME
#define IDS_DOMAIN_BUILTIN_NAME
Definition: resources.h:11
IDS_GROUP_NONE_NAME
#define IDS_GROUP_NONE_NAME
Definition: resources.h:13
SampLoadString
INT SampLoadString(HINSTANCE hInstance, UINT uId, LPWSTR lpBuffer, INT nBufferMax)
Definition: utils.c:17
SampSetupCreateDomain
static NTSTATUS SampSetupCreateDomain(IN HANDLE hServerKey, IN LPCWSTR lpKeyName, IN LPCWSTR lpDomainName, IN PSID lpDomainSid, IN BOOLEAN bBuiltinDomain, OUT HANDLE *lpDomainKey)
Definition: setup.c:618
SampSetupCreateServer
static NTSTATUS SampSetupCreateServer(IN HANDLE hSamKey, OUT HANDLE *lpServerKey)
Definition: setup.c:805
SampSetupCreateGroupAccount
static NTSTATUS SampSetupCreateGroupAccount(HANDLE hDomainKey, LPCWSTR lpAccountName, LPCWSTR lpComment, ULONG ulRelativeId)
Definition: setup.c:256
SampSetupCreateAliasAccount
static NTSTATUS SampSetupCreateAliasAccount(HANDLE hDomainKey, LPCWSTR lpAccountName, LPCWSTR lpDescription, ULONG ulRelativeId)
Definition: setup.c:91
SampGetAccountDomainInfo
NTSTATUS SampGetAccountDomainInfo(PPOLICY_ACCOUNT_DOMAIN_INFO *AccountDomainInfo)
Definition: setup.c:856
SampSetupAddMemberToGroup
static NTSTATUS SampSetupAddMemberToGroup(IN HANDLE hDomainKey, IN ULONG GroupId, IN ULONG MemberId)
Definition: setup.c:177
SampSetupAddMemberToAlias
static BOOL SampSetupAddMemberToAlias(HKEY hDomainKey, ULONG AliasId, PSID MemberSid)
Definition: setup.c:25
SecurityNtAuthority
SID_IDENTIFIER_AUTHORITY SecurityNtAuthority
Definition: setup.c:20
SampSetupCreateUserAccount
static NTSTATUS SampSetupCreateUserAccount(HANDLE hDomainKey, LPCWSTR lpAccountName, LPCWSTR lpComment, PSID lpDomainSid, ULONG ulRelativeId, ULONG UserAccountControl)
Definition: setup.c:357
NtProductWinNt
@ NtProductWinNt
Definition: shellpath.c:64
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
pSid
static PSID pSid
Definition: security.c:74
szComment
static const WCHAR szComment[]
Definition: domdoc.c:1167
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
USER_NORMAL_ACCOUNT
#define USER_NORMAL_ACCOUNT
Definition: ntsam.h:171
USER_DONT_EXPIRE_PASSWORD
#define USER_DONT_EXPIRE_PASSWORD
Definition: ntsam.h:176
USER_ACCOUNT_DISABLED
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
szName
static const WCHAR szName[]
Definition: powrprof.c:45
SampProductType
NT_PRODUCT_TYPE SampProductType
Definition: samsrv.c:29
_POLICY_ACCOUNT_DOMAIN_INFO
Definition: ntsecapi.h:565
_POLICY_ACCOUNT_DOMAIN_INFO::DomainSid
PSID DomainSid
Definition: ntsecapi.h:567
DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS
#define DOMAIN_ALIAS_RID_NETWORK_CONFIGURATION_OPS
Definition: setypes.h:666
DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:631
SECURITY_INTERACTIVE_RID
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:559
DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS
#define DOMAIN_ALIAS_RID_REMOTE_DESKTOP_USERS
Definition: setypes.h:665
DOMAIN_ALIAS_RID_MONITORING_USERS
#define DOMAIN_ALIAS_RID_MONITORING_USERS
Definition: setypes.h:669
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:568
DOMAIN_ALIAS_RID_LOGGING_USERS
#define DOMAIN_ALIAS_RID_LOGGING_USERS
Definition: setypes.h:670
DOMAIN_USER_RID_GUEST
#define DOMAIN_USER_RID_GUEST
Definition: setypes.h:632
DOMAIN_ALIAS_RID_BACKUP_OPS
#define DOMAIN_ALIAS_RID_BACKUP_OPS
Definition: setypes.h:660
DOMAIN_ALIAS_RID_PRINT_OPS
#define DOMAIN_ALIAS_RID_PRINT_OPS
Definition: setypes.h:659
DOMAIN_ALIAS_RID_REPLICATOR
#define DOMAIN_ALIAS_RID_REPLICATOR
Definition: setypes.h:662
DOMAIN_ALIAS_RID_POWER_USERS
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:655
DOMAIN_GROUP_RID_USERS
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:640

Referenced by SampInitializeRegistry().

◆ SampIsSetupRunning()

BOOL SampIsSetupRunning ( VOID  )

Definition at line 64 of file utils.c.

65{
66 DWORD dwError;
67 HKEY hKey;
68 DWORD dwType;
69 DWORD dwSize;
70 DWORD dwSetupType;
71
72 TRACE("SampIsSetupRunning()\n");
73
74 /* Open key */
75 dwError = RegOpenKeyExW(HKEY_LOCAL_MACHINE,
76 L"SYSTEM\\Setup",
77 0,
78 KEY_QUERY_VALUE,
79 &hKey);
80 if (dwError != ERROR_SUCCESS)
81 return FALSE;
82
83 /* Read key */
84 dwSize = sizeof(DWORD);
85 dwError = RegQueryValueExW(hKey,
86 L"SetupType",
87 NULL,
88 &dwType,
89 (LPBYTE)&dwSetupType,
90 &dwSize);
91
92 /* Close key, and check if returned values are correct */
93 RegCloseKey(hKey);
94 if (dwError != ERROR_SUCCESS || dwType != REG_DWORD || dwSize != sizeof(DWORD))
95 return FALSE;
96
97 TRACE("SampIsSetupRunning() returns %s\n", (dwSetupType != 0) ? "TRUE" : "FALSE");
98 return (dwSetupType != 0);
99}
RegCloseKey
#define RegCloseKey(hKey)
Definition: registry.h:47
ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10
RegOpenKeyExW
LONG WINAPI RegOpenKeyExW(HKEY hKey, LPCWSTR lpSubKey, DWORD ulOptions, REGSAM samDesired, PHKEY phkResult)
Definition: reg.c:3353
RegQueryValueExW
LONG WINAPI RegQueryValueExW(_In_ HKEY hkeyorg, _In_ LPCWSTR name, _In_ LPDWORD reserved, _In_ LPDWORD type, _In_ LPBYTE data, _In_ LPDWORD count)
Definition: reg.c:4118
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
hKey
FxAutoRegKey hKey
Definition: fxdriverapikm.cpp:59
dwSize
PSDBQUERYRESULT_VISTA PVOID DWORD * dwSize
Definition: env.c:56
KEY_QUERY_VALUE
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
DWORD
#define DWORD
Definition: nt_native.h:44
REG_DWORD
#define REG_DWORD
Definition: sdbapi.c:596
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
HKEY_LOCAL_MACHINE
#define HKEY_LOCAL_MACHINE
Definition: winreg.h:12

Referenced by SamIInitialize().

◆ SampLoadString()

INT SampLoadString ( HINSTANCE  hInstance,
UINT  uId,
LPWSTR  lpBuffer,
INT  nBufferMax 
)

Definition at line 17 of file utils.c.

21{
22 HGLOBAL hmem;
23 HRSRC hrsrc;
24 WCHAR *p;
25 int string_num;
26 int i;
27
28 /* Use loword (incremented by 1) as resourceid */
29 hrsrc = FindResourceW(hInstance,
30 MAKEINTRESOURCEW((LOWORD(uId) >> 4) + 1),
31 (LPWSTR)RT_STRING);
32 if (!hrsrc)
33 return 0;
34
35 hmem = LoadResource(hInstance, hrsrc);
36 if (!hmem)
37 return 0;
38
39 p = LockResource(hmem);
40 string_num = uId & 0x000f;
41 for (i = 0; i < string_num; i++)
42 p += *p + 1;
43
44 i = min(nBufferMax - 1, *p);
45 if (i > 0)
46 {
47 memcpy(lpBuffer, p + 1, i * sizeof(WCHAR));
48 lpBuffer[i] = 0;
49 }
50 else
51 {
52 if (nBufferMax > 1)
53 {
54 lpBuffer[0] = 0;
55 return 0;
56 }
57 }
58
59 return i;
60}
lpBuffer
static TAGREF LPCWSTR LPDWORD LPVOID lpBuffer
Definition: db.cpp:175
FindResourceW
HRSRC WINAPI FindResourceW(HINSTANCE hModule, LPCWSTR name, LPCWSTR type)
Definition: res.c:176
LockResource
LPVOID WINAPI LockResource(HGLOBAL handle)
Definition: res.c:550
LoadResource
HGLOBAL WINAPI LoadResource(HINSTANCE hModule, HRSRC hRsrc)
Definition: res.c:532
p
GLfloat GLfloat p
Definition: glext.h:8902
min
#define min(a, b)
Definition: monoChain.cc:55
LOWORD
#define LOWORD(l)
Definition: pedump.c:82
RT_STRING
#define RT_STRING
Definition: pedump.c:368
MAKEINTRESOURCEW
#define MAKEINTRESOURCEW(i)
Definition: winuser.h:582

Referenced by SampInitializeSAM().

◆ SampOpenAliasObject()

NTSTATUS SampOpenAliasObject ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  AliasId,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT AliasObject 
)

Definition at line 14 of file alias.c.

18{
19 WCHAR szRid[9];
20
21 TRACE("(%p %lu %lx %p)\n",
22 DomainObject, AliasId, DesiredAccess, AliasObject);
23
24 /* Convert the RID into a string (hex) */
25 swprintf(szRid, L"%08lX", AliasId);
26
27 /* Create the user object */
28 return SampOpenDbObject(DomainObject,
29 L"Aliases",
30 szRid,
31 AliasId,
32 SamDbAliasObject,
33 DesiredAccess,
34 AliasObject);
35}
SampOpenDbObject
NTSTATUS SampOpenDbObject(IN PSAM_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN ULONG RelativeId, IN SAM_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *DbObject)
Definition: database.c:173
swprintf
#define swprintf
Definition: precomp.h:40

◆ SampOpenDbObject()

NTSTATUS SampOpenDbObject ( IN PSAM_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN ULONG  RelativeId,
IN SAM_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT DbObject 
)

Definition at line 173 of file database.c.

180{
181 PSAM_DB_OBJECT NewObject = NULL;
182 HANDLE ParentKeyHandle;
183 HANDLE ContainerKeyHandle = NULL;
184 HANDLE ObjectKeyHandle = NULL;
185 HANDLE MembersKeyHandle = NULL;
186 NTSTATUS Status;
187
188 if (DbObject == NULL)
189 return STATUS_INVALID_PARAMETER;
190
191 *DbObject = NULL;
192
193 if (ParentObject == NULL)
194 ParentKeyHandle = SamKeyHandle;
195 else
196 ParentKeyHandle = ParentObject->KeyHandle;
197
198 if (ContainerName != NULL)
199 {
200 /* Open the container key */
201 Status = SampRegOpenKey(ParentKeyHandle,
202 ContainerName,
203 KEY_ALL_ACCESS,
204 &ContainerKeyHandle);
205 if (!NT_SUCCESS(Status))
206 {
207 goto done;
208 }
209
210 /* Open the object key */
211 Status = SampRegOpenKey(ContainerKeyHandle,
212 ObjectName,
213 KEY_ALL_ACCESS,
214 &ObjectKeyHandle);
215 if (!NT_SUCCESS(Status))
216 {
217 goto done;
218 }
219
220 if (ObjectType == SamDbAliasObject)
221 {
222 /* Open the object key */
223 Status = SampRegOpenKey(ContainerKeyHandle,
224 L"Members",
225 KEY_ALL_ACCESS,
226 &MembersKeyHandle);
227 if (!NT_SUCCESS(Status))
228 {
229 goto done;
230 }
231 }
232 }
233 else
234 {
235 /* Open the object key */
236 Status = SampRegOpenKey(ParentKeyHandle,
237 ObjectName,
238 KEY_ALL_ACCESS,
239 &ObjectKeyHandle);
240 if (!NT_SUCCESS(Status))
241 {
242 goto done;
243 }
244 }
245
246 NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
247 HEAP_ZERO_MEMORY,
248 sizeof(SAM_DB_OBJECT));
249 if (NewObject == NULL)
250 {
251 Status = STATUS_INSUFFICIENT_RESOURCES;
252 goto done;
253 }
254
255 NewObject->Name = RtlAllocateHeap(RtlGetProcessHeap(),
256 0,
257 (wcslen(ObjectName) + 1) * sizeof(WCHAR));
258 if (NewObject->Name == NULL)
259 {
260 Status = STATUS_INSUFFICIENT_RESOURCES;
261 goto done;
262 }
263
264 wcscpy(NewObject->Name, ObjectName);
265 NewObject->Signature = SAMP_DB_SIGNATURE;
266 NewObject->RefCount = 1;
267 NewObject->ObjectType = ObjectType;
268 NewObject->Access = DesiredAccess;
269 NewObject->KeyHandle = ObjectKeyHandle;
270 NewObject->MembersKeyHandle = MembersKeyHandle;
271 NewObject->RelativeId = RelativeId;
272 NewObject->ParentObject = ParentObject;
273
274 if (ParentObject != NULL)
275 NewObject->Trusted = ParentObject->Trusted;
276
277 *DbObject = NewObject;
278
279done:
280 if (!NT_SUCCESS(Status))
281 {
282 if (NewObject != NULL)
283 {
284 if (NewObject->Name != NULL)
285 RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject->Name);
286
287 RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject);
288 }
289
290 SampRegCloseKey(&MembersKeyHandle);
291 SampRegCloseKey(&ObjectKeyHandle);
292 }
293
294 SampRegCloseKey(&ContainerKeyHandle);
295
296 return Status;
297}

Referenced by SamIConnect(), SampFillUserDisplayCache(), SampOpenAliasObject(), SampOpenGroupObject(), SampOpenUserObject(), SamrConnect5(), SamrGetDomainPasswordInformation(), SamrOpenAlias(), SamrOpenDomain(), SamrOpenGroup(), and SamrOpenUser().

◆ SampOpenGroupObject()

NTSTATUS SampOpenGroupObject ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  GroupId,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT GroupObject 
)

Definition at line 14 of file group.c.

18{
19 WCHAR szRid[9];
20
21 TRACE("(%p %lu %lx %p)\n",
22 DomainObject, GroupId, DesiredAccess, GroupObject);
23
24 /* Convert the RID into a string (hex) */
25 swprintf(szRid, L"%08lX", GroupId);
26
27 /* Create the user object */
28 return SampOpenDbObject(DomainObject,
29 L"Groups",
30 szRid,
31 GroupId,
32 SamDbGroupObject,
33 DesiredAccess,
34 GroupObject);
35}

Referenced by SampRemoveUserFromAllGroups().

◆ SampOpenUserObject()

NTSTATUS SampOpenUserObject ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  UserId,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT UserObject 
)

Definition at line 14 of file user.c.

18{
19 WCHAR szRid[9];
20
21 TRACE("(%p %lu %lx %p)\n",
22 DomainObject, UserId, DesiredAccess, UserObject);
23
24 /* Convert the RID into a string (hex) */
25 swprintf(szRid, L"%08lX", UserId);
26
27 /* Create the user object */
28 return SampOpenDbObject(DomainObject,
29 L"Users",
30 szRid,
31 UserId,
32 SamDbUserObject,
33 DesiredAccess,
34 UserObject);
35}

Referenced by SampGetUserGroupAttributes(), SampSetUserGroupAttributes(), SamrAddMemberToGroup(), and SamrRemoveMemberFromGroup().

◆ SampRegCloseKey()

NTSTATUS SampRegCloseKey ( IN OUT PHANDLE  KeyHandle)

Definition at line 26 of file registry.c.

27{
28 NTSTATUS Status;
29
30 if (KeyHandle == NULL || *KeyHandle == NULL)
31 return STATUS_SUCCESS;
32
33 Status = NtClose(*KeyHandle);
34 if (NT_SUCCESS(Status))
35 *KeyHandle = NULL;
36
37 return Status;
38}
KeyHandle
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4715
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402

Referenced by SampAddMemberToAlias(), SampCheckAccountNameInDomain(), SampCloseDbObject(), SampCreateDbObject(), SampDeleteAccountDbObject(), SampGetNumberOfAccounts(), SampInitializeSAM(), SampOpenDbObject(), SampQueryAliasGeneral(), SampRemoveAccountNameFromDomain(), SampRemoveAllMembersFromAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetAccountNameInDomain(), SampSetupAddMemberToGroup(), SampSetupCreateAliasAccount(), SampSetupCreateDomain(), SampSetupCreateGroupAccount(), SampSetupCreateServer(), SampSetupCreateUserAccount(), SamrEnumerateAliasesInDomain(), SamrEnumerateDomainsInSamServer(), SamrEnumerateGroupsInDomain(), SamrEnumerateUsersInDomain(), SamrGetAliasMembership(), SamrLookupDomainInSamServer(), SamrLookupIdsInDomain(), and SamrLookupNamesInDomain().

◆ SampRegCreateKey()

NTSTATUS SampRegCreateKey ( IN HANDLE  ParentKeyHandle,
IN LPCWSTR  KeyName,
IN ACCESS_MASK  DesiredAccess,
OUT PHANDLE  KeyHandle 
)

Definition at line 42 of file registry.c.

46{
47 OBJECT_ATTRIBUTES ObjectAttributes;
48 UNICODE_STRING Name;
49 ULONG Disposition;
50
51 RtlInitUnicodeString(&Name, KeyName);
52
53 InitializeObjectAttributes(&ObjectAttributes,
54 &Name,
55 OBJ_CASE_INSENSITIVE | OBJ_OPENIF,
56 ParentKeyHandle,
57 NULL);
58
59 /* Create the key */
60 return ZwCreateKey(KeyHandle,
61 DesiredAccess,
62 &ObjectAttributes,
63 0,
64 NULL,
65 0,
66 &Disposition);
67}
Name
struct NameRec_ * Name
Definition: cdprocs.h:460
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
OBJ_OPENIF
#define OBJ_OPENIF
Definition: winternl.h:229
OBJ_CASE_INSENSITIVE
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
InitializeObjectAttributes
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
Disposition
_In_ ACCESS_MASK _In_ POBJECT_ATTRIBUTES _Reserved_ ULONG _In_opt_ PUNICODE_STRING _In_ ULONG _Out_opt_ PULONG Disposition
Definition: cmfuncs.h:56
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
NameRec_
Definition: apinames.c:49
_OBJECT_ATTRIBUTES
Definition: umtypes.h:182
_UNICODE_STRING
Definition: env_spec_w32.h:368
KeyName
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699

Referenced by SampAddMemberToAlias(), SampCreateDbObject(), SampSetupCreateAliasAccount(), SampSetupCreateDomain(), SampSetupCreateGroupAccount(), SampSetupCreateServer(), and SampSetupCreateUserAccount().

◆ SampRegDeleteKey()

NTSTATUS SampRegDeleteKey ( IN HANDLE  ParentKeyHandle,
IN LPCWSTR  KeyName 
)

Definition at line 71 of file registry.c.

73{
74 OBJECT_ATTRIBUTES ObjectAttributes;
75 UNICODE_STRING SubKeyName;
76 HANDLE TargetKey;
77 NTSTATUS Status;
78
79 RtlInitUnicodeString(&SubKeyName,
80 (LPWSTR)KeyName);
81 InitializeObjectAttributes(&ObjectAttributes,
82 &SubKeyName,
83 OBJ_CASE_INSENSITIVE,
84 ParentKeyHandle,
85 NULL);
86 Status = NtOpenKey(&TargetKey,
87 DELETE,
88 &ObjectAttributes);
89 if (!NT_SUCCESS(Status))
90 return Status;
91
92 Status = NtDeleteKey(TargetKey);
93
94 NtClose(TargetKey);
95
96 return Status;
97}
SubKeyName
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ PNDIS_STRING SubKeyName
Definition: ndis.h:4725
NtOpenKey
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
NtDeleteKey
NTSTATUS NTAPI NtDeleteKey(IN HANDLE KeyHandle)
Definition: ntapi.c:408

Referenced by SampDeleteAccountDbObject(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetupCreateAliasAccount(), SampSetupCreateGroupAccount(), and SampSetupCreateUserAccount().

◆ SampRegDeleteValue()

NTSTATUS SampRegDeleteValue ( IN HANDLE  KeyHandle,
IN LPCWSTR  ValueName 
)

Definition at line 212 of file registry.c.

214{
215 UNICODE_STRING Name;
216
217 RtlInitUnicodeString(&Name,
218 ValueName);
219
220 return NtDeleteValueKey(KeyHandle,
221 &Name);
222}
NtDeleteValueKey
NTSYSAPI NTSTATUS NTAPI NtDeleteValueKey(IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName)
Definition: ntapi.c:1014
ValueName
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:243

Referenced by SampDeleteAccountDbObject(), SampRemoveAccountNameFromDomain(), SampRemoveMemberFromAlias(), and SampRemoveMemberFromAllAliases().

◆ SampRegEnumerateSubKey()

NTSTATUS SampRegEnumerateSubKey ( IN HANDLE  KeyHandle,
IN ULONG  Index,
IN ULONG  Length,
OUT LPWSTR  Buffer 
)

Definition at line 101 of file registry.c.

105{
106 PKEY_BASIC_INFORMATION KeyInfo = NULL;
107 ULONG BufferLength = 0;
108 ULONG ReturnedLength;
109 NTSTATUS Status;
110
111 /* Check if we have a name */
112 if (Length)
113 {
114 /* Allocate a buffer for it */
115 BufferLength = sizeof(KEY_BASIC_INFORMATION) + Length * sizeof(WCHAR);
116
117 KeyInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
118 if (KeyInfo == NULL)
119 return STATUS_NO_MEMORY;
120 }
121
122 /* Enumerate the key */
123 Status = ZwEnumerateKey(KeyHandle,
124 Index,
125 KeyBasicInformation,
126 KeyInfo,
127 BufferLength,
128 &ReturnedLength);
129 if (NT_SUCCESS(Status))
130 {
131 /* Check if the name fits */
132 if (KeyInfo->NameLength < (Length * sizeof(WCHAR)))
133 {
134 /* Copy it */
135 RtlMoveMemory(Buffer,
136 KeyInfo->Name,
137 KeyInfo->NameLength);
138
139 /* Terminate the string */
140 Buffer[KeyInfo->NameLength / sizeof(WCHAR)] = 0;
141 }
142 else
143 {
144 /* Otherwise, we ran out of buffer space */
145 Status = STATUS_BUFFER_OVERFLOW;
146 }
147 }
148
149 /* Free the buffer and return status */
150 if (KeyInfo)
151 RtlFreeHeap(RtlGetProcessHeap(), 0, KeyInfo);
152
153 return Status;
154}
ReturnedLength
_In_ ULONG _In_ BATTERY_QUERY_INFORMATION_LEVEL _In_ LONG _In_ ULONG _Out_ PULONG ReturnedLength
Definition: batclass.h:188
Buffer
Definition: bufpool.h:45
KeyBasicInformation
@ KeyBasicInformation
Definition: nt_native.h:1131
KEY_BASIC_INFORMATION
struct _KEY_BASIC_INFORMATION KEY_BASIC_INFORMATION
STATUS_NO_MEMORY
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
_KEY_BASIC_INFORMATION
Definition: nt_native.h:1099
_KEY_BASIC_INFORMATION::Name
WCHAR Name[1]
Definition: nt_native.h:1103
_KEY_BASIC_INFORMATION::NameLength
ULONG NameLength
Definition: nt_native.h:1102
RtlMoveMemory
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264

Referenced by SampFillUserDisplayCache(), SampRemoveMemberFromAllAliases(), SamrEnumerateDomainsInSamServer(), and SamrLookupDomainInSamServer().

◆ SampRegEnumerateValue()

NTSTATUS SampRegEnumerateValue ( IN HANDLE  KeyHandle,
IN ULONG  Index,
OUT LPWSTR  Name,
IN OUT PULONG  NameLength,
OUT PULONG Type  OPTIONAL,
OUT PVOID Data  OPTIONAL,
IN OUT PULONG DataLength  OPTIONAL 
)

Definition at line 226 of file registry.c.

233{
234 PKEY_VALUE_FULL_INFORMATION ValueInfo = NULL;
235 ULONG BufferLength = 0;
236 ULONG ReturnedLength;
237 NTSTATUS Status;
238
239 TRACE("Index: %lu\n", Index);
240
241 /* Calculate the required buffer length */
242 BufferLength = FIELD_OFFSET(KEY_VALUE_FULL_INFORMATION, Name);
243 BufferLength += (MAX_PATH + 1) * sizeof(WCHAR);
244 if (Data != NULL)
245 BufferLength += *DataLength;
246
247 /* Allocate the value buffer */
248 ValueInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, BufferLength);
249 if (ValueInfo == NULL)
250 return STATUS_NO_MEMORY;
251
252 /* Enumerate the value*/
253 Status = ZwEnumerateValueKey(KeyHandle,
254 Index,
255 KeyValueFullInformation,
256 ValueInfo,
257 BufferLength,
258 &ReturnedLength);
259 if (NT_SUCCESS(Status))
260 {
261 if (Name != NULL)
262 {
263 /* Check if the name fits */
264 if (ValueInfo->NameLength < (*NameLength * sizeof(WCHAR)))
265 {
266 /* Copy it */
267 RtlMoveMemory(Name,
268 ValueInfo->Name,
269 ValueInfo->NameLength);
270
271 /* Terminate the string */
272 Name[ValueInfo->NameLength / sizeof(WCHAR)] = 0;
273 }
274 else
275 {
276 /* Otherwise, we ran out of buffer space */
277 Status = STATUS_BUFFER_OVERFLOW;
278 goto done;
279 }
280 }
281
282 if (Data != NULL)
283 {
284 /* Check if the data fits */
285 if (ValueInfo->DataLength <= *DataLength)
286 {
287 /* Copy it */
288 RtlMoveMemory(Data,
289 (PVOID)((ULONG_PTR)ValueInfo + ValueInfo->DataOffset),
290 ValueInfo->DataLength);
291
292 /* if the type is REG_SZ and data is not 0-terminated
293 * and there is enough space in the buffer NT appends a \0 */
294 if (IsStringType(ValueInfo->Type) &&
295 ValueInfo->DataLength <= *DataLength - sizeof(WCHAR))
296 {
297 WCHAR *ptr = (WCHAR *)((ULONG_PTR)Data + ValueInfo->DataLength);
298 if ((ptr > (WCHAR *)Data) && ptr[-1])
299 *ptr = 0;
300 }
301 }
302 else
303 {
304 Status = STATUS_BUFFER_OVERFLOW;
305 goto done;
306 }
307 }
308 }
309
310done:
311 if ((NT_SUCCESS(Status)) || (Status == STATUS_BUFFER_OVERFLOW))
312 {
313 if (Type != NULL)
314 *Type = ValueInfo->Type;
315
316 if (NameLength != NULL)
317 *NameLength = ValueInfo->NameLength;
318
319 if (DataLength != NULL)
320 *DataLength = ValueInfo->DataLength;
321 }
322
323 /* Free the buffer and return status */
324 if (ValueInfo)
325 RtlFreeHeap(RtlGetProcessHeap(), 0, ValueInfo);
326
327 return Status;
328}
Type
Type
Definition: Type.h:7
MAX_PATH
#define MAX_PATH
Definition: compat.h:34
IsStringType
static BOOLEAN IsStringType(ULONG Type)
Definition: registry.c:19
ptr
static PVOID ptr
Definition: dispmode.c:27
KeyValueFullInformation
@ KeyValueFullInformation
Definition: nt_native.h:1181
_KEY_VALUE_FULL_INFORMATION
Definition: nt_native.h:1155
_KEY_VALUE_FULL_INFORMATION::Type
ULONG Type
Definition: nt_native.h:1157
_KEY_VALUE_FULL_INFORMATION::DataLength
ULONG DataLength
Definition: nt_native.h:1159
_KEY_VALUE_FULL_INFORMATION::DataOffset
ULONG DataOffset
Definition: nt_native.h:1158
_KEY_VALUE_FULL_INFORMATION::NameLength
ULONG NameLength
Definition: nt_native.h:1160
_KEY_VALUE_FULL_INFORMATION::Name
WCHAR Name[1]
Definition: nt_native.h:1161
FIELD_OFFSET
#define FIELD_OFFSET(t, f)
Definition: typedefs.h:255
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65

Referenced by SampGetMembersInAlias(), SamrEnumerateAliasesInDomain(), SamrEnumerateGroupsInDomain(), SamrEnumerateUsersInDomain(), and SamrGetAliasMembership().

◆ SampRegOpenKey()

NTSTATUS SampRegOpenKey ( IN HANDLE  ParentKeyHandle,
IN LPCWSTR  KeyName,
IN ACCESS_MASK  DesiredAccess,
OUT PHANDLE  KeyHandle 
)

Definition at line 158 of file registry.c.

162{
163 OBJECT_ATTRIBUTES ObjectAttributes;
164 UNICODE_STRING Name;
165
166 RtlInitUnicodeString(&Name, KeyName);
167
168 InitializeObjectAttributes(&ObjectAttributes,
169 &Name,
170 OBJ_CASE_INSENSITIVE,
171 ParentKeyHandle,
172 NULL);
173
174 return NtOpenKey(KeyHandle,
175 DesiredAccess,
176 &ObjectAttributes);
177}

Referenced by SampCheckAccountNameInDomain(), SampCreateDbObject(), SampDeleteAccountDbObject(), SampFillUserDisplayCache(), SampGetMembersInAlias(), SampGetNumberOfAccounts(), SampInitDatabase(), SampInitializeSAM(), SampOpenDbObject(), SampQueryAliasGeneral(), SampRemoveAccountNameFromDomain(), SampRemoveAllMembersFromAlias(), SampRemoveMemberFromAlias(), SampRemoveMemberFromAllAliases(), SampSetAccountNameInDomain(), SampSetupAddMemberToGroup(), SampSetupCreateAliasAccount(), SampSetupCreateGroupAccount(), SampSetupCreateUserAccount(), SamrEnumerateAliasesInDomain(), SamrEnumerateDomainsInSamServer(), SamrEnumerateGroupsInDomain(), SamrEnumerateUsersInDomain(), SamrGetAliasMembership(), SamrLookupDomainInSamServer(), SamrLookupIdsInDomain(), and SamrLookupNamesInDomain().

◆ SampRegQueryKeyInfo()

NTSTATUS SampRegQueryKeyInfo ( IN HANDLE  KeyHandle,
OUT PULONG  SubKeyCount,
OUT PULONG  ValueCount 
)

Definition at line 181 of file registry.c.

184{
185 KEY_FULL_INFORMATION FullInfoBuffer;
186 ULONG Length;
187 NTSTATUS Status;
188
189 FullInfoBuffer.ClassLength = 0;
190 FullInfoBuffer.ClassOffset = FIELD_OFFSET(KEY_FULL_INFORMATION, Class);
191
192 Status = NtQueryKey(KeyHandle,
193 KeyFullInformation,
194 &FullInfoBuffer,
195 sizeof(KEY_FULL_INFORMATION),
196 &Length);
197 TRACE("NtQueryKey() returned status 0x%08lX\n", Status);
198 if (!NT_SUCCESS(Status))
199 return Status;
200
201 if (SubKeyCount != NULL)
202 *SubKeyCount = FullInfoBuffer.SubKeys;
203
204 if (ValueCount != NULL)
205 *ValueCount = FullInfoBuffer.Values;
206
207 return Status;
208}
KeyFullInformation
@ KeyFullInformation
Definition: nt_native.h:1133
NtQueryKey
NTSTATUS NTAPI NtQueryKey(IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG Length, OUT PULONG ResultLength)
Definition: ntapi.c:632
_KEY_FULL_INFORMATION
Definition: nt_native.h:1116
_KEY_FULL_INFORMATION::Values
ULONG Values
Definition: nt_native.h:1124
_KEY_FULL_INFORMATION::SubKeys
ULONG SubKeys
Definition: nt_native.h:1121
_KEY_FULL_INFORMATION::ClassLength
ULONG ClassLength
Definition: nt_native.h:1120
_KEY_FULL_INFORMATION::ClassOffset
ULONG ClassOffset
Definition: nt_native.h:1119

Referenced by SampGetMembersInAlias(), SampGetNumberOfAccounts(), SampQueryAliasGeneral(), SampRemoveMemberFromAlias(), and SamrGetAliasMembership().

◆ SampRegQueryValue()

NTSTATUS SampRegQueryValue ( IN HANDLE  KeyHandle,
IN LPCWSTR  ValueName,
OUT PULONG Type  OPTIONAL,
OUT LPVOID