ReactOS  0.4.14-dev-323-g6fe6a88
samsrv.h File Reference
#include <stdio.h>
#include <stdlib.h>
#include <windef.h>
#include <winbase.h>
#include <winreg.h>
#include <ndk/kefuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/rtlfuncs.h>
#include <ddk/ntsam.h>
#include <sddl.h>
#include <sam_s.h>
#include <wine/debug.h>
Include dependency graph for samsrv.h:
This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Classes

struct  _SAM_DB_OBJECT
 
struct  _SAM_ALIAS_FIXED_DATA
 
struct  _SAM_DOMAIN_FIXED_DATA
 
struct  _SAM_GROUP_FIXED_DATA
 
struct  _SAM_USER_FIXED_DATA
 

Macros

#define WIN32_NO_STATUS
 
#define _INC_WINDOWS
 
#define COM_NO_WINDOWS_H
 
#define NTOS_MODE_USER
 
#define SAMP_DB_SIGNATURE   0x87654321
 

Typedefs

typedef enum _SAM_DB_OBJECT_TYPE SAM_DB_OBJECT_TYPE
 
typedef struct _SAM_DB_OBJECT SAM_DB_OBJECT
 
typedef struct _SAM_DB_OBJECTPSAM_DB_OBJECT
 
typedef struct _SAM_ALIAS_FIXED_DATA SAM_ALIAS_FIXED_DATA
 
typedef struct _SAM_ALIAS_FIXED_DATAPSAM_ALIAS_FIXED_DATA
 
typedef struct _SAM_DOMAIN_FIXED_DATA SAM_DOMAIN_FIXED_DATA
 
typedef struct _SAM_DOMAIN_FIXED_DATAPSAM_DOMAIN_FIXED_DATA
 
typedef struct _SAM_GROUP_FIXED_DATA SAM_GROUP_FIXED_DATA
 
typedef struct _SAM_GROUP_FIXED_DATAPSAM_GROUP_FIXED_DATA
 
typedef struct _SAM_USER_FIXED_DATA SAM_USER_FIXED_DATA
 
typedef struct _SAM_USER_FIXED_DATAPSAM_USER_FIXED_DATA
 

Enumerations

enum  _SAM_DB_OBJECT_TYPE {
  SamDbIgnoreObject, SamDbServerObject, SamDbDomainObject, SamDbAliasObject,
  SamDbGroupObject, SamDbUserObject
}
 

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (samsrv)
 
NTSTATUS SampOpenAliasObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG AliasId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *AliasObject)
 
NTSTATUS SampAddMemberToAlias (IN PSAM_DB_OBJECT AliasObject, IN PRPC_SID MemberId)
 
NTSTATUS NTAPI SampRemoveMemberFromAlias (IN PSAM_DB_OBJECT AliasObject, IN PRPC_SID MemberId)
 
NTSTATUS SampGetMembersInAlias (IN PSAM_DB_OBJECT AliasObject, OUT PULONG MemberCount, OUT PSAMPR_SID_INFORMATION *MemberArray)
 
NTSTATUS SampRemoveAllMembersFromAlias (IN PSAM_DB_OBJECT AliasObject)
 
NTSTATUS SampInitDatabase (VOID)
 
NTSTATUS SampCreateDbObject (IN PSAM_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN ULONG RelativeId, IN SAM_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampOpenDbObject (IN PSAM_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN ULONG RelativeId, IN SAM_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampValidateDbObject (SAMPR_HANDLE Handle, SAM_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PSAM_DB_OBJECT *DbObject)
 
NTSTATUS SampCloseDbObject (PSAM_DB_OBJECT DbObject)
 
NTSTATUS SampDeleteAccountDbObject (PSAM_DB_OBJECT DbObject)
 
NTSTATUS SampSetObjectAttribute (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, LPVOID AttributeData, ULONG AttributeSize)
 
NTSTATUS SampGetObjectAttribute (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
 
NTSTATUS SampGetObjectAttributeString (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PRPC_UNICODE_STRING String)
 
NTSTATUS SampSetObjectAttributeString (PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PRPC_UNICODE_STRING String)
 
NTSTATUS SampSetAccountNameInDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpContainerName, IN LPCWSTR lpAccountName, IN ULONG ulRelativeId)
 
NTSTATUS SampRemoveAccountNameFromDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpContainerName, IN LPCWSTR lpAccountName)
 
NTSTATUS SampCheckAccountNameInDomain (IN PSAM_DB_OBJECT DomainObject, IN LPCWSTR lpAccountName)
 
NTSTATUS SampRemoveMemberFromAllAliases (IN PSAM_DB_OBJECT DomainObject, IN PRPC_SID MemberSid)
 
NTSTATUS SampCreateAccountSid (IN PSAM_DB_OBJECT DomainObject, IN ULONG ulRelativeId, IN OUT PSID *AccountSid)
 
NTSTATUS SampOpenGroupObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG GroupId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *GroupObject)
 
NTSTATUS SampAddMemberToGroup (IN PSAM_DB_OBJECT GroupObject, IN ULONG MemberId)
 
NTSTATUS SampRemoveMemberFromGroup (IN PSAM_DB_OBJECT GroupObject, IN ULONG MemberId)
 
NTSTATUS SampRegCloseKey (IN OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegCreateKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegDeleteKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
 
NTSTATUS SampRegEnumerateSubKey (IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
 
NTSTATUS SampRegOpenKey (IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
 
NTSTATUS SampRegQueryKeyInfo (IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG ValueCount)
 
NTSTATUS SampRegDeleteValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName)
 
NTSTATUS SampRegEnumerateValue (IN HANDLE KeyHandle, IN ULONG Index, OUT LPWSTR Name, IN OUT PULONG NameLength, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
 
NTSTATUS SampRegQueryValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName, OUT PULONG Type OPTIONAL, OUT LPVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
 
NTSTATUS SampRegSetValue (IN HANDLE KeyHandle, IN LPCWSTR ValueName, IN ULONG Type, IN LPVOID Data, IN ULONG DataLength)
 
VOID SampStartRpcServer (VOID)
 
NTSTATUS SampCreateServerSD (OUT PSECURITY_DESCRIPTOR *ServerSd, OUT PULONG Size)
 
NTSTATUS SampCreateBuiltinDomainSD (OUT PSECURITY_DESCRIPTOR *DomainSd, OUT PULONG Size)
 
NTSTATUS SampCreateAccountDomainSD (OUT PSECURITY_DESCRIPTOR *DomainSd, OUT PULONG Size)
 
NTSTATUS SampCreateAliasSD (OUT PSECURITY_DESCRIPTOR *AliasSd, OUT PULONG Size)
 
NTSTATUS SampCreateGroupSD (OUT PSECURITY_DESCRIPTOR *GroupSd, OUT PULONG Size)
 
NTSTATUS SampCreateUserSD (IN PSID UserSid, OUT PSECURITY_DESCRIPTOR *UserSd, OUT PULONG Size)
 
BOOL SampInitializeSAM (VOID)
 
NTSTATUS SampOpenUserObject (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *UserObject)
 
NTSTATUS SampAddGroupMembershipToUser (IN PSAM_DB_OBJECT UserObject, IN ULONG GroupId, IN ULONG Attributes)
 
NTSTATUS SampRemoveGroupMembershipFromUser (IN PSAM_DB_OBJECT UserObject, IN ULONG GroupId)
 
NTSTATUS SampGetUserGroupAttributes (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ULONG GroupId, OUT PULONG GroupAttributes)
 
NTSTATUS SampSetUserGroupAttributes (IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ULONG GroupId, IN ULONG GroupAttributes)
 
NTSTATUS SampRemoveUserFromAllGroups (IN PSAM_DB_OBJECT UserObject)
 
NTSTATUS SampRemoveUserFromAllAliases (IN PSAM_DB_OBJECT UserObject)
 
NTSTATUS SampSetUserPassword (IN PSAM_DB_OBJECT UserObject, IN PENCRYPTED_NT_OWF_PASSWORD NtPassword, IN BOOLEAN NtPasswordPresent, IN PENCRYPTED_LM_OWF_PASSWORD LmPassword, IN BOOLEAN LmPasswordPresent)
 
NTSTATUS SampGetLogonHoursAttribute (IN PSAM_DB_OBJECT UserObject, IN OUT PSAMPR_LOGON_HOURS LogonHours)
 
NTSTATUS SampSetLogonHoursAttribute (IN PSAM_DB_OBJECT UserObject, IN PSAMPR_LOGON_HOURS LogonHours)
 
INT SampLoadString (HINSTANCE hInstance, UINT uId, LPWSTR lpBuffer, INT nBufferMax)
 
BOOL SampIsSetupRunning (VOID)
 
PSID AppendRidToSid (PSID SrcSid, ULONG Rid)
 
NTSTATUS SampGetRidFromSid (IN PSID Sid, OUT PULONG Rid)
 
NTSTATUS SampCheckAccountName (IN PRPC_UNICODE_STRING AccountName, IN USHORT MaxLength)
 
NTSTATUS WINAPI SystemFunction006 (LPCSTR password, LPSTR hash)
 
NTSTATUS WINAPI SystemFunction007 (PUNICODE_STRING string, LPBYTE hash)
 
NTSTATUS WINAPI SystemFunction013 (const BYTE *in, const BYTE *key, LPBYTE out)
 

Variables

PGENERIC_MAPPING pServerMapping
 
ENCRYPTED_NT_OWF_PASSWORD EmptyNtHash
 
ENCRYPTED_LM_OWF_PASSWORD EmptyLmHash
 
RTL_RESOURCE SampResource
 

Macro Definition Documentation

◆ _INC_WINDOWS

#define _INC_WINDOWS

Definition at line 17 of file samsrv.h.

◆ COM_NO_WINDOWS_H

#define COM_NO_WINDOWS_H

Definition at line 18 of file samsrv.h.

◆ NTOS_MODE_USER

#define NTOS_MODE_USER

Definition at line 23 of file samsrv.h.

◆ SAMP_DB_SIGNATURE

#define SAMP_DB_SIGNATURE   0x87654321

Definition at line 58 of file samsrv.h.

◆ WIN32_NO_STATUS

#define WIN32_NO_STATUS

Definition at line 16 of file samsrv.h.

Typedef Documentation

◆ PSAM_ALIAS_FIXED_DATA

◆ PSAM_DB_OBJECT

◆ PSAM_DOMAIN_FIXED_DATA

◆ PSAM_GROUP_FIXED_DATA

◆ PSAM_USER_FIXED_DATA

◆ SAM_ALIAS_FIXED_DATA

◆ SAM_DB_OBJECT

◆ SAM_DB_OBJECT_TYPE

◆ SAM_DOMAIN_FIXED_DATA

◆ SAM_GROUP_FIXED_DATA

◆ SAM_USER_FIXED_DATA

Enumeration Type Documentation

◆ _SAM_DB_OBJECT_TYPE

Enumerator
SamDbIgnoreObject 
SamDbServerObject 
SamDbDomainObject 
SamDbAliasObject 
SamDbGroupObject 
SamDbUserObject 

Definition at line 34 of file samsrv.h.

Function Documentation

◆ AppendRidToSid()

PSID AppendRidToSid ( PSID  SrcSid,
ULONG  Rid 
)

Definition at line 103 of file utils.c.

105 {
106  ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0};
107  UCHAR RidCount;
108  PSID DstSid;
109  ULONG i;
110 
111  RidCount = *RtlSubAuthorityCountSid(SrcSid);
112  if (RidCount >= 8)
113  return NULL;
114 
115  for (i = 0; i < RidCount; i++)
116  Rids[i] = *RtlSubAuthoritySid(SrcSid, i);
117 
118  Rids[RidCount] = Rid;
119  RidCount++;
120 
122  RidCount,
123  Rids[0],
124  Rids[1],
125  Rids[2],
126  Rids[3],
127  Rids[4],
128  Rids[5],
129  Rids[6],
130  Rids[7],
131  &DstSid);
132 
133  return DstSid;
134 }
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid)
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
unsigned char UCHAR
Definition: xmlstorage.h:181
unsigned int ULONG
Definition: retypes.h:1

◆ SampAddGroupMembershipToUser()

NTSTATUS SampAddGroupMembershipToUser ( IN PSAM_DB_OBJECT  UserObject,
IN ULONG  GroupId,
IN ULONG  Attributes 
)

Definition at line 39 of file user.c.

42 {
43  PGROUP_MEMBERSHIP GroupsBuffer = NULL;
44  ULONG GroupsCount = 0;
45  ULONG Length = 0;
46  ULONG i;
48 
49  TRACE("(%p %lu %lx)\n",
50  UserObject, GroupId, Attributes);
51 
52  Status = SampGetObjectAttribute(UserObject,
53  L"Groups",
54  NULL,
55  NULL,
56  &Length);
58  goto done;
59 
60  GroupsBuffer = midl_user_allocate(Length + sizeof(GROUP_MEMBERSHIP));
61  if (GroupsBuffer == NULL)
62  {
64  goto done;
65  }
66 
68  {
69  Status = SampGetObjectAttribute(UserObject,
70  L"Groups",
71  NULL,
72  GroupsBuffer,
73  &Length);
74  if (!NT_SUCCESS(Status))
75  goto done;
76 
77  GroupsCount = Length / sizeof(GROUP_MEMBERSHIP);
78  }
79 
80  for (i = 0; i < GroupsCount; i++)
81  {
82  if (GroupsBuffer[i].RelativeId == GroupId)
83  {
85  goto done;
86  }
87  }
88 
89  GroupsBuffer[GroupsCount].RelativeId = GroupId;
90  GroupsBuffer[GroupsCount].Attributes = Attributes;
91  Length += sizeof(GROUP_MEMBERSHIP);
92 
93  Status = SampSetObjectAttribute(UserObject,
94  L"Groups",
95  REG_BINARY,
96  GroupsBuffer,
97  Length);
98 
99 done:
100  if (GroupsBuffer != NULL)
101  midl_user_free(GroupsBuffer);
102 
103  return Status;
104 }
ULONG Attributes
Definition: ntsam.h:469
#define midl_user_free
Definition: rpc.h:45
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
ULONG RelativeId
Definition: ntsam.h:468
#define REG_BINARY
Definition: nt_native.h:1496
#define midl_user_allocate
Definition: rpc.h:44
NTSTATUS SampSetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:499
LONG NTSTATUS
Definition: precomp.h:26
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
#define STATUS_MEMBER_IN_GROUP
Definition: ntstatus.h:325
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
static const WCHAR L[]
Definition: oid.c:1250
struct _GROUP_MEMBERSHIP GROUP_MEMBERSHIP
Status
Definition: gdiplustypes.h:24
_Must_inspect_result_ _In_ USHORT _In_ PHIDP_PREPARSED_DATA _Out_writes_to_ LengthAttributes PHIDP_EXTENDED_ATTRIBUTES Attributes
Definition: hidpi.h:348
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
unsigned int ULONG
Definition: retypes.h:1

Referenced by SamrAddMemberToGroup().

◆ SampAddMemberToAlias()

NTSTATUS SampAddMemberToAlias ( IN PSAM_DB_OBJECT  AliasObject,
IN PRPC_SID  MemberId 
)

Definition at line 39 of file alias.c.

41 {
42  LPWSTR MemberIdString = NULL;
43  HANDLE MembersKeyHandle = NULL;
44  HANDLE MemberKeyHandle = NULL;
45  ULONG MemberIdLength;
47 
48  TRACE("(%p %p)\n",
49  AliasObject, MemberId);
50 
51  ConvertSidToStringSidW(MemberId, &MemberIdString);
52  TRACE("Member SID: %S\n", MemberIdString);
53 
54  MemberIdLength = RtlLengthSid(MemberId);
55 
56  Status = SampRegCreateKey(AliasObject->KeyHandle,
57  L"Members",
58  KEY_WRITE,
59  &MembersKeyHandle);
60  if (!NT_SUCCESS(Status))
61  {
62  TRACE("SampRegCreateKey failed with status 0x%08lx\n", Status);
63  goto done;
64  }
65 
66  Status = SampRegSetValue(MembersKeyHandle,
67  MemberIdString,
68  REG_BINARY,
69  MemberId,
70  MemberIdLength);
71  if (!NT_SUCCESS(Status))
72  {
73  TRACE("SampRegSetValue failed with status 0x%08lx\n", Status);
74  goto done;
75  }
76 
77  Status = SampRegCreateKey(AliasObject->MembersKeyHandle,
78  MemberIdString,
79  KEY_WRITE,
80  &MemberKeyHandle);
81  if (!NT_SUCCESS(Status))
82  {
83  TRACE("SampRegCreateKey failed with status 0x%08lx\n", Status);
84  goto done;
85  }
86 
87  Status = SampRegSetValue(MemberKeyHandle,
88  AliasObject->Name,
89  REG_BINARY,
90  MemberId,
91  MemberIdLength);
92  if (!NT_SUCCESS(Status))
93  {
94  TRACE("SampRegSetValue failed with status 0x%08lx\n", Status);
95  goto done;
96  }
97 
98 done:
99  SampRegCloseKey(&MemberKeyHandle);
100  SampRegCloseKey(&MembersKeyHandle);
101 
102  if (MemberIdString != NULL)
103  LocalFree(MemberIdString);
104 
105  return Status;
106 }
#define REG_BINARY
Definition: nt_native.h:1496
LONG NTSTATUS
Definition: precomp.h:26
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3259
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define KEY_WRITE
Definition: nt_native.h:1031
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
NTSTATUS SampRegSetValue(HANDLE KeyHandle, LPCWSTR ValueName, ULONG Type, LPVOID Data, ULONG DataLength)
Definition: registry.c:402
unsigned int ULONG
Definition: retypes.h:1
NTSTATUS SampRegCreateKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:42
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by SamrAddMemberToAlias().

◆ SampAddMemberToGroup()

NTSTATUS SampAddMemberToGroup ( IN PSAM_DB_OBJECT  GroupObject,
IN ULONG  MemberId 
)

Definition at line 39 of file group.c.

41 {
42  PULONG MembersBuffer = NULL;
43  ULONG MembersCount = 0;
44  ULONG Length = 0;
45  ULONG i;
47 
48  Status = SampGetObjectAttribute(GroupObject,
49  L"Members",
50  NULL,
51  NULL,
52  &Length);
54  goto done;
55 
56  MembersBuffer = midl_user_allocate(Length + sizeof(ULONG));
57  if (MembersBuffer == NULL)
58  {
60  goto done;
61  }
62 
64  {
65  Status = SampGetObjectAttribute(GroupObject,
66  L"Members",
67  NULL,
68  MembersBuffer,
69  &Length);
70  if (!NT_SUCCESS(Status))
71  goto done;
72 
73  MembersCount = Length / sizeof(ULONG);
74  }
75 
76  for (i = 0; i < MembersCount; i++)
77  {
78  if (MembersBuffer[i] == MemberId)
79  {
81  goto done;
82  }
83  }
84 
85  MembersBuffer[MembersCount] = MemberId;
86  Length += sizeof(ULONG);
87 
88  Status = SampSetObjectAttribute(GroupObject,
89  L"Members",
90  REG_BINARY,
91  MembersBuffer,
92  Length);
93 
94 done:
95  if (MembersBuffer != NULL)
96  midl_user_free(MembersBuffer);
97 
98  return Status;
99 }
#define midl_user_free
Definition: rpc.h:45
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define REG_BINARY
Definition: nt_native.h:1496
#define midl_user_allocate
Definition: rpc.h:44
NTSTATUS SampSetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, ULONG AttributeType, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:499
LONG NTSTATUS
Definition: precomp.h:26
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
#define STATUS_MEMBER_IN_GROUP
Definition: ntstatus.h:325
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
unsigned int * PULONG
Definition: retypes.h:1
unsigned int ULONG
Definition: retypes.h:1

Referenced by SamrAddMemberToGroup().

◆ SampCheckAccountName()

NTSTATUS SampCheckAccountName ( IN PRPC_UNICODE_STRING  AccountName,
IN USHORT  MaxLength 
)

Definition at line 154 of file utils.c.

156 {
157  if (AccountName->Length > MaxLength * sizeof(WCHAR))
159 
160  return STATUS_SUCCESS;
161 }
#define STATUS_INVALID_ACCOUNT_NAME
Definition: ntstatus.h:320
__wchar_t WCHAR
Definition: xmlstorage.h:180
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SampSetAliasName(), SampSetGroupName(), SampSetUserName(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCheckAccountNameInDomain()

NTSTATUS SampCheckAccountNameInDomain ( IN PSAM_DB_OBJECT  DomainObject,
IN LPCWSTR  lpAccountName 
)

Definition at line 96 of file domain.c.

98 {
99  HANDLE AccountKey = NULL;
100  HANDLE NamesKey = NULL;
102 
103  TRACE("SampCheckAccountNameInDomain()\n");
104 
105  Status = SampRegOpenKey(DomainObject->KeyHandle,
106  L"Aliases",
107  KEY_READ,
108  &AccountKey);
109  if (NT_SUCCESS(Status))
110  {
111  Status = SampRegOpenKey(AccountKey,
112  L"Names",
113  KEY_READ,
114  &NamesKey);
115  if (NT_SUCCESS(Status))
116  {
117  Status = SampRegQueryValue(NamesKey,
119  NULL,
120  NULL,
121  NULL);
122  if (Status == STATUS_SUCCESS)
123  {
124  SampRegCloseKey(&NamesKey);
126  }
129  }
130 
131  SampRegCloseKey(&AccountKey);
132  }
133 
134  if (!NT_SUCCESS(Status))
135  {
136  TRACE("Checking for alias account failed (Status 0x%08lx)\n", Status);
137  return Status;
138  }
139 
140  Status = SampRegOpenKey(DomainObject->KeyHandle,
141  L"Groups",
142  KEY_READ,
143  &AccountKey);
144  if (NT_SUCCESS(Status))
145  {
146  Status = SampRegOpenKey(AccountKey,
147  L"Names",
148  KEY_READ,
149  &NamesKey);
150  if (NT_SUCCESS(Status))
151  {
152  Status = SampRegQueryValue(NamesKey,
154  NULL,
155  NULL,
156  NULL);
157  if (Status == STATUS_SUCCESS)
158  {
159  SampRegCloseKey(&NamesKey);
161  }
164  }
165 
166  SampRegCloseKey(&AccountKey);
167  }
168 
169  if (!NT_SUCCESS(Status))
170  {
171  TRACE("Checking for group account failed (Status 0x%08lx)\n", Status);
172  return Status;
173  }
174 
175  Status = SampRegOpenKey(DomainObject->KeyHandle,
176  L"Users",
177  KEY_READ,
178  &AccountKey);
179  if (NT_SUCCESS(Status))
180  {
181  Status = SampRegOpenKey(AccountKey,
182  L"Names",
183  KEY_READ,
184  &NamesKey);
185  if (NT_SUCCESS(Status))
186  {
187  Status = SampRegQueryValue(NamesKey,
189  NULL,
190  NULL,
191  NULL);
192  if (Status == STATUS_SUCCESS)
193  {
194  SampRegCloseKey(&NamesKey);
196  }
199  }
200 
201  SampRegCloseKey(&AccountKey);
202  }
203 
204  if (!NT_SUCCESS(Status))
205  {
206  TRACE("Checking for user account failed (Status 0x%08lx)\n", Status);
207  }
208 
209  return Status;
210 }
#define KEY_READ
Definition: nt_native.h:1023
LONG NTSTATUS
Definition: precomp.h:26
#define STATUS_ALIAS_EXISTS
Definition: ntstatus.h:562
_In_ LPCSTR lpAccountName
Definition: winbase.h:2688
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS SampRegQueryValue(IN HANDLE KeyHandle, IN LPCWSTR ValueName, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:332
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SampSetAliasName(), SampSetGroupName(), SampSetUserName(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCloseDbObject()

NTSTATUS SampCloseDbObject ( PSAM_DB_OBJECT  DbObject)

Definition at line 344 of file database.c.

345 {
347 
348  DbObject->RefCount--;
349 
350  if (DbObject->RefCount > 0)
351  return STATUS_SUCCESS;
352 
353  SampRegCloseKey(&DbObject->KeyHandle);
354  SampRegCloseKey(&DbObject->MembersKeyHandle);
355 
356  if (DbObject->Name != NULL)
357  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject->Name);
358 
359  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
360 
361  return Status;
362 }
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
HANDLE MembersKeyHandle
Definition: samsrv.h:52
smooth NULL
Definition: ftsmooth.c:416
ULONG RefCount
Definition: samsrv.h:48
LPWSTR Name
Definition: samsrv.h:50
Status
Definition: gdiplustypes.h:24
HANDLE KeyHandle
Definition: samsrv.h:51
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SampGetUserGroupAttributes(), SampRemoveUserFromAllGroups(), SampSetUserGroupAttributes(), SamrAddMemberToGroup(), SamrCloseHandle(), SamrGetDomainPasswordInformation(), and SamrRemoveMemberFromGroup().

◆ SampCreateAccountDomainSD()

NTSTATUS SampCreateAccountDomainSD ( OUT PSECURITY_DESCRIPTOR DomainSd,
OUT PULONG  Size 
)

Definition at line 545 of file security.c.

547 {
548  PSECURITY_DESCRIPTOR AbsSD = NULL;
549  PSECURITY_DESCRIPTOR RelSD = NULL;
550  PSID EveryoneSid = NULL;
551  PSID AnonymousSid = NULL;
552  PSID AdministratorsSid = NULL;
553  PSID UsersSid = NULL;
554  PSID GuestsSid = NULL;
555  PACL Dacl = NULL;
556  PACL Sacl = NULL;
557  ULONG DaclSize;
558  ULONG SaclSize;
559  ULONG RelSDSize = 0;
561 
562 
563  /* Create the Everyone SID */
565  1,
567  0,
568  0,
569  0,
570  0,
571  0,
572  0,
573  0,
574  &EveryoneSid);
576  if (!NT_SUCCESS(Status))
577  goto done;
578 
579  /* Create the Anonymous SID */
581  1,
583  0,
584  0,
585  0,
586  0,
587  0,
588  0,
589  0,
590  &AnonymousSid);
592  if (!NT_SUCCESS(Status))
593  goto done;
594 
595  /* Create the Administrators SID */
597  2,
600  0,
601  0,
602  0,
603  0,
604  0,
605  0,
606  &AdministratorsSid);
608  if (!NT_SUCCESS(Status))
609  goto done;
610 
611  /* Create the Users SID */
613  2,
616  0,
617  0,
618  0,
619  0,
620  0,
621  0,
622  &UsersSid);
624  if (!NT_SUCCESS(Status))
625  goto done;
626 
627  /* Create the Guests SID */
629  2,
632  0,
633  0,
634  0,
635  0,
636  0,
637  0,
638  &GuestsSid);
640  if (!NT_SUCCESS(Status))
641  goto done;
642 
643 
644  /* Allocate a buffer for the absolute SD */
645  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
647  sizeof(SECURITY_DESCRIPTOR));
648  if (AbsSD == NULL)
649  {
652  goto done;
653  }
654 
655  /* Create the absolute SD */
659  if (!NT_SUCCESS(Status))
660  goto done;
661 
662  /* allocate and create the DACL */
663  DaclSize = sizeof(ACL) +
664  4 * sizeof(ACE) +
665  RtlLengthSid(EveryoneSid) +
666  RtlLengthSid(AdministratorsSid) +
667  RtlLengthSid(UsersSid) +
668  RtlLengthSid(GuestsSid);
669 
670  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
672  DaclSize);
673  if (Dacl == NULL)
674  {
677  goto done;
678  }
679 
681  DaclSize,
682  ACL_REVISION);
684  if (!NT_SUCCESS(Status))
685  goto done;
686 
688  ACL_REVISION,
690  EveryoneSid);
692  if (!NT_SUCCESS(Status))
693  goto done;
694 
696  ACL_REVISION,
698  UsersSid);
700  if (!NT_SUCCESS(Status))
701  goto done;
702 
704  ACL_REVISION,
706  AdministratorsSid);
708  if (!NT_SUCCESS(Status))
709  goto done;
710 
712  ACL_REVISION,
714  GuestsSid);
716  if (!NT_SUCCESS(Status))
717  goto done;
718 
719  /* Set the DACL */
721  TRUE,
722  Dacl,
723  FALSE);
725  if (!NT_SUCCESS(Status))
726  goto done;
727 
728  /* allocate and create the SACL */
729  SaclSize = sizeof(ACL) +
730  2 * sizeof(ACE) +
731  RtlLengthSid(EveryoneSid) +
732  RtlLengthSid(AnonymousSid);
733 
734  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
736  DaclSize);
737  if (Sacl == NULL)
738  {
741  goto done;
742  }
743 
745  SaclSize,
746  ACL_REVISION);
748  if (!NT_SUCCESS(Status))
749  goto done;
750 
752  ACL_REVISION,
756  EveryoneSid,
757  TRUE,
758  TRUE);
760  if (!NT_SUCCESS(Status))
761  goto done;
762 
764  ACL_REVISION,
766  AnonymousSid,
767  TRUE,
768  TRUE);
770  if (!NT_SUCCESS(Status))
771  goto done;
772 
773  /* Set the SACL */
775  TRUE,
776  Sacl,
777  FALSE);
779  if (!NT_SUCCESS(Status))
780  goto done;
781 
782  /* Set the owner SID */
784  AdministratorsSid,
785  FALSE);
787  if (!NT_SUCCESS(Status))
788  goto done;
789 
790  /* Set the group SID */
792  AdministratorsSid,
793  FALSE);
795  if (!NT_SUCCESS(Status))
796  goto done;
797 
798  /* Get the reqired buffer size for the self-relative SD */
800  NULL,
801  &RelSDSize);
803  goto done;
804 
805  /* Allocate a buffer for the self-relative SD */
806  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
808  RelSDSize);
809  if (RelSD == NULL)
810  {
813  goto done;
814  }
815 
816  /* Convert the absolute SD to self-relative format */
818  RelSD,
819  &RelSDSize);
821  {
823  goto done;
824  }
825 
826  *ServerSd = RelSD;
827  *Size = RelSDSize;
828 
829 done:
830  if (!NT_SUCCESS(Status))
831  {
832  if (RelSD != NULL)
833  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
834  }
835 
836  if (EveryoneSid != NULL)
837  RtlFreeSid(EveryoneSid);
838 
839  if (AnonymousSid != NULL)
840  RtlFreeSid(AnonymousSid);
841 
842  if (AdministratorsSid != NULL)
843  RtlFreeSid(AdministratorsSid);
844 
845  if (Dacl != NULL)
846  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
847 
848  if (Sacl != NULL)
849  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
850 
851  if (AbsSD != NULL)
852  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
853 
854  return Status;
855 }
#define TRUE
Definition: types.h:120
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define DOMAIN_CREATE_ALIAS
Definition: ntsam.h:39
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define DOMAIN_READ
Definition: ntsam.h:45
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define DOMAIN_CREATE_USER
Definition: ntsam.h:37
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
#define DOMAIN_EXECUTE
Definition: ntsam.h:57
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define DOMAIN_ALL_ACCESS
Definition: ntsam.h:62
Definition: rtltypes.h:988
#define DOMAIN_CREATE_GROUP
Definition: ntsam.h:38
#define DELETE
Definition: nt_native.h:57

Referenced by SampSetupCreateDomain().

◆ SampCreateAccountSid()

NTSTATUS SampCreateAccountSid ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  ulRelativeId,
IN OUT PSID AccountSid 
)

Definition at line 303 of file domain.c.

306 {
307  PSID DomainSid = NULL;
308  ULONG Length = 0;
310 
311  Status = SampGetObjectAttribute(DomainObject,
312  L"SID",
313  NULL,
314  NULL,
315  &Length);
317  {
318  TRACE("Status 0x%08lx\n", Status);
319  goto done;
320  }
321 
322  TRACE("Length: %lu\n", Length);
323 
324  DomainSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
325  if (DomainSid == NULL)
326  {
328  goto done;
329  }
330 
331  Status = SampGetObjectAttribute(DomainObject,
332  L"SID",
333  NULL,
334  DomainSid,
335  &Length);
336  if (!NT_SUCCESS(Status))
337  {
338  TRACE("Status 0x%08lx\n", Status);
339  goto done;
340  }
341 
342  *AccountSid = AppendRidToSid(DomainSid,
343  ulRelativeId);
344 
345 done:
346  if (DomainSid != NULL)
347  RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
348 
349  return Status;
350 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
unsigned int ULONG
Definition: retypes.h:1

Referenced by SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCreateAliasSD()

NTSTATUS SampCreateAliasSD ( OUT PSECURITY_DESCRIPTOR AliasSd,
OUT PULONG  Size 
)

Definition at line 859 of file security.c.

861 {
862  PSECURITY_DESCRIPTOR AbsSD = NULL;
863  PSECURITY_DESCRIPTOR RelSD = NULL;
864  PSID EveryoneSid = NULL;
865  PSID AnonymousSid = NULL;
866  PSID AdministratorsSid = NULL;
867  PSID AccountOperatorsSid = NULL;
868  PACL Dacl = NULL;
869  PACL Sacl = NULL;
870  ULONG DaclSize;
871  ULONG SaclSize;
872  ULONG RelSDSize = 0;
874 
875 
876  /* Create the Everyone SID */
878  1,
880  0,
881  0,
882  0,
883  0,
884  0,
885  0,
886  0,
887  &EveryoneSid);
889  if (!NT_SUCCESS(Status))
890  goto done;
891 
892  /* Create the Anonymous SID */
894  1,
896  0,
897  0,
898  0,
899  0,
900  0,
901  0,
902  0,
903  &AnonymousSid);
905  if (!NT_SUCCESS(Status))
906  goto done;
907 
908  /* Create the Administrators SID */
910  2,
913  0,
914  0,
915  0,
916  0,
917  0,
918  0,
919  &AdministratorsSid);
921  if (!NT_SUCCESS(Status))
922  goto done;
923 
924  /* Create the Account Operators SID */
926  2,
929  0,
930  0,
931  0,
932  0,
933  0,
934  0,
935  &AccountOperatorsSid);
937  if (!NT_SUCCESS(Status))
938  goto done;
939 
940  /* Allocate a buffer for the absolute SD */
941  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
943  sizeof(SECURITY_DESCRIPTOR));
944  if (AbsSD == NULL)
945  {
948  goto done;
949  }
950 
951  /* Create the absolute SD */
955  if (!NT_SUCCESS(Status))
956  goto done;
957 
958  /* allocate and create the DACL */
959  DaclSize = sizeof(ACL) +
960  3 * sizeof(ACE) +
961  RtlLengthSid(EveryoneSid) +
962  RtlLengthSid(AdministratorsSid) +
963  RtlLengthSid(AccountOperatorsSid);
964 
965  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
967  DaclSize);
968  if (Dacl == NULL)
969  {
972  goto done;
973  }
974 
976  DaclSize,
977  ACL_REVISION);
979  if (!NT_SUCCESS(Status))
980  goto done;
981 
983  ACL_REVISION,
985  EveryoneSid);
987  if (!NT_SUCCESS(Status))
988  goto done;
989 
991  ACL_REVISION,
993  AdministratorsSid);
995  if (!NT_SUCCESS(Status))
996  goto done;
997 
999  ACL_REVISION,
1001  AccountOperatorsSid);
1003  if (!NT_SUCCESS(Status))
1004  goto done;
1005 
1006  /* Set the DACL */
1008  TRUE,
1009  Dacl,
1010  FALSE);
1012  if (!NT_SUCCESS(Status))
1013  goto done;
1014 
1015  /* allocate and create the SACL */
1016  SaclSize = sizeof(ACL) +
1017  2 * sizeof(ACE) +
1018  RtlLengthSid(EveryoneSid) +
1019  RtlLengthSid(AnonymousSid);
1020 
1021  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1023  DaclSize);
1024  if (Sacl == NULL)
1025  {
1028  goto done;
1029  }
1030 
1032  SaclSize,
1033  ACL_REVISION);
1035  if (!NT_SUCCESS(Status))
1036  goto done;
1037 
1039  ACL_REVISION,
1043  EveryoneSid,
1044  TRUE,
1045  TRUE);
1047  if (!NT_SUCCESS(Status))
1048  goto done;
1049 
1051  ACL_REVISION,
1053  AnonymousSid,
1054  TRUE,
1055  TRUE);
1057  if (!NT_SUCCESS(Status))
1058  goto done;
1059 
1060  /* Set the SACL */
1062  TRUE,
1063  Sacl,
1064  FALSE);
1066  if (!NT_SUCCESS(Status))
1067  goto done;
1068 
1069  /* Set the owner SID */
1071  AdministratorsSid,
1072  FALSE);
1074  if (!NT_SUCCESS(Status))
1075  goto done;
1076 
1077  /* Set the group SID */
1079  AdministratorsSid,
1080  FALSE);
1082  if (!NT_SUCCESS(Status))
1083  goto done;
1084 
1085  /* Get the reqired buffer size for the self-relative SD */
1087  NULL,
1088  &RelSDSize);
1090  goto done;
1091 
1092  /* Allocate a buffer for the self-relative SD */
1093  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1095  RelSDSize);
1096  if (RelSD == NULL)
1097  {
1100  goto done;
1101  }
1102 
1103  /* Convert the absolute SD to self-relative format */
1105  RelSD,
1106  &RelSDSize);
1108  {
1110  goto done;
1111  }
1112 
1113  *AliasSd = RelSD;
1114  *Size = RelSDSize;
1115 
1116 done:
1117  if (!NT_SUCCESS(Status))
1118  {
1119  if (RelSD != NULL)
1120  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1121  }
1122 
1123  if (EveryoneSid != NULL)
1124  RtlFreeSid(EveryoneSid);
1125 
1126  if (AnonymousSid != NULL)
1127  RtlFreeSid(AnonymousSid);
1128 
1129  if (AdministratorsSid != NULL)
1130  RtlFreeSid(AdministratorsSid);
1131 
1132  if (Dacl != NULL)
1133  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1134 
1135  if (Sacl != NULL)
1136  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1137 
1138  if (AbsSD != NULL)
1139  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1140 
1141  return Status;
1142 }
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define ALIAS_REMOVE_MEMBER
Definition: ntsam.h:10
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
#define ALIAS_WRITE_ACCOUNT
Definition: ntsam.h:13
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define ALIAS_LIST_MEMBERS
Definition: ntsam.h:11
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
#define READ_CONTROL
Definition: nt_native.h:58
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
#define ALIAS_ALL_ACCESS
Definition: ntsam.h:26
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define ALIAS_ADD_MEMBER
Definition: ntsam.h:9
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define ALIAS_READ_INFORMATION
Definition: ntsam.h:12
Definition: rtltypes.h:988
#define DELETE
Definition: nt_native.h:57

Referenced by SampSetupCreateAliasAccount(), and SamrCreateAliasInDomain().

◆ SampCreateBuiltinDomainSD()

NTSTATUS SampCreateBuiltinDomainSD ( OUT PSECURITY_DESCRIPTOR DomainSd,
OUT PULONG  Size 
)

Definition at line 283 of file security.c.

285 {
286  PSECURITY_DESCRIPTOR AbsSD = NULL;
287  PSECURITY_DESCRIPTOR RelSD = NULL;
288  PSID EveryoneSid = NULL;
289  PSID AnonymousSid = NULL;
290  PSID AdministratorsSid = NULL;
291  PACL Dacl = NULL;
292  PACL Sacl = NULL;
293  ULONG DaclSize;
294  ULONG SaclSize;
295  ULONG RelSDSize = 0;
297 
298 
299  /* Create the Everyone SID */
301  1,
303  0,
304  0,
305  0,
306  0,
307  0,
308  0,
309  0,
310  &EveryoneSid);
312  if (!NT_SUCCESS(Status))
313  goto done;
314 
315  /* Create the Anonymous SID */
317  1,
319  0,
320  0,
321  0,
322  0,
323  0,
324  0,
325  0,
326  &AnonymousSid);
328  if (!NT_SUCCESS(Status))
329  goto done;
330 
331  /* Create the Administrators SID */
333  2,
336  0,
337  0,
338  0,
339  0,
340  0,
341  0,
342  &AdministratorsSid);
344  if (!NT_SUCCESS(Status))
345  goto done;
346 
347 
348  /* Allocate a buffer for the absolute SD */
349  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
351  sizeof(SECURITY_DESCRIPTOR));
352  if (AbsSD == NULL)
353  {
356  goto done;
357  }
358 
359  /* Create the absolute SD */
363  if (!NT_SUCCESS(Status))
364  goto done;
365 
366  /* allocate and create the DACL */
367  DaclSize = sizeof(ACL) +
368  2 * sizeof(ACE) +
369  RtlLengthSid(EveryoneSid) +
370  RtlLengthSid(AdministratorsSid);
371 
372  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
374  DaclSize);
375  if (Dacl == NULL)
376  {
379  goto done;
380  }
381 
383  DaclSize,
384  ACL_REVISION);
386  if (!NT_SUCCESS(Status))
387  goto done;
388 
390  ACL_REVISION,
392  EveryoneSid);
394  if (!NT_SUCCESS(Status))
395  goto done;
396 
398  ACL_REVISION,
400  AdministratorsSid);
402  if (!NT_SUCCESS(Status))
403  goto done;
404 
405  /* Set the DACL */
407  TRUE,
408  Dacl,
409  FALSE);
411  if (!NT_SUCCESS(Status))
412  goto done;
413 
414  /* allocate and create the SACL */
415  SaclSize = sizeof(ACL) +
416  2 * sizeof(ACE) +
417  RtlLengthSid(EveryoneSid) +
418  RtlLengthSid(AnonymousSid);
419 
420  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
422  DaclSize);
423  if (Sacl == NULL)
424  {
427  goto done;
428  }
429 
431  SaclSize,
432  ACL_REVISION);
434  if (!NT_SUCCESS(Status))
435  goto done;
436 
438  ACL_REVISION,
442  EveryoneSid,
443  TRUE,
444  TRUE);
446  if (!NT_SUCCESS(Status))
447  goto done;
448 
450  ACL_REVISION,
452  AnonymousSid,
453  TRUE,
454  TRUE);
456  if (!NT_SUCCESS(Status))
457  goto done;
458 
459  /* Set the SACL */
461  TRUE,
462  Sacl,
463  FALSE);
465  if (!NT_SUCCESS(Status))
466  goto done;
467 
468  /* Set the owner SID */
470  AdministratorsSid,
471  FALSE);
473  if (!NT_SUCCESS(Status))
474  goto done;
475 
476  /* Set the group SID */
478  AdministratorsSid,
479  FALSE);
481  if (!NT_SUCCESS(Status))
482  goto done;
483 
484  /* Get the reqired buffer size for the self-relative SD */
486  NULL,
487  &RelSDSize);
489  goto done;
490 
491  /* Allocate a buffer for the self-relative SD */
492  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
494  RelSDSize);
495  if (RelSD == NULL)
496  {
499  goto done;
500  }
501 
502  /* Convert the absolute SD to self-relative format */
504  RelSD,
505  &RelSDSize);
507  {
509  goto done;
510  }
511 
512  *ServerSd = RelSD;
513  *Size = RelSDSize;
514 
515 done:
516  if (!NT_SUCCESS(Status))
517  {
518  if (RelSD != NULL)
519  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
520  }
521 
522  if (EveryoneSid != NULL)
523  RtlFreeSid(EveryoneSid);
524 
525  if (AnonymousSid != NULL)
526  RtlFreeSid(AnonymousSid);
527 
528  if (AdministratorsSid != NULL)
529  RtlFreeSid(AdministratorsSid);
530 
531  if (Dacl != NULL)
532  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
533 
534  if (Sacl != NULL)
535  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
536 
537  if (AbsSD != NULL)
538  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
539 
540  return Status;
541 }
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SAM_SERVER_ALL_ACCESS
Definition: ntsam.h:118
#define DOMAIN_READ
Definition: ntsam.h:45
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
#define DOMAIN_EXECUTE
Definition: ntsam.h:57
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
Definition: rtltypes.h:988
#define DELETE
Definition: nt_native.h:57

Referenced by SampSetupCreateDomain().

◆ SampCreateDbObject()

NTSTATUS SampCreateDbObject ( IN PSAM_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN ULONG  RelativeId,
IN SAM_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
OUT PSAM_DB_OBJECT DbObject 
)

Definition at line 42 of file database.c.

49 {
51  HANDLE ParentKeyHandle;
52  HANDLE ContainerKeyHandle = NULL;
53  HANDLE ObjectKeyHandle = NULL;
54  HANDLE MembersKeyHandle = NULL;
56 
57  if (DbObject == NULL)
59 
60  *DbObject = NULL;
61 
62  if (ParentObject == NULL)
63  ParentKeyHandle = SamKeyHandle;
64  else
65  ParentKeyHandle = ParentObject->KeyHandle;
66 
67  if (ContainerName != NULL)
68  {
69  /* Open the container key */
70  Status = SampRegOpenKey(ParentKeyHandle,
71  ContainerName,
73  &ContainerKeyHandle);
74  if (!NT_SUCCESS(Status))
75  {
76  goto done;
77  }
78 
79  /* Create the object key */
80  Status = SampRegCreateKey(ContainerKeyHandle,
81  ObjectName,
83  &ObjectKeyHandle);
84  if (!NT_SUCCESS(Status))
85  {
86  goto done;
87  }
88 
90  {
91  /* Create the object key */
92  Status = SampRegCreateKey(ContainerKeyHandle,
93  L"Members",
95  &MembersKeyHandle);
96  if (!NT_SUCCESS(Status))
97  {
98  goto done;
99  }
100  }
101  }
102  else
103  {
104  /* Create the object key */
105  Status = SampRegCreateKey(ParentKeyHandle,
106  ObjectName,
108  &ObjectKeyHandle);
109  if (!NT_SUCCESS(Status))
110  {
111  goto done;
112  }
113  }
114 
115  NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
117  sizeof(SAM_DB_OBJECT));
118  if (NewObject == NULL)
119  {
121  goto done;
122  }
123 
124  NewObject->Name = RtlAllocateHeap(RtlGetProcessHeap(),
125  0,
126  (wcslen(ObjectName) + 1) * sizeof(WCHAR));
127  if (NewObject->Name == NULL)
128  {
130  goto done;
131  }
132 
133  wcscpy(NewObject->Name, ObjectName);
134 
135  NewObject->Signature = SAMP_DB_SIGNATURE;
136  NewObject->RefCount = 1;
137  NewObject->ObjectType = ObjectType;
138  NewObject->Access = DesiredAccess;
139  NewObject->KeyHandle = ObjectKeyHandle;
140  NewObject->MembersKeyHandle = MembersKeyHandle;
141  NewObject->RelativeId = RelativeId;
142  NewObject->ParentObject = ParentObject;
143 
144  if (ParentObject != NULL)
145  NewObject->Trusted = ParentObject->Trusted;
146 
147  *DbObject = NewObject;
148 
149 done:
150  if (!NT_SUCCESS(Status))
151  {
152  if (NewObject != NULL)
153  {
154  if (NewObject->Name != NULL)
155  RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject->Name);
156 
157  RtlFreeHeap(RtlGetProcessHeap(), 0, NewObject);
158  }
159 
160  SampRegCloseKey(&MembersKeyHandle);
161  SampRegCloseKey(&ObjectKeyHandle);
162  }
163 
164  SampRegCloseKey(&ContainerKeyHandle);
165 
166  return Status;
167 }
ObjectType
Definition: metafile.c:80
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
static HANDLE SamKeyHandle
Definition: database.c:13
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define SAMP_DB_SIGNATURE
Definition: samsrv.h:58
NTSTATUS SampRegCreateKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:42
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampCreateGroupSD()

NTSTATUS SampCreateGroupSD ( OUT PSECURITY_DESCRIPTOR GroupSd,
OUT PULONG  Size 
)

Definition at line 1146 of file security.c.

1148 {
1149  PSECURITY_DESCRIPTOR AbsSD = NULL;
1150  PSECURITY_DESCRIPTOR RelSD = NULL;
1151  PSID EveryoneSid = NULL;
1152  PSID AnonymousSid = NULL;
1153  PSID AdministratorsSid = NULL;
1154  PSID AccountOperatorsSid = NULL;
1155  PACL Dacl = NULL;
1156  PACL Sacl = NULL;
1157  ULONG DaclSize;
1158  ULONG SaclSize;
1159  ULONG RelSDSize = 0;
1161 
1162 
1163  /* Create the Everyone SID */
1165  1,
1167  0,
1168  0,
1169  0,
1170  0,
1171  0,
1172  0,
1173  0,
1174  &EveryoneSid);
1176  if (!NT_SUCCESS(Status))
1177  goto done;
1178 
1179  /* Create the Anonymous SID */
1181  1,
1183  0,
1184  0,
1185  0,
1186  0,
1187  0,
1188  0,
1189  0,
1190  &AnonymousSid);
1192  if (!NT_SUCCESS(Status))
1193  goto done;
1194 
1195  /* Create the Administrators SID */
1197  2,
1200  0,
1201  0,
1202  0,
1203  0,
1204  0,
1205  0,
1206  &AdministratorsSid);
1208  if (!NT_SUCCESS(Status))
1209  goto done;
1210 
1211  /* Create the Account Operators SID */
1213  2,
1216  0,
1217  0,
1218  0,
1219  0,
1220  0,
1221  0,
1222  &AccountOperatorsSid);
1224  if (!NT_SUCCESS(Status))
1225  goto done;
1226 
1227  /* Allocate a buffer for the absolute SD */
1228  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1230  sizeof(SECURITY_DESCRIPTOR));
1231  if (AbsSD == NULL)
1232  {
1235  goto done;
1236  }
1237 
1238  /* Create the absolute SD */
1242  if (!NT_SUCCESS(Status))
1243  goto done;
1244 
1245  /* allocate and create the DACL */
1246  DaclSize = sizeof(ACL) +
1247  3 * sizeof(ACE) +
1248  RtlLengthSid(EveryoneSid) +
1249  RtlLengthSid(AdministratorsSid) +
1250  RtlLengthSid(AccountOperatorsSid);
1251 
1252  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1254  DaclSize);
1255  if (Dacl == NULL)
1256  {
1259  goto done;
1260  }
1261 
1263  DaclSize,
1264  ACL_REVISION);
1266  if (!NT_SUCCESS(Status))
1267  goto done;
1268 
1270  ACL_REVISION,
1272  EveryoneSid);
1274  if (!NT_SUCCESS(Status))
1275  goto done;
1276 
1278  ACL_REVISION,
1280  AdministratorsSid);
1282  if (!NT_SUCCESS(Status))
1283  goto done;
1284 
1286  ACL_REVISION,
1288  AccountOperatorsSid);
1290  if (!NT_SUCCESS(Status))
1291  goto done;
1292 
1293  /* Set the DACL */
1295  TRUE,
1296  Dacl,
1297  FALSE);
1299  if (!NT_SUCCESS(Status))
1300  goto done;
1301 
1302  /* allocate and create the SACL */
1303  SaclSize = sizeof(ACL) +
1304  2 * sizeof(ACE) +
1305  RtlLengthSid(EveryoneSid) +
1306  RtlLengthSid(AnonymousSid);
1307 
1308  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1310  DaclSize);
1311  if (Sacl == NULL)
1312  {
1315  goto done;
1316  }
1317 
1319  SaclSize,
1320  ACL_REVISION);
1322  if (!NT_SUCCESS(Status))
1323  goto done;
1324 
1326  ACL_REVISION,
1330  EveryoneSid,
1331  TRUE,
1332  TRUE);
1334  if (!NT_SUCCESS(Status))
1335  goto done;
1336 
1338  ACL_REVISION,
1340  AnonymousSid,
1341  TRUE,
1342  TRUE);
1344  if (!NT_SUCCESS(Status))
1345  goto done;
1346 
1347  /* Set the SACL */
1349  TRUE,
1350  Sacl,
1351  FALSE);
1353  if (!NT_SUCCESS(Status))
1354  goto done;
1355 
1356  /* Set the owner SID */
1358  AdministratorsSid,
1359  FALSE);
1361  if (!NT_SUCCESS(Status))
1362  goto done;
1363 
1364  /* Set the group SID */
1366  AdministratorsSid,
1367  FALSE);
1369  if (!NT_SUCCESS(Status))
1370  goto done;
1371 
1372  /* Get the reqired buffer size for the self-relative SD */
1374  NULL,
1375  &RelSDSize);
1377  goto done;
1378 
1379  /* Allocate a buffer for the self-relative SD */
1380  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1382  RelSDSize);
1383  if (RelSD == NULL)
1384  {
1387  goto done;
1388  }
1389 
1390  /* Convert the absolute SD to self-relative format */
1392  RelSD,
1393  &RelSDSize);
1395  {
1397  goto done;
1398  }
1399 
1400  *GroupSd = RelSD;
1401  *Size = RelSDSize;
1402 
1403 done:
1404  if (!NT_SUCCESS(Status))
1405  {
1406  if (RelSD != NULL)
1407  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1408  }
1409 
1410  if (EveryoneSid != NULL)
1411  RtlFreeSid(EveryoneSid);
1412 
1413  if (AnonymousSid != NULL)
1414  RtlFreeSid(AnonymousSid);
1415 
1416  if (AdministratorsSid != NULL)
1417  RtlFreeSid(AdministratorsSid);
1418 
1419  if (Dacl != NULL)
1420  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1421 
1422  if (Sacl != NULL)
1423  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1424 
1425  if (AbsSD != NULL)
1426  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1427 
1428  return Status;
1429 }
#define GROUP_WRITE_ACCOUNT
Definition: ntsam.h:76
#define GROUP_ADD_MEMBER
Definition: ntsam.h:77
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define DOMAIN_ALIAS_RID_ACCOUNT_OPS
Definition: setypes.h:629
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
#define GROUP_READ_INFORMATION
Definition: ntsam.h:75
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
#define READ_CONTROL
Definition: nt_native.h:58
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define GROUP_REMOVE_MEMBER
Definition: ntsam.h:78
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
#define GROUP_ALL_ACCESS
Definition: ntsam.h:92
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define GROUP_LIST_MEMBERS
Definition: ntsam.h:79
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
Definition: rtltypes.h:988
#define DELETE
Definition: nt_native.h:57

Referenced by SampSetupCreateGroupAccount(), and SamrCreateGroupInDomain().

◆ SampCreateServerSD()

NTSTATUS SampCreateServerSD ( OUT PSECURITY_DESCRIPTOR ServerSd,
OUT PULONG  Size 
)

Definition at line 21 of file security.c.

23 {
24  PSECURITY_DESCRIPTOR AbsSD = NULL;
25  PSECURITY_DESCRIPTOR RelSD = NULL;
26  PSID EveryoneSid = NULL;
27  PSID AnonymousSid = NULL;
28  PSID AdministratorsSid = NULL;
29  PACL Dacl = NULL;
30  PACL Sacl = NULL;
33  ULONG RelSDSize = 0;
35 
36 
37  /* Create the Everyone SID */
39  1,
41  0,
42  0,
43  0,
44  0,
45  0,
46  0,
47  0,
48  &EveryoneSid);
50  if (!NT_SUCCESS(Status))
51  goto done;
52 
53  /* Create the Anonymous SID */
55  1,
57  0,
58  0,
59  0,
60  0,
61  0,
62  0,
63  0,
64  &AnonymousSid);
66  if (!NT_SUCCESS(Status))
67  goto done;
68 
69  /* Create the Administrators SID */
71  2,
74  0,
75  0,
76  0,
77  0,
78  0,
79  0,
80  &AdministratorsSid);
82  if (!NT_SUCCESS(Status))
83  goto done;
84 
85 
86  /* Allocate a buffer for the absolute SD */
87  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
89  sizeof(SECURITY_DESCRIPTOR));
90  if (AbsSD == NULL)
91  {
94  goto done;
95  }
96 
97  /* Create the absolute SD */
101  if (!NT_SUCCESS(Status))
102  goto done;
103 
104  /* allocate and create the DACL */
105  DaclSize = sizeof(ACL) +
106  2 * sizeof(ACE) +
107  RtlLengthSid(EveryoneSid) +
108  RtlLengthSid(AdministratorsSid);
109 
110  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
112  DaclSize);
113  if (Dacl == NULL)
114  {
117  goto done;
118  }
119 
121  DaclSize,
122  ACL_REVISION);
124  if (!NT_SUCCESS(Status))
125  goto done;
126 
128  ACL_REVISION,
130  EveryoneSid);
132  if (!NT_SUCCESS(Status))
133  goto done;
134 
136  ACL_REVISION,
138  AdministratorsSid);
140  if (!NT_SUCCESS(Status))
141  goto done;
142 
143  /* Set the DACL */
145  TRUE,
146  Dacl,
147  FALSE);
149  if (!NT_SUCCESS(Status))
150  goto done;
151 
152  /* allocate and create the SACL */
153  SaclSize = sizeof(ACL) +
154  2 * sizeof(ACE) +
155  RtlLengthSid(EveryoneSid) +
156  RtlLengthSid(AnonymousSid);
157 
158  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
160  DaclSize);
161  if (Sacl == NULL)
162  {
165  goto done;
166  }
167 
169  SaclSize,
170  ACL_REVISION);
172  if (!NT_SUCCESS(Status))
173  goto done;
174 
176  ACL_REVISION,
180  EveryoneSid,
181  TRUE,
182  TRUE);
184  if (!NT_SUCCESS(Status))
185  goto done;
186 
188  ACL_REVISION,
190  AnonymousSid,
191  TRUE,
192  TRUE);
194  if (!NT_SUCCESS(Status))
195  goto done;
196 
197  /* Set the SACL */
199  TRUE,
200  Sacl,
201  FALSE);
203  if (!NT_SUCCESS(Status))
204  goto done;
205 
206  /* Set the owner SID */
208  AdministratorsSid,
209  FALSE);
211  if (!NT_SUCCESS(Status))
212  goto done;
213 
214  /* Set the group SID */
216  AdministratorsSid,
217  FALSE);
219  if (!NT_SUCCESS(Status))
220  goto done;
221 
222  /* Get the reqired buffer size for the self-relative SD */
224  NULL,
225  &RelSDSize);
227  goto done;
228 
229  /* Allocate a buffer for the self-relative SD */
230  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
232  RelSDSize);
233  if (RelSD == NULL)
234  {
237  goto done;
238  }
239 
240  /* Convert the absolute SD to self-relative format */
242  RelSD,
243  &RelSDSize);
245  {
247  goto done;
248  }
249 
250  *ServerSd = RelSD;
251  *Size = RelSDSize;
252 
253 done:
254  if (!NT_SUCCESS(Status))
255  {
256  if (RelSD != NULL)
257  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
258  }
259 
260  if (EveryoneSid != NULL)
261  RtlFreeSid(EveryoneSid);
262 
263  if (AnonymousSid != NULL)
264  RtlFreeSid(AnonymousSid);
265 
266  if (AdministratorsSid != NULL)
267  RtlFreeSid(AdministratorsSid);
268 
269  if (Dacl != NULL)
270  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
271 
272  if (Sacl != NULL)
273  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
274 
275  if (AbsSD != NULL)
276  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
277 
278  return Status;
279 }
#define TRUE
Definition: types.h:120
#define SAM_SERVER_READ
Definition: ntsam.h:106
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define SAM_SERVER_INITIALIZE
Definition: ntsam.h:101
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
#define SAM_SERVER_EXECUTE
Definition: ntsam.h:114
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
#define SAM_SERVER_CREATE_DOMAIN
Definition: ntsam.h:102
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SAM_SERVER_ALL_ACCESS
Definition: ntsam.h:118
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
#define SAM_SERVER_SHUTDOWN
Definition: ntsam.h:100
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
Definition: rtltypes.h:988
#define DELETE
Definition: nt_native.h:57

Referenced by SampSetupCreateServer().

◆ SampCreateUserSD()

NTSTATUS SampCreateUserSD ( IN PSID  UserSid,
OUT PSECURITY_DESCRIPTOR UserSd,
OUT PULONG  Size 
)

Definition at line 1433 of file security.c.

1436 {
1437  PSECURITY_DESCRIPTOR AbsSD = NULL;
1438  PSECURITY_DESCRIPTOR RelSD = NULL;
1439  PSID EveryoneSid = NULL;
1440  PSID AnonymousSid = NULL;
1441  PSID AdministratorsSid = NULL;
1442  PACL Dacl = NULL;
1443  PACL Sacl = NULL;
1444  ULONG DaclSize;
1445  ULONG SaclSize;
1446  ULONG RelSDSize = 0;
1448 
1449 
1450  /* Create the Everyone SID */
1452  1,
1454  0,
1455  0,
1456  0,
1457  0,
1458  0,
1459  0,
1460  0,
1461  &EveryoneSid);
1463  if (!NT_SUCCESS(Status))
1464  goto done;
1465 
1466  /* Create the Anonymous SID */
1468  1,
1470  0,
1471  0,
1472  0,
1473  0,
1474  0,
1475  0,
1476  0,
1477  &AnonymousSid);
1479  if (!NT_SUCCESS(Status))
1480  goto done;
1481 
1482  /* Create the Administrators SID */
1484  2,
1487  0,
1488  0,
1489  0,
1490  0,
1491  0,
1492  0,
1493  &AdministratorsSid);
1495  if (!NT_SUCCESS(Status))
1496  goto done;
1497 
1498  /* Allocate a buffer for the absolute SD */
1499  AbsSD = RtlAllocateHeap(RtlGetProcessHeap(),
1501  sizeof(SECURITY_DESCRIPTOR));
1502  if (AbsSD == NULL)
1503  {
1506  goto done;
1507  }
1508 
1509  /* Create the absolute SD */
1513  if (!NT_SUCCESS(Status))
1514  goto done;
1515 
1516  /* allocate and create the DACL */
1517  DaclSize = sizeof(ACL) +
1518  3 * sizeof(ACE) +
1519  RtlLengthSid(EveryoneSid) +
1520  RtlLengthSid(AdministratorsSid) +
1521  RtlLengthSid(UserSid);
1522 
1523  Dacl = RtlAllocateHeap(RtlGetProcessHeap(),
1525  DaclSize);
1526  if (Dacl == NULL)
1527  {
1530  goto done;
1531  }
1532 
1534  DaclSize,
1535  ACL_REVISION);
1537  if (!NT_SUCCESS(Status))
1538  goto done;
1539 
1541  ACL_REVISION,
1545  EveryoneSid);
1547  if (!NT_SUCCESS(Status))
1548  goto done;
1549 
1551  ACL_REVISION,
1553  AdministratorsSid);
1555  if (!NT_SUCCESS(Status))
1556  goto done;
1557 
1559  ACL_REVISION,
1561  UserSid);
1563  if (!NT_SUCCESS(Status))
1564  goto done;
1565 
1566  /* Set the DACL */
1568  TRUE,
1569  Dacl,
1570  FALSE);
1572  if (!NT_SUCCESS(Status))
1573  goto done;
1574 
1575  /* allocate and create the SACL */
1576  SaclSize = sizeof(ACL) +
1577  2 * sizeof(ACE) +
1578  RtlLengthSid(EveryoneSid) +
1579  RtlLengthSid(AnonymousSid);
1580 
1581  Sacl = RtlAllocateHeap(RtlGetProcessHeap(),
1583  DaclSize);
1584  if (Sacl == NULL)
1585  {
1588  goto done;
1589  }
1590 
1592  SaclSize,
1593  ACL_REVISION);
1595  if (!NT_SUCCESS(Status))
1596  goto done;
1597 
1599  ACL_REVISION,
1602  EveryoneSid,
1603  TRUE,
1604  TRUE);
1606  if (!NT_SUCCESS(Status))
1607  goto done;
1608 
1610  ACL_REVISION,
1612  AnonymousSid,
1613  TRUE,
1614  TRUE);
1616  if (!NT_SUCCESS(Status))
1617  goto done;
1618 
1619  /* Set the SACL */
1621  TRUE,
1622  Sacl,
1623  FALSE);
1625  if (!NT_SUCCESS(Status))
1626  goto done;
1627 
1628  /* Set the owner SID */
1630  AdministratorsSid,
1631  FALSE);
1633  if (!NT_SUCCESS(Status))
1634  goto done;
1635 
1636  /* Set the group SID */
1638  AdministratorsSid,
1639  FALSE);
1641  if (!NT_SUCCESS(Status))
1642  goto done;
1643 
1644  /* Get the reqired buffer size for the self-relative SD */
1646  NULL,
1647  &RelSDSize);
1649  goto done;
1650 
1651  /* Allocate a buffer for the self-relative SD */
1652  RelSD = RtlAllocateHeap(RtlGetProcessHeap(),
1654  RelSDSize);
1655  if (RelSD == NULL)
1656  {
1659  goto done;
1660  }
1661 
1662  /* Convert the absolute SD to self-relative format */
1664  RelSD,
1665  &RelSDSize);
1667  {
1669  goto done;
1670  }
1671 
1672  *UserSd = RelSD;
1673  *Size = RelSDSize;
1674 
1675 done:
1676  if (!NT_SUCCESS(Status))
1677  {
1678  if (RelSD != NULL)
1679  RtlFreeHeap(RtlGetProcessHeap(), 0, RelSD);
1680  }
1681 
1682  if (EveryoneSid != NULL)
1683  RtlFreeSid(EveryoneSid);
1684 
1685  if (AnonymousSid != NULL)
1686  RtlFreeSid(AnonymousSid);
1687 
1688  if (AdministratorsSid != NULL)
1689  RtlFreeSid(AdministratorsSid);
1690 
1691  if (Dacl != NULL)
1692  RtlFreeHeap(RtlGetProcessHeap(), 0, Dacl);
1693 
1694  if (Sacl != NULL)
1695  RtlFreeHeap(RtlGetProcessHeap(), 0, Sacl);
1696 
1697  if (AbsSD != NULL)
1698  RtlFreeHeap(RtlGetProcessHeap(), 0, AbsSD);
1699 
1700  return Status;
1701 }
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted)
Definition: sd.c:410
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
static SID_IDENTIFIER_AUTHORITY WorldAuthority
Definition: security.c:14
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(_Out_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Revision)
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
static SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: security.c:15
#define USER_READ_GENERAL
Definition: ntsam.h:126
NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD(IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength)
Definition: sd.c:626
struct _ACL ACL
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG SaclSize
Definition: rtlfuncs.h:1555
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor(IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted)
Definition: sd.c:342
#define USER_LIST_GROUPS
Definition: ntsam.h:134
#define USER_WRITE_PREFERENCES
Definition: ntsam.h:128
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define USER_READ_GROUP_INFORMATION
Definition: ntsam.h:135
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define WRITE_DAC
Definition: nt_native.h:59
#define SPECIFIC_RIGHTS_ALL
Definition: nt_native.h:71
#define USER_ALL_ACCESS
Definition: ntsam.h:153
#define SECURITY_WORLD_RID
Definition: setypes.h:513
#define SECURITY_ANONYMOUS_LOGON_RID
Definition: setypes.h:535
#define READ_CONTROL
Definition: nt_native.h:58
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1553
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR, PSID, BOOLEAN)
IN PVOID IN PVOID IN USHORT IN USHORT Size
Definition: pci.h:359
Status
Definition: gdiplustypes.h:24
NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce(_Inout_ PACL Acl, _In_ ULONG Revision, _In_ ACCESS_MASK AccessMask, _In_ PSID Sid, _In_ BOOLEAN Success, _In_ BOOLEAN Failure)
#define STANDARD_RIGHTS_ALL
Definition: nt_native.h:69
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG DaclSize
Definition: rtlfuncs.h:1553
#define ACL_REVISION
Definition: setypes.h:39
unsigned int ULONG
Definition: retypes.h:1
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL Sacl
Definition: rtlfuncs.h:1555
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DOMAIN_ALIAS_RID_ADMINS
Definition: setypes.h:624
#define USER_READ_LOGON
Definition: ntsam.h:129
Definition: rtltypes.h:988
#define DELETE
Definition: nt_native.h:57
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132

Referenced by SampSetupCreateUserAccount(), SamrCreateUser2InDomain(), and SamrCreateUserInDomain().

◆ SampDeleteAccountDbObject()

NTSTATUS SampDeleteAccountDbObject ( PSAM_DB_OBJECT  DbObject)

Definition at line 366 of file database.c.

367 {
368  LPCWSTR ContainerName;
369  LPWSTR AccountName = NULL;
370  HANDLE ContainerKey = NULL;
371  HANDLE NamesKey = NULL;
372  ULONG Length = 0;
374 
375  TRACE("(%p)\n", DbObject);
376 
377  /* Server and Domain objects cannot be deleted */
378  switch (DbObject->ObjectType)
379  {
380  case SamDbAliasObject:
381  ContainerName = L"Aliases";
382  break;
383 
384  case SamDbGroupObject:
385  ContainerName = L"Groups";
386  break;
387 
388  case SamDbUserObject:
389  ContainerName = L"Users";
390  break;
391 
392  default:
394  }
395 
396  /* Get the account name */
397  Status = SampGetObjectAttribute(DbObject,
398  L"Name",
399  NULL,
400  NULL,
401  &Length);
403  {
404  TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
405  goto done;
406  }
407 
408  AccountName = RtlAllocateHeap(RtlGetProcessHeap(),
410  Length);
411  if (AccountName == NULL)
412  {
414  goto done;
415  }
416 
417  Status = SampGetObjectAttribute(DbObject,
418  L"Name",
419  NULL,
420  (PVOID)AccountName,
421  &Length);
422  if (!NT_SUCCESS(Status))
423  {
424  TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
425  goto done;
426  }
427 
428  SampRegCloseKey(&DbObject->KeyHandle);
429 
430  if (DbObject->ObjectType == SamDbAliasObject)
431  {
432  SampRegCloseKey(&DbObject->MembersKeyHandle);
433 
434  SampRegDeleteKey(DbObject->KeyHandle,
435  L"Members");
436  }
437 
438  /* Open the domain container key */
439  Status = SampRegOpenKey(DbObject->ParentObject->KeyHandle,
440  ContainerName,
442  &ContainerKey);
443  if (!NT_SUCCESS(Status))
444  {
445  TRACE("SampRegOpenKey failed (Status 0x%08lx)\n", Status);
446  goto done;
447  }
448 
449  /* Open the Names key */
450  Status = SampRegOpenKey(ContainerKey,
451  L"Names",
453  &NamesKey);
454  if (!NT_SUCCESS(Status))
455  {
456  TRACE("SampRegOpenKey failed (Status 0x%08lx)\n", Status);
457  goto done;
458  }
459 
460  /* Remove the account from the Names key */
461  Status = SampRegDeleteValue(NamesKey,
462  AccountName);
463  if (!NT_SUCCESS(Status))
464  {
465  TRACE("SampRegDeleteValue failed (Status 0x%08lx)\n", Status);
466  goto done;
467  }
468 
469  /* Remove the account key from the container */
470  Status = SampRegDeleteKey(ContainerKey,
471  DbObject->Name);
472  if (!NT_SUCCESS(Status))
473  {
474  TRACE("SampRegDeleteKey failed (Status 0x%08lx)\n", Status);
475  goto done;
476  }
477 
478  /* Release the database object name */
479  if (DbObject->Name != NULL)
480  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject->Name);
481 
482  /* Release the database object */
483  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
484 
486 
487 done:
488  SampRegCloseKey(&NamesKey);
489  SampRegCloseKey(&ContainerKey);
490 
491  if (AccountName != NULL)
492  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountName);
493 
494  return Status;
495 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define KEY_SET_VALUE
Definition: nt_native.h:1017
const WCHAR * LPCWSTR
Definition: xmlstorage.h:185
SAM_DB_OBJECT_TYPE ObjectType
Definition: samsrv.h:47
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS SampRegDeleteValue(IN HANDLE KeyHandle, IN LPCWSTR ValueName)
Definition: registry.c:212
NTSTATUS SampRegCloseKey(IN OUT PHANDLE KeyHandle)
Definition: registry.c:26
HANDLE MembersKeyHandle
Definition: samsrv.h:52
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
LPWSTR Name
Definition: samsrv.h:50
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
NTSTATUS SampRegDeleteKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:71
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
HANDLE KeyHandle
Definition: samsrv.h:51
struct _SAM_DB_OBJECT * ParentObject
Definition: samsrv.h:55
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
unsigned int ULONG
Definition: retypes.h:1
WCHAR * LPWSTR
Definition: xmlstorage.h:184
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define DELETE
Definition: nt_native.h:57

Referenced by SamrDeleteAlias(), SamrDeleteGroup(), and SamrDeleteUser().

◆ SampGetLogonHoursAttribute()

NTSTATUS SampGetLogonHoursAttribute ( IN PSAM_DB_OBJECT  UserObject,
IN OUT PSAMPR_LOGON_HOURS  LogonHours 
)

Definition at line 619 of file user.c.

621 {
622  PUCHAR RawBuffer = NULL;
623  ULONG Length = 0;
624  ULONG BufferLength = 0;
626 
627  Status = SampGetObjectAttribute(UserObject,
628  L"LogonHours",
629  NULL,
630  NULL,
631  &Length);
633  {
634  TRACE("SampGetObjectAttribute failed (Status 0x%08lx)\n", Status);
635  return Status;
636  }
637 
639 
640  if (Length == 0)
641  {
642  LogonHours->UnitsPerWeek = 0;
643  LogonHours->LogonHours = NULL;
644  }
645  else
646  {
647  RawBuffer = midl_user_allocate(Length);
648  if (RawBuffer == NULL)
649  {
651  goto done;
652  }
653 
654  Status = SampGetObjectAttribute(UserObject,
655  L"LogonHours",
656  NULL,
657  (PVOID)RawBuffer,
658  &Length);
659  if (!NT_SUCCESS(Status))
660  goto done;
661 
662  LogonHours->UnitsPerWeek = *((PUSHORT)RawBuffer);
663 
664  BufferLength = (((ULONG)LogonHours->UnitsPerWeek) + 7) / 8;
665 
666  LogonHours->LogonHours = midl_user_allocate(BufferLength);
667  if (LogonHours->LogonHours == NULL)
668  {
669  TRACE("Failed to allocate LogonHours buffer!\n");
671  goto done;
672  }
673 
674  memcpy(LogonHours->LogonHours,
675  &(RawBuffer[2]),
676  BufferLength);
677  }
678 
679 done:
680 
681  if (RawBuffer != NULL)
682  midl_user_free(RawBuffer);
683 
684  return Status;
685 }
#define midl_user_free
Definition: rpc.h:45
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define midl_user_allocate
Definition: rpc.h:44
unsigned char * PUCHAR
Definition: retypes.h:3
LONG NTSTATUS
Definition: precomp.h:26
_In_ ULONG BufferLength
Definition: usbdlib.h:225
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
static const WCHAR L[]
Definition: oid.c:1250
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
Status
Definition: gdiplustypes.h:24
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938
unsigned short * PUSHORT
Definition: retypes.h:2

Referenced by SampQueryUserAccount(), SampQueryUserAll(), SampQueryUserLogon(), and SampQueryUserLogonHours().

◆ SampGetMembersInAlias()

NTSTATUS SampGetMembersInAlias ( IN PSAM_DB_OBJECT  AliasObject,
OUT PULONG  MemberCount,
OUT PSAMPR_SID_INFORMATION MemberArray 
)

Definition at line 218 of file alias.c.

221 {
222  HANDLE MembersKeyHandle = NULL;
223  PSAMPR_SID_INFORMATION Members = NULL;
224  ULONG Count = 0;
226  ULONG Index;
228 
229  /* Open the members key of the alias object */
230  Status = SampRegOpenKey(AliasObject->KeyHandle,
231  L"Members",
232  KEY_READ,
233  &MembersKeyHandle);
234  if (!NT_SUCCESS(Status))
235  {
236  ERR("SampRegOpenKey failed with status 0x%08lx\n", Status);
237  goto done;
238  }
239 
240  /* Get the number of members */
241  Status = SampRegQueryKeyInfo(MembersKeyHandle,
242  NULL,
243  &Count);
244  if (!NT_SUCCESS(Status))
245  {
246  ERR("SampRegQueryKeyInfo failed with status 0x%08lx\n", Status);
247  goto done;
248  }
249 
250  /* Allocate the member array */
251  Members = midl_user_allocate(Count * sizeof(SAMPR_SID_INFORMATION));
252  if (Members == NULL)
253  {
255  goto done;
256  }
257 
258  /* Enumerate the members */
259  Index = 0;
260  while (TRUE)
261  {
262  /* Get the size of the next SID */
263  DataLength = 0;
264  Status = SampRegEnumerateValue(MembersKeyHandle,
265  Index,
266  NULL,
267  NULL,
268  NULL,
269  NULL,
270  &DataLength);
271  if (!NT_SUCCESS(Status))
272  {
275  break;
276  }
277 
278  /* Allocate a buffer for the SID */
280  if (Members[Index].SidPointer == NULL)
281  {
283  goto done;
284  }
285 
286  /* Read the SID into the buffer */
287  Status = SampRegEnumerateValue(MembersKeyHandle,
288  Index,
289  NULL,
290  NULL,
291  NULL,
292  (PVOID)Members[Index].SidPointer,
293  &DataLength);
294  if (!NT_SUCCESS(Status))
295  {
296  goto done;
297  }
298 
299  Index++;
300  }
301 
302  if (NT_SUCCESS(Status))
303  {
304  *MemberCount = Count;
305  *MemberArray = Members;
306  }
307 
308 done:
309  return Status;
310 }
NTSTATUS SampRegEnumerateValue(IN HANDLE KeyHandle, IN ULONG Index, OUT LPWSTR Name, IN OUT PULONG NameLength, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:226
#define TRUE
Definition: types.h:120
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:193
#define KEY_READ
Definition: nt_native.h:1023
#define midl_user_allocate
Definition: rpc.h:44
LONG NTSTATUS
Definition: precomp.h:26
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS SampRegQueryKeyInfo(IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG ValueCount)
Definition: registry.c:181
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static const UCHAR Index[8]
Definition: usbohci.c:18
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
unsigned int ULONG
Definition: retypes.h:1
_Must_inspect_result_ _Out_writes_to_ DataLength PHIDP_DATA _Inout_ PULONG DataLength
Definition: hidpi.h:333
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SampRemoveAllMembersFromAlias(), and SamrGetMembersInAlias().

◆ SampGetObjectAttribute()

NTSTATUS SampGetObjectAttribute ( PSAM_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
PULONG  AttributeType,
LPVOID  AttributeData,
PULONG  AttributeSize 
)

Definition at line 514 of file database.c.

519 {
520  return SampRegQueryValue(DbObject->KeyHandle,
521  AttributeName,
522  AttributeType,
524  AttributeSize);
525 }
NTSTATUS SampRegQueryValue(IN HANDLE KeyHandle, IN LPCWSTR ValueName, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:332
HANDLE KeyHandle
Definition: samsrv.h:51

Referenced by SampAddGroupMembershipToUser(), SampAddMemberToGroup(), SampCreateAccountSid(), SampDeleteAccountDbObject(), SampGetLogonHoursAttribute(), SampGetObjectAttributeString(), SampGetUserGroupAttributes(), SampQueryDomainGeneral(), SampQueryDomainGeneral2(), SampQueryDomainLockout(), SampQueryDomainLogoff(), SampQueryDomainModified(), SampQueryDomainModified2(), SampQueryDomainPassword(), SampQueryDomainServerRole(), SampQueryDomainState(), SampQueryGroupAttribute(), SampQueryGroupGeneral(), SampQueryUserAccount(), SampQueryUserAll(), SampQueryUserControl(), SampQueryUserExpires(), SampQueryUserGeneral(), SampQueryUserInternal1(), SampQueryUserInternal2(), SampQueryUserLogon(), SampQueryUserPreferences(), SampQueryUserPrimaryGroup(), SampRemoveGroupMembershipFromUser(), SampRemoveMemberFromGroup(), SampRemoveUserFromAllGroups(), SampSetDomainLockout(), SampSetDomainLogoff(), SampSetDomainPassword(), SampSetDomainServerRole(), SampSetDomainState(), SampSetGroupAttribute(), SampSetUserAll(), SampSetUserControl(), SampSetUserExpires(), SampSetUserGeneral(), SampSetUserGroupAttributes(), SampSetUserInternal1(), SampSetUserInternal2(), SampSetUserPassword(), SampSetUserPreferences(), SampSetUserPrimaryGroup(), SamrChangePasswordUser(), SamrCreateAliasInDomain(), SamrCreateGroupInDomain(), SamrCreateUser2InDomain(), SamrCreateUserInDomain(), SamrDeleteGroup(), SamrGetDomainPasswordInformation(), SamrGetGroupsForUser(), SamrGetMembersInGroup(), SamrGetUserDomainPasswordInformation(), SamrQuerySecurityObject(), and SamrSetSecurityObject().

◆ SampGetObjectAttributeString()

NTSTATUS SampGetObjectAttributeString ( PSAM_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
PRPC_UNICODE_STRING  String 
)

Definition at line 529 of file database.c.

532 {
533  ULONG Length = 0;
535 
536  Status = SampGetObjectAttribute(DbObject,
537  AttributeName,
538  NULL,
539  NULL,
540  &Length);
542  {
543  TRACE("Status 0x%08lx\n", Status);
544  goto done;
545  }
546 
547  if (Length == 0)
548  {
549  String->Length = 0;
550  String->MaximumLength = 0;
551  String->Buffer = NULL;
552 
554  goto done;
555  }
556 
557  String->Length = (USHORT)(Length - sizeof(WCHAR));
558  String->MaximumLength = (USHORT)Length;
559  String->Buffer = midl_user_allocate(Length);
560  if (String->Buffer == NULL)
561  {
563  goto done;
564  }
565 
566  TRACE("Length: %lu\n", Length);
567  Status = SampGetObjectAttribute(DbObject,
568  AttributeName,
569  NULL,
570  (PVOID)String->Buffer,
571  &Length);
572  if (!NT_SUCCESS(Status))
573  {
574  TRACE("Status 0x%08lx\n", Status);
575  goto done;
576  }
577 
578 done:
579  if (!NT_SUCCESS(Status))
580  {
581  if (String->Buffer != NULL)
582  {
583  midl_user_free(String->Buffer);
584  String->Buffer = NULL;
585  }
586  }
587 
588  return Status;
589 }
#define midl_user_free
Definition: rpc.h:45
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define midl_user_allocate
Definition: rpc.h:44
LONG NTSTATUS
Definition: precomp.h:26
static WCHAR String[]
Definition: stringtable.c:55
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
Status
Definition: gdiplustypes.h:24
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
unsigned short USHORT
Definition: pedump.c:61
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SampQueryAliasAdminComment(), SampQueryAliasGeneral(), SampQueryAliasName(), SampQueryDomainGeneral(), SampQueryDomainGeneral2(), SampQueryDomainName(), SampQueryDomainOem(), SampQueryDomainReplication(), SampQueryGroupAdminComment(), SampQueryGroupGeneral(), SampQueryGroupName(), SampQueryUserAccount(), SampQueryUserAccountName(), SampQueryUserAdminComment(), SampQueryUserAll(), SampQueryUserFullName(), SampQueryUserGeneral(), SampQueryUserHome(), SampQueryUserLogon(), SampQueryUserName(), SampQueryUserParameters(), SampQueryUserPreferences(), SampQueryUserProfile(), SampQueryUserScript(), SampQueryUserWorkStations(), SampSetAliasName(), SampSetGroupName(), and SampSetUserName().

◆ SampGetRidFromSid()

NTSTATUS SampGetRidFromSid ( IN PSID  Sid,
OUT PULONG  Rid 
)

Definition at line 138 of file utils.c.

140 {
141  UCHAR RidCount;
142 
143  RidCount = *RtlSubAuthorityCountSid(Sid);
144  if (RidCount < 1)
145  return STATUS_INVALID_SID;
146 
147  *Rid = *RtlSubAuthoritySid(Sid, RidCount - 1);
148 
149  return STATUS_SUCCESS;
150 }
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define STATUS_INVALID_SID
Definition: ntstatus.h:342
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
unsigned char UCHAR
Definition: xmlstorage.h:181
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SamrRemoveMemberFromForeignDomain().

◆ SampGetUserGroupAttributes()

NTSTATUS SampGetUserGroupAttributes ( IN PSAM_DB_OBJECT  DomainObject,
IN ULONG  UserId,
IN ULONG  GroupId,
OUT PULONG  GroupAttributes 
)

Definition at line 183 of file user.c.

187 {
188  PSAM_DB_OBJECT UserObject = NULL;
189  PGROUP_MEMBERSHIP GroupsBuffer = NULL;
190  ULONG Length = 0;
191  ULONG i;
193 
194  Status = SampOpenUserObject(DomainObject,
195  UserId,
196  0,
197  &UserObject);
198  if (!NT_SUCCESS(Status))
199  {
200  return Status;
201  }
202 
203  SampGetObjectAttribute(UserObject,
204  L"Groups",
205  NULL,
206  NULL,
207  &Length);
208 
209  if (Length == 0)
210  return STATUS_UNSUCCESSFUL; /* FIXME */
211 
212  GroupsBuffer = midl_user_allocate(Length);
213  if (GroupsBuffer == NULL)
214  {
216  goto done;
217  }
218 
219  Status = SampGetObjectAttribute(UserObject,
220  L"Groups",
221  NULL,
222  GroupsBuffer,
223  &Length);
224  if (!NT_SUCCESS(Status))
225  goto done;
226 
227  for (i = 0; i < (Length / sizeof(GROUP_MEMBERSHIP)); i++)
228  {
229  if (GroupsBuffer[i].RelativeId == GroupId)
230  {
231  *GroupAttributes = GroupsBuffer[i].Attributes;
232  goto done;
233  }
234  }
235 
236 done:
237  if (GroupsBuffer != NULL)
238  midl_user_free(GroupsBuffer);
239 
240  if (UserObject != NULL)
241  SampCloseDbObject(UserObject);
242 
243  return Status;
244 }
ULONG Attributes
Definition: ntsam.h:469
#define midl_user_free
Definition: rpc.h:45
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define midl_user_allocate
Definition: rpc.h:44
LONG NTSTATUS
Definition: precomp.h:26
NTSTATUS SampOpenUserObject(IN PSAM_DB_OBJECT DomainObject, IN ULONG UserId, IN ACCESS_MASK DesiredAccess, OUT PSAM_DB_OBJECT *UserObject)
Definition: user.c:14
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
NTSTATUS SampCloseDbObject(PSAM_DB_OBJECT DbObject)
Definition: database.c:344
NTSTATUS SampGetObjectAttribute(PSAM_DB_OBJECT DbObject, LPWSTR AttributeName, PULONG AttributeType, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:514
static const WCHAR L[]
Definition: oid.c:1250
struct _GROUP_MEMBERSHIP GROUP_MEMBERSHIP
Status
Definition: gdiplustypes.h:24
unsigned int ULONG
Definition: retypes.h:1

Referenced by SamrGetMembersInGroup().

◆ SampInitDatabase()

NTSTATUS SampInitDatabase ( VOID  )

Definition at line 19 of file database.c.

20 {
22 
23  TRACE("SampInitDatabase()\n");
24 
26  L"\\Registry\\Machine\\SAM",
28  &SamKeyHandle);
29  if (!NT_SUCCESS(Status))
30  {
31  ERR("Failed to open the SAM key (Status: 0x%08lx)\n", Status);
32  return Status;
33  }
34 
35  TRACE("SampInitDatabase() done\n");
36 
37  return STATUS_SUCCESS;
38 }
#define KEY_READ
Definition: nt_native.h:1023
LONG NTSTATUS
Definition: precomp.h:26
static HANDLE SamKeyHandle
Definition: database.c:13
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
NTSTATUS SampRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle)
Definition: registry.c:158
return STATUS_SUCCESS
Definition: btrfs.c:2938
#define KEY_CREATE_SUB_KEY
Definition: nt_native.h:1018
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019

Referenced by SamIInitialize().

◆ SampInitializeSAM()

BOOL SampInitializeSAM ( VOID  )

Definition at line 888 of file setup.c.

889 {
890  PPOLICY_ACCOUNT_DOMAIN_INFO AccountDomainInfo = NULL;
891  HANDLE hSamKey = NULL;
892  HANDLE hServerKey = NULL;
893  HANDLE hBuiltinDomainKey = NULL;
894  HANDLE hAccountDomainKey = NULL;
895  PSID pBuiltinSid = NULL;
896  PSID pInteractiveSid = NULL;
898  BOOL bResult = TRUE;
899  PSID pSid;
901  WCHAR szComment[256];
902  WCHAR szName[80];
904 
905  TRACE("SampInitializeSAM() called\n");
906 
907  hInstance = GetModuleHandleW(L"samsrv.dll");
908 
909  /* Open the SAM key */
911  L"\\Registry\\Machine\\SAM",
913  &hSamKey);
914  if (!NT_SUCCESS(Status))
915  {
916  ERR("Failed to open the SAM key (Status: 0x%08lx)\n", Status);
917  return FALSE;
918  }
919 
920  /* Create the SAM Server object */
921  Status = SampSetupCreateServer(hSamKey,
922  &hServerKey);
923  if (!NT_SUCCESS(Status))
924  {
925  bResult = FALSE;
926  goto done;
927  }
928 
929  /* Create and initialize the Builtin Domain SID */
930  pBuiltinSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
931  if (pBuiltinSid == NULL)
932  {
933  ERR("Failed to allocate the Builtin Domain SID\n");
934  bResult = FALSE;
935  goto done;
936  }
937 
938  RtlInitializeSid(pBuiltinSid, &SecurityNtAuthority, 1);
939  *(RtlSubAuthoritySid(pBuiltinSid, 0)) = SECURITY_BUILTIN_DOMAIN_RID;
940 
941  /* Create and initialize the Interactive SID */
942  pInteractiveSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
943  if (pInteractiveSid == NULL)
944  {
945  ERR("Failed to allocate the Interactive SID\n");
946  bResult = FALSE;
947  goto done;
948  }
949 
950  RtlInitializeSid(pInteractiveSid, &SecurityNtAuthority, 1);
951  *(RtlSubAuthoritySid(pInteractiveSid, 0)) = SECURITY_INTERACTIVE_RID;
952 
953  /* Create and initialize the Authenticated User SID */
954  pAuthenticatedUserSid = RtlAllocateHeap(RtlGetProcessHeap(), 0, RtlLengthRequiredSid(1));
956  {
957  ERR("Failed to allocate the Authenticated User SID\n");
958  bResult = FALSE;
959  goto done;
960  }
961 
964 
965  /* Get account domain information */
966  Status = SampGetAccountDomainInfo(&AccountDomainInfo);
967  if (!NT_SUCCESS(Status))
968  {
969  ERR("SampGetAccountDomainInfo failed (Status %08lx)\n", Status);
970  bResult = FALSE;
971  goto done;
972  }
973 
975 
976  /* Create the Builtin domain */
977  Status = SampSetupCreateDomain(hServerKey,
978  L"Builtin",
979  szName,
980  pBuiltinSid,
981  TRUE,
982  &hBuiltinDomainKey);
983  if (!NT_SUCCESS(Status))
984  {
985  bResult = FALSE;
986  goto done;
987  }
988 
991 
992  SampSetupCreateAliasAccount(hBuiltinDomainKey,
993  szName,
994  szComment,
996 
999 
1000  SampSetupCreateAliasAccount(hBuiltinDomainKey,
1001  szName,
1002  szComment,
1004 
1007 
1008  SampSetupCreateAliasAccount(hBuiltinDomainKey,
1009  szName,
1010  szComment,
1012 
1015 
1016  SampSetupCreateAliasAccount(hBuiltinDomainKey,
1017  szName,
1018  szComment,
1020 
1021  /* Add the Administrator user to the Administrators alias */
1022  pSid = AppendRidToSid(AccountDomainInfo->DomainSid,
1024  if (pSid != NULL)
1025  {
1026  SampSetupAddMemberToAlias(hBuiltinDomainKey,
1028  pSid);
1029 
1030  RtlFreeHeap(RtlGetProcessHeap(), 0, pSid);
1031  }
1032 
1033  /* Add the Guest user to the Guests alias */
1034  pSid = AppendRidToSid(AccountDomainInfo->DomainSid,
1036  if (pSid != NULL)
1037  {
1038  SampSetupAddMemberToAlias(hBuiltinDomainKey,
1040  pSid);
1041 
1042  RtlFreeHeap(RtlGetProcessHeap(), 0, pSid);
1043  }
1044 
1045  /* Add the Interactive SID to the Users alias */
1046  SampSetupAddMemberToAlias(hBuiltinDomainKey,
1048  pInteractiveSid);
1049 
1050  /* Add the Authenticated User SID to the Users alias */
1051  SampSetupAddMemberToAlias(hBuiltinDomainKey,
1054 
1055  /* Create the Account domain */
1056  Status = SampSetupCreateDomain(hServerKey,
1057  L"Account",
1058  L"",
1059  AccountDomainInfo->DomainSid,
1060  FALSE,
1061  &hAccountDomainKey);
1062  if (!NT_SUCCESS(Status))
1063  {
1064  bResult = FALSE;
1065  goto done;
1066  }
1067 
1070 
1071  SampSetupCreateGroupAccount(hAccountDomainKey,
1072  szName,
1073  szComment,
1075 
1078 
1079  SampSetupCreateUserAccount(hAccountDomainKey,
1080  szName,
1081  szComment,
1082  AccountDomainInfo->DomainSid,
1085 
1086  SampSetupAddMemberToGroup(hAccountDomainKey,
1089 
1092 
1093  SampSetupCreateUserAccount(hAccountDomainKey,
1094  szName,
1095  szComment,
1096  AccountDomainInfo->DomainSid,
1099 
1100  SampSetupAddMemberToGroup(hAccountDomainKey,
1103 
1104 done:
1105  if (AccountDomainInfo)
1106  LsaFreeMemory(AccountDomainInfo);
1107 
1109  RtlFreeHeap(RtlGetProcessHeap(), 0, pAuthenticatedUserSid);
1110 
1111  if (pInteractiveSid)
1112  RtlFreeHeap(RtlGetProcessHeap(), 0, pInteractiveSid);
1113 
1114  if (pBuiltinSid)
1115  RtlFreeHeap(RtlGetProcessHeap(), 0, pBuiltinSid);
1116 
1117  SampRegCloseKey(&hAccountDomainKey);
1118  SampRegCloseKey(&hBuiltinDomainKey);
1119  SampRegCloseKey(&hServerKey);
1120  SampRegCloseKey(&hSamKey);
1121 
1122  TRACE("SampInitializeSAM() done\n");
1123 
1124  return bResult;
1125 }
#define IDS_USER_ADMINISTRATOR_NAME
Definition: resources.h:25
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define IDS_GROUP_NONE_NAME
Definition: resources.h:13
#define TRUE
Definition: types.h:120
#define DOMAIN_ALIAS_RID_GUESTS
Definition: setypes.h:626
static NTSTATUS SampSetupCreateDomain(IN HANDLE hServerKey, IN LPCWSTR lpKeyName, IN LPCWSTR lpDomainName, IN PSID lpDomainSid, IN BOOLEAN bBuiltinDomain, OUT HANDLE *lpDomainKey)
Definition: setup.c:618
#define IDS_ALIAS_POWER_USERS_NAME
Definition: resources.h:20
#define IDS_DOMAIN_BUILTIN_NAME
Definition: resources.h:11
#define IDS_ALIAS_ADMINISTRATORS_NAME
Definition: resources.h:16
#define KEY_READ
Definition: nt_native.h:1023
static PSID pAuthenticatedUserSid
Definition: security.c:19
#define IDS_ALIAS_ADMINISTRATORS_COMMENT
Definition: resources.h:17
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
#define IDS_USER_ADMINISTRATOR_COMMENT
Definition: resources.h:26
#define DOMAIN_ALIAS_RID_POWER_USERS
Definition: setypes.h:627
#define SECURITY_INTERACTIVE_RID
Definition: setypes.h:531
static NTSTATUS SampSetupCreateUserAccount(HANDLE hDomainKey, LPCWSTR lpAccountName, LPCWSTR lpComment, PSID lpDomainSid, ULONG ulRelativeId, ULONG UserAccountControl)
Definition: setup.c:357