Commit 837fc836 authored by Hans Leidekker's avatar Hans Leidekker Committed by Alexandre Julliard

advapi32: Use a fixed computer SID that matches local user SIDs.

parent c65bcce5
...@@ -656,7 +656,6 @@ NTSTATUS WINAPI LsaQueryInformationPolicy( ...@@ -656,7 +656,6 @@ NTSTATUS WINAPI LsaQueryInformationPolicy(
xdi->info.DomainSid = &xdi->sid; xdi->info.DomainSid = &xdi->sid;
/* read the computer SID from the registry */
if (!ADVAPI_GetComputerSid(&xdi->sid)) if (!ADVAPI_GetComputerSid(&xdi->sid))
{ {
HeapFree(GetProcessHeap(), 0, xdi); HeapFree(GetProcessHeap(), 0, xdi);
......
...@@ -446,64 +446,20 @@ BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName) ...@@ -446,64 +446,20 @@ BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName)
/************************************************************ /************************************************************
* ADVAPI_GetComputerSid * ADVAPI_GetComputerSid
*
* Reads the computer SID from the registry.
*/ */
BOOL ADVAPI_GetComputerSid(PSID sid) BOOL ADVAPI_GetComputerSid(PSID sid)
{ {
HKEY key; static const struct /* same fields as struct SID */
LONG ret;
BOOL retval = FALSE;
static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 };
static const WCHAR V[] = { 'V',0 };
if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0,
KEY_READ, &key)) == ERROR_SUCCESS)
{ {
DWORD size = 0; BYTE Revision;
ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size); BYTE SubAuthorityCount;
if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS) SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
{ DWORD SubAuthority[4];
BYTE * data = HeapAlloc(GetProcessHeap(), 0, size); } computer_sid =
if (data) { SID_REVISION, 4, { SECURITY_NT_AUTHORITY }, { SECURITY_NT_NON_UNIQUE, 0, 0, 0 } };
{
if ((ret = RegQueryValueExW(key, V, NULL, NULL, memcpy( sid, &computer_sid, sizeof(computer_sid) );
data, &size)) == ERROR_SUCCESS) return TRUE;
{
/* the SID is in the last 24 bytes of the binary data */
CopyMemory(sid, &data[size-24], 24);
retval = TRUE;
}
HeapFree(GetProcessHeap(), 0, data);
}
}
RegCloseKey(key);
}
if(retval == TRUE) return retval;
/* create a new random SID */
if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account,
0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS)
{
PSID new_sid;
SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY};
DWORD id[3];
if (RtlGenRandom(id, sizeof(id)))
{
if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid))
{
if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS)
retval = CopySid(GetLengthSid(new_sid), sid, new_sid);
FreeSid(new_sid);
}
}
RegCloseKey(key);
}
return retval;
} }
/* ############################## /* ##############################
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment