Re: Allocating Lsa_Token_Information_V2 properly, and general ques
From: WakA (WakA_at_discussions.microsoft.com)
Date: 07/21/04
- Next message: John B: "Re: Create a share with Simple File Sharing enabled"
- Previous message: NayJo: "Re: Questions about Scheduled tasks and security"
- In reply to: Richard Ward: "Re: Allocating Lsa_Token_Information_V2 properly, and general questions regarding LsaApLogonUser and AP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 07:59:40 -0700
"> Well, no. Are you familiar with how pointers work? Walk through the
> example:
>
>
> >> Scratch = (PUCHAR) (TokenInfo + 1);
>
> Scratch now points to an aligned spot, just past the end of the space needed
> to hold a LSA_TOKEN_INFORMATION_V2. There is the fixed size structure,
> pointed to by the TokenInfo pointer, and there is the unstructured variable
> space,
> now pointed to by Scratch.
Ah right, i thought the fixed structure was dynamically distributed over de memory allocation..which is a very weird thing to think..
Still doesn't work though in my case..i'm gonna paste my whole allocation here, i don't have any other ideas what i might be. I hope you can (and will :P) shed some light on it.
*TokenInformationType = LsaTokenInformationV2;
if (*TokenInformationType == LsaTokenInformationV2) {
PLSA_TOKEN_INFORMATION_V2 aTokenInformation = 0; //switched to V2 after XP functionality broken
PSID userSid = 0;
PSID groupSid = 0;
userSid = GetSidFromName(L"Administrator",L"");
AllocateAndInitializeSid(&sidAuthority,2,SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,&groupSid);
if( !userSid || !groupSid)
D(("Failed to initialize either userSid or groupSid"));
aTokenInformation = gDispatchTable->AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V2)+
sizeof(TOKEN_GROUPS)+ sizeof(SID_AND_ATTRIBUTES)*(GroupCount -1)//dynamically determine the size of the trailing array by extending the memory
+ GetLengthSid(userSid)
+ GetLengthSid(groupSid)*2
);
if (!aTokenInformation)
error = STATUS_INSUFFICIENT_RESOURCES;
if (!error) {
PUCHAR scratch;
scratch = (PUCHAR)(aTokenInformation+1); //now points to unstructured variable space after
//the TOKEN_INFORMATION struct
aTokenInformation->ExpirationTime.QuadPart = 20202002045553; //expiration time in seconds.
if (userSid && groupSid) {
aTokenInformation->User.User.Attributes = SE_GROUP_LOGON_ID;
aTokenInformation->User.User.Sid = (PSID)scratch;
CopySid(GetLengthSid(userSid),aTokenInformation->User.User.Sid,userSid);
scratch += GetLengthSid(aTokenInformation->User.User.Sid);
aTokenInformation->Groups = (PTOKEN_GROUPS)scratch;
aTokenInformation->Groups->GroupCount = GroupCount;
aTokenInformation->Groups->Groups[0].Attributes = SE_GROUP_LOGON_ID; //already allocated with 1 as array size, so this is a trick to dynamically size the array
scratch += sizeof(TOKEN_GROUPS);
aTokenInformation->Groups->Groups[0].Sid = scratch;
//AllocateAndInitializeSid(&sidAuthority,1,SECURITY_INTERACTIVE_RID,0,0,0,0,0,0,0,&tempSid);
CopySid(GetLengthSid(groupSid),aTokenInformation->Groups->Groups[0].Sid,groupSid);
scratch += GetLengthSid(groupSid);
aTokenInformation->PrimaryGroup.PrimaryGroup = (PSID)scratch;
CopySid(GetLengthSid(aTokenInformation->Groups->Groups[0].Sid),aTokenInformation->PrimaryGroup.PrimaryGroup, aTokenInformation->Groups->Groups[0].Sid);
aTokenInformation->Owner.Owner = 0;
aTokenInformation->DefaultDacl.DefaultDacl = 0;
aTokenInformation->Privileges = 0;
*TokenInformation = aTokenInformation;
LocalFree(userSid); //release from allocation in GetSidFromName
D(("TokenInformation set"));
}
}
- Next message: John B: "Re: Create a share with Simple File Sharing enabled"
- Previous message: NayJo: "Re: Questions about Scheduled tasks and security"
- In reply to: Richard Ward: "Re: Allocating Lsa_Token_Information_V2 properly, and general questions regarding LsaApLogonUser and AP's"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
