Re: Allocating Lsa_Token_Information_V2 properly, and general ques

From: WakA (
Date: 07/21/04

Date: Wed, 21 Jul 2004 07:59:40 -0700

"> Well, no. Are you familiar with how pointers work? Walk through the
> example:
> >> Scratch = (PUCHAR) (TokenInfo + 1);
> Scratch now points to an aligned spot, just past the end of the space needed
> to hold a LSA_TOKEN_INFORMATION_V2. There is the fixed size structure,
> pointed to by the TokenInfo pointer, and there is the unstructured variable
> space,
> now pointed to by Scratch.
Ah right, i thought the fixed structure was dynamically distributed over de memory allocation..which is a very weird thing to think..

Still doesn't work though in my case..i'm gonna paste my whole allocation here, i don't have any other ideas what i might be. I hope you can (and will :P) shed some light on it.

        *TokenInformationType = LsaTokenInformationV2;
                if (*TokenInformationType == LsaTokenInformationV2) {
                        PLSA_TOKEN_INFORMATION_V2 aTokenInformation = 0; //switched to V2 after XP functionality broken
                        PSID userSid = 0;
                        PSID groupSid = 0;

                        userSid = GetSidFromName(L"Administrator",L"");
                        AllocateAndInitializeSid(&sidAuthority,2,SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,&groupSid);

                        if( !userSid || !groupSid)
                                D(("Failed to initialize either userSid or groupSid"));
                        aTokenInformation = gDispatchTable->AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V2)+
                                                                                                                                                                                        sizeof(TOKEN_GROUPS)+ sizeof(SID_AND_ATTRIBUTES)*(GroupCount -1)//dynamically determine the size of the trailing array by extending the memory
                                                                                                                                                                                        + GetLengthSid(userSid)
                                                                                                                                                                                        + GetLengthSid(groupSid)*2
                        if (!aTokenInformation)
                                error = STATUS_INSUFFICIENT_RESOURCES;

                        if (!error) {
                                PUCHAR scratch;
                                scratch = (PUCHAR)(aTokenInformation+1); //now points to unstructured variable space after
                                                                                                                //the TOKEN_INFORMATION struct
                                aTokenInformation->ExpirationTime.QuadPart = 20202002045553; //expiration time in seconds.
                                if (userSid && groupSid) {
                                        aTokenInformation->User.User.Attributes = SE_GROUP_LOGON_ID;

                                        aTokenInformation->User.User.Sid = (PSID)scratch;
                                        scratch += GetLengthSid(aTokenInformation->User.User.Sid);

                                        aTokenInformation->Groups = (PTOKEN_GROUPS)scratch;
                                        aTokenInformation->Groups->GroupCount = GroupCount;
                                        aTokenInformation->Groups->Groups[0].Attributes = SE_GROUP_LOGON_ID; //already allocated with 1 as array size, so this is a trick to dynamically size the array
                                        scratch += sizeof(TOKEN_GROUPS);
                                        aTokenInformation->Groups->Groups[0].Sid = scratch;
                                        scratch += GetLengthSid(groupSid);
                                        aTokenInformation->PrimaryGroup.PrimaryGroup = (PSID)scratch;
                                        CopySid(GetLengthSid(aTokenInformation->Groups->Groups[0].Sid),aTokenInformation->PrimaryGroup.PrimaryGroup, aTokenInformation->Groups->Groups[0].Sid);

                                        aTokenInformation->Owner.Owner = 0;
                                        aTokenInformation->DefaultDacl.DefaultDacl = 0;
                                        aTokenInformation->Privileges = 0;
                                        *TokenInformation = aTokenInformation;
                                        LocalFree(userSid); //release from allocation in GetSidFromName
                                        D(("TokenInformation set"));

Relevant Pages