diff --git a/dlls/advapi32/lsa.c b/dlls/advapi32/lsa.c index c5c5e843d5..42221f3d30 100644 --- a/dlls/advapi32/lsa.c +++ b/dlls/advapi32/lsa.c @@ -462,17 +462,12 @@ NTSTATUS WINAPI LsaQueryInformationPolicy( /* read the computer SID from the registry */ if (!ADVAPI_GetComputerSid(&(xdi->sid))) { - SID_IDENTIFIER_AUTHORITY localSidAuthority = {SECURITY_NT_AUTHORITY}; + HeapFree(GetProcessHeap(), 0, buf); + HeapFree(GetProcessHeap(), 0, xdi); - xdi->sid.Revision = SID_REVISION; - xdi->sid.SubAuthorityCount = 4; - xdi->sid.IdentifierAuthority = localSidAuthority; - xdi->sid.SubAuthority[0] = SECURITY_NT_NON_UNIQUE; - xdi->sid.SubAuthority[1] = 0; - xdi->sid.SubAuthority[2] = 0; - xdi->sid.SubAuthority[3] = 0; + WARN("Computer SID not found\n"); - WARN("Computer SID not found in registry\n"); + return STATUS_UNSUCCESSFUL; } TRACE("setting SID to %s\n", debugstr_sid(&xdi->sid)); diff --git a/dlls/advapi32/security.c b/dlls/advapi32/security.c index 53b22100d4..2eade3e9b1 100644 --- a/dlls/advapi32/security.c +++ b/dlls/advapi32/security.c @@ -332,7 +332,7 @@ BOOL ADVAPI_IsLocalComputer(LPCWSTR ServerName) if (!ServerName || !ServerName[0]) return TRUE; - + buf = HeapAlloc(GetProcessHeap(), 0, dwSize * sizeof(WCHAR)); Result = GetComputerNameW(buf, &dwSize); if (Result && (ServerName[0] == '\\') && (ServerName[1] == '\\')) @@ -352,12 +352,12 @@ BOOL ADVAPI_GetComputerSid(PSID sid) { HKEY key; LONG ret; - - if ((ret = RegOpenKeyExA(HKEY_LOCAL_MACHINE, - "SECURITY\\SAM\\Domains\\Account", 0, + static const WCHAR Account[] = { 'S','E','C','U','R','I','T','Y','\\','S','A','M','\\','D','o','m','a','i','n','s','\\','A','c','c','o','u','n','t',0 }; + static const WCHAR V[] = { 'V',0 }; + + if ((ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, Account, 0, KEY_READ, &key)) == ERROR_SUCCESS) { - static const WCHAR V[] = { 'V',0 }; DWORD size = 0; ret = RegQueryValueExW(key, V, NULL, NULL, NULL, &size); if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS) @@ -370,13 +370,40 @@ BOOL ADVAPI_GetComputerSid(PSID sid) { /* the SID is in the last 24 bytes of the binary data */ CopyMemory(sid, &data[size-24], 24); + HeapFree(GetProcessHeap(), 0, data); + RegCloseKey(key); return TRUE; } + HeapFree(GetProcessHeap(), 0, data); } } RegCloseKey(key); } - + + /* create a new random SID */ + if (RegCreateKeyExW(HKEY_LOCAL_MACHINE, Account, + 0, NULL, 0, KEY_ALL_ACCESS, NULL, &key, NULL) == ERROR_SUCCESS) + { + PSID new_sid; + SID_IDENTIFIER_AUTHORITY identifierAuthority = {SECURITY_NT_AUTHORITY}; + DWORD id[3]; + + if (RtlGenRandom(&id, sizeof(id))) + { + if (AllocateAndInitializeSid(&identifierAuthority, 4, SECURITY_NT_NON_UNIQUE, id[0], id[1], id[2], 0, 0, 0, 0, &new_sid)) + { + if (RegSetValueExW(key, V, 0, REG_BINARY, new_sid, GetLengthSid(new_sid)) == ERROR_SUCCESS) + { + FreeSid(new_sid); + RegCloseKey(key); + return CopySid(GetLengthSid(new_sid), sid, &new_sid); + } + FreeSid(new_sid); + } + } + RegCloseKey(key); + } + return FALSE; } diff --git a/include/ntsecapi.h b/include/ntsecapi.h index 7fa3c441ed..4ed878e079 100644 --- a/include/ntsecapi.h +++ b/include/ntsecapi.h @@ -290,6 +290,10 @@ typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS PolicyNotifyMachineAccountPasswordInformation } POLICY_NOTIFICATION_INFORMATION_CLASS, *PPOLICY_NOTIFICATION_INFORMATION_CLASS; +#define RtlGenRandom SystemFunction036 + +BOOLEAN WINAPI RtlGenRandom(PVOID,ULONG); + NTSTATUS WINAPI LsaAddAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING,ULONG); NTSTATUS WINAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*,PULONG,PNTSTATUS); NTSTATUS WINAPI LsaClose(LSA_HANDLE);